-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile.nginx
52 lines (47 loc) · 1.8 KB
/
Dockerfile.nginx
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
FROM nginx:latest
# ---------------------------------------
# Install certbot for SSL/TLS encryption.
# Source:
# https://certbot.eff.org/instructions
# ---------------------------------------
RUN apt update -y \
&& apt install -y \
python3 \
python3-venv \
libaugeas0 \
&& python3 -m venv /opt/certbot/ \
&& /opt/certbot/bin/pip install --upgrade pip \
&& /opt/certbot/bin/pip install certbot \
&& ln -s /opt/certbot/bin/certbot /usr/bin/certbot \
&& mkdir -p /var/www/letsencrypt/
# SSL/TLS protocol dhparam.
# Source:
# https://ssl-config.mozilla.org/#server=nginx&version=1.10.3&config=intermediate&openssl=1.1.1&guideline=5.7
RUN apt install -y curl \
&& curl https://ssl-config.mozilla.org/ffdhe2048.txt > /etc/ssl/ffdhe4096.pem
# Unlike RUN, which runs commands at the build time,
# CMD is what the image runs when we use "docker run ..."
# The difference between CMD and ENTRYPOINT is that
# extra arguments at "docker run <HERE>" override CMD,
# while ENTRYPOINT is still preserved.
#
# CMD [ "sh", "-c", "echo Hello World" ]
# "The best use for ENTRYPOINT is to set the image’s main command,
# allowing that image to be run as though it was that command
# (and then use CMD as the default flags)."
# Example:
# ENTRYPOINT ["s3cmd"]
# CMD ["--help"]
# Source:
# https://docs.docker.com/develop/develop-images/dockerfile_best-practices/
ENTRYPOINT ["nginx"]
CMD ["-g","daemon off;"]
# Difference between exec form and shell form:
# Exec form: ENTRYPOINT ["executable", "param1", "param2"]
# Shell form: ENTRYPOINT command param1 param2
# Exec form is preferred because shell form "will not receive Unix signals -
# so your executable will not receive a SIGTERM from docker stop <container>."
# Source:
# https://docs.docker.com/engine/reference/builder
#
# ENTRYPOINT ["sh", "-c", "echo Hello World"]