mirror of https://github.com/keeweb/keeweb.git
fixes
This commit is contained in:
parent
ad24e24633
commit
89ee918062
|
@ -4,7 +4,7 @@
|
|||
# Based on nginx-ssl-secure https://github.com/MarvAmBass/docker-nginx-ssl-secure/
|
||||
|
||||
# docker build -t keeweb .
|
||||
# docker run --name keeweb -d -p 443:443 keeweb
|
||||
# docker run --name keeweb -d -p 443:443 -p 80:80 keeweb
|
||||
|
||||
FROM nginx:stable
|
||||
MAINTAINER Antelle "antelle.net@gmail.com"
|
||||
|
@ -32,3 +32,4 @@ CMD ["nginx"]
|
|||
RUN git clone --depth 1 --single-branch --branch gh-pages https://github.com/antelle/keeweb.git
|
||||
|
||||
EXPOSE 443
|
||||
EXPOSE 80
|
||||
|
|
|
@ -6,27 +6,30 @@ server {
|
|||
ssl_certificate /etc/nginx/cert/cert.pem;
|
||||
ssl_certificate_key /etc/nginx/cert/key.pem;
|
||||
|
||||
# hide nginx version
|
||||
server_tokens off;
|
||||
|
||||
# add nosniff header (https://www.owasp.org/index.php/List_of_useful_HTTP_headers)
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
|
||||
|
||||
# Getting a high secure SSL configured system
|
||||
|
||||
# Tutorials used:
|
||||
# https://scotthelme.co.uk/a-plus-rating-qualys-ssl-test/
|
||||
# http://www.howtoforge.com/ssl-perfect-forward-secrecy-in-nginx-webserver
|
||||
|
||||
# enable dh
|
||||
ssl_dhparam /etc/nginx/cert/dh.pem;
|
||||
|
||||
# protocols
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # disable poodle
|
||||
|
||||
# ciphers
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
location ~ /\. {
|
||||
deny all;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
server_name _;
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue