Add common configs for ssl and proxy
Plus small fix for ca cert path to be the same as entrypoint one Change-Id: I013aa09bfaead22eee2a0041bfc4fea9ee33d668
This commit is contained in:
parent
da5b4493a0
commit
e0603076de
|
@ -6,3 +6,5 @@ RUN apt-get update \
|
|||
&& usermod -a -G microservices www-data
|
||||
|
||||
COPY nginx.conf /etc/nginx/nginx.conf
|
||||
COPY nginx_proxy-headers.conf /etc/nginx/common/proxy-headers.conf
|
||||
COPY nginx_ssl.conf /etc/nginx/common/ssl.conf
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
proxy_set_header Host $host:$server_port;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
@ -0,0 +1,7 @@
|
|||
ssl on;
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_certificate /opt/ccp/etc/tls/server-cert.pem;
|
||||
ssl_certificate_key /opt/ccp/etc/tls/server-key.pem;
|
|
@ -5,4 +5,3 @@ configs:
|
|||
cont: 80
|
||||
service: null
|
||||
service_internal_port: 8080
|
||||
ciphers: "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
|
||||
|
|
|
@ -15,7 +15,7 @@ service:
|
|||
|
||||
files:
|
||||
ca_cert:
|
||||
path: /opt/ccp/etc/tls/ca-cert.pem
|
||||
path: /opt/ccp/etc/tls/ca.pem
|
||||
content: ca-cert.pem.j2
|
||||
perm: "0400"
|
||||
user: www-data
|
||||
|
|
Loading…
Reference in New Issue