Fabio/nginx-proxy-auto-docker
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Merge 302cb5db69 into 44a5322ce7

Browse source
This commit is contained in:
Andreas Elvers 2015-05-02 10:12:24 +00:00
commit f31f70f4c4
2 changed files with 12 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -97,7 +97,7 @@ session caches.
The behavior for the proxy when port 80 and 443 are exposed is as follows: The behavior for the proxy when port 80 and 443 are exposed is as follows:
* If a container has a usable cert, port 80 will redirect to 443 for that container so that HTTPS * If a container has a usable cert and not SSL_REDIRECT=no is set, port 80 will redirect to 443 for that container so that HTTPS
is always preferred when available. is always preferred when available.
* If the container does not have a usable cert, a 503 will be returned. * If the container does not have a usable cert, a 503 will be returned.

30
nginx.tmpl
View file

@ -71,6 +71,9 @@ upstream {{ $host }} {
{{/* Get the VIRTUAL_PROTO defined by containers w/ the same vhost, falling back to "http" */}} {{/* Get the VIRTUAL_PROTO defined by containers w/ the same vhost, falling back to "http" */}}
{{ $proto := or (first (groupByKeys $containers "Env.VIRTUAL_PROTO")) "http" }} {{ $proto := or (first (groupByKeys $containers "Env.VIRTUAL_PROTO")) "http" }}
{{/* Get redirect behaviour defined by containers w/ the same vhost, falling back to redirecting to https */}}
{{ $sslRedirect := or (first (groupByKeys $containers "Env.SSL_REDIRECT")) "yes" }}
{{/* Get the first cert name defined by containers w/ the same vhost */}} {{/* Get the first cert name defined by containers w/ the same vhost */}}
{{ $certName := (first (groupByKeys $containers "Env.CERT_NAME")) }} {{ $certName := (first (groupByKeys $containers "Env.CERT_NAME")) }}
@ -84,15 +87,20 @@ upstream {{ $host }} {
{{/* Use the cert specifid on the container or fallback to the best vhost match */}} {{/* Use the cert specifid on the container or fallback to the best vhost match */}}
{{ $cert := (coalesce $certName $vhostCert) }} {{ $cert := (coalesce $certName $vhostCert) }}
{{ if (and (ne $cert "") (exists (printf "/etc/nginx/certs/%s.crt" $cert)) (exists (printf "/etc/nginx/certs/%s.key" $cert))) }} {{ $enabledSSL := (and (ne $cert "") (exists (printf "/etc/nginx/certs/%s.crt" $cert)) (exists (printf "/etc/nginx/certs/%s.key" $cert))) }}
{{ if (and $enabledSSL (eq $sslRedirect "yes")) }}
server { server {
server_name {{ $host }}; server_name {{ $host }};
return 301 https://$host$request_uri; return 301 https://$host$request_uri;
} }
{{ end }}
server { server {
server_name {{ $host }}; server_name {{ $host }};
{{ if (ne $sslRedirect "yes") }} listen 80; {{ end }}
{{ if $enabledSSL }}
listen 443 ssl; listen 443 ssl;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
@ -106,6 +114,7 @@ server {
ssl_certificate_key /etc/nginx/certs/{{ (printf "%s.key" $cert) }}; ssl_certificate_key /etc/nginx/certs/{{ (printf "%s.key" $cert) }};
add_header Strict-Transport-Security "max-age=31536000"; add_header Strict-Transport-Security "max-age=31536000";
{{ end }}
{{ if (exists (printf "/etc/nginx/vhost.d/%s" $host)) }} {{ if (exists (printf "/etc/nginx/vhost.d/%s" $host)) }}
include {{ printf "/etc/nginx/vhost.d/%s" $host }}; include {{ printf "/etc/nginx/vhost.d/%s" $host }};
@ -118,26 +127,10 @@ server {
auth_basic_user_file {{ (printf "/etc/nginx/htpasswd/%s" $host) }}; auth_basic_user_file {{ (printf "/etc/nginx/htpasswd/%s" $host) }};
{{ end }} {{ end }}
} }
}
{{ else }}
server {
server_name {{ $host }};
{{ if (exists (printf "/etc/nginx/vhost.d/%s" $host)) }}
include {{ printf "/etc/nginx/vhost.d/%s" $host }};
{{ end }}
location / {
proxy_pass {{ $proto }}://{{ $host }};
{{ if (exists (printf "/etc/nginx/htpasswd/%s" $host)) }}
auth_basic "Restricted {{ $host }}";
auth_basic_user_file {{ (printf "/etc/nginx/htpasswd/%s" $host) }};
{{ end }}
}
} }
{{ if (and (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }} {{ if (and (not $enabledSSL) (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }}
server { server {
server_name {{ $host }}; server_name {{ $host }};
listen 443 ssl; listen 443 ssl;
@ -149,4 +142,3 @@ server {
{{ end }} {{ end }}
{{ end }} {{ end }}
{{ end }}