-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
33 lines (28 loc) · 1.23 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
FROM nginx:1.27.1-bookworm
RUN set -eux \
&& export OPENSSL_CONF=/etc/ssl/openssl.cnf \
&& apt-get update \
&& apt-get install openssl curl libengine-gost-openssl -y \
# enable GOST engine
&& sed -i '/\[openssl_init\]/ a engines = engine_section' "${OPENSSL_CONF}" \
&& echo "engines = engine_section" >> "${OPENSSL_CONF}" \
&& echo "" >> "${OPENSSL_CONF}" \
&& echo "# Engine section" >> "${OPENSSL_CONF}" \
&& echo "[engine_section]" >> "${OPENSSL_CONF}" \
&& echo "gost = gost_section" >> "${OPENSSL_CONF}" \
&& echo "" >> "${OPENSSL_CONF}" \
&& echo "# Engine gost section" >> "${OPENSSL_CONF}" \
&& echo "[gost_section]" >> "${OPENSSL_CONF}" \
&& echo "engine_id = gost" >> "${OPENSSL_CONF}" \
&& echo "dynamic_path = /usr/lib/$(uname -m)-linux-gnu/engines-3/gost.so" >> "${OPENSSL_CONF}" \
&& echo "default_algorithms = ALL" >> "${OPENSSL_CONF}" \
&& echo "CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet" >> "${OPENSSL_CONF}" \
# clean up
&& unset OPENSSL_CONF \
&& apt-get purge -y --auto-remove \
&& rm -rf /var/lib/apt/lists/*
RUN ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log
EXPOSE 80 443
STOPSIGNAL SIGTERM
CMD ["nginx", "-g", "daemon off;"]