10 éve · 1aef35678e
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,14 +1,10 @@
 
				-FROM ubuntu:14.04
			
 
				+FROM nginx:1.7.7
			
 
				 MAINTAINER Jason Wilder jwilder@litl.com
			
 
				 
			
 
				-# Install Nginx.
			
 
				-RUN echo "deb http://ppa.launchpad.net/nginx/stable/ubuntu trusty main" > /etc/apt/sources.list.d/nginx-stable-trusty.list \
			
 
				- && echo "deb-src http://ppa.launchpad.net/nginx/stable/ubuntu trusty main" >> /etc/apt/sources.list.d/nginx-stable-trusty.list \
			
 
				- && apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C300EE8C \
			
 
				- && apt-get update \
			
 
				+# Install wget and install/updates certificates
			
 
				+RUN apt-get update \
			
 
				  && apt-get install -y -q --no-install-recommends \
			
 
				     ca-certificates \
			
 
				-    nginx \
			
 
				     wget \
			
 
				  && apt-get clean \
			
 
				  && rm -r /var/lib/apt/lists/*
			
@@ -30,7 +26,6 @@ RUN wget https://github.com/jwilder/docker-gen/releases/download/$DOCKER_GEN_VER
 
				 COPY . /app/
			
 
				 WORKDIR /app/
			
 
				 
			
 
				-EXPOSE 80 443
			
 
				 ENV DOCKER_HOST unix:///tmp/docker.sock
			
 
				 
			
 
				 VOLUME ["/etc/nginx/certs"]
			
--- a/Procfile
+++ b/Procfile
@@ -1,2 +1,2 @@
 
				 nginx: nginx
			
 
				-dockergen: docker-gen -watch -only-exposed -notify "nginx -s reload" /app/nginx.tmpl /etc/nginx/sites-enabled/default
			
 
				+dockergen: docker-gen -watch -only-exposed -notify "nginx -s reload" /app/nginx.tmpl /etc/nginx/conf.d/default.conf
			
--- a/README.md
+++ b/README.md
@@ -82,7 +82,7 @@ and `CERT_NAME=shared` will then use this shared cert.
 
				 
			
 
				 The SSL cipher configuration is based on [mozilla nginx intermediate profile](https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx) which
			
 
				 should provide compatibility with clients back to Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1,
			
 
				-Windows XP IE8, Android 2.3, Java 7.  The configuration also enables OCSP stapling, HSTS, and SSL
			
 
				+Windows XP IE8, Android 2.3, Java 7.  The configuration also enables HSTS, and SSL
			
 
				 session caches.
			
 
				 
			
 
				 The behavior for the proxy when port 80 and 443 are exposed is as follows:
			
--- a/nginx.tmpl
+++ b/nginx.tmpl
@@ -96,8 +96,6 @@ server {
 
				 	ssl_prefer_server_ciphers on;
			
 
				 	ssl_session_timeout 5m;
			
 
				 	ssl_session_cache shared:SSL:50m;
			
 
				-	ssl_stapling on;
			
 
				-	ssl_stapling_verify on;
			
 
				 
			
 
				 	ssl_certificate /etc/nginx/certs/{{ (printf "%s.crt" $cert) }};
			
 
				 	ssl_certificate_key /etc/nginx/certs/{{ (printf "%s.key" $cert) }};