Fabio/nginx-proxy-auto-docker
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Override location / for use with php-fpm and allow serving static files

Browse source 
with nginx instead of passing them to fastcgi
This commit is contained in:
Jonathan Adami 2020-04-26 12:48:48 +10:00
parent 3cbc5417b7
commit 1991982b51
3 changed files with 41 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Dockerfile
View file

@ -31,7 +31,7 @@ WORKDIR /app/
ENV DOCKER_HOST unix:///tmp/docker.sock ENV DOCKER_HOST unix:///tmp/docker.sock
VOLUME ["/etc/nginx/certs", "/etc/nginx/dhparam"] VOLUME ["/etc/nginx/certs", "/etc/nginx/dhparam", "/etc/nginx/static_files"]
ENTRYPOINT ["/app/docker-entrypoint.sh"] ENTRYPOINT ["/app/docker-entrypoint.sh"]
CMD ["forego", "start", "-r"] CMD ["forego", "start", "-r"]

35
README.md
View file

@ -128,14 +128,31 @@ backend container. Your backend container should then listen on a port rather
than a socket and expose that port. than a socket and expose that port.
### FastCGI Backends ### FastCGI Backends
If you would like to connect to FastCGI backend, set `VIRTUAL_PROTO=fastcgi` on the If you would like to connect to FastCGI backend, set `VIRTUAL_PROTO=fastcgi` on the
backend container. Your backend container should then listen on a port rather backend container. Your backend container should then listen on a port rather
than a socket and expose that port. than a socket and expose that port.
### FastCGI File Root Directory ### FastCGI File Root Directory
If you use fastcgi,you can set `VIRTUAL_ROOT=xxx` for your root directory If you use fastcgi, you can set `VIRTUAL_ROOT=xxx` for your root directory
### FastCGI Serving static files
If you use fastcgi, you can set `LOCATION_PATH=xxx` (eg: "~ \.php$") and use the vhost.d/default or vhost.d/{VIRTUAL_HOST}
to add:
```
location / {
try_files $uri /index.php?$query_string;
limit_rate_after 1000k;
limit_rate 50k;
}
```
You can then bind your files in "/etc/nginx/static_files/{VIRTUAL_HOST}" and they'll be served by nginx instead of passing them
to your fastcgi.
**You should also set the VIRTUAL_ROOT if using static_files binding.**
### Default Host ### Default Host
@ -179,6 +196,7 @@ $ docker run --volumes-from nginx \
Finally, start your containers with `VIRTUAL_HOST` environment variables. Finally, start your containers with `VIRTUAL_HOST` environment variables.
$ docker run -e VIRTUAL_HOST=foo.bar.com ... $ docker run -e VIRTUAL_HOST=foo.bar.com ...
### SSL Support using letsencrypt ### SSL Support using letsencrypt
[letsencrypt-nginx-proxy-companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion) is a lightweight companion container for the nginx-proxy. It allows the creation/renewal of Let's Encrypt certificates automatically. [letsencrypt-nginx-proxy-companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion) is a lightweight companion container for the nginx-proxy. It allows the creation/renewal of Let's Encrypt certificates automatically.
@ -187,6 +205,7 @@ Set `DHPARAM_GENERATION` environment variable to `false` to disabled Diffie-Hell
The default value is `true` The default value is `true`
$ docker run -e DHPARAM_GENERATION=false .... $ docker run -e DHPARAM_GENERATION=false ....
### SSL Support ### SSL Support
SSL is supported using single host, wildcard and SNI certificates using naming conventions for SSL is supported using single host, wildcard and SNI certificates using naming conventions for
@ -292,11 +311,11 @@ site after changing this setting, your browser has probably cached the HSTS poli
redirecting you back to HTTPS. You will need to clear your browser's HSTS cache or use an incognito redirecting you back to HTTPS. You will need to clear your browser's HSTS cache or use an incognito
window / different browser. window / different browser.
By default, [HTTP Strict Transport Security (HSTS)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security) By default, [HTTP Strict Transport Security (HSTS)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security)
is enabled with `max-age=31536000` for HTTPS sites. You can disable HSTS with the environment variable is enabled with `max-age=31536000` for HTTPS sites. You can disable HSTS with the environment variable
`HSTS=off` or use a custom HSTS configuration like `HSTS=max-age=31536000; includeSubDomains; preload`. `HSTS=off` or use a custom HSTS configuration like `HSTS=max-age=31536000; includeSubDomains; preload`.
*WARNING*: HSTS will force your users to visit the HTTPS version of your site for the `max-age` time - *WARNING*: HSTS will force your users to visit the HTTPS version of your site for the `max-age` time -
even if they type in `http://` manually. The only way to get to an HTTP site after receiving an HSTS even if they type in `http://` manually. The only way to get to an HTTP site after receiving an HSTS
response is to clear your browser's HSTS cache. response is to clear your browser's HSTS cache.
### Basic Authentication Support ### Basic Authentication Support

17
nginx.tmpl
View file

@ -1,5 +1,6 @@
{{ $CurrentContainer := where $ "ID" .Docker.CurrentContainerID | first }} {{ $CurrentContainer := where $ "ID" .Docker.CurrentContainerID | first }}
{{ $location_path := coalesce $.Env.LOCATION_PATH "/" }}
{{ $external_http_port := coalesce $.Env.HTTP_PORT "80" }} {{ $external_http_port := coalesce $.Env.HTTP_PORT "80" }}
{{ $external_https_port := coalesce $.Env.HTTPS_PORT "443" }} {{ $external_https_port := coalesce $.Env.HTTPS_PORT "443" }}
@ -251,7 +252,7 @@ server {
listen [::]:{{ $external_http_port }} {{ $default_server }}; listen [::]:{{ $external_http_port }} {{ $default_server }};
{{ end }} {{ end }}
{{ $access_log }} {{ $access_log }}
# Do not HTTPS redirect Let'sEncrypt ACME challenge # Do not HTTPS redirect Let'sEncrypt ACME challenge
location /.well-known/acme-challenge/ { location /.well-known/acme-challenge/ {
auth_basic off; auth_basic off;
@ -260,7 +261,7 @@ server {
try_files $uri =404; try_files $uri =404;
break; break;
} }
location / { location / {
return 301 https://$host$request_uri; return 301 https://$host$request_uri;
} }
@ -275,6 +276,10 @@ server {
{{ end }} {{ end }}
{{ $access_log }} {{ $access_log }}
{{ if (exists (printf "/etc/nginx/static_files/%s" $host)) }}
root {{ printf "/etc/nginx/static_files/%s" $host }};
{{ end }}
{{ if eq $network_tag "internal" }} {{ if eq $network_tag "internal" }}
# Only allow traffic from internal clients # Only allow traffic from internal clients
include /etc/nginx/network_internal.conf; include /etc/nginx/network_internal.conf;
@ -309,7 +314,7 @@ server {
include /etc/nginx/vhost.d/default; include /etc/nginx/vhost.d/default;
{{ end }} {{ end }}
location / { location {{ $location_path }} {
{{ if eq $proto "uwsgi" }} {{ if eq $proto "uwsgi" }}
include uwsgi_params; include uwsgi_params;
uwsgi_pass {{ trim $proto }}://{{ trim $upstream_name }}; uwsgi_pass {{ trim $proto }}://{{ trim $upstream_name }};
@ -347,6 +352,10 @@ server {
{{ end }} {{ end }}
{{ $access_log }} {{ $access_log }}
{{ if (exists (printf "/etc/nginx/static_files/%s" $host)) }}
root {{ printf "/etc/nginx/static_files/%s" $host }};
{{ end }}
{{ if eq $network_tag "internal" }} {{ if eq $network_tag "internal" }}
# Only allow traffic from internal clients # Only allow traffic from internal clients
include /etc/nginx/network_internal.conf; include /etc/nginx/network_internal.conf;
@ -358,7 +367,7 @@ server {
include /etc/nginx/vhost.d/default; include /etc/nginx/vhost.d/default;
{{ end }} {{ end }}
location / { location {{ $location_path }} {
{{ if eq $proto "uwsgi" }} {{ if eq $proto "uwsgi" }}
include uwsgi_params; include uwsgi_params;
uwsgi_pass {{ trim $proto }}://{{ trim $upstream_name }}; uwsgi_pass {{ trim $proto }}://{{ trim $upstream_name }};