Verified Commit 84df4caf authored by tr's avatar tr
Browse files

Configure on base of environment

parent b80f575d
......@@ -95,10 +95,12 @@ RUN mkdir -p /var/log/{nginx,modsecurity} && \
ln -sf /dev/stdout /var/log/nginx/access.log && \
ln -sf /dev/stderr /var/log/nginx/error.log
COPY entrypoint.sh /usr/local/bin/entrypoint
COPY rules.conf /etc/modsecurity/rules/
ENTRYPOINT ["/usr/local/bin/entrypoint"]
VOLUME /etc/modsecurity/rules/
EXPOSE 80
EXPOSE 80 443
STOPSIGNAL SIGQUIT
......
#!/usr/bin/env bash
if [ -n "$SERVER_NAME" ]; then
sed \
-e "s#server_name.*#server_name $SERVER_NAME;#" \
-i /etc/nginx/conf.d/default.conf
fi
if [ -n "$TLS_KEY" ] && [ -n "$TLS_CERT" ]; then
if [ ! -f "$TLS_KEY" ] && [ ! -f "$TLS_CERT" ]; then
openssl req \
-x509 \
-nodes \
-subj "/CN=${SERVER_NAME:-localhost}" \
-newkey rsa:4096 \
-keyout "$TLS_KEY" \
-out "$TLS_CERT" \
-days 365
fi
sed \
-e "s#\(listen[[:space:]]\+\)\*:80.*#\1*:443 ssl http2 default;#" \
-e "s#\(listen[[:space:]]\+\)\\[::\]:80.*#\1\[::\]:443 ssl http2 default;#" \
-e "/server_name.*/a \ \ ssl on;" \
-e "/server_name.*/a \ \ ssl_certificate_key $TLS_KEY;" \
-e "/server_name.*/a \ \ ssl_certificate $TLS_CERT;" \
-i /etc/nginx/conf.d/default.conf
fi
if [ -n "$BACKEND" ]; then
sed \
-e "/root\ .*/d" \
-e "/^\ \ location\ \/\ {$/a \ \ \ \ proxy_pass $BACKEND;" \
-e "/^\ \ location\ \/\ {$/a \ \ \ \ proxy_request_buffering off;" \
-e "/^\ \ location\ \/\ {$/a \ \ \ \ proxy_buffering off;" \
-e "/^\ \ location\ \/\ {$/a \ \ \ \ proxy_cache_use_stale off;" \
-e "/^\ \ location\ \/\ {$/a \ \ \ \ proxy_read_timeout ${PROXY_TIMEOUT:-90};" \
-e "/^\ \ location\ \/\ {$/a \ \ \ \ proxy_connect_timeout ${PROXY_TIMEOUT:-90};" \
-e "/^\ \ location\ \/\ {$/a \ \ \ \ proxy_send_timeout ${PROXY_TIMEOUT:-90};" \
-i /etc/nginx/conf.d/default.conf
fi
if [ -n "$BACKEND_TLS" ]; then
sed \
-e "/client_max_body_size.*/a \ \ proxy_ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;" \
-e "/client_max_body_size.*/a \ \ proxy_ssl_protocols TLSv1.3;" \
-e "/client_max_body_size.*/a \ \ proxy_ssl_session_reuse on;" \
-e "/client_max_body_size.*/a \ \ proxy_ssl_verify off;" \
-i /etc/nginx/conf.d/default.conf
fi
exec "$@"
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment