lot of small changes in makefile and conf files, but ssl doesnt work so far

2022-09-01 00:32:24 +02:00
parent 5fa7bb5a79
commit b0a0a2fbd6
6 changed files with 51 additions and 48 deletions
--- a/srcs/docker-compose.yml
+++ b/srcs/docker-compose.yml
@@ -9,7 +9,7 @@ version: "3.8"

 services:

-#---------------------------------
+# ---------------------------------

  test:
    build:
@@ -18,16 +18,18 @@ services:
    image: test
    container_name: mytest

-#---------------------------------
+# ---------------------------------

  nginx:
+#    restart: on-failure
    ports:
      - "80:80"
+      - "443:443"
    build:
      context: ./requirements/nginx
      dockerfile: Dockerfile
    image: nginx
    container_name: mynginx

-#---------------------------------
+# ---------------------------------

--- a/srcs/requirements/nginx/Dockerfile
+++ b/srcs/requirements/nginx/Dockerfile
@@ -4,7 +4,7 @@ RUN apt update && apt install -y nginx openssl

 # create ssl certificate
 RUN openssl req -newkey rsa:2048 -nodes -x509 \
-	-keyout /etc/nginx/cert/hulamy.42.fr.key -out /etc/nginx/cert/hulamy.42.fr.crt \
+	-keyout /etc/ssl/private/hulamy.42.fr.key -out /etc/ssl/certs/hulamy.42.fr.crt \
 	-subj "/C=fr/ST=ile-de-france/L=paris/O=42/OU=inception/CN=hulamy.42.fr"

 # import sites conf files
@@ -49,4 +49,4 @@ CMD [ "nginx", "-g", "daemon off;" ]
 #     - `nodes` create a private key without encryption (no passphrase needed)
 #
 # SO discussion about becomming a real CA to have a certificate that works in deployement : https://stackoverflow.com/questions/10175812/how-to-generate-a-self-signed-ssl-certificate-using-openssl
-
+#
--- a/srcs/requirements/nginx/conf/inception_nginx.conf
+++ b/srcs/requirements/nginx/conf/inception_nginx.conf
@@ -6,19 +6,19 @@ server {
 	location /images/	{ root /data; }
 }

-server {
-	listen				443 ssl;										# for ipv4, on port 443, specifying that accepted connections should works in ssl mode
-	listen				[::]:443 ssl;									# for ipv6
-	server_name			hulamy.42.fr;
-	ssl_certificate		/etc/nginx/cert/hulamy.42.fr.crt				# specifies the file with the ssl certificate (self signed here) generated by openssl
-	ssl_certificate-key	/etc/nginx/cert/hulamy.42.fr.key				# specifies the file with the secret key of the certificate
-
-	root /var/www/html;													# contains default nginx index.nginx-debian.html
-	index index.html index.htm index.nginx-debian.html index.php;		# defines files that will be used as index (https://nginx.org/en/docs/http/ngx_http_index_module.html)
-
-	location / {
-		try_files $uri $uri/ =404;										# from /etc/nginx/sites-enabled/default : First attempt to serve request as file, then as directory, then fall back to displaying a 404
-		# test
-		root /data/www;
-	}
-}
+#server {
+#	listen				443 ssl;										# for ipv4, on port 443, specifying that accepted connections should works in ssl mode
+#	listen				[::]:443 ssl;									# for ipv6
+#	server_name			hulamy.42.fr;
+#	ssl_certificate		/etc/ssl/certs/hulamy.42.fr.crt					# specifies the file with the ssl certificate (self signed here) generated by openssl
+#	ssl_certificate_key	/etc/ssl/private/hulamy.42.fr.key				# specifies the file with the secret key of the certificate
+#
+#	root /var/www/html;													# contains default nginx index.nginx-debian.html
+#	index index.html index.htm index.nginx-debian.html index.php;		# defines files that will be used as index (https://nginx.org/en/docs/http/ngx_http_index_module.html)
+#
+#	location / {
+#		try_files $uri $uri/ =404;										# from /etc/nginx/sites-enabled/default : First attempt to serve request as file, then as directory, then fall back to displaying a 404
+#		# test
+#		root /data/www;
+#	}
+#}
--- a/srcs/requirements/nginx/conf/nginx.conf
+++ b/srcs/requirements/nginx/conf/nginx.conf
@@ -32,7 +32,7 @@ http {																		# section for http server directives
 	# SSL Settings
 	##

-	ssl_protocols TLSv1.2; # Dropping SSLv3, ref: POODLE					# enables the specified protocols. The TLSv1.1 and TLSv1.2 parameters works only when OpenSSL 1.0.1 or higher is used, and the TLSv1.3 only when OpenSSL 1.1.1 or higher is used
+	ssl_protocols TLSv1.3; # Dropping SSLv3, ref: POODLE					# enables the specified protocols. The TLSv1.1 and TLSv1.2 parameters works only when OpenSSL 1.0.1 or higher is used, and the TLSv1.3 only when OpenSSL 1.1.1 or higher is used
 	ssl_prefer_server_ciphers on;											# Specifies that server ciphers should be preferred over client ciphers when using the SSLv3 and TLS protocols (a cipher is "an algorithm for performing encryption or decryption, a series of [...] steps that can be followed as a procedure" https://en.wikipedia.org/wiki/Cipher_suite)

 	##