This commit is contained in:
Christian
commit
8cf20362f7
4 changed files with 43 additions and 22 deletions
|
|
@ -1,4 +1,4 @@
|
|||
FROM nginx:1.17.3
|
||||
FROM nginx:1.17.8
|
||||
LABEL maintainer="Jason Wilder mail@jasonwilder.com"
|
||||
|
||||
# Install wget and install/updates certificates
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
FROM nginx:1.17.3-alpine
|
||||
FROM nginx:1.17.8-alpine
|
||||
LABEL maintainer="Jason Wilder mail@jasonwilder.com"
|
||||
|
||||
# Install wget and install/updates certificates
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
  [](https://travis-ci.org/jwilder/nginx-proxy) [](https://hub.docker.com/r/jwilder/nginx-proxy 'DockerHub') [](https://hub.docker.com/r/jwilder/nginx-proxy 'DockerHub')
|
||||
  [](https://travis-ci.org/jwilder/nginx-proxy) [](https://hub.docker.com/r/jwilder/nginx-proxy 'DockerHub') [](https://hub.docker.com/r/jwilder/nginx-proxy 'DockerHub')
|
||||
|
||||
|
||||
nginx-proxy sets up a container running nginx and [docker-gen][1]. docker-gen generates reverse proxy configs for nginx and reloads nginx when containers are started and stopped.
|
||||
|
|
@ -133,7 +133,7 @@ If you would like to connect to FastCGI backend, set `VIRTUAL_PROTO=fastcgi` on
|
|||
backend container. Your backend container should then listen on a port rather
|
||||
than a socket and expose that port.
|
||||
|
||||
### FastCGI Filr Root Directory
|
||||
### FastCGI File Root Directory
|
||||
|
||||
If you use fastcgi,you can set `VIRTUAL_ROOT=xxx` for your root directory
|
||||
|
||||
|
|
|
|||
57
nginx.tmpl
57
nginx.tmpl
|
|
@ -1,5 +1,8 @@
|
|||
{{ $CurrentContainer := where $ "ID" .Docker.CurrentContainerID | first }}
|
||||
|
||||
{{ $external_http_port := coalesce $.Env.HTTP_PORT "80" }}
|
||||
{{ $external_https_port := coalesce $.Env.HTTPS_PORT "443" }}
|
||||
|
||||
{{ define "upstream" }}
|
||||
{{ if .Address }}
|
||||
{{/* If we got the containers from swarm and this container's port is published to host, use host IP:PORT */}}
|
||||
|
|
@ -135,25 +138,27 @@ proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
|
|||
proxy_set_header Proxy "";
|
||||
{{ end }}
|
||||
|
||||
{{ $access_log := (or (and (not $.Env.DISABLE_ACCESS_LOGS) "access_log /var/log/nginx/access.log vhost;") "") }}
|
||||
|
||||
{{ $enable_ipv6 := eq (or ($.Env.ENABLE_IPV6) "") "true" }}
|
||||
server {
|
||||
server_name _; # This is just an invalid value which will never trigger on a real hostname.
|
||||
listen 80;
|
||||
listen {{ $external_http_port }};
|
||||
{{ if $enable_ipv6 }}
|
||||
listen [::]:80;
|
||||
listen [::]:{{ $external_http_port }};
|
||||
{{ end }}
|
||||
access_log /var/log/nginx/access.log vhost;
|
||||
{{ $access_log }}
|
||||
return 503;
|
||||
}
|
||||
|
||||
{{ if (and (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }}
|
||||
server {
|
||||
server_name _; # This is just an invalid value which will never trigger on a real hostname.
|
||||
listen 443 ssl http2;
|
||||
listen {{ $external_https_port }} ssl http2;
|
||||
{{ if $enable_ipv6 }}
|
||||
listen [::]:443 ssl http2;
|
||||
listen [::]:{{ $external_https_port }} ssl http2;
|
||||
{{ end }}
|
||||
access_log /var/log/nginx/access.log vhost;
|
||||
{{ $access_log }}
|
||||
return 503;
|
||||
|
||||
ssl_session_cache shared:SSL:50m;
|
||||
|
|
@ -241,22 +246,34 @@ upstream {{ $upstream_name }} {
|
|||
{{ if eq $https_method "redirect" }}
|
||||
server {
|
||||
server_name {{ $host }};
|
||||
listen 80 {{ $default_server }};
|
||||
listen {{ $external_http_port }} {{ $default_server }};
|
||||
{{ if $enable_ipv6 }}
|
||||
listen [::]:80 {{ $default_server }};
|
||||
listen [::]:{{ $external_http_port }} {{ $default_server }};
|
||||
{{ end }}
|
||||
access_log /var/log/nginx/access.log vhost;
|
||||
return 301 https://$host$request_uri;
|
||||
{{ $access_log }}
|
||||
|
||||
# Do not HTTPS redirect Let'sEncrypt ACME challenge
|
||||
location /.well-known/acme-challenge/ {
|
||||
auth_basic off;
|
||||
allow all;
|
||||
root /usr/share/nginx/html;
|
||||
try_files $uri =404;
|
||||
break;
|
||||
}
|
||||
|
||||
location / {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
}
|
||||
{{ end }}
|
||||
|
||||
server {
|
||||
server_name {{ $host }};
|
||||
listen 443 ssl http2 {{ $default_server }};
|
||||
listen {{ $external_https_port }} ssl http2 {{ $default_server }};
|
||||
{{ if $enable_ipv6 }}
|
||||
listen [::]:443 ssl http2 {{ $default_server }};
|
||||
listen [::]:{{ $external_https_port }} ssl http2 {{ $default_server }};
|
||||
{{ end }}
|
||||
access_log /var/log/nginx/access.log vhost;
|
||||
{{ $access_log }}
|
||||
|
||||
{{ if eq $network_tag "internal" }}
|
||||
# Only allow traffic from internal clients
|
||||
|
|
@ -309,6 +326,8 @@ server {
|
|||
root {{ trim $vhost_root }};
|
||||
include fastcgi_params;
|
||||
fastcgi_pass {{ trim $upstream_name }};
|
||||
{{ else if eq $proto "grpc" }}
|
||||
grpc_pass {{ trim $proto }}://{{ trim $upstream_name }};
|
||||
{{ else }}
|
||||
proxy_pass {{ trim $proto }}://{{ trim $upstream_name }};
|
||||
{{ end }}
|
||||
|
|
@ -331,11 +350,11 @@ server {
|
|||
|
||||
server {
|
||||
server_name {{ $host }};
|
||||
listen 80 {{ $default_server }};
|
||||
listen {{ $external_http_port }} {{ $default_server }};
|
||||
{{ if $enable_ipv6 }}
|
||||
listen [::]:80 {{ $default_server }};
|
||||
{{ end }}
|
||||
access_log /var/log/nginx/access.log vhost;
|
||||
{{ $access_log }}
|
||||
|
||||
{{ if eq $network_tag "internal" }}
|
||||
# Only allow traffic from internal clients
|
||||
|
|
@ -356,6 +375,8 @@ server {
|
|||
root {{ trim $vhost_root }};
|
||||
include fastcgi_params;
|
||||
fastcgi_pass {{ trim $upstream_name }};
|
||||
{{ else if eq $proto "grpc" }}
|
||||
grpc_pass {{ trim $proto }}://{{ trim $upstream_name }};
|
||||
{{ else }}
|
||||
proxy_pass {{ trim $proto }}://{{ trim $upstream_name }};
|
||||
{{ end }}
|
||||
|
|
@ -374,11 +395,11 @@ server {
|
|||
{{ if (and (not $is_https) (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }}
|
||||
server {
|
||||
server_name {{ $host }};
|
||||
listen 443 ssl http2 {{ $default_server }};
|
||||
listen {{ $external_https_port }} ssl http2 {{ $default_server }};
|
||||
{{ if $enable_ipv6 }}
|
||||
listen [::]:443 ssl http2 {{ $default_server }};
|
||||
listen [::]:{{ $external_https_port }} ssl http2 {{ $default_server }};
|
||||
{{ end }}
|
||||
access_log /var/log/nginx/access.log vhost;
|
||||
{{ $access_log }}
|
||||
return 500;
|
||||
|
||||
ssl_certificate /etc/nginx/certs/default.crt;
|
||||
|
|
|
|||
Loading…
Reference in a new issue