mirror of https://github.com/keeweb/keeweb.git
docker container
This commit is contained in:
antelle
parent
b33dcd2331
commit
ad24e24633
|
|
@ -0,0 +1,34 @@
|
|||
# KeeWeb official docker container
|
||||
# https://keeweb.info
|
||||
# (C) Antelle 2016, MIT license https://github.com/antelle/keeweb
|
||||
# Based on nginx-ssl-secure https://github.com/MarvAmBass/docker-nginx-ssl-secure/
|
||||
|
||||
# docker build -t keeweb .
|
||||
# docker run --name keeweb -d -p 443:443 keeweb
|
||||
|
||||
FROM nginx:stable
|
||||
MAINTAINER Antelle "antelle.net@gmail.com"
|
||||
|
||||
# install
|
||||
RUN apt-get -y update && apt-get -y install git openssl
|
||||
|
||||
# setup nginx
|
||||
RUN rm -rf /etc/nginx/conf.d/*; \
|
||||
mkdir -p /etc/nginx/cert
|
||||
|
||||
RUN sed -i 's/access_log.*/access_log \/dev\/stdout;/g' /etc/nginx/nginx.conf; \
|
||||
sed -i 's/error_log.*/error_log \/dev\/stdout info;/g' /etc/nginx/nginx.conf; \
|
||||
sed -i 's/^pid/daemon off;\npid/g' /etc/nginx/nginx.conf
|
||||
|
||||
ADD keeweb.conf /etc/nginx/conf.d/keeweb.conf
|
||||
|
||||
ADD entrypoint.sh /opt/entrypoint.sh
|
||||
RUN chmod a+x /opt/entrypoint.sh
|
||||
|
||||
ENTRYPOINT ["/opt/entrypoint.sh"]
|
||||
CMD ["nginx"]
|
||||
|
||||
# clone keeweb
|
||||
RUN git clone --depth 1 --single-branch --branch gh-pages https://github.com/antelle/keeweb.git
|
||||
|
||||
EXPOSE 443
|
||||
|
|
@ -0,0 +1,23 @@
|
|||
License of nginx-ssl-secure, https://github.com/MarvAmBass/docker-nginx-ssl-secure/
|
||||
|
||||
The MIT License (MIT)
|
||||
|
||||
Copyright (c) 2014 Marvin
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
|
|
@ -0,0 +1,37 @@
|
|||
#!/bin/bash
|
||||
|
||||
echo "Welcome to KeeWeb docker container!"
|
||||
|
||||
if [ -z ${DH_SIZE+x} ]
|
||||
then
|
||||
>&2 echo ">> no \$DH_SIZE specified using default"
|
||||
DH_SIZE="2048"
|
||||
fi
|
||||
|
||||
|
||||
DH="/etc/nginx/cert/dh.pem"
|
||||
|
||||
if [ ! -e "$DH" ]
|
||||
then
|
||||
echo ">> seems like the first start of nginx"
|
||||
echo ">> doing some preparations..."
|
||||
echo ""
|
||||
|
||||
echo ">> generating $DH with size: $DH_SIZE"
|
||||
openssl dhparam -out "$DH" $DH_SIZE
|
||||
fi
|
||||
|
||||
if [ ! -e "/etc/nginx/cert/cert.pem" ] || [ ! -e "/etc/nginx/cert/key.pem" ]
|
||||
then
|
||||
echo ">> generating self signed cert"
|
||||
openssl req -x509 -newkey rsa:4086 \
|
||||
-subj "/C=XX/ST=XXXX/L=XXXX/O=XXXX/CN=localhost" \
|
||||
-keyout "/etc/nginx/cert/key.pem" \
|
||||
-out "/etc/nginx/cert/cert.pem" \
|
||||
-days 3650 -nodes -sha256
|
||||
fi
|
||||
|
||||
# exec CMD
|
||||
echo ">> exec docker CMD"
|
||||
echo "$@"
|
||||
exec "$@"
|
||||
|
|
@ -0,0 +1,32 @@
|
|||
server {
|
||||
listen 443 ssl;
|
||||
root /keeweb;
|
||||
index index.html;
|
||||
server_name localhost;
|
||||
ssl_certificate /etc/nginx/cert/cert.pem;
|
||||
ssl_certificate_key /etc/nginx/cert/key.pem;
|
||||
|
||||
# hide nginx version
|
||||
server_tokens off;
|
||||
|
||||
# add nosniff header (https://www.owasp.org/index.php/List_of_useful_HTTP_headers)
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
|
||||
|
||||
# Getting a high secure SSL configured system
|
||||
|
||||
# Tutorials used:
|
||||
# https://scotthelme.co.uk/a-plus-rating-qualys-ssl-test/
|
||||
# http://www.howtoforge.com/ssl-perfect-forward-secrecy-in-nginx-webserver
|
||||
|
||||
# enable dh
|
||||
ssl_dhparam /etc/nginx/cert/dh.pem;
|
||||
|
||||
# protocols
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # disable poodle
|
||||
|
||||
# ciphers
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
|
||||
}
|
||||
|
|
@ -4,6 +4,7 @@ Release notes
|
|||
##### v1.2.0 (TBD)
|
||||
`+` allow selecting attachments with click
|
||||
`+` save groups collapsed/expanded state
|
||||
`+` docker container
|
||||
`+` edit and remove tags
|
||||
`+` register file associations
|
||||
`-` prevent second app instance on windows
|
||||
|
|
|
|||
Loading…
Reference in New Issue