From bf8241025ff4d624b2804dd7eb01a0229b5bf647 Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Sat, 11 Feb 2023 14:50:56 +0200
Subject: [PATCH] Nginx; Updates.

- Update the base image.
- Remove the ssl.conf snippet, use either ssl-legacy or ssl-modern.
---
 nginx/Dockerfile        |  2 +-
 nginx/snippets/ssl.conf | 15 ---------------
 2 files changed, 1 insertion(+), 16 deletions(-)
 delete mode 100644 nginx/snippets/ssl.conf

diff --git a/nginx/Dockerfile b/nginx/Dockerfile
index cfcb831..36ca4ed 100644
--- a/nginx/Dockerfile
+++ b/nginx/Dockerfile
@@ -1,4 +1,4 @@
-FROM docker.io/nginx:1.23.1-alpine
+FROM docker.io/nginx:1.23.3-alpine
 # hadolint ignore=DL3018
 RUN rm -rf /etc/nginx/conf./* && \
     chmod 777 /run && \
diff --git a/nginx/snippets/ssl.conf b/nginx/snippets/ssl.conf
deleted file mode 100644
index 14805f9..0000000
--- a/nginx/snippets/ssl.conf
+++ /dev/null
@@ -1,15 +0,0 @@
-# vim: ft=nginx
-add_header                  Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
-add_header                  Expect-CT "max-age=86400, enforce, report-uri=\"https://www.shore.co.il/about\"";
-include                     snippets/common-headers.conf;
-ssl_certificate             /var/ssl/site.crt;
-ssl_certificate_key         /var/ssl/site.key;
-ssl_dhparam                 /var/ssl/dhparams;
-ssl_protocols               TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
-ssl_ciphers                 !AESCCM:!kRSA:!3DES:!RC4:!DES:!MD5:!aNULL:!NULL:AESGCM+ECDH:ECDH+CHACHA20:AES256+ECDH:AES128:CHACHA20:+SHA1;
-ssl_prefer_server_ciphers   on;
-ssl_session_cache           shared:SSL:50m;
-ssl_session_timeout         5m;
-ssl_stapling                on;
-ssl_stapling_verify         on;
-ssl_trusted_certificate     /etc/ssl/ocsp.pem;
-- 
GitLab