Commit ed647f9e authored by Robin Tissot's avatar Robin Tissot
Browse files

More ssl conf attempt.

parent ec004267
......@@ -3,11 +3,6 @@ FROM nginx:1.15.0-alpine
RUN rm /etc/nginx/conf.d/default.conf
ARG NGINX_CONF=nginx.conf
ARG ACME_FILE
ARG SSL_CERT
ARG SSL_KEY
COPY ${NGINX_CONF} /etc/nginx/conf.d/nginx.conf
COPY ${SSL_CERT} /etc/certs/cert.pem
COPY ${SSL_KEY} /etc/certs/key.pem
COPY ${ACME_FILE} /usr/share/nginx/html/
COPY ssl_certificates.conf* /etc/nginx/conf.d/
......@@ -15,13 +15,11 @@ server {
charset utf-8;
client_max_body_size 150M;
ssl_certificate /etc/certs/cert.pem;
ssl_certificate_key /etc/certs/key.pem;
include conf.d/ssl_certificates.conf;
# Performance + Privacy improvements
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/certs/cert.pem;
resolver 8.8.8.8 208.67.222.222 valid=300s;
resolver_timeout 5s;
......
ssl_certificate /etc/certs/fullchain.pem;
ssl_certificate_key /etc/certs/privkey.pem;
ssl_trusted_certificate /etc/certs/fullchain.pem;
......@@ -16,14 +16,15 @@ services:
- "80:80"
# - "443:443"
### To enable SSL, generate keys with letsencrypt/certbot
### To enable SSL, generate keys (eg with letsencrypt/certbot)
### copy nginx/ssl_certificates.conf_example and edit it
## if need be to correspond to the volume below
### and uncomment this block and the port 443
# build:
# args:
# - NGINX_CONF=ssl.conf
# - SSL_CERT=/etc/letsencrypt/live/$DOMAIN/fullchain.pem
# - SSL_KEY=/etc/letsencrypt/live/$DOMAIN/privkey.pem
# - ACME_FILE=./<some_hash>
# volumes:
# - /etc/letsencrypt/live/<mydomain>:/etc/certs
flower:
restart: always
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment