Fabio/nginx-proxy-auto-docker
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge 5fdf72412d into b886c0bd14

Browse source
This commit is contained in:
Hasnat 2019-08-19 11:06:35 +00:00 committed by GitHub
commit 85c54d9165
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 82 additions and 82 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -1,3 +1,4 @@
**/__pycache__/ **/__pycache__/
**/.cache/ **/.cache/
.idea/ .idea/
conf.d

2
Dockerfile
View file

@ -28,8 +28,10 @@ COPY network_internal.conf /etc/nginx/
COPY . /app/ COPY . /app/
WORKDIR /app/ WORKDIR /app/
RUN touch /app/htpasswd_generator.sh && chmod +x /app/htpasswd_generator.sh
ENV DOCKER_HOST unix:///tmp/docker.sock ENV DOCKER_HOST unix:///tmp/docker.sock
ENV RESOLVERS="127.0.0.11 valid=5s"
VOLUME ["/etc/nginx/certs", "/etc/nginx/dhparam"] VOLUME ["/etc/nginx/certs", "/etc/nginx/dhparam"]

1
Dockerfile.alpine
View file

@ -25,6 +25,7 @@ COPY network_internal.conf /etc/nginx/
COPY . /app/ COPY . /app/
WORKDIR /app/ WORKDIR /app/
RUN touch /app/htpasswd_generator.sh && chmod +x /app/htpasswd_generator.sh
ENV DOCKER_HOST unix:///tmp/docker.sock ENV DOCKER_HOST unix:///tmp/docker.sock

1
Procfile
View file

@ -1,2 +1,3 @@
htpasswdgen: docker-gen -watch -notify "/app/htpasswd_generator.sh" /app/htpasswd_generator.tmpl /app/htpasswd_generator.sh
dockergen: docker-gen -watch -notify "nginx -s reload" /app/nginx.tmpl /etc/nginx/conf.d/default.conf dockergen: docker-gen -watch -notify "nginx -s reload" /app/nginx.tmpl /etc/nginx/conf.d/default.conf
nginx: nginx nginx: nginx

14
README.md
View file

@ -313,7 +313,17 @@ $ docker run -d -p 80:80 -p 443:443 \
-v /var/run/docker.sock:/tmp/docker.sock:ro \ -v /var/run/docker.sock:/tmp/docker.sock:ro \
jwilder/nginx-proxy jwilder/nginx-proxy
``` ```
Or have your container with `VHOST_HTPASSWD`
```
$ docker run -d -p 80:80 -p 443:443 \
-v /var/run/docker.sock:/tmp/docker.sock:ro \
jwilder/nginx-proxy
$ docker run -d \
-e VIRTUAL_HOST=whoami.local \
-e VHOST_HTPASSWD='abc:900150983CD24FB0D6963F7D28E17F72' `# this is abc:abc using md5` \
jwilder/whoami
```
You'll need apache2-utils on the machine where you plan to create the htpasswd file. Follow these [instructions](http://httpd.apache.org/docs/2.2/programs/htpasswd.html) You'll need apache2-utils on the machine where you plan to create the htpasswd file. Follow these [instructions](http://httpd.apache.org/docs/2.2/programs/htpasswd.html)
### Custom Nginx Configuration ### Custom Nginx Configuration
@ -385,6 +395,8 @@ If you are using multiple hostnames for a single container (e.g. `VIRTUAL_HOST=e
If you want most of your virtual hosts to use a default single configuration and then override on a few specific ones, add those settings to the `/etc/nginx/vhost.d/default` file. This file If you want most of your virtual hosts to use a default single configuration and then override on a few specific ones, add those settings to the `/etc/nginx/vhost.d/default` file. This file
will be used on any virtual host which does not have a `/etc/nginx/vhost.d/{VIRTUAL_HOST}` file associated with it. will be used on any virtual host which does not have a `/etc/nginx/vhost.d/{VIRTUAL_HOST}` file associated with it.
You can also have `VHOST_CONF` environment variable in your container.
#### Per-VIRTUAL_HOST location configuration #### Per-VIRTUAL_HOST location configuration
To add settings to the "location" block on a per-`VIRTUAL_HOST` basis, add your configuration file under `/etc/nginx/vhost.d` To add settings to the "location" block on a per-`VIRTUAL_HOST` basis, add your configuration file under `/etc/nginx/vhost.d`
@ -405,6 +417,8 @@ If you are using multiple hostnames for a single container (e.g. `VIRTUAL_HOST=e
If you want most of your virtual hosts to use a default single `location` block configuration and then override on a few specific ones, add those settings to the `/etc/nginx/vhost.d/default_location` file. This file If you want most of your virtual hosts to use a default single `location` block configuration and then override on a few specific ones, add those settings to the `/etc/nginx/vhost.d/default_location` file. This file
will be used on any virtual host which does not have a `/etc/nginx/vhost.d/{VIRTUAL_HOST}_location` file associated with it. will be used on any virtual host which does not have a `/etc/nginx/vhost.d/{VIRTUAL_HOST}_location` file associated with it.
You can also have `VHOST_LOCATION_CONF` environment variable in your container.
### Contributing ### Contributing
Before submitting pull requests or issues, please check github to make sure an existing issue or pull request is not already open. Before submitting pull requests or issues, please check github to make sure an existing issue or pull request is not already open.

23
docker-compose-separate-containers.yml
View file

@ -1,23 +0,0 @@
version: '2'
services:
nginx:
image: nginx
container_name: nginx
ports:
- "80:80"
volumes:
- /etc/nginx/conf.d
dockergen:
image: jwilder/docker-gen
command: -notify-sighup nginx -watch /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
volumes_from:
- nginx
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- ./nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl
whoami:
image: jwilder/whoami
environment:
- VIRTUAL_HOST=whoami.local

6
docker-compose.override.yml Normal file
View file

@ -0,0 +1,6 @@
version: '2'
services:
nginx:
build: .
volumes:
- ./conf.d:/etc/nginx/conf.d

3
docker-compose.yml
View file

@ -2,13 +2,16 @@ version: '2'
services: services:
nginx-proxy: nginx-proxy:
image: jwilder/nginx-proxy image: jwilder/nginx-proxy
build: .
container_name: nginx-proxy container_name: nginx-proxy
ports: ports:
- "80:80" - "80:80"
volumes: volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro - /var/run/docker.sock:/tmp/docker.sock:ro
- ./conf.d:/etc/nginx/conf.d
whoami: whoami:
image: jwilder/whoami image: jwilder/whoami
environment: environment:
- VIRTUAL_HOST=whoami.local - VIRTUAL_HOST=whoami.local
- VIRTUAL_PORT=8000

16
htpasswd_generator.tmpl Normal file
View file

@ -0,0 +1,16 @@
#!/bin/sh
mkdir -p /etc/nginx/htpasswd
{{ range $host, $containers := groupByMulti $ "Env.VIRTUAL_HOST" "," }}
{{ $host := trim $host }}
{{ $htpasswd := or (first (groupByKeys $containers "Env.VHOST_HTPASSWD")) "" }}
if [ ! -z '{{$htpasswd}}' ]
then
echo '{{ $htpasswd }}' > /etc/nginx/htpasswd/{{ $host }}
fi
{{ end }}
nginx -s reload

97
nginx.tmpl
View file

@ -1,27 +1,5 @@
{{ $CurrentContainer := where $ "ID" .Docker.CurrentContainerID | first }} {{ $CurrentContainer := where $ "ID" .Docker.CurrentContainerID | first }}
{{ define "upstream" }}
{{ if .Address }}
{{/* If we got the containers from swarm and this container's port is published to host, use host IP:PORT */}}
{{ if and .Container.Node.ID .Address.HostPort }}
# {{ .Container.Node.Name }}/{{ .Container.Name }}
server {{ .Container.Node.Address.IP }}:{{ .Address.HostPort }};
{{/* If there is no swarm node or the port is not published on host, use container's IP:PORT */}}
{{ else if .Network }}
# {{ .Container.Name }}
server {{ .Network.IP }}:{{ .Address.Port }};
{{ end }}
{{ else if .Network }}
# {{ .Container.Name }}
{{ if .Network.IP }}
server {{ .Network.IP }} down;
{{ else }}
server 127.0.0.1 down;
{{ end }}
{{ end }}
{{ end }}
# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the # If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
# scheme used to connect to this server # scheme used to connect to this server
map $http_x_forwarded_proto $proxy_x_forwarded_proto { map $http_x_forwarded_proto $proxy_x_forwarded_proto {
@ -119,37 +97,7 @@ server {
{{ $host := trim $host }} {{ $host := trim $host }}
{{ $is_regexp := hasPrefix "~" $host }} {{ $is_regexp := hasPrefix "~" $host }}
{{ $upstream_name := when $is_regexp (sha1 $host) $host }}
# {{ $host }}
upstream {{ $upstream_name }} {
{{ range $container := $containers }}
{{ $addrLen := len $container.Addresses }}
{{ range $knownNetwork := $CurrentContainer.Networks }}
{{ range $containerNetwork := $container.Networks }}
{{ if (and (ne $containerNetwork.Name "ingress") (or (eq $knownNetwork.Name $containerNetwork.Name) (eq $knownNetwork.Name "host"))) }}
## Can be connected with "{{ $containerNetwork.Name }}" network
{{/* If only 1 port exposed, use that */}}
{{ if eq $addrLen 1 }}
{{ $address := index $container.Addresses 0 }}
{{ template "upstream" (dict "Container" $container "Address" $address "Network" $containerNetwork) }}
{{/* If more than one port exposed, use the one matching VIRTUAL_PORT env var, falling back to standard web port 80 */}}
{{ else }}
{{ $port := coalesce $container.Env.VIRTUAL_PORT "80" }}
{{ $address := where $container.Addresses "Port" $port | first }}
{{ template "upstream" (dict "Container" $container "Address" $address "Network" $containerNetwork) }}
{{ end }}
{{ else }}
# Cannot connect to network of this container
server 127.0.0.1 down;
{{ end }}
{{ end }}
{{ end }}
{{ end }}
}
{{ $default_host := or ($.Env.DEFAULT_HOST) "" }} {{ $default_host := or ($.Env.DEFAULT_HOST) "" }}
{{ $default_server := index (dict $host "" $default_host "default_server") $host }} {{ $default_server := index (dict $host "" $default_host "default_server") $host }}
@ -157,6 +105,12 @@ upstream {{ $upstream_name }} {
{{/* Get the VIRTUAL_PROTO defined by containers w/ the same vhost, falling back to "http" */}} {{/* Get the VIRTUAL_PROTO defined by containers w/ the same vhost, falling back to "http" */}}
{{ $proto := trim (or (first (groupByKeys $containers "Env.VIRTUAL_PROTO")) "http") }} {{ $proto := trim (or (first (groupByKeys $containers "Env.VIRTUAL_PROTO")) "http") }}
{{ $vhost_conf := trim (or (first (groupByKeys $containers "Env.VHOST_CONF")) "") }}
{{ $vhost_location_conf := trim (or (first (groupByKeys $containers "Env.VHOST_LOCATION_CONF")) "") }}
{{ $container_pass := (printf "%v:%v" (first (groupByKeys $containers "Name")) (trim (or (first (groupByKeys $containers "Env.VIRTUAL_PORT")) "80"))) }}
{{/* Get the NETWORK_ACCESS defined by containers w/ the same vhost, falling back to "external" */}} {{/* Get the NETWORK_ACCESS defined by containers w/ the same vhost, falling back to "external" */}}
{{ $network_tag := or (first (groupByKeys $containers "Env.NETWORK_ACCESS")) "external" }} {{ $network_tag := or (first (groupByKeys $containers "Env.NETWORK_ACCESS")) "external" }}
@ -172,6 +126,9 @@ upstream {{ $upstream_name }} {
{{/* Get the VIRTUAL_ROOT By containers w/ use fastcgi root */}} {{/* Get the VIRTUAL_ROOT By containers w/ use fastcgi root */}}
{{ $vhost_root := or (first (groupByKeys $containers "Env.VIRTUAL_ROOT")) "/var/www/public" }} {{ $vhost_root := or (first (groupByKeys $containers "Env.VIRTUAL_ROOT")) "/var/www/public" }}
{{/* Get the SERVER_PASS By containers e.g. proxy_pass..., grpc_pass..., fastcgi_pass... */}}
{{ $server_pass := or ($container.Env.SERVER_PASS) "" }}
{{/* Get the first cert name defined by containers w/ the same vhost */}} {{/* Get the first cert name defined by containers w/ the same vhost */}}
{{ $certName := (first (groupByKeys $containers "Env.CERT_NAME")) }} {{ $certName := (first (groupByKeys $containers "Env.CERT_NAME")) }}
@ -272,16 +229,23 @@ server {
include /etc/nginx/vhost.d/default; include /etc/nginx/vhost.d/default;
{{ end }} {{ end }}
{{ if not (eq $vhost_conf "") }}
{{ $vhost_conf }}
{{ end }}
location / { location / {
{{ if eq $proto "uwsgi" }} set $target {{ trim $container_pass }};
{{ if ne $server_pass "" }}
{{ $server_pass }};
{{ else if eq $proto "uwsgi" }}
include uwsgi_params; include uwsgi_params;
uwsgi_pass {{ trim $proto }}://{{ trim $upstream_name }}; uwsgi_pass {{ trim $proto }}://$target;
{{ else if eq $proto "fastcgi" }} {{ else if eq $proto "fastcgi" }}
root {{ trim $vhost_root }}; root {{ trim $vhost_root }};
include fastcgi.conf; include fastcgi.conf;
fastcgi_pass {{ trim $upstream_name }}; fastcgi_pass $target;
{{ else }} {{ else }}
proxy_pass {{ trim $proto }}://{{ trim $upstream_name }}; proxy_pass {{ trim $proto }}://$target;
{{ end }} {{ end }}
{{ if (exists (printf "/etc/nginx/htpasswd/%s" $host)) }} {{ if (exists (printf "/etc/nginx/htpasswd/%s" $host)) }}
@ -293,6 +257,9 @@ server {
{{ else if (exists "/etc/nginx/vhost.d/default_location") }} {{ else if (exists "/etc/nginx/vhost.d/default_location") }}
include /etc/nginx/vhost.d/default_location; include /etc/nginx/vhost.d/default_location;
{{ end }} {{ end }}
{{ if not (eq $vhost_location_conf "") }}
{{ $vhost_location_conf }}
{{ end }}
} }
} }
@ -319,16 +286,24 @@ server {
include /etc/nginx/vhost.d/default; include /etc/nginx/vhost.d/default;
{{ end }} {{ end }}
{{ if not (eq $vhost_conf "") }}
{{ $vhost_conf }}
{{ end }}
location / { location / {
set $target {{ trim $container_pass }};
{{ if eq $proto "uwsgi" }} {{ if eq $proto "uwsgi" }}
{{ if ne $server_pass "" }}
{{ $server_pass }};
{{ else if eq $proto "uwsgi" }}
include uwsgi_params; include uwsgi_params;
uwsgi_pass {{ trim $proto }}://{{ trim $upstream_name }}; uwsgi_pass {{ trim $proto }}://$target;
{{ else if eq $proto "fastcgi" }} {{ else if eq $proto "fastcgi" }}
root {{ trim $vhost_root }}; root {{ trim $vhost_root }};
include fastcgi.conf; include fastcgi.conf;
fastcgi_pass {{ trim $upstream_name }}; fastcgi_pass $target;
{{ else }} {{ else }}
proxy_pass {{ trim $proto }}://{{ trim $upstream_name }}; proxy_pass {{ trim $proto }}://$target;
{{ end }} {{ end }}
{{ if (exists (printf "/etc/nginx/htpasswd/%s" $host)) }} {{ if (exists (printf "/etc/nginx/htpasswd/%s" $host)) }}
auth_basic "Restricted {{ $host }}"; auth_basic "Restricted {{ $host }}";
@ -339,6 +314,9 @@ server {
{{ else if (exists "/etc/nginx/vhost.d/default_location") }} {{ else if (exists "/etc/nginx/vhost.d/default_location") }}
include /etc/nginx/vhost.d/default_location; include /etc/nginx/vhost.d/default_location;
{{ end }} {{ end }}
{{ if not (eq $vhost_location_conf "") }}
{{ $vhost_location_conf }}
{{ end }}
} }
} }
@ -359,3 +337,4 @@ server {
{{ end }} {{ end }}
{{ end }} {{ end }}