Public Repository

Last pushed: 10 months ago
Short Description
Docker image with nginx, ssl and http2 support
Full Description

Source at https://github.com/gustavopaes/nginx-ssl-h2.

Dockerfile example

Dockerfile example using my image on docker hub:

FROM gustavopaes/nginx-ssl-h2

# site config
COPY default.conf /etc/nginx/sites-enabled/default

# ssl
COPY cert/fullchain.pem /etc/nginx/ssl/fullchain.pem
COPY cert/privkey.pem /etc/nginx/ssl/privkey.pem
COPY cert/dhparam.pem /etc/nginx/ssl/dhparam.pem

VOLUME /var/www

EXPOSE 80 443

CMD ["nginx"]

Command line example

You can use volumes to site config, certificates and public data:

docker pull gustavopaes/nginx-ssl-h2

docker run -p 127.0.0.1:80:80 -p 127.0.0.1:443:443 -i \
    -v /home/user/website/nginx/cert:/etc/ngx/ssl/ \
    -v /home/user/website/nginx/default.conf:/etc/nginx/sites-enabled/default \
    -v /home/user/website/public/:/var/www \
    gustavopaes/nginx-ssl-h2 \
    nginx

/local/path/to/certs/ need to have all three files:

  • fullchain.pem
  • privkey.pem
  • dhparam.pem

why and how create dhparam.pem file?

The main objective is to get "A" rating on Qualys SSL Labs, and to do that is necessary to create your own dhparam. You can read more on Forward Secrecy & Diffie Hellman Ephemeral Parameters.

openssl dhparam -out dhparam.pem 4096
(will take long long time)

basic nginx site configuration

You don't need configure any certification path or SSL configuration on your nginx site conf.

server {
  listen 443 ssl http2;
  server_name www.yourdomain.com.br;

  index index.htm index.hml;
  root /var/www/;
  charset utf-8;

  location / {
    error_page 404 /index.htm;
  }
}

strongly inspired on Ehekatl code

Docker Pull Command
Owner
gustavopaes

Comments (0)