Fabio/nginx-proxy-auto-docker
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use labels instead of env variables

Browse source
This commit is contained in:
Rolf van Kleef 2019-04-17 22:36:55 +02:00
parent 8c590fc68f
commit 59a19bb965
No known key found for this signature in database
GPG key ID: 876C3FF04CA7C49C
36 changed files with 168 additions and 116 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

72
README.md
View file

@ -12,13 +12,13 @@ To run it:
$ docker run -d -p 80:80 -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy $ docker run -d -p 80:80 -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy
Then start any containers you want proxied with an env var `VIRTUAL_HOST=subdomain.youdomain.com` Then start any containers you want proxied with an env var `@proxy/virtualHost=subdomain.youdomain.com`
$ docker run -e VIRTUAL_HOST=foo.bar.com ... $ docker run -t "@proxy/virtualHost=foo.bar.com" ...
The containers being proxied must [expose](https://docs.docker.com/engine/reference/run/#expose-incoming-ports) the port to be proxied, either by using the `EXPOSE` directive in their `Dockerfile` or by using the `--expose` flag to `docker run` or `docker create`. The containers being proxied must [expose](https://docs.docker.com/engine/reference/run/#expose-incoming-ports) the port to be proxied, either by using the `EXPOSE` directive in their `Dockerfile` or by using the `--expose` flag to `docker run` or `docker create`.
Provided your DNS is setup to forward foo.bar.com to the host running nginx-proxy, the request will be routed to a container with the VIRTUAL_HOST env var set. Provided your DNS is setup to forward foo.bar.com to the host running nginx-proxy, the request will be routed to a container with the @proxy/virtualHost tag set.
### Image variants ### Image variants
@ -51,8 +51,8 @@ services:
whoami: whoami:
image: jwilder/whoami image: jwilder/whoami
environment: labels:
- VIRTUAL_HOST=whoami.local '@proxy/virtualHost': whoami.local
``` ```
```shell ```shell
@ -69,7 +69,7 @@ You can activate the IPv6 support for the nginx-proxy container by passing the v
### Multiple Ports ### Multiple Ports
If your container exposes multiple ports, nginx-proxy will default to the service running on port 80. If you need to specify a different port, you can set a VIRTUAL_PORT env var to select a different one. If your container only exposes one port and it has a VIRTUAL_HOST env var set, that port will be selected. If your container exposes multiple ports, nginx-proxy will default to the service running on port 80. If you need to specify a different port, you can set a @proxy/virtualPort env var to select a different one. If your container only exposes one port and it has a @proxy/virtualHost tag set, that port will be selected.
[1]: https://github.com/jwilder/docker-gen [1]: https://github.com/jwilder/docker-gen
[2]: http://jasonwilder.com/blog/2014/03/25/automated-nginx-reverse-proxy-for-docker/ [2]: http://jasonwilder.com/blog/2014/03/25/automated-nginx-reverse-proxy-for-docker/
@ -117,25 +117,25 @@ When internal-only access is enabled, external clients with be denied with an `H
### SSL Backends ### SSL Backends
If you would like the reverse proxy to connect to your backend using HTTPS instead of HTTP, set `VIRTUAL_PROTO=https` on the backend container. If you would like the reverse proxy to connect to your backend using HTTPS instead of HTTP, set `@proxy/virtualProtocol=https` on the backend container.
> Note: If you use `VIRTUAL_PROTO=https` and your backend container exposes port 80 and 443, `nginx-proxy` will use HTTPS on port 80. This is almost certainly not what you want, so you should also include `VIRTUAL_PORT=443`. > Note: If you use `@proxy/virtualProtocol=https` and your backend container exposes port 80 and 443, `nginx-proxy` will use HTTPS on port 80. This is almost certainly not what you want, so you should also include `@proxy/virtualProtocol=443`.
### uWSGI Backends ### uWSGI Backends
If you would like to connect to uWSGI backend, set `VIRTUAL_PROTO=uwsgi` on the If you would like to connect to uWSGI backend, set `@proxy/virtualProtocol=uwsgi` on the
backend container. Your backend container should then listen on a port rather backend container. Your backend container should then listen on a port rather
than a socket and expose that port. than a socket and expose that port.
### FastCGI Backends ### FastCGI Backends
If you would like to connect to FastCGI backend, set `VIRTUAL_PROTO=fastcgi` on the If you would like to connect to FastCGI backend, set `@proxy/virtualProtocol=fastcgi` on the
backend container. Your backend container should then listen on a port rather backend container. Your backend container should then listen on a port rather
than a socket and expose that port. than a socket and expose that port.
### FastCGI Filr Root Directory ### FastCGI Filr Root Directory
If you use fastcgi,you can set `VIRTUAL_ROOT=xxx` for your root directory If you use fastcgi,you can set `@proxy/virtualRoot=xxx` for your root directory
### Default Host ### Default Host
@ -176,9 +176,10 @@ $ docker run --volumes-from nginx \
-t jwilder/docker-gen -notify-sighup nginx -watch /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf -t jwilder/docker-gen -notify-sighup nginx -watch /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
``` ```
Finally, start your containers with `VIRTUAL_HOST` environment variables. Finally, start your containers with `@proxy/virtualHost` labels.
$ docker run -l "@proxy/virtualHost=foo.bar.com" ...
$ docker run -e VIRTUAL_HOST=foo.bar.com ...
### SSL Support using letsencrypt ### SSL Support using letsencrypt
[letsencrypt-nginx-proxy-companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion) is a lightweight companion container for the nginx-proxy. It allow the creation/renewal of Let's Encrypt certificates automatically. [letsencrypt-nginx-proxy-companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion) is a lightweight companion container for the nginx-proxy. It allow the creation/renewal of Let's Encrypt certificates automatically.
@ -187,6 +188,7 @@ Set `DHPARAM_GENERATION` environment variable to `false` to disabled Diffie-Hell
The default value is `true` The default value is `true`
$ docker run -e DHPARAM_GENERATION=false .... $ docker run -e DHPARAM_GENERATION=false ....
### SSL Support ### SSL Support
SSL is supported using single host, wildcard and SNI certificates using naming conventions for SSL is supported using single host, wildcard and SNI certificates using naming conventions for
@ -198,7 +200,7 @@ To enable SSL:
The contents of `/path/to/certs` should contain the certificates and private keys for any virtual The contents of `/path/to/certs` should contain the certificates and private keys for any virtual
hosts in use. The certificate and keys should be named after the virtual host with a `.crt` and hosts in use. The certificate and keys should be named after the virtual host with a `.crt` and
`.key` extension. For example, a container with `VIRTUAL_HOST=foo.bar.com` should have a `.key` extension. For example, a container with `@proxy/virtualHost=foo.bar.com` should have a
`foo.bar.com.crt` and `foo.bar.com.key` file in the certs directory. `foo.bar.com.crt` and `foo.bar.com.key` file in the certs directory.
If you are running the container in a virtualized environment (Hyper-V, VirtualBox, etc...), If you are running the container in a virtualized environment (Hyper-V, VirtualBox, etc...),
@ -210,7 +212,7 @@ By default, Docker is not able to mount directories on the host machine to conta
Diffie-Hellman groups are enabled by default, with a pregenerated key in `/etc/nginx/dhparam/dhparam.pem`. Diffie-Hellman groups are enabled by default, with a pregenerated key in `/etc/nginx/dhparam/dhparam.pem`.
You can mount a different `dhparam.pem` file at that location to override the default cert. You can mount a different `dhparam.pem` file at that location to override the default cert.
To use custom `dhparam.pem` files per-virtual-host, the files should be named after the virtual host with a To use custom `dhparam.pem` files per-virtual-host, the files should be named after the virtual host with a
`dhparam` suffix and `.pem` extension. For example, a container with `VIRTUAL_HOST=foo.bar.com` `dhparam` suffix and `.pem` extension. For example, a container with `@proxy/virtualHost=foo.bar.com`
should have a `foo.bar.com.dhparam.pem` file in the `/etc/nginx/certs` directory. should have a `foo.bar.com.dhparam.pem` file in the `/etc/nginx/certs` directory.
> NOTE: If you don't mount a `dhparam.pem` file at `/etc/nginx/dhparam/dhparam.pem`, one will be generated > NOTE: If you don't mount a `dhparam.pem` file at `/etc/nginx/dhparam/dhparam.pem`, one will be generated
@ -232,19 +234,19 @@ nginx container, at `/etc/nginx/dhparam/dhparam.pem`.
#### Wildcard Certificates #### Wildcard Certificates
Wildcard certificates and keys should be named after the domain name with a `.crt` and `.key` extension. Wildcard certificates and keys should be named after the domain name with a `.crt` and `.key` extension.
For example `VIRTUAL_HOST=foo.bar.com` would use cert name `bar.com.crt` and `bar.com.key`. For example `@proxy/virtualHost=foo.bar.com` would use cert name `bar.com.crt` and `bar.com.key`.
#### SNI #### SNI
If your certificate(s) supports multiple domain names, you can start a container with `CERT_NAME=<name>` If your certificate(s) supports multiple domain names, you can start a container with `CERT_NAME=<name>`
to identify the certificate to be used. For example, a certificate for `*.foo.com` and `*.bar.com` to identify the certificate to be used. For example, a certificate for `*.foo.com` and `*.bar.com`
could be named `shared.crt` and `shared.key`. A container running with `VIRTUAL_HOST=foo.bar.com` could be named `shared.crt` and `shared.key`. A container running with `@proxy/virtualHost=foo.bar.com`
and `CERT_NAME=shared` will then use this shared cert. and `CERT_NAME=shared` will then use this shared cert.
#### OCSP Stapling #### OCSP Stapling
To enable OCSP Stapling for a domain, `nginx-proxy` looks for a PEM certificate containing the trusted To enable OCSP Stapling for a domain, `nginx-proxy` looks for a PEM certificate containing the trusted
CA certificate chain at `/etc/nginx/certs/<domain>.chain.pem`, where `<domain>` is the domain name in CA certificate chain at `/etc/nginx/certs/<domain>.chain.pem`, where `<domain>` is the domain name in
the `VIRTUAL_HOST` directive. The format of this file is a concatenation of the public PEM CA the `@proxy/virtualHost` directive. The format of this file is a concatenation of the public PEM CA
certificates starting with the intermediate CA most near the SSL certificate, down to the root CA. This is certificates starting with the intermediate CA most near the SSL certificate, down to the root CA. This is
often referred to as the "SSL Certificate Chain". If found, this filename is passed to the NGINX often referred to as the "SSL Certificate Chain". If found, this filename is passed to the NGINX
[`ssl_trusted_certificate` directive](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_trusted_certificate) [`ssl_trusted_certificate` directive](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_trusted_certificate)
@ -285,10 +287,10 @@ will allow a client browser to make a SSL connection (likely w/ a warning) and s
a 500. a 500.
To serve traffic in both SSL and non-SSL modes without redirecting to SSL, you can include the To serve traffic in both SSL and non-SSL modes without redirecting to SSL, you can include the
environment variable `HTTPS_METHOD=noredirect` (the default is `HTTPS_METHOD=redirect`). You can also label `@proxy/httsMethod=noredirect` (the default is `@proxy/httpsMethod=redirect`). You can also
disable the non-SSL site entirely with `HTTPS_METHOD=nohttp`, or disable the HTTPS site with disable the non-SSL site entirely with `@proxy/httpsMethod=nohttp`, or disable the HTTPS site with
`HTTPS_METHOD=nohttps`. `HTTPS_METHOD` must be specified on each container for which you want to `@proxy/httpsMethod=nohttps`. `@proxy/httpsMethod` must be specified on each container for which you want to
override the default behavior. If `HTTPS_METHOD=noredirect` is used, Strict Transport Security (HSTS) override the default behavior. If `@proxy/httpsMethod=noredirect` is used, Strict Transport Security (HSTS)
is disabled to prevent HTTPS users from being redirected by the client. If you cannot get to the HTTP is disabled to prevent HTTPS users from being redirected by the client. If you cannot get to the HTTP
site after changing this setting, your browser has probably cached the HSTS policy and is automatically site after changing this setting, your browser has probably cached the HSTS policy and is automatically
redirecting you back to HTTPS. You will need to clear your browser's HSTS cache or use an incognito redirecting you back to HTTPS. You will need to clear your browser's HSTS cache or use an incognito
@ -303,8 +305,8 @@ response is to clear your browser's HSTS cache.
### Basic Authentication Support ### Basic Authentication Support
In order to be able to secure your virtual host, you have to create a file named as its equivalent VIRTUAL_HOST variable on directory In order to be able to secure your virtual host, you have to create a file named as its equivalent @proxy/virtualHost variable on directory
/etc/nginx/htpasswd/$VIRTUAL_HOST /etc/nginx/htpasswd/${@proxy/virtualHost}
``` ```
$ docker run -d -p 80:80 -p 443:443 \ $ docker run -d -p 80:80 -p 443:443 \
@ -318,7 +320,7 @@ You'll need apache2-utils on the machine where you plan to create the htpasswd f
### Custom Nginx Configuration ### Custom Nginx Configuration
If you need to configure Nginx beyond what is possible using environment variables, you can provide custom configuration files on either a proxy-wide or per-`VIRTUAL_HOST` basis. If you need to configure Nginx beyond what is possible using environment variables, you can provide custom configuration files on either a proxy-wide or per-`@proxy/virtualHost` basis.
#### Replacing default proxy settings #### Replacing default proxy settings
@ -364,9 +366,9 @@ Or it can be done by mounting in your custom configuration in your `docker run`
$ docker run -d -p 80:80 -p 443:443 -v /path/to/my_proxy.conf:/etc/nginx/conf.d/my_proxy.conf:ro -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy $ docker run -d -p 80:80 -p 443:443 -v /path/to/my_proxy.conf:/etc/nginx/conf.d/my_proxy.conf:ro -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy
#### Per-VIRTUAL_HOST #### Per-virtualHost
To add settings on a per-`VIRTUAL_HOST` basis, add your configuration file under `/etc/nginx/vhost.d`. Unlike in the proxy-wide case, which allows multiple config files with any name ending in `.conf`, the per-`VIRTUAL_HOST` file must be named exactly after the `VIRTUAL_HOST`. To add settings on a per-`virtualHost` basis, add your configuration file under `/etc/nginx/vhost.d`. Unlike in the proxy-wide case, which allows multiple config files with any name ending in `.conf`, the per-`virtualHost` file must be named exactly after the `virtualHost`.
In order to allow virtual hosts to be dynamically configured as backends are added and removed, it makes the most sense to mount an external directory as `/etc/nginx/vhost.d` as opposed to using derived images or mounting individual configuration files. In order to allow virtual hosts to be dynamically configured as backends are added and removed, it makes the most sense to mount an external directory as `/etc/nginx/vhost.d` as opposed to using derived images or mounting individual configuration files.
@ -375,19 +377,19 @@ For example, if you have a virtual host named `app.example.com`, you could provi
$ docker run -d -p 80:80 -p 443:443 -v /path/to/vhost.d:/etc/nginx/vhost.d:ro -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy $ docker run -d -p 80:80 -p 443:443 -v /path/to/vhost.d:/etc/nginx/vhost.d:ro -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy
$ { echo 'server_tokens off;'; echo 'client_max_body_size 100m;'; } > /path/to/vhost.d/app.example.com $ { echo 'server_tokens off;'; echo 'client_max_body_size 100m;'; } > /path/to/vhost.d/app.example.com
If you are using multiple hostnames for a single container (e.g. `VIRTUAL_HOST=example.com,www.example.com`), the virtual host configuration file must exist for each hostname. If you would like to use the same configuration for multiple virtual host names, you can use a symlink: If you are using multiple hostnames for a single container (e.g. `virtualHost=example.com,www.example.com`), the virtual host configuration file must exist for each hostname. If you would like to use the same configuration for multiple virtual host names, you can use a symlink:
$ { echo 'server_tokens off;'; echo 'client_max_body_size 100m;'; } > /path/to/vhost.d/www.example.com $ { echo 'server_tokens off;'; echo 'client_max_body_size 100m;'; } > /path/to/vhost.d/www.example.com
$ ln -s /path/to/vhost.d/www.example.com /path/to/vhost.d/example.com $ ln -s /path/to/vhost.d/www.example.com /path/to/vhost.d/example.com
#### Per-VIRTUAL_HOST default configuration #### Per-@proxy/virtualHost default configuration
If you want most of your virtual hosts to use a default single configuration and then override on a few specific ones, add those settings to the `/etc/nginx/vhost.d/default` file. This file If you want most of your virtual hosts to use a default single configuration and then override on a few specific ones, add those settings to the `/etc/nginx/vhost.d/default` file. This file
will be used on any virtual host which does not have a `/etc/nginx/vhost.d/{VIRTUAL_HOST}` file associated with it. will be used on any virtual host which does not have a `/etc/nginx/vhost.d/{@proxy/virtualHost}` file associated with it.
#### Per-VIRTUAL_HOST location configuration #### Per-@proxy/virtualHost location configuration
To add settings to the "location" block on a per-`VIRTUAL_HOST` basis, add your configuration file under `/etc/nginx/vhost.d` To add settings to the "location" block on a per-`@proxy.virtualHost` basis, add your configuration file under `/etc/nginx/vhost.d`
just like the previous section except with the suffix `_location`. just like the previous section except with the suffix `_location`.
For example, if you have a virtual host named `app.example.com` and you have configured a proxy_cache `my-cache` in another custom file, you could tell it to use a proxy cache as follows: For example, if you have a virtual host named `app.example.com` and you have configured a proxy_cache `my-cache` in another custom file, you could tell it to use a proxy cache as follows:
@ -395,15 +397,15 @@ For example, if you have a virtual host named `app.example.com` and you have con
$ docker run -d -p 80:80 -p 443:443 -v /path/to/vhost.d:/etc/nginx/vhost.d:ro -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy $ docker run -d -p 80:80 -p 443:443 -v /path/to/vhost.d:/etc/nginx/vhost.d:ro -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy
$ { echo 'proxy_cache my-cache;'; echo 'proxy_cache_valid 200 302 60m;'; echo 'proxy_cache_valid 404 1m;' } > /path/to/vhost.d/app.example.com_location $ { echo 'proxy_cache my-cache;'; echo 'proxy_cache_valid 200 302 60m;'; echo 'proxy_cache_valid 404 1m;' } > /path/to/vhost.d/app.example.com_location
If you are using multiple hostnames for a single container (e.g. `VIRTUAL_HOST=example.com,www.example.com`), the virtual host configuration file must exist for each hostname. If you would like to use the same configuration for multiple virtual host names, you can use a symlink: If you are using multiple hostnames for a single container (e.g. `virtualHost=example.com,www.example.com`), the virtual host configuration file must exist for each hostname. If you would like to use the same configuration for multiple virtual host names, you can use a symlink:
$ { echo 'proxy_cache my-cache;'; echo 'proxy_cache_valid 200 302 60m;'; echo 'proxy_cache_valid 404 1m;' } > /path/to/vhost.d/app.example.com_location $ { echo 'proxy_cache my-cache;'; echo 'proxy_cache_valid 200 302 60m;'; echo 'proxy_cache_valid 404 1m;' } > /path/to/vhost.d/app.example.com_location
$ ln -s /path/to/vhost.d/www.example.com /path/to/vhost.d/example.com $ ln -s /path/to/vhost.d/www.example.com /path/to/vhost.d/example.com
#### Per-VIRTUAL_HOST location default configuration #### Per-virtualHost location default configuration
If you want most of your virtual hosts to use a default single `location` block configuration and then override on a few specific ones, add those settings to the `/etc/nginx/vhost.d/default_location` file. This file If you want most of your virtual hosts to use a default single `location` block configuration and then override on a few specific ones, add those settings to the `/etc/nginx/vhost.d/default_location` file. This file
will be used on any virtual host which does not have a `/etc/nginx/vhost.d/{VIRTUAL_HOST}_location` file associated with it. will be used on any virtual host which does not have a `/etc/nginx/vhost.d/{virtualHost}_location` file associated with it.
### Contributing ### Contributing

4
docker-compose-separate-containers.yml
View file

@ -19,5 +19,5 @@ services:
whoami: whoami:
image: jwilder/whoami image: jwilder/whoami
environment: labels:
- VIRTUAL_HOST=whoami.local '@proxy/virtualHost': whoami.local

6
docker-compose.yml
View file

@ -1,8 +1,8 @@
version: '2' version: '2'
services: services:
nginx-proxy: nginx-proxy:
image: jwilder/nginx-proxy image: jwilder/nginx-proxy
container_name: nginx-proxy
ports: ports:
- "80:80" - "80:80"
volumes: volumes:
@ -10,5 +10,5 @@ services:
whoami: whoami:
image: jwilder/whoami image: jwilder/whoami
environment: labels:
- VIRTUAL_HOST=whoami.local '@proxy/virtualHost': whoami.local

28
nginx.tmpl
View file

@ -115,7 +115,7 @@ server {
} }
{{ end }} {{ end }}
{{ range $host, $containers := groupByMulti $ "Env.VIRTUAL_HOST" "," }} {{ range $host, $containers := groupByMulti $ "Labels.@proxy/virtualHost" "," }}
{{ $host := trim $host }} {{ $host := trim $host }}
{{ $is_regexp := hasPrefix "~" $host }} {{ $is_regexp := hasPrefix "~" $host }}
@ -136,9 +136,9 @@ upstream {{ $upstream_name }} {
{{ if eq $addrLen 1 }} {{ if eq $addrLen 1 }}
{{ $address := index $container.Addresses 0 }} {{ $address := index $container.Addresses 0 }}
{{ template "upstream" (dict "Container" $container "Address" $address "Network" $containerNetwork) }} {{ template "upstream" (dict "Container" $container "Address" $address "Network" $containerNetwork) }}
{{/* If more than one port exposed, use the one matching VIRTUAL_PORT env var, falling back to standard web port 80 */}} {{/* If more than one port exposed, use the one matching @proxy/virtualPort label, falling back to standard web port 80 */}}
{{ else }} {{ else }}
{{ $port := coalesce $container.Env.VIRTUAL_PORT "80" }} {{ $port := coalesce $container.Labels "@proxy/virtualPort" "80" }}
{{ $address := where $container.Addresses "Port" $port | first }} {{ $address := where $container.Addresses "Port" $port | first }}
{{ template "upstream" (dict "Container" $container "Address" $address "Network" $containerNetwork) }} {{ template "upstream" (dict "Container" $container "Address" $address "Network" $containerNetwork) }}
{{ end }} {{ end }}
@ -154,27 +154,27 @@ upstream {{ $upstream_name }} {
{{ $default_host := or ($.Env.DEFAULT_HOST) "" }} {{ $default_host := or ($.Env.DEFAULT_HOST) "" }}
{{ $default_server := index (dict $host "" $default_host "default_server") $host }} {{ $default_server := index (dict $host "" $default_host "default_server") $host }}
{{/* Get the VIRTUAL_PROTO defined by containers w/ the same vhost, falling back to "http" */}} {{/* Get the @proxy/virtualProtocol defined by containers w/ the same vhost, falling back to "http" */}}
{{ $proto := trim (or (first (groupByKeys $containers "Env.VIRTUAL_PROTO")) "http") }} {{ $proto := trim (or (first (groupByKeys $containers "Labels.@proxy/virtualProtocol")) "http") }}
{{/* Get the NETWORK_ACCESS defined by containers w/ the same vhost, falling back to "external" */}} {{/* Get the NETWORK_ACCESS defined by containers w/ the same vhost, falling back to "external" */}}
{{ $network_tag := or (first (groupByKeys $containers "Env.NETWORK_ACCESS")) "external" }} {{ $network_tag := or (first (groupByKeys $containers "Labels.@proxy/networkAccess")) "external" }}
{{/* Get the HTTPS_METHOD defined by containers w/ the same vhost, falling back to "redirect" */}} {{/* Get the @proxy/httpsMethod defined by containers w/ the same vhost, falling back to "redirect" */}}
{{ $https_method := or (first (groupByKeys $containers "Env.HTTPS_METHOD")) "redirect" }} {{ $https_method := or (first (groupByKeys $containers "Labels.@proxy/httpsMethod")) "redirect" }}
{{/* Get the SSL_POLICY defined by containers w/ the same vhost, falling back to "Mozilla-Intermediate" */}} {{/* Get the SSL_POLICY defined by containers w/ the same vhost, falling back to "Mozilla-Intermediate" */}}
{{ $ssl_policy := or (first (groupByKeys $containers "Env.SSL_POLICY")) "Mozilla-Intermediate" }} {{ $ssl_policy := or (first (groupByKeys $containers "Labels.@proxy/sslPolicy")) "Mozilla-Intermediate" }}
{{/* Get the HSTS defined by containers w/ the same vhost, falling back to "max-age=31536000" */}} {{/* Get the HSTS defined by containers w/ the same vhost, falling back to "max-age=31536000" */}}
{{ $hsts := or (first (groupByKeys $containers "Env.HSTS")) "max-age=31536000" }} {{ $hsts := or (first (groupByKeys $containers "Labels.@proxy/HSTS")) "max-age=31536000" }}
{{/* Get the VIRTUAL_ROOT By containers w/ use fastcgi root */}} {{/* Get the @proxy/virtualRoot By containers w/ use fastcgi root */}}
{{ $vhost_root := or (first (groupByKeys $containers "Env.VIRTUAL_ROOT")) "/var/www/public" }} {{ $vhost_root := or (first (groupByKeys $containers "Labels.@proxy/virtualRoot")) "/var/www/public" }}
{{/* Get the first cert name defined by containers w/ the same vhost */}} {{/* Get the first cert name defined by containers w/ the same vhost */}}
{{ $certName := (first (groupByKeys $containers "Env.CERT_NAME")) }} {{ $certName := (first (groupByKeys $containers "Labels.@proxy/certificateName")) }}
{{/* Get the best matching cert by name for the vhost. */}} {{/* Get the best matching cert by name for the vhost. */}}
{{ $vhostCert := (closest (dir "/etc/nginx/certs") (printf "%s.crt" $host))}} {{ $vhostCert := (closest (dir "/etc/nginx/certs") (printf "%s.crt" $host))}}
@ -358,4 +358,4 @@ server {
{{ end }} {{ end }}
{{ end }} {{ end }}
{{ end }} {{ end }}

3
test/stress_tests/test_deleted_cert/docker-compose.yml
View file

@ -4,7 +4,8 @@ web:
- "81" - "81"
environment: environment:
WEB_PORTS: 81 WEB_PORTS: 81
VIRTUAL_HOST: web.nginx-proxy labels:
'@proxy/virtualHost': web.nginx-proxy
reverseproxy: reverseproxy:

2
test/stress_tests/test_unreachable_network/README.md
View file

@ -1,6 +1,6 @@
# nginx-proxy template is not considered when a container is not reachable # nginx-proxy template is not considered when a container is not reachable
Having a container with the `VIRTUAL_HOST` environment variable set but on a network not reachable from the nginx-proxy container will result in nginx-proxy serving the default nginx welcome page for all requests. Having a container with the `@proxy/virtualHost` label set but on a network not reachable from the nginx-proxy container will result in nginx-proxy serving the default nginx welcome page for all requests.
Furthermore, if the nginx-proxy in such state is restarted, the nginx process will crash and the container stops. Furthermore, if the nginx-proxy in such state is restarted, the nginx process will crash and the container stops.

6
test/stress_tests/test_unreachable_network/docker-compose.yml
View file

@ -21,7 +21,8 @@ services:
- 81 - 81
environment: environment:
WEB_PORTS: 81 WEB_PORTS: 81
VIRTUAL_HOST: webA.nginx-proxy labels:
'@proxy/virtualHost': webA.nginx-proxy
webB: webB:
networks: networks:
@ -31,5 +32,6 @@ services:
- 82 - 82
environment: environment:
WEB_PORTS: 82 WEB_PORTS: 82
VIRTUAL_HOST: webB.nginx-proxy labels:
'@proxy/virtualHost': webB.nginx-proxy

6
test/test_DOCKER_HOST_unix_socket.yml
View file

@ -4,7 +4,8 @@ web1:
- "81" - "81"
environment: environment:
WEB_PORTS: 81 WEB_PORTS: 81
VIRTUAL_HOST: web1.nginx-proxy.tld labels:
'@proxy/virtualHost': web1.nginx-proxy.tld
web2: web2:
image: web image: web
@ -12,7 +13,8 @@ web2:
- "82" - "82"
environment: environment:
WEB_PORTS: 82 WEB_PORTS: 82
VIRTUAL_HOST: web2.nginx-proxy.tld labels:
'@proxy/virtualHost': web2.nginx-proxy.tld
sut: sut:

3
test/test_composev2.yml
View file

@ -12,4 +12,5 @@ services:
- "81" - "81"
environment: environment:
WEB_PORTS: 81 WEB_PORTS: 81
VIRTUAL_HOST: web.nginx-proxy.local labels:
'@proxy/virtualHost': web.nginx-proxy.local

9
test/test_custom/test_defaults-location.yml
View file

@ -12,7 +12,8 @@ web1:
- "81" - "81"
environment: environment:
WEB_PORTS: 81 WEB_PORTS: 81
VIRTUAL_HOST: web1.nginx-proxy.local labels:
'@proxy/virtualHost': web1.nginx-proxy.local
web2: web2:
image: web image: web
@ -20,7 +21,8 @@ web2:
- "82" - "82"
environment: environment:
WEB_PORTS: 82 WEB_PORTS: 82
VIRTUAL_HOST: web2.nginx-proxy.local labels:
'@proxy/virtualHost': web2.nginx-proxy.local
web3: web3:
image: web image: web
@ -28,4 +30,5 @@ web3:
- "83" - "83"
environment: environment:
WEB_PORTS: 83 WEB_PORTS: 83
VIRTUAL_HOST: web3.nginx-proxy.local labels:
'@proxy/virtualHost': web3.nginx-proxy.local

6
test/test_custom/test_defaults.yml
View file

@ -13,7 +13,8 @@ services:
- "81" - "81"
environment: environment:
WEB_PORTS: 81 WEB_PORTS: 81
VIRTUAL_HOST: web1.nginx-proxy.local labels:
'@proxy/virtualHost': web1.nginx-proxy.local
web2: web2:
image: web image: web
@ -21,4 +22,5 @@ services:
- "82" - "82"
environment: environment:
WEB_PORTS: 82 WEB_PORTS: 82
VIRTUAL_HOST: web2.nginx-proxy.local labels:
'@proxy/virtualHost': web2.nginx-proxy.local

6
test/test_custom/test_location-per-vhost.yml
View file

@ -13,7 +13,8 @@ services:
- "81" - "81"
environment: environment:
WEB_PORTS: 81 WEB_PORTS: 81
VIRTUAL_HOST: web1.nginx-proxy.local labels:
'@proxy/virtualHost': web1.nginx-proxy.local
web2: web2:
image: web image: web
@ -21,4 +22,5 @@ services:
- "82" - "82"
environment: environment:
WEB_PORTS: 82 WEB_PORTS: 82
VIRTUAL_HOST: web2.nginx-proxy.local labels:
'@proxy/virtualHost': web2.nginx-proxy.local

6
test/test_custom/test_per-vhost.yml
View file

@ -13,7 +13,8 @@ services:
- "81" - "81"
environment: environment:
WEB_PORTS: 81 WEB_PORTS: 81
VIRTUAL_HOST: web1.nginx-proxy.local labels:
'@proxy/virtualHost': web1.nginx-proxy.local
web2: web2:
image: web image: web
@ -21,4 +22,5 @@ services:
- "82" - "82"
environment: environment:
WEB_PORTS: 82 WEB_PORTS: 82
VIRTUAL_HOST: web2.nginx-proxy.local labels:
'@proxy/virtualHost': web2.nginx-proxy.local

6
test/test_custom/test_proxy-wide.yml
View file

@ -13,7 +13,8 @@ services:
- "81" - "81"
environment: environment:
WEB_PORTS: 81 WEB_PORTS: 81
VIRTUAL_HOST: web1.nginx-proxy.local labels:
'@proxy/virtualHost': web1.nginx-proxy.local
web2: web2:
image: web image: web
@ -21,4 +22,5 @@ services:
- "82" - "82"
environment: environment:
WEB_PORTS: 82 WEB_PORTS: 82
VIRTUAL_HOST: web2.nginx-proxy.local labels:
'@proxy/virtualHost': web2.nginx-proxy.local

5
test/test_default-host.yml
View file

@ -1,11 +1,12 @@
# GIVEN a webserver with VIRTUAL_HOST set to web1.tld # GIVEN a webserver with @proxy/virtualHost set to web1.tld
web1: web1:
image: web image: web
expose: expose:
- "81" - "81"
environment: environment:
WEB_PORTS: 81 WEB_PORTS: 81
VIRTUAL_HOST: web1.tld labels:
'@proxy/virtualHost': web1.tld
# WHEN nginx-proxy runs with DEFAULT_HOST set to web1.tld # WHEN nginx-proxy runs with DEFAULT_HOST set to web1.tld

3
test/test_dockergen/test_dockergen_v2.yml
View file

@ -24,4 +24,5 @@ services:
- "80" - "80"
environment: environment:
WEB_PORTS: 80 WEB_PORTS: 80
VIRTUAL_HOST: whoami.nginx.container.docker labels:
'@proxy/virtualHost': whoami.nginx.container.docker

3
test/test_dockergen/test_dockergen_v3.yml
View file

@ -22,7 +22,8 @@ services:
- "80" - "80"
environment: environment:
WEB_PORTS: 80 WEB_PORTS: 80
VIRTUAL_HOST: whoami.nginx.container.docker labels:
'@proxy/virtualHost': whoami.nginx.container.docker
volumes: volumes:
nginx_conf: {} nginx_conf: {}

6
test/test_events.py
View file

@ -10,7 +10,7 @@ from docker.errors import NotFound
@pytest.yield_fixture() @pytest.yield_fixture()
def web1(docker_compose): def web1(docker_compose):
""" """
pytest fixture creating a web container with `VIRTUAL_HOST=web1.nginx-proxy` listening on port 81. pytest fixture creating a web container with `@proxy/virtualHost=web1.nginx-proxy` listening on port 81.
""" """
container = docker_compose.containers.run( container = docker_compose.containers.run(
name="web1", name="web1",
@ -18,7 +18,9 @@ def web1(docker_compose):
detach=True, detach=True,
environment={ environment={
"WEB_PORTS": "81", "WEB_PORTS": "81",
"VIRTUAL_HOST": "web1.nginx-proxy" },
labels={
"@proxy/virtualHost": "web1.nginx-proxy"
}, },
ports={"81/tcp": None} ports={"81/tcp": None}
) )

3
test/test_headers/test_http.yml
View file

@ -4,7 +4,8 @@ web:
- "80" - "80"
environment: environment:
WEB_PORTS: 80 WEB_PORTS: 80
VIRTUAL_HOST: web.nginx-proxy.tld labels:
'@proxy/virtualHost': web.nginx-proxy.tld
sut: sut:

3
test/test_headers/test_https.yml
View file

@ -4,7 +4,8 @@ web:
- "80" - "80"
environment: environment:
WEB_PORTS: 80 WEB_PORTS: 80
VIRTUAL_HOST: web.nginx-proxy.tld labels:
'@proxy/virtualHost': web.nginx-proxy.tld
sut: sut:

6
test/test_ipv6.yml
View file

@ -4,7 +4,8 @@ web1:
- "81" - "81"
environment: environment:
WEB_PORTS: 81 WEB_PORTS: 81
VIRTUAL_HOST: web1.nginx-proxy.tld labels:
'@proxy/virtualHost': web1.nginx-proxy.tld
web2: web2:
image: web image: web
@ -12,7 +13,8 @@ web2:
- "82" - "82"
environment: environment:
WEB_PORTS: 82 WEB_PORTS: 82
VIRTUAL_HOST: web2.nginx-proxy.tld labels:
'@proxy/virtualHost': web2.nginx-proxy.tld
sut: sut:

3
test/test_multiple-hosts.yml
View file

@ -4,7 +4,8 @@ web:
- "81" - "81"
environment: environment:
WEB_PORTS: 81 WEB_PORTS: 81
VIRTUAL_HOST: webA.nginx-proxy.tld,webB.nginx-proxy.tld labels:
'@proxy/virtualHost': webA.nginx-proxy.tld,webB.nginx-proxy.tld
sut: sut:

6
test/test_multiple-networks.yml
View file

@ -20,7 +20,8 @@ services:
- "81" - "81"
environment: environment:
WEB_PORTS: 81 WEB_PORTS: 81
VIRTUAL_HOST: web1.nginx-proxy.local labels:
'@proxy/virtualHost': web1.nginx-proxy.local
networks: networks:
- net1 - net1
@ -30,6 +31,7 @@ services:
- "82" - "82"
environment: environment:
WEB_PORTS: 82 WEB_PORTS: 82
VIRTUAL_HOST: web2.nginx-proxy.local labels:
'@proxy/virtualHost': web2.nginx-proxy.local
networks: networks:
- net2 - net2

5
test/test_multiple-ports/test_VIRTUAL_PORT.yml
View file

@ -5,8 +5,9 @@ web:
- "90" - "90"
environment: environment:
WEB_PORTS: "80 90" WEB_PORTS: "80 90"
VIRTUAL_HOST: "web.nginx-proxy.tld" labels:
VIRTUAL_PORT: 90 '@proxy/virtualHost': "web.nginx-proxy.tld"
'@proxy/virtualPort': "90"
sut: sut:
image: jwilder/nginx-proxy:test image: jwilder/nginx-proxy:test

3
test/test_multiple-ports/test_default-80.yml
View file

@ -5,7 +5,8 @@ web:
- "81" - "81"
environment: environment:
WEB_PORTS: "80 81" WEB_PORTS: "80 81"
VIRTUAL_HOST: "web.nginx-proxy.tld" labels:
'@proxy/virtualHost': "web.nginx-proxy.tld"
sut: sut:
image: jwilder/nginx-proxy:test image: jwilder/nginx-proxy:test

3
test/test_multiple-ports/test_single-port-not-80.yml
View file

@ -4,7 +4,8 @@ web:
- "81" - "81"
environment: environment:
WEB_PORTS: "81" WEB_PORTS: "81"
VIRTUAL_HOST: "web.nginx-proxy.tld" labels:
'@proxy/virtualHost': "web.nginx-proxy.tld"
sut: sut:

6
test/test_nominal.yml
View file

@ -4,7 +4,8 @@ web1:
- "81" - "81"
environment: environment:
WEB_PORTS: 81 WEB_PORTS: 81
VIRTUAL_HOST: web1.nginx-proxy.tld labels:
'@proxy/virtualHost': web1.nginx-proxy.tld
web2: web2:
image: web image: web
@ -12,7 +13,8 @@ web2:
- "82" - "82"
environment: environment:
WEB_PORTS: 82 WEB_PORTS: 82
VIRTUAL_HOST: web2.nginx-proxy.tld labels:
'@proxy/virtualHost': web2.nginx-proxy.tld
sut: sut:

3
test/test_ssl/test_dhparam.yml
View file

@ -4,7 +4,8 @@ web5:
- "85" - "85"
environment: environment:
WEB_PORTS: "85" WEB_PORTS: "85"
VIRTUAL_HOST: "web5.nginx-proxy.tld" labels:
'@proxy/virtualHost': "web5.nginx-proxy.tld"
sut: sut:

20
test/test_ssl/test_hsts.yml
View file

@ -4,7 +4,8 @@ web1:
- "81" - "81"
environment: environment:
WEB_PORTS: "81" WEB_PORTS: "81"
VIRTUAL_HOST: "web1.nginx-proxy.tld" labels:
'@proxy/virtualHost': "web1.nginx-proxy.tld"
web2: web2:
image: web image: web
@ -12,8 +13,9 @@ web2:
- "81" - "81"
environment: environment:
WEB_PORTS: "81" WEB_PORTS: "81"
VIRTUAL_HOST: "web2.nginx-proxy.tld" labels:
HSTS: "off" '@proxy/virtualHost': "web2.nginx-proxy.tld"
'@proxy/HSTS': "off"
web3: web3:
image: web image: web
@ -21,8 +23,9 @@ web3:
- "81" - "81"
environment: environment:
WEB_PORTS: "81" WEB_PORTS: "81"
VIRTUAL_HOST: "web3.nginx-proxy.tld" labels:
HSTS: "max-age=86400; includeSubDomains; preload" '@proxy/virtualHost': "web3.nginx-proxy.tld"
'@proxy/HSTS': "max-age=86400; includeSubDomains; preload"
web4: web4:
image: web image: web
@ -30,9 +33,10 @@ web4:
- "81" - "81"
environment: environment:
WEB_PORTS: "81" WEB_PORTS: "81"
VIRTUAL_HOST: "web4.nginx-proxy.tld" labels:
HSTS: "off" '@proxy/virtualHost': "web4.nginx-proxy.tld"
HTTPS_METHOD: "noredirect" '@proxy/HSTS': "off"
'@proxy/httpsMethod': "noredirect"
sut: sut:
image: jwilder/nginx-proxy:test image: jwilder/nginx-proxy:test

5
test/test_ssl/test_nohttp.yml
View file

@ -4,8 +4,9 @@ web2:
- "82" - "82"
environment: environment:
WEB_PORTS: "82" WEB_PORTS: "82"
VIRTUAL_HOST: "web2.nginx-proxy.tld" labels:
HTTPS_METHOD: nohttp '@proxy/virtualHost': "web2.nginx-proxy.tld"
'@proxy/httpsMethod': nohttp
sut: sut:

5
test/test_ssl/test_nohttps.yml
View file

@ -4,8 +4,9 @@ web:
- "83" - "83"
environment: environment:
WEB_PORTS: "83" WEB_PORTS: "83"
VIRTUAL_HOST: "web.nginx-proxy.tld" labels:
HTTPS_METHOD: nohttps '@proxy/virtualHost': "web.nginx-proxy.tld"
'@proxy/httpsMethod': nohttps
sut: sut:

5
test/test_ssl/test_noredirect.yml
View file

@ -4,8 +4,9 @@ web3:
- "83" - "83"
environment: environment:
WEB_PORTS: "83" WEB_PORTS: "83"
VIRTUAL_HOST: "web3.nginx-proxy.tld" labels:
HTTPS_METHOD: noredirect '@proxy/virtualHost': "web3.nginx-proxy.tld"
'@proxy/httpsMethod': noredirect
sut: sut:

3
test/test_ssl/test_wildcard.yml
View file

@ -4,7 +4,8 @@ web1:
- "81" - "81"
environment: environment:
WEB_PORTS: "81" WEB_PORTS: "81"
VIRTUAL_HOST: "*.nginx-proxy.tld" labels:
'@proxy/virtualHost': "*.nginx-proxy.tld"
sut: sut:
image: jwilder/nginx-proxy:test image: jwilder/nginx-proxy:test

2
test/test_ssl/wildcard_cert_and_nohttps/README.md
View file

@ -3,4 +3,4 @@ In this scenario, we have a wildcard certificate for `*.web.nginx-proxy.tld` and
- 2.web.nginx-proxy.tld - 2.web.nginx-proxy.tld
- 3.web.nginx-proxy.tld - 3.web.nginx-proxy.tld
We want web containers 1 and 2 to support SSL, but 3 should not (using `HTTPS_METHOD=nohttps`) We want web containers 1 and 2 to support SSL, but 3 should not (using `@proxy/httpsMethod=nohttps`)

11
test/test_ssl/wildcard_cert_and_nohttps/docker-compose.yml
View file

@ -15,14 +15,16 @@ services:
- "81" - "81"
environment: environment:
WEB_PORTS: "81" WEB_PORTS: "81"
VIRTUAL_HOST: "1.web.nginx-proxy.tld" labels:
'@proxy/virtualHost': "1.web.nginx-proxy.tld"
web2: web2:
image: web image: web
expose: expose:
- "82" - "82"
environment: environment:
WEB_PORTS: "82" WEB_PORTS: "82"
VIRTUAL_HOST: "2.web.nginx-proxy.tld" labels:
'@proxy/virtualHost': "2.web.nginx-proxy.tld"
web3_nohttps: web3_nohttps:
image: web image: web
@ -30,5 +32,6 @@ services:
- "83" - "83"
environment: environment:
WEB_PORTS: "83" WEB_PORTS: "83"
VIRTUAL_HOST: "3.web.nginx-proxy.tld" labels:
HTTPS_METHOD: nohttps '@proxy/virtualHost': "3.web.nginx-proxy.tld"
'@proxy/httpsMethod': nohttps

12
test/test_wildcard_host.yml
View file

@ -4,7 +4,8 @@ web1:
- "81" - "81"
environment: environment:
WEB_PORTS: "81" WEB_PORTS: "81"
VIRTUAL_HOST: "*.nginx-proxy.test" labels:
'@proxy/virtualHost': "*.nginx-proxy.test"
web2: web2:
image: web image: web
@ -12,7 +13,8 @@ web2:
- "82" - "82"
environment: environment:
WEB_PORTS: "82" WEB_PORTS: "82"
VIRTUAL_HOST: "test.nginx-proxy.*" labels:
'@proxy/virtualHost': "test.nginx-proxy.*"
web3: web3:
image: web image: web
@ -20,7 +22,8 @@ web3:
- "83" - "83"
environment: environment:
WEB_PORTS: "83" WEB_PORTS: "83"
VIRTUAL_HOST: ~^web3\..*\.nginx-proxy\.regexp labels:
'@proxy/virtualHost': ~^web3\..*\.nginx-proxy\.regexp
web4: web4:
image: web image: web
@ -28,7 +31,8 @@ web4:
- "84" - "84"
environment: environment:
WEB_PORTS: "84" WEB_PORTS: "84"
VIRTUAL_HOST: ~^web4\..*\.nginx-proxy\.regexp$$ # we need to double the `$` because of docker-compose variable interpolation labels:
'@proxy/virtualHost': ~^web4\..*\.nginx-proxy\.regexp$$ # we need to double the `$` because of docker-compose variable interpolation
sut: sut: