Inicio Explorar Ayuda
Iniciar sesión
mirrors
/
nginx-proxy
espejo de https://github.com/nginx-proxy/nginx-proxy.git
2
0
Fork 0
Archivos
Explorar el Código

Allow passing DHPARAM_BITS via env, lower bits to 256 for unit tests

Steve Kamerman hace 8 años
padre
dffc0c47cf
commit
7d253dd0f3
Se han modificado 3 ficheros con 10 adiciones y 5 borrados
Dividir vista Mostrar estadísticas de diff
  1. 2 1
      docker-entrypoint.sh
  2. 3 1
      generate-dhparam.sh
  3. 5 3
      test/ssl_dhparam.bats

+ 2 - 1
docker-entrypoint.sh
Ver fichero 

@@ -15,7 +15,8 @@ if [[ $DOCKER_HOST = unix://* ]]; then
 
 fi
 
 
 # Generate dhparam file if required
 
-/app/generate-dhparam.sh
 
+# Note: if $DHPARAM_BITS is not defined, generate-dhparam.sh will use 2048 as a default
 
+/app/generate-dhparam.sh $DHPARAM_BITS
 
 
 # If the user has run the default command and the socket doesn't exist, fail
 
 if [ "$socketMissing" = 1 -a "$1" = forego -a "$2" = start -a "$3" = '-r' ]; then

+ 3 - 1
generate-dhparam.sh
Ver fichero 

@@ -1,10 +1,12 @@
 
 #!/bin/bash -e
 
 
+# The first argument is the bit depth of the dhparam, or 2048 if unspecified
 
+DHPARAM_BITS=${1:-2048}
 
+
 
 # If a dhparam file is not available, use the pre-generated one and generate a new one in the background.
 
 # Note that /etc/nginx/dhparam is a volume, so this dhparam will persist restarts.
 
 PREGEN_DHPARAM_FILE="/app/dhparam.pem.default"
 
 DHPARAM_FILE="/etc/nginx/dhparam/dhparam.pem"
 
-DHPARAM_BITS="2048"
 
 GEN_LOCKFILE="/tmp/dhparam_generating.lock"
 
 
 # The hash of the pregenerated dhparam file is used to check if the pregen dhparam is already in use

+ 5 - 3
test/ssl_dhparam.bats
Ver fichero 

@@ -7,7 +7,7 @@ function setup {
 
 	stop_bats_containers web
 
 }
 
 
-@test "[$TEST_FILE] test dhparam.pem is generated if missing (WARNING: this test is slow)" {
 
+@test "[$TEST_FILE] test dhparam.pem is generated if missing" {
 
     SUT_CONTAINER=bats-nginx-proxy-${TEST_FILE}-1
 
 
     # WHEN
 
@@ -16,6 +16,7 @@ function setup {
 
         --label bats-type="nginx-proxy" \
 
         --name $SUT_CONTAINER \
 
         -v /var/run/docker.sock:/tmp/docker.sock:ro \
 
+        -e DHPARAM=256 \
 
         $SUT_IMAGE \
 
     && wait_for_nginxproxy_container_to_start $SUT_CONTAINER \
 
     && docker logs $SUT_CONTAINER
 
@@ -23,7 +24,7 @@ function setup {
 
     DEFAULT_HASH=$(docker exec $SUT_CONTAINER md5sum /etc/nginx/dhparam/dhparam.pem | cut -d" " -f1)
 
 
     assert_success
 
-    docker_wait_for_log $SUT_CONTAINER 9 "Generating DH parameters"
 
+    docker_wait_for_log $SUT_CONTAINER 30 "Generating DH parameters"
 
 
     # THEN
 
     docker_wait_for_log $SUT_CONTAINER 240 "dhparam generation complete, reloading nginx"
 
@@ -56,13 +57,14 @@ function setup {
 
 		--name $SUT_CONTAINER \
 
 		-v /var/run/docker.sock:/tmp/docker.sock:ro \
 
 		-v $TMP_DIR:/etc/nginx/dhparam \
 
+        -e DHPARAM=256 \
 
 		$SUT_IMAGE \
 
 	&& wait_for_nginxproxy_container_to_start $SUT_CONTAINER \
 
 	&& docker logs $SUT_CONTAINER
 
 
 	# THEN
 
 	assert_success
 
-	docker_wait_for_log $SUT_CONTAINER 9 "Generating DH parameters"
 
+	docker_wait_for_log $SUT_CONTAINER 30 "Generating DH parameters"
 
 
 	docker exec $SUT_CONTAINER rm -rf /etc/nginx/dhparam/*
 
 }