Comments (4)
Hmm, I have not come across that file before and running find / -name *-ssl-*
inside a clean container yields no results.
However, you can find multiple versions of if in their repository: https://github.com/certbot/certbot/tree/master/certbot-nginx/certbot_nginx/_internal/tls_configs
I would probably add this manually, and then make sure you load this before any of your other configuration files
from docker-nginx-certbot.
Hi Jonas, thanks for the quick feedback. When searching for options-ssl-nginx.conf
I find a lot of sites / tutorials mentioning that file. However I'm also not sure where the file is coming from or why it's not created. Maybe it's a command line option to certbot
? It would be nice if your image creates / provides this file.
Quoting StackOverflow:
So this file normally gets created during the certificate installation (or issuing and installation)
from docker-nginx-certbot.
I do not see this file at all after installing certbot via pip, so perhaps it is not included there and no obvious indications to additional installation parameters.
The file is also not created after issuing a certificate, but that would not have been a good solution since we would need this file at Nginx startup either way.
People have asked about including additional configuration files before, but I would like to keep this image as close to the parent Nginx image as possible (with the exception of automatic certificate generation). So I do not think it is up to us to provide it to all users, but instead let everyone include whatever they like by themselves.
If it were me that wanted to add this configuration I would want it prominently displayed in my conf.d/ folder so I know exactly what configuration is currently running on my setup. So I would actually like to suggest you do the same, and name it in such a way that it loads before any of your sever declarations.
Furthermore, that config could perhaps be made even more strict:
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384';
ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
from docker-nginx-certbot.
I understand your points. I was hoping that certbot
regularly updates this file with recommended settings but then again this might be not a good idea since the behaviour of nginx might suddenly change or even stop working. So yes, let's keep it as it is. I will close this issue.
from docker-nginx-certbot.
Related Issues (20)
- Failed to establish a new connection: [Errno -3] Temporary failure in name resolution HOT 5
- Certificate Authority failed to download the temporary challenge files created by Certbot. HOT 4
- Running with Dockerfile HOT 6
- Feature request: Fail2ban HOT 1
- Test nginx config on SIGHUP HOT 4
- [Third-party] Cloudflare proxy DNS, SSL encryption mode must be set to "Full" (or Full strict) HOT 3
- config file not being discovered HOT 4
- Update Dockerhub Image HOT 4
- Improve Azure File Share support HOT 2
- Conflicting servername xxx on 0.0.0.0:443 HOT 2
- Speed up DH generation HOT 4
- Standard nginx "docker-entrypoint.sh" not being used HOT 7
- Renewal failed on challenge webroot HOT 5
- Add support for Bunny.net authenticator plugin for DNS-01 HOT 7
- How is log rotation handled? HOT 2
- Publish v5.0.1 to address CVE-2024-24989 and CVE-2024-24990 HOT 2
- Reload nginx config without forced certificat renewal? HOT 7
- no alternative certificate subject name matches target host name HOT 2
- High CVE present on latest (jonasal/nginx-certbot:5.0.1-nginx1.25.4) HOT 1
- adding additional info in the http directive HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-nginx-certbot.