refactor: remove SSL from standalone setup
Since Zeppelin was only creating a self-signed certificate, this gave a false sense of security when in reality you'd always want to have a proxy with a proper certificate in front of this anyway. Additionally, generating the certificate at build time meant that the domain couldn't easily be changed/updated without rebuilding.
This commit is contained in:
Dragory
parent
1ef7ba8d0f
commit
e146ed6416
4 changed files with 4 additions and 25 deletions
|
|
@ -1,9 +1,3 @@
|
|||
FROM nginx
|
||||
|
||||
ARG STANDALONE_DOMAIN
|
||||
|
||||
RUN apt-get update && apt-get install -y openssl
|
||||
RUN openssl req -x509 -newkey rsa:4096 -keyout /etc/ssl/private/zeppelin-self-signed-cert.key -out /etc/ssl/certs/zeppelin-self-signed-cert.pem -days 3650 -subj "/CN=${STANDALONE_DOMAIN}" -nodes
|
||||
|
||||
COPY ./docker/production/nginx/default.conf /etc/nginx/conf.d/default.conf
|
||||
RUN sed -ir "s/_STANDALONE_DOMAIN_/${STANDALONE_DOMAIN}/g" /etc/nginx/conf.d/default.conf
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name _STANDALONE_DOMAIN_;
|
||||
listen 80 default_server;
|
||||
server_name _;
|
||||
|
||||
# Using a variable here stops nginx from crashing if the dev container is restarted or becomes otherwise unavailable
|
||||
set $backend_upstream "http://api:3001";
|
||||
|
|
@ -21,14 +20,4 @@ server {
|
|||
|
||||
client_max_body_size 200M;
|
||||
}
|
||||
|
||||
ssl_certificate /etc/ssl/certs/zeppelin-self-signed-cert.pem;
|
||||
ssl_certificate_key /etc/ssl/private/zeppelin-self-signed-cert.key;
|
||||
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:MozSSL:10m;
|
||||
ssl_session_tickets off;
|
||||
|
||||
ssl_protocols TLSv1.3;
|
||||
ssl_prefer_server_ciphers off;
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue