mirror of https://github.com/keeweb/keeweb.git
docker container
This commit is contained in:
parent
b33dcd2331
commit
ad24e24633
|
@ -0,0 +1,34 @@
|
||||||
|
# KeeWeb official docker container
|
||||||
|
# https://keeweb.info
|
||||||
|
# (C) Antelle 2016, MIT license https://github.com/antelle/keeweb
|
||||||
|
# Based on nginx-ssl-secure https://github.com/MarvAmBass/docker-nginx-ssl-secure/
|
||||||
|
|
||||||
|
# docker build -t keeweb .
|
||||||
|
# docker run --name keeweb -d -p 443:443 keeweb
|
||||||
|
|
||||||
|
FROM nginx:stable
|
||||||
|
MAINTAINER Antelle "antelle.net@gmail.com"
|
||||||
|
|
||||||
|
# install
|
||||||
|
RUN apt-get -y update && apt-get -y install git openssl
|
||||||
|
|
||||||
|
# setup nginx
|
||||||
|
RUN rm -rf /etc/nginx/conf.d/*; \
|
||||||
|
mkdir -p /etc/nginx/cert
|
||||||
|
|
||||||
|
RUN sed -i 's/access_log.*/access_log \/dev\/stdout;/g' /etc/nginx/nginx.conf; \
|
||||||
|
sed -i 's/error_log.*/error_log \/dev\/stdout info;/g' /etc/nginx/nginx.conf; \
|
||||||
|
sed -i 's/^pid/daemon off;\npid/g' /etc/nginx/nginx.conf
|
||||||
|
|
||||||
|
ADD keeweb.conf /etc/nginx/conf.d/keeweb.conf
|
||||||
|
|
||||||
|
ADD entrypoint.sh /opt/entrypoint.sh
|
||||||
|
RUN chmod a+x /opt/entrypoint.sh
|
||||||
|
|
||||||
|
ENTRYPOINT ["/opt/entrypoint.sh"]
|
||||||
|
CMD ["nginx"]
|
||||||
|
|
||||||
|
# clone keeweb
|
||||||
|
RUN git clone --depth 1 --single-branch --branch gh-pages https://github.com/antelle/keeweb.git
|
||||||
|
|
||||||
|
EXPOSE 443
|
|
@ -0,0 +1,23 @@
|
||||||
|
License of nginx-ssl-secure, https://github.com/MarvAmBass/docker-nginx-ssl-secure/
|
||||||
|
|
||||||
|
The MIT License (MIT)
|
||||||
|
|
||||||
|
Copyright (c) 2014 Marvin
|
||||||
|
|
||||||
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||||
|
of this software and associated documentation files (the "Software"), to deal
|
||||||
|
in the Software without restriction, including without limitation the rights
|
||||||
|
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||||
|
copies of the Software, and to permit persons to whom the Software is
|
||||||
|
furnished to do so, subject to the following conditions:
|
||||||
|
|
||||||
|
The above copyright notice and this permission notice shall be included in all
|
||||||
|
copies or substantial portions of the Software.
|
||||||
|
|
||||||
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
|
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||||
|
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||||
|
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||||
|
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||||
|
SOFTWARE.
|
|
@ -0,0 +1,37 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
echo "Welcome to KeeWeb docker container!"
|
||||||
|
|
||||||
|
if [ -z ${DH_SIZE+x} ]
|
||||||
|
then
|
||||||
|
>&2 echo ">> no \$DH_SIZE specified using default"
|
||||||
|
DH_SIZE="2048"
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
DH="/etc/nginx/cert/dh.pem"
|
||||||
|
|
||||||
|
if [ ! -e "$DH" ]
|
||||||
|
then
|
||||||
|
echo ">> seems like the first start of nginx"
|
||||||
|
echo ">> doing some preparations..."
|
||||||
|
echo ""
|
||||||
|
|
||||||
|
echo ">> generating $DH with size: $DH_SIZE"
|
||||||
|
openssl dhparam -out "$DH" $DH_SIZE
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -e "/etc/nginx/cert/cert.pem" ] || [ ! -e "/etc/nginx/cert/key.pem" ]
|
||||||
|
then
|
||||||
|
echo ">> generating self signed cert"
|
||||||
|
openssl req -x509 -newkey rsa:4086 \
|
||||||
|
-subj "/C=XX/ST=XXXX/L=XXXX/O=XXXX/CN=localhost" \
|
||||||
|
-keyout "/etc/nginx/cert/key.pem" \
|
||||||
|
-out "/etc/nginx/cert/cert.pem" \
|
||||||
|
-days 3650 -nodes -sha256
|
||||||
|
fi
|
||||||
|
|
||||||
|
# exec CMD
|
||||||
|
echo ">> exec docker CMD"
|
||||||
|
echo "$@"
|
||||||
|
exec "$@"
|
|
@ -0,0 +1,32 @@
|
||||||
|
server {
|
||||||
|
listen 443 ssl;
|
||||||
|
root /keeweb;
|
||||||
|
index index.html;
|
||||||
|
server_name localhost;
|
||||||
|
ssl_certificate /etc/nginx/cert/cert.pem;
|
||||||
|
ssl_certificate_key /etc/nginx/cert/key.pem;
|
||||||
|
|
||||||
|
# hide nginx version
|
||||||
|
server_tokens off;
|
||||||
|
|
||||||
|
# add nosniff header (https://www.owasp.org/index.php/List_of_useful_HTTP_headers)
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
|
||||||
|
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
|
||||||
|
|
||||||
|
# Getting a high secure SSL configured system
|
||||||
|
|
||||||
|
# Tutorials used:
|
||||||
|
# https://scotthelme.co.uk/a-plus-rating-qualys-ssl-test/
|
||||||
|
# http://www.howtoforge.com/ssl-perfect-forward-secrecy-in-nginx-webserver
|
||||||
|
|
||||||
|
# enable dh
|
||||||
|
ssl_dhparam /etc/nginx/cert/dh.pem;
|
||||||
|
|
||||||
|
# protocols
|
||||||
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # disable poodle
|
||||||
|
|
||||||
|
# ciphers
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
|
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
|
||||||
|
}
|
|
@ -4,6 +4,7 @@ Release notes
|
||||||
##### v1.2.0 (TBD)
|
##### v1.2.0 (TBD)
|
||||||
`+` allow selecting attachments with click
|
`+` allow selecting attachments with click
|
||||||
`+` save groups collapsed/expanded state
|
`+` save groups collapsed/expanded state
|
||||||
|
`+` docker container
|
||||||
`+` edit and remove tags
|
`+` edit and remove tags
|
||||||
`+` register file associations
|
`+` register file associations
|
||||||
`-` prevent second app instance on windows
|
`-` prevent second app instance on windows
|
||||||
|
|
Loading…
Reference in New Issue