From 0f27ed800c442ddaaa4494e19b1ad7c5de0142a4 Mon Sep 17 00:00:00 2001 From: Ivo von Putzer Reibegg Date: Wed, 14 Feb 2018 21:14:25 +0100 Subject: [PATCH 1/9] fixes typo spotted a typo within the readme ;) cheers --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c44bf80..d472ca3 100644 --- a/README.md +++ b/README.md @@ -132,7 +132,7 @@ If you would like to connect to FastCGI backend, set `VIRTUAL_PROTO=fastcgi` on backend container. Your backend container should then listen on a port rather than a socket and expose that port. -### FastCGI Filr Root Directory +### FastCGI File Root Directory If you use fastcgi,you can set `VIRTUAL_ROOT=xxx` for your root directory From f68383add91a57ec06757bba4787447181298be2 Mon Sep 17 00:00:00 2001 From: Mario Carbajal Date: Tue, 27 Mar 2018 21:18:45 -0300 Subject: [PATCH 2/9] Set DISABLE_ACCESS_LOGS to disable access logs --- nginx.tmpl | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/nginx.tmpl b/nginx.tmpl index bdb2de8..c64ac3d 100644 --- a/nginx.tmpl +++ b/nginx.tmpl @@ -88,6 +88,8 @@ proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port; proxy_set_header Proxy ""; {{ end }} +{{ $access_log := (or (and (not $.Env.DISABLE_ACCESS_LOGS) "access_log /var/log/nginx/access.log vhost;") "") }} + {{ $enable_ipv6 := eq (or ($.Env.ENABLE_IPV6) "") "true" }} server { server_name _; # This is just an invalid value which will never trigger on a real hostname. @@ -95,7 +97,7 @@ server { {{ if $enable_ipv6 }} listen [::]:80; {{ end }} - access_log /var/log/nginx/access.log vhost; + {{ $access_log }} return 503; } @@ -106,7 +108,7 @@ server { {{ if $enable_ipv6 }} listen [::]:443 ssl http2; {{ end }} - access_log /var/log/nginx/access.log vhost; + {{ $access_log }} return 503; ssl_session_tickets off; @@ -197,7 +199,7 @@ server { {{ if $enable_ipv6 }} listen [::]:80 {{ $default_server }}; {{ end }} - access_log /var/log/nginx/access.log vhost; + {{ $access_log }} return 301 https://$host$request_uri; } {{ end }} @@ -208,7 +210,7 @@ server { {{ if $enable_ipv6 }} listen [::]:443 ssl http2 {{ $default_server }}; {{ end }} - access_log /var/log/nginx/access.log vhost; + {{ $access_log }} {{ if eq $network_tag "internal" }} # Only allow traffic from internal clients @@ -306,7 +308,7 @@ server { {{ if $enable_ipv6 }} listen [::]:80 {{ $default_server }}; {{ end }} - access_log /var/log/nginx/access.log vhost; + {{ $access_log }} {{ if eq $network_tag "internal" }} # Only allow traffic from internal clients @@ -349,7 +351,7 @@ server { {{ if $enable_ipv6 }} listen [::]:443 ssl http2 {{ $default_server }}; {{ end }} - access_log /var/log/nginx/access.log vhost; + {{ $access_log }} return 500; ssl_certificate /etc/nginx/certs/default.crt; From 62d51562b5bcd40fb2a8ce378c6cc9e0f53f3930 Mon Sep 17 00:00:00 2001 From: umevoshi Date: Thu, 15 Nov 2018 01:02:57 +0900 Subject: [PATCH 3/9] Add gRPC protocol support --- nginx.tmpl | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/nginx.tmpl b/nginx.tmpl index d861050..9c9e0aa 100644 --- a/nginx.tmpl +++ b/nginx.tmpl @@ -280,6 +280,8 @@ server { root {{ trim $vhost_root }}; include fastcgi.conf; fastcgi_pass {{ trim $upstream_name }}; + {{ else if eq $proto "grpc" }} + grpc_pass {{ trim $proto }}://{{ trim $upstream_name }}; {{ else }} proxy_pass {{ trim $proto }}://{{ trim $upstream_name }}; {{ end }} @@ -327,6 +329,8 @@ server { root {{ trim $vhost_root }}; include fastcgi.conf; fastcgi_pass {{ trim $upstream_name }}; + {{ else if eq $proto "grpc" }} + grpc_pass {{ trim $proto }}://{{ trim $upstream_name }}; {{ else }} proxy_pass {{ trim $proto }}://{{ trim $upstream_name }}; {{ end }} From 3ce7d99aeaf511957b7bb5d23c0e45453aa463aa Mon Sep 17 00:00:00 2001 From: Ioannis Cherouvim <743305+cherouvim@users.noreply.github.com> Date: Wed, 25 Sep 2019 13:21:33 +0300 Subject: [PATCH 4/9] typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index daa5875..18ed270 100644 --- a/README.md +++ b/README.md @@ -181,7 +181,7 @@ Finally, start your containers with `VIRTUAL_HOST` environment variables. $ docker run -e VIRTUAL_HOST=foo.bar.com ... ### SSL Support using letsencrypt -[letsencrypt-nginx-proxy-companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion) is a lightweight companion container for the nginx-proxy. It allow the creation/renewal of Let's Encrypt certificates automatically. +[letsencrypt-nginx-proxy-companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion) is a lightweight companion container for the nginx-proxy. It allows the creation/renewal of Let's Encrypt certificates automatically. Set `DHPARAM_GENERATION` environment variable to `false` to disabled Diffie-Hellman parameters completely. This will also ignore auto-generation made by `nginx-proxy`. The default value is `true` From 11d644d645a89dfde5af1c3fbdc755442122ed7b Mon Sep 17 00:00:00 2001 From: Maurits van Mastrigt Date: Tue, 1 Oct 2019 16:00:41 +0200 Subject: [PATCH 5/9] Do not HTTPS redirect Let'sEncrypt ACME challenge The auto renewal of Let'sEncrypt certificates fails due to the HTTPS redirect of the ACME challenge. This workaround resolves the issue: https://gist.github.com/codekitchen/2c519eb7572002afab6a5f979cd42913#file-letsencrypt-diff Found through this comment: https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion/issues/526#issuecomment-476253642 --- nginx.tmpl | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/nginx.tmpl b/nginx.tmpl index c1383c6..5b3b2dd 100644 --- a/nginx.tmpl +++ b/nginx.tmpl @@ -246,7 +246,19 @@ server { listen [::]:80 {{ $default_server }}; {{ end }} access_log /var/log/nginx/access.log vhost; - return 301 https://$host$request_uri; + + # Do not HTTPS redirect Let'sEncrypt ACME challenge + location /.well-known/acme-challenge/ { + auth_basic off; + allow all; + root /usr/share/nginx/html; + try_files $uri =404; + break; + } + + location / { + return 301 https://$host$request_uri; + } } {{ end }} From a3e64a94336d8b9ae140816b0774151632e03efb Mon Sep 17 00:00:00 2001 From: nanawel Date: Sun, 3 Nov 2019 14:48:16 +0100 Subject: [PATCH 6/9] Add support for custom external HTTP/HTTPS ports (see https://groups.google.com/forum/#!topic/nginx-proxy/0I2jevmgTLI) --- nginx.tmpl | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/nginx.tmpl b/nginx.tmpl index c1383c6..336b2d9 100644 --- a/nginx.tmpl +++ b/nginx.tmpl @@ -1,5 +1,8 @@ {{ $CurrentContainer := where $ "ID" .Docker.CurrentContainerID | first }} +{{ $external_http_port := coalesce $.Env.HTTP_PORT "80" }} +{{ $external_https_port := coalesce $.Env.HTTPS_PORT "443" }} + {{ define "upstream" }} {{ if .Address }} {{/* If we got the containers from swarm and this container's port is published to host, use host IP:PORT */}} @@ -138,9 +141,9 @@ proxy_set_header Proxy ""; {{ $enable_ipv6 := eq (or ($.Env.ENABLE_IPV6) "") "true" }} server { server_name _; # This is just an invalid value which will never trigger on a real hostname. - listen 80; + listen {{ $external_http_port }}; {{ if $enable_ipv6 }} - listen [::]:80; + listen [::]:{{ $external_http_port }}; {{ end }} access_log /var/log/nginx/access.log vhost; return 503; @@ -149,9 +152,9 @@ server { {{ if (and (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }} server { server_name _; # This is just an invalid value which will never trigger on a real hostname. - listen 443 ssl http2; + listen {{ $external_https_port }} ssl http2; {{ if $enable_ipv6 }} - listen [::]:443 ssl http2; + listen [::]:{{ $external_https_port }} ssl http2; {{ end }} access_log /var/log/nginx/access.log vhost; return 503; @@ -241,9 +244,9 @@ upstream {{ $upstream_name }} { {{ if eq $https_method "redirect" }} server { server_name {{ $host }}; - listen 80 {{ $default_server }}; + listen {{ $external_http_port }} {{ $default_server }}; {{ if $enable_ipv6 }} - listen [::]:80 {{ $default_server }}; + listen [::]:{{ $external_http_port }} {{ $default_server }}; {{ end }} access_log /var/log/nginx/access.log vhost; return 301 https://$host$request_uri; @@ -252,9 +255,9 @@ server { server { server_name {{ $host }}; - listen 443 ssl http2 {{ $default_server }}; + listen {{ $external_https_port }} ssl http2 {{ $default_server }}; {{ if $enable_ipv6 }} - listen [::]:443 ssl http2 {{ $default_server }}; + listen [::]:{{ $external_https_port }} ssl http2 {{ $default_server }}; {{ end }} access_log /var/log/nginx/access.log vhost; @@ -322,7 +325,7 @@ server { server { server_name {{ $host }}; - listen 80 {{ $default_server }}; + listen {{ $external_http_port }} {{ $default_server }}; {{ if $enable_ipv6 }} listen [::]:80 {{ $default_server }}; {{ end }} @@ -365,9 +368,9 @@ server { {{ if (and (not $is_https) (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }} server { server_name {{ $host }}; - listen 443 ssl http2 {{ $default_server }}; + listen {{ $external_https_port }} ssl http2 {{ $default_server }}; {{ if $enable_ipv6 }} - listen [::]:443 ssl http2 {{ $default_server }}; + listen [::]:{{ $external_https_port }} ssl http2 {{ $default_server }}; {{ end }} access_log /var/log/nginx/access.log vhost; return 500; From cf911d950a37f33d98bc93109bb5144e8547a2f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matthias=20Do=CC=88ring?= Date: Fri, 8 Nov 2019 14:11:17 +0100 Subject: [PATCH 7/9] Upgrade to 1.17.5 closes #1337, resolves #1355 --- Dockerfile | 2 +- Dockerfile.alpine | 2 +- README.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0a1616b..0a8fdef 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM nginx:1.17.3 +FROM nginx:1.17.5 LABEL maintainer="Jason Wilder mail@jasonwilder.com" # Install wget and install/updates certificates diff --git a/Dockerfile.alpine b/Dockerfile.alpine index 03877c8..33b4793 100644 --- a/Dockerfile.alpine +++ b/Dockerfile.alpine @@ -1,4 +1,4 @@ -FROM nginx:1.17.3-alpine +FROM nginx:1.17.5-alpine LABEL maintainer="Jason Wilder mail@jasonwilder.com" # Install wget and install/updates certificates diff --git a/README.md b/README.md index 92aee31..ad8678a 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ ![latest 0.7.0](https://img.shields.io/badge/latest-0.7.0-green.svg?style=flat) -![nginx 1.17.3](https://img.shields.io/badge/nginx-1.17.3-brightgreen.svg) ![License MIT](https://img.shields.io/badge/license-MIT-blue.svg) [![Build Status](https://travis-ci.org/jwilder/nginx-proxy.svg?branch=master)](https://travis-ci.org/jwilder/nginx-proxy) [![](https://img.shields.io/docker/stars/jwilder/nginx-proxy.svg)](https://hub.docker.com/r/jwilder/nginx-proxy 'DockerHub') [![](https://img.shields.io/docker/pulls/jwilder/nginx-proxy.svg)](https://hub.docker.com/r/jwilder/nginx-proxy 'DockerHub') +![nginx 1.17.5](https://img.shields.io/badge/nginx-1.17.5-brightgreen.svg) ![License MIT](https://img.shields.io/badge/license-MIT-blue.svg) [![Build Status](https://travis-ci.org/jwilder/nginx-proxy.svg?branch=master)](https://travis-ci.org/jwilder/nginx-proxy) [![](https://img.shields.io/docker/stars/jwilder/nginx-proxy.svg)](https://hub.docker.com/r/jwilder/nginx-proxy 'DockerHub') [![](https://img.shields.io/docker/pulls/jwilder/nginx-proxy.svg)](https://hub.docker.com/r/jwilder/nginx-proxy 'DockerHub') nginx-proxy sets up a container running nginx and [docker-gen][1]. docker-gen generates reverse proxy configs for nginx and reloads nginx when containers are started and stopped. From 77227f869161e6a4434f8cfb0b2b65414e6e9fa5 Mon Sep 17 00:00:00 2001 From: Jake Jarvis Date: Wed, 4 Dec 2019 10:19:17 -0500 Subject: [PATCH 8/9] Upgrade nginx to 1.17.6 --- Dockerfile | 2 +- Dockerfile.alpine | 2 +- README.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0a8fdef..6aad66d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM nginx:1.17.5 +FROM nginx:1.17.6 LABEL maintainer="Jason Wilder mail@jasonwilder.com" # Install wget and install/updates certificates diff --git a/Dockerfile.alpine b/Dockerfile.alpine index 33b4793..2a8b9bb 100644 --- a/Dockerfile.alpine +++ b/Dockerfile.alpine @@ -1,4 +1,4 @@ -FROM nginx:1.17.5-alpine +FROM nginx:1.17.6-alpine LABEL maintainer="Jason Wilder mail@jasonwilder.com" # Install wget and install/updates certificates diff --git a/README.md b/README.md index ad8678a..eb66ef1 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ ![latest 0.7.0](https://img.shields.io/badge/latest-0.7.0-green.svg?style=flat) -![nginx 1.17.5](https://img.shields.io/badge/nginx-1.17.5-brightgreen.svg) ![License MIT](https://img.shields.io/badge/license-MIT-blue.svg) [![Build Status](https://travis-ci.org/jwilder/nginx-proxy.svg?branch=master)](https://travis-ci.org/jwilder/nginx-proxy) [![](https://img.shields.io/docker/stars/jwilder/nginx-proxy.svg)](https://hub.docker.com/r/jwilder/nginx-proxy 'DockerHub') [![](https://img.shields.io/docker/pulls/jwilder/nginx-proxy.svg)](https://hub.docker.com/r/jwilder/nginx-proxy 'DockerHub') +![nginx 1.17.6](https://img.shields.io/badge/nginx-1.17.6-brightgreen.svg) ![License MIT](https://img.shields.io/badge/license-MIT-blue.svg) [![Build Status](https://travis-ci.org/jwilder/nginx-proxy.svg?branch=master)](https://travis-ci.org/jwilder/nginx-proxy) [![](https://img.shields.io/docker/stars/jwilder/nginx-proxy.svg)](https://hub.docker.com/r/jwilder/nginx-proxy 'DockerHub') [![](https://img.shields.io/docker/pulls/jwilder/nginx-proxy.svg)](https://hub.docker.com/r/jwilder/nginx-proxy 'DockerHub') nginx-proxy sets up a container running nginx and [docker-gen][1]. docker-gen generates reverse proxy configs for nginx and reloads nginx when containers are started and stopped. From 6798a6b800e064a5615808167e80e563b47fd401 Mon Sep 17 00:00:00 2001 From: sgabe Date: Fri, 28 Feb 2020 16:36:36 +0100 Subject: [PATCH 9/9] Upgrade to 1.17.8 --- Dockerfile | 2 +- Dockerfile.alpine | 2 +- README.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6aad66d..e4fa49c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM nginx:1.17.6 +FROM nginx:1.17.8 LABEL maintainer="Jason Wilder mail@jasonwilder.com" # Install wget and install/updates certificates diff --git a/Dockerfile.alpine b/Dockerfile.alpine index 2a8b9bb..847c848 100644 --- a/Dockerfile.alpine +++ b/Dockerfile.alpine @@ -1,4 +1,4 @@ -FROM nginx:1.17.6-alpine +FROM nginx:1.17.8-alpine LABEL maintainer="Jason Wilder mail@jasonwilder.com" # Install wget and install/updates certificates diff --git a/README.md b/README.md index eb66ef1..9a0a177 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ ![latest 0.7.0](https://img.shields.io/badge/latest-0.7.0-green.svg?style=flat) -![nginx 1.17.6](https://img.shields.io/badge/nginx-1.17.6-brightgreen.svg) ![License MIT](https://img.shields.io/badge/license-MIT-blue.svg) [![Build Status](https://travis-ci.org/jwilder/nginx-proxy.svg?branch=master)](https://travis-ci.org/jwilder/nginx-proxy) [![](https://img.shields.io/docker/stars/jwilder/nginx-proxy.svg)](https://hub.docker.com/r/jwilder/nginx-proxy 'DockerHub') [![](https://img.shields.io/docker/pulls/jwilder/nginx-proxy.svg)](https://hub.docker.com/r/jwilder/nginx-proxy 'DockerHub') +![nginx 1.17.8](https://img.shields.io/badge/nginx-1.17.8-brightgreen.svg) ![License MIT](https://img.shields.io/badge/license-MIT-blue.svg) [![Build Status](https://travis-ci.org/jwilder/nginx-proxy.svg?branch=master)](https://travis-ci.org/jwilder/nginx-proxy) [![](https://img.shields.io/docker/stars/jwilder/nginx-proxy.svg)](https://hub.docker.com/r/jwilder/nginx-proxy 'DockerHub') [![](https://img.shields.io/docker/pulls/jwilder/nginx-proxy.svg)](https://hub.docker.com/r/jwilder/nginx-proxy 'DockerHub') nginx-proxy sets up a container running nginx and [docker-gen][1]. docker-gen generates reverse proxy configs for nginx and reloads nginx when containers are started and stopped.