From c209e9b0d657b4401aa29883884b468bebc011f9 Mon Sep 17 00:00:00 2001 From: lotyp Date: Sun, 15 Sep 2024 14:49:46 +0300 Subject: [PATCH] feat: download dhparam from mozilla instead of storing it in project --- README.md | 22 +++++++++++----------- src/Dockerfiles/all/Dockerfile.j2 | 2 ++ src/certs/dhparam.pem | 8 -------- src/group_vars/all.yml | 27 +++++++++++++-------------- src/roles/all/main.yml | 6 ++++++ 5 files changed, 32 insertions(+), 33 deletions(-) delete mode 100644 src/certs/dhparam.pem diff --git a/README.md b/README.md index d972f41..b45e0bf 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@

-
+

Build Status Latest Version Docker Pulls Software License Commits since latest release -

+


@@ -83,18 +83,18 @@ services: container_name: ${COMPOSE_PROJECT_NAME}-app restart: on-failure networks: - - default - - shared + - default + - shared depends_on: - - database + - database links: - - database + - database volumes: - - ./.github/assets:/assets:rw,cached - - ./app:/app:rw,cached - - ./.env:/app/.env - - ~/.composer:/.composer - - ~/.ssh:/home/www-data/.ssh + - ./.github/assets:/assets:rw,cached + - ./app:/app:rw,cached + - ./.env:/app/.env + - ~/.composer:/.composer + - ~/.ssh:/home/www-data/.ssh environment: FAKETIME: '+2h' XDEBUG_MODE: '${XDEBUG_MODE:-off}' diff --git a/src/Dockerfiles/all/Dockerfile.j2 b/src/Dockerfiles/all/Dockerfile.j2 index f5c4386..462824d 100644 --- a/src/Dockerfiles/all/Dockerfile.j2 +++ b/src/Dockerfiles/all/Dockerfile.j2 @@ -36,7 +36,9 @@ COPY ./configs/00_upstream.conf /etc/nginx/conf.d/00_upstream.conf COPY ./configs/default.conf /etc/nginx/conf.d/default.conf COPY ./configs/nginx.conf /etc/nginx/ +# Copy SSL configuration files COPY ./certs/ /etc/nginx/ssl/ +COPY ./certs/dhparam.pem /etc/nginx/ssl/dhparam.pem RUN set -eux \ && chown 82:82 /docker-entrypoint.d/00-set-upstream.sh \ diff --git a/src/certs/dhparam.pem b/src/certs/dhparam.pem deleted file mode 100644 index 9b182b7..0000000 --- a/src/certs/dhparam.pem +++ /dev/null @@ -1,8 +0,0 @@ ------BEGIN DH PARAMETERS----- -MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz -+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a -87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 -YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi -7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD -ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg== ------END DH PARAMETERS----- diff --git a/src/group_vars/all.yml b/src/group_vars/all.yml index 2705afb..297c3ac 100644 --- a/src/group_vars/all.yml +++ b/src/group_vars/all.yml @@ -8,54 +8,53 @@ edit_comment: "# Auto-generated via Ansible: edit src/Dockerfiles/all/Dockerfile # Variables ######################################################################################################################## nginx_version: "mainline-alpine" +tpl_base: "../dist/{{ level }}-{{ os_name }}" # Dist directories ######################################################################################################################## tpl_directories: - - path: "../dist/{{ level }}-{{ os_name }}/configs" - - path: "../dist/{{ level }}-{{ os_name }}/certs" + - path: "{{ tpl_base }}/configs" + - path: "{{ tpl_base }}/certs" # Dockerfile paths ######################################################################################################################## tpl_dockerfiles: - src: Dockerfiles/all/Dockerfile.j2 - dst: "../dist/{{ level }}-{{ os_name }}/Dockerfile" + dst: "{{ tpl_base }}/Dockerfile" # Additional configuration files ######################################################################################################################## tpl_configs: - src: config/00-set-upstream.sh.j2 - dst: "../dist/{{ level }}-{{ os_name }}/configs/00-set-upstream.sh" + dst: "{{ tpl_base }}/configs/00-set-upstream.sh" - src: config/00_upstream.conf.j2 - dst: "../dist/{{ level }}-{{ os_name }}/configs/00_upstream.conf" + dst: "{{ tpl_base }}/configs/00_upstream.conf" - src: config/default.conf.j2 - dst: "../dist/{{ level }}-{{ os_name }}/configs/default.conf" + dst: "{{ tpl_base }}/configs/default.conf" - src: config/nginx.conf.j2 - dst: "../dist/{{ level }}-{{ os_name }}/configs/nginx.conf" + dst: "{{ tpl_base }}/configs/nginx.conf" # Dgoss tests ######################################################################################################################## tpl_docker_tests: - src: Dockerfiles/all/goss.yaml.j2 - dst: "../dist/{{ level }}-{{ os_name }}/goss.yaml" + dst: "{{ tpl_base }}/goss.yaml" - src: Dockerfiles/all/goss_wait.yaml - dst: "../dist/{{ level }}-{{ os_name }}/goss_wait.yaml" + dst: "{{ tpl_base }}/goss_wait.yaml" # SSL certs ######################################################################################################################## tpl_certs: - src: certs/cert.pem - dst: "../dist/{{ level }}-{{ os_name }}/certs/" + dst: "{{ tpl_base }}/certs/" - src: certs/key.pem - dst: "../dist/{{ level }}-{{ os_name }}/certs/" - - src: certs/dhparam.pem - dst: "../dist/{{ level }}-{{ os_name }}/certs/" + dst: "{{ tpl_base }}/certs/" - src: certs/rootCA.pem - dst: "../dist/{{ level }}-{{ os_name }}/certs/" + dst: "{{ tpl_base }}/certs/" ... diff --git a/src/roles/all/main.yml b/src/roles/all/main.yml index b6000c1..5c49478 100644 --- a/src/roles/all/main.yml +++ b/src/roles/all/main.yml @@ -48,6 +48,12 @@ with_items: - "{{ tpl_docker_tests }}" +- name: Download dhparam.pem from Mozilla + ansible.builtin.get_url: + url: https://ssl-config.mozilla.org/ffdhe2048.txt + dest: "{{ tpl_base }}/certs/dhparam.pem" + mode: "0644" + - name: Copy SSL certs ansible.builtin.template: src: "{{ item.src }}"