You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello. Thank you for this nginx docker. I recently experimented with PFS and found errant behavior in the current script nginx.sh when PFS is enabled and the nginx service is restarted. It will fail with repeating fatal error
2020/09/13 23:01:14 [emerg] 6#6: "ssl_dhparam" directive is duplicate in /etc/nginx/conf.d/perfect_forward_secrecy.conf:6
nginx: [emerg] "ssl_dhparam" directive is duplicate in /etc/nginx/conf.d/perfect_forward_secrecy.conf:6
This is due to the persistent docker volume you create in the Dockerfile, therefore perfect_forward_secrecy.conf persists between restarts, therefore when the nginx.sh script runs on restart, line 142 appends another copy of ssl_dhparam and other lines.
Repro
Create a docker-compose.yml with a service nginx using dperson/nginx image with various settings including PFS=1
docker-compose up -d
docker-compose restart nginx
docker container ls and notice the constantly restarting container for nginx
docker logs xxxxxxx with the containerID of the ever restarting nginx container to see the repeating error
A quick fix might be to change line 142 to be a single > instead of the current >> so that the file is created clean on each restart. Otherwise, a search/replace for a pre-existing ssl_dhparam and other settings could be done with a tool like sed.
The text was updated successfully, but these errors were encountered:
Hello. Thank you for this nginx docker. I recently experimented with PFS and found errant behavior in the current script
nginx.shwhen PFS is enabled and the nginx service is restarted. It will fail with repeating fatal errorThis is due to the persistent docker volume you create in the Dockerfile, therefore
perfect_forward_secrecy.confpersists between restarts, therefore when thenginx.shscript runs on restart, line 142 appends another copy ofssl_dhparamand other lines.Repro
docker-compose.ymlwith a servicenginxusingdperson/nginximage with various settings includingPFS=1docker-compose up -ddocker-compose restart nginxdocker container lsand notice the constantly restarting container for nginxdocker logs xxxxxxxwith the containerID of the ever restarting nginx container to see the repeating errorFix
nginx/nginx.sh
Line 142 in aff6c52
A quick fix might be to change line 142 to be a single
>instead of the current>>so that the file is created clean on each restart. Otherwise, a search/replace for a pre-existingssl_dhparamand other settings could be done with a tool likesed.The text was updated successfully, but these errors were encountered: