1
0
Fork 0
mirror of https://github.com/nginx-proxy/nginx-proxy synced 2024-05-14 19:46:05 +02:00
Commit Graph

29 Commits

Author SHA1 Message Date
Nicolas Duchon ab7ac0aadb
fix: backward compatibility w/ DHPARAM_GENERATION
Also use true rather than 1 to stay consistent
with other boolean environment variables
2021-10-20 19:15:27 +02:00
polarathene 1d2f308cdf feat: Bring back ability to skip default DH params
Adds back the ability to avoid using DH params, provided no file was explicitly supplied.

This used to be `DHPARAM_GENERATION=false`, the equivalent is now `DHPARAM_SKIP=1` (default 0). Previous name was no longer appropriate.

Ensures that if a user has explicitly provided their own dhparam file to still output a warning instead of the skip message, since `DHPARAM_SKIP=1` doesn't disable the support in nginx.
2021-09-28 21:59:53 +13:00
polarathene 004e4a5cda chore: Refactor `_setup_dh()`
- `DHPARAM_FILE` is a local var not intended for overriding via ENV. Clarified that with `local` declaration.

- `FFDHE_GROUP` var uses default assignment (_`:=4096` instead of only substitute `:-4096`_), so that `DHPARAM_BITS` retains the default 4096 value in subsequent references if no custom size was provided.

- Refactored the conditional statements to only handle early failure conditions. Shifting out the RFC7919 support that can run after all checks have passed.

- Revised comments.
2021-09-28 21:50:11 +13:00
polarathene a7a2d6e44b chore: Use direct URL instead of URL shortener
Implicit URL is unnecessary (_and presently relies on Github redirecting from it's original mapped URL_).

Use an explicit URL instead to reduce the guesswork/trust of where the shortener was going to redirect to.
2021-09-28 21:50:11 +13:00
polarathene 6f7eb8bd97 chore: 6/6 - Update shell syntax
- `==` for string equality since we're using bash `[[ test ]]` already.
- Uppercase `socket_file` variable to be consistent with other internal variables used in the script.
- Convert `[ test ]` to `[[ test ]]` for consistency, improving maintenance. Double-bracket (_not posix compatible_) does not require quoted variables, ShellCheck lint knows this is safe too :)
- `-z` test for `$RESOLVERS` is native syntax to check for empty string value.
- Referenced variables should generally be wrapped like so `"${VAR}"`.
- Variable assignments with string values should be double quotes for content with variables, otherwise use single quotes (_no interpolation_).
- Converted my if statements to use the same style used in the rest of the file.
2021-09-28 21:50:11 +13:00
polarathene 0f330b85b1 chore: 5/6 - Shift dhparam method to the bottom
Minor change on error message.
2021-09-28 21:50:11 +13:00
polarathene ed009c0ec8 chore: 4/6 - Extract grouped logic to their own methods 2021-09-28 21:50:11 +13:00
polarathene 091dd855af chore: 3/6 - Indent function content
This is a white-space only change to ease review diff noise.
2021-09-28 21:50:11 +13:00
polarathene 2e6d7561a3 chore: 2/6 - Handle CMD check early, wrap init logic into a function 2021-09-28 21:50:11 +13:00
polarathene 8aacd13241 chore: 1/6 - Inline failure at it's cause
This change has been split into 6 iterative parts/commits to ease the review process.
2021-09-28 21:50:11 +13:00
polarathene ac066a73e4 feat: Replace generated DH params with RFC 7919 standardized DHE groups
- While the anonymous VOLUME can be dropped from Dockerfile, the path needs to be valid at run-time, might as well ensure it's available by creating the dhparam folder at build.

- Generation logic no longer necessary, dropped. 

- Standardized RFC 7919 groups added (2048, 3072, 4096), with 4096-bit remaining the default size. The DH logic can live in the entrypoint script as well. 

- Third-party supplied pre-generated DH params removed as they're not considered trustworthy compared to RFC 7919 groups.
2021-09-28 21:30:02 +13:00
Nicolas Duchon 65a88a0291
Merge branch 'main' into remove_scoped 2021-04-29 22:36:01 +02:00
Nicolas Duchon ab81ff8df2
style: linting with shellcheck 2021-04-29 03:18:40 +02:00
Nicolas Duchon c327496495
refactor: do not pass unused positional arguments 2021-04-29 03:18:04 +02:00
Nicolas Duchon fcfe17a0a4
Merge pull request #1538 from S0obi/patch-1
Update docker-entrypoint.sh comment on DHPARAM default key size
2021-04-02 01:49:36 +02:00
Nicolas Duchon ad7c02570b
chore: use nginxproxy's DockerHub registry
Transitioning away from jwilder/nginx-proxy
Please see #1304 for more details
2021-04-01 16:06:09 +02:00
Joe Polny 2bde43c6e9 remove scoped ipv6 resolvers 2021-02-05 19:56:56 +00:00
Thibault Soubiran aba100ff7b
Update docker-entrypoint.sh
Default key size is not 2048 anymore but 4096, reference : https://github.com/nginx-proxy/nginx-proxy/blob/master/generate-dhparam.sh#L4
2020-12-02 13:18:32 +01:00
Jason Wilder 8c590fc68f
Merge pull request #913 from panteparak/DH-Param-Generator-Option
Add DH param generator option
2019-03-05 12:46:49 -07:00
Steve Kamerman 5d503b48cb
Added support for IPv6 DNS servers in resolver generation (issue #938) 2017-10-19 20:58:34 -04:00
Pan Teparak 31d2ed172b Change ENV variable from GENERATE_DHPARAM to DHPARAM_GENERATION 2017-09-24 15:13:24 +07:00
Pan Teparak 4b22ccdc81 Add ability to opt-out dh param auto generation 2017-08-27 04:40:35 +07:00
Teoh Han Hui 065dd7f1ea
Fix build 2017-07-31 17:46:58 +08:00
Steve Kamerman 0cc71fad49
Add dynamically-computed DNS resolvers to nginx (for PR #574) 2017-07-31 17:44:27 +08:00
Steve Kamerman 7d253dd0f3 Allow passing DHPARAM_BITS via env, lower bits to 256 for unit tests 2017-01-12 14:55:25 -05:00
Steve Kamerman dfdd67f5a4 Implemented background dhparam generation 2017-01-11 22:43:09 -05:00
Mike Dillon f95ff82ad0 Adjust entrypoint to always warn on missing socket
Also chmod the entrypoint
2015-09-12 07:23:36 -07:00
Thomas LEVEIL 1aac996019 conform to Docker official images best practices
https://github.com/docker-library/official-images/blob/master/README.md#consistency
2015-09-12 10:37:21 +00:00
Thomas LEVEIL d83ba3da1e refuse to start if the docker sock isn't available 2015-09-11 23:42:44 +00:00