Add common configs for ssl and proxy

Plus small fix for ca cert path to be the same as entrypoint one

Change-Id: I013aa09bfaead22eee2a0041bfc4fea9ee33d668
This commit is contained in:
Proskurin Kirill 2017-02-09 10:17:41 +00:00
parent da5b4493a0
commit e0603076de
5 changed files with 14 additions and 2 deletions

View File

@ -6,3 +6,5 @@ RUN apt-get update \
&& usermod -a -G microservices www-data
COPY nginx.conf /etc/nginx/nginx.conf
COPY nginx_proxy-headers.conf /etc/nginx/common/proxy-headers.conf
COPY nginx_ssl.conf /etc/nginx/common/ssl.conf

View File

@ -0,0 +1,4 @@
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

View File

@ -0,0 +1,7 @@
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:10m;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_prefer_server_ciphers on;
ssl_certificate /opt/ccp/etc/tls/server-cert.pem;
ssl_certificate_key /opt/ccp/etc/tls/server-key.pem;

View File

@ -5,4 +5,3 @@ configs:
cont: 80
service: null
service_internal_port: 8080
ciphers: "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"

View File

@ -15,7 +15,7 @@ service:
files:
ca_cert:
path: /opt/ccp/etc/tls/ca-cert.pem
path: /opt/ccp/etc/tls/ca.pem
content: ca-cert.pem.j2
perm: "0400"
user: www-data