deployement: fix nginx configuration

* Adapts the nginx configuration for the last nginx docker version. Co-Authored-by: Johnny Mariéthoz <Johnny.Mariethoz@rero.ch>
rero · Oct 8, 2023 · 8be4064 · 8be4064
1 parent a368712
commit 8be4064
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 13 deletions.
diff --git a/docker/nginx/Dockerfile b/docker/nginx/Dockerfile
@@ -17,15 +17,6 @@
 
 FROM nginx
 
-RUN apt-get update && apt-get upgrade -y && apt-get install -y \
-        libxml2 \
-        libxml2-dev \
-        libxmlsec1 \
-        libxmlsec1-dev \
-        xpdf \
-        ghostscript \
-        imagemagick
-
 COPY nginx.conf /etc/nginx/nginx.conf
 COPY conf.d/* /etc/nginx/conf.d/
 COPY test.key /etc/ssl/private/test.key

diff --git a/docker/nginx/conf.d/default.conf b/docker/nginx/conf.d/default.conf
@@ -41,15 +41,14 @@ server {
 
 # HTTPS server
 server {
-  listen 443; # IPv4
-  listen [::]:443; # IPv6
+  listen 443 ssl http2; # IPv4
+  listen [::]:443 ssl http2; # IPv6
   server_name _;
   charset utf-8;
   keepalive_timeout 5;
 
   # SSL configuration according to best practices from
   # https://mozilla.github.io/server-side-tls/ssl-config-generator/
-  ssl on;
   # The provided certificate (test.crt) and private key (test.key) is only for
   # testing and must never be used in production environment.
   ssl_certificate /etc/ssl/certs/test.crt;
@@ -59,7 +58,7 @@ server {
   ssl_session_tickets off;
 
   # Accepted protocols and ciphers
-  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+  ssl_protocols TLSv1.2 TLSv1.3;
   ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
   ssl_prefer_server_ciphers on;