Docker very secured Nginx with secure SSL
maintained by MarvAmBass
FAQ - All you need to know about the marvambass Containers
What is it
This Dockerfile (available as marvambass/nginx-ssl-secure) gives you a ready to use secured production nginx server, with perfectly configured SSL. You should get a A+ Rating at the Qualys SSL Test.
View in Docker Registry marvambass/nginx-ssl-secure
View in GitHub MarvAmBass/docker-nginx-ssl-secure
Environment variables and defaults
- DH_SIZE
- default: 2048 (which takes a long time to create), for demo or unsecure applications you can use smaller values like 512
Running marvambass/nginx-ssl-secure Container
This Dockerfile is not really made for direct usage. It should be used as base-image for your nginx project. But you can run it anyways.
You should overwrite the /etc/nginx/external/ with a folder, containing your nginx *.conf files, certs and a dh.pem.
If you forget the dh.pem file, it will be created at the first start - but this can/will take a long time!
docker run -d \
-p 80:80 -p 443:443 \
-e 'DH_SIZE=512' \
-v $EXT_DIR:/etc/nginx/external/ \
marvambass/nginx-ssl-secure
Based on
This Dockerfile bases on the /_/nginx/ Official Image.
Cheat Sheet
Creating the dh4096.pem with openssl
To create a Diffie-Hellman cert, you can use the following command
openssl dhparam -out dh4096.pem 4096
Creating a high secure SSL CSR with openssl
This cert might be incompatible with Windows 2000, XP and older IE Versions
openssl req -nodes -new -newkey rsa:4096 -out csr.pem -sha256
Creating a self-signed ssl cert
Please note, that the Common Name (CN) is important and should be the FQDN to the secured server:
openssl req -x509 -newkey rsa:4086 \
-keyout key.pem -out cert.pem \
-days 3650 -nodes -sha256