woggioni/docker-images
1
0
Fork 0
Code Actions Packages Releases Activity

fixed nginx imageTLS configuration
Some checks failed
CI / Build nginx docker images (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Walter Oggioni
2025-09-08 04:18:27 +08:00
parent 5dad514ef4
commit e7f6352c7a
4 changed files with 21 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitea/workflows/build-nginx.yaml
View File

@@ -7,7 +7,7 @@ on:
- '.gitea/workflows/build-nginx.yaml'
jobs:
"Build nginx docker images":
runs-on: woryzen
runs-on: hostinger
steps:
-
name: Set up Docker Buildx

2
nginx/Dockerfile
View File

@@ -95,8 +95,10 @@ RUN --mount=type=cache,target=/var/cache/apk \
(cd nginx && sh /install.sh)
RUN --mount=type=cache,target=/var/cache/apk apk del .install_deps
COPY --from=build /home/luser/libressl/openssl.cnf /etc/ssl/openssl.cnf
COPY conf/nginx.conf /etc/nginx/nginx.conf
COPY conf/nginx.vh.no-default.conf /etc/nginx/conf.d/default.conf
COPY conf/dhparam /etc/nginx/dhparam
LABEL description="NGINX Docker built top of LibreSSL" \
maintainer="Walter Oggioni <oggioni.walter@gmail.com>" \

8
nginx/conf/dhparam Normal file
View File

@@ -0,0 +1,8 @@
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
-----END DH PARAMETERS-----

14
nginx/conf/nginx.conf
View File

@@ -40,13 +40,15 @@ http {
keepalive_disable msie6;
ssl_protocols TLSv1.3;
ssl_ecdh_curve X25519:P-521:P-384;
ssl_ciphers TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-CAMELLIA256-SHA256:DHE-RSA-CAMELLIA256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA256:CAMELLIA256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA256:CAMELLIA128-SHA;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 1h;
# intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ecdh_curve X25519:prime256v1:secp384r1;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# see also ssl_session_ticket_key alternative to stateful session cache
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
http2 on;