ab-docker
/
ab-nginx
1
0
Fork 0
Code Issues Pull Requests Releases 7 Wiki Activity

isolate SSL config from user configs

This commit is contained in:
Asif Bacchus 2019-10-17 16:30:35 -06:00
parent 9e9ac0adee
commit 2a25edcc42
5 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
build/config/config/note Normal file
View File

@ -0,0 +1,2 @@
This entire directory should be overwritten via bind-mount in a production
environment

1
build/config/nginx.conf
View File

@ -42,6 +42,7 @@ http {
server_tokens off;
real_ip_recursive on;
resolver 1.1.1.1;
include /etc/nginx/ssl-config/*.conf;
include /etc/nginx/config/*.conf;
# include enabled server blocks from sites/*.conf

0
build/config/config/mozIntermediate_ssl.conf.disabled → build/config/ssl-config/mozIntermediate_ssl.conf.disabled
View File

0
build/config/config/mozModern_ssl.conf.disabled → build/config/ssl-config/mozModern_ssl.conf.disabled
View File

12
build/entrypoint.sh
View File

@ -14,9 +14,9 @@ printf "done\n"
if [ "$HSTS" = TRUE ]; then
printf "Activating HSTS configuration... "
sed -i -e "s/^#add_header/add_header/" \
/etc/nginx/config/mozIntermediate_ssl.conf.disabled
/etc/nginx/ssl-config/mozIntermediate_ssl.conf.disabled
sed -i -e "s/^#add_header/add_header/" \
/etc/nginx/config/mozModern_ssl.conf.disabled
/etc/nginx/ssl-config/mozModern_ssl.conf.disabled
printf "done\n"
fi
@ -29,8 +29,8 @@ if [ "$TLS13_ONLY" = FALSE ]; then
printf "Certificates found. Securing deployment using TLS 1.2\n"
# activate shared SSL configuration file
mv /etc/nginx/config/mozIntermediate_ssl.conf.disabled \
/etc/nginx/config/mozIntermediate_ssl.conf
mv /etc/nginx/ssl-config/mozIntermediate_ssl.conf.disabled \
/etc/nginx/ssl-config/mozIntermediate_ssl.conf
if [ -f "/etc/nginx/sites/note" ]; then
# activate SSL test server block & deactivate normal one
@ -47,8 +47,8 @@ elif [ "$TLS13_ONLY" = TRUE ]; then
printf "Certificates found. Securing deployment using TLS 1.3\n"
# activate shared SSL configuration file
mv /etc/nginx/config/mozModern_ssl.conf.disabled \
/etc/nginx/config/mozModern_ssl.conf
mv /etc/nginx/ssl-config/mozModern_ssl.conf.disabled \
/etc/nginx/ssl-config/mozModern_ssl.conf
if [ -f "/etc/nginx/sites/note" ]; then
# activate SSL test server block & deactivate normal one