Fabio/nginx-proxy-auto-docker
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1287 commits 10 branches 36 tags 13 MiB
Commit graph

263 commits

Author SHA1 Message Date
Richard Hansen
7a2b1f8833
chore: Split $is_https variable into two separate checks 
for improved readability.
 2023-02-01 18:17:43 -05:00
Niek
7ca1da8358
feat: Add support for HTTP load balancing between the proxy and upstream server groups (#2173) 
Add initial tests

Newlines

Remove unused variable

Co-authored-by: Richard Hansen <rhansen@rhansen.org>

Change comment value

Co-authored-by: Richard Hansen <rhansen@rhansen.org>

add missing services line

Co-authored-by: Richard Hansen <rhansen@rhansen.org>

Use deploy.replicas

Remove details about choosing a load balancing method

Feedback note

Co-authored-by: Nicolas Duchon <nicolas.duchon@gmail.com>
 2023-03-21 07:49:27 +01:00
Richard Hansen
49bb37dfdb feat: Add support for HTTP keep-alive between the proxy and upstream 2023-03-14 04:20:17 -04:00
Richard Hansen
364beed773 fix: Don't error if $globals.CurrentContainer is nil 
Also:
  * Note when there are no networks.
  * Fix "networks available" comment.
 2023-03-10 15:23:44 -05:00
Nicolas Duchon
afd6544702
Merge pull request #2179 from rhansen/swarm 
fix: Partially revert "chore: Remove support for legacy swarm"
 2023-02-28 07:40:16 +01:00
Jan Malte Gerth
37134c44d7 fix: Sort networks and ports before iterating 
This avoids unnecessary nginx restarts caused by config file churn.
 2023-02-21 00:22:47 -05:00
Richard Hansen
6207be5f8f fix: Partially revert "chore: Remove support for legacy swarm" 
This partially reverts commit 2494e20784
by ignoring any network named "ingress" when searching for a
container's IP address.

That commit was technically a backwards-incompatible change: Some
users use nginx-proxy with Swarm mode even though it is not fully
supported.  In such cases nginx-proxy should ignore the `ingress`
network, otherwise nginx will not be able to reach the
server (container-to-container traffic apparently doesn't work over
the Swarm `ingress` network).

The parts of that commit that examine the `SwarmNode` structure are
not reverted here because docker-gen does not currently populate that
structure -- not even when both docker-gen and the service task
container are running on the same manager node.
 2023-02-17 01:52:05 -05:00
Richard Hansen
11a46f728c chore: Factor out container IP:port lookup 
This will make planned future changes easier.
 2023-02-01 03:06:39 -05:00
Richard Hansen
2494e20784 chore: Remove support for legacy swarm 
It doesn't work with the newer Docker Swarm mode so it doesn't have
much value anymore.
 2023-02-01 03:04:37 -05:00
Richard Hansen
2115974e93 feat: Add ability to completely override location blocks 
Co-authored-by: Trent Harvey <trent@harvdog.net>
 2023-01-31 04:53:12 -05:00
Richard Hansen
6162427c45 fix: Generate at most one server directive per container 2023-01-28 18:01:19 -05:00
Richard Hansen
bcec2d9075 chore: Refactor upstream template for readability 
In particular, reduce the nesting depth to make it easier to
understand what the code is doing by:

  * converting an $O(nm)$ nested loop into two serial $O(n)+O(m)$
    loops, and
  * consolidating similar nested `if` cases.
 2023-01-28 18:01:19 -05:00
Richard Hansen
daeed502cb feat: Add a warning comment if the container port is published 2023-01-28 18:01:19 -05:00
Richard Hansen
5a8a6ceae2 chore: Improve debug comments in upstream template 2023-01-28 18:01:19 -05:00
Richard Hansen
2760ead490 chore: Remove warning comment when port is not exposed 
Exposing ports is largely deprecated because it doesn't actually do
anything in Docker.
 2023-01-28 18:01:19 -05:00
Richard Hansen
e97bf606c8 chore: Move version comment to the top of the template 
to ensure that the version is always the first output line.

Also, always output `# nginx-proxy`, even if the version isn't known.
This makes it easier to find the start of the generated config in the
output of `nginx -T`.
 2023-01-28 18:01:19 -05:00
Vincent Herlemont
07cc80ac6b
feat: Support LOG_FORMAT env variable (#2151) 2023-01-27 12:28:40 -05:00
Richard Hansen
8346b68a28 fix: Ignore VIRTUAL_HOST set to the empty string 
Fixes #2144
 2023-01-23 20:48:16 -05:00
Richard Hansen
f8ae0a4b00 feat: DEFAULT_ROOT=none disables the default location / block 2023-01-23 20:47:00 -05:00
Richard Hansen
8fbc8514ef feat: Unconditionally produce debug comments 
Rationale for eliminating the check to see if the `DEBUG` environment
variable holds a true value:
  * The `DEBUG` environment variable might be set on a container (for
    purposes specific to that container, not `nginx-proxy`) to a value
    that cannot be parsed as a bool, which would break `nginx-proxy`.
  * It simplifies the template.
  * It eliminates a cold code path.
  * It avoids heisenbugs.
  * It makes debugging easier for users.

Also delete the debug info tests, as they are fragile and they provide
limited value.

Alternatively, we could avoid collision with the container's use of
the `DEBUG` environment variable by using a container label [1] such
as `com.google.nginx-proxy.nginx-proxy.debug`.  I think doing so has
dubious value, especially if we want to attempt backwards
compatibility with the `DEBUG` environment variable.

Fixes #2139

[1] https://docs.docker.com/engine/reference/commandline/run/#-set-metadata-on-container--l---label---label-file

Co-authored-by: Nicolas Duchon <nicolas.duchon@gmail.com>
 2023-01-18 17:27:04 -05:00
Richard Hansen
2427b383b5 chore: Move global variables to a $globals dict 
Planned future changes will introduce more embedded templates, and the ability
to pass the globals to the templates will be useful.
 2023-01-17 00:42:20 -05:00
Richard Hansen
1b253cd908 chore: Wrap long comments 2023-01-17 00:42:20 -05:00
Richard Hansen
0da38122bd chore: Consistent indentation 2023-01-17 00:42:20 -05:00
Richard Hansen
f20662eeaa chore: Use {{- instead of {{ to clean up whitespace 2023-01-17 00:42:20 -05:00
Richard Hansen
d6d8b2205f chore: Fix comment terminators 2023-01-17 00:42:20 -05:00
Richard Hansen
4651bf411d chore: Fix comment for $proxy_connection variable 2023-01-17 00:42:20 -05:00
Richard Hansen
744bd82c54 chore: Combine identical HTTP and HTTPS servers 2023-01-17 00:42:20 -05:00
Richard Hansen
491642b1e9 chore: Factor out duplicate virtual path code 2023-01-17 00:42:20 -05:00
Richard Hansen
14d0f3f222 chore: Rename $container to $containers 
The value is actually a slice/array of containers so it should be
pluralized.
 2023-01-17 00:42:20 -05:00
Richard Hansen
05423c681a fix: Use parseBool to parse boolean strings 2023-01-17 00:42:20 -05:00
Richard Hansen
c117ae8fd8 chore: Use boolean for $server_found variable 2023-01-17 00:42:20 -05:00
浊酒
af877cf784 feat: Add proxy header X-Forwarded-Host 
Co-authored-by: Richard Hansen <rhansen@rhansen.org>
 2022-12-26 17:59:50 -05:00
Nicolas Duchon
6f4f9ec20c
Merge pull request #1927 from rhansen/untrusted-headers 
feat: Option to not trust `X-Forwarded-*` headers from clients
 2022-12-26 20:47:05 +01:00
Richard Hansen
8aa00fcea2 feat: Option to not trust X-Forwarded-* headers from clients 
If header values from a malicious client are passed to the backend
server unchecked and unchanged, the client may be able to subvert
security checks done by the backend server.
 2022-12-19 02:48:01 -05:00
SilverFire - Dmitry Naumenko
510d376f00 Make sure networks order is the same 2022-05-11 12:56:18 +00:00
Nitin Jain
998d56c473 chore: indent location, upstream in template 2022-04-14 13:32:58 +05:30
Richard Hansen
55d913255d Fix IPv6 HTTP listen port 2022-03-20 18:54:07 -04:00
Nicolas Duchon
b6b7133a2e
fix: minor fixes on nginx template 2022-02-24 15:17:47 +01:00
Alexander Lieret
08c9586346
fix: Handle VIRTUAL_PROTO on virtual path basis 2022-02-24 15:08:18 +01:00
Alexander Lieret
28c74e8dae
fix: Move NETWORK_ACCESS to location block 2022-02-24 15:08:18 +01:00
Nicolas Duchon
efb250da01
fix: use most specific custom location config first 
Co-authored-by: Jonathan Underwood <junderwood@bitcoinbank.co.jp>
 2022-02-24 15:08:17 +01:00
Alexander Lieret
33eab70d32
feat: Add custom location block to virtual paths 
This features allows the custom location blocks to be added to the
virtual path based routing. The custom config can be specified for each
container individually.
 2022-02-24 15:08:17 +01:00
Alexander Lieret
4b85e95824
feat: Replace path stripping with variable 
This commit removes the automatic path stripping and replaces it with a
user configurable environment variable. This can be set individually for
each container.
 2022-02-24 15:08:17 +01:00
Alexander Lieret
9df330e51e
feat: Add user customizable default root response 2022-02-24 15:08:15 +01:00
Nicolas Duchon
28c73e5b52
fix: non working https with virtual path 2022-02-24 15:07:49 +01:00
Greg Symons
2901b917a0
feat: support for path-based routing 
Co-authored-by: Josh Trow <josh.trow@gmail.com>
Co-authored-by: Adrian <WolfspiritM@users.noreply.github.com>
Co-authored-by: Rodrigo Aguilera <hi@rodrigoaguilera.net>
Co-authored-by: Alexander Lieret <alexander.lieret@fau.de>
 2022-02-24 15:06:57 +01:00
Nicolas Duchon
fbf37456d0
feat: display container version 2022-01-11 22:38:30 +01:00
Unchun Yang
0780e636f9
Remove unnecessary tabs 2021-10-23 00:08:32 +09:00
Nicolas Duchon
e748ffdce4
feat: sha1 upstream names 2021-08-17 21:51:09 +02:00
Nicolas Duchon
89d37882b6
fix: always use sha1 of hostname as upstream name 2021-08-04 22:28:00 +02:00
Gilles Filippini
dfc84558a5 fix: upstream fallback entry with load balancing 2021-06-21 00:48:21 +02:00
Nicolas Duchon
2006968c05
Merge pull request #1667 from pini-gh/pini-1609 
Use `server 127.0.0.1 down` entry only when required
 2021-06-20 18:04:19 +02:00
Gilles Filippini
fca248a965 fix: server 127.0.0.1 down entry only when required 2021-06-15 23:54:24 +02:00
John Stucklen
fa8b0d7bad
fix: HTTPS redirection with custom HTTPS port 2021-06-15 00:33:06 +02:00
Scott Dutton
e9ab13781d
Fix spacing 2021-06-09 20:51:51 +01:00
Scott Dutton
9f069a42ac
Improve logging 
Currently its almost impossible to know which host actually handled the request, this extra variable logs the upstream server too
 2021-06-09 20:51:08 +01:00
Gilles Filippini
97a5dec57a Honor VIRTUAL_PORT + DEBUG flag + fallback entry 
The VIRTUAL_PORT environment variable should always be honored.
Even when the related port is not exposed.
Fix for nging-proxy/nginx-proxy#1132.

This commit also add the DEBUG environment variable which enables more
verbose comments in the nginx comfiguration file to help troubleshooting
unreachable containers.

Finaly it fixes nging-proxy/nginx-proxy#1105 as well by defining only one
fallback entry per upstream block.
 2021-05-28 00:04:43 +02:00
Laurynas Alekna
fb7a11212f Make server_tokens configurable per virtual-host 2021-05-13 21:52:06 +01:00
Nicolas Duchon
e3e8d24930
Merge pull request #1185 from kressh/master 
Set proper X-Forwarded-Ssl for SSL-terminated setups
 2021-05-05 16:32:47 +02:00
Chris Heald
85327a871e
Suffix upstream names to prevent confusion with FQDNs 2021-04-29 02:21:19 +02:00
Nicolas Duchon
bf2d7295d3
Merge pull request #1409 from nginx-proxy/no-https-redirect-acme 
Bring ACME no redirection inline with companion
 2021-03-17 20:31:37 +01:00
Jason Wilder
b0c6c9f67e
Merge pull request #1386 from juliushaertl/enh/hsts-https-method-fallback 
Add fallback to the proxy containers env for HTTPS_METHOD and HSTS
 2020-06-29 11:38:05 -06:00
Jason Wilder
8219788df6
Merge branch 'master' into master 2020-03-25 14:26:30 -06:00
Nicolas Duchon
944163d70d
Bring ACME no redirection inline with companion 
Add the following to the Let's Encrypt ACME challenge "no redirection to HTTPS"
https://github.com/nginx-proxy/docker-letsencrypt-nginx-proxy-companion/pull/570
https://github.com/nginx-proxy/docker-letsencrypt-nginx-proxy-companion/pull/335
 2020-03-20 22:28:15 +01:00
Jason Wilder
b4709639b3
Merge pull request #1353 from nanawel/feature/custom-external-ports-support 
Add support for custom external HTTP/HTTPS ports
 2020-03-03 00:24:21 -05:00
Jason Wilder
4a2dc46002
Merge pull request #1198 from umevoshi/master 
Add gRPC protocol support (#1345)
 2020-02-11 11:45:53 -07:00
Julius Härtl
f8b4553eee
Add fallback to the proxy containers env for HTTPS_METHOD and HSTS 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2020-01-30 08:24:38 +01:00
nanawel
a3e64a9433 Add support for custom external HTTP/HTTPS ports (see https://groups.google.com/forum/#!topic/nginx-proxy/0I2jevmgTLI) 2019-11-03 14:48:16 +01:00
Maurits van Mastrigt
11d644d645
Do not HTTPS redirect Let'sEncrypt ACME challenge 
The auto renewal of Let'sEncrypt certificates fails due to the HTTPS redirect of the ACME challenge.

This workaround resolves the issue:
https://gist.github.com/codekitchen/2c519eb7572002afab6a5f979cd42913#file-letsencrypt-diff

Found through this comment:
https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion/issues/526#issuecomment-476253642
 2019-10-01 16:00:41 +02:00
Jason Wilder
4443ee8b5a
Merge pull request #1116 from qiqizjl/master 
fix fastcgi bug
 2019-09-26 13:21:12 -06:00
came88
eba7d8af77
Fix comment about Mozilla Modern Policy and TLS1.3 
Thanks to @deAtog for pointing it out
 2019-09-09 12:45:20 +02:00
Lorenzo Cameroni
26e764950f Update ssl configuration 2019-08-29 22:14:14 +02:00
umevoshi
62d51562b5 Add gRPC protocol support 2018-11-15 01:02:57 +09:00
Sergey Besedin
330d2cdc0e Set proper X-Forwarded-Ssl for SSL-terminated setups 2018-10-24 19:10:24 +03:00
Steve Kamerman
936e57a6de
Fixed #1080, can't disable HSTS with noredirect 2018-08-01 11:30:06 -04:00
Steve Kamerman
4e6900e872
Added TLSv1.3 support 2018-04-22 18:29:35 -04:00
耐小心
59aa78a4a6 fix fastcgi bug 2018-04-17 21:52:58 +08:00
Jason Wilder
ccbbbeb928
Merge pull request #1073 from b1f6c1c4/b1f6c1c4-patch-1 
Add HSTS header regardless of status code
 2018-03-30 17:34:02 -04:00
耐小心
1c7ccc473f fix fastcgi bug 2018-03-30 09:47:57 +08:00
Mario Carbajal
f68383add9
Set DISABLE_ACCESS_LOGS to disable access logs 2018-03-27 21:18:45 -03:00
Jason Wilder
6290f38069
Merge pull request #1106 from hwellmann/master 
do not create an empty upstream entry for invisible containers
 2018-03-23 12:14:37 -06:00
Jason Wilder
1dce981707
Merge pull request #984 from sydoveton/master 
OCSP Stapling was not working
 2018-03-23 08:57:27 -06:00
Harald Wellmann
b61c841929 do not create an empty upstream entry for a container from an invisible Docker network 2018-03-22 10:56:41 +01:00
Sergei Filippov
37714fa4f8
Grammar Police 
Tiny grammatical fix.
 2018-03-09 10:48:14 +13:00
b1f6c1c4
7a769a6a22
Add HSTS header regardless of status code 
See nginx [doc](http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header) and [blog](https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/).
 2018-02-20 17:59:52 +08:00
Jason Wilder
226bfe158f
Merge pull request #926 from Paike/patch-1 
Fallback if container has no IP
 2018-01-20 23:04:40 -07:00
mouhamed
1eac894902
Remove duplicate 2018-01-09 21:12:37 +01:00
Sy Doveton
6e9dc343cd
Changed the SSL stapling cert extension to pem from crt. SSL stapling was not working due to the incorrect file extension. 2017-11-19 11:35:30 +00:00
Nicolas Duchon
bf16afc665 Use enumerable SSL_POLICY instead of bool 2017-11-18 09:18:55 +01:00
Nicolas Duchon
ea80027525
Merge branch 'master' into ssl-modern 2017-11-16 22:47:25 +01:00
Steve Kamerman
a312472fb5
Added custom HSTS support (issue #953) 2017-11-08 22:30:24 -05:00
Nicolas Duchon
ea98780960 Enable optional mozilla modern profile 2017-10-27 10:28:42 +02:00
Nicolas Duchon
2528a35656 Don't presume the existence of default dhparam 
The default dhparam at /etc/nginx/dhparam/dhparam.pem won't be auto generated with the separate containers setup.
 2017-10-25 12:32:09 +02:00
Jason Wilder
3ef600a3b5 Merge pull request #842 from kamermans/feature/external_internal_network 
Allow containers to be restricted to internal network
 2017-10-20 10:04:08 -06:00
Jason Wilder
fc36514eb8 Merge pull request #863 from qiqizjl/master 
support fastcgi
 2017-10-20 10:00:27 -06:00
Steve Kamerman
93d90884e2
Implemented NETWORK_ACCESS (squash commit) 2017-10-18 13:29:12 -04:00
Patrick
3156b97f3a Fallback if container has no IP 
Sometimes containers will not be assigned an IP (after reboot or due to misconfiguration). This leads to an incorrect "server <missing ip> down;" line in default.conf and crashes nginx. 
@therealgambo  provided a fix for this: https://github.com/jwilder/nginx-proxy/issues/845
 2017-09-13 12:37:06 +02:00
Jason Wilder
f05f7a0ff9 Merge pull request #574 from teohhanhui/ocsp-stapling-chain 
Enable OCSP stapling if certificate trust chain is provided
 2017-08-16 11:53:17 -06:00
Remi Pichon
fff84de367 Do not bind upstream with 'ingress' network 
Merging https://github.com/jwilder/nginx-proxy/pull/774 and a8ee64b059
 2017-08-10 12:30:00 +02:00
Teoh Han Hui
065dd7f1ea
Fix build 2017-07-31 17:46:58 +08:00