This Dockerfile gives you a ready to use secured production Nginx server, with perfectly configured SSL. You should get a A+ Rating at the Qualys SSL Test.
- DH_SIZE
- default: 2048 (which takes a long time to create), for demo or unsecure applications you can use smaller values like 512
This Dockerfile is not really made for direct usage. It should be used as base-image for your nginx project. But you can run it anyways.
You should overwrite the /etc/nginx/external/ with a folder, containing your nginx *.conf files, certs and a dh.pem. If you forget the dh.pem file, it will be created at the first start - but this can/will take a long time!
docker run -d \
-p 80:80 -p 443:443 \
-e 'DH_SIZE=512' \
-v $EXT_DIR:/etc/nginx/external/ \
nginx-mod_security
This Dockerfile is based on the Alpine Official Image.
To create a Diffie-Hellman cert, you can use the following command
openssl dhparam -out dh4096.pem 4096
This cert might be incompatible with Windows 2000, XP and older IE Versions
openssl req -nodes -new -newkey rsa:4096 -out csr.pem -sha256
Please note, that the Common Name (CN) is important and should be the FQDN to the secured server:
openssl req -x509 -newkey rsa:4086 \
-keyout key.pem -out cert.pem \
-days 3650 -nodes -sha256
This image was inspired by the work done on https://github.com/nginxinc/docker-nginx and https://github.com/MarvAmBass/docker-nginx-ssl-secure