diff --git a/Dockerfile b/Dockerfile
index 91f74a34b651c3379f3d8a287db84327818f2473..ff8ea1049495061ca1b289d0ffc0d6177850d7de 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,7 +4,6 @@ FROM nginx
RUN rm -rf /usr/share/nginx/html/*
RUN apt-get update \
- && apt upgrade -y \
&& apt-get install nodejs npm -y
WORKDIR /usr/share/nginx/html
diff --git a/docker-compose.yml b/docker-compose.yml
index 5e4af359a2a5c099a31cddce7c36d0fff305455b..bf821cf684ae9e659c4f44acc3cddfa8d1a1440f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -10,10 +10,10 @@ services:
- ./public:/usr/share/nginx/html
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
- command: “/bin/sh -c ‘while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \â€daemon off;\â€â€˜â€
+ command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
certbot:
image: certbot/certbot
volumes:
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
- entrypoint: “/bin/sh -c ‘trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'â€
+ entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
diff --git a/nginx.conf b/nginx.conf
index 215b5b4552172b777ddd74a365f8395d802d4f07..f24359bab2a9b229d1462f7c724764c0e47306c0 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -43,11 +43,19 @@ http {
server {
listen 443 ssl;
+ root /usr/share/nginx/html;
server_name kuadrado-software.fr www.kuadrado-software.fr;
index index.html index.htm;
ssl_certificate /etc/letsencrypt/live/kuadrado-software.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/kuadrado-software.fr/privkey.pem;
- include /etc/letsencrypt/options-ssl-nginx.conf;
+
+ # https://github.com/certbot/certbot/blob/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf
+ ssl_session_cache shared:le_nginx_SSL:10m;
+ ssl_session_timeout 1440m;
+ ssl_session_tickets off;
+ ssl_protocols TLSv1.2 TLSv1.3;
+ ssl_prefer_server_ciphers off;
+ ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass http://kuadrado-software.fr;