Skip to content

Commit

Permalink
chore: update variable names and values
Browse files Browse the repository at this point in the history
Update the names and values of the variables in line with the changes to
the documentation.
  • Loading branch information
theseion committed Jan 29, 2024
1 parent a728fb5 commit 05d1d64
Show file tree
Hide file tree
Showing 9 changed files with 26 additions and 26 deletions.
12 changes: 6 additions & 6 deletions apache/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -110,13 +110,13 @@ ENV APACHE_ALWAYS_TLS_REDIRECT=off \
PORT=80 \
PROXY_ERROR_OVERRIDE=on \
PROXY_PRESERVE_HOST=on \
PROXY_SSL=on \
PROXY_SSL=off \
PROXY_SSL_CA_CERT=/etc/ssl/certs/ca-certificates.crt \
PROXY_SSL_CERT=/usr/local/apache2/conf/proxy.crt \
PROXY_SSL_CERT_KEY=/usr/local/apache2/conf/proxy.key \
PROXY_SSL_CHECK_PEER_NAME=off \
PROXY_SSL_CIPHER_SUITE="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" \
PROXY_SSL_PROTOCOL="all -SSLv3 -TLSv1 -TLSv1.1" \
PROXY_SSL_CIPHERS="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" \
PROXY_SSL_PROTOCOLS="all -SSLv3 -TLSv1 -TLSv1.1" \
PROXY_SSL_VERIFY=none \
PROXY_TIMEOUT=60 \
REMOTEIP_INT_PROXY='10.1.0.0/16' \
Expand All @@ -127,13 +127,13 @@ ENV APACHE_ALWAYS_TLS_REDIRECT=off \
SERVER_TOKENS=Full \
SSL_CERT=/usr/local/apache2/conf/server.crt \
SSL_CERT_KEY=/usr/local/apache2/conf/server.key \
SSL_CIPHER_SUITE="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" \
SSL_CIPHERS="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" \
SSL_ENGINE=on \
SSL_HONOR_CIPHER_ORDER=off \
SSL_PORT=443 \
SSL_PROTOCOL="all -SSLv3 -TLSv1 -TLSv1.1" \
SSL_PROTOCOLS="all -SSLv3 -TLSv1 -TLSv1.1" \
SSL_SESSION_TICKETS=off \
SSL_USE_STAPLING=On \
SSL_OCSP_STAPLING=On \
TIMEOUT=60 \
WORKER_CONNECTIONS=400 \
# CRS specific variables
Expand Down
12 changes: 6 additions & 6 deletions apache/Dockerfile-alpine
Original file line number Diff line number Diff line change
Expand Up @@ -120,13 +120,13 @@ ENV APACHE_ALWAYS_TLS_REDIRECT=off \
PORT=80 \
PROXY_ERROR_OVERRIDE=on \
PROXY_PRESERVE_HOST=on \
PROXY_SSL=on \
PROXY_SSL=off \
PROXY_SSL_CA_CERT=/etc/ssl/certs/ca-certificates.crt \
PROXY_SSL_CERT=/usr/local/apache2/conf/proxy.crt \
PROXY_SSL_CERT_KEY=/usr/local/apache2/conf/proxy.key \
PROXY_SSL_CHECK_PEER_NAME=off \
PROXY_SSL_CIPHER_SUITE="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" \
PROXY_SSL_PROTOCOL="all -SSLv3 -TLSv1 -TLSv1.1" \
PROXY_SSL_CIPHERS="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" \
PROXY_SSL_PROTOCOLS="all -SSLv3 -TLSv1 -TLSv1.1" \
PROXY_SSL_VERIFY=none \
PROXY_TIMEOUT=60 \
REMOTEIP_INT_PROXY='10.1.0.0/16' \
Expand All @@ -137,13 +137,13 @@ ENV APACHE_ALWAYS_TLS_REDIRECT=off \
SERVER_TOKENS=Full \
SSL_CERT=/usr/local/apache2/conf/server.crt \
SSL_CERT_KEY=/usr/local/apache2/conf/server.key \
SSL_CIPHER_SUITE="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" \
SSL_CIPHERS="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" \
SSL_ENGINE=on \
SSL_HONOR_CIPHER_ORDER=off \
SSL_PORT=443 \
SSL_PROTOCOL="all -SSLv3 -TLSv1 -TLSv1.1" \
SSL_PROTOCOLS="all -SSLv3 -TLSv1 -TLSv1.1" \
SSL_SESSION_TICKETS=off \
SSL_USE_STAPLING=On \
SSL_OCSP_STAPLING=On \
TIMEOUT=60 \
WORKER_CONNECTIONS=400 \
# CRS specific variables
Expand Down
2 changes: 1 addition & 1 deletion apache/conf/extra/httpd-logging-before-modsec.conf
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ LoadModule logio_module /usr/local/apache2/modules/mod_logio.so

LogFormat "%h %{GEOIP_COUNTRY_CODE}e %u [%{%Y-%m-%d %H:%M:%S}t.%{usec_frac}t] \"%r\" %>s %b \
\"%{Referer}i\" \"%{User-Agent}i\" \"%{Content-Type}i\" %{remote}p %v %A %p %R \
%{BALANCER_WORKER_ROUTE}e %X \"%{cookie}n\" %{UNIQUE_ID}e %{SSL_PROTOCOL}x %{SSL_CIPHER}x \
%{BALANCER_WORKER_ROUTE}e %X \"%{cookie}n\" %{UNIQUE_ID}e %{SSL_PROTOCOLS}x %{SSL_CIPHERS}x \
%I %O %{ratio}n%% %D %{ModSecTimeIn}e %{ApplicationTime}e %{ModSecTimeOut}e \
%{ModSecAnomalyScoreInPLs}e %{ModSecAnomalyScoreOutPLs}e \
%{ModSecAnomalyScoreIn}e %{ModSecAnomalyScoreOut}e" extended
Expand Down
10 changes: 5 additions & 5 deletions apache/conf/extra/httpd-ssl.conf
Original file line number Diff line number Diff line change
@@ -1,16 +1,16 @@
Listen ${SSL_PORT}

SSLProxyProtocol ${PROXY_SSL_PROTOCOL}
SSLProxyCipherSuite ${PROXY_SSL_CIPHER_SUITE}
SSLProxyProtocol ${PROXY_SSL_PROTOCOLS}
SSLProxyCipherSuite ${PROXY_SSL_CIPHERS}

SSLPassPhraseDialog builtin

SSLProtocol ${SSL_PROTOCOL}
SSLCipherSuite ${SSL_CIPHER_SUITE}
SSLProtocol ${SSL_PROTOCOLS}
SSLCipherSuite ${SSL_CIPHERS}
SSLHonorCipherOrder ${SSL_HONOR_CIPHER_ORDER}
SSLSessionTickets ${SSL_SESSION_TICKETS}

SSLUseStapling ${SSL_USE_STAPLING}
SSLUseStapling ${SSL_OCSP_STAPLING}
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"

SSLSessionCache "shmcb:logs/ssl_scache(512000)"
Expand Down
4 changes: 2 additions & 2 deletions nginx/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -158,13 +158,13 @@ ENV ACCESSLOG=/var/log/nginx/access.log \
SSL_CERT_KEY=/etc/nginx/conf/server.key \
SSL_CIPHERS="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" \
SSL_DH_BITS=2048 \
SSL_OCSP_STAPLING=off \
SSL_OCSP_STAPLING=on \
SSL_PORT=443 \
SSL_PREFER_CIPHERS=off \
SSL_PROTOCOLS="TLSv1.2 TLSv1.3" \
SSL_VERIFY=off \
SSL_VERIFY_DEPTH=1 \
TIMEOUT=60s \
KEEPALIVE_TIMEOUT=60s \
WORKER_CONNECTIONS=1024 \
LD_LIBRARY_PATH=/lib:/usr/lib:/usr/local/lib \
NGINX_ENVSUBST_OUTPUT_DIR=/etc/nginx \
Expand Down
4 changes: 2 additions & 2 deletions nginx/Dockerfile-alpine
Original file line number Diff line number Diff line change
Expand Up @@ -153,13 +153,13 @@ ENV ACCESSLOG=/var/log/nginx/access.log \
SSL_CERT_KEY=/etc/nginx/conf/server.key \
SSL_CIPHERS="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" \
SSL_DH_BITS=2048 \
SSL_OCSP_STAPLING=off \
SSL_OCSP_STAPLING=on \
SSL_PORT=443 \
SSL_PREFER_CIPHERS=off \
SSL_PROTOCOLS="TLSv1.2 TLSv1.3" \
SSL_VERIFY_DEPTH=1 \
SSL_VERIFY=off \
TIMEOUT=60s \
KEEPALIVE_TIMEOUT=60s \
WORKER_CONNECTIONS=1024 \
LD_LIBRARY_PATH=/lib:/usr/lib:/usr/local/lib \
NGINX_ENVSUBST_OUTPUT_DIR=/etc/nginx \
Expand Down
2 changes: 1 addition & 1 deletion nginx/templates/nginx.conf.template
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ events {
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
keepalive_timeout ${TIMEOUT};
keepalive_timeout ${KEEPALIVE_TIMEOUT};
sendfile on;

resolver DNS_SERVER valid=5s;
Expand Down
4 changes: 2 additions & 2 deletions openresty/Dockerfile-alpine
Original file line number Diff line number Diff line change
Expand Up @@ -172,13 +172,13 @@ ENV ACCESSLOG=/var/log/nginx/access.log \
SSL_CERT_KEY=/etc/nginx/conf/server.key \
SSL_CIPHERS="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" \
SSL_DH_BITS=2048 \
SSL_OCSP_STAPLING=off \
SSL_OCSP_STAPLING=on \
SSL_PORT=443 \
SSL_PREFER_CIPHERS=off \
SSL_PROTOCOLS="TLSv1.2 TLSv1.3" \
SSL_VERIFY=off \
SSL_VERIFY_DEPTH=1 \
TIMEOUT=60s \
KEEPALIVE_TIMEOUT=60s \
WORKER_CONNECTIONS=1024 \
# Change this from normal nginx setup. Do not add /usr/lib or /lib
LD_LIBRARY_PATH=/usr/local/lib:/usr/local/openresty \
Expand Down
2 changes: 1 addition & 1 deletion openresty/templates/nginx.conf.template
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ events {
http {
include /usr/local/openresty/nginx/conf/mime.types;
default_type application/octet-stream;
keepalive_timeout ${TIMEOUT};
keepalive_timeout ${KEEPALIVE_TIMEOUT};
sendfile on;

# Openresty specific paths.
Expand Down

0 comments on commit 05d1d64

Please sign in to comment.