I have made modifications for my selfish needs but it should be generic enough for general use.
- This image assumes the hostname
app2will connect to the containers running the unicorn servers. Basic load balancing is configured, however it is perfectly okay to have only one unicorn server container running.
- This image assumes the SSL certificate and key files are located at
/etc/nginx/certs/privkey.pemon the container respectively.
- The SSL cipher suite is the 'moderate' profile cipher suite recommended by Mozilla.
- The SSL cipher suite disables non-EC Diffie-Hellman key exchange to avoid the need to generate a Diffie-Hellman group. For more information visti: https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/. In a future update, I may write a
entrypoint.shto generate a DH group in the container.
- For connections coming from CloudFlare, preserve the originating IP of the visitor.
Copyright (c) 2016 Gordon Chan. Released under the MIT License. It is free software, and may be redistributed under the terms specified in the LICENSE file.