From 5ce4f5fd5da04e941d3b474fe884ac2b9a32c487 Mon Sep 17 00:00:00 2001 From: Thiago Trennepohl Date: Fri, 1 Jul 2016 18:59:54 -0300 Subject: [PATCH 01/11] Increse max upload size --- nginx.tmpl | 1 + 1 file changed, 1 insertion(+) diff --git a/nginx.tmpl b/nginx.tmpl index eb00afe..9332800 100644 --- a/nginx.tmpl +++ b/nginx.tmpl @@ -51,6 +51,7 @@ proxy_set_header Connection $proxy_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; +client_max_body_size 10M; {{ end }} server { From e1a47c1395db91ca9af412dde8e6261922ec519a Mon Sep 17 00:00:00 2001 From: Thiago Trennepohl Date: Wed, 6 Jul 2016 15:34:07 -0300 Subject: [PATCH 02/11] Add configs for tunning --- nginx.tmpl | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/nginx.tmpl b/nginx.tmpl index 9332800..2a12aa7 100644 --- a/nginx.tmpl +++ b/nginx.tmpl @@ -51,7 +51,17 @@ proxy_set_header Connection $proxy_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; +#Tunning client_max_body_size 10M; +worker_processes = auto; +worker_rlimit_nofile 100000; +gzip on; +gzip_min_length 10240; +gzip_proxied expired no-cache no-store private auth; +gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml; +gzip_disable "MSIE [1-6]\."; + + {{ end }} server { From 37fed880e47ce2cc17ddf495e147293096325ae6 Mon Sep 17 00:00:00 2001 From: Thiago Trennepohl Date: Thu, 7 Jul 2016 15:52:56 -0300 Subject: [PATCH 03/11] Undo some tunning configs --- nginx.tmpl | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/nginx.tmpl b/nginx.tmpl index 2a12aa7..275a2c8 100644 --- a/nginx.tmpl +++ b/nginx.tmpl @@ -51,15 +51,7 @@ proxy_set_header Connection $proxy_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; -#Tunning -client_max_body_size 10M; -worker_processes = auto; -worker_rlimit_nofile 100000; -gzip on; -gzip_min_length 10240; -gzip_proxied expired no-cache no-store private auth; -gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml; -gzip_disable "MSIE [1-6]\."; + {{ end }} From 656482b293bcfc83e8b602ffd052b667cf830ad1 Mon Sep 17 00:00:00 2001 From: Thiago Trennepohl Date: Thu, 14 Jul 2016 18:34:46 -0300 Subject: [PATCH 04/11] Rollback changes --- nginx.tmpl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nginx.tmpl b/nginx.tmpl index 275a2c8..879b040 100644 --- a/nginx.tmpl +++ b/nginx.tmpl @@ -51,6 +51,8 @@ proxy_set_header Connection $proxy_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; +upload_max_filesize = 40M +post_max_size = 40M From a125379e3a0e0cf705a3dac6c4f2b99d9e62ac86 Mon Sep 17 00:00:00 2001 From: Thiago Trennepohl Date: Fri, 15 Jul 2016 10:30:33 -0300 Subject: [PATCH 05/11] d --- nginx.tmpl | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/nginx.tmpl b/nginx.tmpl index 879b040..5c5aa8a 100644 --- a/nginx.tmpl +++ b/nginx.tmpl @@ -51,9 +51,7 @@ proxy_set_header Connection $proxy_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; -upload_max_filesize = 40M -post_max_size = 40M - +upload_max_filesize = 40M; {{ end }} From 92ef6baab91a7014e6ae66068f25aacdea43ae06 Mon Sep 17 00:00:00 2001 From: Thiago Trennepohl Date: Fri, 15 Jul 2016 10:45:24 -0300 Subject: [PATCH 06/11] Update worng directive --- nginx.tmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx.tmpl b/nginx.tmpl index 5c5aa8a..4ed27b9 100644 --- a/nginx.tmpl +++ b/nginx.tmpl @@ -51,7 +51,7 @@ proxy_set_header Connection $proxy_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; -upload_max_filesize = 40M; +client_max_body_size = 40M; {{ end }} From be5703e11440a3e0c2a691bda5cfbb146021f4dd Mon Sep 17 00:00:00 2001 From: Thiago Trennepohl Date: Fri, 15 Jul 2016 10:56:52 -0300 Subject: [PATCH 07/11] Fix typo,removing equals from client_max_body_size --- nginx.tmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx.tmpl b/nginx.tmpl index 4ed27b9..e3f20b9 100644 --- a/nginx.tmpl +++ b/nginx.tmpl @@ -51,7 +51,7 @@ proxy_set_header Connection $proxy_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; -client_max_body_size = 40M; +client_max_body_size 30M; {{ end }} From ecefb0ceb562f518cde4d1fec0170ee7b859570b Mon Sep 17 00:00:00 2001 From: Thiago Trennepohl Date: Wed, 20 Jul 2016 13:36:10 -0300 Subject: [PATCH 08/11] Add Websocket configs to the template --- nginx.tmpl | 47 +++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 45 insertions(+), 2 deletions(-) diff --git a/nginx.tmpl b/nginx.tmpl index e3f20b9..f49a37b 100644 --- a/nginx.tmpl +++ b/nginx.tmpl @@ -37,7 +37,6 @@ log_format vhost '$host $remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent"'; -access_log off; {{ if (exists "/etc/nginx/proxy.conf") }} include /etc/nginx/proxy.conf; @@ -59,7 +58,7 @@ client_max_body_size 30M; server { server_name _; # This is just an invalid value which will never trigger on a real hostname. listen 80; - access_log /var/log/nginx/access.log vhost; + access_log /var/log/nginx/access.log; return 503; } @@ -102,6 +101,50 @@ upstream {{ $host }} { {{ end }} } +{{ $websocket := or (first (groupByKeys $containers "Env.WEBSOCKET")) "nowebsocket" }} + +{{if eq $websocket "true" }} +upstream ws.{{ $host }} { +{{ range $container := $containers }} + {{ $addrLen := len $container.Addresses }} + + {{ range $knownNetwork := $CurrentContainer.Networks }} + {{ range $containerNetwork := $container.Networks }} + {{ if eq $knownNetwork.Name $containerNetwork.Name }} + ## Can be connect with "{{ $containerNetwork.Name }}" network + + {{/* If only 1 port exposed, use that */}} + {{ if eq $addrLen 1 }} + {{ $address := index $container.Addresses 0 }} + {{ template "upstream" (dict "Container" $container "Address" $address "Network" $containerNetwork) }} + {{/* If more than one port exposed, use the one matching VIRTUAL_PORT env var, falling back to standard web port 80 */}} + {{ else }} + {{ $port := coalesce $container.Env.VIRTUAL_PORT "80" }} + {{ $address := where $container.Addresses "Port" $port | first }} + {{ template "upstream" (dict "Container" $container "Address" $address "Network" $containerNetwork) }} + {{ end }} + {{ end }} + {{ end }} + {{ end }} +{{ end }} +} + +server { + server_name ws.{{ $host }}; + listen 80; + access_log /var/log/nginx/access.log; + + + + location / { + proxy_pass http://ws.{{ trim $host }}/websocketmobile/; + proxy_redirect $host /websocketmobile/; + } +} + +{{ end }} + + {{ $default_host := or ($.Env.DEFAULT_HOST) "" }} {{ $default_server := index (dict $host "" $default_host "default_server") $host }} From 3d7397fbed15d1484ada33728a52b9d3a64e46f4 Mon Sep 17 00:00:00 2001 From: Thiago Trennepohl Date: Sat, 30 Jul 2016 15:01:58 -0300 Subject: [PATCH 09/11] Set up error pages for AgileProxy --- nginx.tmpl | 41 +++++++++++++++++++++++++++++++++++++---- 1 file changed, 37 insertions(+), 4 deletions(-) diff --git a/nginx.tmpl b/nginx.tmpl index f49a37b..01c5afd 100644 --- a/nginx.tmpl +++ b/nginx.tmpl @@ -51,15 +51,20 @@ proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; client_max_body_size 30M; - - {{ end }} server { server_name _; # This is just an invalid value which will never trigger on a real hostname. listen 80; access_log /var/log/nginx/access.log; - return 503; + error_page 500 501 502 503 504 /custom_50x.html; + location / { + return 503; + } + location = /custom_50x.html{ + internal; + root /usr/share/nginx/html; + } } {{ if (and (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }} @@ -67,7 +72,14 @@ server { server_name _; # This is just an invalid value which will never trigger on a real hostname. listen 443 ssl http2; access_log /var/log/nginx/access.log vhost; - return 503; + error_page 500 501 502 503 504 /custom_50x.html; + location / { + return 503; + } + location = /custom_50x.html{ + internal; + root /usr/share/nginx/html; + } ssl_certificate /etc/nginx/certs/default.crt; ssl_certificate_key /etc/nginx/certs/default.key; @@ -184,6 +196,17 @@ server { server_name {{ $host }}; listen 443 ssl http2 {{ $default_server }}; access_log /var/log/nginx/access.log vhost; + error_page 404 /custom_404.html; + error_page 403 /custom_403.html; + location = /custom_404.html{ + internal; + root /usr/share/nginx/html; + } + location = /custom_403.html{ + internal; + root /usr/share/nginx/html; + } + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA; @@ -231,6 +254,16 @@ server { server_name {{ $host }}; listen 80 {{ $default_server }}; access_log /var/log/nginx/access.log vhost; + error_page 404 /custom_404.html; + error_page 403 /custom_403.html; + location = /custom_403.html{ + internal; + root /usr/share/nginx/html; + } + location = /custom_404.html{ + internal; + root /usr/share/nginx/html; + } {{ if (exists (printf "/etc/nginx/vhost.d/%s" $host)) }} include {{ printf "/etc/nginx/vhost.d/%s" $host }}; From df4cdb5762c62f7e62fa2bcd181f8b97c1db5dcd Mon Sep 17 00:00:00 2001 From: Thiago Trennepohl Date: Tue, 8 Nov 2016 17:19:30 -0200 Subject: [PATCH 10/11] Add support for Websocket port --- nginx.tmpl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nginx.tmpl b/nginx.tmpl index 01c5afd..a1707e3 100644 --- a/nginx.tmpl +++ b/nginx.tmpl @@ -129,9 +129,9 @@ upstream ws.{{ $host }} { {{ if eq $addrLen 1 }} {{ $address := index $container.Addresses 0 }} {{ template "upstream" (dict "Container" $container "Address" $address "Network" $containerNetwork) }} - {{/* If more than one port exposed, use the one matching VIRTUAL_PORT env var, falling back to standard web port 80 */}} + {{/* If more than one port exposed, use the one matching SOCKET_PORT env var, falling back to standard web port 80 */}} {{ else }} - {{ $port := coalesce $container.Env.VIRTUAL_PORT "80" }} + {{ $port := coalesce $container.Env.SOCKET_PORT "80" }} {{ $address := where $container.Addresses "Port" $port | first }} {{ template "upstream" (dict "Container" $container "Address" $address "Network" $containerNetwork) }} {{ end }} From 92ff889a6f83ac6eb94c80fc92e513113e3c25c9 Mon Sep 17 00:00:00 2001 From: Renan Berto Date: Fri, 25 Nov 2016 10:34:04 -0200 Subject: [PATCH 11/11] Add nginx.conf with Dockerfile --- Dockerfile | 3 +++ nginx.conf | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+) create mode 100644 nginx.conf diff --git a/Dockerfile b/Dockerfile index 6d5ce9b..0b19a3f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -26,6 +26,9 @@ RUN wget https://github.com/jwilder/docker-gen/releases/download/$DOCKER_GEN_VER COPY . /app/ WORKDIR /app/ +# Add nginx.conf +ADD nginx.conf /etc/nginx/nginx.conf + ENV DOCKER_HOST unix:///tmp/docker.sock VOLUME ["/etc/nginx/certs"] diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 0000000..4469c30 --- /dev/null +++ b/nginx.conf @@ -0,0 +1,34 @@ +user nginx; +worker_processes 1; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + server_names_hash_bucket_size 128; + proxy_read_timeout 10m; + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + include /etc/nginx/conf.d/*.conf; +} +daemon off;