thib8956/nginx-proxy
1
0
Fork 0
mirror of https://github.com/thib8956/nginx-proxy synced 2024-11-23 12:26:30 +00:00
Code Issues Releases Wiki Activity

Merge pull request #913 from panteparak/DH-Param-Generator-Option

Browse Source 
Add DH param generator option
This commit is contained in:
Jason Wilder 2019-03-05 12:46:49 -07:00 committed by GitHub
commit 8c590fc68f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 22 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -183,6 +183,10 @@ Finally, start your containers with `VIRTUAL_HOST` environment variables.
[letsencrypt-nginx-proxy-companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion) is a lightweight companion container for the nginx-proxy. It allow the creation/renewal of Let's Encrypt certificates automatically. [letsencrypt-nginx-proxy-companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion) is a lightweight companion container for the nginx-proxy. It allow the creation/renewal of Let's Encrypt certificates automatically.
Set `DHPARAM_GENERATION` environment variable to `false` to disabled Diffie-Hellman parameters completely. This will also ignore auto-generation made by `nginx-proxy`.
The default value is `true`
$ docker run -e DHPARAM_GENERATION=false ....
### SSL Support ### SSL Support
SSL is supported using single host, wildcard and SNI certificates using naming conventions for SSL is supported using single host, wildcard and SNI certificates using naming conventions for

3
docker-entrypoint.sh
View File

@ -16,7 +16,8 @@ fi
# Generate dhparam file if required # Generate dhparam file if required
# Note: if $DHPARAM_BITS is not defined, generate-dhparam.sh will use 2048 as a default # Note: if $DHPARAM_BITS is not defined, generate-dhparam.sh will use 2048 as a default
/app/generate-dhparam.sh $DHPARAM_BITS # Note2: if $DHPARAM_GENERATION is set to false in environment variable, dh param generator will skip completely
/app/generate-dhparam.sh $DHPARAM_BITS $DHPARAM_GENERATION
# Compute the DNS resolvers for use in the templates - if the IP contains ":", it's IPv6 and must be enclosed in [] # Compute the DNS resolvers for use in the templates - if the IP contains ":", it's IPv6 and must be enclosed in []
export RESOLVERS=$(awk '$1 == "nameserver" {print ($2 ~ ":")? "["$2"]": $2}' ORS=' ' /etc/resolv.conf | sed 's/ *$//g') export RESOLVERS=$(awk '$1 == "nameserver" {print ($2 ~ ":")? "["$2"]": $2}' ORS=' ' /etc/resolv.conf | sed 's/ *$//g')

6
generate-dhparam.sh
View File

@ -2,6 +2,7 @@
# The first argument is the bit depth of the dhparam, or 2048 if unspecified # The first argument is the bit depth of the dhparam, or 2048 if unspecified
DHPARAM_BITS=${1:-2048} DHPARAM_BITS=${1:-2048}
GENERATE_DHPARAM=${2:-true}
# If a dhparam file is not available, use the pre-generated one and generate a new one in the background. # If a dhparam file is not available, use the pre-generated one and generate a new one in the background.
# Note that /etc/nginx/dhparam is a volume, so this dhparam will persist restarts. # Note that /etc/nginx/dhparam is a volume, so this dhparam will persist restarts.
@ -25,6 +26,11 @@ if [[ -f $DHPARAM_FILE ]]; then
fi fi
fi fi
if [[ $GENERATE_DHPARAM =~ ^[Ff][Aa][Ll][Ss][Ee]$ ]]; then
echo "Skipping Diffie-Hellman parameters generation and Ignoring pre-generated dhparam.pem"
exit 0
fi
cat >&2 <<-EOT cat >&2 <<-EOT
WARNING: $DHPARAM_FILE was not found. A pre-generated dhparam.pem will be used for now while a new one WARNING: $DHPARAM_FILE was not found. A pre-generated dhparam.pem will be used for now while a new one
is being generated in the background. Once the new dhparam.pem is in place, nginx will be reloaded. is being generated in the background. Once the new dhparam.pem is in place, nginx will be reloaded.