Merge pull request #38 from wayofdev/feat/dynamic-ssl-certs

Author: lotyp

README.md

@@ -9,13 +9,13 @@
     <br>
 </p>
 
-<div align="center">
+<p align="center">
 <a href="https://actions-badge.atrox.dev/wayofdev/docker-nginx/goto"><img alt="Build Status" src="https://img.shields.io/endpoint.svg?url=https%3A%2F%2Factions-badge.atrox.dev%2Fwayofdev%2Fdocker-nginx%2Fbadge&style=flat-square"/></a>
 <a href="https://github.com/wayofdev/docker-nginx/tags"><img src="https://img.shields.io/github/v/tag/wayofdev/docker-nginx?sort=semver&style=flat-square" alt="Latest Version"></a>
 <a href="https://hub.docker.com/repository/docker/wayofdev/nginx"><img alt="Docker Pulls" src="https://img.shields.io/docker/pulls/wayofdev/nginx?style=flat-square"></a>
 <a href="LICENSE.md"><img src="https://img.shields.io/github/license/wayofdev/docker-nginx.svg?style=flat-square&color=blue" alt="Software License"/></a>
 <a href="#"><img alt="Commits since latest release" src="https://img.shields.io/github/commits-since/wayofdev/docker-nginx/latest?style=flat-square"></a>
-</div>
+</p>
 
 <br>
 
@@ -83,18 +83,18 @@ services:
     container_name: ${COMPOSE_PROJECT_NAME}-app
     restart: on-failure
     networks:
-        - default
-        - shared
+      - default
+      - shared
     depends_on:
-        - database
+      - database
     links:
-        - database
+      - database
     volumes:
-        - ./.github/assets:/assets:rw,cached
-        - ./app:/app:rw,cached
-        - ./.env:/app/.env
-        - ~/.composer:/.composer
-        - ~/.ssh:/home/www-data/.ssh
+      - ./.github/assets:/assets:rw,cached
+      - ./app:/app:rw,cached
+      - ./.env:/app/.env
+      - ~/.composer:/.composer
+      - ~/.ssh:/home/www-data/.ssh
     environment:
       FAKETIME: '+2h'
       XDEBUG_MODE: '${XDEBUG_MODE:-off}'

src/Dockerfiles/all/Dockerfile.j2

@@ -36,7 +36,9 @@ COPY ./configs/00_upstream.conf /etc/nginx/conf.d/00_upstream.conf
 COPY ./configs/default.conf /etc/nginx/conf.d/default.conf
 COPY ./configs/nginx.conf /etc/nginx/
 
+# Copy SSL configuration files
 COPY ./certs/ /etc/nginx/ssl/
+COPY ./certs/dhparam.pem /etc/nginx/ssl/dhparam.pem
 
 RUN set -eux \
     && chown 82:82 /docker-entrypoint.d/00-set-upstream.sh \

src/certs/dhparam.pem

@@ -8,54 +8,53 @@ edit_comment: "# Auto-generated via Ansible: edit src/Dockerfiles/all/Dockerfile
 # Variables
 ########################################################################################################################
 nginx_version: "mainline-alpine"
+tpl_base: "../dist/{{ level }}-{{ os_name }}"
 
 
 # Dist directories
 ########################################################################################################################
 tpl_directories:
-  - path: "../dist/{{ level }}-{{ os_name }}/configs"
-  - path: "../dist/{{ level }}-{{ os_name }}/certs"
+  - path: "{{ tpl_base }}/configs"
+  - path: "{{ tpl_base }}/certs"
 
 
 # Dockerfile paths
 ########################################################################################################################
 tpl_dockerfiles:
   - src: Dockerfiles/all/Dockerfile.j2
-    dst: "../dist/{{ level }}-{{ os_name }}/Dockerfile"
+    dst: "{{ tpl_base }}/Dockerfile"
 
 
 # Additional configuration files
 ########################################################################################################################
 tpl_configs:
   - src: config/00-set-upstream.sh.j2
-    dst: "../dist/{{ level }}-{{ os_name }}/configs/00-set-upstream.sh"
+    dst: "{{ tpl_base }}/configs/00-set-upstream.sh"
   - src: config/00_upstream.conf.j2
-    dst: "../dist/{{ level }}-{{ os_name }}/configs/00_upstream.conf"
+    dst: "{{ tpl_base }}/configs/00_upstream.conf"
   - src: config/default.conf.j2
-    dst: "../dist/{{ level }}-{{ os_name }}/configs/default.conf"
+    dst: "{{ tpl_base }}/configs/default.conf"
   - src: config/nginx.conf.j2
-    dst: "../dist/{{ level }}-{{ os_name }}/configs/nginx.conf"
+    dst: "{{ tpl_base }}/configs/nginx.conf"
 
 
 # Dgoss tests
 ########################################################################################################################
 tpl_docker_tests:
   - src: Dockerfiles/all/goss.yaml.j2
-    dst: "../dist/{{ level }}-{{ os_name }}/goss.yaml"
+    dst: "{{ tpl_base }}/goss.yaml"
   - src: Dockerfiles/all/goss_wait.yaml
-    dst: "../dist/{{ level }}-{{ os_name }}/goss_wait.yaml"
+    dst: "{{ tpl_base }}/goss_wait.yaml"
 
 
 # SSL certs
 ########################################################################################################################
 tpl_certs:
   - src: certs/cert.pem
-    dst: "../dist/{{ level }}-{{ os_name }}/certs/"
+    dst: "{{ tpl_base }}/certs/"
   - src: certs/key.pem
-    dst: "../dist/{{ level }}-{{ os_name }}/certs/"
-  - src: certs/dhparam.pem
-    dst: "../dist/{{ level }}-{{ os_name }}/certs/"
+    dst: "{{ tpl_base }}/certs/"
   - src: certs/rootCA.pem
-    dst: "../dist/{{ level }}-{{ os_name }}/certs/"
+    dst: "{{ tpl_base }}/certs/"
 
 ...

src/group_vars/all.yml

@@ -48,6 +48,12 @@
   with_items:
     - "{{ tpl_docker_tests }}"
 
+- name: Download dhparam.pem from Mozilla
+  ansible.builtin.get_url:
+    url: https://ssl-config.mozilla.org/ffdhe2048.txt
+    dest: "{{ tpl_base }}/certs/dhparam.pem"
+    mode: "0644"
+
 - name: Copy SSL certs
   ansible.builtin.template:
     src: "{{ item.src }}"