Dockerfile 1.07 KiB
FROM nginx:1.21.3-alpine
# hadolint ignore=DL3018
RUN rm -rf /etc/nginx/conf./* && \
chmod 777 /run && \
apk add --no-cache --update libcap openssl && \
curl https://letsencrypt.org/certs/isrg-root-ocsp-x1.pem.txt > /etc/ssl/ocsp.pem && \
mkdir /var/ssl &&\
curl https://ssl-config.mozilla.org/ffdhe2048.txt > /var/ssl/dhparams &&\
chmod 644 /var/ssl/dhparams && \
install -d -m 755 -o root -g root /etc/nginx/snippets && \
install -d -m 755 -o root -g root /var/ssl && \
install -d -m 700 -o nginx -g nginx /var/cache/nginx && \
openssl req -x509 \
-newkey rsa:4096 \
-keyout /var/ssl/site.key \
-nodes \
-out /var/ssl/site.crt \
-batch && \
setcap CAP_NET_BIND_SERVICE=+ep "$(command -v nginx)" && \
chown nginx /var/ssl/site.*
COPY www/ /var/www/
COPY conf.d/ /etc/nginx/conf.d/
COPY snippets/ /etc/nginx/snippets/
USER nginx
RUN nginx -t
HEALTHCHECK CMD curl --fail --verbose --user-agent 'Docker health check' --header "Host: status" http://localhost/ || exit 1