Fabio/nginx-proxy-auto-docker
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Merge 1a280ca1ef into 000a44772d

Browse source
This commit is contained in:
Adam Bolinger 2018-03-12 20:24:20 +00:00 committed by GitHub
commit 593b5558d7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 18 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
Dockerfile
View file

@ -6,6 +6,7 @@ RUN apt-get update \
&& apt-get install -y -q --no-install-recommends \
ca-certificates \
wget \
nginx-extras \
&& apt-get clean \
&& rm -r /var/lib/apt/lists/*

2
Dockerfile.alpine
View file

@ -3,7 +3,7 @@ LABEL maintainer="Jason Wilder mail@jasonwilder.com"
# Install wget and install/updates certificates
RUN apk add --no-cache --virtual .run-deps \
ca-certificates bash wget openssl \
ca-certificates bash wget openssl nginx-extras \
&& update-ca-certificates

16
nginx.tmpl
View file

@ -170,6 +170,10 @@ upstream {{ $upstream_name }} {
{{ $vhost_root := or (first (groupByKeys $containers "Env.VIRTUAL_ROOT")) "/var/www/public" }}
{{/* Get the CLEAR_SERVER_HEADER to restrict server response header */}}
{{ $clear_server_header := eq (or ($.Env.CLEAR_SERVER_HEADER) "") "true" }}
{{/* Get the first cert name defined by containers w/ the same vhost */}}
{{ $certName := (first (groupByKeys $containers "Env.CERT_NAME")) }}
@ -195,6 +199,9 @@ server {
listen [::]:80 {{ $default_server }};
{{ end }}
access_log /var/log/nginx/access.log vhost;
{{ if $clear_server_header }}
more_clear_headers Server;
{{ end }}
return 301 https://$host$request_uri;
}
{{ end }}
@ -206,6 +213,9 @@ server {
listen [::]:443 ssl http2 {{ $default_server }};
{{ end }}
access_log /var/log/nginx/access.log vhost;
{{ if $clear_server_header }}
more_clear_headers Server;
{{ end }}
{{ if eq $network_tag "internal" }}
# Only allow traffic from internal clients
@ -304,6 +314,9 @@ server {
listen [::]:80 {{ $default_server }};
{{ end }}
access_log /var/log/nginx/access.log vhost;
{{ if $clear_server_header }}
more_clear_headers Server;
{{ end }}
{{ if eq $network_tag "internal" }}
# Only allow traffic from internal clients
@ -347,6 +360,9 @@ server {
listen [::]:443 ssl http2 {{ $default_server }};
{{ end }}
access_log /var/log/nginx/access.log vhost;
{{ if $clear_server_header }}
more_clear_headers Server;
{{ end }}
return 500;
ssl_certificate /etc/nginx/certs/default.crt;