forked from Valian/docker-nginx-auto-ssl
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathDockerfile
36 lines (31 loc) · 1.37 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
FROM openresty/openresty:alpine-fat
# allowed domains should be lua match pattern
ENV DIFFIE_HELLMAN='' \
ALLOWED_DOMAINS='.*' \
AUTO_SSL_VERSION='0.13.1' \
FORCE_HTTPS='true' \
SITES='' \
LETSENCRYPT_URL='https://acme-v02.api.letsencrypt.org/directory' \
STORAGE_ADAPTER='file' \
REDIS_HOST='' \
REDIS_PORT='6379' \
REDIS_DB='0' \
REDIS_KEY_PREFIX='' \
RESOLVER_ADDRESS='8.8.8.8'
# Here we install open resty and generate dhparam.pem file.
# You can specify DIFFIE_HELLMAN=true to force regeneration of that file on first run
# also we create fallback ssl keys
RUN apk --no-cache add bash openssl \
&& /usr/local/openresty/luajit/bin/luarocks install lua-resty-auto-ssl $AUTO_SSL_VERSION \
&& openssl req -new -newkey rsa:2048 -days 7300 -nodes -x509 \
-subj '/CN=sni-support-required-for-valid-ssl' \
-keyout /etc/ssl/resty-auto-ssl-fallback.key \
-out /etc/ssl/resty-auto-ssl-fallback.crt \
&& openssl dhparam -out /usr/local/openresty/nginx/conf/dhparam.pem 2048 \
# let's remove default open resty configuration, we'll conditionally add modified version in entrypoint.sh
&& rm /etc/nginx/conf.d/default.conf
COPY nginx.conf snippets /usr/local/openresty/nginx/conf/
COPY entrypoint.sh /entrypoint.sh
VOLUME /etc/resty-auto-ssl
ENTRYPOINT ["/entrypoint.sh"]
CMD ["/usr/local/openresty/bin/openresty", "-g", "daemon off;"]