Commit bf824102 authored by nimrod's avatar nimrod
Browse files

Nginx; Updates. 

- Update the base image.
- Remove the ssl.conf snippet, use either ssl-legacy or ssl-modern.
parent a90efee1

nginx/Dockerfile

+1 −1
Original line number Diff line number Diff line 
FROM docker.io/nginx:1.23.1-alpine

FROM docker.io/nginx:1.23.3-alpine

# hadolint ignore=DL3018

RUN rm -rf /etc/nginx/conf./* && \

    chmod 777 /run && \

nginx/snippets/ssl.conf

deleted100644 → 0
+0 −15
Original line number Diff line number Diff line 
# vim: ft=nginx

add_header                  Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";

add_header                  Expect-CT "max-age=86400, enforce, report-uri=\"https://www.shore.co.il/about\"";

include                     snippets/common-headers.conf;

ssl_certificate             /var/ssl/site.crt;

ssl_certificate_key         /var/ssl/site.key;

ssl_dhparam                 /var/ssl/dhparams;

ssl_protocols               TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;

ssl_ciphers                 !AESCCM:!kRSA:!3DES:!RC4:!DES:!MD5:!aNULL:!NULL:AESGCM+ECDH:ECDH+CHACHA20:AES256+ECDH:AES128:CHACHA20:+SHA1;

ssl_prefer_server_ciphers   on;

ssl_session_cache           shared:SSL:50m;

ssl_session_timeout         5m;

ssl_stapling                on;

ssl_stapling_verify         on;

ssl_trusted_certificate     /etc/ssl/ocsp.pem;