Fabio/nginx-proxy-auto-docker
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Merge 4e884e2258 into 23a2c7d848

Browse source
This commit is contained in:
neil 2017-06-04 13:37:59 +00:00 committed by GitHub
commit 6285a64264
5 changed files with 75 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
Dockerfile
View file

@ -6,9 +6,15 @@ RUN apt-get update \
&& apt-get install -y -q --no-install-recommends \ && apt-get install -y -q --no-install-recommends \
ca-certificates \ ca-certificates \
wget \ wget \
cron \
&& apt-get clean \ && apt-get clean \
&& rm -r /var/lib/apt/lists/* && rm -r /var/lib/apt/lists/*
ENV AUTO_UPGRADE=1
ENV LE_WORKING_DIR=/acme.sh
ENV LE_CONFIG_HOME=/acmecerts
RUN wget -O- https://get.acme.sh | sh
# Configure Nginx and apply fix for very long server names # Configure Nginx and apply fix for very long server names
RUN echo "daemon off;" >> /etc/nginx/nginx.conf \ RUN echo "daemon off;" >> /etc/nginx/nginx.conf \
&& sed -i 's/^http {/&\n server_names_hash_bucket_size 128;/g' /etc/nginx/nginx.conf && sed -i 's/^http {/&\n server_names_hash_bucket_size 128;/g' /etc/nginx/nginx.conf
@ -30,5 +36,8 @@ ENV DOCKER_HOST unix:///tmp/docker.sock
VOLUME ["/etc/nginx/certs"] VOLUME ["/etc/nginx/certs"]
VOLUME ["/acmecerts"]
EXPOSE 443
ENTRYPOINT ["/app/docker-entrypoint.sh"] ENTRYPOINT ["/app/docker-entrypoint.sh"]
CMD ["forego", "start", "-r"] CMD ["forego", "start", "-r"]

4
Procfile
View file

@ -1,2 +1,4 @@
dockergen: docker-gen -watch -notify "nginx -s reload" /app/nginx.tmpl /etc/nginx/conf.d/default.conf dockergen: docker-gen -watch -notify "/app/updatessl.sh updatessl" /app/nginx.tmpl /etc/nginx/conf.d/default.conf
nginx: nginx nginx: nginx
cron: cron && tail -f /dev/null

9
README.md
View file

@ -149,7 +149,14 @@ Finally, start your containers with `VIRTUAL_HOST` environment variables.
$ docker run -e VIRTUAL_HOST=foo.bar.com ... $ docker run -e VIRTUAL_HOST=foo.bar.com ...
### SSL Support using letsencrypt ### SSL Support using letsencrypt
[letsencrypt-nginx-proxy-companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion) is a lightweight companion container for the nginx-proxy. It allow the creation/renewal of Let's Encrypt certificates automatically. Just set `ENABLE_ACME` to `true`:
```
docker run -e VIRTUAL_HOST=foo.bar.com -e ENABLE_ACME=true ...
```
It will generate the certs from letsencrypt and renew the cert in future automatically.
### SSL Support ### SSL Support

20
nginx.tmpl
View file

@ -98,12 +98,22 @@ server {
} }
{{ end }} {{ end }}
{{ range $host, $containers := groupByMulti $ "Env.VIRTUAL_HOST" "," }} {{ range $host_list, $containers := groupBy $ "Env.VIRTUAL_HOST" }}
{{ $sl := split $host_list "," }}
{{ $host := index $sl 0 }}
{{ $is_regexp := hasPrefix "~" $host }} {{ $is_regexp := hasPrefix "~" $host }}
{{ $upstream_name := when $is_regexp (sha1 $host) $host }} {{ $upstream_name := when $is_regexp (sha1 $host) $host }}
# {{ $host }} # {{ $host }}
upstream {{ $upstream_name }} { upstream {{ $upstream_name }} {
{{ range $container := $containers }} {{ range $container := $containers }}
{{ $enable_acme := eq (or ($container.Env.ENABLE_ACME) "") "true" }}
{{ if $enable_acme }}
#ACME_DOMAINS {{$host_list}}
{{ end }}
{{ $addrLen := len $container.Addresses }} {{ $addrLen := len $container.Addresses }}
{{ range $knownNetwork := $CurrentContainer.Networks }} {{ range $knownNetwork := $CurrentContainer.Networks }}
@ -155,7 +165,7 @@ upstream {{ $upstream_name }} {
{{ if eq $https_method "redirect" }} {{ if eq $https_method "redirect" }}
server { server {
server_name {{ $host }}; server_name {{ replace $host_list "," " " -1 }};
listen 80 {{ $default_server }}; listen 80 {{ $default_server }};
{{ if $enable_ipv6 }} {{ if $enable_ipv6 }}
listen [::]:80 {{ $default_server }}; listen [::]:80 {{ $default_server }};
@ -166,7 +176,7 @@ server {
{{ end }} {{ end }}
server { server {
server_name {{ $host }}; server_name {{ replace $host_list "," " " -1 }};
listen 443 ssl http2 {{ $default_server }}; listen 443 ssl http2 {{ $default_server }};
{{ if $enable_ipv6 }} {{ if $enable_ipv6 }}
listen [::]:443 ssl http2 {{ $default_server }}; listen [::]:443 ssl http2 {{ $default_server }};
@ -222,7 +232,7 @@ server {
{{ if or (not $is_https) (eq $https_method "noredirect") }} {{ if or (not $is_https) (eq $https_method "noredirect") }}
server { server {
server_name {{ $host }}; server_name {{ replace $host_list "," " " -1 }};
listen 80 {{ $default_server }}; listen 80 {{ $default_server }};
{{ if $enable_ipv6 }} {{ if $enable_ipv6 }}
listen [::]:80 {{ $default_server }}; listen [::]:80 {{ $default_server }};
@ -256,7 +266,7 @@ server {
{{ if (and (not $is_https) (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }} {{ if (and (not $is_https) (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }}
server { server {
server_name {{ $host }}; server_name {{ replace $host_list "," " " -1 }};
listen 443 ssl http2 {{ $default_server }}; listen 443 ssl http2 {{ $default_server }};
{{ if $enable_ipv6 }} {{ if $enable_ipv6 }}
listen [::]:443 ssl http2 {{ $default_server }}; listen [::]:443 ssl http2 {{ $default_server }};

40
updatessl.sh Executable file
View file

@ -0,0 +1,40 @@
#!/usr/bin/env sh
_SCRIPT_="$0"
ACME_BIN="/acme.sh/acme.sh --home /acme.sh --config-home /acmecerts"
DEFAULT_CONF="/etc/nginx/conf.d/default.conf"
CERTS="/etc/nginx/certs"
updatessl() {
if grep ACME_DOMAINS $DEFAULT_CONF ; then
for d_list in $(grep ACME_DOMAINS $DEFAULT_CONF | cut -d ' ' -f 2);
do
d=$(echo "$d_list" | cut -d , -f 1)
$ACME_BIN --issue \
-d $d_list \
--nginx \
--fullchain-file "$CERTS/$d.crt" \
--key-file "$CERTS/$d.key" \
--reloadcmd "service nginx configtest && service nginx force-reload"
done
#generate nginx conf again.
docker-gen /app/nginx.tmpl /etc/nginx/conf.d/default.conf
else
echo "skip updatessl"
fi
service nginx configtest && service nginx force-reload
}
"$@"