mirror of
https://github.com/thib8956/nginx-proxy
synced 2024-11-22 11:56:31 +00:00
Merge pull request #789 from matt-hh/feature/upgrade-1.11.13
Upgrade to nginx 1.11.13
This commit is contained in:
commit
851b0e36cd
@ -1,4 +1,4 @@
|
|||||||
FROM nginx:1.11.10
|
FROM nginx:1.11.13
|
||||||
MAINTAINER Jason Wilder mail@jasonwilder.com
|
MAINTAINER Jason Wilder mail@jasonwilder.com
|
||||||
|
|
||||||
# Install wget and install/updates certificates
|
# Install wget and install/updates certificates
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
FROM nginx:1.11.10-alpine
|
FROM nginx:1.11.13-alpine
|
||||||
MAINTAINER Jason Wilder mail@jasonwilder.com
|
MAINTAINER Jason Wilder mail@jasonwilder.com
|
||||||
|
|
||||||
# Install wget and install/updates certificates
|
# Install wget and install/updates certificates
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
![nginx 1.11.10](https://img.shields.io/badge/nginx-1.11.10-brightgreen.svg) ![License MIT](https://img.shields.io/badge/license-MIT-blue.svg) [![Build Status](https://travis-ci.org/jwilder/nginx-proxy.svg?branch=master)](https://travis-ci.org/jwilder/nginx-proxy) [![](https://img.shields.io/docker/stars/jwilder/nginx-proxy.svg)](https://hub.docker.com/r/jwilder/nginx-proxy 'DockerHub') [![](https://img.shields.io/docker/pulls/jwilder/nginx-proxy.svg)](https://hub.docker.com/r/jwilder/nginx-proxy 'DockerHub')
|
![nginx 1.11.13](https://img.shields.io/badge/nginx-1.11.13-brightgreen.svg) ![License MIT](https://img.shields.io/badge/license-MIT-blue.svg) [![Build Status](https://travis-ci.org/jwilder/nginx-proxy.svg?branch=master)](https://travis-ci.org/jwilder/nginx-proxy) [![](https://img.shields.io/docker/stars/jwilder/nginx-proxy.svg)](https://hub.docker.com/r/jwilder/nginx-proxy 'DockerHub') [![](https://img.shields.io/docker/pulls/jwilder/nginx-proxy.svg)](https://hub.docker.com/r/jwilder/nginx-proxy 'DockerHub')
|
||||||
|
|
||||||
|
|
||||||
nginx-proxy sets up a container running nginx and [docker-gen][1]. docker-gen generates reverse proxy configs for nginx and reloads nginx when containers are started and stopped.
|
nginx-proxy sets up a container running nginx and [docker-gen][1]. docker-gen generates reverse proxy configs for nginx and reloads nginx when containers are started and stopped.
|
||||||
|
@ -11,7 +11,7 @@ if [[ "$#" -eq 0 ]]; then
|
|||||||
|
|
||||||
You can also create certificates for wildcard domains:
|
You can also create certificates for wildcard domains:
|
||||||
$(basename $0) '*.my-domain.tdl'
|
$(basename $0) '*.my-domain.tdl'
|
||||||
|
|
||||||
EOF
|
EOF
|
||||||
exit 0
|
exit 0
|
||||||
else
|
else
|
||||||
@ -24,8 +24,8 @@ fi
|
|||||||
# Create a nginx container (which conveniently provides the `openssl` command)
|
# Create a nginx container (which conveniently provides the `openssl` command)
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
|
||||||
CONTAINER=$(docker run -d -v $DIR:/work -w /work -e SAN="$ALTERNATE_DOMAINS" nginx:1.11.8)
|
CONTAINER=$(docker run -d -v $DIR:/work -w /work -e SAN="$ALTERNATE_DOMAINS" nginx:1.11.13)
|
||||||
# Configure openssl
|
# Configure openssl
|
||||||
docker exec $CONTAINER bash -c '
|
docker exec $CONTAINER bash -c '
|
||||||
mkdir -p /ca/{certs,crl,private,newcerts} 2>/dev/null
|
mkdir -p /ca/{certs,crl,private,newcerts} 2>/dev/null
|
||||||
echo 1000 > /ca/serial
|
echo 1000 > /ca/serial
|
||||||
@ -117,7 +117,7 @@ function openssl {
|
|||||||
}
|
}
|
||||||
|
|
||||||
function exitfail {
|
function exitfail {
|
||||||
echo
|
echo
|
||||||
echo ERROR: "$@"
|
echo ERROR: "$@"
|
||||||
docker rm -f $CONTAINER
|
docker rm -f $CONTAINER
|
||||||
exit 1
|
exit 1
|
||||||
@ -129,15 +129,15 @@ function exitfail {
|
|||||||
###############################################################################
|
###############################################################################
|
||||||
|
|
||||||
if ! [[ -f "$DIR/ca-root.key" ]]; then
|
if ! [[ -f "$DIR/ca-root.key" ]]; then
|
||||||
echo
|
echo
|
||||||
echo "> Create a Certificate Authority root key: $DIR/ca-root.key"
|
echo "> Create a Certificate Authority root key: $DIR/ca-root.key"
|
||||||
openssl genrsa -out ca-root.key 2048
|
openssl genrsa -out ca-root.key 2048
|
||||||
[[ $? -eq 0 ]] || exitfail failed to generate CA root key
|
[[ $? -eq 0 ]] || exitfail failed to generate CA root key
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Create a CA root certificate
|
# Create a CA root certificate
|
||||||
if ! [[ -f "$DIR/ca-root.crt" ]]; then
|
if ! [[ -f "$DIR/ca-root.crt" ]]; then
|
||||||
echo
|
echo
|
||||||
echo "> Create a CA root certificate: $DIR/ca-root.crt"
|
echo "> Create a CA root certificate: $DIR/ca-root.crt"
|
||||||
openssl req -config /ca/openssl.cnf \
|
openssl req -config /ca/openssl.cnf \
|
||||||
-key ca-root.key \
|
-key ca-root.key \
|
||||||
@ -154,30 +154,30 @@ fi
|
|||||||
# create server key and certificate signed by the certificate authority
|
# create server key and certificate signed by the certificate authority
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
|
||||||
echo
|
echo
|
||||||
echo "> Create a host key: $DIR/$DOMAIN.key"
|
echo "> Create a host key: $DIR/$DOMAIN.key"
|
||||||
openssl genrsa -out "$DOMAIN.key" 2048
|
openssl genrsa -out "$DOMAIN.key" 2048
|
||||||
|
|
||||||
echo
|
echo
|
||||||
echo "> Create a host certificate signing request"
|
echo "> Create a host certificate signing request"
|
||||||
|
|
||||||
SAN="$ALTERNATE_DOMAINS" openssl req -config /ca/openssl.cnf \
|
SAN="$ALTERNATE_DOMAINS" openssl req -config /ca/openssl.cnf \
|
||||||
-key "$DOMAIN.key" \
|
-key "$DOMAIN.key" \
|
||||||
-new -out "/ca/$DOMAIN.csr" -days 1000 -extensions san_env -subj "/CN=$DOMAIN"
|
-new -out "/ca/$DOMAIN.csr" -days 1000 -extensions san_env -subj "/CN=$DOMAIN"
|
||||||
[[ $? -eq 0 ]] || exitfail failed to generate server certificate signing request
|
[[ $? -eq 0 ]] || exitfail failed to generate server certificate signing request
|
||||||
|
|
||||||
echo
|
echo
|
||||||
echo "> Create server certificate: $DIR/$DOMAIN.crt"
|
echo "> Create server certificate: $DIR/$DOMAIN.crt"
|
||||||
SAN="$ALTERNATE_DOMAINS" openssl ca -config /ca/openssl.cnf -batch \
|
SAN="$ALTERNATE_DOMAINS" openssl ca -config /ca/openssl.cnf -batch \
|
||||||
-extensions server_cert \
|
-extensions server_cert \
|
||||||
-extensions san_env \
|
-extensions san_env \
|
||||||
-in "/ca/$DOMAIN.csr" \
|
-in "/ca/$DOMAIN.csr" \
|
||||||
-out "$DOMAIN.crt"
|
-out "$DOMAIN.crt"
|
||||||
[[ $? -eq 0 ]] || exitfail failed to generate server certificate
|
[[ $? -eq 0 ]] || exitfail failed to generate server certificate
|
||||||
|
|
||||||
|
|
||||||
# Verify host certificate
|
# Verify host certificate
|
||||||
#openssl x509 -noout -text -in "$DOMAIN.crt"
|
#openssl x509 -noout -text -in "$DOMAIN.crt"
|
||||||
|
|
||||||
|
|
||||||
docker rm -f $CONTAINER >/dev/null
|
docker rm -f $CONTAINER >/dev/null
|
||||||
|
Loading…
Reference in New Issue
Block a user