Skip to content
Permalink
Browse files

0-RTT dockerfile script for nginx

  • Loading branch information...
drwetter committed Oct 2, 2019
1 parent fe43d9d commit bcc1298eb3c94a5ee5ce4d989540351c2a8db874
Showing with 55 additions and 0 deletions.
  1. +55 −0 utils/docker-nginx.tls13-earlydata.start.sh
@@ -0,0 +1,55 @@
#!/bin/bash

image="rsnow/nginx"
docker pull $image
ID=$(docker run -d -ti $image)

echo $ID

docker exec -ti $ID nginx -V
docker exec -ti $ID mkdir /etc/nginx/ssl
HN=$(docker exec -ti $ID hostname| tr -d '\n' | tr -d '\r')

cd /tmp
cat >$ID.conf << EOF
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
server_name _;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_early_data on;
#
ssl_certificate /etc/nginx/ssl/$HN.crt;
ssl_certificate_key /etc/nginx/ssl/$HN.key;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
EOF

docker cp $ID.conf $ID:/etc/nginx/conf.d/443.conf

C_ST_etc="C=DE/ST=Gotham/L=Nowhere/CN=${HN}"
openssl req -subj "/${C_ST_etc}/CN=${HN}" -newkey rsa:4096 -keyout "$HN.key" -nodes -sha256 -out "$HN.req"
openssl x509 -days 365 -in "$HN.req" -req -signkey "$HN.key" -out "$HN.crt"
docker cp $HN.key $ID:/etc/nginx/ssl
docker cp $HN.crt $ID:/etc/nginx/ssl

docker exec -ti $ID nginx -s reload
# docker start $ID

# P Q
docker inspect $ID | jq -r '.[].NetworkSettings.IPAddress'

exit 0

EOF

0 comments on commit bcc1298

Please sign in to comment.
You can’t perform that action at this time.