hoellen/dockerfiles
1
0
Fork 0
mirror of https://github.com/hoellen/dockerfiles.git synced 2025-04-20 04:19:18 +00:00
Code Issues Projects Releases Wiki Activity

reverse: add configuration files

Browse Source
This commit is contained in:
Wonderfall 2016-05-27 17:51:57 +02:00
parent ffdc56fb65
commit dd53f09501
5 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
reverse/Dockerfile
View File

@ -110,6 +110,9 @@ RUN echo "@commuedge http://nl.alpinelinux.org/alpine/edge/community" >> /etc/ap
COPY nginx.conf /etc/nginx/conf/nginx.conf COPY nginx.conf /etc/nginx/conf/nginx.conf
COPY run.sh /usr/local/bin/run.sh COPY run.sh /usr/local/bin/run.sh
COPY ngxpasswd /usr/local/bin/ngxpasswd COPY ngxpasswd /usr/local/bin/ngxpasswd
COPY ssl_params_d.conf /conf.d/ssl_params_d.conf
COPY headers_params_d.conf /conf.d/headers_params_d.conf
COPY proxy_params_d.conf /conf.d/proxy_params_d.conf
RUN chmod +x /usr/local/bin/* RUN chmod +x /usr/local/bin/*

2
reverse/README.md
View File

@ -1,6 +1,7 @@
## wonderfall/reverse ## wonderfall/reverse
![](https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/115px-Nginx_logo.svg.png) ![](https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/115px-Nginx_logo.svg.png)
![](https://upload.wikimedia.org/wikipedia/commons/thumb/a/a1/OpenSSL_logo.png/220px-OpenSSL_logo.png) ![](https://upload.wikimedia.org/wikipedia/commons/thumb/a/a1/OpenSSL_logo.png/220px-OpenSSL_logo.png)
#### What is this? #### What is this?
@ -38,3 +39,4 @@ It is required to chown your certs files with the right uid/pid and change the `
#### How to use it? #### How to use it?
https://github.com/hardware/mailserver/wiki/Reverse-proxy-configuration https://github.com/hardware/mailserver/wiki/Reverse-proxy-configuration
Some configuration files located in `/conf.d` are already provided, you can use them with the `include` directive. `ssl_params_d.conf` and `headers_params_d.conf` provide strong security, please check before or make your own configuration files...

4
reverse/headers_params_d.conf Normal file
View File

@ -0,0 +1,4 @@
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";

6
reverse/proxy_params_d.conf Normal file
View File

@ -0,0 +1,6 @@
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Remote-Port $remote_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;

8
reverse/ssl_params_d.conf Normal file
View File

@ -0,0 +1,8 @@
ssl_protocols TLSv1.2;
ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305-D:ECDHE-RSA-CHACHA20-POLY1305-D:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256”;
ssl_prefer_server_ciphers on;
ssl_ecdh_curve brainpoolP512r1:sect571r1:secp521r1:secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_session_tickets off;