• Stars
    star
    132
  • Rank 274,205 (Top 6 %)
  • Language
    Shell
  • License
    MIT License
  • Created about 10 years ago
  • Updated about 5 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

⚠️ DEPRECATED ::: A Docker Nginx Container based on _/nginx which is extremly secure and gets you a Qualys A+ SSL rating

Docker very secured Nginx with secure SSL

maintained by MarvAmBass

FAQ - All you need to know about the marvambass Containers

What is it

This Dockerfile (available as marvambass/nginx-ssl-secure) gives you a ready to use secured production nginx server, with perfectly configured SSL. You should get a A+ Rating at the Qualys SSL Test.

View in Docker Registry marvambass/nginx-ssl-secure

View in GitHub MarvAmBass/docker-nginx-ssl-secure

Environment variables and defaults

  • DH_SIZE
  • default: 2048 (which takes a long time to create), for demo or unsecure applications you can use smaller values like 512

Running marvambass/nginx-ssl-secure Container

This Dockerfile is not really made for direct usage. It should be used as base-image for your nginx project. But you can run it anyways.

You should overwrite the /etc/nginx/external/ with a folder, containing your nginx *.conf files, certs and a dh.pem.
If you forget the dh.pem file, it will be created at the first start - but this can/will take a long time!

docker run -d \
-p 80:80 -p 443:443 \
-e 'DH_SIZE=512' \
-v $EXT_DIR:/etc/nginx/external/ \
marvambass/nginx-ssl-secure

Based on

This Dockerfile bases on the /_/nginx/ Official Image.

Cheat Sheet

Creating the dh4096.pem with openssl

To create a Diffie-Hellman cert, you can use the following command

openssl dhparam -out dh4096.pem 4096

Creating a high secure SSL CSR with openssl

This cert might be incompatible with Windows 2000, XP and older IE Versions

openssl req -nodes -new -newkey rsa:4096 -out csr.pem -sha256

Creating a self-signed ssl cert

Please note, that the Common Name (CN) is important and should be the FQDN to the secured server:

openssl req -x509 -newkey rsa:4086 \
-keyout key.pem -out cert.pem \
-days 3650 -nodes -sha256

More Repositories

1

docker-nginx-registry-proxy

⚠️ DEPRECATED ::: A Docker Nginx Reverse Proxy to secure your private Docker Registry using SSL and HTTP BASIC AUTH
61
star
2

docker-versatile-postfix

A Docker Postfix, designed to be as versatile as possible. Just a SMTP Server with SMTP Auth and possibility to receive emails
Shell
60
star
3

docker-piwik

⚠️ DEPRECATED ::: A Docker Piwik Container
Shell
29
star
4

docker-subversion

Subversion Container (ghcr.io/marvambass/subversion) based on secured Apache SSL PHP on debian:bullseye [x86 + arm]
Shell
21
star
5

docker-apache2-ssl-secure

MOVED TO: https://github.com/ServerContainers/apache2-ssl-secure
Shell
19
star
6

docker-phpmyadmin

MOVED TO: https://github.com/ServerContainers/phpmyadmin
Dockerfile
11
star
7

docker-firetv-server

A firetv-server container - perfect to connect Homeassistant to the FireTV as remote control
8
star
8

docker-mysql

⚠️ DEPRECATED ::: A MySQL Server Container - it also includes a repetitive mysqldump backup mechanism
Shell
4
star
9

docker-roundcube

⚠️ DEPRECATED ::: A Docker Roundcube Container
Shell
4
star
10

docker-nginx-ssl-php

⚠️ DEPRECATED ::: A nginx Docker Contanier with integrated php5-fpm
2
star
11

docker-owncloud

⚠️ DEPRECATED ::: A Docker OwnCloud Container
Shell
2
star
12

docker-netatalk-core

⚠️ DEPRECATED ::: stable Netatalk freshly complied from official stable releases on ubuntu 16.04
2
star
13

docker-jenkins-docker

⚠️ DEPRECATED ::: A privileged Docker Container to run Jenkins and Docker inside a Docker Container
Shell
2
star
14

fritzi

python library to control FritzBox Settings (pure, single file)
Python
1
star
15

docker-ghost

⚠️ DEPRECATED ::: a versatile Ghost Blog (a Open Source NodeJS Blogging Software)
Shell
1
star
16

docker-dvdbackup

Docker Container, with dvdbackup (a DVD backup application)
Shell
1
star
17

docker-devstation

⚠️ DEPRECATED ::: Alpine based CLI - perfect for a dev/ops environment for Mac OS (bash, tmux, vim, git, ssh, openssl)
1
star
18

docker-logstash

⚠️ DEPRECATED ::: A Docker ELK - Logstash Container
Shell
1
star
19

docker-webkitgtk

builds latest webkitgtk version which can then be installed on amd64 debian stretch system
Shell
1
star
20

docker-mkp224o

ghcr.io/marvambass/mkp224o - onion addresses generator container (alpine) [x86 + arm]
Dockerfile
1
star
21

docker-mediawiki

⚠️ DEPRECATED ::: MediaWiki Software in a Docker Container (Ubuntu 14.04 - MySQL, PSQL and SQLite Drivers)
Shell
1
star
22

docker-dvd2flac

Docker Container, to extract the audio of a DVD as flac
Shell
1
star