diff --git a/7.1-nginx-prod/Dockerfile b/7.1-nginx-prod/Dockerfile index 3ec06cc..93cff7d 100755 --- a/7.1-nginx-prod/Dockerfile +++ b/7.1-nginx-prod/Dockerfile @@ -1,7 +1,25 @@ +FROM debian AS cert + +WORKDIR /kool/ssl + +RUN apt-get update && \ + apt-get install -y openssl && \ + openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ + openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \ + rm server.pass.key && \ + openssl req -new -key _.localhost.key -out server.csr \ + -subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \ + openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \ + openssl x509 -in _.localhost.crt -out _.localhost.pem + FROM kooldev/php:7.1-prod ENV PHP_FPM_LISTEN=/run/php-fpm.sock \ NGINX_LISTEN=80 \ + NGINX_HTTPS=false \ + NGINX_LISTEN_HTTPS=443 \ + NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \ + NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \ NGINX_ROOT=/app/public \ NGINX_INDEX=index.php \ NGINX_CLIENT_MAX_BODY_SIZE=25M \ @@ -36,6 +54,7 @@ RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/s COPY supervisor.conf /kool/supervisor.conf COPY default.tmpl /kool/default.tmpl COPY entrypoint /kool/entrypoint +COPY --from=cert /kool/ssl /kool/ssl RUN chmod +x /kool/entrypoint EXPOSE 80 diff --git a/7.1-nginx-prod/default.tmpl b/7.1-nginx-prod/default.tmpl index d8b234a..e4d9421 100755 --- a/7.1-nginx-prod/default.tmpl +++ b/7.1-nginx-prod/default.tmpl @@ -1,6 +1,13 @@ server { listen {{ .Env.NGINX_LISTEN }} default_server; server_name _; +{{ if isTrue .Env.NGINX_HTTPS }} + listen {{ .Env.NGINX_LISTEN_HTTPS }} ssl http2; + ssl_certificate {{ .Env.NGINX_HTTPS_CERT }}; + ssl_certificate_key {{ .Env.NGINX_HTTPS_CERT_KEY }}; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!aNULL:!MD5; +{{ end }} root {{ .Env.NGINX_ROOT }}; index {{ .Env.NGINX_INDEX }}; charset utf-8; diff --git a/7.1-nginx/Dockerfile b/7.1-nginx/Dockerfile index feab87d..a8eaa7d 100755 --- a/7.1-nginx/Dockerfile +++ b/7.1-nginx/Dockerfile @@ -1,7 +1,25 @@ +FROM debian AS cert + +WORKDIR /kool/ssl + +RUN apt-get update && \ + apt-get install -y openssl && \ + openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ + openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \ + rm server.pass.key && \ + openssl req -new -key _.localhost.key -out server.csr \ + -subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \ + openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \ + openssl x509 -in _.localhost.crt -out _.localhost.pem + FROM kooldev/php:7.1 ENV PHP_FPM_LISTEN=/run/php-fpm.sock \ NGINX_LISTEN=80 \ + NGINX_HTTPS=false \ + NGINX_LISTEN_HTTPS=443 \ + NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \ + NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \ NGINX_ROOT=/app/public \ NGINX_INDEX=index.php \ NGINX_CLIENT_MAX_BODY_SIZE=25M \ @@ -36,6 +54,7 @@ RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/s COPY supervisor.conf /kool/supervisor.conf COPY default.tmpl /kool/default.tmpl COPY entrypoint /kool/entrypoint +COPY --from=cert /kool/ssl /kool/ssl RUN chmod +x /kool/entrypoint EXPOSE 80 diff --git a/7.1-nginx/default.tmpl b/7.1-nginx/default.tmpl index d8b234a..e4d9421 100755 --- a/7.1-nginx/default.tmpl +++ b/7.1-nginx/default.tmpl @@ -1,6 +1,13 @@ server { listen {{ .Env.NGINX_LISTEN }} default_server; server_name _; +{{ if isTrue .Env.NGINX_HTTPS }} + listen {{ .Env.NGINX_LISTEN_HTTPS }} ssl http2; + ssl_certificate {{ .Env.NGINX_HTTPS_CERT }}; + ssl_certificate_key {{ .Env.NGINX_HTTPS_CERT_KEY }}; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!aNULL:!MD5; +{{ end }} root {{ .Env.NGINX_ROOT }}; index {{ .Env.NGINX_INDEX }}; charset utf-8; diff --git a/7.2-nginx-prod/Dockerfile b/7.2-nginx-prod/Dockerfile index eb165c3..649bf2d 100755 --- a/7.2-nginx-prod/Dockerfile +++ b/7.2-nginx-prod/Dockerfile @@ -1,7 +1,25 @@ +FROM debian AS cert + +WORKDIR /kool/ssl + +RUN apt-get update && \ + apt-get install -y openssl && \ + openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ + openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \ + rm server.pass.key && \ + openssl req -new -key _.localhost.key -out server.csr \ + -subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \ + openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \ + openssl x509 -in _.localhost.crt -out _.localhost.pem + FROM kooldev/php:7.2-prod ENV PHP_FPM_LISTEN=/run/php-fpm.sock \ NGINX_LISTEN=80 \ + NGINX_HTTPS=false \ + NGINX_LISTEN_HTTPS=443 \ + NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \ + NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \ NGINX_ROOT=/app/public \ NGINX_INDEX=index.php \ NGINX_CLIENT_MAX_BODY_SIZE=25M \ @@ -36,6 +54,7 @@ RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/s COPY supervisor.conf /kool/supervisor.conf COPY default.tmpl /kool/default.tmpl COPY entrypoint /kool/entrypoint +COPY --from=cert /kool/ssl /kool/ssl RUN chmod +x /kool/entrypoint EXPOSE 80 diff --git a/7.2-nginx-prod/default.tmpl b/7.2-nginx-prod/default.tmpl index d8b234a..e4d9421 100755 --- a/7.2-nginx-prod/default.tmpl +++ b/7.2-nginx-prod/default.tmpl @@ -1,6 +1,13 @@ server { listen {{ .Env.NGINX_LISTEN }} default_server; server_name _; +{{ if isTrue .Env.NGINX_HTTPS }} + listen {{ .Env.NGINX_LISTEN_HTTPS }} ssl http2; + ssl_certificate {{ .Env.NGINX_HTTPS_CERT }}; + ssl_certificate_key {{ .Env.NGINX_HTTPS_CERT_KEY }}; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!aNULL:!MD5; +{{ end }} root {{ .Env.NGINX_ROOT }}; index {{ .Env.NGINX_INDEX }}; charset utf-8; diff --git a/7.2-nginx/Dockerfile b/7.2-nginx/Dockerfile index ffe2eb0..16fa3d9 100755 --- a/7.2-nginx/Dockerfile +++ b/7.2-nginx/Dockerfile @@ -1,7 +1,25 @@ +FROM debian AS cert + +WORKDIR /kool/ssl + +RUN apt-get update && \ + apt-get install -y openssl && \ + openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ + openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \ + rm server.pass.key && \ + openssl req -new -key _.localhost.key -out server.csr \ + -subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \ + openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \ + openssl x509 -in _.localhost.crt -out _.localhost.pem + FROM kooldev/php:7.2 ENV PHP_FPM_LISTEN=/run/php-fpm.sock \ NGINX_LISTEN=80 \ + NGINX_HTTPS=false \ + NGINX_LISTEN_HTTPS=443 \ + NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \ + NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \ NGINX_ROOT=/app/public \ NGINX_INDEX=index.php \ NGINX_CLIENT_MAX_BODY_SIZE=25M \ @@ -36,6 +54,7 @@ RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/s COPY supervisor.conf /kool/supervisor.conf COPY default.tmpl /kool/default.tmpl COPY entrypoint /kool/entrypoint +COPY --from=cert /kool/ssl /kool/ssl RUN chmod +x /kool/entrypoint EXPOSE 80 diff --git a/7.2-nginx/default.tmpl b/7.2-nginx/default.tmpl index d8b234a..e4d9421 100755 --- a/7.2-nginx/default.tmpl +++ b/7.2-nginx/default.tmpl @@ -1,6 +1,13 @@ server { listen {{ .Env.NGINX_LISTEN }} default_server; server_name _; +{{ if isTrue .Env.NGINX_HTTPS }} + listen {{ .Env.NGINX_LISTEN_HTTPS }} ssl http2; + ssl_certificate {{ .Env.NGINX_HTTPS_CERT }}; + ssl_certificate_key {{ .Env.NGINX_HTTPS_CERT_KEY }}; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!aNULL:!MD5; +{{ end }} root {{ .Env.NGINX_ROOT }}; index {{ .Env.NGINX_INDEX }}; charset utf-8; diff --git a/7.3-nginx-prod/Dockerfile b/7.3-nginx-prod/Dockerfile index 5a9fa96..57a20b8 100755 --- a/7.3-nginx-prod/Dockerfile +++ b/7.3-nginx-prod/Dockerfile @@ -1,7 +1,25 @@ +FROM debian AS cert + +WORKDIR /kool/ssl + +RUN apt-get update && \ + apt-get install -y openssl && \ + openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ + openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \ + rm server.pass.key && \ + openssl req -new -key _.localhost.key -out server.csr \ + -subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \ + openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \ + openssl x509 -in _.localhost.crt -out _.localhost.pem + FROM kooldev/php:7.3-prod ENV PHP_FPM_LISTEN=/run/php-fpm.sock \ NGINX_LISTEN=80 \ + NGINX_HTTPS=false \ + NGINX_LISTEN_HTTPS=443 \ + NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \ + NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \ NGINX_ROOT=/app/public \ NGINX_INDEX=index.php \ NGINX_CLIENT_MAX_BODY_SIZE=25M \ @@ -36,6 +54,7 @@ RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/s COPY supervisor.conf /kool/supervisor.conf COPY default.tmpl /kool/default.tmpl COPY entrypoint /kool/entrypoint +COPY --from=cert /kool/ssl /kool/ssl RUN chmod +x /kool/entrypoint EXPOSE 80 diff --git a/7.3-nginx-prod/default.tmpl b/7.3-nginx-prod/default.tmpl index d8b234a..e4d9421 100755 --- a/7.3-nginx-prod/default.tmpl +++ b/7.3-nginx-prod/default.tmpl @@ -1,6 +1,13 @@ server { listen {{ .Env.NGINX_LISTEN }} default_server; server_name _; +{{ if isTrue .Env.NGINX_HTTPS }} + listen {{ .Env.NGINX_LISTEN_HTTPS }} ssl http2; + ssl_certificate {{ .Env.NGINX_HTTPS_CERT }}; + ssl_certificate_key {{ .Env.NGINX_HTTPS_CERT_KEY }}; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!aNULL:!MD5; +{{ end }} root {{ .Env.NGINX_ROOT }}; index {{ .Env.NGINX_INDEX }}; charset utf-8; diff --git a/7.3-nginx/Dockerfile b/7.3-nginx/Dockerfile index fe97ecf..fe4eb75 100755 --- a/7.3-nginx/Dockerfile +++ b/7.3-nginx/Dockerfile @@ -1,7 +1,25 @@ +FROM debian AS cert + +WORKDIR /kool/ssl + +RUN apt-get update && \ + apt-get install -y openssl && \ + openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ + openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \ + rm server.pass.key && \ + openssl req -new -key _.localhost.key -out server.csr \ + -subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \ + openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \ + openssl x509 -in _.localhost.crt -out _.localhost.pem + FROM kooldev/php:7.3 ENV PHP_FPM_LISTEN=/run/php-fpm.sock \ NGINX_LISTEN=80 \ + NGINX_HTTPS=false \ + NGINX_LISTEN_HTTPS=443 \ + NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \ + NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \ NGINX_ROOT=/app/public \ NGINX_INDEX=index.php \ NGINX_CLIENT_MAX_BODY_SIZE=25M \ @@ -36,6 +54,7 @@ RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/s COPY supervisor.conf /kool/supervisor.conf COPY default.tmpl /kool/default.tmpl COPY entrypoint /kool/entrypoint +COPY --from=cert /kool/ssl /kool/ssl RUN chmod +x /kool/entrypoint EXPOSE 80 diff --git a/7.3-nginx/default.tmpl b/7.3-nginx/default.tmpl index d8b234a..e4d9421 100755 --- a/7.3-nginx/default.tmpl +++ b/7.3-nginx/default.tmpl @@ -1,6 +1,13 @@ server { listen {{ .Env.NGINX_LISTEN }} default_server; server_name _; +{{ if isTrue .Env.NGINX_HTTPS }} + listen {{ .Env.NGINX_LISTEN_HTTPS }} ssl http2; + ssl_certificate {{ .Env.NGINX_HTTPS_CERT }}; + ssl_certificate_key {{ .Env.NGINX_HTTPS_CERT_KEY }}; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!aNULL:!MD5; +{{ end }} root {{ .Env.NGINX_ROOT }}; index {{ .Env.NGINX_INDEX }}; charset utf-8; diff --git a/7.4-nginx-prod/Dockerfile b/7.4-nginx-prod/Dockerfile index c1c59b6..c8ac4d8 100755 --- a/7.4-nginx-prod/Dockerfile +++ b/7.4-nginx-prod/Dockerfile @@ -1,7 +1,25 @@ +FROM debian AS cert + +WORKDIR /kool/ssl + +RUN apt-get update && \ + apt-get install -y openssl && \ + openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ + openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \ + rm server.pass.key && \ + openssl req -new -key _.localhost.key -out server.csr \ + -subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \ + openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \ + openssl x509 -in _.localhost.crt -out _.localhost.pem + FROM kooldev/php:7.4-prod ENV PHP_FPM_LISTEN=/run/php-fpm.sock \ NGINX_LISTEN=80 \ + NGINX_HTTPS=false \ + NGINX_LISTEN_HTTPS=443 \ + NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \ + NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \ NGINX_ROOT=/app/public \ NGINX_INDEX=index.php \ NGINX_CLIENT_MAX_BODY_SIZE=25M \ @@ -36,6 +54,7 @@ RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/s COPY supervisor.conf /kool/supervisor.conf COPY default.tmpl /kool/default.tmpl COPY entrypoint /kool/entrypoint +COPY --from=cert /kool/ssl /kool/ssl RUN chmod +x /kool/entrypoint EXPOSE 80 diff --git a/7.4-nginx-prod/default.tmpl b/7.4-nginx-prod/default.tmpl index d8b234a..e4d9421 100755 --- a/7.4-nginx-prod/default.tmpl +++ b/7.4-nginx-prod/default.tmpl @@ -1,6 +1,13 @@ server { listen {{ .Env.NGINX_LISTEN }} default_server; server_name _; +{{ if isTrue .Env.NGINX_HTTPS }} + listen {{ .Env.NGINX_LISTEN_HTTPS }} ssl http2; + ssl_certificate {{ .Env.NGINX_HTTPS_CERT }}; + ssl_certificate_key {{ .Env.NGINX_HTTPS_CERT_KEY }}; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!aNULL:!MD5; +{{ end }} root {{ .Env.NGINX_ROOT }}; index {{ .Env.NGINX_INDEX }}; charset utf-8; diff --git a/7.4-nginx/Dockerfile b/7.4-nginx/Dockerfile index aba1039..c62c570 100755 --- a/7.4-nginx/Dockerfile +++ b/7.4-nginx/Dockerfile @@ -1,7 +1,25 @@ +FROM debian AS cert + +WORKDIR /kool/ssl + +RUN apt-get update && \ + apt-get install -y openssl && \ + openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ + openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \ + rm server.pass.key && \ + openssl req -new -key _.localhost.key -out server.csr \ + -subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \ + openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \ + openssl x509 -in _.localhost.crt -out _.localhost.pem + FROM kooldev/php:7.4 ENV PHP_FPM_LISTEN=/run/php-fpm.sock \ NGINX_LISTEN=80 \ + NGINX_HTTPS=false \ + NGINX_LISTEN_HTTPS=443 \ + NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \ + NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \ NGINX_ROOT=/app/public \ NGINX_INDEX=index.php \ NGINX_CLIENT_MAX_BODY_SIZE=25M \ @@ -36,6 +54,7 @@ RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/s COPY supervisor.conf /kool/supervisor.conf COPY default.tmpl /kool/default.tmpl COPY entrypoint /kool/entrypoint +COPY --from=cert /kool/ssl /kool/ssl RUN chmod +x /kool/entrypoint EXPOSE 80 diff --git a/7.4-nginx/default.tmpl b/7.4-nginx/default.tmpl index d8b234a..e4d9421 100755 --- a/7.4-nginx/default.tmpl +++ b/7.4-nginx/default.tmpl @@ -1,6 +1,13 @@ server { listen {{ .Env.NGINX_LISTEN }} default_server; server_name _; +{{ if isTrue .Env.NGINX_HTTPS }} + listen {{ .Env.NGINX_LISTEN_HTTPS }} ssl http2; + ssl_certificate {{ .Env.NGINX_HTTPS_CERT }}; + ssl_certificate_key {{ .Env.NGINX_HTTPS_CERT_KEY }}; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!aNULL:!MD5; +{{ end }} root {{ .Env.NGINX_ROOT }}; index {{ .Env.NGINX_INDEX }}; charset utf-8; diff --git a/8.0-nginx-prod/Dockerfile b/8.0-nginx-prod/Dockerfile index d1f6e5b..1d076d0 100755 --- a/8.0-nginx-prod/Dockerfile +++ b/8.0-nginx-prod/Dockerfile @@ -1,7 +1,25 @@ +FROM debian AS cert + +WORKDIR /kool/ssl + +RUN apt-get update && \ + apt-get install -y openssl && \ + openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ + openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \ + rm server.pass.key && \ + openssl req -new -key _.localhost.key -out server.csr \ + -subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \ + openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \ + openssl x509 -in _.localhost.crt -out _.localhost.pem + FROM kooldev/php:8.0-prod ENV PHP_FPM_LISTEN=/run/php-fpm.sock \ NGINX_LISTEN=80 \ + NGINX_HTTPS=false \ + NGINX_LISTEN_HTTPS=443 \ + NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \ + NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \ NGINX_ROOT=/app/public \ NGINX_INDEX=index.php \ NGINX_CLIENT_MAX_BODY_SIZE=25M \ @@ -36,6 +54,7 @@ RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/s COPY supervisor.conf /kool/supervisor.conf COPY default.tmpl /kool/default.tmpl COPY entrypoint /kool/entrypoint +COPY --from=cert /kool/ssl /kool/ssl RUN chmod +x /kool/entrypoint EXPOSE 80 diff --git a/8.0-nginx-prod/default.tmpl b/8.0-nginx-prod/default.tmpl index d8b234a..e4d9421 100755 --- a/8.0-nginx-prod/default.tmpl +++ b/8.0-nginx-prod/default.tmpl @@ -1,6 +1,13 @@ server { listen {{ .Env.NGINX_LISTEN }} default_server; server_name _; +{{ if isTrue .Env.NGINX_HTTPS }} + listen {{ .Env.NGINX_LISTEN_HTTPS }} ssl http2; + ssl_certificate {{ .Env.NGINX_HTTPS_CERT }}; + ssl_certificate_key {{ .Env.NGINX_HTTPS_CERT_KEY }}; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!aNULL:!MD5; +{{ end }} root {{ .Env.NGINX_ROOT }}; index {{ .Env.NGINX_INDEX }}; charset utf-8; diff --git a/8.0-nginx/Dockerfile b/8.0-nginx/Dockerfile index cafa167..1dc8c1d 100755 --- a/8.0-nginx/Dockerfile +++ b/8.0-nginx/Dockerfile @@ -1,7 +1,25 @@ +FROM debian AS cert + +WORKDIR /kool/ssl + +RUN apt-get update && \ + apt-get install -y openssl && \ + openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ + openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \ + rm server.pass.key && \ + openssl req -new -key _.localhost.key -out server.csr \ + -subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \ + openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \ + openssl x509 -in _.localhost.crt -out _.localhost.pem + FROM kooldev/php:8.0 ENV PHP_FPM_LISTEN=/run/php-fpm.sock \ NGINX_LISTEN=80 \ + NGINX_HTTPS=false \ + NGINX_LISTEN_HTTPS=443 \ + NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \ + NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \ NGINX_ROOT=/app/public \ NGINX_INDEX=index.php \ NGINX_CLIENT_MAX_BODY_SIZE=25M \ @@ -36,6 +54,7 @@ RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/s COPY supervisor.conf /kool/supervisor.conf COPY default.tmpl /kool/default.tmpl COPY entrypoint /kool/entrypoint +COPY --from=cert /kool/ssl /kool/ssl RUN chmod +x /kool/entrypoint EXPOSE 80 diff --git a/8.0-nginx/default.tmpl b/8.0-nginx/default.tmpl index d8b234a..e4d9421 100755 --- a/8.0-nginx/default.tmpl +++ b/8.0-nginx/default.tmpl @@ -1,6 +1,13 @@ server { listen {{ .Env.NGINX_LISTEN }} default_server; server_name _; +{{ if isTrue .Env.NGINX_HTTPS }} + listen {{ .Env.NGINX_LISTEN_HTTPS }} ssl http2; + ssl_certificate {{ .Env.NGINX_HTTPS_CERT }}; + ssl_certificate_key {{ .Env.NGINX_HTTPS_CERT_KEY }}; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!aNULL:!MD5; +{{ end }} root {{ .Env.NGINX_ROOT }}; index {{ .Env.NGINX_INDEX }}; charset utf-8; diff --git a/8.1-nginx-prod/Dockerfile b/8.1-nginx-prod/Dockerfile index d607f48..9a85d6b 100755 --- a/8.1-nginx-prod/Dockerfile +++ b/8.1-nginx-prod/Dockerfile @@ -1,7 +1,25 @@ +FROM debian AS cert + +WORKDIR /kool/ssl + +RUN apt-get update && \ + apt-get install -y openssl && \ + openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ + openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \ + rm server.pass.key && \ + openssl req -new -key _.localhost.key -out server.csr \ + -subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \ + openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \ + openssl x509 -in _.localhost.crt -out _.localhost.pem + FROM kooldev/php:8.1-prod ENV PHP_FPM_LISTEN=/run/php-fpm.sock \ NGINX_LISTEN=80 \ + NGINX_HTTPS=false \ + NGINX_LISTEN_HTTPS=443 \ + NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \ + NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \ NGINX_ROOT=/app/public \ NGINX_INDEX=index.php \ NGINX_CLIENT_MAX_BODY_SIZE=25M \ @@ -36,6 +54,7 @@ RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/s COPY supervisor.conf /kool/supervisor.conf COPY default.tmpl /kool/default.tmpl COPY entrypoint /kool/entrypoint +COPY --from=cert /kool/ssl /kool/ssl RUN chmod +x /kool/entrypoint EXPOSE 80 diff --git a/8.1-nginx-prod/default.tmpl b/8.1-nginx-prod/default.tmpl index d8b234a..e4d9421 100755 --- a/8.1-nginx-prod/default.tmpl +++ b/8.1-nginx-prod/default.tmpl @@ -1,6 +1,13 @@ server { listen {{ .Env.NGINX_LISTEN }} default_server; server_name _; +{{ if isTrue .Env.NGINX_HTTPS }} + listen {{ .Env.NGINX_LISTEN_HTTPS }} ssl http2; + ssl_certificate {{ .Env.NGINX_HTTPS_CERT }}; + ssl_certificate_key {{ .Env.NGINX_HTTPS_CERT_KEY }}; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!aNULL:!MD5; +{{ end }} root {{ .Env.NGINX_ROOT }}; index {{ .Env.NGINX_INDEX }}; charset utf-8; diff --git a/8.1-nginx/Dockerfile b/8.1-nginx/Dockerfile index 8c62975..ad19828 100755 --- a/8.1-nginx/Dockerfile +++ b/8.1-nginx/Dockerfile @@ -1,7 +1,25 @@ +FROM debian AS cert + +WORKDIR /kool/ssl + +RUN apt-get update && \ + apt-get install -y openssl && \ + openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ + openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \ + rm server.pass.key && \ + openssl req -new -key _.localhost.key -out server.csr \ + -subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \ + openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \ + openssl x509 -in _.localhost.crt -out _.localhost.pem + FROM kooldev/php:8.1 ENV PHP_FPM_LISTEN=/run/php-fpm.sock \ NGINX_LISTEN=80 \ + NGINX_HTTPS=false \ + NGINX_LISTEN_HTTPS=443 \ + NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \ + NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \ NGINX_ROOT=/app/public \ NGINX_INDEX=index.php \ NGINX_CLIENT_MAX_BODY_SIZE=25M \ @@ -36,6 +54,7 @@ RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/s COPY supervisor.conf /kool/supervisor.conf COPY default.tmpl /kool/default.tmpl COPY entrypoint /kool/entrypoint +COPY --from=cert /kool/ssl /kool/ssl RUN chmod +x /kool/entrypoint EXPOSE 80 diff --git a/8.1-nginx/default.tmpl b/8.1-nginx/default.tmpl index d8b234a..e4d9421 100755 --- a/8.1-nginx/default.tmpl +++ b/8.1-nginx/default.tmpl @@ -1,6 +1,13 @@ server { listen {{ .Env.NGINX_LISTEN }} default_server; server_name _; +{{ if isTrue .Env.NGINX_HTTPS }} + listen {{ .Env.NGINX_LISTEN_HTTPS }} ssl http2; + ssl_certificate {{ .Env.NGINX_HTTPS_CERT }}; + ssl_certificate_key {{ .Env.NGINX_HTTPS_CERT_KEY }}; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!aNULL:!MD5; +{{ end }} root {{ .Env.NGINX_ROOT }}; index {{ .Env.NGINX_INDEX }}; charset utf-8; diff --git a/8.2-nginx-prod/Dockerfile b/8.2-nginx-prod/Dockerfile index df94fb6..41cd1c4 100755 --- a/8.2-nginx-prod/Dockerfile +++ b/8.2-nginx-prod/Dockerfile @@ -1,7 +1,25 @@ +FROM debian AS cert + +WORKDIR /kool/ssl + +RUN apt-get update && \ + apt-get install -y openssl && \ + openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ + openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \ + rm server.pass.key && \ + openssl req -new -key _.localhost.key -out server.csr \ + -subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \ + openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \ + openssl x509 -in _.localhost.crt -out _.localhost.pem + FROM kooldev/php:8.2-prod ENV PHP_FPM_LISTEN=/run/php-fpm.sock \ NGINX_LISTEN=80 \ + NGINX_HTTPS=false \ + NGINX_LISTEN_HTTPS=443 \ + NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \ + NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \ NGINX_ROOT=/app/public \ NGINX_INDEX=index.php \ NGINX_CLIENT_MAX_BODY_SIZE=25M \ @@ -36,6 +54,7 @@ RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/s COPY supervisor.conf /kool/supervisor.conf COPY default.tmpl /kool/default.tmpl COPY entrypoint /kool/entrypoint +COPY --from=cert /kool/ssl /kool/ssl RUN chmod +x /kool/entrypoint EXPOSE 80 diff --git a/8.2-nginx-prod/default.tmpl b/8.2-nginx-prod/default.tmpl index d8b234a..e4d9421 100755 --- a/8.2-nginx-prod/default.tmpl +++ b/8.2-nginx-prod/default.tmpl @@ -1,6 +1,13 @@ server { listen {{ .Env.NGINX_LISTEN }} default_server; server_name _; +{{ if isTrue .Env.NGINX_HTTPS }} + listen {{ .Env.NGINX_LISTEN_HTTPS }} ssl http2; + ssl_certificate {{ .Env.NGINX_HTTPS_CERT }}; + ssl_certificate_key {{ .Env.NGINX_HTTPS_CERT_KEY }}; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!aNULL:!MD5; +{{ end }} root {{ .Env.NGINX_ROOT }}; index {{ .Env.NGINX_INDEX }}; charset utf-8; diff --git a/8.2-nginx/Dockerfile b/8.2-nginx/Dockerfile index 5c0fc46..2d523a2 100755 --- a/8.2-nginx/Dockerfile +++ b/8.2-nginx/Dockerfile @@ -1,7 +1,25 @@ +FROM debian AS cert + +WORKDIR /kool/ssl + +RUN apt-get update && \ + apt-get install -y openssl && \ + openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ + openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \ + rm server.pass.key && \ + openssl req -new -key _.localhost.key -out server.csr \ + -subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \ + openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \ + openssl x509 -in _.localhost.crt -out _.localhost.pem + FROM kooldev/php:8.2 ENV PHP_FPM_LISTEN=/run/php-fpm.sock \ NGINX_LISTEN=80 \ + NGINX_HTTPS=false \ + NGINX_LISTEN_HTTPS=443 \ + NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \ + NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \ NGINX_ROOT=/app/public \ NGINX_INDEX=index.php \ NGINX_CLIENT_MAX_BODY_SIZE=25M \ @@ -36,6 +54,7 @@ RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/s COPY supervisor.conf /kool/supervisor.conf COPY default.tmpl /kool/default.tmpl COPY entrypoint /kool/entrypoint +COPY --from=cert /kool/ssl /kool/ssl RUN chmod +x /kool/entrypoint EXPOSE 80 diff --git a/8.2-nginx/default.tmpl b/8.2-nginx/default.tmpl index d8b234a..e4d9421 100755 --- a/8.2-nginx/default.tmpl +++ b/8.2-nginx/default.tmpl @@ -1,6 +1,13 @@ server { listen {{ .Env.NGINX_LISTEN }} default_server; server_name _; +{{ if isTrue .Env.NGINX_HTTPS }} + listen {{ .Env.NGINX_LISTEN_HTTPS }} ssl http2; + ssl_certificate {{ .Env.NGINX_HTTPS_CERT }}; + ssl_certificate_key {{ .Env.NGINX_HTTPS_CERT_KEY }}; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!aNULL:!MD5; +{{ end }} root {{ .Env.NGINX_ROOT }}; index {{ .Env.NGINX_INDEX }}; charset utf-8; diff --git a/README.md b/README.md index cc36761..1199264 100644 --- a/README.md +++ b/README.md @@ -83,6 +83,10 @@ Variable | Default Value | Description **NGINX_FASTCGI_BUFFERS** | `8 8k` | Changes the number and size of the buffers used for reading a response **NGINX_FASTCGI_BUFFER_SIZE** | `16k` | Changes the size of the buffer used for reading the first part of the response received **NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE** | `true` | Enables auto-tuning of worker processes based on available CPU cores (container instead of host), to disable set it to empty string +**NGINX_HTTPS** | `false` | Enables the HTTPS server +**NGINX_LISTEN_HTTPS** | `443` | Port for the HTTPS server to listen +**NGINX_HTTPS_CERT** | `/kool/ssl/_.localhost.pem` | The path in the container for the SSL certificate file +**NGINX_HTTPS_CERT_KEY** | `/kool/ssl/_.localhost.key` | The path in the container for the SSL certificate key file ## Usage diff --git a/template/Dockerfile-nginx.blade.php b/template/Dockerfile-nginx.blade.php index 0e3c56f..0d8e6df 100644 --- a/template/Dockerfile-nginx.blade.php +++ b/template/Dockerfile-nginx.blade.php @@ -1,7 +1,25 @@ +FROM debian AS cert + +WORKDIR /kool/ssl + +RUN apt-get update && \ + apt-get install -y openssl && \ + openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ + openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \ + rm server.pass.key && \ + openssl req -new -key _.localhost.key -out server.csr \ + -subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \ + openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \ + openssl x509 -in _.localhost.crt -out _.localhost.pem + FROM {{ $from }} ENV PHP_FPM_LISTEN=/run/php-fpm.sock \ NGINX_LISTEN=80 \ + NGINX_HTTPS=false \ + NGINX_LISTEN_HTTPS=443 \ + NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \ + NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \ NGINX_ROOT=/app/public \ NGINX_INDEX=index.php \ NGINX_CLIENT_MAX_BODY_SIZE=25M \ @@ -41,6 +59,7 @@ COPY supervisor.conf /kool/supervisor.conf COPY default.tmpl /kool/default.tmpl COPY entrypoint /kool/entrypoint +COPY --from=cert /kool/ssl /kool/ssl RUN chmod +x /kool/entrypoint EXPOSE 80 diff --git a/template/default-tmpl.blade.php b/template/default-tmpl.blade.php index d6c479e..cc5bf4a 100644 --- a/template/default-tmpl.blade.php +++ b/template/default-tmpl.blade.php @@ -1,6 +1,13 @@ server { listen @{{ .Env.NGINX_LISTEN }} default_server; server_name _; +@{{ if isTrue .Env.NGINX_HTTPS }} + listen @{{ .Env.NGINX_LISTEN_HTTPS }} ssl http2; + ssl_certificate @{{ .Env.NGINX_HTTPS_CERT }}; + ssl_certificate_key @{{ .Env.NGINX_HTTPS_CERT_KEY }}; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!aNULL:!MD5; +@{{ end }} root @{{ .Env.NGINX_ROOT }}; index @{{ .Env.NGINX_INDEX }}; charset utf-8;