pin nginx to tls v1.3

docker/nginx/Dockerfile.future

@@ -1,26 +0,0 @@
-FROM alpine
-
-# Include dist
-ADD dist/ /root/dist/
-
-# Get and install dependencies & packages
-RUN rm -rf /etc/ssl/openssl.cnf && \
-    apk add --no-cache -U -X http://dl-3.alpinelinux.org/alpine/edge/testing/ \
-                       nginx \
-                       nginx-mod-http-headers-more \
-                       openssl1.1 || : && \
-
-# Setup configs
-    mkdir -p /run/nginx && \
-    rm -rf /etc/nginx/conf.d/* /usr/share/nginx/html/* && \
-    cp /root/dist/conf/nginx.conf /etc/nginx/ && \
-    cp -R /root/dist/conf/ssl /etc/nginx/ && \
-    cp /root/dist/conf/tpotweb.conf /etc/nginx/conf.d/ && \
-    cp -R /root/dist/html/ /var/lib/nginx/ && \
-
-# Clean up
-    rm -rf /root/* && \
-    rm -rf /var/cache/apk/*
-
-# Start nginx
-CMD exec nginx -g 'daemon off;'

docker/nginx/dist/conf/nginx.conf

@@ -31,7 +31,8 @@ http {
 	# SSL Settings
 	##
 
-	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+	#ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+	ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
 	ssl_prefer_server_ciphers on;
 
 	##
@@ -73,25 +74,3 @@ http {
 	include /etc/nginx/conf.d/*.conf;
 	include /etc/nginx/sites-enabled/*;
 }
-
-
-#mail {
-#	# See sample authentication script at:
-#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
-# 
-#	# auth_http localhost/auth.php;
-#	# pop3_capabilities "TOP" "USER";
-#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
-# 
-#	server {
-#		listen     localhost:110;
-#		protocol   pop3;
-#		proxy      on;
-#	}
-# 
-#	server {
-#		listen     localhost:143;
-#		protocol   imap;
-#		proxy      on;
-#	}
-#}

docker/nginx/dist/conf/tpotweb.conf

@@ -9,7 +9,7 @@ server {
     #########################
     listen 64297 ssl http2;
     index tpotweb.html;
-    ssl_protocols TLSv1.2;
+    ssl_protocols TLSv1.3;
     server_name example.com;
     error_page 300 301 302 400 401 402 403 404 500 501 502 503 504 /error.html;