8 년 전 · 0cc71fad49
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@@ -18,6 +18,12 @@ fi
 
				 # Note: if $DHPARAM_BITS is not defined, generate-dhparam.sh will use 2048 as a default
			
 
				 /app/generate-dhparam.sh $DHPARAM_BITS
			
 
				 
			
 
				+# Compute the DNS resolvers for use in the templates
			
 
				+export RESOLVERS=$(awk '$1 == "nameserver" {print $2}' ORS=' ' /etc/resolv.conf | sed 's/ *$//g')
			
 
				+if [ "x$RESOLVERS" = "x" ]; then
			
 
				+    echo "Warning: unable to determine DNS resolvers for nginx" >&2
			
 
				+fi
			
 
				+
			
 
				 # If the user has run the default command and the socket doesn't exist, fail
			
 
				 if [ "$socketMissing" = 1 -a "$1" = forego -a "$2" = start -a "$3" = '-r' ]; then
			
 
				 	exit 1
			
--- a/nginx.tmpl
+++ b/nginx.tmpl
@@ -58,6 +58,10 @@ log_format vhost '$host $remote_addr - $remote_user [$time_local] '
 
				 
			
 
				 access_log off;
			
 
				 
			
 
				+{{ if ne $.Env.RESOLVERS "" }}
			
 
				+resolver {{ $.Env.RESOLVERS }};
			
 
				+{{ end }}
			
 
				+
			
 
				 {{ if (exists "/etc/nginx/proxy.conf") }}
			
 
				 include /etc/nginx/proxy.conf;
			
 
				 {{ else }}
			
@@ -198,6 +202,12 @@ server {
 
				 	ssl_dhparam {{ printf "/etc/nginx/certs/%s.dhparam.pem" $cert }};
			
 
				 	{{ end }}
			
 
				 
			
 
				+	{{ if (exists (printf "/etc/nginx/certs/%s.chain.crt" $cert)) }}
			
 
				+	ssl_stapling on;
			
 
				+	ssl_stapling_verify on;
			
 
				+	ssl_trusted_certificate {{ printf "/etc/nginx/certs/%s.chain.crt" $cert }};
			
 
				+	{{ end }}
			
 
				+
			
 
				 	{{ if (ne $https_method "noredirect") }}
			
 
				 	add_header Strict-Transport-Security "max-age=31536000";
			
 
				 	{{ end }}