31 lines
1.2 KiB
Docker
31 lines
1.2 KiB
Docker
# ============================================================
|
|
# Dockerfile — WWTP Extreme Switch TLS 1.0 Proxy
|
|
#
|
|
# Uses Debian Bullseye (OpenSSL 1.1.1) instead of Alpine 3.18
|
|
# (OpenSSL 3.x) because OpenSSL 1.1.1 supports TLS 1.0 natively
|
|
# without requiring legacy provider hacks.
|
|
# ============================================================
|
|
|
|
FROM debian:bullseye-slim
|
|
|
|
# Install stunnel — Debian Bullseye ships OpenSSL 1.1.1 which
|
|
# supports TLS 1.0 out of the box. No legacy provider needed.
|
|
RUN apt-get update && \
|
|
apt-get install -y --no-install-recommends stunnel4 && \
|
|
rm -rf /var/lib/apt/lists/*
|
|
|
|
# Lower the OpenSSL minimum protocol to TLS 1.0
|
|
# Bullseye's default is TLSv1.2 — we override it here
|
|
RUN sed -i 's/MinProtocol = TLSv1.2/MinProtocol = TLSv1/' /etc/ssl/openssl.cnf && \
|
|
sed -i 's/CipherString = DEFAULT@SECLEVEL=2/CipherString = DEFAULT@SECLEVEL=1/' /etc/ssl/openssl.cnf
|
|
|
|
# Copy stunnel config into image
|
|
COPY stunnel.conf /etc/stunnel/stunnel.conf
|
|
|
|
# Expose all 20 switch proxy ports (4500-4519)
|
|
EXPOSE 4500 4501 4502 4503 4504 4505 4506 4507 4508 4509 \
|
|
4510 4511 4512 4513 4514 4515 4516 4517 4518 4519
|
|
|
|
# stunnel4 on Debian uses a wrapper script — call it directly
|
|
CMD ["stunnel4", "/etc/stunnel/stunnel.conf"]
|