Fabio/nginx-proxy-auto-docker
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #6 from hadim/various-fix

Browse source 
Various fixes such as specifing build steps in Dockerfile and regenerating nginx.conf with nginx reload on certificate update.
This commit is contained in:
David Parrish 2015-11-26 08:45:38 -05:00
commit bee323b256
4 changed files with 42 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
Dockerfile
View file

@ -2,6 +2,31 @@ FROM jwilder/nginx-proxy
MAINTAINER [ "Jason Wilder <mail@jasonwilder.com>", "Yves Blusseau <90z7oey02@sneakemail.com>" ]
RUN apt-get update
# Install python packages needed by simp_le
RUN apt-get install -y -q --no-install-recommends python python-requests
# Install python packages needed to build simp_le
RUN apt-get install -y -q --no-install-recommends git gcc libssl-dev libffi-dev python-dev python-pip
# Get Let's Encrypt simp_le client source
RUN git -C /opt clone https://github.com/kuba/simp_le.git
WORKDIR /opt/simp_le
# Upgrade setuptools
RUN pip install -U setuptools
# Install simp_le in /usr/local/bin
RUN python ./setup.py install
# Make house cleaning
RUN rm -rf /opt/simp_le
RUN apt-get autoremove -y git gcc libssl-dev libffi-dev python-dev python-pip
RUN apt-get clean all
RUN rm -r /var/lib/apt/lists/*
COPY . /app/
RUN chmod +rx /app/build.sh && /app/build.sh && rm -f /app/build.sh
WORKDIR /app/

20
README.md
View file

@ -1,4 +1,4 @@
![nginx 1.9.6](https://img.shields.io/badge/nginx-1.9.6-brightgreen.svg) ![License MIT](https://img.shields.io/badge/license-MIT-blue.svg) [![Build](https://circleci.com/gh/jwilder/nginx-proxy.svg?&style=shield&circle-token=2da3ee844076a47371bd45da81cf27409ca7306a)](https://circleci.com/gh/jwilder/nginx-proxy)
![nginx 1.9.6](https://img.shields.io/badge/nginx-1.9.6-brightgreen.svg) ![License MIT](https://img.shields.io/badge/license-MIT-blue.svg) [![Build](https://circleci.com/gh/dmp1ce/nginx-proxy-letsencrypt.svg?&style=shield&circle-token=2da3ee844076a47371bd45da81cf27409ca7306a)](https://circleci.com/gh/dmp1ce/nginx-proxy-letsencrypt)
nginx-proxy sets up a container running nginx and [docker-gen][1]. docker-gen generates reverse proxy configs for nginx and reloads nginx when containers are started and stopped.
@ -8,7 +8,7 @@ See [Automated Nginx Reverse Proxy for Docker][2] for why you might want to use
To run it:
$ docker run -d -p 80:80 -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy
$ docker run -d -p 80:80 -v /var/run/docker.sock:/tmp/docker.sock:ro dmp1ce/nginx-proxy-letsencrypt
Then start any containers you want proxied with an env var `VIRTUAL_HOST=subdomain.youdomain.com`
@ -41,7 +41,7 @@ If you would like to connect to your backend using HTTPS instead of HTTP, set `V
To set the default host for nginx use the env var `DEFAULT_HOST=foo.bar.com` for example
$ docker run -d -p 80:80 -e DEFAULT_HOST=foo.bar.com -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy
$ docker run -d -p 80:80 -e DEFAULT_HOST=foo.bar.com -v /var/run/docker.sock:/tmp/docker.sock:ro dmp1ce/nginx-proxy-letsencrypt
### Separate Containers
@ -51,7 +51,7 @@ image and the official [nginx](https://registry.hub.docker.com/_/nginx/) image.
You may want to do this to prevent having the docker socket bound to a publicly exposed container service.
To run nginx proxy as a separate container you'll need to have [nginx.tmpl](https://github.com/jwilder/nginx-proxy/blob/master/nginx.tmpl) on your host system.
To run nginx proxy as a separate container you'll need to have [nginx.tmpl](https://github.com/dmp1ce/nginx-proxy-letsencrypt/blob/master/nginx.tmpl) on your host system.
First start nginx with a volume:
@ -78,7 +78,7 @@ certificates or optionally specifying a cert name (for SNI) as an environment va
To enable SSL:
$ docker run -d -p 80:80 -p 443:443 -v /path/to/certs:/etc/nginx/certs -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy
$ docker run -d -p 80:80 -p 443:443 -v /path/to/certs:/etc/nginx/certs -v /var/run/docker.sock:/tmp/docker.sock:ro dmp1ce/nginx-proxy-letsencrypt
The contents of `/path/to/certs` should contain the certificates and private keys for any virtual
hosts in use. The certificate and keys should be named after the virtual host with a `.crt` and
@ -144,7 +144,7 @@ $ docker run -d -p 80:80 -p 443:443 \
-v /path/to/htpasswd:/etc/nginx/htpasswd \
-v /path/to/certs:/etc/nginx/certs \
-v /var/run/docker.sock:/tmp/docker.sock:ro \
jwilder/nginx-proxy
dmp1ce/nginx-proxy-letsencrypt
```
You'll need apache2-utils on the machine where you plan to create the htpasswd file. Follow these [instructions](http://httpd.apache.org/docs/2.2/programs/htpasswd.html)
@ -179,7 +179,7 @@ To add settings on a proxy-wide basis, add your configuration file under `/etc/n
This can be done in a derived image by creating the file in a `RUN` command or by `COPY`ing the file into `conf.d`:
```Dockerfile
FROM jwilder/nginx-proxy
FROM dmp1ce/nginx-proxy-letsencrypt
RUN { \
echo 'server_tokens off;'; \
echo 'client_max_body_size 100m;'; \
@ -188,7 +188,7 @@ RUN { \
Or it can be done by mounting in your custom configuration in your `docker run` command:
$ docker run -d -p 80:80 -p 443:443 -v /path/to/my_proxy.conf:/etc/nginx/conf.d/my_proxy.conf:ro -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy
$ docker run -d -p 80:80 -p 443:443 -v /path/to/my_proxy.conf:/etc/nginx/conf.d/my_proxy.conf:ro -v /var/run/docker.sock:/tmp/docker.sock:ro dmp1ce/nginx-proxy-letsencrypt
#### Per-VIRTUAL_HOST
@ -198,7 +198,7 @@ In order to allow virtual hosts to be dynamically configured as backends are add
For example, if you have a virtual host named `app.example.com`, you could provide a custom configuration for that host as follows:
$ docker run -d -p 80:80 -p 443:443 -v /path/to/vhost.d:/etc/nginx/vhost.d:ro -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy
$ docker run -d -p 80:80 -p 443:443 -v /path/to/vhost.d:/etc/nginx/vhost.d:ro -v /var/run/docker.sock:/tmp/docker.sock:ro dmp1ce/nginx-proxy-letsencrypt
$ { echo 'server_tokens off;'; echo 'client_max_body_size 100m;'; } > /path/to/vhost.d/app.example.com
If you are using multiple hostnames for a single container (e.g. `VIRTUAL_HOST=example.com,www.example.com`), the virtual host configuration file must exist for each hostname. If you would like to use the same configuration for multiple virtual host names, you can use a symlink:
@ -218,7 +218,7 @@ just like the previous section except with the suffix `_location`.
For example, if you have a virtual host named `app.example.com` and you have configured a proxy_cache `my-cache` in another custom file, you could tell it to use a proxy cache as follows:
$ docker run -d -p 80:80 -p 443:443 -v /path/to/vhost.d:/etc/nginx/vhost.d:ro -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy
$ docker run -d -p 80:80 -p 443:443 -v /path/to/vhost.d:/etc/nginx/vhost.d:ro -v /var/run/docker.sock:/tmp/docker.sock:ro dmp1ce/nginx-proxy-letsencrypt
$ { echo 'proxy_cache my-cache;'; echo 'proxy_cache_valid 200 302 60m;'; echo 'proxy_cache_valid 404 1m;' } > /path/to/vhost.d/app.example.com_location
If you are using multiple hostnames for a single container (e.g. `VIRTUAL_HOST=example.com,www.example.com`), the virtual host configuration file must exist for each hostname. If you would like to use the same configuration for multiple virtual host names, you can use a symlink:

28
build.sh
View file

@ -1,28 +0,0 @@
#!/bin/bash
set -e
apt-get update
# Install python packages needed by simp_le
apt-get install -y -q --no-install-recommends python python-requests
# Install python packages needed to build simp_le
apt-get install -y -q --no-install-recommends git gcc libssl-dev libffi-dev python-dev python-pip
# Get Let's Encrypt simp_le client source
git -C /opt clone https://github.com/kuba/simp_le.git
cd /opt/simp_le
# Upgrade setuptools
pip install -U setuptools
# Install simp_le in /usr/local/bin
python ./setup.py install
# Make house cleaning
rm -rf /opt/simp_le
apt-get autoremove -y git gcc libssl-dev libffi-dev python-dev python-pip
apt-get clean all
rm -r /var/lib/apt/lists/*

7
letsencrypt_service
View file

@ -36,6 +36,10 @@ update_certs() {
# Symlink to created certificate and key.
ln -sf ./$domain/fullchain.pem /etc/nginx/certs/$domain".crt"
ln -sf ./$domain/key.pem /etc/nginx/certs/$domain".key"
# Update certificates configuration in nginx
/usr/local/bin/docker-gen -only-exposed /app/nginx.tmpl /etc/nginx/conf.d/default.conf
nginx -s reload
fi
done
done
@ -47,11 +51,12 @@ trap '[[ $pid ]] && kill $pid; exec $0' EXIT
trap 'trap - EXIT' INT TERM
echo 'Waiting 10s before updating certs...'
sleep 10
sleep 10s
update_certs
# Wait some amount of time
echo "Sleep for ${seconds_to_wait}s"
sleep $seconds_to_wait & pid=$!
wait
pid=