Public | Automated Build

Last pushed: 2 years ago
Short Description
NginX server for SSL/TLS configuration classes
Full Description

NginX server for SSL/TLS configuration classes


This project is intended for educating clients and students about proper SSL/TLS
configuration. It has been tested on Docker 1.9.1, and includes the following

  • OpenSSL 1.0.1e
  • NginX 1.7.12


Download code:

git clone
cd nginx-ssl

Get Docker machine:

docker pull injcristianrojas/nginx-ssl


Start server instance:

docker run --name nginx-server --rm -p 80:80 -p 443:443 injcristianrojas/nginx-ssl

Shell access:

docker exec -it nginx-server /bin/bash


To modify the server's SSL/TLS configuration, you can modify default.conf,
and add/modify your ssl_* parameters. When you're done, first copy default.conf
to the running machine like this:

docker cp default.conf nginx-server:/etc/nginx/conf.d/default.conf

Then, inside the machine, reload the server's configuration using:

nginx -s reload


The best tool available for SSL/TLS configuration testing is
Qualys' SSL Test, but it requires the
server to be exposed online. Since we don't want to do
that just yet, an excellent tool is jhevent's

To use this tool, you should clone its repo and start working with it. It
requires Python and a good version of OpenSSL:

git clone
cd cipherscan

We can do two things with it:

View HTTPS configuration

In this case, we can see the server's configuration: Its protocols, cipher
suites, cipher order, etc:

./cipherscan -o /usr/bin/openssl localhost

Assess HTTPS security

This task compares the server's current configuration against Mozilla's recommended configurations,
and reports the steps to be taken to match anyone
of these configurations. If the server meets any of them, it reports that as

./ -o /usr/bin/openssl -t localhost
Docker Pull Command
Source Repository