Fabio/nginx-proxy-auto-docker
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix duplicate definitions for HTTPS 503 responses

Browse source
This commit is contained in:
mpetkov 2017-11-23 17:50:14 -05:00
parent 680988918e
commit fc4fba0b4e
2 changed files with 17 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Dockerfile
View file

@ -6,6 +6,8 @@ RUN apt-get update \
&& apt-get install -y -q --no-install-recommends \ && apt-get install -y -q --no-install-recommends \
ca-certificates \ ca-certificates \
wget \ wget \
vim \
net-tools \
&& apt-get clean \ && apt-get clean \
&& rm -r /var/lib/apt/lists/* && rm -r /var/lib/apt/lists/*

30
nginx.tmpl
View file

@ -95,14 +95,27 @@ server {
} }
# Default server if unknown domain # Default server if unknown domain
{{/* Get the first matching cert, any cert */}}
{{ $anyCert := (first (dir "/etc/nginx/certs"))}}
{{ $anyCert := trimSuffix ".crt" $anyCert }}
{{ $anyCert := trimSuffix ".key" $anyCert }}
{{ $cert_exists := (and (ne $anyCert "") (exists (printf "/etc/nginx/certs/%s.crt" $anyCert)) (exists (printf "/etc/nginx/certs/%s.key" $anyCert))) }}
{{ if $cert_exists }}
server { server {
listen 80; listen 443 ssl http2;
{{ if $enable_ipv6 }} {{ if $enable_ipv6 }}
listen [::]:80; listen [::]:443 ssl http2;
{{ end }} {{ end }}
access_log /var/log/nginx/access.log vhost; access_log /var/log/nginx/access.log vhost;
return 503; return 503;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/{{ (printf "%s.crt" $anyCert) }};
ssl_certificate_key /etc/nginx/certs/{{ (printf "%s.key" $anyCert) }};
} }
{{ end }}
{{ if (and (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }} {{ if (and (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }}
server { server {
@ -206,19 +219,6 @@ upstream {{ $upstream_name }} {
{{ $is_https := (and (ne $https_method "nohttps") (ne $cert "") (exists (printf "/etc/nginx/certs/%s.crt" $cert)) (exists (printf "/etc/nginx/certs/%s.key" $cert))) }} {{ $is_https := (and (ne $https_method "nohttps") (ne $cert "") (exists (printf "/etc/nginx/certs/%s.crt" $cert)) (exists (printf "/etc/nginx/certs/%s.key" $cert))) }}
{{ if $is_https }} {{ if $is_https }}
# Default server if unknown domain
server {
listen 443 ssl http2;
{{ if $enable_ipv6 }}
listen [::]:443 ssl http2;
{{ end }}
access_log /var/log/nginx/access.log vhost;
return 503;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/{{ (printf "%s.crt" $cert) }};
ssl_certificate_key /etc/nginx/certs/{{ (printf "%s.key" $cert) }};
}
{{ if eq $https_method "redirect" }} {{ if eq $https_method "redirect" }}
server { server {