Patch 2.7.0 image to update nginx SSL configuration (#412)

* Patch 2.7.0 image

* Move patch files to better place

deploy/suse/patches/nginx/Dockerfile

@@ -0,0 +1,4 @@
+FROM registry.suse.com/cap/stratos-console:2.7.0-35f5964bd-cap
+
+COPY ./nginx.conf /etc/nginx/nginx.conf
+RUN echo "Stratos 2.7.1 NGINX configuration patch" > /patches.log

deploy/suse/patches/nginx/README.md

@@ -0,0 +1,3 @@
+# 2.7.0 Patch
+
+These files were used to create a patch for 2.7.0 that fixes the TLS ciphers used by nginx.

deploy/suse/patches/nginx/build.sh

@@ -0,0 +1,3 @@
+
+docker build -f Dockerfile . -t registry.suse.com/cap-staging/stratos-console-1:2.7.0-35f5964bd-cap
+docker push registry.suse.com/cap-staging/stratos-console-1:2.7.0-35f5964bd-cap

deploy/suse/patches/nginx/nginx.conf

@@ -0,0 +1,76 @@
+worker_processes 2;
+
+events {
+    worker_connections              4096;
+    use                             epoll;
+}
+
+http {
+
+    upstream portalproxy {
+        least_conn;
+        server                      localhost:3003;
+        keepalive                   32;
+    }
+
+    include                         mime.types;
+    default_type                    application/octet-stream;
+    keepalive_timeout               70;
+    proxy_read_timeout              200;
+    sendfile                        off;
+    tcp_nopush                      on;
+    tcp_nodelay                     on;
+    gzip                            on;
+    gzip_min_length                 1000;
+    gzip_proxied                    any;
+    gzip_types                      text/plain text/html text/css text/xml
+                                    application/x-javascript application/xml
+                                    application/atom+xml text/javascript;
+
+    proxy_next_upstream             error;
+
+    map $http_upgrade $connection_upgrade {
+        default upgrade;
+        ''      '';
+    }
+
+    ssl_session_cache               shared:SSL:10m;
+    ssl_session_timeout             10m;
+
+    server {
+        listen                      80;
+        return                      301 https://$host$request_uri;
+    }
+
+    server {
+        listen                      443 ssl;
+
+        ssl_certificate             /ENCRYPTION_KEY_VOLUME/console.crt;
+        ssl_certificate_key         /ENCRYPTION_KEY_VOLUME/console.key;
+        ssl_protocols               TLSv1.2 TLSv1.3;
+        ssl_ciphers                 ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
+        ssl_prefer_server_ciphers   on;        
+
+        client_max_body_size        50M;
+
+        location /pp/ {
+            proxy_pass_header       Server;
+            proxy_set_header        Host $http_host;
+            proxy_redirect          off;
+            proxy_set_header        X-Real-IP $remote_addr;
+            proxy_set_header        X-Scheme $scheme;
+            proxy_pass              https://portalproxy/pp/;
+            proxy_intercept_errors  on;
+            proxy_http_version      1.1;
+            proxy_set_header        Upgrade $http_upgrade;
+            proxy_set_header        Connection $connection_upgrade;
+        }
+
+        location / {
+            root                    /usr/share/nginx/html;
+            add_header Cache-Control no-cache;
+            add_header X-Frame-Options SAMEORIGIN;
+            try_files $uri$args $uri$args/ /index.html;
+        }
+    }
+}