FROM jwilder/nginx-proxy:alpine
RUN \
    sed -i -e 's/max-age=31536000/max-age=31536000; includeSubDomains; preload/g' /app/nginx.tmpl && \
    sed -i -e 's/ssl_session_tickets off/ssl_session_tickets on/g' /app/nginx.tmpl && \
    sed -i -e "s/ssl_ciphers '\(.\+\)';/ssl_ciphers '\1:!aNULL!eNull:!EXPORT:!DES:!3DES:!MD5:!DSS:!AES128';/g" /app/nginx.tmpl && \
    sed -i '/ssl_dhparam/a\\ssl_ecdh_curve secp384r1;' nginx.tmpl && \
    sed -i '/add_header/a\        add_header Public-Key-Pins "pin-sha256=\\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\\"; pin-sha256=\\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\\"; max-age=5184000; includeSubDomains\\"";' nginx.tmpl