Fabio/nginx-proxy-auto-docker
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
539 commits 10 branches 36 tags 13 MiB
Commit graph

539 commits

This branch
This branch
All branches
Author SHA1 Message Date
Sudarshan Wadkar
77b122670b
Fix SSL23_GET_SERVER_HELLO:unknown protocol 
This commit fixes the SSL23_GET_SERVER_HELLO unknown protocol error when using `docker-compose-separate-containers.yml` and redirecting to an upstream HTTPS server.

Example error:
```
nginx        | 2018/10/25 09:06:06 [error] 9#9: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 172.18.8.224, server: whoami.my.server, request: "GET / HTTP/2.0", upstream: "https://172.27.0.3:8000/", host: "whoami.my.server"
```
Steps to reproduce:
Make sure you have the necessary `*.{crt,key,dhparam.pem}` files generated in the `./config/nginx/certs` directory. Then use following docker-compose-separate-container.yml file to do a `docker-compose up`:
```
version: "2"
services:

  nginx:
    image: nginx:alpine
    #restart: always #TODO: Remove me in production
    container_name: nginx
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /etc/nginx/conf.d
      - ./config/nginx/certs:/etc/nginx/certs

  dockergen:
    #restart: always #TODO: Remove me in production
    image: jwilder/docker-gen
    command: -notify-sighup nginx -watch /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
    volumes_from:
      - nginx
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - ./config/docker-gen/templates:/etc/docker-gen/templates

  whoami:
    image: jwilder/whoami
    environment:
      # Please, for the love of god, don't escape strings here!!
      # See: https://github.com/jwilder/nginx-proxy/issues/1183
      - VIRTUAL_HOST=whoami.my.server
      - VIRTUAL_PROTO=https
      - VIRTUAL_PORT=8000
```
When you visit `https://whoami.my.server`, you will see a SSL handshake error in the `nginx` container (see example error string above). While I can't find which SO answer pointed me to rewrite the `proxy_pass` URL to start with `http` instead of `https`, but this change in the `nginx.tmpl` file solved the issue for me.

Note that I am testing on "fake local domains" by manipulating the `/etc/hosts` on the client side. If this change in the code does not make sense, please let me know what I am missing.

Thanks,
-Sudarshan
 2018-10-25 10:08:33 +00:00
Jason Wilder
e80fc0b304
Merge pull request #1140 from matt-hh/feature/upgrade-1.14 
Upgrade to nginx 1.14 stable version
 2018-08-17 10:20:50 -06:00
Jason Wilder
a285717657
Merge pull request #1123 from kamermans/feature/tls1.3 
Add TLSv1.3 support
 2018-06-07 15:56:19 -06:00
Matthias Döring
cb2b0e2bd3 Upgrade to nginx 1.14 stable 2018-06-06 00:56:47 +02:00
Steve Kamerman
4e6900e872
Added TLSv1.3 support 2018-04-22 18:29:35 -04:00
Jason Wilder
9521593cbc
Merge pull request #1124 from kamermans/bugfix/travis-ci-errors-fix2 
Bugfix: Test reads from out-of-scope var
 2018-04-22 15:47:42 -06:00
Steve Kamerman
af266c0b83
Remove old docker.list to avoid getting unstable Docker version 2018-04-22 16:43:00 -04:00
Steve Kamerman
9be2624d09
Increased dependency versions to get around pip internal problem 2018-04-22 16:11:32 -04:00
Steve Kamerman
c417813df9
Fixed out-of-scope variable 2018-04-22 16:03:43 -04:00
Jason Wilder
ccbbbeb928
Merge pull request #1073 from b1f6c1c4/b1f6c1c4-patch-1 
Add HSTS header regardless of status code
 2018-03-30 17:34:02 -04:00
Jason Wilder
556b3364fb
Merge pull request #1115 from kamermans/docs/ocsp-stapling-info 
Added docs on enabling OCSP Stapling
 2018-03-28 20:50:15 -04:00
Steve Kamerman
d7e939dc27
Added info on enabling OCSP Stapling 2018-03-28 11:43:41 -04:00
b1f6c1c4
d8777c8689
Merge pull request #2 from kamermans/b1f6c1c4-patch-1 
Add tests to HSTS bugfix
 2018-03-27 11:15:12 +08:00
Steve Kamerman
3590c1bae0
Added regression test to ensure HSTS works for errors 2018-03-26 14:58:06 -04:00
Steve Kamerman
c1ae91364c
Added endpoint to allow testing alternate response codes 2018-03-26 14:57:50 -04:00
Jason Wilder
71225a28fa
Merge pull request #1026 from jwilder/updates 
Updates for 0.7.0 release
 2018-03-23 23:34:31 -06:00
Jason Wilder
f8cd4483ac Update version to 0.7.0 2018-03-23 23:03:42 -06:00
Jason Wilder
5266553e1b Add issue template/q&a links 2018-03-23 21:07:43 -06:00
Jason Wilder
1f19ee3c56
Merge pull request #1088 from matt-hh/fix-1076 
Enable NETWORK_ACCESS feature for alpine version
 2018-03-23 14:54:52 -06:00
Jason Wilder
6290f38069
Merge pull request #1106 from hwellmann/master 
do not create an empty upstream entry for invisible containers
 2018-03-23 12:14:37 -06:00
Jason Wilder
1dce981707
Merge pull request #984 from sydoveton/master 
OCSP Stapling was not working
 2018-03-23 08:57:27 -06:00
Harald Wellmann
b61c841929 do not create an empty upstream entry for a container from an invisible Docker network 2018-03-22 10:56:41 +01:00
Jason Wilder
000a44772d
Merge pull request #1090 from sergeifilippov/patch-1 
Grammar Police
 2018-03-08 15:01:00 -07:00
Sergei Filippov
37714fa4f8
Grammar Police 
Tiny grammatical fix.
 2018-03-09 10:48:14 +13:00
Matthias Döring
2f8ebe8d45 Enable NETWORK_ACCESS feature for alpine version 
This PR fixes a missing line in the alpine version.

- Fixes #1076
- See #842
 2018-03-07 22:36:05 +01:00
Jason Wilder
d6042d08f1
Merge pull request #734 from thomasleveil/knwon_issues 
TESTS: add tests for known issues
 2018-02-20 14:50:11 -07:00
b1f6c1c4
7a769a6a22
Add HSTS header regardless of status code 
See nginx [doc](http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header) and [blog](https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/).
 2018-02-20 17:59:52 +08:00
Jason Wilder
226bfe158f
Merge pull request #926 from Paike/patch-1 
Fallback if container has no IP
 2018-01-20 23:04:40 -07:00
Jason Wilder
32d42ffee7 Update docker-gen to 0.7.4 2018-01-14 15:28:46 -07:00
Jason Wilder
3fab237f34
Merge pull request #1022 from mouhamed/patch-1 
Remove duplicate
 2018-01-09 21:29:06 -07:00
mouhamed
1eac894902
Remove duplicate 2018-01-09 21:12:37 +01:00
Jason Wilder
73f29846b3
Merge pull request #957 from buchdag/ssl-modern 
Allow optional use of Mozilla modern SSL configuration
 2017-12-06 16:34:30 -07:00
Sy Doveton
6e9dc343cd
Changed the SSL stapling cert extension to pem from crt. SSL stapling was not working due to the incorrect file extension. 2017-11-19 11:35:30 +00:00
Nicolas Duchon
35f092ca30 Update doc with SSL_POLICY values 2017-11-18 09:18:55 +01:00
Nicolas Duchon
bf16afc665 Use enumerable SSL_POLICY instead of bool 2017-11-18 09:18:55 +01:00
Nicolas Duchon
ea80027525
Merge branch 'master' into ssl-modern 2017-11-16 22:47:25 +01:00
Jason Wilder
a6e8fae7f5
Merge pull request #970 from kamermans/bugfix/failing_ssl_tests 
Fixed failing SSL tests
 2017-11-09 10:04:20 -07:00
Jason Wilder
9b8323d2e2
Merge pull request #969 from kamermans/feature/custom_hsts 
Added custom HSTS support (issue #953)
 2017-11-09 08:47:37 -07:00
Steve Kamerman
612bf72ceb
Support old and new versions of requests 2017-11-08 23:19:13 -05:00
Steve Kamerman
ebd1485b09
Catch SSLError instead of CertificateError 2017-11-08 22:53:44 -05:00
Steve Kamerman
58a02f107e
Removed '-verify 0' - to disable verification, exclude -verify entirely 2017-11-08 22:42:52 -05:00
Steve Kamerman
a312472fb5
Added custom HSTS support (issue #953) 2017-11-08 22:30:24 -05:00
Jason Wilder
1374ee5b9e
Merge pull request #962 from cglewis/master 
MAINTAINER is deprecated, using LABEL now
 2017-11-06 11:07:26 -07:00
cglewis
55610b8425 MAINTAINER is deprecated, using LABEL now 2017-10-31 18:21:12 -07:00
Nicolas Duchon
56fb58cc6f Update doc for mozilla modern profile 2017-10-27 10:28:42 +02:00
Nicolas Duchon
ea98780960 Enable optional mozilla modern profile 2017-10-27 10:28:42 +02:00
Jason Wilder
1b868259fe Merge pull request #955 from buchdag/dhparam-separate-container 
Fix default dhparam.pem when using separate containers
 2017-10-26 10:09:18 -06:00
Nicolas Duchon
3ac478f284 Update Diffie-Hellman Groups doc 
+ corrected a typo
 2017-10-25 12:34:22 +02:00
Nicolas Duchon
2528a35656 Don't presume the existence of default dhparam 
The default dhparam at /etc/nginx/dhparam/dhparam.pem won't be auto generated with the separate containers setup.
 2017-10-25 12:32:09 +02:00
Jason Wilder
3ef600a3b5 Merge pull request #842 from kamermans/feature/external_internal_network 
Allow containers to be restricted to internal network
 2017-10-20 10:04:08 -06:00