diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-15 17:11:11 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-15 17:11:11 +0000 |
commit | ba28aa09cebfba17fd16de2af6fedf7ecc76eea5 (patch) | |
tree | 44e2ff1493776a06e95c359c53a1cabca5d8a8d4 /utils/docker-debian10.tls13only.start.sh | |
parent | Initial commit. (diff) | |
download | testssl.sh-ba28aa09cebfba17fd16de2af6fedf7ecc76eea5.tar.xz testssl.sh-ba28aa09cebfba17fd16de2af6fedf7ecc76eea5.zip |
Adding upstream version 3.2~rc3+dfsg.upstream/3.2_rc3+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'utils/docker-debian10.tls13only.start.sh')
-rwxr-xr-x | utils/docker-debian10.tls13only.start.sh | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/utils/docker-debian10.tls13only.start.sh b/utils/docker-debian10.tls13only.start.sh new file mode 100755 index 0000000..2d0e9f1 --- /dev/null +++ b/utils/docker-debian10.tls13only.start.sh @@ -0,0 +1,33 @@ +#!/usr/bin/env bash + +# no early data, but TLS 1.3 with debian:buster (sid similar in Feb 2019) + +image=${1:-"debian:buster"} +docker pull "$image" +ID=$(docker run -d -ti $image) + +[[ -z "$ID" ]] && echo "container couldn't be retrieved" >&2 && exit 1 + +docker exec -ti $ID apt-get update +docker exec -ti $ID apt-get install -y ssl-cert dialog +docker exec -ti $ID apt-get install -y nginx-common nginx-light +docker exec -ti $ID cp /etc/nginx/sites-available/default /etc/nginx/sites-available/default.bak +docker exec -ti $ID sed -i -e 's/# listen/listen/' -e 's/# include/include/' /etc/nginx/sites-available/default +if echo "$0" | grep -q only; then + docker exec -ti $ID sed -i -e 's/listen \[::\]:443 ssl default_server;/&\n\tssl_protocols TLSv1\.3;\n\tssl_ecdh_curve X448:X25519;/' /etc/nginx/sites-available/default +else + docker exec -ti $ID sed -i -e 's/listen \[::\]:443 ssl default_server;/&\n\tssl_protocols TLSv1\.2 TLSv1\.3;\n\tssl_ecdh_curve X448:X25519;/' /etc/nginx/sites-available/default +fi + +docker exec -ti $ID nginx -V +docker exec -ti $ID service nginx start +docker exec -ti $ID service nginx status +# P Q + +echo +echo "You may now run \"testssl.sh $(docker inspect $ID --format '{{.NetworkSettings.IPAddress}}')\"" + +exit 0 + + +# vim:ts=5:sw=5:expandtab |