Fabio/nginx-proxy-auto-docker
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Use labels instead of env variables

Browse source
This commit is contained in:
Rolf van Kleef 2019-04-17 22:36:55 +02:00
parent 8c590fc68f
commit 59a19bb965
No known key found for this signature in database
GPG key ID: 876C3FF04CA7C49C
36 changed files with 168 additions and 116 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

72
README.md
View file

@ -12,13 +12,13 @@ To run it:
$ docker run -d -p 80:80 -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy
Then start any containers you want proxied with an env var `VIRTUAL_HOST=subdomain.youdomain.com`
Then start any containers you want proxied with an env var `@proxy/virtualHost=subdomain.youdomain.com`
$ docker run -e VIRTUAL_HOST=foo.bar.com ...
$ docker run -t "@proxy/virtualHost=foo.bar.com" ...
The containers being proxied must [expose](https://docs.docker.com/engine/reference/run/#expose-incoming-ports) the port to be proxied, either by using the `EXPOSE` directive in their `Dockerfile` or by using the `--expose` flag to `docker run` or `docker create`.
Provided your DNS is setup to forward foo.bar.com to the host running nginx-proxy, the request will be routed to a container with the VIRTUAL_HOST env var set.
Provided your DNS is setup to forward foo.bar.com to the host running nginx-proxy, the request will be routed to a container with the @proxy/virtualHost tag set.
### Image variants
@ -51,8 +51,8 @@ services:
whoami:
image: jwilder/whoami
environment:
- VIRTUAL_HOST=whoami.local
labels:
'@proxy/virtualHost': whoami.local
```
```shell
@ -69,7 +69,7 @@ You can activate the IPv6 support for the nginx-proxy container by passing the v
### Multiple Ports
If your container exposes multiple ports, nginx-proxy will default to the service running on port 80. If you need to specify a different port, you can set a VIRTUAL_PORT env var to select a different one. If your container only exposes one port and it has a VIRTUAL_HOST env var set, that port will be selected.
If your container exposes multiple ports, nginx-proxy will default to the service running on port 80. If you need to specify a different port, you can set a @proxy/virtualPort env var to select a different one. If your container only exposes one port and it has a @proxy/virtualHost tag set, that port will be selected.
[1]: https://github.com/jwilder/docker-gen
[2]: http://jasonwilder.com/blog/2014/03/25/automated-nginx-reverse-proxy-for-docker/
@ -117,25 +117,25 @@ When internal-only access is enabled, external clients with be denied with an `H
### SSL Backends
If you would like the reverse proxy to connect to your backend using HTTPS instead of HTTP, set `VIRTUAL_PROTO=https` on the backend container.
If you would like the reverse proxy to connect to your backend using HTTPS instead of HTTP, set `@proxy/virtualProtocol=https` on the backend container.
> Note: If you use `VIRTUAL_PROTO=https` and your backend container exposes port 80 and 443, `nginx-proxy` will use HTTPS on port 80. This is almost certainly not what you want, so you should also include `VIRTUAL_PORT=443`.
> Note: If you use `@proxy/virtualProtocol=https` and your backend container exposes port 80 and 443, `nginx-proxy` will use HTTPS on port 80. This is almost certainly not what you want, so you should also include `@proxy/virtualProtocol=443`.
### uWSGI Backends
If you would like to connect to uWSGI backend, set `VIRTUAL_PROTO=uwsgi` on the
If you would like to connect to uWSGI backend, set `@proxy/virtualProtocol=uwsgi` on the
backend container. Your backend container should then listen on a port rather
than a socket and expose that port.
### FastCGI Backends
If you would like to connect to FastCGI backend, set `VIRTUAL_PROTO=fastcgi` on the
If you would like to connect to FastCGI backend, set `@proxy/virtualProtocol=fastcgi` on the
backend container. Your backend container should then listen on a port rather
than a socket and expose that port.
### FastCGI Filr Root Directory
If you use fastcgi,you can set `VIRTUAL_ROOT=xxx` for your root directory
If you use fastcgi,you can set `@proxy/virtualRoot=xxx` for your root directory
### Default Host
@ -176,9 +176,10 @@ $ docker run --volumes-from nginx \
-t jwilder/docker-gen -notify-sighup nginx -watch /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
```
Finally, start your containers with `VIRTUAL_HOST` environment variables.
Finally, start your containers with `@proxy/virtualHost` labels.
$ docker run -l "@proxy/virtualHost=foo.bar.com" ...
$ docker run -e VIRTUAL_HOST=foo.bar.com ...
### SSL Support using letsencrypt
[letsencrypt-nginx-proxy-companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion) is a lightweight companion container for the nginx-proxy. It allow the creation/renewal of Let's Encrypt certificates automatically.
@ -187,6 +188,7 @@ Set `DHPARAM_GENERATION` environment variable to `false` to disabled Diffie-Hell
The default value is `true`
$ docker run -e DHPARAM_GENERATION=false ....
### SSL Support
SSL is supported using single host, wildcard and SNI certificates using naming conventions for
@ -198,7 +200,7 @@ To enable SSL:
The contents of `/path/to/certs` should contain the certificates and private keys for any virtual
hosts in use. The certificate and keys should be named after the virtual host with a `.crt` and
`.key` extension. For example, a container with `VIRTUAL_HOST=foo.bar.com` should have a
`.key` extension. For example, a container with `@proxy/virtualHost=foo.bar.com` should have a
`foo.bar.com.crt` and `foo.bar.com.key` file in the certs directory.
If you are running the container in a virtualized environment (Hyper-V, VirtualBox, etc...),
@ -210,7 +212,7 @@ By default, Docker is not able to mount directories on the host machine to conta
Diffie-Hellman groups are enabled by default, with a pregenerated key in `/etc/nginx/dhparam/dhparam.pem`.
You can mount a different `dhparam.pem` file at that location to override the default cert.
To use custom `dhparam.pem` files per-virtual-host, the files should be named after the virtual host with a
`dhparam` suffix and `.pem` extension. For example, a container with `VIRTUAL_HOST=foo.bar.com`
`dhparam` suffix and `.pem` extension. For example, a container with `@proxy/virtualHost=foo.bar.com`
should have a `foo.bar.com.dhparam.pem` file in the `/etc/nginx/certs` directory.
> NOTE: If you don't mount a `dhparam.pem` file at `/etc/nginx/dhparam/dhparam.pem`, one will be generated
@ -232,19 +234,19 @@ nginx container, at `/etc/nginx/dhparam/dhparam.pem`.
#### Wildcard Certificates
Wildcard certificates and keys should be named after the domain name with a `.crt` and `.key` extension.
For example `VIRTUAL_HOST=foo.bar.com` would use cert name `bar.com.crt` and `bar.com.key`.
For example `@proxy/virtualHost=foo.bar.com` would use cert name `bar.com.crt` and `bar.com.key`.
#### SNI
If your certificate(s) supports multiple domain names, you can start a container with `CERT_NAME=<name>`
to identify the certificate to be used. For example, a certificate for `*.foo.com` and `*.bar.com`
could be named `shared.crt` and `shared.key`. A container running with `VIRTUAL_HOST=foo.bar.com`
could be named `shared.crt` and `shared.key`. A container running with `@proxy/virtualHost=foo.bar.com`
and `CERT_NAME=shared` will then use this shared cert.
#### OCSP Stapling
To enable OCSP Stapling for a domain, `nginx-proxy` looks for a PEM certificate containing the trusted
CA certificate chain at `/etc/nginx/certs/<domain>.chain.pem`, where `<domain>` is the domain name in
the `VIRTUAL_HOST` directive. The format of this file is a concatenation of the public PEM CA
the `@proxy/virtualHost` directive. The format of this file is a concatenation of the public PEM CA
certificates starting with the intermediate CA most near the SSL certificate, down to the root CA. This is
often referred to as the "SSL Certificate Chain". If found, this filename is passed to the NGINX
[`ssl_trusted_certificate` directive](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_trusted_certificate)
@ -285,10 +287,10 @@ will allow a client browser to make a SSL connection (likely w/ a warning) and s
a 500.
To serve traffic in both SSL and non-SSL modes without redirecting to SSL, you can include the
environment variable `HTTPS_METHOD=noredirect` (the default is `HTTPS_METHOD=redirect`). You can also
disable the non-SSL site entirely with `HTTPS_METHOD=nohttp`, or disable the HTTPS site with
`HTTPS_METHOD=nohttps`. `HTTPS_METHOD` must be specified on each container for which you want to
override the default behavior. If `HTTPS_METHOD=noredirect` is used, Strict Transport Security (HSTS)
label `@proxy/httsMethod=noredirect` (the default is `@proxy/httpsMethod=redirect`). You can also
disable the non-SSL site entirely with `@proxy/httpsMethod=nohttp`, or disable the HTTPS site with
`@proxy/httpsMethod=nohttps`. `@proxy/httpsMethod` must be specified on each container for which you want to
override the default behavior. If `@proxy/httpsMethod=noredirect` is used, Strict Transport Security (HSTS)
is disabled to prevent HTTPS users from being redirected by the client. If you cannot get to the HTTP
site after changing this setting, your browser has probably cached the HSTS policy and is automatically
redirecting you back to HTTPS. You will need to clear your browser's HSTS cache or use an incognito
@ -303,8 +305,8 @@ response is to clear your browser's HSTS cache.
### Basic Authentication Support
In order to be able to secure your virtual host, you have to create a file named as its equivalent VIRTUAL_HOST variable on directory
/etc/nginx/htpasswd/$VIRTUAL_HOST
In order to be able to secure your virtual host, you have to create a file named as its equivalent @proxy/virtualHost variable on directory
/etc/nginx/htpasswd/${@proxy/virtualHost}
```
$ docker run -d -p 80:80 -p 443:443 \
@ -318,7 +320,7 @@ You'll need apache2-utils on the machine where you plan to create the htpasswd f
### Custom Nginx Configuration
If you need to configure Nginx beyond what is possible using environment variables, you can provide custom configuration files on either a proxy-wide or per-`VIRTUAL_HOST` basis.
If you need to configure Nginx beyond what is possible using environment variables, you can provide custom configuration files on either a proxy-wide or per-`@proxy/virtualHost` basis.
#### Replacing default proxy settings
@ -364,9 +366,9 @@ Or it can be done by mounting in your custom configuration in your `docker run`
$ docker run -d -p 80:80 -p 443:443 -v /path/to/my_proxy.conf:/etc/nginx/conf.d/my_proxy.conf:ro -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy
#### Per-VIRTUAL_HOST
#### Per-virtualHost
To add settings on a per-`VIRTUAL_HOST` basis, add your configuration file under `/etc/nginx/vhost.d`. Unlike in the proxy-wide case, which allows multiple config files with any name ending in `.conf`, the per-`VIRTUAL_HOST` file must be named exactly after the `VIRTUAL_HOST`.
To add settings on a per-`virtualHost` basis, add your configuration file under `/etc/nginx/vhost.d`. Unlike in the proxy-wide case, which allows multiple config files with any name ending in `.conf`, the per-`virtualHost` file must be named exactly after the `virtualHost`.
In order to allow virtual hosts to be dynamically configured as backends are added and removed, it makes the most sense to mount an external directory as `/etc/nginx/vhost.d` as opposed to using derived images or mounting individual configuration files.
@ -375,19 +377,19 @@ For example, if you have a virtual host named `app.example.com`, you could provi
$ docker run -d -p 80:80 -p 443:443 -v /path/to/vhost.d:/etc/nginx/vhost.d:ro -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy
$ { echo 'server_tokens off;'; echo 'client_max_body_size 100m;'; } > /path/to/vhost.d/app.example.com
If you are using multiple hostnames for a single container (e.g. `VIRTUAL_HOST=example.com,www.example.com`), the virtual host configuration file must exist for each hostname. If you would like to use the same configuration for multiple virtual host names, you can use a symlink:
If you are using multiple hostnames for a single container (e.g. `virtualHost=example.com,www.example.com`), the virtual host configuration file must exist for each hostname. If you would like to use the same configuration for multiple virtual host names, you can use a symlink:
$ { echo 'server_tokens off;'; echo 'client_max_body_size 100m;'; } > /path/to/vhost.d/www.example.com
$ ln -s /path/to/vhost.d/www.example.com /path/to/vhost.d/example.com
#### Per-VIRTUAL_HOST default configuration
#### Per-@proxy/virtualHost default configuration
If you want most of your virtual hosts to use a default single configuration and then override on a few specific ones, add those settings to the `/etc/nginx/vhost.d/default` file. This file
will be used on any virtual host which does not have a `/etc/nginx/vhost.d/{VIRTUAL_HOST}` file associated with it.
will be used on any virtual host which does not have a `/etc/nginx/vhost.d/{@proxy/virtualHost}` file associated with it.
#### Per-VIRTUAL_HOST location configuration
#### Per-@proxy/virtualHost location configuration
To add settings to the "location" block on a per-`VIRTUAL_HOST` basis, add your configuration file under `/etc/nginx/vhost.d`
To add settings to the "location" block on a per-`@proxy.virtualHost` basis, add your configuration file under `/etc/nginx/vhost.d`
just like the previous section except with the suffix `_location`.
For example, if you have a virtual host named `app.example.com` and you have configured a proxy_cache `my-cache` in another custom file, you could tell it to use a proxy cache as follows:
@ -395,15 +397,15 @@ For example, if you have a virtual host named `app.example.com` and you have con
$ docker run -d -p 80:80 -p 443:443 -v /path/to/vhost.d:/etc/nginx/vhost.d:ro -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy
$ { echo 'proxy_cache my-cache;'; echo 'proxy_cache_valid 200 302 60m;'; echo 'proxy_cache_valid 404 1m;' } > /path/to/vhost.d/app.example.com_location
If you are using multiple hostnames for a single container (e.g. `VIRTUAL_HOST=example.com,www.example.com`), the virtual host configuration file must exist for each hostname. If you would like to use the same configuration for multiple virtual host names, you can use a symlink:
If you are using multiple hostnames for a single container (e.g. `virtualHost=example.com,www.example.com`), the virtual host configuration file must exist for each hostname. If you would like to use the same configuration for multiple virtual host names, you can use a symlink:
$ { echo 'proxy_cache my-cache;'; echo 'proxy_cache_valid 200 302 60m;'; echo 'proxy_cache_valid 404 1m;' } > /path/to/vhost.d/app.example.com_location
$ ln -s /path/to/vhost.d/www.example.com /path/to/vhost.d/example.com
#### Per-VIRTUAL_HOST location default configuration
#### Per-virtualHost location default configuration
If you want most of your virtual hosts to use a default single `location` block configuration and then override on a few specific ones, add those settings to the `/etc/nginx/vhost.d/default_location` file. This file
will be used on any virtual host which does not have a `/etc/nginx/vhost.d/{VIRTUAL_HOST}_location` file associated with it.
will be used on any virtual host which does not have a `/etc/nginx/vhost.d/{virtualHost}_location` file associated with it.
### Contributing

4
docker-compose-separate-containers.yml
View file

@ -19,5 +19,5 @@ services:
whoami:
image: jwilder/whoami
environment:
- VIRTUAL_HOST=whoami.local
labels:
'@proxy/virtualHost': whoami.local

6
docker-compose.yml
View file

@ -1,8 +1,8 @@
version: '2'
services:
nginx-proxy:
image: jwilder/nginx-proxy
container_name: nginx-proxy
ports:
- "80:80"
volumes:
@ -10,5 +10,5 @@ services:
whoami:
image: jwilder/whoami
environment:
- VIRTUAL_HOST=whoami.local
labels:
'@proxy/virtualHost': whoami.local

28
nginx.tmpl
View file

@ -115,7 +115,7 @@ server {
}
{{ end }}
{{ range $host, $containers := groupByMulti $ "Env.VIRTUAL_HOST" "," }}
{{ range $host, $containers := groupByMulti $ "Labels.@proxy/virtualHost" "," }}
{{ $host := trim $host }}
{{ $is_regexp := hasPrefix "~" $host }}
@ -136,9 +136,9 @@ upstream {{ $upstream_name }} {
{{ if eq $addrLen 1 }}
{{ $address := index $container.Addresses 0 }}
{{ template "upstream" (dict "Container" $container "Address" $address "Network" $containerNetwork) }}
{{/* If more than one port exposed, use the one matching VIRTUAL_PORT env var, falling back to standard web port 80 */}}
{{/* If more than one port exposed, use the one matching @proxy/virtualPort label, falling back to standard web port 80 */}}
{{ else }}
{{ $port := coalesce $container.Env.VIRTUAL_PORT "80" }}
{{ $port := coalesce $container.Labels "@proxy/virtualPort" "80" }}
{{ $address := where $container.Addresses "Port" $port | first }}
{{ template "upstream" (dict "Container" $container "Address" $address "Network" $containerNetwork) }}
{{ end }}
@ -154,27 +154,27 @@ upstream {{ $upstream_name }} {
{{ $default_host := or ($.Env.DEFAULT_HOST) "" }}
{{ $default_server := index (dict $host "" $default_host "default_server") $host }}
{{/* Get the VIRTUAL_PROTO defined by containers w/ the same vhost, falling back to "http" */}}
{{ $proto := trim (or (first (groupByKeys $containers "Env.VIRTUAL_PROTO")) "http") }}
{{/* Get the @proxy/virtualProtocol defined by containers w/ the same vhost, falling back to "http" */}}
{{ $proto := trim (or (first (groupByKeys $containers "Labels.@proxy/virtualProtocol")) "http") }}
{{/* Get the NETWORK_ACCESS defined by containers w/ the same vhost, falling back to "external" */}}
{{ $network_tag := or (first (groupByKeys $containers "Env.NETWORK_ACCESS")) "external" }}
{{ $network_tag := or (first (groupByKeys $containers "Labels.@proxy/networkAccess")) "external" }}
{{/* Get the HTTPS_METHOD defined by containers w/ the same vhost, falling back to "redirect" */}}
{{ $https_method := or (first (groupByKeys $containers "Env.HTTPS_METHOD")) "redirect" }}
{{/* Get the @proxy/httpsMethod defined by containers w/ the same vhost, falling back to "redirect" */}}
{{ $https_method := or (first (groupByKeys $containers "Labels.@proxy/httpsMethod")) "redirect" }}
{{/* Get the SSL_POLICY defined by containers w/ the same vhost, falling back to "Mozilla-Intermediate" */}}
{{ $ssl_policy := or (first (groupByKeys $containers "Env.SSL_POLICY")) "Mozilla-Intermediate" }}
{{ $ssl_policy := or (first (groupByKeys $containers "Labels.@proxy/sslPolicy")) "Mozilla-Intermediate" }}
{{/* Get the HSTS defined by containers w/ the same vhost, falling back to "max-age=31536000" */}}
{{ $hsts := or (first (groupByKeys $containers "Env.HSTS")) "max-age=31536000" }}
{{ $hsts := or (first (groupByKeys $containers "Labels.@proxy/HSTS")) "max-age=31536000" }}
{{/* Get the VIRTUAL_ROOT By containers w/ use fastcgi root */}}
{{ $vhost_root := or (first (groupByKeys $containers "Env.VIRTUAL_ROOT")) "/var/www/public" }}
{{/* Get the @proxy/virtualRoot By containers w/ use fastcgi root */}}
{{ $vhost_root := or (first (groupByKeys $containers "Labels.@proxy/virtualRoot")) "/var/www/public" }}
{{/* Get the first cert name defined by containers w/ the same vhost */}}
{{ $certName := (first (groupByKeys $containers "Env.CERT_NAME")) }}
{{ $certName := (first (groupByKeys $containers "Labels.@proxy/certificateName")) }}
{{/* Get the best matching cert by name for the vhost. */}}
{{ $vhostCert := (closest (dir "/etc/nginx/certs") (printf "%s.crt" $host))}}
@ -358,4 +358,4 @@ server {
{{ end }}
{{ end }}
{{ end }}
{{ end }}

3
test/stress_tests/test_deleted_cert/docker-compose.yml
View file

@ -4,7 +4,8 @@ web:
- "81"
environment:
WEB_PORTS: 81
VIRTUAL_HOST: web.nginx-proxy
labels:
'@proxy/virtualHost': web.nginx-proxy
reverseproxy:

2
test/stress_tests/test_unreachable_network/README.md
View file

@ -1,6 +1,6 @@
# nginx-proxy template is not considered when a container is not reachable
Having a container with the `VIRTUAL_HOST` environment variable set but on a network not reachable from the nginx-proxy container will result in nginx-proxy serving the default nginx welcome page for all requests.
Having a container with the `@proxy/virtualHost` label set but on a network not reachable from the nginx-proxy container will result in nginx-proxy serving the default nginx welcome page for all requests.
Furthermore, if the nginx-proxy in such state is restarted, the nginx process will crash and the container stops.

6
test/stress_tests/test_unreachable_network/docker-compose.yml
View file

@ -21,7 +21,8 @@ services:
- 81
environment:
WEB_PORTS: 81
VIRTUAL_HOST: webA.nginx-proxy
labels:
'@proxy/virtualHost': webA.nginx-proxy
webB:
networks:
@ -31,5 +32,6 @@ services:
- 82
environment:
WEB_PORTS: 82
VIRTUAL_HOST: webB.nginx-proxy
labels:
'@proxy/virtualHost': webB.nginx-proxy

6
test/test_DOCKER_HOST_unix_socket.yml
View file

@ -4,7 +4,8 @@ web1:
- "81"
environment:
WEB_PORTS: 81
VIRTUAL_HOST: web1.nginx-proxy.tld
labels:
'@proxy/virtualHost': web1.nginx-proxy.tld
web2:
image: web
@ -12,7 +13,8 @@ web2:
- "82"
environment:
WEB_PORTS: 82
VIRTUAL_HOST: web2.nginx-proxy.tld
labels:
'@proxy/virtualHost': web2.nginx-proxy.tld
sut:

3
test/test_composev2.yml
View file

@ -12,4 +12,5 @@ services:
- "81"
environment:
WEB_PORTS: 81
VIRTUAL_HOST: web.nginx-proxy.local
labels:
'@proxy/virtualHost': web.nginx-proxy.local

9
test/test_custom/test_defaults-location.yml
View file

@ -12,7 +12,8 @@ web1:
- "81"
environment:
WEB_PORTS: 81
VIRTUAL_HOST: web1.nginx-proxy.local
labels:
'@proxy/virtualHost': web1.nginx-proxy.local
web2:
image: web
@ -20,7 +21,8 @@ web2:
- "82"
environment:
WEB_PORTS: 82
VIRTUAL_HOST: web2.nginx-proxy.local
labels:
'@proxy/virtualHost': web2.nginx-proxy.local
web3:
image: web
@ -28,4 +30,5 @@ web3:
- "83"
environment:
WEB_PORTS: 83
VIRTUAL_HOST: web3.nginx-proxy.local
labels:
'@proxy/virtualHost': web3.nginx-proxy.local

6
test/test_custom/test_defaults.yml
View file

@ -13,7 +13,8 @@ services:
- "81"
environment:
WEB_PORTS: 81
VIRTUAL_HOST: web1.nginx-proxy.local
labels:
'@proxy/virtualHost': web1.nginx-proxy.local
web2:
image: web
@ -21,4 +22,5 @@ services:
- "82"
environment:
WEB_PORTS: 82
VIRTUAL_HOST: web2.nginx-proxy.local
labels:
'@proxy/virtualHost': web2.nginx-proxy.local

6
test/test_custom/test_location-per-vhost.yml
View file

@ -13,7 +13,8 @@ services:
- "81"
environment:
WEB_PORTS: 81
VIRTUAL_HOST: web1.nginx-proxy.local
labels:
'@proxy/virtualHost': web1.nginx-proxy.local
web2:
image: web
@ -21,4 +22,5 @@ services:
- "82"
environment:
WEB_PORTS: 82
VIRTUAL_HOST: web2.nginx-proxy.local
labels:
'@proxy/virtualHost': web2.nginx-proxy.local

6
test/test_custom/test_per-vhost.yml
View file

@ -13,7 +13,8 @@ services:
- "81"
environment:
WEB_PORTS: 81
VIRTUAL_HOST: web1.nginx-proxy.local
labels:
'@proxy/virtualHost': web1.nginx-proxy.local
web2:
image: web
@ -21,4 +22,5 @@ services:
- "82"
environment:
WEB_PORTS: 82
VIRTUAL_HOST: web2.nginx-proxy.local
labels:
'@proxy/virtualHost': web2.nginx-proxy.local

6
test/test_custom/test_proxy-wide.yml
View file

@ -13,7 +13,8 @@ services:
- "81"
environment:
WEB_PORTS: 81
VIRTUAL_HOST: web1.nginx-proxy.local
labels:
'@proxy/virtualHost': web1.nginx-proxy.local
web2:
image: web
@ -21,4 +22,5 @@ services:
- "82"
environment:
WEB_PORTS: 82
VIRTUAL_HOST: web2.nginx-proxy.local
labels:
'@proxy/virtualHost': web2.nginx-proxy.local

5
test/test_default-host.yml
View file

@ -1,11 +1,12 @@
# GIVEN a webserver with VIRTUAL_HOST set to web1.tld
# GIVEN a webserver with @proxy/virtualHost set to web1.tld
web1:
image: web
expose:
- "81"
environment:
WEB_PORTS: 81
VIRTUAL_HOST: web1.tld
labels:
'@proxy/virtualHost': web1.tld
# WHEN nginx-proxy runs with DEFAULT_HOST set to web1.tld

3
test/test_dockergen/test_dockergen_v2.yml
View file

@ -24,4 +24,5 @@ services:
- "80"
environment:
WEB_PORTS: 80
VIRTUAL_HOST: whoami.nginx.container.docker
labels:
'@proxy/virtualHost': whoami.nginx.container.docker

3
test/test_dockergen/test_dockergen_v3.yml
View file

@ -22,7 +22,8 @@ services:
- "80"
environment:
WEB_PORTS: 80
VIRTUAL_HOST: whoami.nginx.container.docker
labels:
'@proxy/virtualHost': whoami.nginx.container.docker
volumes:
nginx_conf: {}

6
test/test_events.py
View file

@ -10,7 +10,7 @@ from docker.errors import NotFound
@pytest.yield_fixture()
def web1(docker_compose):
"""
pytest fixture creating a web container with `VIRTUAL_HOST=web1.nginx-proxy` listening on port 81.
pytest fixture creating a web container with `@proxy/virtualHost=web1.nginx-proxy` listening on port 81.
"""
container = docker_compose.containers.run(
name="web1",
@ -18,7 +18,9 @@ def web1(docker_compose):
detach=True,
environment={
"WEB_PORTS": "81",
"VIRTUAL_HOST": "web1.nginx-proxy"
},
labels={
"@proxy/virtualHost": "web1.nginx-proxy"
},
ports={"81/tcp": None}
)

3
test/test_headers/test_http.yml
View file

@ -4,7 +4,8 @@ web:
- "80"
environment:
WEB_PORTS: 80
VIRTUAL_HOST: web.nginx-proxy.tld
labels:
'@proxy/virtualHost': web.nginx-proxy.tld
sut:

3
test/test_headers/test_https.yml
View file

@ -4,7 +4,8 @@ web:
- "80"
environment:
WEB_PORTS: 80
VIRTUAL_HOST: web.nginx-proxy.tld
labels:
'@proxy/virtualHost': web.nginx-proxy.tld
sut:

6
test/test_ipv6.yml
View file

@ -4,7 +4,8 @@ web1:
- "81"
environment:
WEB_PORTS: 81
VIRTUAL_HOST: web1.nginx-proxy.tld
labels:
'@proxy/virtualHost': web1.nginx-proxy.tld
web2:
image: web
@ -12,7 +13,8 @@ web2:
- "82"
environment:
WEB_PORTS: 82
VIRTUAL_HOST: web2.nginx-proxy.tld
labels:
'@proxy/virtualHost': web2.nginx-proxy.tld
sut:

3
test/test_multiple-hosts.yml
View file

@ -4,7 +4,8 @@ web:
- "81"
environment:
WEB_PORTS: 81
VIRTUAL_HOST: webA.nginx-proxy.tld,webB.nginx-proxy.tld
labels:
'@proxy/virtualHost': webA.nginx-proxy.tld,webB.nginx-proxy.tld
sut:

6
test/test_multiple-networks.yml
View file

@ -20,7 +20,8 @@ services:
- "81"
environment:
WEB_PORTS: 81
VIRTUAL_HOST: web1.nginx-proxy.local
labels:
'@proxy/virtualHost': web1.nginx-proxy.local
networks:
- net1
@ -30,6 +31,7 @@ services:
- "82"
environment:
WEB_PORTS: 82
VIRTUAL_HOST: web2.nginx-proxy.local
labels:
'@proxy/virtualHost': web2.nginx-proxy.local
networks:
- net2

5
test/test_multiple-ports/test_VIRTUAL_PORT.yml
View file

@ -5,8 +5,9 @@ web:
- "90"
environment:
WEB_PORTS: "80 90"
VIRTUAL_HOST: "web.nginx-proxy.tld"
VIRTUAL_PORT: 90
labels:
'@proxy/virtualHost': "web.nginx-proxy.tld"
'@proxy/virtualPort': "90"
sut:
image: jwilder/nginx-proxy:test

3
test/test_multiple-ports/test_default-80.yml
View file

@ -5,7 +5,8 @@ web:
- "81"
environment:
WEB_PORTS: "80 81"
VIRTUAL_HOST: "web.nginx-proxy.tld"
labels:
'@proxy/virtualHost': "web.nginx-proxy.tld"
sut:
image: jwilder/nginx-proxy:test

3
test/test_multiple-ports/test_single-port-not-80.yml
View file

@ -4,7 +4,8 @@ web:
- "81"
environment:
WEB_PORTS: "81"
VIRTUAL_HOST: "web.nginx-proxy.tld"
labels:
'@proxy/virtualHost': "web.nginx-proxy.tld"
sut:

6
test/test_nominal.yml
View file

@ -4,7 +4,8 @@ web1:
- "81"
environment:
WEB_PORTS: 81
VIRTUAL_HOST: web1.nginx-proxy.tld
labels:
'@proxy/virtualHost': web1.nginx-proxy.tld
web2:
image: web
@ -12,7 +13,8 @@ web2:
- "82"
environment:
WEB_PORTS: 82
VIRTUAL_HOST: web2.nginx-proxy.tld
labels:
'@proxy/virtualHost': web2.nginx-proxy.tld
sut:

3
test/test_ssl/test_dhparam.yml
View file

@ -4,7 +4,8 @@ web5:
- "85"
environment:
WEB_PORTS: "85"
VIRTUAL_HOST: "web5.nginx-proxy.tld"
labels:
'@proxy/virtualHost': "web5.nginx-proxy.tld"
sut:

20
test/test_ssl/test_hsts.yml
View file

@ -4,7 +4,8 @@ web1:
- "81"
environment:
WEB_PORTS: "81"
VIRTUAL_HOST: "web1.nginx-proxy.tld"
labels:
'@proxy/virtualHost': "web1.nginx-proxy.tld"
web2:
image: web
@ -12,8 +13,9 @@ web2:
- "81"
environment:
WEB_PORTS: "81"
VIRTUAL_HOST: "web2.nginx-proxy.tld"
HSTS: "off"
labels:
'@proxy/virtualHost': "web2.nginx-proxy.tld"
'@proxy/HSTS': "off"
web3:
image: web
@ -21,8 +23,9 @@ web3:
- "81"
environment:
WEB_PORTS: "81"
VIRTUAL_HOST: "web3.nginx-proxy.tld"
HSTS: "max-age=86400; includeSubDomains; preload"
labels:
'@proxy/virtualHost': "web3.nginx-proxy.tld"
'@proxy/HSTS': "max-age=86400; includeSubDomains; preload"
web4:
image: web
@ -30,9 +33,10 @@ web4:
- "81"
environment:
WEB_PORTS: "81"
VIRTUAL_HOST: "web4.nginx-proxy.tld"
HSTS: "off"
HTTPS_METHOD: "noredirect"
labels:
'@proxy/virtualHost': "web4.nginx-proxy.tld"
'@proxy/HSTS': "off"
'@proxy/httpsMethod': "noredirect"
sut:
image: jwilder/nginx-proxy:test

5
test/test_ssl/test_nohttp.yml
View file

@ -4,8 +4,9 @@ web2:
- "82"
environment:
WEB_PORTS: "82"
VIRTUAL_HOST: "web2.nginx-proxy.tld"
HTTPS_METHOD: nohttp
labels:
'@proxy/virtualHost': "web2.nginx-proxy.tld"
'@proxy/httpsMethod': nohttp
sut:

5
test/test_ssl/test_nohttps.yml
View file

@ -4,8 +4,9 @@ web:
- "83"
environment:
WEB_PORTS: "83"
VIRTUAL_HOST: "web.nginx-proxy.tld"
HTTPS_METHOD: nohttps
labels:
'@proxy/virtualHost': "web.nginx-proxy.tld"
'@proxy/httpsMethod': nohttps
sut:

5
test/test_ssl/test_noredirect.yml
View file

@ -4,8 +4,9 @@ web3:
- "83"
environment:
WEB_PORTS: "83"
VIRTUAL_HOST: "web3.nginx-proxy.tld"
HTTPS_METHOD: noredirect
labels:
'@proxy/virtualHost': "web3.nginx-proxy.tld"
'@proxy/httpsMethod': noredirect
sut:

3
test/test_ssl/test_wildcard.yml
View file

@ -4,7 +4,8 @@ web1:
- "81"
environment:
WEB_PORTS: "81"
VIRTUAL_HOST: "*.nginx-proxy.tld"
labels:
'@proxy/virtualHost': "*.nginx-proxy.tld"
sut:
image: jwilder/nginx-proxy:test

2
test/test_ssl/wildcard_cert_and_nohttps/README.md
View file

@ -3,4 +3,4 @@ In this scenario, we have a wildcard certificate for `*.web.nginx-proxy.tld` and
- 2.web.nginx-proxy.tld
- 3.web.nginx-proxy.tld
We want web containers 1 and 2 to support SSL, but 3 should not (using `HTTPS_METHOD=nohttps`)
We want web containers 1 and 2 to support SSL, but 3 should not (using `@proxy/httpsMethod=nohttps`)

11
test/test_ssl/wildcard_cert_and_nohttps/docker-compose.yml
View file

@ -15,14 +15,16 @@ services:
- "81"
environment:
WEB_PORTS: "81"
VIRTUAL_HOST: "1.web.nginx-proxy.tld"
labels:
'@proxy/virtualHost': "1.web.nginx-proxy.tld"
web2:
image: web
expose:
- "82"
environment:
WEB_PORTS: "82"
VIRTUAL_HOST: "2.web.nginx-proxy.tld"
labels:
'@proxy/virtualHost': "2.web.nginx-proxy.tld"
web3_nohttps:
image: web
@ -30,5 +32,6 @@ services:
- "83"
environment:
WEB_PORTS: "83"
VIRTUAL_HOST: "3.web.nginx-proxy.tld"
HTTPS_METHOD: nohttps
labels:
'@proxy/virtualHost': "3.web.nginx-proxy.tld"
'@proxy/httpsMethod': nohttps

12
test/test_wildcard_host.yml
View file

@ -4,7 +4,8 @@ web1:
- "81"
environment:
WEB_PORTS: "81"
VIRTUAL_HOST: "*.nginx-proxy.test"
labels:
'@proxy/virtualHost': "*.nginx-proxy.test"
web2:
image: web
@ -12,7 +13,8 @@ web2:
- "82"
environment:
WEB_PORTS: "82"
VIRTUAL_HOST: "test.nginx-proxy.*"
labels:
'@proxy/virtualHost': "test.nginx-proxy.*"
web3:
image: web
@ -20,7 +22,8 @@ web3:
- "83"
environment:
WEB_PORTS: "83"
VIRTUAL_HOST: ~^web3\..*\.nginx-proxy\.regexp
labels:
'@proxy/virtualHost': ~^web3\..*\.nginx-proxy\.regexp
web4:
image: web
@ -28,7 +31,8 @@ web4:
- "84"
environment:
WEB_PORTS: "84"
VIRTUAL_HOST: ~^web4\..*\.nginx-proxy\.regexp$$ # we need to double the `$` because of docker-compose variable interpolation
labels:
'@proxy/virtualHost': ~^web4\..*\.nginx-proxy\.regexp$$ # we need to double the `$` because of docker-compose variable interpolation
sut: