SSL with subdomains
configuration:
server {
listen 8443 ssl;
server_name example.org;
ssl_certificate tls.d/example.org.chain.crt;
ssl_certificate_key tls.d/example.org.pem;
root static.d/example.org;
}
Dockerfile:
FROM docker.io/rockdrilla/angie-conv:v0.0.1
COPY /site/ /etc/angie/site/
COPY /static/ /etc/angie/static/
COPY /tls/ /etc/angie/tls/
ENV NGX_HTTP_CONFLOAD='ssl'
Optional cut-off SSL server block:
server {
listen 8443 ssl default_server bind deferred;
server_name _;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
## reject connections early
ssl_reject_handshake on;
}
Test URI e.g. with curl
:
curl --cacert ./tls/ca/root-ca.crt --capath /nonexistent --resolve example.org:8443:127.0.0.1 https://example.org:8443/
curl --cacert ./tls/ca/root-ca.crt --capath /nonexistent --resolve www.example.org:8443:127.0.0.1 https://www.example.org:8443/
curl --cacert ./tls/ca/root-ca.crt --capath /nonexistent --resolve test.example.org:8443:127.0.0.1 https://test.example.org:8443/