hoellen/dockerfiles
1
0
Fork 0
mirror of https://github.com/hoellen/dockerfiles.git synced 2025-04-20 04:19:18 +00:00
Code Issues Projects Releases Wiki Activity

reverse: add ocsp stapling support

Browse Source
This commit is contained in:
root 2017-09-18 18:50:55 +02:00
parent 43b9cb8c41
commit c8ca237ca7
3 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
reverse/rootfs/nginx/conf.d/ocsp.conf Normal file
View File

@ -0,0 +1,4 @@
ssl_stapling on;
ssl_stapling_verify on;
resolver 84.200.69.80 84.200.70.40 valid=300s;
resolver_timeout 5s;

1
reverse/rootfs/nginx/sites-enabled/template_ssl
View File

@ -18,6 +18,7 @@ server {
include /nginx/conf.d/ssl.conf; include /nginx/conf.d/ssl.conf;
include /nginx/conf.d/headers.conf; include /nginx/conf.d/headers.conf;
include /nginx/conf.d/hsts.conf; include /nginx/conf.d/hsts.conf;
include /nginx/conf.d/ocsp.conf;
include /nginx/path.d/<frontend_domain>/*.conf; include /nginx/path.d/<frontend_domain>/*.conf;

9
reverse/rootfs/usr/local/bin/startup
View File

@ -42,6 +42,9 @@ f_gen_sites_enabled() {
if [ "${FRONTEND_HEADERS}" == "false" ]; then if [ "${FRONTEND_HEADERS}" == "false" ]; then
sed -i -e "s|include /nginx/conf.d/headers.conf|#include /nginx/conf.d/headers.conf|g" /nginx/sites-enabled/${FRONTEND_DOMAIN}.conf sed -i -e "s|include /nginx/conf.d/headers.conf|#include /nginx/conf.d/headers.conf|g" /nginx/sites-enabled/${FRONTEND_DOMAIN}.conf
fi fi
if [ "${FRONTEND_OCSP}" == "false" ]; then
sed -i -e "s|include /nginx/conf.d/ocsp.conf|#include /nginx/conf.d/ocsp.conf|g" /nginx/sites-enabled/${FRONTEND_DOMAIN}.conf
fi
} }
f_gen_location() { f_gen_location() {
@ -109,6 +112,7 @@ f_make_conf() {
FRONTEND_AUTH="" FRONTEND_AUTH=""
FRONTEND_HSTS=true FRONTEND_HSTS=true
FRONTEND_HEADERS=true FRONTEND_HEADERS=true
FRONTEND_OCSP=true
container_name=$1 container_name=$1
IFS=$'\n' IFS=$'\n'
@ -140,12 +144,15 @@ f_make_conf() {
"reverse.frontend.hsts") "reverse.frontend.hsts")
FRONTEND_HSTS="$(echo ${label} | awk '{print $2}')" FRONTEND_HSTS="$(echo ${label} | awk '{print $2}')"
;; ;;
"reverse.frontend.ocsp")
FRONTEND_OCSP="$(echo ${label} | awk '{print $2}')"
;;
"reverse.backend.port") "reverse.backend.port")
BACKEND_PORT="$(echo ${label} | awk '{print $2}')" BACKEND_PORT="$(echo ${label} | awk '{print $2}')"
;; ;;
esac esac
done done
f_log INF "Generate files for ${FRONTEND_DOMAIN}, with path=${FRONTEND_PATH}, auth=${FRONTEND_AUTH}, hsts=${FRONTEND_HEADERS}, ssl_type=${FRONTEND_SSLTYPE}, ssl=${FRONTEND_SSL}, hsts=${FRONTEND_HSTS} and port=${BACKEND_PORT}" f_log INF "Generate files for ${FRONTEND_DOMAIN}, with path=${FRONTEND_PATH}, auth=${FRONTEND_AUTH}, headers=${FRONTEND_HEADERS}, ssl_type=${FRONTEND_SSLTYPE}, ssl=${FRONTEND_SSL}, hsts=${FRONTEND_HSTS}, ocsp=${FRONTEND_OCSP} and port=${BACKEND_PORT}"
f_gen_location ${container_name} f_gen_location ${container_name}
f_gen_sites_enabled f_gen_sites_enabled
f_gen_certs ${container_name} f_gen_certs ${container_name}