thib8956/nginx-proxy
1
0
Fork 0
mirror of https://github.com/thib8956/nginx-proxy synced 2025-07-01 14:25:46 +00:00
Code Issues Releases Wiki Activity

feat: Replace generated DH params with RFC 7919 standardized DHE groups

Browse Source 
- While the anonymous VOLUME can be dropped from Dockerfile, the path needs to be valid at run-time, might as well ensure it's available by creating the dhparam folder at build.

- Generation logic no longer necessary, dropped. 

- Standardized RFC 7919 groups added (2048, 3072, 4096), with 4096-bit remaining the default size. The DH logic can live in the entrypoint script as well. 

- Third-party supplied pre-generated DH params removed as they're not considered trustworthy compared to RFC 7919 groups.
This commit is contained in:
polarathene
2021-09-28 11:14:46 +13:00
parent b133403331
commit ac066a73e4
9 changed files with 75 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
Dockerfile
View File

@ -51,7 +51,8 @@ RUN apt-get update \
# Configure Nginx and apply fix for very long server names
RUN echo "daemon off;" >> /etc/nginx/nginx.conf \
&& sed -i 's/worker_processes 1/worker_processes auto/' /etc/nginx/nginx.conf \
&& sed -i 's/worker_connections 1024/worker_connections 10240/' /etc/nginx/nginx.conf
&& sed -i 's/worker_connections 1024/worker_connections 10240/' /etc/nginx/nginx.conf \
&& mkdir -p '/etc/nginx/dhparam'
# Install Forego + docker-gen
COPY --from=forego /usr/local/bin/forego /usr/local/bin/forego
@ -69,7 +70,7 @@ WORKDIR /app/
ENV DOCKER_HOST unix:///tmp/docker.sock
VOLUME ["/etc/nginx/certs", "/etc/nginx/dhparam"]
VOLUME ["/etc/nginx/certs"]
ENTRYPOINT ["/app/docker-entrypoint.sh"]
CMD ["forego", "start", "-r"]