86 lines
3.1 KiB
Docker
86 lines
3.1 KiB
Docker
# debian (~ 180s) --------------------------------------------
|
|
|
|
FROM debian:buster
|
|
|
|
# vim for debug
|
|
RUN apt update && apt install -y \
|
|
nginx openssl \
|
|
vim \
|
|
&& \
|
|
rm -rf /var/lib/apt/lists/*
|
|
|
|
# nginx conf
|
|
COPY ./conf/nginx.conf.debian /etc/nginx/nginx.conf
|
|
COPY ./conf/inception_nginx.conf /etc/nginx/conf.d/
|
|
|
|
# alpine (~ 45s) ---------------------------------------------
|
|
|
|
# FROM alpine:3.15
|
|
#
|
|
# # vim and bash for debug
|
|
# RUN apk update && apk add \
|
|
# nginx openssl \
|
|
# vim bash \
|
|
# && \
|
|
# rm -rf /var/cache/apk*
|
|
#
|
|
# # nginx conf
|
|
# COPY ./conf/nginx.conf.alpine /etc/nginx/nginx.conf
|
|
# COPY ./conf/inception_nginx.conf /etc/nginx/http.d/
|
|
#
|
|
# # create user www-data and assign it to group www-data
|
|
# RUN adduser -S www-data && \
|
|
# adduser www-data www-data
|
|
#
|
|
# RUN mkdir -p /var/www/html
|
|
|
|
# common -----------------------------------------------------
|
|
|
|
RUN rm -rf /var/www/html/*
|
|
|
|
# personalized index.html
|
|
COPY ./conf/index.html /data/www/
|
|
|
|
# create ssl certificate
|
|
RUN mkdir -p /etc/ssl/private /etc/ssl/certs
|
|
RUN openssl req -newkey rsa:2048 -nodes -x509 -days 365 \
|
|
-subj "/C=fr/ST=ile-de-france/L=paris/O=42/OU=inception/CN=hulamy.42.fr" \
|
|
-keyout /etc/ssl/private/hulamy.42.fr.key \
|
|
-out /etc/ssl/certs/hulamy.42.fr.crt
|
|
|
|
ENTRYPOINT [ "nginx", "-g", "daemon off;" ]
|
|
|
|
|
|
#
|
|
# -g 'daemon off' :
|
|
# daemon off, to avoid the main process of nginx to quit after creating its childs, and therefore make docker exit
|
|
# https://stackoverflow.com/questions/18861300/how-to-run-nginx-within-a-docker-container-without-halting
|
|
#
|
|
# ssl certificate :
|
|
# openssl faq : https://www.openssl.org/docs/faq.html
|
|
# openssl req : create ertificate request, and optionally create self signed certificates
|
|
# openssl req man : https://www.openssl.org/docs/man1.0.2/man1/openssl-req.html
|
|
# exemple of openssl with nginx on docker : https://www.johnmackenzie.co.uk/posts/using-self-signed-ssl-certificates-with-docker-and-nginx/
|
|
#
|
|
# usually the steps are :
|
|
# - create a server private key : `openssl genrsa -out server.key 2048`
|
|
# - create a CSR (certificate signing request) with the key : `openssl req -new -key server.key -out www.exemple.com.csr`
|
|
# - it will ask for :
|
|
# - Country Name (2 letter code)
|
|
# - State or Province Name (full name)
|
|
# - Locality Name (eg, city)
|
|
# - Organization Name (eg, company)
|
|
# - Organizational Unit Name (eg, section)
|
|
# - Common Name (eg, fully qualified host name)
|
|
# - Email Address (put nothing)
|
|
# - now ask to a CA (certificate authority) for a certificate.crt by giving them your request.csr
|
|
#
|
|
# alternatively we can generate our self-signed certificate with the `openssl req` command :
|
|
# - `x509` option is used to output a certificate instead of a certificate request
|
|
# - a request is created from scratch, if it is not given with `-in`
|
|
# - `newkey` generate a new private key, unless `-key` is given
|
|
# - `nodes` create a private key without encryption (no passphrase needed)
|
|
#
|
|
# SO discussion about becomming a real CA to have a certificate that works in deployement : https://stackoverflow.com/questions/10175812/how-to-generate-a-self-signed-ssl-certificate-using-openssl
|
|
#
|