diff --git a/README.md b/README.md index 811b994..a337b8d 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ See [Automated Nginx Reverse Proxy for Docker](http://jasonwilder.com/blog/2014/ To run it: -```console +```sh docker run --detach \ --name nginx-proxy \ --publish 80:80 \ @@ -23,7 +23,7 @@ docker run --detach \ Then start any containers (here an nginx container) you want proxied with an env var `VIRTUAL_HOST=subdomain.yourdomain.com` -```console +```sh docker run --detach \ --name your-proxied-app \ --env VIRTUAL_HOST=foo.bar.com \ @@ -47,7 +47,7 @@ The nginx-proxy images are available in two flavors. This image is based on the nginx:mainline image, itself based on the debian slim image. -```console +```sh docker pull nginxproxy/nginx-proxy:1.6 ``` @@ -55,7 +55,7 @@ docker pull nginxproxy/nginx-proxy:1.6 This image is based on the nginx:alpine image. -```console +```sh docker pull nginxproxy/nginx-proxy:1.6-alpine ``` diff --git a/docker-compose-separate-containers.yml b/compose.separate.yml similarity index 94% rename from docker-compose-separate-containers.yml rename to compose.separate.yml index 5a64895..4ea5040 100644 --- a/docker-compose-separate-containers.yml +++ b/compose.separate.yml @@ -1,11 +1,9 @@ -version: "2" - services: nginx: image: nginx container_name: nginx ports: - - "80:80" + - 80:80 volumes: - /etc/nginx/conf.d diff --git a/docker-compose.yml b/compose.yml similarity index 92% rename from docker-compose.yml rename to compose.yml index a261ffc..2b09409 100644 --- a/docker-compose.yml +++ b/compose.yml @@ -1,11 +1,10 @@ -version: "2" - services: nginx-proxy: image: nginxproxy/nginx-proxy container_name: nginx-proxy ports: - - "80:80" + - 80:80 + - 443:443 volumes: - /var/run/docker.sock:/tmp/docker.sock:ro diff --git a/docs/README.md b/docs/README.md index 92c457e..b2ad028 100644 --- a/docs/README.md +++ b/docs/README.md @@ -32,13 +32,13 @@ You can also use wildcards at the beginning and the end of host name, like `*.ba To set the default host for nginx use the env var `DEFAULT_HOST=foo.bar.com` for example -```console +```sh docker run -d -p 80:80 -e DEFAULT_HOST=foo.bar.com -v /var/run/docker.sock:/tmp/docker.sock:ro nginxproxy/nginx-proxy ``` nginx-proxy will then redirect all requests to a container where `VIRTUAL_HOST` is set to `DEFAULT_HOST`, if they don't match any (other) `VIRTUAL_HOST`. Using the example above requests without matching `VIRTUAL_HOST` will be redirected to a plain nginx instance after running the following command: -```console +```sh docker run -d -e VIRTUAL_HOST=foo.bar.com nginx ``` @@ -173,7 +173,7 @@ Make sure that your settings won't result in the slash missing or being doubled. If the application runs natively on this sub-path or has a setting to do so, `VIRTUAL_DEST` should not be set or empty. If the requests are expected to not contain a sub-path and the generated links contain the sub-path, `VIRTUAL_DEST=/` should be used. -```console +```sh $ docker run -d -e VIRTUAL_HOST=example.tld -e VIRTUAL_PATH=/app1/ -e VIRTUAL_DEST=/ --name app1 app ``` @@ -205,7 +205,7 @@ Examples (YAML syntax): Nginx variables such as `$scheme`, `$host`, and `$request_uri` can be used. However, care must be taken to make sure the `$` signs are escaped properly. For example, if you want to use `301 $scheme://$host/myapp1$request_uri` you should use: - Bash: `DEFAULT_ROOT='301 $scheme://$host/myapp1$request_uri'` -- Docker Compose yaml: `- DEFAULT_ROOT: 301 $$scheme://$$host/myapp1$$request_uri` +- Docker Compose yaml: `DEFAULT_ROOT: 301 $$scheme://$$host/myapp1$$request_uri` ⬆️ [back to table of contents](#table-of-contents) @@ -215,7 +215,7 @@ Nginx variables such as `$scheme`, `$host`, and `$request_uri` can be used. Howe If you want to use `nginx-proxy` with different external ports that the default ones of `80` for `HTTP` traffic and `443` for `HTTPS` traffic, you'll have to use the environment variable(s) `HTTP_PORT` and/or `HTTPS_PORT` in addition to the changes to the Docker port mapping. If you change the `HTTPS` port, the redirect for `HTTPS` traffic will also be configured to redirect to the custom port. Typical usage, here with the custom ports `1080` and `10443`: -```console +```sh docker run -d -p 1080:1080 -p 10443:10443 -e HTTP_PORT=1080 -e HTTPS_PORT=10443 -v /var/run/docker.sock:/tmp/docker.sock:ro nginxproxy/nginx-proxy ``` @@ -225,7 +225,7 @@ With the addition of [overlay networking](https://docs.docker.com/engine/usergui If you want your `nginx-proxy` container to be attached to a different network, you must pass the `--net=my-network` option in your `docker create` or `docker run` command. At the time of this writing, only a single network can be specified at container creation time. To attach to other networks, you can use the `docker network connect` command after your container is created: -```console +```sh docker run -d -p 80:80 -v /var/run/docker.sock:/tmp/docker.sock:ro \ --name my-nginx-proxy --net my-network nginxproxy/nginx-proxy docker network connect my-other-network my-nginx-proxy @@ -298,7 +298,7 @@ services: nginx-proxy: image: nginxproxy/nginx-proxy ports: - - "80:80" + - 80:80 volumes: - /var/run/docker.sock:/tmp/docker.sock:ro environment: @@ -306,12 +306,12 @@ services: myapp: image: jwilder/whoami expose: - - "8000" + - 8000 environment: VIRTUAL_HOST: myapp.example - VIRTUAL_PORT: "8000" + VIRTUAL_PORT: 8000 labels: - com.github.nginx-proxy.nginx-proxy.loadbalance: "hash $$remote_addr;" + com.github.nginx-proxy.nginx-proxy.loadbalance: hash $$remote_addr; deploy: replicas: 4 ``` @@ -329,7 +329,7 @@ See the [nginx keepalive documentation](https://nginx.org/en/docs/http/ngx_http_ In order to be able to secure your virtual host, you have to create a file named as its equivalent `VIRTUAL_HOST` variable (or if using a regex `VIRTUAL_HOST`, as the sha1 hash of the regex) in directory `/etc/nginx/htpasswd/{$VIRTUAL_HOST}` -```console +```sh docker run -d -p 80:80 -p 443:443 \ -v /path/to/htpasswd:/etc/nginx/htpasswd \ -v /path/to/certs:/etc/nginx/certs \ @@ -348,7 +348,7 @@ You'll need apache2-utils on the machine where you plan to create the htpasswd f The default nginx access log format is -``` +```log $host $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$upstream_addr" ``` @@ -391,11 +391,9 @@ To disable nginx access logs entirely, set the `DISABLE_ACCESS_LOGS` environment To remove colors from the container log output, set the [`NO_COLOR` environment variable to any value other than an empty string](https://no-color.org/) on the nginx-proxy container. -```console -docker run --detach \ - --publish 80:80 \ - --env NO_COLOR=1 \ - --volume /var/run/docker.sock:/tmp/docker.sock:ro \ +```sh +docker run -d -p 80:80 -e NO_COLOR=1 \ + -v /var/run/docker.sock:/tmp/docker.sock:ro \ nginxproxy/nginx-proxy ``` @@ -407,7 +405,7 @@ SSL is supported using single host, wildcard and SAN certificates using naming c To enable SSL: -```console +```sh docker run -d -p 80:80 -p 443:443 -v /path/to/certs:/etc/nginx/certs -v /var/run/docker.sock:/tmp/docker.sock:ro nginxproxy/nginx-proxy ``` @@ -438,7 +436,7 @@ In the separate container setup, no pre-generated key will be available and neit Set `DHPARAM_SKIP` environment variable to `true` to disable using default Diffie-Hellman parameters. The default value is `false`. -```console +```sh docker run -e DHPARAM_SKIP=true .... ``` @@ -649,7 +647,7 @@ IPv4 and IPv6 are never both used at the same time on containers that use both I By default the nginx-proxy container will only listen on IPv4. To enable listening on IPv6 too, set the `ENABLE_IPV6` environment variable to `true`: -```console +```sh docker run -d -p 80:80 -e ENABLE_IPV6=true -v /var/run/docker.sock:/tmp/docker.sock:ro nginxproxy/nginx-proxy ``` @@ -682,7 +680,7 @@ More reading on the potential TCP head-of-line blocking issue with HTTP/2: [HTTP HTTP/3 use the QUIC protocol over UDP (unlike HTTP/1.1 and HTTP/2 which work over TCP), so if you want to use HTTP/3 you'll have to explicitely publish the 443/udp port of the proxy in addition to the 443/tcp port: -```console +```sh docker run -d -p 80:80 -p 443:443/tcp -p 443:443/udp \ -v /var/run/docker.sock:/tmp/docker.sock:ro \ nginxproxy/nginx-proxy @@ -766,7 +764,7 @@ RUN { \ Or it can be done by mounting in your custom configuration in your `docker run` command: -```console +```sh docker run -d -p 80:80 -p 443:443 -v /path/to/my_proxy.conf:/etc/nginx/conf.d/my_proxy.conf:ro -v /var/run/docker.sock:/tmp/docker.sock:ro nginxproxy/nginx-proxy ``` @@ -778,14 +776,14 @@ In order to allow virtual hosts to be dynamically configured as backends are add For example, if you have a virtual host named `app.example.com`, you could provide a custom configuration for that host as follows: -```console +```sh docker run -d -p 80:80 -p 443:443 -v /path/to/vhost.d:/etc/nginx/vhost.d:ro -v /var/run/docker.sock:/tmp/docker.sock:ro nginxproxy/nginx-proxy { echo 'server_tokens off;'; echo 'client_max_body_size 100m;'; } > /path/to/vhost.d/app.example.com ``` If you are using multiple hostnames for a single container (e.g. `VIRTUAL_HOST=example.com,www.example.com`), the virtual host configuration file must exist for each hostname. If you would like to use the same configuration for multiple virtual host names, you can use a symlink: -```console +```sh { echo 'server_tokens off;'; echo 'client_max_body_size 100m;'; } > /path/to/vhost.d/www.example.com ln -s /path/to/vhost.d/www.example.com /path/to/vhost.d/example.com ``` @@ -800,14 +798,14 @@ To add settings to the "location" block on a per-`VIRTUAL_HOST` basis, add your For example, if you have a virtual host named `app.example.com` and you have configured a proxy_cache `my-cache` in another custom file, you could tell it to use a proxy cache as follows: -```console +```sh docker run -d -p 80:80 -p 443:443 -v /path/to/vhost.d:/etc/nginx/vhost.d:ro -v /var/run/docker.sock:/tmp/docker.sock:ro nginxproxy/nginx-proxy { echo 'proxy_cache my-cache;'; echo 'proxy_cache_valid 200 302 60m;'; echo 'proxy_cache_valid 404 1m;' } > /path/to/vhost.d/app.example.com_location ``` If you are using multiple hostnames for a single container (e.g. `VIRTUAL_HOST=example.com,www.example.com`), the virtual host configuration file must exist for each hostname. If you would like to use the same configuration for multiple virtual host names, you can use a symlink: -```console +```sh { echo 'proxy_cache my-cache;'; echo 'proxy_cache_valid 200 302 60m;'; echo 'proxy_cache_valid 404 1m;' } > /path/to/vhost.d/app.example.com_location ln -s /path/to/vhost.d/www.example.com /path/to/vhost.d/example.com ``` @@ -836,7 +834,7 @@ When an override file exists, the `location` block that is normally created by ` You are responsible for providing a suitable `location` block in your override file as required for your service. By default, `nginx-proxy` uses the `VIRTUAL_HOST` name as the upstream name for your application's Docker container; see [here](#unhashed-vs-sha1-upstream-names) for details. As an example, if your container has a `VIRTUAL_HOST` value of `app.example.com`, then to override the location block for `/` you would create a file named `/etc/nginx/vhost.d/app.example.com_location_override` that contains something like this: -``` +```Nginx location / { proxy_pass http://app.example.com; } @@ -850,12 +848,11 @@ Per virtual-host `servers_tokens` directive can be configured by passing appropr To override the default error page displayed on 50x errors, mount your custom HTML error page inside the container at `/usr/share/nginx/html/errors/50x.html`: -```console -docker run --detach \ +```sh +docker run -d -p 80:80 --name nginx-proxy \ - --publish 80:80 \ - --volume /var/run/docker.sock:/tmp/docker.sock:ro \ - --volume /path/to/error.html:/usr/share/nginx/html/errors/50x.html:ro \ + -v /var/run/docker.sock:/tmp/docker.sock:ro \ + -v /path/to/error.html:/usr/share/nginx/html/errors/50x.html:ro \ nginxproxy/nginx-proxy ``` @@ -868,7 +865,7 @@ docker run --detach \ If you want to proxy non-HTTP traffic, you can use nginx's stream module. Write a configuration file and mount it inside `/etc/nginx/toplevel.conf.d`. -```nginx +```Nginx # stream.conf stream { upstream stream_backend { @@ -903,15 +900,12 @@ stream { } ``` -```console -docker run --detach \ +```sh +docker run -d \ --name nginx-proxy \ - --publish 80:80 \ - --publish 12345:12345 \ - --publish 12346:12346 \ - --publish 53:53:udp \ - --volume /var/run/docker.sock:/tmp/docker.sock:ro \ - --volume ./stream.conf:/etc/nginx/toplevel.conf.d/stream.conf:ro \ + --p 80:80 -p 12345:12345 -p 12346:12346 -p 53:53/udp \ + -v /var/run/docker.sock:/tmp/docker.sock:ro \ + -v ./stream.conf:/etc/nginx/toplevel.conf.d/stream.conf:ro \ nginxproxy/nginx-proxy ``` @@ -937,8 +931,8 @@ You may want to do this to prevent having the docker socket bound to a publicly You can demo this pattern with docker compose: -```console -docker compose --file docker-compose-separate-containers.yml up +```sh +docker compose -f compose.separate.yml up curl -H "Host: whoami.example" localhost ``` @@ -952,13 +946,13 @@ To run nginx proxy as a separate container you'll need to have [nginx.tmpl](http First start nginx with a volume: -```console -docker run -d -p 80:80 --name nginx -v /tmp/nginx:/etc/nginx/conf.d -t nginx +```sh +docker run -dt -p 80:80 --name nginx -v /tmp/nginx:/etc/nginx/conf.d nginx ``` Then start the docker-gen container with the shared volume and template: -```console +```sh docker run --volumes-from nginx \ -v /var/run/docker.sock:/tmp/docker.sock:ro \ -v $(pwd):/etc/docker-gen/templates \ @@ -967,7 +961,7 @@ docker run --volumes-from nginx \ Finally, start your containers with `VIRTUAL_HOST` environment variables. -```console +```sh docker run -e VIRTUAL_HOST=foo.bar.com ... ``` @@ -976,26 +970,24 @@ docker run -e VIRTUAL_HOST=foo.bar.com ... ## Docker Compose ```yaml -version: "2" - services: nginx-proxy: image: nginxproxy/nginx-proxy ports: - - "80:80" + - 80:80 volumes: - /var/run/docker.sock:/tmp/docker.sock:ro whoami: image: jwilder/whoami expose: - - "8000" + - 8000 environment: - - VIRTUAL_HOST=whoami.example - - VIRTUAL_PORT=8000 + VIRTUAL_HOST: whoami.example + VIRTUAL_PORT: 8000 ``` -```console +```sh docker compose up curl -H "Host: whoami.example" localhost ``` @@ -1012,7 +1004,7 @@ I'm 5b129ab83266 If you can't access your `VIRTUAL_HOST`, inspect the generated nginx configuration: -```console +```sh docker exec nginx -T ``` @@ -1156,7 +1148,7 @@ Before submitting pull requests or issues, please check github to make sure an e To run tests, you just need to run the command below: -```console +```sh make test ``` @@ -1164,7 +1156,7 @@ This commands run tests on two variants of the nginx-proxy docker image: Debian You can run the tests for each of these images with their respective commands: -```console +```sh make test-debian make test-alpine ```