From 3f33b7deebafc78d351d18b636ec3d56ff57fd13 Mon Sep 17 00:00:00 2001 From: Mark Edgington Date: Thu, 2 Jun 2016 20:44:13 -0400 Subject: [PATCH] Add env vars for custom template and nonstandard ports The LISTEN_PORT_HTTP and LISTEN_PORT_HTTPS env variables can now be specified on web-service containers in order to cause the proxy to listen on the specified ports. If you only want to allow listening on a port with SSL, these variables can be set to the value "None" which causes them to not be used. So, for example, you could set LISTEN_PORT_HTTP=None in order to only proxy traffic over a secure link. If one or both of these env vars are omitted, the default values of 80 and 443 will be used where omitted. NOTE: these ports are internal ports on the container. If you set LISTEN_PORT_HTTPS=1234, and want to make this accessible on the WAN at port 5555, then you will do something like docker run -p 5555:1234 ... Additionally, on the proxy container, a CUSTOM_TEMPLATE env variable can be specified, which will instruct docker-gen to use the specified template instead of the default template. For example, if CUSTOM_TEMPLATE=/app/mytemplate, then you will want to either copy your template to the container with 'docker cp', or mount it from the host filesystem with something like docker run -v /host/path:/app/mytemplate ... --- docker-entrypoint.sh | 15 +++++++++++++++ nginx.tmpl | 19 +++++++++++++++---- 2 files changed, 30 insertions(+), 4 deletions(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 6353314..0b45eac 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -19,4 +19,19 @@ if [ "$socketMissing" = 1 -a "$1" = forego -a "$2" = start -a "$3" = '-r' ]; the exit 1 fi +# if a custom template has not been specified +if [ -z "$CUSTOM_TEMPLATE" ]; then + # try to copy default config to another file if the other file doesn't yet exist + cp -n nginx.tmpl nginx_default.tmpl + + # create symlink to default config file + ln -sf nginx_default.tmpl nginx.tmpl +else + # try to copy default config to another file if the other file doesn't yet exist + cp -n nginx.tmpl nginx_default.tmpl + + # create symlink to custom config file + ln -sf $CUSTOM_TEMPLATE nginx.tmpl +fi + exec "$@" diff --git a/nginx.tmpl b/nginx.tmpl index 855e90d..0295281 100644 --- a/nginx.tmpl +++ b/nginx.tmpl @@ -123,20 +123,26 @@ upstream {{ $host }} { {{ $is_https := (and (ne $cert "") (exists (printf "/etc/nginx/certs/%s.crt" $cert)) (exists (printf "/etc/nginx/certs/%s.key" $cert))) }} +{{ $http_lport := or (first (groupByKeys $containers "Env.LISTEN_PORT_HTTP")) "80" }} +{{ $https_lport := or (first (groupByKeys $containers "Env.LISTEN_PORT_HTTPS")) "443" }} + {{ if $is_https }} +{{ if ne $http_lport "None" }} {{ if eq $https_method "redirect" }} server { server_name {{ $host }}; - listen 80 {{ $default_server }}; + listen {{ $http_lport }} {{ $default_server }}; access_log /var/log/nginx/access.log vhost; return 301 https://$host$request_uri; } {{ end }} +{{ end }} +{{ if ne $https_lport "None" }} server { server_name {{ $host }}; - listen 443 ssl http2 {{ $default_server }}; + listen {{ $https_lport }} ssl http2 {{ $default_server }}; access_log /var/log/nginx/access.log vhost; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; @@ -174,14 +180,16 @@ server { {{ end }} } } +{{ end }} {{ end }} {{ if or (not $is_https) (eq $https_method "noredirect") }} +{{ if ne $http_lport "None" }} server { server_name {{ $host }}; - listen 80 {{ $default_server }}; + listen {{ $http_lport }} {{ $default_server }}; access_log /var/log/nginx/access.log vhost; {{ if (exists (printf "/etc/nginx/vhost.d/%s" $host)) }} @@ -203,11 +211,13 @@ server { {{ end }} } } +{{ end }} +{{ if ne $https_lport "None" }} {{ if (and (not $is_https) (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }} server { server_name {{ $host }}; - listen 443 ssl http2 {{ $default_server }}; + listen {{ $https_lport }} ssl http2 {{ $default_server }}; access_log /var/log/nginx/access.log vhost; return 503; @@ -215,6 +225,7 @@ server { ssl_certificate_key /etc/nginx/certs/default.key; } {{ end }} +{{ end }} {{ end }} {{ end }}