Initial commit
This commit is contained in:
+30
@@ -0,0 +1,30 @@
|
||||
# ============================================================
|
||||
# Dockerfile — WWTP Extreme Switch TLS 1.0 Proxy
|
||||
#
|
||||
# Uses Debian Bullseye (OpenSSL 1.1.1) instead of Alpine 3.18
|
||||
# (OpenSSL 3.x) because OpenSSL 1.1.1 supports TLS 1.0 natively
|
||||
# without requiring legacy provider hacks.
|
||||
# ============================================================
|
||||
|
||||
FROM debian:bullseye-slim
|
||||
|
||||
# Install stunnel — Debian Bullseye ships OpenSSL 1.1.1 which
|
||||
# supports TLS 1.0 out of the box. No legacy provider needed.
|
||||
RUN apt-get update && \
|
||||
apt-get install -y --no-install-recommends stunnel4 && \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Lower the OpenSSL minimum protocol to TLS 1.0
|
||||
# Bullseye's default is TLSv1.2 — we override it here
|
||||
RUN sed -i 's/MinProtocol = TLSv1.2/MinProtocol = TLSv1/' /etc/ssl/openssl.cnf && \
|
||||
sed -i 's/CipherString = DEFAULT@SECLEVEL=2/CipherString = DEFAULT@SECLEVEL=1/' /etc/ssl/openssl.cnf
|
||||
|
||||
# Copy stunnel config into image
|
||||
COPY stunnel.conf /etc/stunnel/stunnel.conf
|
||||
|
||||
# Expose all 20 switch proxy ports (4500-4519)
|
||||
EXPOSE 4500 4501 4502 4503 4504 4505 4506 4507 4508 4509 \
|
||||
4510 4511 4512 4513 4514 4515 4516 4517 4518 4519
|
||||
|
||||
# stunnel4 on Debian uses a wrapper script — call it directly
|
||||
CMD ["stunnel4", "/etc/stunnel/stunnel.conf"]
|
||||
Reference in New Issue
Block a user