Aggiorna README.md

Merge pull request #2576 from nginx-proxy/dependabot/docker/nginxproxy/docker-gen-0.14.5-debian
2025-02-05 21:22:14 +08:00 · 2025-02-05 21:20:42 +08:00 · 2025-01-19 23:03:10 +01:00 · 2025-01-19 20:34:13 +00:00 · 2025-01-18 22:03:27 +01:00 · 2025-01-18 22:01:09 +01:00
292 changed files with 7318 additions and 2675 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -5,6 +5,8 @@ updates:
    directory: "/"
    schedule:
      interval: "daily"
    commit-message:
      prefix: "build"
    labels:
      - "type/build"
      - "scope/dockerfile"
@ -13,6 +15,18 @@ updates:
  - package-ecosystem: "pip"
    directory: "/test/requirements"
    schedule:
-      interval: "daily"
+      interval: "weekly"
    commit-message:
      prefix: "ci"
    labels:
      - "type/ci"
  # Maintain GitHub Actions
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "weekly"
    commit-message:
      prefix: "ci"
    labels:
      - "type/ci"
--- a/.github/workflows/build-publish-dispatch.yml
+++ b/.github/workflows/build-publish-dispatch.yml
@ -0,0 +1,85 @@
 name: Build and publish Docker images on demand
 on:
  workflow_dispatch:
    inputs:
      image_tag:
        description: "Image tag"
        type: string
        required: true
 jobs:
  multiarch-build:
    name: Build and publish ${{ matrix.base }} image with tag ${{ inputs.image_tag }}
    strategy:
      matrix:
        base: [alpine, debian]
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Retrieve nginx-proxy version
        id: nginx-proxy_version
        run: echo "VERSION=$(git describe --tags)" >> "$GITHUB_OUTPUT"
      - name: Retrieve docker-gen version
        id: docker-gen_version
        run: sed -n -e 's;^FROM nginxproxy/docker-gen:\([0-9.]*\).*;VERSION=\1;p' Dockerfile.${{ matrix.base }} >> "$GITHUB_OUTPUT"
      - name: Get Docker tags
        id: docker_meta
        uses: docker/metadata-action@v5
        with:
          images: |
            nginxproxy/nginx-proxy
          tags: |
            type=raw,value=${{ inputs.image_tag }},enable=${{ matrix.base == 'debian' }}
            type=raw,value=${{ inputs.image_tag }},suffix=-alpine,enable=${{ matrix.base == 'alpine' }}
          labels: |
            org.opencontainers.image.authors=Nicolas Duchon <nicolas.duchon@gmail.com> (@buchdag), Jason Wilder
            org.opencontainers.image.version=${{ steps.nginx-proxy_version.outputs.VERSION }}
          flavor: |
            latest=false
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Login to DockerHub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Log in to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Build and push the image
        id: docker_build
        uses: docker/build-push-action@v6
        with:
          context: .
          file: Dockerfile.${{ matrix.base }}
          build-args: |
            NGINX_PROXY_VERSION=${{ steps.nginx-proxy_version.outputs.VERSION }}
            DOCKER_GEN_VERSION=${{ steps.docker-gen_version.outputs.VERSION }}
          platforms: linux/amd64,linux/arm64,linux/s390x,linux/arm/v7
          sbom: true
          push: true
          provenance: mode=max
          tags: ${{ steps.docker_meta.outputs.tags }}
          labels: ${{ steps.docker_meta.outputs.labels }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
      - name: Images digests
        run: echo ${{ steps.docker_build.outputs.digest }}
--- a/.github/workflows/build-publish.yml
+++ b/.github/workflows/build-publish.yml
@ -0,0 +1,101 @@
 name: Build and publish Docker images
 on:
  workflow_dispatch:
  schedule:
    - cron: "0 0 * * 1"
  push:
    branches:
      - main
    tags:
      - "*.*.*"
    paths-ignore:
      - "test/*"
      - ".gitignore"
      - "docker-compose-separate-containers.yml"
      - "docker-compose.yml"
      - "LICENSE"
      - "Makefile"
      - "*.md"
 jobs:
  multiarch-build:
    name: Build and publish image
    strategy:
      matrix:
        base: [alpine, debian]
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Retrieve nginx-proxy version
        id: nginx-proxy_version
        run: echo "VERSION=$(git describe --tags)" >> "$GITHUB_OUTPUT"
      - name: Retrieve docker-gen version
        id: docker-gen_version
        run: sed -n -e 's;^FROM nginxproxy/docker-gen:\([0-9.]*\).*;VERSION=\1;p' Dockerfile.${{ matrix.base }} >> "$GITHUB_OUTPUT"
      - name: Get Docker tags
        id: docker_meta
        uses: docker/metadata-action@v5
        with:
          images: |
            ghcr.io/nginx-proxy/nginx-proxy
            nginxproxy/nginx-proxy
            jwilder/nginx-proxy
          tags: |
            type=semver,pattern={{version}},enable=${{ matrix.base == 'debian' }}
            type=semver,pattern={{major}}.{{minor}},enable=${{ matrix.base == 'debian' }}
            type=semver,suffix=-alpine,pattern={{version}},enable=${{ matrix.base == 'alpine' }}
            type=semver,suffix=-alpine,pattern={{major}}.{{minor}},enable=${{ matrix.base == 'alpine' }}
            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' && matrix.base == 'debian' }}
            type=raw,value=alpine,enable=${{ github.ref == 'refs/heads/main' && matrix.base == 'alpine' }}
          labels: |
            org.opencontainers.image.authors=Nicolas Duchon <nicolas.duchon@gmail.com> (@buchdag), Jason Wilder
            org.opencontainers.image.version=${{ steps.nginx-proxy_version.outputs.VERSION }}
          flavor: |
            latest=false
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Login to DockerHub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Log in to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Build and push the image
        id: docker_build
        uses: docker/build-push-action@v6
        with:
          context: .
          file: Dockerfile.${{ matrix.base }}
          build-args: |
            NGINX_PROXY_VERSION=${{ steps.nginx-proxy_version.outputs.VERSION }}
            DOCKER_GEN_VERSION=${{ steps.docker-gen_version.outputs.VERSION }}
          platforms: linux/amd64,linux/arm64,linux/s390x,linux/arm/v7
          sbom: true
          push: true
          provenance: mode=max
          tags: ${{ steps.docker_meta.outputs.tags }}
          labels: ${{ steps.docker_meta.outputs.labels }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
      - name: Images digests
        run: echo ${{ steps.docker_build.outputs.digest }}
--- a/.github/workflows/dockerhub-description.yml
+++ b/.github/workflows/dockerhub-description.yml
@ -0,0 +1,27 @@
 name: Update Docker Hub Description
 on:
  push:
    branches:
      - main
    paths:
      - README.md
      - .github/workflows/dockerhub-description.yml
 jobs:
  dockerHubDescription:
    name: Update Docker Hub Description
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
      - name: Docker Hub Description
        uses: peter-evans/dockerhub-description@v4
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN_RWD }}
          repository: nginxproxy/nginx-proxy
          short-description: ${{ github.event.repository.description }}
          enable-url-completion: true
--- a/.github/workflows/dockerhub.yml
+++ b/.github/workflows/dockerhub.yml
@ -1,143 +0,0 @@
 name: DockerHub
 on:
  workflow_dispatch:
  schedule:
    - cron: "0 0 * * 1"
  push:
    branches:
      - main
    tags:
      - "*.*.*"
    paths-ignore:
      - "test/*"
      - ".gitignore"
      - "docker-compose-separate-containers.yml"
      - "docker-compose.yml"
      - "LICENSE"
      - "Makefile"
      - "*.md"
 jobs:
  multiarch-build-debian:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - name: Retrieve version
        run: echo "GIT_DESCRIBE=$(git describe --tags)" >> $GITHUB_ENV
      - name: Get Docker tags for Debian based image
        id: docker_meta_debian
        uses: docker/metadata-action@v4
        with:
          images: |
            ghcr.io/nginx-proxy/nginx-proxy
            nginxproxy/nginx-proxy
            jwilder/nginx-proxy
          tags: |
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}.{{minor}}
            type=raw,value=latest,enable={{is_default_branch}}
          labels: |
            org.opencontainers.image.authors=Nicolas Duchon <nicolas.duchon@gmail.com> (@buchdag), Jason Wilder
            org.opencontainers.image.version=${{ env.GIT_DESCRIBE }}
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      - name: Login to DockerHub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Log in to GitHub Container Registry
        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Build and push the Debian based image
        id: docker_build_debian
        uses: docker/build-push-action@v3
        with:
          context: .
          file: Dockerfile
          build-args: NGINX_PROXY_VERSION=${{ env.GIT_DESCRIBE }}
          platforms: linux/amd64,linux/arm64,linux/arm/v7
          push: true
          tags: ${{ steps.docker_meta_debian.outputs.tags }}
          labels: ${{ steps.docker_meta_debian.outputs.labels }}
      - name: Images digests
        run: echo ${{ steps.docker_build_debian.outputs.digest }}
  multiarch-build-alpine:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - name: Retrieve version
        run: echo "GIT_DESCRIBE=$(git describe --tags)" >> $GITHUB_ENV
      - name: Get Docker tags for Alpine based image
        id: docker_meta_alpine
        uses: docker/metadata-action@v4
        with:
          images: |
            ghcr.io/nginx-proxy/nginx-proxy
            nginxproxy/nginx-proxy
            jwilder/nginx-proxy
          tags: |
            type=semver,suffix=-alpine,pattern={{version}}
            type=semver,suffix=-alpine,pattern={{major}}.{{minor}}
            type=raw,value=alpine,enable={{is_default_branch}}
          labels: |
            org.opencontainers.image.authors=Nicolas Duchon <nicolas.duchon@gmail.com> (@buchdag), Jason Wilder
            org.opencontainers.image.version=${{ env.GIT_DESCRIBE }}
          flavor: latest=false
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      - name: Login to DockerHub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Log in to GitHub Container Registry
        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Build and push the Alpine based image
        id: docker_build_alpine
        uses: docker/build-push-action@v3
        with:
          context: .
          file: Dockerfile.alpine
          build-args: NGINX_PROXY_VERSION=${{ env.GIT_DESCRIBE }}
          platforms: linux/amd64,linux/arm64,linux/arm/v7
          push: true
          tags: ${{ steps.docker_meta_alpine.outputs.tags }}
          labels: ${{ steps.docker_meta_alpine.outputs.labels }}
      - name: Images digests
        run: echo ${{ steps.docker_build_alpine.outputs.digest }}
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -3,6 +3,8 @@ name: Tests
 on:
  workflow_dispatch:
  push:
    branches:
      - main
    paths-ignore:
      - "LICENSE"
      - "**.md"
@ -21,12 +23,12 @@ jobs:
        base_docker_image: [alpine, debian]
    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
-      - name: Set up Python 3.9
+      - name: Set up Python 3.12
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v5
        with:
-          python-version: 3.9
+          python-version: 3.12
      - name: Install dependencies
        run: |
@ -34,6 +36,9 @@ jobs:
          pip install -r python-requirements.txt
        working-directory: test/requirements
      - name: Pull nginx:alpine image
        run: docker pull nginx:alpine
      - name: Build Docker web server image
        run: make build-webserver
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,4 @@
 **/__pycache__/
 **/.cache/
 .idea/
 wip
--- a/74
+++ b/74
@ -1,74 +0,0 @@
 # setup build arguments for version of dependencies to use
 ARG DOCKER_GEN_VERSION=0.9.3
 ARG FOREGO_VERSION=v0.17.0
 # Use a specific version of golang to build both binaries
 FROM golang:1.19.5 as gobuilder
 # Build docker-gen from scratch
 FROM gobuilder as dockergen
 ARG DOCKER_GEN_VERSION
 RUN git clone https://github.com/nginx-proxy/docker-gen \
   && cd /go/docker-gen \
   && git -c advice.detachedHead=false checkout $DOCKER_GEN_VERSION \
   && go mod download \
   && CGO_ENABLED=0 GOOS=linux go build -ldflags "-X main.buildVersion=${DOCKER_GEN_VERSION}" ./cmd/docker-gen \
   && go clean -cache \
   && mv docker-gen /usr/local/bin/ \
   && cd - \
   && rm -rf /go/docker-gen
 # Build forego from scratch
 FROM gobuilder as forego
 ARG FOREGO_VERSION
 RUN git clone https://github.com/nginx-proxy/forego/ \
   && cd /go/forego \
   && git -c advice.detachedHead=false checkout $FOREGO_VERSION \
   && go mod download \
   && CGO_ENABLED=0 GOOS=linux go build -o forego . \
   && go clean -cache \
   && mv forego /usr/local/bin/ \
   && cd - \
   && rm -rf /go/forego
 # Build the final image
 FROM nginx:1.23.3
 ARG NGINX_PROXY_VERSION
 # Add DOCKER_GEN_VERSION environment variable
 # Because some external projects rely on it
 ARG DOCKER_GEN_VERSION
 ENV NGINX_PROXY_VERSION=${NGINX_PROXY_VERSION} \
   DOCKER_GEN_VERSION=${DOCKER_GEN_VERSION} \
   DOCKER_HOST=unix:///tmp/docker.sock
 # Install wget and install/updates certificates
 RUN apt-get update \
   && apt-get install -y -q --no-install-recommends \
   ca-certificates \
   wget \
   && apt-get clean \
   && rm -r /var/lib/apt/lists/*
 # Configure Nginx
 RUN echo "daemon off;" >> /etc/nginx/nginx.conf \
   && sed -i 's/worker_processes  1/worker_processes  auto/' /etc/nginx/nginx.conf \
   && sed -i 's/worker_connections  1024/worker_connections  10240/' /etc/nginx/nginx.conf \
   && mkdir -p '/etc/nginx/dhparam'
 # Install Forego + docker-gen
 COPY --from=forego /usr/local/bin/forego /usr/local/bin/forego
 COPY --from=dockergen /usr/local/bin/docker-gen /usr/local/bin/docker-gen
 COPY network_internal.conf /etc/nginx/
 COPY app nginx.tmpl LICENSE /app/
 WORKDIR /app/
 ENTRYPOINT ["/app/docker-entrypoint.sh"]
 CMD ["forego", "start", "-r"]
--- a/Dockerfile.alpine
+++ b/Dockerfile.alpine
@ -1,66 +1,33 @@
-# setup build arguments for version of dependencies to use
+FROM docker.io/nginxproxy/docker-gen:0.14.5 AS docker-gen
 ARG DOCKER_GEN_VERSION=0.9.3
 ARG FOREGO_VERSION=v0.17.0
-# Use a specific version of golang to build both binaries
+FROM docker.io/nginxproxy/forego:0.18.2 AS forego
 FROM golang:1.19.5-alpine as gobuilder
 RUN apk add --no-cache git musl-dev
 # Build docker-gen from scratch
 FROM gobuilder as dockergen
 ARG DOCKER_GEN_VERSION
 RUN git clone https://github.com/nginx-proxy/docker-gen \
   && cd /go/docker-gen \
   && git -c advice.detachedHead=false checkout $DOCKER_GEN_VERSION \
   && go mod download \
   && CGO_ENABLED=0 go build -ldflags "-X main.buildVersion=${DOCKER_GEN_VERSION}" ./cmd/docker-gen \
   && go clean -cache \
   && mv docker-gen /usr/local/bin/ \
   && cd - \
   && rm -rf /go/docker-gen
 # Build forego from scratch
 FROM gobuilder as forego
 ARG FOREGO_VERSION
 RUN git clone https://github.com/nginx-proxy/forego/ \
   && cd /go/forego \
   && git -c advice.detachedHead=false checkout $FOREGO_VERSION \
   && go mod download \
   && CGO_ENABLED=0 go build -o forego . \
   && go clean -cache \
   && mv forego /usr/local/bin/ \
   && cd - \
   && rm -rf /go/forego
 # Build the final image
-FROM nginx:1.23.3-alpine
+FROM docker.io/library/nginx:1.27.3-alpine
 ARG NGINX_PROXY_VERSION
-# Add DOCKER_GEN_VERSION environment variable
+# Add DOCKER_GEN_VERSION environment variable because 
-# Because some external projects rely on it
+# acme-companion rely on it (but the actual value is not important)
-ARG DOCKER_GEN_VERSION
+ARG DOCKER_GEN_VERSION="unknown"
 ENV NGINX_PROXY_VERSION=${NGINX_PROXY_VERSION} \
   DOCKER_GEN_VERSION=${DOCKER_GEN_VERSION} \
   DOCKER_HOST=unix:///tmp/docker.sock
-# Install wget and install/updates certificates
+# Install dependencies
-RUN apk add --no-cache --virtual .run-deps \
+RUN apk add --no-cache --virtual .run-deps bash openssl
   ca-certificates bash wget openssl \
   && update-ca-certificates
 # Configure Nginx
-RUN echo "daemon off;" >> /etc/nginx/nginx.conf \
+RUN echo -e "\ninclude /etc/nginx/toplevel.conf.d/*.conf;" >> /etc/nginx/nginx.conf \
-   && sed -i 's/worker_processes  1/worker_processes  auto/' /etc/nginx/nginx.conf \
+   && sed -i 's/worker_connections.*;$/worker_connections   10240;/' /etc/nginx/nginx.conf \
-   && sed -i 's/worker_connections  1024/worker_connections  10240/' /etc/nginx/nginx.conf \
+   && sed -i -e '/^\}$/{s//\}\nworker_rlimit_nofile 20480;/;:a' -e '$!N;$!ba' -e '}' /etc/nginx/nginx.conf \
-   && mkdir -p '/etc/nginx/dhparam'
+   && mkdir -p '/etc/nginx/toplevel.conf.d' \
   && mkdir -p '/etc/nginx/dhparam' \
   && mkdir -p '/etc/nginx/certs' \
   && mkdir -p '/usr/share/nginx/html/errors'
 # Install Forego + docker-gen
 COPY --from=forego /usr/local/bin/forego /usr/local/bin/forego
-COPY --from=dockergen /usr/local/bin/docker-gen /usr/local/bin/docker-gen
+COPY --from=docker-gen /usr/local/bin/docker-gen /usr/local/bin/docker-gen
 COPY network_internal.conf /etc/nginx/
--- a/Dockerfile.debian
+++ b/Dockerfile.debian
@ -0,0 +1,35 @@
 FROM docker.io/nginxproxy/docker-gen:0.14.5-debian AS docker-gen
 FROM docker.io/nginxproxy/forego:0.18.2-debian AS forego
 # Build the final image
 FROM docker.io/library/nginx:1.27.3
 ARG NGINX_PROXY_VERSION
 # Add DOCKER_GEN_VERSION environment variable because 
 # acme-companion rely on it (but the actual value is not important)
 ARG DOCKER_GEN_VERSION="unknown"
 ENV NGINX_PROXY_VERSION=${NGINX_PROXY_VERSION} \
   DOCKER_GEN_VERSION=${DOCKER_GEN_VERSION} \
   DOCKER_HOST=unix:///tmp/docker.sock
 # Configure Nginx
 RUN echo "\ninclude /etc/nginx/toplevel.conf.d/*.conf;" >> /etc/nginx/nginx.conf \
   && sed -i 's/worker_connections.*;$/worker_connections  10240;/' /etc/nginx/nginx.conf \
   && sed -i -e '/^\}$/{s//\}\nworker_rlimit_nofile 20480;/;:a' -e '$!N;$!ba' -e '}' /etc/nginx/nginx.conf \
   && mkdir -p '/etc/nginx/toplevel.conf.d' \
   && mkdir -p '/etc/nginx/dhparam' \
   && mkdir -p '/etc/nginx/certs' \
   && mkdir -p '/usr/share/nginx/html/errors'
 # Install Forego + docker-gen
 COPY --from=forego /usr/local/bin/forego /usr/local/bin/forego
 COPY --from=docker-gen /usr/local/bin/docker-gen /usr/local/bin/docker-gen
 COPY network_internal.conf /etc/nginx/
 COPY app nginx.tmpl LICENSE /app/
 WORKDIR /app/
 ENTRYPOINT ["/app/docker-entrypoint.sh"]
 CMD ["forego", "start", "-r"]
--- a/6
+++ b/6
@ -3,13 +3,13 @@
 build-webserver:
-	docker build -t web test/requirements/web
+	docker build --pull -t web test/requirements/web
 build-nginx-proxy-test-debian:
-	docker build --build-arg NGINX_PROXY_VERSION="test" -t nginxproxy/nginx-proxy:test .
+	docker build --pull --build-arg NGINX_PROXY_VERSION="test" -f Dockerfile.debian -t nginxproxy/nginx-proxy:test .
 build-nginx-proxy-test-alpine:
-	docker build --build-arg NGINX_PROXY_VERSION="test" -f Dockerfile.alpine -t nginxproxy/nginx-proxy:test .
+	docker build --pull --build-arg NGINX_PROXY_VERSION="test" -f Dockerfile.alpine -t nginxproxy/nginx-proxy:test .
 test-debian: build-webserver build-nginx-proxy-test-debian
 	test/pytest.sh
--- a/README.md
+++ b/README.md
@ -1,10 +1,9 @@
 [![Test](https://github.com/nginx-proxy/nginx-proxy/actions/workflows/test.yml/badge.svg)](https://github.com/nginx-proxy/nginx-proxy/actions/workflows/test.yml)
 [![GitHub release](https://img.shields.io/github/v/release/nginx-proxy/nginx-proxy)](https://github.com/nginx-proxy/nginx-proxy/releases)
-![nginx 1.23.3](https://img.shields.io/badge/nginx-1.23.3-brightgreen.svg)
+[![nginx 1.27.3](https://img.shields.io/badge/nginx-1.27.3-brightgreen.svg?logo=nginx)](https://nginx.org/en/CHANGES)
 [![Docker Image Size](https://img.shields.io/docker/image-size/nginxproxy/nginx-proxy?sort=semver)](https://hub.docker.com/r/nginxproxy/nginx-proxy "Click to view the image on Docker Hub")
-[![Docker stars](https://img.shields.io/docker/stars/nginxproxy/nginx-proxy.svg)](https://hub.docker.com/r/nginxproxy/nginx-proxy 'DockerHub')
+[![Docker stars](https://img.shields.io/docker/stars/nginxproxy/nginx-proxy.svg)](https://hub.docker.com/r/nginxproxy/nginx-proxy "DockerHub")
-[![Docker pulls](https://img.shields.io/docker/pulls/nginxproxy/nginx-proxy.svg)](https://hub.docker.com/r/nginxproxy/nginx-proxy 'DockerHub')
+[![Docker pulls](https://img.shields.io/docker/pulls/nginxproxy/nginx-proxy.svg)](https://hub.docker.com/r/nginxproxy/nginx-proxy "DockerHub")
 nginx-proxy sets up a container running nginx and [docker-gen](https://github.com/nginx-proxy/docker-gen). docker-gen generates reverse proxy configs for nginx and reloads nginx when containers are started and stopped.
@ -15,526 +14,79 @@ See [Automated Nginx Reverse Proxy for Docker](http://jasonwilder.com/blog/2014/
 To run it:
 ```console
-docker run -d -p 80:80 -v /var/run/docker.sock:/tmp/docker.sock:ro nginxproxy/nginx-proxy
+docker run --detach \
    --name nginx-proxy \
    --publish 80:80 \
    --volume /var/run/docker.sock:/tmp/docker.sock:ro \
    nginxproxy/nginx-proxy:1.6
 ```
-
+docker-compose
-Then start any containers you want proxied with an env var `VIRTUAL_HOST=subdomain.youdomain.com`
+```docker-compose
 services:
  nginx-proxy:
    image: nginxproxy/nginx-proxy
    restart: always
    ports:
      - "80:80"
    volumes:
      - "/var/run/docker.sock:/tmp/docker.sock"
 ```
 Then start any containers (here an nginx container) you want proxied with an env var `VIRTUAL_HOST=subdomain.yourdomain.com`
 ```console
-docker run -e VIRTUAL_HOST=foo.bar.com  ...
+docker run --detach \
    --name your-proxied-app \
    --env VIRTUAL_HOST=foo.bar.com \
    nginx
 ```
 docker-compose
 ```docker-compose
    environment:
      - VIRTUAL_HOST=git.patachina.casacam.net
      - VIRTUAL_PORT=3000
 ```
 Provided your DNS is setup to resolve `foo.bar.com` to the host running nginx-proxy, a request to `http://foo.bar.com` will then be routed to a container with the `VIRTUAL_HOST` env var set to `foo.bar.com` (in this case, the **your-proxied-app** container).
-The containers being proxied must [expose](https://docs.docker.com/engine/reference/run/#expose-incoming-ports) the port to be proxied, either by using the `EXPOSE` directive in their `Dockerfile` or by using the `--expose` flag to `docker run` or `docker create` and be in the same network. By default, if you don't pass the --net flag when your nginx-proxy container is created, it will only be attached to the default bridge network. This means that it will not be able to connect to containers on networks other than bridge.
+The containers being proxied must :
-Provided your DNS is setup to forward foo.bar.com to the host running nginx-proxy, the request will be routed to a container with the `VIRTUAL_HOST` env var set.
+- [expose](https://docs.docker.com/engine/reference/run/#expose-incoming-ports) the port to be proxied, either by using the `EXPOSE` directive in their `Dockerfile` or by using the `--expose` flag to `docker run` or `docker create`.
 - share at least one Docker network with the nginx-proxy container: by default, if you don't pass the `--net` flag when your nginx-proxy container is created, it will only be attached to the default bridge network. This means that it will not be able to connect to containers on networks other than bridge.
-Note: providing a port number in `VIRTUAL_HOST` isn't suported, please see [virtual ports](https://github.com/nginx-proxy/nginx-proxy#virtual-ports) or [custom external HTTP/HTTPS ports](https://github.com/nginx-proxy/nginx-proxy#custom-external-httphttps-ports) depending on what you want to achieve.
+Note: providing a port number in `VIRTUAL_HOST` isn't suported, please see [virtual ports](https://github.com/nginx-proxy/nginx-proxy/tree/main/docs#virtual-ports) or [custom external HTTP/HTTPS ports](https://github.com/nginx-proxy/nginx-proxy/tree/main/docs#custom-external-httphttps-ports) depending on what you want to achieve.
 ### Image variants
 The nginx-proxy images are available in two flavors.
-#### nginxproxy/nginx-proxy:latest
+#### Debian based version
-This image uses the debian:buster based nginx image.
+This image is based on the nginx:mainline image, itself based on the debian slim image.
 ```console
-docker pull nginxproxy/nginx-proxy:latest
+docker pull nginxproxy/nginx-proxy:1.6
 ```
-#### nginxproxy/nginx-proxy:alpine
+#### Alpine based version (`-alpine` suffix)
-This image is based on the nginx:alpine image. Use this image to fully support HTTP/2 (including ALPN required by recent Chrome versions). A valid certificate is required as well (see eg. below "SSL Support using an ACME CA" for more info).
+This image is based on the nginx:alpine image.
 ```console
-docker pull nginxproxy/nginx-proxy:alpine
+docker pull nginxproxy/nginx-proxy:1.6-alpine
 ```
-### Docker Compose
+> [!IMPORTANT]
 >
 > #### A note on `latest` and `alpine`:
 >
 > It is not recommended to use the `latest` (`nginxproxy/nginx-proxy`, `nginxproxy/nginx-proxy:latest`) or `alpine` (`nginxproxy/nginx-proxy:alpine`) tag for production setups.
 >
 > [Those tags point](https://hub.docker.com/r/nginxproxy/nginx-proxy/tags) to the latest commit in the `main` branch. They do not carry any promise of stability, and using them will probably put your nginx-proxy setup at risk of experiencing uncontrolled updates to non backward compatible versions (or versions with breaking changes). You should always specify the version you want to use explicitly to ensure your setup doesn't break when the image is updated.
-```yaml
+### Additional documentation
 version: '2'
-services:
+Please check the [docs section](https://github.com/nginx-proxy/nginx-proxy/tree/main/docs).
  nginx-proxy:
    image: nginxproxy/nginx-proxy
    ports:
      - "80:80"
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
-  whoami:
+### Powered by 
    image: jwilder/whoami
    expose:
      - "8000"
    environment:
      - VIRTUAL_HOST=whoami.local
      - VIRTUAL_PORT=8000
 ```
-```console
+[![GoLand logo](https://resources.jetbrains.com/storage/products/company/brand/logos/GoLand_icon.svg)](https://www.jetbrains.com/go/)
-docker-compose up
+[![PyCharm logo](https://resources.jetbrains.com/storage/products/company/brand/logos/PyCharm_icon.svg)](https://www.jetbrains.com/pycharm/)
 curl -H "Host: whoami.local" localhost
 ```
 Example output:
 ```console
 I'm 5b129ab83266
 ```
 ### IPv6 support
 You can activate the IPv6 support for the nginx-proxy container by passing the value `true` to the `ENABLE_IPV6` environment variable:
 ```console
 docker run -d -p 80:80 -e ENABLE_IPV6=true -v /var/run/docker.sock:/tmp/docker.sock:ro nginxproxy/nginx-proxy
 ```
 #### Scoped IPv6 Resolvers
 NginX does not support scoped IPv6 resolvers. In [docker-entrypoint.sh](./docker-entrypoint.sh) the resolvers are parsed from resolv.conf, but any scoped IPv6 addreses will be removed. 
 #### IPv6 NAT
 By default, docker uses IPv6-to-IPv4 NAT. This means all client connections from IPv6 addresses will show docker's internal IPv4 host address. To see true IPv6 client IP addresses, you must [enable IPv6](https://docs.docker.com/config/daemon/ipv6/) and use [ipv6nat](https://github.com/robbertkl/docker-ipv6nat). You must also disable the userland proxy by adding `"userland-proxy": false` to `/etc/docker/daemon.json` and restarting the daemon.
 ### Multiple Hosts
 If you need to support multiple virtual hosts for a container, you can separate each entry with commas.  For example, `foo.bar.com,baz.bar.com,bar.com` and each host will be setup the same.
 ### Virtual Ports
 When your container exposes only one port, nginx-proxy will default to this port, else to port 80.
 If you need to specify a different port, you can set a `VIRTUAL_PORT` env var to select a different one. This variable cannot be set to more than one port.
 For each host defined into `VIRTUAL_HOST`, the associated virtual port is retrieved by order of precedence:
 1. From the `VIRTUAL_PORT` environment variable
 1. From the container's exposed port if there is only one
 1. From the default port 80 when none of the above methods apply
 ### Wildcard Hosts
 You can also use wildcards at the beginning and the end of host name, like `*.bar.com` or `foo.bar.*`. Or even a regular expression, which can be very useful in conjunction with a wildcard DNS service like [nip.io](https://nip.io) or [sslip.io](https://sslip.io), using `~^foo\.bar\..*\.nip\.io` will match `foo.bar.127.0.0.1.nip.io`, `foo.bar.10.0.2.2.nip.io` and all other given IPs. More information about this topic can be found in the nginx documentation about [`server_names`](http://nginx.org/en/docs/http/server_names.html).
 ### Path-based Routing
 You can have multiple containers proxied by the same `VIRTUAL_HOST` by adding a `VIRTUAL_PATH` environment variable containing the absolute path to where the container should be mounted. For example with `VIRTUAL_HOST=foo.example.com` and `VIRTUAL_PATH=/api/v2/service`, then requests to http://foo.example.com/api/v2/service will be routed to the container. If you wish to have a container serve the root while other containers serve other paths, give the root container a `VIRTUAL_PATH` of `/`.  Unmatched paths will be served by the container at `/` or will return the default nginx error page if no container has been assigned `/`.
 It is also possible to specify multiple paths with regex locations like `VIRTUAL_PATH=~^/(app1|alternative1)/`. For further details see the nginx documentation on location blocks. This is not compatible with `VIRTUAL_DEST`.
 The full request URI will be forwarded to the serving container in the `X-Original-URI` header.
 **NOTE**: Your application needs to be able to generate links starting with `VIRTUAL_PATH`. This can be achieved by it being natively on this path or having an option to prepend this path. The application does not need to expect this path in the request.
 #### VIRTUAL_DEST
 This environment variable can be used to rewrite the `VIRTUAL_PATH` part of the requested URL to proxied application. The default value is empty (off).
 Make sure that your settings won't result in the slash missing or being doubled. Both these versions can cause troubles.
 If the application runs natively on this sub-path or has a setting to do so, `VIRTUAL_DEST` should not be set or empty.
 If the requests are expected to not contain a sub-path and the generated links contain the sub-path, `VIRTUAL_DEST=/` should be used.
 ```console
 $ docker run -d -e VIRTUAL_HOST=example.tld -e VIRTUAL_PATH=/app1/ -e VIRTUAL_DEST=/ --name app1 app
 ```
 In this example, the incoming request `http://example.tld/app1/foo` will be proxied as `http://app1/foo` instead of `http://app1/app1/foo`.
 #### Per-VIRTUAL_PATH location configuration
 The same options as from [Per-VIRTUAL_HOST location configuration](#Per-VIRTUAL_HOST-location-configuration) are available on a `VIRTUAL_PATH` basis.
 The only difference is that the filename gets an additional block `HASH=$(echo -n $VIRTUAL_PATH | sha1sum | awk '{ print $1 }')`. This is the sha1-hash of the `VIRTUAL_PATH` (no newline). This is done filename sanitization purposes.
 The used filename is `${VIRTUAL_HOST}_${HASH}_location`
 The filename of the previous example would be `example.tld_8610f6c344b4096614eab6e09d58885349f42faf_location`.
 #### DEFAULT_ROOT
 This environment variable of the nginx proxy container can be used to customize the return error page if no matching path is found. Furthermore it is possible to use anything which is compatible with the `return` statement of nginx.
 For example `DEFAULT_ROOT=418` will return a 418 error page instead of the normal 404 one.
 Another example is `DEFAULT_ROOT="301 https://github.com/nginx-proxy/nginx-proxy/blob/main/README.md"` which would redirect an invalid request to this documentation.
 Nginx variables such as $scheme, $host, and $request_uri can be used. However, care must be taken to make sure the $ signs are escaped properly.
 If you want to use `301 $scheme://$host/myapp1$request_uri` you should use:
 * Bash: `DEFAULT_ROOT='301 $scheme://$host/myapp1$request_uri'`
 * Docker Compose yaml: `- DEFAULT_ROOT: 301 $$scheme://$$host/myapp1$$request_uri`
 ### Multiple Networks
 With the addition of [overlay networking](https://docs.docker.com/engine/userguide/networking/get-started-overlay/) in Docker 1.9, your `nginx-proxy` container may need to connect to backend containers on multiple networks. By default, if you don't pass the `--net` flag when your `nginx-proxy` container is created, it will only be attached to the default `bridge` network. This means that it will not be able to connect to containers on networks other than `bridge`.
 If you want your `nginx-proxy` container to be attached to a different network, you must pass the `--net=my-network` option in your `docker create` or `docker run` command. At the time of this writing, only a single network can be specified at container creation time. To attach to other networks, you can use the `docker network connect` command after your container is created:
 ```console
 docker run -d -p 80:80 -v /var/run/docker.sock:/tmp/docker.sock:ro \
    --name my-nginx-proxy --net my-network nginxproxy/nginx-proxy
 docker network connect my-other-network my-nginx-proxy
 ```
 In this example, the `my-nginx-proxy` container will be connected to `my-network` and `my-other-network` and will be able to proxy to other containers attached to those networks.
 ### Custom external HTTP/HTTPS ports
 If you want to use `nginx-proxy` with different external ports that the default ones of `80` for `HTTP` traffic and `443` for `HTTPS` traffic, you'll have to use the environment variable(s) `HTTP_PORT` and/or `HTTPS_PORT` in addition to the changes to the Docker port mapping. If you change the `HTTPS` port, the redirect for `HTTPS` traffic will also be configured to redirect to the custom port. Typical usage, here with the custom ports `1080` and `10443`:
 ```console
 docker run -d -p 1080:1080 -p 10443:10443 -e HTTP_PORT=1080 -e HTTPS_PORT=10443 -v /var/run/docker.sock:/tmp/docker.sock:ro nginxproxy/nginx-proxy
 ```
 ### Internet vs. Local Network Access
 If you allow traffic from the public internet to access your `nginx-proxy` container, you may want to restrict some containers to the internal network only, so they cannot be accessed from the public internet.  On containers that should be restricted to the internal network, you should set the environment variable `NETWORK_ACCESS=internal`.  By default, the *internal* network is defined as `127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16`.  To change the list of networks considered internal, mount a file on the `nginx-proxy` at `/etc/nginx/network_internal.conf` with these contents, edited to suit your needs:
 ```Nginx
 # These networks are considered "internal"
 allow 127.0.0.0/8;
 allow 10.0.0.0/8;
 allow 192.168.0.0/16;
 allow 172.16.0.0/12;
 # Traffic from all other networks will be rejected
 deny all;
 ```
 When internal-only access is enabled, external clients will be denied with an `HTTP 403 Forbidden`
 > If there is a load-balancer / reverse proxy in front of `nginx-proxy` that hides the client IP (example: AWS Application/Elastic Load Balancer), you will need to use the nginx `realip` module (already installed) to extract the client's IP from the HTTP request headers.  Please see the [nginx realip module configuration](http://nginx.org/en/docs/http/ngx_http_realip_module.html) for more details.  This configuration can be added to a new config file and mounted in `/etc/nginx/conf.d/`.
 ### SSL Backends
 If you would like the reverse proxy to connect to your backend using HTTPS instead of HTTP, set `VIRTUAL_PROTO=https` on the backend container.
 > Note: If you use `VIRTUAL_PROTO=https` and your backend container exposes port 80 and 443, `nginx-proxy` will use HTTPS on port 80.  This is almost certainly not what you want, so you should also include `VIRTUAL_PORT=443`.
 ### uWSGI Backends
 If you would like to connect to uWSGI backend, set `VIRTUAL_PROTO=uwsgi` on the backend container. Your backend container should then listen on a port rather than a socket and expose that port.
 ### FastCGI Backends
 If you would like to connect to FastCGI backend, set `VIRTUAL_PROTO=fastcgi` on the backend container. Your backend container should then listen on a port rather than a socket and expose that port.
 ### FastCGI File Root Directory
 If you use fastcgi,you can set `VIRTUAL_ROOT=xxx`  for your root directory
 ### Default Host
 To set the default host for nginx use the env var `DEFAULT_HOST=foo.bar.com` for example
 ```console
 docker run -d -p 80:80 -e DEFAULT_HOST=foo.bar.com -v /var/run/docker.sock:/tmp/docker.sock:ro nginxproxy/nginx-proxy
 ```
 nginx-proxy will then redirect all requests to a container where `VIRTUAL_HOST` is set to `DEFAULT_HOST`, if they don't match any (other) `VIRTUAL_HOST`. Using the example above requests without matching `VIRTUAL_HOST` will be redirected to a plain nginx instance after running the following command:
 ```console
 docker run -d -e VIRTUAL_HOST=foo.bar.com nginx
 ```
 ### Separate Containers
 nginx-proxy can also be run as two separate containers using the [nginxproxy/docker-gen](https://hub.docker.com/r/nginxproxy/docker-gen) image and the official [nginx](https://registry.hub.docker.com/_/nginx/) image.
 You may want to do this to prevent having the docker socket bound to a publicly exposed container service.
 You can demo this pattern with docker-compose:
 ```console
 docker-compose --file docker-compose-separate-containers.yml up
 curl -H "Host: whoami.local" localhost
 ```
 Example output:
 ```console
 I'm 5b129ab83266
 ```
 To run nginx proxy as a separate container you'll need to have [nginx.tmpl](https://github.com/nginx-proxy/nginx-proxy/blob/main/nginx.tmpl) on your host system.
 First start nginx with a volume:
 ```console
 docker run -d -p 80:80 --name nginx -v /tmp/nginx:/etc/nginx/conf.d -t nginx
 ```
 Then start the docker-gen container with the shared volume and template:
 ```console
 docker run --volumes-from nginx \
    -v /var/run/docker.sock:/tmp/docker.sock:ro \
    -v $(pwd):/etc/docker-gen/templates \
    -t nginxproxy/docker-gen -notify-sighup nginx -watch /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
 ```
 Finally, start your containers with `VIRTUAL_HOST` environment variables.
 ```console
 docker run -e VIRTUAL_HOST=foo.bar.com  ...
 ```
 ### SSL Support using an ACME CA
 [acme-companion](https://github.com/nginx-proxy/acme-companion) is a lightweight companion container for the nginx-proxy. It allows the automated creation/renewal of SSL certificates using the ACME protocol.
 ### SSL Support
 SSL is supported using single host, wildcard and SNI certificates using naming conventions for certificates or optionally specifying a cert name (for SNI) as an environment variable.
 To enable SSL:
 ```console
 docker run -d -p 80:80 -p 443:443 -v /path/to/certs:/etc/nginx/certs -v /var/run/docker.sock:/tmp/docker.sock:ro nginxproxy/nginx-proxy
 ```
 The contents of `/path/to/certs` should contain the certificates and private keys for any virtual hosts in use. The certificate and keys should be named after the virtual host with a `.crt` and `.key` extension. For example, a container with `VIRTUAL_HOST=foo.bar.com` should have a `foo.bar.com.crt` and `foo.bar.com.key` file in the certs directory.
 If you are running the container in a virtualized environment (Hyper-V, VirtualBox, etc...), /path/to/certs must exist in that environment or be made accessible to that environment. By default, Docker is not able to mount directories on the host machine to containers running in a virtual machine.
 #### Diffie-Hellman Groups
 [RFC7919 groups](https://datatracker.ietf.org/doc/html/rfc7919#appendix-A) with key lengths of 2048, 3072, and 4096 bits are [provided by `nginx-proxy`](https://github.com/nginx-proxy/nginx-proxy/dhparam). The ENV `DHPARAM_BITS` can be set to `2048` or `3072` to change from the default 4096-bit key. The DH key file will be located in the container at `/etc/nginx/dhparam/dhparam.pem`. Mounting a different `dhparam.pem` file at that location will override the RFC7919 key.
 To use custom `dhparam.pem` files per-virtual-host, the files should be named after the virtual host with a `dhparam` suffix and `.pem` extension. For example, a container with `VIRTUAL_HOST=foo.bar.com` should have a `foo.bar.com.dhparam.pem` file in the `/etc/nginx/certs` directory.
 > COMPATIBILITY WARNING: The default generated `dhparam.pem` key is 4096 bits for A+ security. Some older clients (like Java 6 and 7) do not support DH keys with over 1024 bits. In order to support these clients, you must provide your own `dhparam.pem`.
 In the separate container setup, no pre-generated key will be available and neither the [nginxproxy/docker-gen](https://hub.docker.com/r/nginxproxy/docker-gen) image, nor the offical [nginx](https://registry.hub.docker.com/_/nginx/) image will provide one. If you still want A+ security in a separate container setup, you should mount an RFC7919 DH key file to the nginx container at `/etc/nginx/dhparam/dhparam.pem`.
 Set `DHPARAM_SKIP` environment variable to `true` to disable using default Diffie-Hellman parameters. The default value is `false`.
 ```console
 docker run -e DHPARAM_SKIP=true ....
 ```
 #### Wildcard Certificates
 Wildcard certificates and keys should be named after the domain name with a `.crt` and `.key` extension. For example `VIRTUAL_HOST=foo.bar.com` would use cert name `bar.com.crt` and `bar.com.key`.
 #### SNI
 If your certificate(s) supports multiple domain names, you can start a container with `CERT_NAME=<name>` to identify the certificate to be used.  For example, a certificate for `*.foo.com` and `*.bar.com` could be named `shared.crt` and `shared.key`.  A container running with `VIRTUAL_HOST=foo.bar.com` and `CERT_NAME=shared` will then use this shared cert.
 #### OCSP Stapling
 To enable OCSP Stapling for a domain, `nginx-proxy` looks for a PEM certificate containing the trusted CA certificate chain at `/etc/nginx/certs/<domain>.chain.pem`, where `<domain>` is the domain name in the `VIRTUAL_HOST` directive. The format of this file is a concatenation of the public PEM CA certificates starting with the intermediate CA most near the SSL certificate, down to the root CA. This is often referred to as the "SSL Certificate Chain". If found, this filename is passed to the NGINX [`ssl_trusted_certificate` directive](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_trusted_certificate) and OCSP Stapling is enabled.
 #### How SSL Support Works
 The default SSL cipher configuration is based on the [Mozilla intermediate profile](https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29) version 5.0 which should provide compatibility with clients back to Firefox 27, Android 4.4.2, Chrome 31, Edge, IE 11 on Windows 7, Java 8u31, OpenSSL 1.0.1, Opera 20, and Safari 9. Note that the DES-based TLS ciphers were removed for security. The configuration also enables HSTS, PFS, OCSP stapling and SSL session caches. Currently TLS 1.2 and 1.3 are supported.
 If you don't require backward compatibility, you can use the [Mozilla modern profile](https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility) profile instead by including the environment variable `SSL_POLICY=Mozilla-Modern` to the nginx-proxy container or to your container. This profile is compatible with clients back to Firefox 63, Android 10.0, Chrome 70, Edge 75, Java 11, OpenSSL 1.1.1, Opera 57, and Safari 12.1.  Note that this profile is **not** compatible with any version of Internet Explorer.
 Other policies available through the `SSL_POLICY` environment variable are [`Mozilla-Old`](https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility) and the [AWS ELB Security Policies](https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-policy-table.html) `AWS-TLS-1-2-2017-01`, `AWS-TLS-1-1-2017-01`, `AWS-2016-08`, `AWS-2015-05`, `AWS-2015-03` and `AWS-2015-02`.
 Note that the `Mozilla-Old` policy should use a 1024 bits DH key for compatibility but this container provides a 4096 bits key. The [Diffie-Hellman Groups](#diffie-hellman-groups) section details different methods of bypassing this, either globally or per virtual-host.
 The default behavior for the proxy when port 80 and 443 are exposed is as follows:
 * If a container has a usable cert, port 80 will redirect to 443 for that container so that HTTPS is always preferred when available.
 * If the container does not have a usable cert, a 503 will be returned.
 Note that in the latter case, a browser may get an connection error as no certificate is available to establish a connection. A self-signed or generic cert named `default.crt` and `default.key` will allow a client browser to make a SSL connection (likely w/ a warning) and subsequently receive a 500.
 To serve traffic in both SSL and non-SSL modes without redirecting to SSL, you can include the environment variable `HTTPS_METHOD=noredirect` (the default is `HTTPS_METHOD=redirect`). You can also disable the non-SSL site entirely with `HTTPS_METHOD=nohttp`, or disable the HTTPS site with `HTTPS_METHOD=nohttps`. `HTTPS_METHOD` can be specified on each container for which you want to override the default behavior or on the proxy container to set it globally. If `HTTPS_METHOD=noredirect` is used, Strict Transport Security (HSTS) is disabled to prevent HTTPS users from being redirected by the client. If you cannot get to the HTTP site after changing this setting, your browser has probably cached the HSTS policy and is automatically redirecting you back to HTTPS. You will need to clear your browser's HSTS cache or use an incognito window / different browser.
 By default, [HTTP Strict Transport Security (HSTS)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security)  is enabled with `max-age=31536000` for HTTPS sites. You can disable HSTS with the environment variable `HSTS=off` or use a custom HSTS configuration like `HSTS=max-age=31536000; includeSubDomains; preload`. 
 *WARNING*: HSTS will force your users to visit the HTTPS version of your site for the `max-age` time - even if they type in `http://` manually.  The only way to get to an HTTP site after receiving an HSTS response is to clear your browser's HSTS cache.
 ### Basic Authentication Support
 In order to be able to secure your virtual host, you have to create a file named as its equivalent VIRTUAL_HOST variable on directory
 /etc/nginx/htpasswd/$VIRTUAL_HOST
 ```console
 docker run -d -p 80:80 -p 443:443 \
    -v /path/to/htpasswd:/etc/nginx/htpasswd \
    -v /path/to/certs:/etc/nginx/certs \
    -v /var/run/docker.sock:/tmp/docker.sock:ro \
    nginxproxy/nginx-proxy
 ```
 You'll need apache2-utils on the machine where you plan to create the htpasswd file. Follow these [instructions](http://httpd.apache.org/docs/2.2/programs/htpasswd.html)
 ### Headers
 By default, `nginx-proxy` forwards all incoming request headers from the client to the backend server unmodified, with the following exceptions:
  * `Connection`: Set to `upgrade` if the client sets the `Upgrade` header, otherwise set to `close`. (Keep-alive between `nginx-proxy` and the backend server is not supported.)
  * `Proxy`: Always removed if present. This prevents attackers from using the so-called [httpoxy attack](http://httpoxy.org). There is no legitimate reason for a client to send this header, and there are many vulnerable languages / platforms (`CVE-2016-5385`, `CVE-2016-5386`, `CVE-2016-5387`, `CVE-2016-5388`, `CVE-2016-1000109`, `CVE-2016-1000110`, `CERT-VU#797896`).
  * `X-Real-IP`: Set to the client's IP address.
  * `X-Forwarded-For`: The client's IP address is appended to the value provided by the client. (If the client did not provide this header, it is set to the client's IP address.)
  * `X-Forwarded-Host`: If the client did not provide this header or if the `TRUST_DOWNSTREAM_PROXY` environment variable is set to `false` (see below), this is set to the value of the `Host` header provided by the client. Otherwise, the header is forwarded to the backend server unmodified.
  * `X-Forwarded-Proto`: If the client did not provide this header or if the `TRUST_DOWNSTREAM_PROXY` environment variable is set to `false` (see below), this is set to `http` for plain HTTP connections and `https` for TLS connections. Otherwise, the header is forwarded to the backend server unmodified.
  * `X-Forwarded-Ssl`: Set to `on` if the `X-Forwarded-Proto` header sent to the backend server is `https`, otherwise set to `off`.
  * `X-Forwarded-Port`: If the client did not provide this header or if the `TRUST_DOWNSTREAM_PROXY` environment variable is set to `false` (see below), this is set to the port of the server that accepted the client's request. Otherwise, the header is forwarded to the backend server unmodified.
  * `X-Original-URI`: Set to the original request URI.
 #### Trusting Downstream Proxy Headers
 For legacy compatibility reasons, `nginx-proxy` forwards any client-supplied `X-Forwarded-Proto` (which affects the value of `X-Forwarded-Ssl`), `X-Forwarded-Host`, and `X-Forwarded-Port` headers unchecked and unmodified. To prevent malicious clients from spoofing the protocol, hostname, or port that is perceived by your backend server, you are encouraged to set the `TRUST_DOWNSTREAM_PROXY` value to `false` if:
  * you do not operate a second reverse proxy downstream of `nginx-proxy`, or
  * you do operate a second reverse proxy downstream of `nginx-proxy` but that proxy forwards those headers unchecked from untrusted clients.
 The default for `TRUST_DOWNSTREAM_PROXY` may change to `false` in a future version of `nginx-proxy`. If you require it to be enabled, you are encouraged to explicitly set it to `true` to avoid compatibility problems when upgrading.
 ### Custom Nginx Configuration
 If you need to configure Nginx beyond what is possible using environment variables, you can provide custom configuration files on either a proxy-wide or per-`VIRTUAL_HOST` basis.
 #### Replacing default proxy settings
 If you want to replace the default proxy settings for the nginx container, add a configuration file at `/etc/nginx/proxy.conf`. A file with the default settings would look like this:
 ```Nginx
 # HTTP 1.1 support
 proxy_http_version 1.1;
 proxy_buffering off;
 proxy_set_header Host $http_host;
 proxy_set_header Upgrade $http_upgrade;
 proxy_set_header Connection $proxy_connection;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header X-Forwarded-Host $proxy_x_forwarded_host;
 proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
 proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
 proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
 proxy_set_header X-Original-URI $request_uri;
 # Mitigate httpoxy attack (see README for details)
 proxy_set_header Proxy "";
 ```
 ***NOTE***: If you provide this file it will replace the defaults; you may want to check the .tmpl file to make sure you have all of the needed options.
 #### Proxy-wide
 To add settings on a proxy-wide basis, add your configuration file under `/etc/nginx/conf.d` using a name ending in `.conf`.
 This can be done in a derived image by creating the file in a `RUN` command or by `COPY`ing the file into `conf.d`:
 ```Dockerfile
 FROM nginxproxy/nginx-proxy
 RUN { \
      echo 'server_tokens off;'; \
      echo 'client_max_body_size 100m;'; \
    } > /etc/nginx/conf.d/my_proxy.conf
 ```
 Or it can be done by mounting in your custom configuration in your `docker run` command:
 ```console
 docker run -d -p 80:80 -p 443:443 -v /path/to/my_proxy.conf:/etc/nginx/conf.d/my_proxy.conf:ro -v /var/run/docker.sock:/tmp/docker.sock:ro nginxproxy/nginx-proxy
 ```
 #### Per-VIRTUAL_HOST
 To add settings on a per-`VIRTUAL_HOST` basis, add your configuration file under `/etc/nginx/vhost.d`. Unlike in the proxy-wide case, which allows multiple config files with any name ending in `.conf`, the per-`VIRTUAL_HOST` file must be named exactly after the `VIRTUAL_HOST`.
 In order to allow virtual hosts to be dynamically configured as backends are added and removed, it makes the most sense to mount an external directory as `/etc/nginx/vhost.d` as opposed to using derived images or mounting individual configuration files.
 For example, if you have a virtual host named `app.example.com`, you could provide a custom configuration for that host as follows:
 ```console
 docker run -d -p 80:80 -p 443:443 -v /path/to/vhost.d:/etc/nginx/vhost.d:ro -v /var/run/docker.sock:/tmp/docker.sock:ro nginxproxy/nginx-proxy
 { echo 'server_tokens off;'; echo 'client_max_body_size 100m;'; } > /path/to/vhost.d/app.example.com
 ```
 If you are using multiple hostnames for a single container (e.g. `VIRTUAL_HOST=example.com,www.example.com`), the virtual host configuration file must exist for each hostname. If you would like to use the same configuration for multiple virtual host names, you can use a symlink:
 ```console
 { echo 'server_tokens off;'; echo 'client_max_body_size 100m;'; } > /path/to/vhost.d/www.example.com
 ln -s /path/to/vhost.d/www.example.com /path/to/vhost.d/example.com
 ```
 #### Per-VIRTUAL_HOST default configuration
 If you want most of your virtual hosts to use a default single configuration and then override on a few specific ones, add those settings to the `/etc/nginx/vhost.d/default` file. This file will be used on any virtual host which does not have a `/etc/nginx/vhost.d/{VIRTUAL_HOST}` file associated with it.
 #### Per-VIRTUAL_HOST location configuration
 To add settings to the "location" block on a per-`VIRTUAL_HOST` basis, add your configuration file under `/etc/nginx/vhost.d` just like the previous section except with the suffix `_location`.
 For example, if you have a virtual host named `app.example.com` and you have configured a proxy_cache `my-cache` in another custom file, you could tell it to use a proxy cache as follows:
 ```console
 docker run -d -p 80:80 -p 443:443 -v /path/to/vhost.d:/etc/nginx/vhost.d:ro -v /var/run/docker.sock:/tmp/docker.sock:ro nginxproxy/nginx-proxy
 { echo 'proxy_cache my-cache;'; echo 'proxy_cache_valid  200 302  60m;'; echo 'proxy_cache_valid  404 1m;' } > /path/to/vhost.d/app.example.com_location
 ```
 If you are using multiple hostnames for a single container (e.g. `VIRTUAL_HOST=example.com,www.example.com`), the virtual host configuration file must exist for each hostname. If you would like to use the same configuration for multiple virtual host names, you can use a symlink:
 ```console
 { echo 'proxy_cache my-cache;'; echo 'proxy_cache_valid  200 302  60m;'; echo 'proxy_cache_valid  404 1m;' } > /path/to/vhost.d/app.example.com_location
 ln -s /path/to/vhost.d/www.example.com /path/to/vhost.d/example.com
 ```
 #### Per-VIRTUAL_HOST location default configuration
 If you want most of your virtual hosts to use a default single `location` block configuration and then override on a few specific ones, add those settings to the `/etc/nginx/vhost.d/default_location` file. This file will be used on any virtual host which does not have a `/etc/nginx/vhost.d/{VIRTUAL_HOST}_location` file associated with it.
 #### Per-VIRTUAL_HOST `server_tokens` configuration
 Per virtual-host `servers_tokens` directive can be configured by passing appropriate value to the `SERVER_TOKENS` environment variable. Please see the [nginx http_core module configuration](https://nginx.org/en/docs/http/ngx_http_core_module.html#server_tokens) for more details.
 ### Unhashed vs SHA1 upstream names
 By default the nginx configuration `upstream` blocks will use this block's corresponding hostname as a predictable name. However, this can cause issues in some setups (see [this issue](https://github.com/nginx-proxy/nginx-proxy/issues/1162)). In those cases you might want to switch to SHA1 names for the `upstream` blocks by setting the `SHA1_UPSTREAM_NAME` environment variable to `true` on the nginx-proxy container.
 Please note that using regular expressions in `VIRTUAL_HOST` will always result in a corresponding `upstream` block with an SHA1 name.
 ### Troubleshooting
 In case you can't access your VIRTUAL_HOST, set `DEBUG=true` in the client container's environment and have a look at the generated nginx configuration file `/etc/nginx/conf.d/default.conf`:
 ```console
 docker exec <nginx-proxy-instance> cat /etc/nginx/conf.d/default.conf
 ```
 Especially at `upstream` definition blocks which should look like:
 ```Nginx
 # foo.example.com
 upstream foo.example.com {
 	## Can be connected with "my_network" network
 	# Exposed ports: [{   <exposed_port1>  tcp } {   <exposed_port2>  tcp } ...]
 	# Default virtual port: <exposed_port|80>
 	# VIRTUAL_PORT: <VIRTUAL_PORT>
 	# foo
 	server 172.18.0.9:<Port>;
 	# Fallback entry
 	server 127.0.0.1 down;
 }
 ```
 The effective `Port` is retrieved by order of precedence:
 1. From the `VIRTUAL_PORT` environment variable
 1. From the container's exposed port if there is only one
 1. From the default port 80 when none of the above methods apply
 ### Contributing
 Before submitting pull requests or issues, please check github to make sure an existing issue or pull request is not already open.
 #### Running Tests Locally
 To run tests, you just need to run the command below:
 ```console
 make test
 ```
 This commands run tests on two variants of the nginx-proxy docker image: Debian and Alpine.
 You can run the tests for each of these images with their respective commands:
 ```console
 make test-debian
 make test-alpine
 ```
 You can learn more about how the test suite works and how to write new tests in the [test/README.md](test/README.md) file.
--- a/app/Procfile
+++ b/app/Procfile
@ -1,2 +1,2 @@
 dockergen: docker-gen -watch -notify "nginx -s reload" /app/nginx.tmpl /etc/nginx/conf.d/default.conf
-nginx: nginx
+nginx: nginx -g "daemon off;"
--- a/docker-compose-separate-containers.yml
+++ b/docker-compose-separate-containers.yml
@ -1,4 +1,6 @@
-version: '2'
+volumes:
  nginx_conf:
 services:
  nginx:
    image: nginx
@ -6,19 +8,17 @@ services:
    ports:
      - "80:80"
    volumes:
-      - /etc/nginx/conf.d
+      - nginx_conf:/etc/nginx/conf.d:ro
  dockergen:
    image: nginxproxy/docker-gen
-    command: -notify-sighup nginx -watch /etc/docker-gen/templates/nginx.tmpl
+    command: -notify-sighup nginx -watch /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
      /etc/nginx/conf.d/default.conf
    volumes_from:
      - nginx
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - ./nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl
      - nginx_conf:/etc/nginx/conf.d
  whoami:
    image: jwilder/whoami
    environment:
-      - VIRTUAL_HOST=whoami.local
+      - VIRTUAL_HOST=whoami.example
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,4 +1,3 @@
 version: '2'
 services:
  nginx-proxy:
    image: nginxproxy/nginx-proxy
@ -8,7 +7,10 @@ services:
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
    # if you want to proxy based on host ports, you'll want to use the host network
    # network_mode: "host"
  whoami:
    image: jwilder/whoami
    environment:
-      - VIRTUAL_HOST=whoami.local
+      - VIRTUAL_HOST=whoami.example
--- a/docs/README.md
+++ b/docs/README.md
--- a/nginx.tmpl
+++ b/nginx.tmpl
--- a/test/README.md
+++ b/test/README.md
@ -4,12 +4,10 @@ Nginx proxy test suite
 Install requirements
 --------------------
-You need [python 3.9](https://www.python.org/) and [pip](https://pip.pypa.io/en/stable/installing/) installed. Then run the commands:
+You need [Docker Compose v2](https://docs.docker.com/compose/install/linux/), [python 3.9](https://www.python.org/) and [pip](https://pip.pypa.io/en/stable/installation/)  installed. Then run the commands:
    pip install -r requirements/python-requirements.txt
 Prepare the nginx-proxy test image
 ----------------------------------
@ -28,12 +26,25 @@ need more verbosity ?
    pytest -s
 Note: By default this test suite relies on Docker Compose v2 with the command `docker compose`. It still supports Docker Compose v1 via the `DOCKER_COMPOSE` environment variable:
    DOCKER_COMPOSE=docker-compose pytest
 Run one single test module
 --------------------------
    pytest test_nominal.py
 Run the test suite from a Docker container
 ------------------------------------------
 If you cannot (or don't want to) install pytest and its requirements on your computer. You can use the nginx-proxy-tester docker image to run the test suite from a Docker container.
    make test-debian
 or if you want to test the alpine flavor:
    make test-alpine
 Write a test module
 -------------------
@ -46,13 +57,39 @@ This test suite uses [pytest](http://doc.pytest.org/en/latest/). The [conftest.p
 ### docker_compose fixture
-When using the `docker_compose` fixture in a test, pytest will try to find a yml file named after your test module filename. For instance, if your test module is `test_example.py`, then the `docker_compose` fixture will try to load a `test_example.yml` [docker compose file](https://docs.docker.com/compose/compose-file/).
+When using the `docker_compose` fixture in a test, pytest will try to start the [Docker Compose](https://docs.docker.com/compose/) services corresponding to the current test module, based on the test module filename.
-Once the docker compose file found, the fixture will remove all containers, run `docker-compose up`, and finally your test will be executed.
+By default, if your test module file is `test/test_subdir/test_example.py`, then the `docker_compose` fixture will try to load the following files, [merging them](https://docs.docker.com/reference/compose-file/merge/) in this order:
-The fixture will run the _docker-compose_ command with the `-f` option to load the given compose file. So you can test your docker compose file syntax by running it yourself with:
+1. `test/compose.base.yml`
 2. `test/test_subdir/compose.base.override.yml` (if it exists)
 3. `test/test_subdir/test_example.yml`
-    docker-compose -f test_example.yml up -d
+The fixture will run the _docker compose_ command with the `-f` option to load the given compose files. So you can test your docker compose file syntax by running it yourself with:
    docker compose -f test/compose.base.yml -f test/test_subdir/test_example.yml up -d
 The first file contains the base configuration of the nginx-proxy container common to most tests:
 ```yaml
 services:
  nginx-proxy:
    image: nginxproxy/nginx-proxy:test
    container_name: nginx-proxy
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
    ports:
      - "80:80"
      - "443:443"
 ```
 The second optional file allow you to override this base configuration for all test modules in a subfolder.
 The third file contains the services and overrides specific to a given test module.
 This automatic merge can be bypassed by using a file named `test_example.base.yml` (instead of `test_example.yml`). When this file exist, it will be the only one used by the test and no merge with other compose files will automatically occur.
 The `docker_compose` fixture also set the `PYTEST_MODULE_PATH` environment variable to the absolute path of the current test module directory, so it can be used to mount files or directory relatives to the current test.
 In the case you are running pytest from within a docker container, the `docker_compose` fixture will make sure the container running pytest is attached to all docker networks. That way, your test will be able to reach any of them.
@ -60,7 +97,10 @@ In your tests, you can use the `docker_compose` variable to query and command th
 Also this fixture alters the way the python interpreter resolves domain names to IP addresses in the following ways:
-Any domain name containing the substring `nginx-proxy` will resolve to the IP address of the container that was created from the `nginxproxy/nginx-proxy:test` image. So all the following domain names will resolve to the nginx-proxy container in tests:
+Any domain name containing the substring `nginx-proxy` will resolve to `127.0.0.1` if the tests are executed on a Darwin (macOS) system, otherwise the IP address of the container that was created from the `nginxproxy/nginx-proxy:test` image.
 So, in tests, all the following domain names will resolve to either localhost or the nginx-proxy container's IP:
 - `nginx-proxy`
 - `nginx-proxy.com`
 - `www.nginx-proxy.com`
@ -69,14 +109,16 @@ Any domain name containing the substring `nginx-proxy` will resolve to the IP ad
 - `whatever.nginx-proxyooooooo`
 - ...
-Any domain name ending with `XXX.container.docker` will resolve to the IP address of the XXX container.
+Any domain name ending with `XXX.container.docker` will resolve to `127.0.0.1` if the tests are executed on a Darwin (macOS) system, otherwise the IP address of the container named `XXX`.
 So, on a non-Darwin system:
 - `web1.container.docker` will resolve to the IP address of the `web1` container
 - `f00.web1.container.docker` will resolve to the IP address of the `web1` container
 - `anything.whatever.web2.container.docker` will resolve to the IP address of the `web2` container
 Otherwise, domain names are resoved as usual using your system DNS resolver.
 ### nginxproxy fixture
 The `nginxproxy` fixture will provide you with a replacement for the python [requests](https://pypi.python.org/pypi/requests/) module. This replacement will just repeat up to 30 times a requests if it receives the HTTP error 404 or 502. This error occurs when you try to send queries to nginx-proxy too early after the container creation.
--- a/test/certs/create_server_certificate.sh
+++ b/test/certs/create_server_certificate.sh
@ -24,7 +24,7 @@ fi
 # Create a nginx container (which conveniently provides the `openssl` command)
 ###############################################################################
-CONTAINER=$(docker run -d -v $DIR:/work -w /work -e SAN="$ALTERNATE_DOMAINS" nginx:1.19.10)
+CONTAINER=$(docker run -d -v $DIR:/work -w /work -e SAN="$ALTERNATE_DOMAINS" nginx:1.27.3)
 # Configure openssl
 docker exec $CONTAINER bash -c '
 	mkdir -p /ca/{certs,crl,private,newcerts} 2>/dev/null
--- a/test/compose.base.yml
+++ b/test/compose.base.yml
@ -0,0 +1,9 @@
 services:
  nginx-proxy:
    image: nginxproxy/nginx-proxy:test
    container_name: nginx-proxy
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
    ports:
      - "80:80"
      - "443:443"
--- a/test/conftest.py
+++ b/test/conftest.py
@ -1,31 +1,39 @@
 import contextlib
 import logging
 import os
 import pathlib
 import platform
 import re
 import shlex
 import socket
 import subprocess
 import time
-from typing import List
+from io import StringIO
 from typing import Iterator, List, Optional
 import backoff
-import docker
+import docker.errors
 import pytest
 import requests
-from _pytest._code.code import ReprExceptionInfo
+from _pytest.fixtures import FixtureRequest
-from distutils.version import LooseVersion
+from docker import DockerClient
 from docker.models.containers import Container
-from requests.packages.urllib3.util.connection import HAS_IPV6
+from docker.models.networks import Network
 from packaging.version import Version
 from requests import Response
 from urllib3.util.connection import HAS_IPV6
 logging.basicConfig(level=logging.INFO)
 logging.getLogger('backoff').setLevel(logging.INFO)
 logging.getLogger('DNS').setLevel(logging.DEBUG)
 logging.getLogger('requests.packages.urllib3.connectionpool').setLevel(logging.WARN)
-CA_ROOT_CERTIFICATE = os.path.join(os.path.dirname(__file__), 'certs/ca-root.crt')
+CA_ROOT_CERTIFICATE = pathlib.Path(__file__).parent.joinpath("certs/ca-root.crt")
 PYTEST_RUNNING_IN_CONTAINER = os.environ.get('PYTEST_RUNNING_IN_CONTAINER') == "1"
 FORCE_CONTAINER_IPV6 = False  # ugly global state to consider containers' IPv6 address instead of IPv4
 DOCKER_COMPOSE = os.environ.get('DOCKER_COMPOSE', 'docker compose')
 docker_client = docker.from_env()
@ -39,16 +47,17 @@ test_container = 'nginx-proxy-pytest'
 #
 ###############################################################################
@contextlib.contextmanager
-def ipv6(force_ipv6=True):
+def ipv6(force_ipv6: bool = True):
    """
    Meant to be used as a context manager to force IPv6 sockets:
        with ipv6():
-            nginxproxy.get("http://something.nginx-proxy.local")  # force use of IPv6
+            nginxproxy.get("http://something.nginx-proxy.example")  # force use of IPv6
        with ipv6(False):
-            nginxproxy.get("http://something.nginx-proxy.local")  # legacy behavior
+            nginxproxy.get("http://something.nginx-proxy.example")  # legacy behavior
    """
@ -58,19 +67,19 @@ def ipv6(force_ipv6=True):
    FORCE_CONTAINER_IPV6 = False
-class requests_for_docker(object):
+class RequestsForDocker:
    """
    Proxy for calling methods of the requests module.
-    When a HTTP response failed due to HTTP Error 404 or 502, retry a few times.
+    When an HTTP response failed due to HTTP Error 404 or 502, retry a few times.
    Provides method `get_conf` to extract the nginx-proxy configuration content.
    """
    def __init__(self):
        self.session = requests.Session()
-        if os.path.isfile(CA_ROOT_CERTIFICATE):
+        if CA_ROOT_CERTIFICATE.is_file():
-            self.session.verify = CA_ROOT_CERTIFICATE
+            self.session.verify = CA_ROOT_CERTIFICATE.as_posix()
    @staticmethod
-    def get_nginx_proxy_containers() -> List[Container]:
+    def get_nginx_proxy_container() -> Container:
        """
        Return list of containers
        """
@ -79,69 +88,69 @@ class requests_for_docker(object):
            pytest.fail("Too many running nginxproxy/nginx-proxy:test containers", pytrace=False)
        elif len(nginx_proxy_containers) == 0:
            pytest.fail("No running nginxproxy/nginx-proxy:test container", pytrace=False)
-        return nginx_proxy_containers
+        return nginx_proxy_containers.pop()
-    def get_conf(self):
+    def get_conf(self) -> bytes:
        """
        Return the nginx config file
        """
-        nginx_proxy_containers = self.get_nginx_proxy_containers()
+        nginx_proxy_container = self.get_nginx_proxy_container()
-        return get_nginx_conf_from_container(nginx_proxy_containers[0])
+        return get_nginx_conf_from_container(nginx_proxy_container)
    def get_ip(self) -> str:
        """
        Return the nginx container ip address
        """
-        nginx_proxy_containers = self.get_nginx_proxy_containers()
+        nginx_proxy_container = self.get_nginx_proxy_container()
-        return container_ip(nginx_proxy_containers[0])
+        return container_ip(nginx_proxy_container)
-    def get(self, *args, **kwargs):
+    def get(self, *args, **kwargs) -> Response:
        with ipv6(kwargs.pop('ipv6', False)):
            @backoff.on_predicate(backoff.constant, lambda r: r.status_code in (404, 502), interval=.3, max_tries=30, jitter=None)
-            def _get(*args, **kwargs):
+            def _get(*_args, **_kwargs):
-                return self.session.get(*args, **kwargs)
+                return self.session.get(*_args, **_kwargs)
            return _get(*args, **kwargs)
-    def post(self, *args, **kwargs):
+    def post(self, *args, **kwargs) -> Response:
        with ipv6(kwargs.pop('ipv6', False)):
            @backoff.on_predicate(backoff.constant, lambda r: r.status_code in (404, 502), interval=.3, max_tries=30, jitter=None)
-            def _post(*args, **kwargs):
+            def _post(*_args, **_kwargs):
-                return self.session.post(*args, **kwargs)
+                return self.session.post(*_args, **_kwargs)
            return _post(*args, **kwargs)
-    def put(self, *args, **kwargs):
+    def put(self, *args, **kwargs) -> Response:
        with ipv6(kwargs.pop('ipv6', False)):
            @backoff.on_predicate(backoff.constant, lambda r: r.status_code in (404, 502), interval=.3, max_tries=30, jitter=None)
-            def _put(*args, **kwargs):
+            def _put(*_args, **_kwargs):
-                return self.session.put(*args, **kwargs)
+                return self.session.put(*_args, **_kwargs)
            return _put(*args, **kwargs)
-    def head(self, *args, **kwargs):
+    def head(self, *args, **kwargs) -> Response:
        with ipv6(kwargs.pop('ipv6', False)):
            @backoff.on_predicate(backoff.constant, lambda r: r.status_code in (404, 502), interval=.3, max_tries=30, jitter=None)
-            def _head(*args, **kwargs):
+            def _head(*_args, **_kwargs):
-                return self.session.head(*args, **kwargs)
+                return self.session.head(*_args, **_kwargs)
            return _head(*args, **kwargs)
-    def delete(self, *args, **kwargs):
+    def delete(self, *args, **kwargs) -> Response:
        with ipv6(kwargs.pop('ipv6', False)):
            @backoff.on_predicate(backoff.constant, lambda r: r.status_code in (404, 502), interval=.3, max_tries=30, jitter=None)
-            def _delete(*args, **kwargs):
+            def _delete(*_args, **_kwargs):
-                return self.session.delete(*args, **kwargs)
+                return self.session.delete(*_args, **_kwargs)
            return _delete(*args, **kwargs)
-    def options(self, *args, **kwargs):
+    def options(self, *args, **kwargs) -> Response:
        with ipv6(kwargs.pop('ipv6', False)):
            @backoff.on_predicate(backoff.constant, lambda r: r.status_code in (404, 502), interval=.3, max_tries=30, jitter=None)
-            def _options(*args, **kwargs):
+            def _options(*_args, **_kwargs):
-                return self.session.options(*args, **kwargs)
+                return self.session.options(*_args, **_kwargs)
            return _options(*args, **kwargs)
    def __getattr__(self, name):
        return getattr(requests, name)
-def container_ip(container: Container):
+def container_ip(container: Container) -> str:
    """
    return the IP address of a container.
@ -160,26 +169,34 @@ def container_ip(container: Container):
        net_info = container.attrs["NetworkSettings"]["Networks"]
        if "bridge" in net_info:
            return net_info["bridge"]["IPAddress"]
        # container is running in host network mode
        if "host" in net_info:
            return "127.0.0.1"
        # not default bridge network, fallback on first network defined
        network_name = list(net_info.keys())[0]
        return net_info[network_name]["IPAddress"]
-def container_ipv6(container):
+def container_ipv6(container: Container) -> str:
    """
    return the IPv6 address of a container.
    """
    net_info = container.attrs["NetworkSettings"]["Networks"]
    if "bridge" in net_info:
        return net_info["bridge"]["GlobalIPv6Address"]
    # container is running in host network mode
    if "host" in net_info:
        return "::1"
    # not default bridge network, fallback on first network defined
    network_name = list(net_info.keys())[0]
    return net_info[network_name]["GlobalIPv6Address"]
-def nginx_proxy_dns_resolver(domain_name):
+def nginx_proxy_dns_resolver(domain_name: str) -> Optional[str]:
    """
    if "nginx-proxy" if found in host, return the ip address of the docker container
    issued from the docker image nginxproxy/nginx-proxy:test.
@ -191,21 +208,21 @@ def nginx_proxy_dns_resolver(domain_name):
    if 'nginx-proxy' in domain_name:
        nginxproxy_containers = docker_client.containers.list(filters={"status": "running", "ancestor": "nginxproxy/nginx-proxy:test"})
        if len(nginxproxy_containers) == 0:
-            log.warn(f"no container found from image nginxproxy/nginx-proxy:test while resolving {domain_name!r}")
+            log.warning(f"no container found from image nginxproxy/nginx-proxy:test while resolving {domain_name!r}")
            exited_nginxproxy_containers = docker_client.containers.list(filters={"status": "exited", "ancestor": "nginxproxy/nginx-proxy:test"})
            if len(exited_nginxproxy_containers) > 0:
                exited_nginxproxy_container_logs = exited_nginxproxy_containers[0].logs()
-                log.warn(f"nginxproxy/nginx-proxy:test container might have exited unexpectedly. Container logs: " + "\n" + exited_nginxproxy_container_logs.decode())
+                log.warning(f"nginxproxy/nginx-proxy:test container might have exited unexpectedly. Container logs: " + "\n" + exited_nginxproxy_container_logs.decode())
-            return
+            return None
        nginxproxy_container = nginxproxy_containers[0]
        ip = container_ip(nginxproxy_container)
        log.info(f"resolving domain name {domain_name!r} as IP address {ip} of nginx-proxy container {nginxproxy_container.name}")
        return ip
-def docker_container_dns_resolver(domain_name):
+def docker_container_dns_resolver(domain_name: str) -> Optional[str]:
    """
-    if domain name is of the form "XXX.container.docker" or "anything.XXX.container.docker", return the ip address of the docker container
+    if domain name is of the form "XXX.container.docker" or "anything.XXX.container.docker",
-    named XXX.
+    return the ip address of the docker container named XXX.
    :return: IP or None
    """
@ -215,15 +232,15 @@ def docker_container_dns_resolver(domain_name):
    match = re.search(r'(^|.+\.)(?P<container>[^.]+)\.container\.docker$', domain_name)
    if not match:
        log.debug(f"{domain_name!r} does not match")
-        return
+        return None
    container_name = match.group('container')
    log.debug(f"looking for container {container_name!r}")
    try:
        container = docker_client.containers.get(container_name)
    except docker.errors.NotFound:
-        log.warn(f"container named {container_name!r} not found while resolving {domain_name!r}")
+        log.warning(f"container named {container_name!r} not found while resolving {domain_name!r}")
-        return
+        return None
    log.debug(f"container {container.name!r} found ({container.short_id})")
    ip = container_ip(container)
@ -235,7 +252,10 @@ def monkey_patch_urllib_dns_resolver():
    """
    Alter the behavior of the urllib DNS resolver so that any domain name
    containing substring 'nginx-proxy' will resolve to the IP address
-    of the container created from image 'nginxproxy/nginx-proxy:test'.
+    of the container created from image 'nginxproxy/nginx-proxy:test',
    or to 127.0.0.1 on Darwin.
    see https://docs.docker.com/desktop/features/networking/#i-want-to-connect-to-a-container-from-the-host
    """
    prv_getaddrinfo = socket.getaddrinfo
    dns_cache = {}
@ -243,13 +263,18 @@ def monkey_patch_urllib_dns_resolver():
        logging.getLogger('DNS').debug(f"resolving domain name {repr(args)}")
        _args = list(args)
-        # Fail early when querying IP directly and it is forced ipv6 when not supported,
+        # Fail early when querying IP directly, and it is forced ipv6 when not supported,
        # Otherwise a pytest container not using the host network fails to pass `test_raw-ip-vhost`.
        if FORCE_CONTAINER_IPV6 and not HAS_IPV6:
            pytest.skip("This system does not support IPv6")
        # custom DNS resolvers
-        ip = nginx_proxy_dns_resolver(args[0])
+        ip = None
        # Docker Desktop can't route traffic directly to Linux containers.
        if platform.system() == "Darwin":
            ip = "127.0.0.1"
        if ip is None:
            ip = nginx_proxy_dns_resolver(args[0])
        if ip is None:
            ip = docker_container_dns_resolver(args[0])
        if ip is not None:
@ -265,19 +290,12 @@ def monkey_patch_urllib_dns_resolver():
    socket.getaddrinfo = new_getaddrinfo
    return prv_getaddrinfo
 def restore_urllib_dns_resolver(getaddrinfo_func):
    socket.getaddrinfo = getaddrinfo_func
-def remove_all_containers():
+def get_nginx_conf_from_container(container: Container) -> bytes:
    for container in docker_client.containers.list(all=True):
        if PYTEST_RUNNING_IN_CONTAINER and container.name == test_container:
            continue  # pytest is running within a Docker container, so we do not want to remove that particular container
        logging.info(f"removing container {container.name}")
        container.remove(v=True, force=True)
 def get_nginx_conf_from_container(container):
    """
    return the nginx /etc/nginx/conf.d/default.conf file content from a container
    """
@ -292,20 +310,40 @@ def get_nginx_conf_from_container(container):
        return conffile.read()
-def docker_compose_up(compose_file='docker-compose.yml'):
+def __prepare_and_execute_compose_cmd(compose_files: List[str], project_name: str, cmd: str):
-    logging.info(f'docker-compose -f {compose_file} up -d')
+    """
    Prepare and execute the Docker Compose command with the provided compose files and project name.
    """
    compose_cmd = StringIO()
    compose_cmd.write(DOCKER_COMPOSE)
    compose_cmd.write(f" --project-name {project_name}")
    for compose_file in compose_files:
        compose_cmd.write(f" --file {compose_file}")
    compose_cmd.write(f" {cmd}")
    logging.info(compose_cmd.getvalue())
    try:
-        subprocess.check_output(shlex.split(f'docker-compose -f {compose_file} up -d'), stderr=subprocess.STDOUT)
+        subprocess.check_output(shlex.split(compose_cmd.getvalue()), stderr=subprocess.STDOUT)
    except subprocess.CalledProcessError as e:
-        pytest.fail(f"Error while runninng 'docker-compose -f {compose_file} up -d':\n{e.output}", pytrace=False)
+        pytest.fail(f"Error while running '{compose_cmd.getvalue()}':\n{e.output}", pytrace=False)
-def docker_compose_down(compose_file='docker-compose.yml'):
+def docker_compose_up(compose_files: List[str], project_name: str):
-    logging.info(f'docker-compose -f {compose_file} down -v')
+    """
-    try:
+    Execute compose up --detach with the provided compose files and project name.
-        subprocess.check_output(shlex.split(f'docker-compose -f {compose_file} down -v'), stderr=subprocess.STDOUT)
+    """
-    except subprocess.CalledProcessError as e:
+    if compose_files is None or len(compose_files) == 0:
-        pytest.fail(f"Error while runninng 'docker-compose -f {compose_file} down -v':\n{e.output}", pytrace=False)
+        pytest.fail(f"No compose file passed to docker_compose_up", pytrace=False)
    __prepare_and_execute_compose_cmd(compose_files, project_name, cmd="up --detach")
 def docker_compose_down(compose_files: List[str], project_name: str):
    """
    Execute compose down --volumes with the provided compose files and project name.
    """
    if compose_files is None or len(compose_files) == 0:
        pytest.fail(f"No compose file passed to docker_compose_up", pytrace=False)
    __prepare_and_execute_compose_cmd(compose_files, project_name, cmd="down --volumes")
 def wait_for_nginxproxy_to_be_ready():
@ -322,40 +360,52 @@ def wait_for_nginxproxy_to_be_ready():
            logging.debug("nginx-proxy ready")
            break
-def find_docker_compose_file(request):
+
@pytest.fixture
 def docker_compose_files(request: FixtureRequest) -> List[str]:
    """Fixture returning the docker compose files to consider:
    If a YAML file exists with the same name as the test module (with the `.py` extension
    replaced with `.base.yml`, ie `test_foo.py`-> `test_foo.base.yml`) and in the same
    directory as the test module, use only that file.
    Otherwise, merge the following files in this order:
    - the `compose.base.yml` file in the parent `test` directory.
    - if present in the same directory as the test module, the `compose.base.override.yml` file.
    - the YAML file named after the current test module (ie `test_foo.py`-> `test_foo.yml`)
    Tests can override this fixture to specify a custom location.
    """
-    helper for fixture functions to figure out the name of the docker-compose file to consider.
+    compose_files: List[str] = []
    test_module_path = pathlib.Path(request.module.__file__).parent
-    - if the test module provides a `docker_compose_file` variable, take that
+    module_base_file = test_module_path.joinpath(f"{request.module.__name__}.base.yml")
-    - else, if a yaml file exists with the same name as the test module (but for the `.yml` extension), use that
+    if module_base_file.is_file():
-    - otherwise use `docker-compose.yml`.
+        return [module_base_file.as_posix()]
    """
    test_module_dir = os.path.dirname(request.module.__file__)
    yml_file = os.path.join(test_module_dir, request.module.__name__ + '.yml')
    yaml_file = os.path.join(test_module_dir, request.module.__name__ + '.yaml')
    default_file = os.path.join(test_module_dir, 'docker-compose.yml')
-    docker_compose_file_module_variable = getattr(request.module, "docker_compose_file", None)
+    global_base_file = test_module_path.parent.joinpath("compose.base.yml")
-    if docker_compose_file_module_variable is not None:
+    if global_base_file.is_file():
-        docker_compose_file = os.path.join( test_module_dir, docker_compose_file_module_variable)
+        compose_files.append(global_base_file.as_posix())
        if not os.path.isfile(docker_compose_file):
            raise ValueError(f"docker compose file {docker_compose_file!r} could not be found. Check your test module `docker_compose_file` variable value.")
    else:
        if os.path.isfile(yml_file):
            docker_compose_file = yml_file
        elif os.path.isfile(yaml_file):
            docker_compose_file = yaml_file
        else:
            docker_compose_file = default_file
-    if not os.path.isfile(docker_compose_file):
+    module_base_override_file = test_module_path.joinpath("compose.base.override.yml")
-        logging.error("Could not find any docker-compose file named either '{0}.yml', '{0}.yaml' or 'docker-compose.yml'".format(request.module.__name__))
+    if module_base_override_file.is_file():
        compose_files.append(module_base_override_file.as_posix())
-    logging.debug(f"using docker compose file {docker_compose_file}")
+    module_compose_file = test_module_path.joinpath(f"{request.module.__name__}.yml")
-    return docker_compose_file
+    if module_compose_file.is_file():
        compose_files.append(module_compose_file.as_posix())
    if not module_base_file.is_file() and not module_compose_file.is_file():
        logging.error(
            f"Could not find any docker compose file named '{module_base_file.name}' or '{module_compose_file.name}'"
        )
    logging.debug(f"using docker compose files {compose_files}")
    return compose_files
-def connect_to_network(network):
+def connect_to_network(network: Network) -> Optional[Network]:
    """
    If we are running from a container, connect our container to the given network
@ -365,8 +415,8 @@ def connect_to_network(network):
        try:
            my_container = docker_client.containers.get(test_container)
        except docker.errors.NotFound:
-            logging.warn(f"container {test_container} not found")
+            logging.warning(f"container {test_container} not found")
-            return
+            return None
        # figure out our container networks
        my_networks = list(my_container.attrs["NetworkSettings"]["Networks"].keys())
@ -383,7 +433,7 @@ def connect_to_network(network):
            return network
-def disconnect_from_network(network=None):
+def disconnect_from_network(network: Network = None):
    """
    If we are running from a container, disconnect our container from the given network.
@ -393,7 +443,7 @@ def disconnect_from_network(network=None):
        try:
            my_container = docker_client.containers.get(test_container)
        except docker.errors.NotFound:
-            logging.warn(f"container {test_container} not found")
+            logging.warning(f"container {test_container} not found")
            return
        # figure out our container networks
@ -405,7 +455,7 @@ def disconnect_from_network(network=None):
            network.disconnect(my_container)
-def connect_to_all_networks():
+def connect_to_all_networks() -> List[Network]:
    """
    If we are running from a container, connect our container to all current docker networks.
@ -419,42 +469,96 @@ def connect_to_all_networks():
        return [connect_to_network(network) for network in networks]
 class DockerComposer(contextlib.AbstractContextManager):
    def __init__(self):
        self._networks = None
        self._docker_compose_files = None
        self._project_name = None
    def __exit__(self, *exc_info):
        self._down()
    def _down(self):
        if self._docker_compose_files is None:
            return
        for network in self._networks:
            disconnect_from_network(network)
        docker_compose_down(self._docker_compose_files, self._project_name)
        self._docker_compose_file = None
        self._project_name = None
    def compose(self, docker_compose_files: List[str], project_name: str):
        if docker_compose_files == self._docker_compose_files and project_name == self._project_name:
            return
        self._down()
        if docker_compose_files is None or project_name is None:
            return
        docker_compose_up(docker_compose_files, project_name)
        self._networks = connect_to_all_networks()
        wait_for_nginxproxy_to_be_ready()
        time.sleep(3)  # give time to containers to be ready
        self._docker_compose_files = docker_compose_files
        self._project_name = project_name
 ###############################################################################
 #
 # Py.test fixtures
 #
 ###############################################################################
@pytest.fixture(scope="module")
-def docker_compose(request):
+def docker_composer() -> Iterator[DockerComposer]:
-    """
+    with DockerComposer() as d:
-    pytest fixture providing containers described in a docker compose file. After the tests, remove the created containers
+        yield d
    A custom docker compose file name can be defined in a variable named `docker_compose_file`.
-    Also, in the case where pytest is running from a docker container, this fixture makes sure
+@pytest.fixture
-    our container will be attached to all the docker networks.
+def ca_root_certificate() -> str:
-    """
+    return CA_ROOT_CERTIFICATE.as_posix()
-    docker_compose_file = find_docker_compose_file(request)
+
@pytest.fixture
 def monkey_patched_dns():
    original_dns_resolver = monkey_patch_urllib_dns_resolver()
-    remove_all_containers()
+    yield
    docker_compose_up(docker_compose_file)
    networks = connect_to_all_networks()
    wait_for_nginxproxy_to_be_ready()
    time.sleep(3)  # give time to containers to be ready
    yield docker_client
    for network in networks:
        disconnect_from_network(network)
    docker_compose_down(docker_compose_file)
    restore_urllib_dns_resolver(original_dns_resolver)
-@pytest.fixture()
+@pytest.fixture
-def nginxproxy():
+def docker_compose(
        request: FixtureRequest,
        monkeypatch,
        monkey_patched_dns,
        docker_composer,
        docker_compose_files
 ) -> Iterator[DockerClient]:
    """
    Ensures containers necessary for the test module are started in a compose project,
    and set the environment variable `PYTEST_MODULE_PATH` to the test module's parent folder.
    A list of custom docker compose files path can be specified by overriding
    the `docker_compose_file` fixture.
    Also, in the case where pytest is running from a docker container, this fixture
    makes sure our container will be attached to all the docker networks.
    """
    pytest_module_path = pathlib.Path(request.module.__file__).parent
    monkeypatch.setenv("PYTEST_MODULE_PATH", pytest_module_path.as_posix())
    project_name = request.module.__name__
    docker_composer.compose(docker_compose_files, project_name)
    yield docker_client
@pytest.fixture
 def nginxproxy() -> Iterator[RequestsForDocker]:
    """
    Provides the `nginxproxy` object that can be used in the same way the requests module is:
-    r = nginxproxy.get("http://foo.com")
+    r = nginxproxy.get("https://foo.com")
    The difference is that in case an HTTP requests has status code 404 or 502 (which mostly
    indicates that nginx has just reloaded), we retry up to 30 times the query.
@ -463,23 +567,29 @@ def nginxproxy():
    made against containers to use the containers IPv6 address when set to `True`. If IPv6 is not
    supported by the system or docker, that particular test will be skipped.
    """
-    yield requests_for_docker()
+    yield RequestsForDocker()
@pytest.fixture
 def acme_challenge_path() -> str:
    """
    Provides fake Let's Encrypt ACME challenge path used in certain tests
    """
    return ".well-known/acme-challenge/test-filename"
 ###############################################################################
 #
 # Py.test hooks
 #
 ###############################################################################
-# pytest hook to display additionnal stuff in test report
+# pytest hook to display additional stuff in test report
 def pytest_runtest_logreport(report):
    if report.failed:
-        if isinstance(report.longrepr, ReprExceptionInfo):
+        test_containers = docker_client.containers.list(all=True, filters={"ancestor": "nginxproxy/nginx-proxy:test"})
-            test_containers = docker_client.containers.list(all=True, filters={"ancestor": "nginxproxy/nginx-proxy:test"})
+        for container in test_containers:
-            for container in test_containers:
+            report.longrepr.addsection('nginx-proxy logs', container.logs().decode())
-                report.longrepr.addsection('nginx-proxy logs', container.logs())
+            report.longrepr.addsection('nginx-proxy conf', get_nginx_conf_from_container(container).decode())
                report.longrepr.addsection('nginx-proxy conf', get_nginx_conf_from_container(container))
 # Py.test `incremental` marker, see http://stackoverflow.com/a/12579625/107049
@ -506,5 +616,5 @@ try:
 except docker.errors.ImageNotFound:
    pytest.exit("The docker image 'nginxproxy/nginx-proxy:test' is missing")
-if LooseVersion(docker.__version__) < LooseVersion("5.0.0"):
+if Version(docker.__version__) < Version("7.0.0"):
-    pytest.exit("This test suite is meant to work with the python docker module v5.0.0 or later")
+    pytest.exit("This test suite is meant to work with the python docker module v7.0.0 or later")
--- a/test/pytest.ini
+++ b/test/pytest.ini
@ -1,5 +1,5 @@
 [pytest]
 # disable the creation of the `.cache` folders
-addopts = -p no:cacheprovider --ignore=requirements --ignore=certs -r s -v
+addopts = -p no:cacheprovider --ignore=requirements --ignore=certs --color=yes -v
 markers =
-    incremental: mark a test as incremental.
+    incremental: mark a test as incremental.
--- a/test/pytest.sh
+++ b/test/pytest.sh
@ -1,25 +1,28 @@
-#!/bin/bash
+#!/bin/sh
 ###############################################################################
 #                                                                             #
 # This script is meant to run the test suite from a Docker container.         #
 #                                                                             #
-# This is usefull when you want to run the test suite from Mac or             #
+# This is useful when you want to run the test suite from Mac or             #
 # Docker Toolbox.                                                             #
 #                                                                             #
 ###############################################################################
 # Returns the absolute directory path to this script
-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+TESTDIR=$(cd "${0%/*}" && pwd) || exit 1
-ARGS=("$@")
+DIR=$(cd "${TESTDIR}/.." && pwd) || exit 1
 # check requirements
 echo "> Building nginx-proxy-tester image..."
-docker build -t nginx-proxy-tester -f "${DIR}/requirements/Dockerfile-nginx-proxy-tester" "${DIR}/requirements"
+docker build --pull -t nginx-proxy-tester \
  -f "${TESTDIR}/requirements/Dockerfile-nginx-proxy-tester" \
  "${TESTDIR}/requirements" \
  || exit 1
-# run the nginx-proxy-tester container setting the correct value for the working dir in order for 
+# run the nginx-proxy-tester container setting the correct value for the working dir 
-# docker-compose to work properly when run from within that container.
+# in order for docker compose to work properly when run from within that container.
 exec docker run --rm -it --name "nginx-proxy-pytest" \
  --volume "/var/run/docker.sock:/var/run/docker.sock" \
  --volume "${DIR}:${DIR}" \
-  --workdir "${DIR}" \
+  --workdir "${TESTDIR}" \
-  nginx-proxy-tester "${ARGS[@]}"
+  nginx-proxy-tester "$@"
--- a/test/requirements/Dockerfile-nginx-proxy-tester
+++ b/test/requirements/Dockerfile-nginx-proxy-tester
@ -1,9 +1,35 @@
-FROM python:3.9
+FROM python:3.12
 ENV PYTEST_RUNNING_IN_CONTAINER=1
 COPY python-requirements.txt /requirements.txt
 RUN pip install -r /requirements.txt
 # Add Docker's official GPG key
 RUN apt-get update \
  && apt-get install -y \
    ca-certificates \
    curl \
  && install -m 0755 -d /etc/apt/keyrings \
  && curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc \
  && chmod a+r /etc/apt/keyrings/docker.asc
 # Add the Docker repository to Apt sources
 RUN echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  tee /etc/apt/sources.list.d/docker.list > /dev/null
 # Install docker-ce-cli and docker-compose-plugin requirements for Pytest docker_compose fixture
 RUN apt-get update \
  && apt-get install -y --no-install-recommends \
    docker-ce-cli \
    docker-compose-plugin \
  && apt-get clean \
  && rm -r /var/lib/apt/lists/*
 # Check if docker compose is available
 RUN docker compose version
 WORKDIR /test
 ENTRYPOINT ["pytest"]
--- a/test/requirements/python-requirements.txt
+++ b/test/requirements/python-requirements.txt
@ -1,5 +1,6 @@
 backoff==2.2.1
-docker-compose==1.29.2
+docker==7.1.0
-docker==6.0.1
+packaging==24.2
-pytest==7.2.1
+pytest==8.3.4
-requests==2.28.2
+requests==2.32.3
 urllib3==2.3.0
--- a/test/requirements/web/Dockerfile
+++ b/test/requirements/web/Dockerfile
@ -1,6 +1,7 @@
 # Docker Image running one (or multiple) webservers listening on all given ports from WEB_PORTS environment variable
-FROM python:3
+FROM python:3-alpine
 RUN apk add --no-cache bash
 COPY ./webserver.py /
 COPY ./entrypoint.sh /
 WORKDIR /opt
--- a/test/requirements/web/entrypoint.sh
+++ b/test/requirements/web/entrypoint.sh
@ -5,11 +5,11 @@ trap '[ ${#PIDS[@]} -gt 0 ] && kill -TERM ${PIDS[@]}' TERM
 declare -a PIDS
 for port in $WEB_PORTS; do
-	echo starting a web server listening on port $port;
+	echo starting a web server listening on port "$port";
-	/webserver.py $port &
+	/webserver.py "$port" &
 	PIDS+=($!)
 done
-wait ${PIDS[@]}
+wait "${PIDS[@]}"
 trap - TERM
-wait ${PIDS[@]}
+wait "${PIDS[@]}"
--- a/test/requirements/web/webserver.py
+++ b/test/requirements/web/webserver.py
@ -14,8 +14,8 @@ class Handler(http.server.SimpleHTTPRequestHandler):
            response_body += self.headers.as_string()
        elif self.path == "/port":
            response_body += f"answer from port {PORT}\n"
-        elif re.match("/status/(\d+)", self.path):
+        elif re.match(r"/status/(\d+)", self.path):
-            result = re.match("/status/(\d+)", self.path)
+            result = re.match(r"/status/(\d+)", self.path)
            response_code = int(result.group(1))
            response_body += f"answer with response code {response_code}\n"
        elif self.path == "/":
@ -28,7 +28,7 @@ class Handler(http.server.SimpleHTTPRequestHandler):
        self.send_header("Content-Type", "text/plain")
        self.end_headers()
-        if (len(response_body)):
+        if len(response_body):
            self.wfile.write(response_body.encode())
 if __name__ == '__main__':
--- a/test/stress_tests/README.md
+++ b/test/stress_tests/README.md
@ -1 +0,0 @@
 This directory contains tests that showcase scenarios known to break the expected behavior of nginx-proxy.
--- a/test/stress_tests/test_deleted_cert/README.md
+++ b/test/stress_tests/test_deleted_cert/README.md
@ -1,5 +0,0 @@
 Test the behavior of nginx-proxy when restarted after deleting a certificate file is was using.
 1. nginx-proxy is created with a virtual host having a certificate
 1. while nginx-proxy is running, the certificate file is deleted
 1. nginx-proxy is then restarted (without removing the container)
--- a/test/stress_tests/test_deleted_cert/certs/web.nginx-proxy.crt
+++ b/test/stress_tests/test_deleted_cert/certs/web.nginx-proxy.crt
@ -1,70 +0,0 @@
 Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4096 (0x1000)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: O=nginx-proxy test suite, CN=www.nginx-proxy.tld
        Validity
            Not Before: Feb 17 23:20:54 2017 GMT
            Not After : Jul  5 23:20:54 2044 GMT
        Subject: CN=web.nginx-proxy
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b6:27:63:a5:c6:e8:f4:7a:94:0e:cc:a2:62:76:
                    6d:5d:33:6f:cf:19:fc:e7:e5:bb:0e:0e:d0:7c:4f:
                    73:4c:48:2b:17:d1:4d:d5:9f:42:08:73:84:54:8c:
                    86:d2:c5:da:59:01:3f:42:22:e0:36:f0:dc:ab:de:
                    0a:bd:26:2b:22:13:87:a6:1f:23:ef:0e:99:27:8b:
                    15:4a:1b:ef:93:c9:6b:91:de:a0:02:0c:62:bb:cc:
                    56:37:e8:25:92:c3:1f:f1:69:d8:7c:a8:33:e0:89:
                    ce:14:67:a0:39:77:88:91:e6:a3:07:97:90:22:88:
                    d0:79:18:63:fb:6f:7e:ee:2b:42:7e:23:f5:e7:da:
                    e9:ee:6a:fa:96:65:9f:e1:2b:15:49:c8:cd:2d:ce:
                    86:4f:2c:2a:67:79:bf:41:30:14:cc:f6:0f:14:74:
                    9e:b6:d3:d0:3b:f0:1b:b8:e8:19:2a:fd:d6:fd:dc:
                    4b:4e:65:7d:9b:bf:37:7e:2d:35:22:2e:74:90:ce:
                    41:35:3d:41:a0:99:db:97:1f:bf:3e:18:3c:48:fb:
                    da:df:c6:4e:4e:b9:67:b8:10:d5:a5:13:03:c4:b7:
                    65:e7:aa:f0:14:4b:d3:4d:ea:fe:8f:69:cf:50:21:
                    63:27:cf:9e:4c:67:15:7b:3f:3b:da:cb:17:80:61:
                    1e:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Alternative Name: 
                DNS:web.nginx-proxy
    Signature Algorithm: sha256WithRSAEncryption
         09:31:be:db:4e:b0:b6:68:da:ae:5b:16:51:29:fc:9f:61:b6:
         5a:2f:3c:35:ef:67:76:97:b0:34:4e:3b:b4:d6:88:19:4f:84:
         2e:73:d3:c0:3a:4c:41:54:6c:bb:67:89:67:ad:25:55:d7:d4:
         80:fe:a7:3f:3d:9e:f1:34:96:d8:da:5a:78:51:c0:63:f1:52:
         29:35:55:f4:7d:70:1c:d3:96:62:7f:64:86:81:52:27:c4:c6:
         10:13:c6:73:56:4d:32:d0:b3:c3:c8:2c:25:83:e4:2b:1d:d4:
         74:30:e5:85:af:2d:b6:a5:6b:fe:5d:d3:3c:00:58:94:f4:6a:
         f5:a6:1d:cf:f9:ed:d5:27:ed:13:24:b2:4f:2b:f3:b8:e4:af:
         0c:1d:fe:e0:6a:01:5e:a2:44:ff:3e:96:fa:6c:39:a3:51:37:
         f3:72:55:d8:2d:29:6e:de:95:b9:d8:e3:1e:65:a5:9c:0d:79:
         2d:39:ab:c7:ac:16:b6:a5:71:4b:35:a4:6c:72:47:1b:72:9c:
         67:58:c1:fc:f6:7f:a7:73:50:7b:d6:27:57:74:a1:31:38:a7:
         31:e3:b9:d4:c9:45:33:ec:ed:16:cf:c5:bd:d0:03:b1:45:3f:
         68:0d:91:5c:26:4e:37:05:74:ed:3e:75:5e:ca:5e:ee:e2:51:
         4b:da:08:99
 -----BEGIN CERTIFICATE-----
 MIIC8zCCAdugAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwPzEfMB0GA1UECgwWbmdp
 bngtcHJveHkgdGVzdCBzdWl0ZTEcMBoGA1UEAwwTd3d3Lm5naW54LXByb3h5LnRs
 ZDAeFw0xNzAyMTcyMzIwNTRaFw00NDA3MDUyMzIwNTRaMBoxGDAWBgNVBAMMD3dl
 Yi5uZ2lueC1wcm94eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALYn
 Y6XG6PR6lA7MomJ2bV0zb88Z/Ofluw4O0HxPc0xIKxfRTdWfQghzhFSMhtLF2lkB
 P0Ii4Dbw3KveCr0mKyITh6YfI+8OmSeLFUob75PJa5HeoAIMYrvMVjfoJZLDH/Fp
 2HyoM+CJzhRnoDl3iJHmoweXkCKI0HkYY/tvfu4rQn4j9efa6e5q+pZln+ErFUnI
 zS3Ohk8sKmd5v0EwFMz2DxR0nrbT0DvwG7joGSr91v3cS05lfZu/N34tNSIudJDO
 QTU9QaCZ25cfvz4YPEj72t/GTk65Z7gQ1aUTA8S3Zeeq8BRL003q/o9pz1AhYyfP
 nkxnFXs/O9rLF4BhHiUCAwEAAaMeMBwwGgYDVR0RBBMwEYIPd2ViLm5naW54LXBy
 b3h5MA0GCSqGSIb3DQEBCwUAA4IBAQAJMb7bTrC2aNquWxZRKfyfYbZaLzw172d2
 l7A0Tju01ogZT4Quc9PAOkxBVGy7Z4lnrSVV19SA/qc/PZ7xNJbY2lp4UcBj8VIp
 NVX0fXAc05Zif2SGgVInxMYQE8ZzVk0y0LPDyCwlg+QrHdR0MOWFry22pWv+XdM8
 AFiU9Gr1ph3P+e3VJ+0TJLJPK/O45K8MHf7gagFeokT/Ppb6bDmjUTfzclXYLSlu
 3pW52OMeZaWcDXktOavHrBa2pXFLNaRsckcbcpxnWMH89n+nc1B71idXdKExOKcx
 47nUyUUz7O0Wz8W90AOxRT9oDZFcJk43BXTtPnVeyl7u4lFL2giZ
 -----END CERTIFICATE-----
--- a/test/stress_tests/test_deleted_cert/certs/web.nginx-proxy.key
+++ b/test/stress_tests/test_deleted_cert/certs/web.nginx-proxy.key
@ -1,27 +0,0 @@
 -----BEGIN RSA PRIVATE KEY-----
 MIIEowIBAAKCAQEAtidjpcbo9HqUDsyiYnZtXTNvzxn85+W7Dg7QfE9zTEgrF9FN
 1Z9CCHOEVIyG0sXaWQE/QiLgNvDcq94KvSYrIhOHph8j7w6ZJ4sVShvvk8lrkd6g
 Agxiu8xWN+glksMf8WnYfKgz4InOFGegOXeIkeajB5eQIojQeRhj+29+7itCfiP1
 59rp7mr6lmWf4SsVScjNLc6GTywqZ3m/QTAUzPYPFHSettPQO/AbuOgZKv3W/dxL
 TmV9m783fi01Ii50kM5BNT1BoJnblx+/Phg8SPva38ZOTrlnuBDVpRMDxLdl56rw
 FEvTTer+j2nPUCFjJ8+eTGcVez872ssXgGEeJQIDAQABAoIBAGQCMFW+ZfyEqHGP
 rMA+oUEAkqy0agSwPwky3QjDXlxNa0uCYSeebtTRB6CcHxHuCzm+04puN4gyqhW6
 rU64fAoTivCMPGBuNWxekmvD9r+/YM4P2u4E+th9EgFT9f0kII+dO30FpKXtQzY0
 xuWGWXcxl+T9M+eiEkPKPmq4BoqgTDo5ty7qDv0ZqksGotKFmdYbtSvgBAueJdwu
 VWJvenI9F42ExBRKOW1aldiRiaYBCLiCVPKJtOg9iuOP9RHUL1SE8xy5I5mm78g3
 a13ji3BNq3yS+VhGjQ7zDy1V1jGupLoJw4I7OThu8hy+B8Vt8EN/iqakufOkjlTN
 xTJ33CkCgYEA5Iymg0NTjWk6aEkFa9pERjfUWqdVp9sWSpFFZZgi55n7LOx6ohi3
 vuLim3is/gYfK2kU/kHGZZLPnT0Rdx0MbOB4XK0CAUlqtUd0IyO4jMZ06g4/kn3N
 e2jLdCCIBoEQuLk4ELxj2mHsLQhEvDrg7nzU2WpTHHhvJbIbDWOAxhsCgYEAzAgv
 rKpanF+QDf4yeKHxAj2rrwRksTw4Pe7ZK/bog/i+HIVDA70vMapqftHbual/IRrB
 JL7hxskoJ/h9c1w4xkWDjqkSKz8/Ihr4dyPfWyGINWbx/rarT/m5MU5SarScoK7o
 Xgb25x+W+61rtI+2JhVRGO86+JiAeT4LkAX88L8CgYAwHHug/jdEeXZWJakCfzwI
 HBCT1M3vO+uBXvtg25ndb0i0uENIhDOJ93EEkW65Osis9r34mBgPocwaqZRXosHO
 2aH8wF6/rpjL+HK2QvrCh7Rs4Pr494qeA/1wQLjhxaGjgToQK9hJTHvPLwJpLWvU
 SGr2Ka+9Oo0LPmb7dorRKQKBgQCLsNcjOodLJMp2KiHYIdfmlt6itzlRd09yZ8Nc
 rHHJWVagJEUbnD1hnbHIHlp3pSqbObwfMmlWNoc9xo3tm6hrZ1CJLgx4e5b3/Ms8
 ltznge/F0DPDFsH3wZwfu+YFlJ7gDKCfL9l/qEsxCS0CtJobPOEHV1NivNbJK8ey
 1ca19QKBgDTdMOUsobAmDEkPQIpxfK1iqYAB7hpRLi79OOhLp23NKeyRNu8FH9fo
 G3DZ4xUi6hP2bwiYugMXDyLKfvxbsXwQC84kGF8j+bGazKNhHqEC1OpYwmaTB3kg
 qL9cHbjWySeRdIsRY/eWmiKjUwmiO54eAe1HWUdcsuz8yM3xf636
 -----END RSA PRIVATE KEY-----
--- a/test/stress_tests/test_deleted_cert/docker-compose.yml
+++ b/test/stress_tests/test_deleted_cert/docker-compose.yml
@ -1,17 +0,0 @@
 web:
  image: web
  expose:
  - "81"
  environment:
    WEB_PORTS: 81
    VIRTUAL_HOST: web.nginx-proxy
 reverseproxy:
  image: nginxproxy/nginx-proxy:test
  container_name: reverseproxy
  environment:
    DEBUG: "true"
  volumes:
  - /var/run/docker.sock:/tmp/docker.sock:ro
  - ./tmp_certs:/etc/nginx/certs:ro
--- a/test/stress_tests/test_deleted_cert/test_restart_while_missing_cert.py
+++ b/test/stress_tests/test_deleted_cert/test_restart_while_missing_cert.py
@ -1,72 +0,0 @@
 import logging
 import os
 from os.path import join, isfile
 from shutil import copy
 from time import sleep
 import pytest
 from requests import ConnectionError
 script_dir = os.path.dirname(__file__)
 pytestmark = pytest.mark.xfail()  # TODO delete this marker once those issues are fixed
@pytest.fixture(scope="module", autouse=True)
 def certs():
    """
    pytest fixture that provides cert and key files into the tmp_certs directory
    """
    file_names = ("web.nginx-proxy.crt", "web.nginx-proxy.key")
    logging.info("copying server cert and key files into tmp_certs")
    for f_name in file_names:
        copy(join(script_dir, "certs", f_name), join(script_dir, "tmp_certs"))
    yield
    logging.info("cleaning up the tmp_cert directory")
    for f_name in file_names:
        if isfile(join(script_dir, "tmp_certs", f_name)):
            os.remove(join(script_dir, "tmp_certs", f_name))
 ###############################################################################
 def test_unknown_virtual_host_is_503(docker_compose, nginxproxy):
    r = nginxproxy.get("http://foo.nginx-proxy/")
    assert r.status_code == 503
 def test_http_web_is_301(docker_compose, nginxproxy):
    r = nginxproxy.get("http://web.nginx-proxy/port", allow_redirects=False)
    assert r.status_code == 301
 def test_https_web_is_200(docker_compose, nginxproxy):
    r = nginxproxy.get("https://web.nginx-proxy/port")
    assert r.status_code == 200
    assert "answer from port 81\n" in r.text
@pytest.mark.incremental
 def test_delete_cert_and_restart_reverseproxy(docker_compose):
    os.remove(join(script_dir, "tmp_certs", "web.nginx-proxy.crt"))
    docker_compose.containers.get("reverseproxy").restart()
    sleep(3)  # give time for the container to initialize
    assert "running" == docker_compose.containers.get("reverseproxy").status
@pytest.mark.incremental
 def test_unknown_virtual_host_is_still_503(nginxproxy):
    r = nginxproxy.get("http://foo.nginx-proxy/")
    assert r.status_code == 503
@pytest.mark.incremental
 def test_http_web_is_now_200(nginxproxy):
    r = nginxproxy.get("http://web.nginx-proxy/port", allow_redirects=False)
    assert r.status_code == 200
    assert "answer from port 81\n" == r.text
@pytest.mark.incremental
 def test_https_web_is_now_broken_since_there_is_no_cert(nginxproxy):
    with pytest.raises(ConnectionError):
        nginxproxy.get("https://web.nginx-proxy/port")
--- a/test/stress_tests/test_deleted_cert/tmp_certs/.gitignore
+++ b/test/stress_tests/test_deleted_cert/tmp_certs/.gitignore
@ -1,2 +0,0 @@
 *
 !.gitignore
--- a/test/test_DOCKER_HOST_unix_socket.yml
+++ b/test/test_DOCKER_HOST_unix_socket.yml
@ -1,23 +0,0 @@
 web1:
  image: web
  expose:
    - "81"
  environment:
    WEB_PORTS: 81
    VIRTUAL_HOST: web1.nginx-proxy.tld
 web2:
  image: web
  expose:
    - "82"
  environment:
    WEB_PORTS: 82
    VIRTUAL_HOST: web2.nginx-proxy.tld
 sut:
  image: nginxproxy/nginx-proxy:test
  volumes:
    - /var/run/docker.sock:/f00.sock:ro
  environment:
    DOCKER_HOST: unix:///f00.sock
--- a/test/test_acme-http-challenge-location/acme_root/.well-known/acme-challenge/test-filename
+++ b/test/test_acme-http-challenge-location/acme_root/.well-known/acme-challenge/test-filename
@ -0,0 +1 @@
 challenge-teststring
--- a/test/test_acme-http-challenge-location/certs/nginx-proxy.tld.crt
+++ b/test/test_acme-http-challenge-location/certs/nginx-proxy.tld.crt
@ -0,0 +1,70 @@
 Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4096 (0x1000)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: O=nginx-proxy test suite, CN=www.nginx-proxy.tld
        Validity
            Not Before: Jan 10 00:08:52 2017 GMT
            Not After : May 28 00:08:52 2044 GMT
        Subject: CN=*.nginx-proxy.tld
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:cb:45:f4:14:9b:fe:64:85:79:4a:36:8d:3d:d1:
                    27:d0:7c:36:28:30:e6:73:80:6f:7c:49:23:d0:6c:
                    17:e4:44:c0:77:4d:9a:c2:bc:24:84:e3:a5:4d:ba:
                    d2:da:51:7b:a1:2a:12:d4:c0:19:55:69:2c:22:27:
                    2d:1a:f6:fc:4b:7f:e9:cb:a8:3c:e8:69:b8:d2:4f:
                    de:4e:50:e2:d0:74:30:7c:42:5a:ae:aa:85:a5:b1:
                    71:4d:c9:7e:86:8b:62:8c:3e:0d:e3:3b:c3:f5:81:
                    0b:8c:68:79:fe:bf:10:fb:ae:ec:11:49:6d:64:5e:
                    1a:7d:b3:92:93:4e:96:19:3a:98:04:a7:66:b2:74:
                    61:2d:41:13:0c:a4:54:0d:2c:78:fd:b4:a3:e8:37:
                    78:9a:de:fa:bc:2e:a8:0f:67:14:58:ce:c3:87:d5:
                    14:0e:8b:29:7d:48:19:b2:a9:f5:b4:e8:af:32:21:
                    67:15:7e:43:52:8b:20:cf:9f:38:43:bf:fd:c8:24:
                    7f:52:a3:88:f2:f1:4a:14:91:2a:6e:91:6f:fb:7d:
                    6a:78:c6:6d:2e:dd:1e:4c:2b:63:bb:3a:43:9c:91:
                    f9:df:d3:08:13:63:86:7d:ce:e8:46:cf:f1:6c:1f:
                    ca:f7:4c:de:d8:4b:e0:da:bc:06:d9:87:0f:ff:96:
                    45:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Alternative Name: 
                DNS:*.nginx-proxy.tld
    Signature Algorithm: sha256WithRSAEncryption
         6e:a5:0e:e4:d3:cc:d5:b7:fc:34:75:89:4e:98:8c:e7:08:06:
         a8:5b:ec:13:7d:83:99:a2:61:b8:d5:12:6e:c5:b4:53:4e:9a:
         22:cd:ad:14:30:6a:7d:58:d7:23:d9:a4:2a:96:a0:40:9e:50:
         9f:ce:f2:fe:8c:dd:9a:ac:99:39:5b:89:2d:ca:e5:3e:c3:bc:
         03:04:1c:12:d9:6e:b8:9f:f0:3a:be:12:44:7e:a4:21:86:73:
         af:d5:00:51:3f:2c:56:70:34:8f:26:b0:7f:b0:cf:cf:7f:f9:
         40:6f:00:29:c4:cf:c3:b7:c2:49:3d:3f:b0:26:78:87:b9:c7:
         6c:1b:aa:6a:1a:dd:c5:eb:f2:69:ba:6d:46:0b:92:49:b5:11:
         3c:eb:48:c7:2f:fb:33:a6:6a:82:a2:ab:f8:1e:5f:7d:e3:b7:
         f2:fd:f5:88:a5:09:4d:a0:bc:f4:3b:cd:d2:8b:d7:57:1f:86:
         3b:d2:3e:a4:92:21:b0:02:0b:e9:e0:c4:1c:f1:78:e2:58:a7:
         26:5f:4c:29:c8:23:f0:6e:12:3f:bd:ad:44:7b:0b:bd:db:ba:
         63:8d:07:c6:9d:dc:46:cc:63:40:ba:5e:45:82:dd:9a:e5:50:
         e8:e7:d7:27:88:fc:6f:1d:8a:e7:5c:49:28:aa:10:29:75:28:
         c7:52:de:f9
 -----BEGIN CERTIFICATE-----
 MIIC9zCCAd+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwPzEfMB0GA1UECgwWbmdp
 bngtcHJveHkgdGVzdCBzdWl0ZTEcMBoGA1UEAwwTd3d3Lm5naW54LXByb3h5LnRs
 ZDAeFw0xNzAxMTAwMDA4NTJaFw00NDA1MjgwMDA4NTJaMBwxGjAYBgNVBAMMESou
 bmdpbngtcHJveHkudGxkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
 y0X0FJv+ZIV5SjaNPdEn0Hw2KDDmc4BvfEkj0GwX5ETAd02awrwkhOOlTbrS2lF7
 oSoS1MAZVWksIictGvb8S3/py6g86Gm40k/eTlDi0HQwfEJarqqFpbFxTcl+hoti
 jD4N4zvD9YELjGh5/r8Q+67sEUltZF4afbOSk06WGTqYBKdmsnRhLUETDKRUDSx4
 /bSj6Dd4mt76vC6oD2cUWM7Dh9UUDospfUgZsqn1tOivMiFnFX5DUosgz584Q7/9
 yCR/UqOI8vFKFJEqbpFv+31qeMZtLt0eTCtjuzpDnJH539MIE2OGfc7oRs/xbB/K
 90ze2Evg2rwG2YcP/5ZFhQIDAQABoyAwHjAcBgNVHREEFTATghEqLm5naW54LXBy
 b3h5LnRsZDANBgkqhkiG9w0BAQsFAAOCAQEAbqUO5NPM1bf8NHWJTpiM5wgGqFvs
 E32DmaJhuNUSbsW0U06aIs2tFDBqfVjXI9mkKpagQJ5Qn87y/ozdmqyZOVuJLcrl
 PsO8AwQcEtluuJ/wOr4SRH6kIYZzr9UAUT8sVnA0jyawf7DPz3/5QG8AKcTPw7fC
 ST0/sCZ4h7nHbBuqahrdxevyabptRguSSbURPOtIxy/7M6ZqgqKr+B5ffeO38v31
 iKUJTaC89DvN0ovXVx+GO9I+pJIhsAIL6eDEHPF44linJl9MKcgj8G4SP72tRHsL
 vdu6Y40Hxp3cRsxjQLpeRYLdmuVQ6OfXJ4j8bx2K51xJKKoQKXUox1Le+Q==
 -----END CERTIFICATE-----
--- a/test/test_acme-http-challenge-location/certs/nginx-proxy.tld.key
+++ b/test/test_acme-http-challenge-location/certs/nginx-proxy.tld.key
@ -0,0 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
 MIIEowIBAAKCAQEAy0X0FJv+ZIV5SjaNPdEn0Hw2KDDmc4BvfEkj0GwX5ETAd02a
 wrwkhOOlTbrS2lF7oSoS1MAZVWksIictGvb8S3/py6g86Gm40k/eTlDi0HQwfEJa
 rqqFpbFxTcl+hotijD4N4zvD9YELjGh5/r8Q+67sEUltZF4afbOSk06WGTqYBKdm
 snRhLUETDKRUDSx4/bSj6Dd4mt76vC6oD2cUWM7Dh9UUDospfUgZsqn1tOivMiFn
 FX5DUosgz584Q7/9yCR/UqOI8vFKFJEqbpFv+31qeMZtLt0eTCtjuzpDnJH539MI
 E2OGfc7oRs/xbB/K90ze2Evg2rwG2YcP/5ZFhQIDAQABAoIBAQCjAro2PNLJMfCO
 fyjNRgmzu6iCmpR0U68T8GN0JPsT576g7e8J828l0pkhuIyW33lRSThIvLSUNf9a
 dChL032H3lBTLduKVh4NKleQXnVFzaeEPoISSFVdButiAhAhPW4OIUVp0OfY3V+x
 fac3j2nDLAfL5SKAtqZv363Py9m66EBYm5BmGTQqT/frQWeCEBvlErQef5RIaU8p
 e2zMWgSNNojVai8U3nKNRvYHWeWXM6Ck7lCvkHhMF+RpbmCZuqhbEARVnehU/Jdn
 QHJ3nxeA2OWpoWKXvAHtSnno49yxq1UIstiQvY+ng5C5i56UlB60UiU2NJ6doZkB
 uQ7/1MaBAoGBAORdcFtgdgRALjXngFWhpCp0CseyUehn1KhxDCG+D1pJ142/ymcf
 oJOzKJPMRNDdDUBMnR1GBfy7rmwvYevI/SMNy2Qs7ofcXPbdtwwvTCToZ1V9/54k
 VfuPBFT+3QzWRvG1tjTV3E4L2VV3nrl2qNPhE5DlfIaU3nQq5Fl0HprJAoGBAOPf
 MWOTGev61CdODO5KN3pLAoamiPs5lEUlz3kM3L1Q52YLITxNDjRj9hWBUATJZOS2
 pLOoYRwmhD7vrnimMc41+NuuFX+4T7hWPc8uSuOxX0VijYtULyNRK57mncG1Fq9M
 RMLbOJ7FD+8jdXNsSMqpQ+pxLJRX/A10O2fOQnbdAoGAL5hV4YWSM0KZHvz332EI
 ER0MXiCJN7HkPZMKH0I4eu3m8hEmAyYxVndBnsQ1F37q0xrkqAQ/HTSUntGlS/og
 4Bxw5pkCwegoq/77tpto+ExDtSrEitYx4XMmSPyxX4qNULU5m3tzJgUML+b1etwD
 Rd2kMU/TC02dq4KBAy/TbRkCgYAl1xN5iJz+XenLGR/2liZ+TWR+/bqzlU006mF4
 pZUmbv/uJxz+yYD5XDwqOA4UrWjuvhG9r9FoflDprp2XdWnB556KxG7XhcDfSJr9
 A5/2DadXe1Ur9O/a+oi2228JEsxQkea9QPA3FVxfBtFjOHEiDlez39VaUP4PMeUH
 iO3qlQKBgFQhdTb7HeYnApYIDHLmd1PvjRvp8XKR1CpEN0nkw8HpHcT1q1MUjQCr
 iT6FQupULEvGmO3frQsgVeRIQDbEdZK3C5xCtn6qOw70sYATVf361BbTtidmU9yV
 THFxwDSVLiVZgFryoY/NtAc27sVdJnGsPRjjaeVgALAsLbmZ1K/H
 -----END RSA PRIVATE KEY-----
--- a/test/test_acme-http-challenge-location/compose.base.override.yml
+++ b/test/test_acme-http-challenge-location/compose.base.override.yml
@ -0,0 +1,6 @@
 services:
  nginx-proxy:
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - ${PYTEST_MODULE_PATH}/certs:/etc/nginx/certs:ro
      - ${PYTEST_MODULE_PATH}/acme_root:/usr/share/nginx/html:ro
--- a/test/test_acme-http-challenge-location/test_acme-http-challenge-location-disabled.py
+++ b/test/test_acme-http-challenge-location/test_acme-http-challenge-location-disabled.py
@ -0,0 +1,27 @@
 def test_redirect_acme_challenge_location_disabled(docker_compose, nginxproxy, acme_challenge_path):
    r = nginxproxy.get(
        f"http://web1.nginx-proxy.tld/{acme_challenge_path}",
        allow_redirects=False
    )
    assert r.status_code == 301
 def test_redirect_acme_challenge_location_enabled(docker_compose, nginxproxy, acme_challenge_path):
    r = nginxproxy.get(
        f"http://web2.nginx-proxy.tld/{acme_challenge_path}",
        allow_redirects=False
    )
    assert r.status_code == 200
 def test_noredirect_acme_challenge_location_disabled(docker_compose, nginxproxy, acme_challenge_path):
    r = nginxproxy.get(
        f"http://web3.nginx-proxy.tld/{acme_challenge_path}",
        allow_redirects=False
    )
    assert r.status_code == 404
 def test_noredirect_acme_challenge_location_enabled(docker_compose, nginxproxy, acme_challenge_path):
    r = nginxproxy.get(
        f"http://web4.nginx-proxy.tld/{acme_challenge_path}",
        allow_redirects=False
    )
    assert r.status_code == 200
--- a/test/test_acme-http-challenge-location/test_acme-http-challenge-location-disabled.yml
+++ b/test/test_acme-http-challenge-location/test_acme-http-challenge-location-disabled.yml
@ -0,0 +1,40 @@
 services:
  nginx-proxy:
    environment:
      ACME_HTTP_CHALLENGE_LOCATION: "false"
  web1:
    image: web
    expose:
      - "81"
    environment:
      WEB_PORTS: "81"
      VIRTUAL_HOST: "web1.nginx-proxy.tld"
  web2:
    image: web
    expose:
      - "82"
    environment:
      WEB_PORTS: "82"
      VIRTUAL_HOST: "web2.nginx-proxy.tld"
      ACME_HTTP_CHALLENGE_LOCATION: "true"
  web3:
    image: web
    expose:
      - "83"
    environment:
      WEB_PORTS: "83"
      VIRTUAL_HOST: "web3.nginx-proxy.tld"
      HTTPS_METHOD: noredirect
  web4:
    image: web
    expose:
      - "84"
    environment:
      WEB_PORTS: "84"
      VIRTUAL_HOST: "web4.nginx-proxy.tld"
      HTTPS_METHOD: noredirect
      ACME_HTTP_CHALLENGE_LOCATION: "true"
--- a/test/test_acme-http-challenge-location/test_acme-http-challenge-location-enabled-is-default.py
+++ b/test/test_acme-http-challenge-location/test_acme-http-challenge-location-enabled-is-default.py
@ -0,0 +1,27 @@
 def test_redirect_acme_challenge_location_enabled(docker_compose, nginxproxy, acme_challenge_path):
    r = nginxproxy.get(
        f"http://web1.nginx-proxy.tld/{acme_challenge_path}",
        allow_redirects=False
    )
    assert r.status_code == 200
 def test_redirect_acme_challenge_location_disabled(docker_compose, nginxproxy, acme_challenge_path):
    r = nginxproxy.get(
        f"http://web2.nginx-proxy.tld/{acme_challenge_path}",
        allow_redirects=False
    )
    assert r.status_code == 301
 def test_noredirect_acme_challenge_location_enabled(docker_compose, nginxproxy, acme_challenge_path):
    r = nginxproxy.get(
        f"http://web3.nginx-proxy.tld/{acme_challenge_path}",
        allow_redirects=False
    )
    assert r.status_code == 200
 def test_noredirect_acme_challenge_location_disabled(docker_compose, nginxproxy, acme_challenge_path):
    r = nginxproxy.get(
        f"http://web4.nginx-proxy.tld/{acme_challenge_path}",
        allow_redirects=False
    )
    assert r.status_code == 404
--- a/test/test_acme-http-challenge-location/test_acme-http-challenge-location-enabled-is-default.yml
+++ b/test/test_acme-http-challenge-location/test_acme-http-challenge-location-enabled-is-default.yml
@ -0,0 +1,36 @@
 services:
  web1:
    image: web
    expose:
      - "81"
    environment:
      WEB_PORTS: "81"
      VIRTUAL_HOST: "web1.nginx-proxy.tld"
  web2:
    image: web
    expose:
      - "82"
    environment:
      WEB_PORTS: "82"
      VIRTUAL_HOST: "web2.nginx-proxy.tld"
      ACME_HTTP_CHALLENGE_LOCATION: "false"
  web3:
    image: web
    expose:
      - "83"
    environment:
      WEB_PORTS: "83"
      VIRTUAL_HOST: "web3.nginx-proxy.tld"
      HTTPS_METHOD: noredirect
  web4:
    image: web
    expose:
      - "84"
    environment:
      WEB_PORTS: "84"
      VIRTUAL_HOST: "web4.nginx-proxy.tld"
      HTTPS_METHOD: noredirect
      ACME_HTTP_CHALLENGE_LOCATION: "false"
--- a/test/test_acme-http-challenge-location/test_acme-http-challenge-location-legacy.py
+++ b/test/test_acme-http-challenge-location/test_acme-http-challenge-location-legacy.py
@ -0,0 +1,13 @@
 def test_redirect_acme_challenge_location_legacy(docker_compose, nginxproxy, acme_challenge_path):
    r = nginxproxy.get(
        f"http://web1.nginx-proxy.tld/{acme_challenge_path}",
        allow_redirects=False
    )
    assert r.status_code == 200
 def test_noredirect_acme_challenge_location_legacy(docker_compose, nginxproxy, acme_challenge_path):
    r = nginxproxy.get(
        f"http://web2.nginx-proxy.tld/{acme_challenge_path}",
        allow_redirects=False
    )
    assert r.status_code == 404
--- a/test/test_acme-http-challenge-location/test_acme-http-challenge-location-legacy.yml
+++ b/test/test_acme-http-challenge-location/test_acme-http-challenge-location-legacy.yml
@ -0,0 +1,21 @@
 services:
  nginx-proxy:
    environment:
      ACME_HTTP_CHALLENGE_LOCATION: "legacy"
  web1:
    image: web
    expose:
      - "81"
    environment:
      WEB_PORTS: "81"
      VIRTUAL_HOST: "web1.nginx-proxy.tld"
  web2:
    image: web
    expose:
      - "82"
    environment:
      WEB_PORTS: "82"
      VIRTUAL_HOST: "web2.nginx-proxy.tld"
      HTTPS_METHOD: noredirect
--- a/test/test_build/test_build.py
+++ b/test/test_build/test_build.py
@ -0,0 +1,66 @@
 """
 Test that nginx-proxy-tester can build successfully
 """
 import pathlib
 import re
 import docker
 import pytest
 client = docker.from_env()
@pytest.fixture(scope = "session")
 def docker_build(request):
    # Define Dockerfile path
    current_file_path = pathlib.Path(__file__)
    dockerfile_path = current_file_path.parent.parent.joinpath("requirements")
    dockerfile_name = "Dockerfile-nginx-proxy-tester"
    # Build the Docker image
    image, logs = client.images.build(
        path = dockerfile_path.as_posix(),
        dockerfile = dockerfile_name,
        rm = True,  # Remove intermediate containers
        tag = "nginx-proxy-tester-ci",  # Tag for the built image
    )
    # Check for build success
    for log in logs:
        if "stream" in log:
            print(log["stream"].strip())
        if "error" in log:
            raise Exception(log["error"])
    def teardown():
        # Clean up after teardown
        client.images.remove(image.id, force=True)
    request.addfinalizer(teardown)
    # Return the image name
    return "nginx-proxy-tester-ci"
 def test_build_nginx_proxy_tester(docker_build):
    assert docker_build == "nginx-proxy-tester-ci"
 def test_run_nginx_proxy_tester(docker_build):
    # Run the container with 'pytest -v' command to output version info
    container = client.containers.run("nginx-proxy-tester-ci",
        command = "pytest -V",
        detach = True,
    )
    # Wait for the container to finish and get the exit code
    result = container.wait()
    exit_code = result.get("StatusCode", 1)  # Default to 1 (error) if not found
    # Get the output logs from the container
    output = container.logs().decode("utf-8").strip()
    # Clean up: Remove the container
    container.remove()
    # Assertions
    assert exit_code == 0, "Container exited with a non-zero exit code"
    assert re.search(r"pytest\s\d+\.\d+\.\d+", output)
--- a/test/test_composev2.py
+++ b/test/test_composev2.py
@ -1,10 +0,0 @@
 import pytest
 def test_unknown_virtual_host(docker_compose, nginxproxy):
    r = nginxproxy.get("http://nginx-proxy/")
    assert r.status_code == 503
 def test_forwards_to_whoami(docker_compose, nginxproxy):
    r = nginxproxy.get("http://web.nginx-proxy.local/port")
    assert r.status_code == 200   
    assert r.text == "answer from port 81\n"
--- a/test/test_composev2.yml
+++ b/test/test_composev2.yml
@ -1,14 +0,0 @@
 version: '2'
 services:
  nginx-proxy:
    image: nginxproxy/nginx-proxy:test
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
  web:
    image: web
    expose:
      - "81"
    environment:
      WEB_PORTS: 81
      VIRTUAL_HOST: web.nginx-proxy.local
--- a/test/test_custom-error-page/50x.html
+++ b/test/test_custom-error-page/50x.html
@ -0,0 +1,23 @@
 <!DOCTYPE html>
 <html>
  <head>
    <title>Maintenance</title>
    <style>
      html {
        color-scheme: light dark;
      }
      body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
      }
    </style>
  </head>
  <body>
    <h1>Damn, there's some maintenance in progress.</h1>
    <p>
      Our apologies for this temporary inconvenience. Regular service
      performance will be re-established shortly.
    </p>
  </body>
 </html>
--- a/test/test_custom-error-page/test_custom-error-page.py
+++ b/test/test_custom-error-page/test_custom-error-page.py
@ -0,0 +1,7 @@
 import re
 def test_custom_error_page(docker_compose, nginxproxy):
    r = nginxproxy.get("http://unknown.nginx-proxy.tld")
    assert r.status_code == 503
    assert re.search(r"Damn, there's some maintenance in progress.", r.text)
--- a/test/test_custom-error-page/test_custom-error-page.yml
+++ b/test/test_custom-error-page/test_custom-error-page.yml
@ -0,0 +1,5 @@
 services:
  nginx-proxy:
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - ${PYTEST_MODULE_PATH}/50x.html:/usr/share/nginx/html/errors/50x.html:ro
--- a/test/test_custom/my_custom_proxy_settings_f00.conf
+++ b/test/test_custom/my_custom_proxy_settings_f00.conf
--- a/test/test_custom/test_defaults-location.py
+++ b/test/test_custom/test_defaults-location.py
@ -1,19 +1,17 @@
 import pytest
 def test_custom_default_conf_does_not_apply_to_unknown_vhost(docker_compose, nginxproxy):
    r = nginxproxy.get("http://nginx-proxy/")
    assert r.status_code == 503
    assert "X-test" not in r.headers
 def test_custom_default_conf_applies_to_web1(docker_compose, nginxproxy):
-    r = nginxproxy.get("http://web1.nginx-proxy.local/port")
+    r = nginxproxy.get("http://web1.nginx-proxy.example/port")
    assert r.status_code == 200   
    assert r.text == "answer from port 81\n"
    assert "X-test" in r.headers
    assert "f00" == r.headers["X-test"]
 def test_custom_default_conf_applies_to_web2(docker_compose, nginxproxy):
-    r = nginxproxy.get("http://web2.nginx-proxy.local/port")
+    r = nginxproxy.get("http://web2.nginx-proxy.example/port")
    assert r.status_code == 200   
    assert r.text == "answer from port 82\n"
    assert "X-test" in r.headers
@ -21,7 +19,7 @@ def test_custom_default_conf_applies_to_web2(docker_compose, nginxproxy):
 def test_custom_default_conf_is_overriden_for_web3(docker_compose, nginxproxy):
-    r = nginxproxy.get("http://web3.nginx-proxy.local/port")
+    r = nginxproxy.get("http://web3.nginx-proxy.example/port")
    assert r.status_code == 200   
    assert r.text == "answer from port 83\n"
    assert "X-test" in r.headers
--- a/test/test_custom/test_defaults-location.yml
+++ b/test/test_custom/test_defaults-location.yml
@ -1,30 +1,30 @@
-nginx-proxy:
+services:
-  image: nginxproxy/nginx-proxy:test
+  nginx-proxy:
-  volumes:
+    volumes:
-    - /var/run/docker.sock:/tmp/docker.sock:ro
+      - /var/run/docker.sock:/tmp/docker.sock:ro
-    - ./my_custom_proxy_settings.conf:/etc/nginx/vhost.d/default_location:ro
+      - ${PYTEST_MODULE_PATH}/my_custom_proxy_settings_f00.conf:/etc/nginx/vhost.d/default_location:ro
-    - ./my_custom_proxy_settings_bar.conf:/etc/nginx/vhost.d/web3.nginx-proxy.local_location:ro
+      - ${PYTEST_MODULE_PATH}/my_custom_proxy_settings_bar.conf:/etc/nginx/vhost.d/web3.nginx-proxy.example_location:ro
-web1:
+  web1:
-  image: web
+    image: web
-  expose:
+    expose:
-    - "81"
+      - "81"
-  environment:
+    environment:
-    WEB_PORTS: 81
+      WEB_PORTS: "81"
-    VIRTUAL_HOST: web1.nginx-proxy.local
+      VIRTUAL_HOST: web1.nginx-proxy.example
-web2:
+  web2:
-  image: web
+    image: web
-  expose:
+    expose:
-    - "82"
+      - "82"
-  environment:
+    environment:
-    WEB_PORTS: 82
+      WEB_PORTS: "82"
-    VIRTUAL_HOST: web2.nginx-proxy.local
+      VIRTUAL_HOST: web2.nginx-proxy.example
-web3:
+  web3:
-  image: web
+    image: web
-  expose:
+    expose:
-    - "83"
+      - "83"
-  environment:
+    environment:
-    WEB_PORTS: 83
+      WEB_PORTS: "83"
-    VIRTUAL_HOST: web3.nginx-proxy.local
+      VIRTUAL_HOST: web3.nginx-proxy.example
--- a/test/test_custom/test_defaults.py
+++ b/test/test_custom/test_defaults.py
@ -1,19 +1,17 @@
 import pytest
 def test_custom_conf_does_not_apply_to_unknown_vhost(docker_compose, nginxproxy):
    r = nginxproxy.get("http://nginx-proxy/")
    assert r.status_code == 503
    assert "X-test" not in r.headers
 def test_custom_conf_applies_to_web1(docker_compose, nginxproxy):
-    r = nginxproxy.get("http://web1.nginx-proxy.local/port")
+    r = nginxproxy.get("http://web1.nginx-proxy.example/port")
    assert r.status_code == 200   
    assert r.text == "answer from port 81\n"
    assert "X-test" in r.headers
    assert "f00" == r.headers["X-test"]
 def test_custom_conf_applies_to_web2(docker_compose, nginxproxy):
-    r = nginxproxy.get("http://web2.nginx-proxy.local/port")
+    r = nginxproxy.get("http://web2.nginx-proxy.example/port")
    assert r.status_code == 200   
    assert r.text == "answer from port 82\n"
    assert "X-test" in r.headers
--- a/test/test_custom/test_defaults.yml
+++ b/test/test_custom/test_defaults.yml
@ -1,23 +1,21 @@
 version: '2'
 services:
  nginx-proxy:
    image: nginxproxy/nginx-proxy:test
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
-      - ./my_custom_proxy_settings.conf:/etc/nginx/proxy.conf:ro
+      - ${PYTEST_MODULE_PATH}/my_custom_proxy_settings_f00.conf:/etc/nginx/proxy.conf:ro
  web1:
    image: web
    expose:
      - "81"
    environment:
-      WEB_PORTS: 81
+      WEB_PORTS: "81"
-      VIRTUAL_HOST: web1.nginx-proxy.local
+      VIRTUAL_HOST: web1.nginx-proxy.example
  web2:
    image: web
    expose:
      - "82"
    environment:
-      WEB_PORTS: 82
+      WEB_PORTS: "82"
-      VIRTUAL_HOST: web2.nginx-proxy.local
+      VIRTUAL_HOST: web2.nginx-proxy.example
--- a/test/test_custom/test_location-per-vhost.py
+++ b/test/test_custom/test_location-per-vhost.py
@ -1,22 +1,27 @@
 import pytest
 def test_custom_conf_does_not_apply_to_unknown_vhost(docker_compose, nginxproxy):
    r = nginxproxy.get("http://nginx-proxy/")
    assert r.status_code == 503
    assert "X-test" not in r.headers
 def test_custom_conf_applies_to_web1(docker_compose, nginxproxy):
-    r = nginxproxy.get("http://web1.nginx-proxy.local/port")
+    r = nginxproxy.get("http://web1.nginx-proxy.example/port")
    assert r.status_code == 200   
    assert r.text == "answer from port 81\n"
    assert "X-test" in r.headers
    assert "f00" == r.headers["X-test"]
 def test_custom_conf_applies_to_regex(docker_compose, nginxproxy):
    r = nginxproxy.get("http://regex.foo.nginx-proxy.example/port")
    assert r.status_code == 200   
    assert r.text == "answer from port 83\n"
    assert "X-test" in r.headers
    assert "bar" == r.headers["X-test"]
 def test_custom_conf_does_not_apply_to_web2(docker_compose, nginxproxy):
-    r = nginxproxy.get("http://web2.nginx-proxy.local/port")
+    r = nginxproxy.get("http://web2.nginx-proxy.example/port")
    assert r.status_code == 200   
    assert r.text == "answer from port 82\n"
    assert "X-test" not in r.headers
 def test_custom_block_is_present_in_nginx_generated_conf(docker_compose, nginxproxy):
-    assert b"include /etc/nginx/vhost.d/web1.nginx-proxy.local_location;" in nginxproxy.get_conf()
+    assert b"include /etc/nginx/vhost.d/web1.nginx-proxy.example_location;" in nginxproxy.get_conf()
--- a/test/test_custom/test_location-per-vhost.yml
+++ b/test/test_custom/test_location-per-vhost.yml
@ -1,23 +1,30 @@
 version: '2'
 services:
  nginx-proxy:
    image: nginxproxy/nginx-proxy:test
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
-      - ./my_custom_proxy_settings.conf:/etc/nginx/vhost.d/web1.nginx-proxy.local_location:ro
+      - ${PYTEST_MODULE_PATH}/my_custom_proxy_settings_f00.conf:/etc/nginx/vhost.d/web1.nginx-proxy.example_location:ro
      - ${PYTEST_MODULE_PATH}/my_custom_proxy_settings_bar.conf:/etc/nginx/vhost.d/561032515ede3ab3a015edfb244608b72409c430_location:ro
  web1:
    image: web
    expose:
      - "81"
    environment:
-      WEB_PORTS: 81
+      WEB_PORTS: "81"
-      VIRTUAL_HOST: web1.nginx-proxy.local
+      VIRTUAL_HOST: web1.nginx-proxy.example
  web2:
    image: web
    expose:
      - "82"
    environment:
-      WEB_PORTS: 82
+      WEB_PORTS: "82"
-      VIRTUAL_HOST: web2.nginx-proxy.local
+      VIRTUAL_HOST: web2.nginx-proxy.example
  regex:
    image: web
    expose:
      - "83"
    environment:
      WEB_PORTS: "83"
      VIRTUAL_HOST: ~^regex.*\.nginx-proxy\.example$
--- a/test/test_custom/test_per-vhost.py
+++ b/test/test_custom/test_per-vhost.py
@ -1,19 +1,24 @@
 import pytest
 def test_custom_conf_does_not_apply_to_unknown_vhost(docker_compose, nginxproxy):
    r = nginxproxy.get("http://nginx-proxy/")
    assert r.status_code == 503
    assert "X-test" not in r.headers
 def test_custom_conf_applies_to_web1(docker_compose, nginxproxy):
-    r = nginxproxy.get("http://web1.nginx-proxy.local/port")
+    r = nginxproxy.get("http://web1.nginx-proxy.example/port")
    assert r.status_code == 200   
    assert r.text == "answer from port 81\n"
    assert "X-test" in r.headers
    assert "f00" == r.headers["X-test"]
 def test_custom_conf_applies_to_regex(docker_compose, nginxproxy):
    r = nginxproxy.get("http://regex.foo.nginx-proxy.example/port")
    assert r.status_code == 200   
    assert r.text == "answer from port 83\n"
    assert "X-test" in r.headers
    assert "bar" == r.headers["X-test"]
 def test_custom_conf_does_not_apply_to_web2(docker_compose, nginxproxy):
-    r = nginxproxy.get("http://web2.nginx-proxy.local/port")
+    r = nginxproxy.get("http://web2.nginx-proxy.example/port")
    assert r.status_code == 200   
    assert r.text == "answer from port 82\n"
    assert "X-test" not in r.headers
--- a/test/test_custom/test_per-vhost.yml
+++ b/test/test_custom/test_per-vhost.yml
@ -1,23 +1,30 @@
 version: '2'
 services:
  nginx-proxy:
    image: nginxproxy/nginx-proxy:test
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
-      - ./my_custom_proxy_settings.conf:/etc/nginx/vhost.d/web1.nginx-proxy.local:ro
+      - ${PYTEST_MODULE_PATH}/my_custom_proxy_settings_f00.conf:/etc/nginx/vhost.d/web1.nginx-proxy.example:ro
      - ${PYTEST_MODULE_PATH}/my_custom_proxy_settings_bar.conf:/etc/nginx/vhost.d/561032515ede3ab3a015edfb244608b72409c430:ro
  web1:
    image: web
    expose:
      - "81"
    environment:
-      WEB_PORTS: 81
+      WEB_PORTS: "81"
-      VIRTUAL_HOST: web1.nginx-proxy.local
+      VIRTUAL_HOST: web1.nginx-proxy.example
  web2:
    image: web
    expose:
      - "82"
    environment:
-      WEB_PORTS: 82
+      WEB_PORTS: "82"
-      VIRTUAL_HOST: web2.nginx-proxy.local
+      VIRTUAL_HOST: web2.nginx-proxy.example
  regex:
    image: web
    expose:
      - "83"
    environment:
      WEB_PORTS: "83"
      VIRTUAL_HOST: ~^regex.*\.nginx-proxy\.example$
--- a/test/test_custom/test_proxy-wide.py
+++ b/test/test_custom/test_proxy-wide.py
@ -1,19 +1,17 @@
 import pytest
 def test_custom_conf_does_not_apply_to_unknown_vhost(docker_compose, nginxproxy):
    r = nginxproxy.get("http://nginx-proxy/")
    assert r.status_code == 503
    assert "X-test" not in r.headers
 def test_custom_conf_applies_to_web1(docker_compose, nginxproxy):
-    r = nginxproxy.get("http://web1.nginx-proxy.local/port")
+    r = nginxproxy.get("http://web1.nginx-proxy.example/port")
    assert r.status_code == 200   
    assert r.text == "answer from port 81\n"
    assert "X-test" in r.headers
    assert "f00" == r.headers["X-test"]
 def test_custom_conf_applies_to_web2(docker_compose, nginxproxy):
-    r = nginxproxy.get("http://web2.nginx-proxy.local/port")
+    r = nginxproxy.get("http://web2.nginx-proxy.example/port")
    assert r.status_code == 200   
    assert r.text == "answer from port 82\n"
    assert "X-test" in r.headers
--- a/test/test_custom/test_proxy-wide.yml
+++ b/test/test_custom/test_proxy-wide.yml
@ -1,23 +1,21 @@
 version: '2'
 services:
  nginx-proxy:
    image: nginxproxy/nginx-proxy:test
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
-      - ./my_custom_proxy_settings.conf:/etc/nginx/conf.d/my_custom_proxy_settings.conf:ro
+      - ${PYTEST_MODULE_PATH}/my_custom_proxy_settings_f00.conf:/etc/nginx/conf.d/my_custom_proxy_settings_f00.conf:ro
  web1:
    image: web
    expose:
      - "81"
    environment:
-      WEB_PORTS: 81
+      WEB_PORTS: "81"
-      VIRTUAL_HOST: web1.nginx-proxy.local
+      VIRTUAL_HOST: web1.nginx-proxy.example
  web2:
    image: web
    expose:
      - "82"
    environment:
-      WEB_PORTS: 82
+      WEB_PORTS: "82"
-      VIRTUAL_HOST: web2.nginx-proxy.local
+      VIRTUAL_HOST: web2.nginx-proxy.example
--- a/test/test_debug-endpoint/test_global.py
+++ b/test/test_debug-endpoint/test_global.py
@ -0,0 +1,48 @@
 import json
 import pytest
 def test_debug_endpoint_is_enabled_globally(docker_compose, nginxproxy):
    r = nginxproxy.get("http://enabled.debug.nginx-proxy.example/nginx-proxy-debug")
    assert r.status_code == 200
    r = nginxproxy.get("http://stripped.debug.nginx-proxy.example/nginx-proxy-debug")
    assert r.status_code == 200
 def test_debug_endpoint_response_contains_expected_values(docker_compose, nginxproxy):   
    r = nginxproxy.get("http://enabled.debug.nginx-proxy.example/nginx-proxy-debug")
    assert r.status_code == 200
    try:
        jsonResponse = json.loads(r.text)
    except ValueError as err:
        pytest.fail("Failed to parse debug endpoint response as JSON: %s" % err, pytrace=False)
    assert jsonResponse["global"]["enable_debug_endpoint"] == "true"
    assert jsonResponse["vhost"]["enable_debug_endpoint"] == True
 def test_debug_endpoint_paths_stripped_if_response_too_long(docker_compose, nginxproxy):   
    r = nginxproxy.get("http://stripped.debug.nginx-proxy.example/nginx-proxy-debug")
    assert r.status_code == 200
    try:
        jsonResponse = json.loads(r.text)
    except ValueError as err:
        pytest.fail("Failed to parse debug endpoint response as JSON: %s" % err, pytrace=False)
    if "paths" in jsonResponse["vhost"]:
        pytest.fail("Expected paths to be stripped from debug endpoint response", pytrace=False)
    assert jsonResponse["warning"] == "Virtual paths configuration for this hostname is too large and has been stripped from response."
 def test_debug_endpoint_hostname_replaced_by_warning_if_regexp(docker_compose, nginxproxy):   
    r = nginxproxy.get("http://regexp.foo.debug.nginx-proxy.example/nginx-proxy-debug")
    assert r.status_code == 200
    try:
        jsonResponse = json.loads(r.text)
    except ValueError as err:
        pytest.fail("Failed to parse debug endpoint response as JSON: %s" % err, pytrace=False)
    assert jsonResponse["vhost"]["hostname"] == "Hostname is a regexp and unsafe to include in the debug response."
 def test_debug_endpoint_is_disabled_per_container(docker_compose, nginxproxy):
    r = nginxproxy.get("http://disabled.debug.nginx-proxy.example/nginx-proxy-debug")
    assert r.status_code == 404  
--- a/test/test_debug-endpoint/test_global.yml
+++ b/test/test_debug-endpoint/test_global.yml
@ -0,0 +1,59 @@
 services:
  nginx-proxy:
    environment:
      DEBUG_ENDPOINT: "true"
  debug_enabled:
    image: web
    expose:
      - "81"
    environment:
      WEB_PORTS: "81"
      VIRTUAL_HOST: enabled.debug.nginx-proxy.example
  debug_stripped:
    image: web
    expose:
      - "82"
    environment:
      WEB_PORTS: "82"
      VIRTUAL_HOST_MULTIPORTS: |-
        stripped.debug.nginx-proxy.example:
          "/1":
          "/2":
          "/3":
          "/4":
          "/5":
          "/6":
          "/7":
          "/8":
          "/9":
          "/10":
          "/11":
          "/12":
          "/13":
          "/14":
          "/15":
          "/16":
          "/17":
          "/18":
          "/19":
          "/20":
  debug_regexp:
    image: web
    expose:
      - "84"
    environment:
      WEB_PORTS: "84"
      VIRTUAL_HOST: ~^regexp.*\.debug.nginx-proxy.example
  debug_disabled:
    image: web
    expose:
      - "83"
    environment:
      WEB_PORTS: "83"
      VIRTUAL_HOST: disabled.debug.nginx-proxy.example
    labels:
      com.github.nginx-proxy.nginx-proxy.debug-endpoint: "false"
--- a/test/test_debug-endpoint/test_per-container.py
+++ b/test/test_debug-endpoint/test_per-container.py
@ -0,0 +1,26 @@
 import json
 import pytest
 def test_debug_endpoint_is_disabled_globally(docker_compose, nginxproxy):
    r = nginxproxy.get("http://disabled1.debug.nginx-proxy.example/nginx-proxy-debug")
    assert r.status_code == 404 
    r = nginxproxy.get("http://disabled2.debug.nginx-proxy.example/nginx-proxy-debug")
    assert r.status_code == 404 
 def test_debug_endpoint_is_enabled_per_container(docker_compose, nginxproxy):
    r = nginxproxy.get("http://enabled.debug.nginx-proxy.example/nginx-proxy-debug")
    assert r.status_code == 200
 def test_debug_endpoint_response_contains_expected_values(docker_compose, nginxproxy):   
    r = nginxproxy.get("http://enabled.debug.nginx-proxy.example/nginx-proxy-debug")
    assert r.status_code == 200
    try:
        jsonResponse = json.loads(r.text)
    except ValueError as err:
        pytest.fail("Failed to parse debug endpoint response as JSON:: %s" % err, pytrace=False)
    assert jsonResponse["global"]["enable_debug_endpoint"] == "false"
    assert jsonResponse["vhost"]["enable_debug_endpoint"] == True
--- a/test/test_debug-endpoint/test_per-container.yml
+++ b/test/test_debug-endpoint/test_per-container.yml
@ -0,0 +1,27 @@
 services:
  debug_disabled1:
    image: web
    expose:
      - "81"
    environment:
      WEB_PORTS: "81"
      VIRTUAL_HOST: disabled1.debug.nginx-proxy.example
  debug_disabled2:
    image: web
    expose:
      - "82"
    environment:
      WEB_PORTS: "82"
      VIRTUAL_HOST: disabled2.debug.nginx-proxy.example
  debug_enabled:
    image: web
    expose:
      - "83"
    environment:
      WEB_PORTS: "83"
      VIRTUAL_HOST: enabled.debug.nginx-proxy.example
    labels:
      com.github.nginx-proxy.nginx-proxy.debug-endpoint: "true"
--- a/test/test_debug/test_proxy-debug-flag.py
+++ b/test/test_debug/test_proxy-debug-flag.py
@ -1,12 +0,0 @@
 import pytest
 import re
 def test_debug_info_is_present_in_nginx_generated_conf(docker_compose, nginxproxy):
    conf = nginxproxy.get_conf().decode('ASCII')
    assert re.search(r"# Exposed ports: \[\{\d+\.\d+\.\d+\.\d+\s+80\s+tcp \} \{\d+\.\d+\.\d+\.\d+\s+81\s+tcp \}\]", conf) or \
           re.search(r"# Exposed ports: \[\{\d+\.\d+\.\d+\.\d+\s+81\s+tcp \} \{\d+\.\d+\.\d+\.\d+\s+80\s+tcp \}\]", conf)
    assert re.search(r"# Exposed ports: \[\{\d+\.\d+\.\d+\.\d+\s+82\s+tcp \} \{\d+\.\d+\.\d+\.\d+\s+83\s+tcp \}\]", conf) or \
           re.search(r"# Exposed ports: \[\{\d+\.\d+\.\d+\.\d+\s+83\s+tcp \} \{\d+\.\d+\.\d+\.\d+\s+82\s+tcp \}\]", conf)
    assert "# Default virtual port: 80" in conf
    assert "# VIRTUAL_PORT: 82" in conf
    assert conf.count("# /!\\ Virtual port not exposed") == 1
--- a/test/test_debug/test_proxy-debug-flag.yml
+++ b/test/test_debug/test_proxy-debug-flag.yml
@ -1,26 +0,0 @@
 web1:
  image: web
  expose:
    - "80"
    - "81"
  environment:
    WEB_PORTS: "80 81"
    VIRTUAL_HOST: "web1.nginx-proxy.tld"
    VIRTUAL_PORT: "82"
 web2:
  image: web
  expose:
    - "82"
    - "83"
  environment:
    WEB_PORTS: "82 83"
    VIRTUAL_HOST: "web2.nginx-proxy.tld"
    VIRTUAL_PORT: "82"
 sut:
  image: nginxproxy/nginx-proxy:test
  volumes:
    - /var/run/docker.sock:/tmp/docker.sock:ro
  environment:
    DEBUG: "true"
--- a/test/test_debug/test_server-debug-flag.py
+++ b/test/test_debug/test_server-debug-flag.py
@ -1,8 +0,0 @@
 import pytest
 import re
 def test_debug_info_is_present_in_nginx_generated_conf(docker_compose, nginxproxy):
    conf = nginxproxy.get_conf().decode('ASCII')
    assert re.search(r"# Exposed ports: \[\{\d+\.\d+\.\d+\.\d+\s+80\s+tcp \} \{\d+\.\d+\.\d+\.\d+\s+81\s+tcp \}\]", conf) or \
           re.search(r"# Exposed ports: \[\{\d+\.\d+\.\d+\.\d+\s+81\s+tcp \} \{\d+\.\d+\.\d+\.\d+\s+80\s+tcp \}\]", conf)
    assert conf.count("# Exposed ports: [{") == 1
--- a/test/test_debug/test_server-debug-flag.yml
+++ b/test/test_debug/test_server-debug-flag.yml
@ -1,25 +0,0 @@
 web1:
  image: web
  expose:
    - "80"
    - "81"
  environment:
    WEB_PORTS: "80 81"
    VIRTUAL_HOST: "web1.nginx-proxy.tld"
    VIRTUAL_PORT: "82"
    DEBUG: "true"
 web2:
  image: web
  expose:
    - "82"
    - "83"
  environment:
    WEB_PORTS: "82 83"
    VIRTUAL_HOST: "web2.nginx-proxy.tld"
    VIRTUAL_PORT: "82"
 sut:
  image: nginxproxy/nginx-proxy:test
  volumes:
    - /var/run/docker.sock:/tmp/docker.sock:ro
--- a/test/test_default-host.yml
+++ b/test/test_default-host.yml
@ -1,17 +0,0 @@
 # GIVEN a webserver with VIRTUAL_HOST set to web1.tld
 web1:
  image: web
  expose:
    - "81"
  environment:
    WEB_PORTS: 81
    VIRTUAL_HOST: web1.tld
 # WHEN nginx-proxy runs with DEFAULT_HOST set to web1.tld
 sut:
  image: nginxproxy/nginx-proxy:test
  volumes:
    - /var/run/docker.sock:/tmp/docker.sock:ro
  environment:
    DEFAULT_HOST: web1.tld
--- a/test/test_default-host/test_default-host.py
+++ b/test/test_default-host/test_default-host.py
@ -1,6 +1,3 @@
 import pytest
 def test_fallback_on_default(docker_compose, nginxproxy):
    r = nginxproxy.get("http://unknown.nginx-proxy.tld/port")
    assert r.status_code == 200
--- a/test/test_default-host/test_default-host.yml
+++ b/test/test_default-host/test_default-host.yml
@ -0,0 +1,12 @@
 services:
  nginx-proxy:
    environment:
      DEFAULT_HOST: web1.tld
  web1:
    image: web
    expose:
      - "81"
    environment:
      WEB_PORTS: "81"
      VIRTUAL_HOST: web1.tld
--- a/test/test_docker-unix-socket/test_docker-unix-socket.py
+++ b/test/test_docker-unix-socket/test_docker-unix-socket.py
@ -1,5 +1,3 @@
 import pytest
 def test_unknown_virtual_host(docker_compose, nginxproxy):
    r = nginxproxy.get("http://nginx-proxy/port")
    assert r.status_code == 503
--- a/test/test_docker-unix-socket/test_docker-unix-socket.yml
+++ b/test/test_docker-unix-socket/test_docker-unix-socket.yml
@ -0,0 +1,22 @@
 services:
  nginx-proxy:
    volumes:
      - /var/run/docker.sock:/f00.sock:ro
    environment:
      DOCKER_HOST: unix:///f00.sock
  web1:
    image: web
    expose:
      - "81"
    environment:
      WEB_PORTS: "81"
      VIRTUAL_HOST: web1.nginx-proxy.tld
  web2:
    image: web
    expose:
      - "82"
    environment:
      WEB_PORTS: "82"
      VIRTUAL_HOST: web2.nginx-proxy.tld
--- a/test/test_dockergen/.gitignore
+++ b/test/test_dockergen/.gitignore
@ -1 +0,0 @@
 nginx.tmpl
--- a/test/test_dockergen/test_dockergen.base.yml
+++ b/test/test_dockergen/test_dockergen.base.yml
@ -1,17 +1,23 @@
-version: '3'
+volumes:
  nginx_conf:
 services:
-  nginx:
+  nginx-proxy-nginx:
    image: nginx
    container_name: nginx
    volumes:
-      - nginx_conf:/etc/nginx/conf.d
+      - nginx_conf:/etc/nginx/conf.d:ro
    ports:
      - "80:80"
      - "443:443"
-  dockergen:
+  nginx-proxy-dockergen:
    image: nginxproxy/docker-gen
    command: -notify-sighup nginx -watch /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
-      - ./nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl
+      - ../../nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl
      - nginx_conf:/etc/nginx/conf.d
  web:
@ -20,8 +26,5 @@ services:
    expose:
      - "80"
    environment:
-      WEB_PORTS: 80
+      WEB_PORTS: "80"
      VIRTUAL_HOST: whoami.nginx.container.docker
 volumes:
  nginx_conf: {}
--- a/test/test_dockergen/test_dockergen.py
+++ b/test/test_dockergen/test_dockergen.py
@ -0,0 +1,27 @@
 import docker
 import pytest
 from packaging.version import Version
 raw_version = docker.from_env().version()["Version"]
 pytestmark = pytest.mark.skipif(
    Version(raw_version) < Version("1.13"),
    reason="Docker compose syntax v3 requires docker engine v1.13 or later (got {raw_version})"
 )
 def test_unknown_virtual_host_is_503(docker_compose, nginxproxy):
    r = nginxproxy.get("http://unknown.nginx.container.docker/")
    assert r.status_code == 503
 def test_forwards_to_whoami(docker_compose, nginxproxy):
    r = nginxproxy.get("http://whoami.nginx.container.docker/")
    assert r.status_code == 200
    whoami_container = docker_compose.containers.get("whoami")
    assert r.text == f"I'm {whoami_container.id[:12]}\n"
 if __name__ == "__main__":
    import doctest
    doctest.testmod()
--- a/test/test_dockergen/test_dockergen_v2.py
+++ b/test/test_dockergen/test_dockergen_v2.py
@ -1,42 +0,0 @@
 import os
 import docker
 import logging
 import pytest
@pytest.fixture(scope="module")
 def nginx_tmpl():
    """
    pytest fixture which extracts the the nginx config template from
    the nginxproxy/nginx-proxy:test image
    """
    script_dir = os.path.dirname(__file__)
    logging.info("extracting nginx.tmpl from nginxproxy/nginx-proxy:test")
    docker_client = docker.from_env()
    print(
        docker_client.containers.run(
            image="nginxproxy/nginx-proxy:test",
            remove=True,
            volumes=["{current_dir}:{current_dir}".format(current_dir=script_dir)],
            entrypoint="sh",
            command='-xc "cp /app/nginx.tmpl {current_dir} && chmod 777 {current_dir}/nginx.tmpl"'.format(
                current_dir=script_dir
            ),
            stderr=True,
        )
    )
    yield
    logging.info("removing nginx.tmpl")
    os.remove(os.path.join(script_dir, "nginx.tmpl"))
 def test_unknown_virtual_host_is_503(nginx_tmpl, docker_compose, nginxproxy):
    r = nginxproxy.get("http://unknown.nginx.container.docker/")
    assert r.status_code == 503
 def test_forwards_to_whoami(nginx_tmpl, docker_compose, nginxproxy):
    r = nginxproxy.get("http://whoami.nginx.container.docker/")
    assert r.status_code == 200
    whoami_container = docker_compose.containers.get("whoami")
    assert r.text == f"I'm {whoami_container.id[:12]}\n"
--- a/test/test_dockergen/test_dockergen_v2.yml
+++ b/test/test_dockergen/test_dockergen_v2.yml
@ -1,26 +0,0 @@
 version: '2'
 services:
  nginx:
    image: nginx
    container_name: nginx
    volumes:
      - /etc/nginx/conf.d
  dockergen:
    image: nginxproxy/docker-gen
    command: -notify-sighup nginx -watch /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
    volumes_from:
      - nginx
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - ./nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl
  web:
    image: web
    container_name: whoami
    expose:
      - "80"
    environment:
      WEB_PORTS: 80
      VIRTUAL_HOST: whoami.nginx.container.docker
--- a/test/test_dockergen/test_dockergen_v3.py
+++ b/test/test_dockergen/test_dockergen_v3.py
@ -1,56 +0,0 @@
 import os
 import docker
 import logging
 import pytest
 import re
 from distutils.version import LooseVersion
 raw_version = docker.from_env().version()["Version"]
 pytestmark = pytest.mark.skipif(
    LooseVersion(raw_version) < LooseVersion("1.13"),
    reason="Docker compose syntax v3 requires docker engine v1.13 or later (got {raw_version})"
 )
@pytest.fixture(scope="module")
 def nginx_tmpl():
    """
    pytest fixture which extracts the the nginx config template from
    the nginxproxy/nginx-proxy:test image
    """
    script_dir = os.path.dirname(__file__)
    logging.info("extracting nginx.tmpl from nginxproxy/nginx-proxy:test")
    docker_client = docker.from_env()
    print(
        docker_client.containers.run(
            image="nginxproxy/nginx-proxy:test",
            remove=True,
            volumes=["{current_dir}:{current_dir}".format(current_dir=script_dir)],
            entrypoint="sh",
            command='-xc "cp /app/nginx.tmpl {current_dir} && chmod 777 {current_dir}/nginx.tmpl"'.format(
                current_dir=script_dir
            ),
            stderr=True,
        )
    )
    yield
    logging.info("removing nginx.tmpl")
    os.remove(os.path.join(script_dir, "nginx.tmpl"))
 def test_unknown_virtual_host_is_503(nginx_tmpl, docker_compose, nginxproxy):
    r = nginxproxy.get("http://unknown.nginx.container.docker/")
    assert r.status_code == 503
 def test_forwards_to_whoami(nginx_tmpl, docker_compose, nginxproxy):
    r = nginxproxy.get("http://whoami.nginx.container.docker/")
    assert r.status_code == 200
    whoami_container = docker_compose.containers.get("whoami")
    assert r.text == f"I'm {whoami_container.id[:12]}\n"
 if __name__ == "__main__":
    import doctest
    doctest.testmod()
--- a/test/test_enable-http-on-missing-cert/test_enable-http-on-missing-cert.py
+++ b/test/test_enable-http-on-missing-cert/test_enable-http-on-missing-cert.py
@ -0,0 +1,15 @@
 def test_nohttp_missing_cert_disabled(docker_compose, nginxproxy):
    r = nginxproxy.get("http://nohttp-missing-cert-disabled.nginx-proxy.tld/", allow_redirects=False)
    assert r.status_code == 503
 def test_nohttp_missing_cert_enabled(docker_compose, nginxproxy):
    r = nginxproxy.get("http://nohttp-missing-cert-enabled.nginx-proxy.tld/", allow_redirects=False)
    assert r.status_code == 200
 def test_redirect_missing_cert_disabled(docker_compose, nginxproxy):
    r = nginxproxy.get("http://redirect-missing-cert-disabled.nginx-proxy.tld/", allow_redirects=False)
    assert r.status_code == 301
 def test_redirect_missing_cert_enabled(docker_compose, nginxproxy):
    r = nginxproxy.get("http://redirect-missing-cert-enabled.nginx-proxy.tld/", allow_redirects=False)
    assert r.status_code == 200
--- a/test/test_enable-http-on-missing-cert/test_enable-http-on-missing-cert.yml
+++ b/test/test_enable-http-on-missing-cert/test_enable-http-on-missing-cert.yml
@ -0,0 +1,40 @@
 services:
  nginx-proxy:
    environment:
      ENABLE_HTTP_ON_MISSING_CERT: "false"
  nohttp-missing-cert-disabled:
    image: web
    expose:
      - "81"
    environment:
      WEB_PORTS: "81"
      VIRTUAL_HOST: nohttp-missing-cert-disabled.nginx-proxy.tld
      HTTPS_METHOD: nohttp
  nohttp-missing-cert-enabled:
    image: web
    expose:
      - "82"
    environment:
      WEB_PORTS: "82"
      VIRTUAL_HOST: nohttp-missing-cert-enabled.nginx-proxy.tld
      HTTPS_METHOD: nohttp
      ENABLE_HTTP_ON_MISSING_CERT: "true"
  redirect-missing-cert-disabled:
    image: web
    expose:
      - "83"
    environment:
      WEB_PORTS: "83"
      VIRTUAL_HOST: redirect-missing-cert-disabled.nginx-proxy.tld
  redirect-missing-cert-enabled:
    image: web
    expose:
      - "84"
    environment:
      WEB_PORTS: "84"
      VIRTUAL_HOST: redirect-missing-cert-enabled.nginx-proxy.tld
      ENABLE_HTTP_ON_MISSING_CERT: "true"
--- a/test/test_events.yml
+++ b/test/test_events.yml
@ -1,4 +0,0 @@
 nginxproxy:
  image: nginxproxy/nginx-proxy:test
  volumes:
    - /var/run/docker.sock:/tmp/docker.sock:ro
--- a/test/test_events/test_events.py
+++ b/test/test_events/test_events.py
@ -7,7 +7,7 @@ import pytest
 from docker.errors import NotFound
-@pytest.fixture()
+@pytest.fixture
 def web1(docker_compose):
    """
    pytest fixture creating a web container with `VIRTUAL_HOST=web1.nginx-proxy` listening on port 81.
@ -22,6 +22,7 @@ def web1(docker_compose):
        },
        ports={"81/tcp": None}
    )
    docker_compose.networks.get("test_events-net").connect(container)
    sleep(2)  # give it some time to initialize and for docker-gen to detect it
    yield container
    try:
@ -29,7 +30,7 @@ def web1(docker_compose):
    except NotFound:
        pass
-@pytest.fixture()
+@pytest.fixture
 def web2(docker_compose):
    """
    pytest fixture creating a web container with `VIRTUAL_HOST=nginx-proxy`, `VIRTUAL_PATH=/web2/` and `VIRTUAL_DEST=/` listening on port 82.
@ -46,6 +47,7 @@ def web2(docker_compose):
        },
        ports={"82/tcp": None}
    )
    docker_compose.networks.get("test_events-net").connect(container)
    sleep(2)  # give it some time to initialize and for docker-gen to detect it
    yield container
    try:
--- a/test/test_events/test_events.yml
+++ b/test/test_events/test_events.yml
@ -0,0 +1,3 @@
 networks:
  default:
    name: test_events-net
--- a/test/test_fallback/test_fallback.data/compose.base.yml
+++ b/test/test_fallback/test_fallback.data/compose.base.yml
@ -0,0 +1,9 @@
 services:
  nginx-proxy:
    image: nginxproxy/nginx-proxy:test
    container_name: nginx-proxy
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
    ports:
      - "80:80"
      - "443:443"
--- a/test/test_fallback/test_fallback.data/custom-fallback.conf
+++ b/test/test_fallback/test_fallback.data/custom-fallback.conf
@ -0,0 +1,5 @@
 server {
    server_name __;
    listen 80 default_server;
    return 418;
 }
--- a/test/test_fallback/test_fallback.data/custom-fallback.yml
+++ b/test/test_fallback/test_fallback.data/custom-fallback.yml
@ -0,0 +1,14 @@
 services:
  nginx-proxy:
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - ${PYTEST_MODULE_PATH}/test_fallback.data/custom-fallback.conf:/etc/nginx/conf.d/zzz-custom-fallback.conf:ro
  http-only:
    image: web
    expose:
      - "83"
    environment:
      WEB_PORTS: "83"
      VIRTUAL_HOST: http-only.nginx-proxy.test
      HTTPS_METHOD: nohttps
--- a/test/test_fallback/test_fallback.data/nodefault.certs/http-only.nginx-proxy.test.crt
+++ b/test/test_fallback/test_fallback.data/nodefault.certs/http-only.nginx-proxy.test.crt
@ -0,0 +1,71 @@
 Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4096 (0x1000)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: O=nginx-proxy test suite, CN=www.nginx-proxy.tld
        Validity
            Not Before: Feb  7 21:54:16 2023 GMT
            Not After : Jun 25 21:54:16 2050 GMT
        Subject: CN=http-only.nginx-proxy.test
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:62:61:07:54:2e:6d:55:83:2d:24:b7:e2:15:
                    34:13:bd:79:21:e9:10:75:3f:4c:f8:ba:60:29:87:
                    e5:8e:2a:1e:fd:33:51:5a:8a:3a:6f:60:ff:24:f1:
                    1b:27:30:8c:ac:43:04:b7:79:cb:7a:ec:c6:08:a4:
                    a0:15:b0:0f:ee:6b:15:84:24:11:bc:85:2b:48:06:
                    04:0a:58:bb:8c:e8:4d:48:f5:06:c5:91:fe:5d:99:
                    0a:29:31:8a:f1:9b:0c:e0:39:75:a1:06:9b:d4:f5:
                    06:74:8f:46:5e:64:ba:2f:d0:3d:7c:3d:30:03:e9:
                    7c:35:17:69:04:f6:2e:29:d4:93:d6:d6:d2:6c:04:
                    38:06:21:06:05:30:8a:b9:9d:05:8d:12:6e:48:39:
                    bb:f6:93:4f:ba:a5:84:c7:96:2f:be:92:25:e9:d0:
                    95:2a:d9:23:8a:b3:28:0b:b6:19:1c:3b:be:a2:91:
                    70:44:a8:77:18:94:4b:df:61:f4:5c:c9:78:76:34:
                    b5:87:0f:c0:92:04:26:b6:ca:62:cd:9b:5d:eb:bf:
                    10:ac:df:af:72:5f:af:09:38:b1:dc:e1:3d:13:db:
                    a0:ac:b7:2e:ca:39:5c:4c:f1:1e:81:a8:b4:44:a2:
                    72:d5:3b:c0:71:cc:dc:16:0d:fa:38:96:44:b3:00:
                    d6:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Alternative Name: 
                DNS:http-only.nginx-proxy.test
    Signature Algorithm: sha256WithRSAEncryption
         3b:54:95:48:4d:f6:93:38:42:40:02:ab:b7:17:3b:50:3b:ca:
         c7:12:69:b0:da:cb:d7:3e:0e:1f:bf:a2:59:c7:fe:c2:5c:43:
         84:92:b9:3a:be:8f:7e:2e:81:3c:ed:f3:a9:77:21:c2:35:f1:
         da:cf:3a:1e:e2:ee:a2:ce:72:55:97:87:0e:ad:59:61:f7:75:
         46:c0:2b:d4:88:b7:36:97:11:fb:5e:28:89:e9:2a:92:f1:15:
         f1:43:8e:c1:38:85:8d:3a:26:7d:25:72:93:17:96:8d:5a:ed:
         e8:73:3a:d5:8d:80:f2:af:38:84:ff:85:2e:d1:36:7d:2e:e1:
         f0:2c:d8:15:5f:fc:c5:70:5d:25:6a:22:f3:2a:cd:0f:25:ad:
         d4:93:d3:9a:3e:50:bc:da:a5:6c:86:ea:1d:d9:b9:c5:90:db:
         f5:02:c8:c9:77:5c:ef:77:fe:74:60:41:33:d9:3c:a2:e1:73:
         aa:14:18:5d:36:58:c8:41:63:4c:59:0e:4b:3d:c5:65:5a:01:
         b0:16:50:0f:d0:4f:0d:ca:97:f6:11:47:06:6b:b1:ae:bb:26:
         30:34:8b:7a:91:5d:8a:22:c7:f9:05:0d:bb:a5:b7:60:c0:20:
         ce:d0:0e:c0:66:b3:e7:c4:61:ec:c5:40:e6:52:11:41:c3:11:
         18:04:c7:1e
 -----BEGIN CERTIFICATE-----
 MIIDCzCCAfOgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwPzEfMB0GA1UECgwWbmdp
 bngtcHJveHkgdGVzdCBzdWl0ZTEcMBoGA1UEAwwTd3d3Lm5naW54LXByb3h5LnRs
 ZDAgFw0yMzAyMDcyMTU0MTZaGA8yMDUwMDYyNTIxNTQxNlowJTEjMCEGA1UEAwwa
 aHR0cC1vbmx5Lm5naW54LXByb3h5LnRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
 DwAwggEKAoIBAQC0YmEHVC5tVYMtJLfiFTQTvXkh6RB1P0z4umAph+WOKh79M1Fa
 ijpvYP8k8RsnMIysQwS3ect67MYIpKAVsA/uaxWEJBG8hStIBgQKWLuM6E1I9QbF
 kf5dmQopMYrxmwzgOXWhBpvU9QZ0j0ZeZLov0D18PTAD6Xw1F2kE9i4p1JPW1tJs
 BDgGIQYFMIq5nQWNEm5IObv2k0+6pYTHli++kiXp0JUq2SOKsygLthkcO76ikXBE
 qHcYlEvfYfRcyXh2NLWHD8CSBCa2ymLNm13rvxCs369yX68JOLHc4T0T26Csty7K
 OVxM8R6BqLREonLVO8BxzNwWDfo4lkSzANZlAgMBAAGjKTAnMCUGA1UdEQQeMByC
 Gmh0dHAtb25seS5uZ2lueC1wcm94eS50ZXN0MA0GCSqGSIb3DQEBCwUAA4IBAQA7
 VJVITfaTOEJAAqu3FztQO8rHEmmw2svXPg4fv6JZx/7CXEOEkrk6vo9+LoE87fOp
 dyHCNfHazzoe4u6iznJVl4cOrVlh93VGwCvUiLc2lxH7XiiJ6SqS8RXxQ47BOIWN
 OiZ9JXKTF5aNWu3oczrVjYDyrziE/4Uu0TZ9LuHwLNgVX/zFcF0laiLzKs0PJa3U
 k9OaPlC82qVshuod2bnFkNv1AsjJd1zvd/50YEEz2Tyi4XOqFBhdNljIQWNMWQ5L
 PcVlWgGwFlAP0E8Nypf2EUcGa7GuuyYwNIt6kV2KIsf5BQ27pbdgwCDO0A7AZrPn
 xGHsxUDmUhFBwxEYBMce
 -----END CERTIFICATE-----
--- a/test/test_fallback/test_fallback.data/nodefault.certs/http-only.nginx-proxy.test.key
+++ b/test/test_fallback/test_fallback.data/nodefault.certs/http-only.nginx-proxy.test.key
@ -0,0 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
 MIIEpAIBAAKCAQEAtGJhB1QubVWDLSS34hU0E715IekQdT9M+LpgKYfljioe/TNR
 Woo6b2D/JPEbJzCMrEMEt3nLeuzGCKSgFbAP7msVhCQRvIUrSAYECli7jOhNSPUG
 xZH+XZkKKTGK8ZsM4Dl1oQab1PUGdI9GXmS6L9A9fD0wA+l8NRdpBPYuKdST1tbS
 bAQ4BiEGBTCKuZ0FjRJuSDm79pNPuqWEx5YvvpIl6dCVKtkjirMoC7YZHDu+opFw
 RKh3GJRL32H0XMl4djS1hw/AkgQmtspizZtd678QrN+vcl+vCTix3OE9E9ugrLcu
 yjlcTPEegai0RKJy1TvAcczcFg36OJZEswDWZQIDAQABAoIBAAfDA/HQyX6i41YZ
 8l+kEe2XhZLT+IVTB/jb7C9dTZ9kaJj0kFeZAxKv1cq9JTH2gNcYuyc58muDrLHK
 g6jrPoQ/z1k0RB8ci9Q5jgrz7n4NsOWmxXfS5GMaprlHDHeA+HjdgBZBtorfUDvL
 vndpVimgiETETUCd115hd39jKHFcRcdV6yCix7ObywK3dMgLVpagCcnlyCWffS/r
 nhhMfJ+VstW0nUtfZ7JEYwT6Cg7lLAVtDkqPX8zGjJiRwUKH808bUyqEw1y5Cc8U
 U5hbmMgPWfXsKxsEC6FSVHBG9ZX2jymOMQXijLFcBSuWvADHmyU+ZxXcbtd1rv4E
 cGFj3wECgYEA5cNrr5WjrpEin6MYYVWxiQ+xEWPU2R17eApagrDRLM41JJpv7a5m
 TYuZRfIxb59CBPi718Gi168P3T2KMvo2/BTh9Lq5ZBYHx3aDqW2QvMFn7/tgamj8
 0DBxccd2QWfGIBrT1rAF7lD8TC86wtDDVKrvhucRSEXVKF/jWFFRGfUCgYEAyPt6
 48khr7sfNMVdkDLjQjZVV6H7ZUMoSn0FGybgKWxW+b0XCBPObUQWIpyCNTRr1+4A
 1TAUS+F/OVVfwnLNgemeE2wd6CaduxwiK1U4pHbyXCElH1ifonHWV3MoXOefYsiY
 q5z2jfJzUi0JZVUKsveu9rQsFLsc//1s/I5T1LECgYEAldY6fNg2VVp63OZsuNU8
 oSiljbSwEyMh6Oe/nOkYkIKtr4AzrCoGt11piG7ohGW0lS9suMijnMqiquI+JP5+
 KyinLoUy761aR17nf+9e62mpkZw6hUqQTGi7Irs0SHUXhMpaCfDi/Ua9MiW+yVuB
 ds6+xBgeciZwWxMlXOwy2p0CgYEAm+YWiSK3Mq0fo7uEvBn9Fps2z+ciLoZNdppL
 n6gkMX2MaeQ3PVi/wxoRYX+tsL+c973yf2vwEnw0R7Dlutt6dc9VgxNWj4GE0GMe
 Tiao7Uom7Tf4p7wC9+r9rI/zOz2f8OxRIK18wtbShWfR5fx1dCWUXmGb3+jUse1O
 4Qk2FcECgYAvSvGFoJb8tuHFEYYHBbjficmvTUsrTE+EhxPqWKFhKfF19fFFIupy
 XBCrN6nwrh+/YMxZXeIRbbTTf814cOO7PjLeNhnfhJZkaJq1HzbYe3bOurna3qrm
 Ra3xiM8Ld2PyGnZPXf8+AWhMhuPkLX1KFVTCAxwCpmTZCHtiGCmXMA==
 -----END RSA PRIVATE KEY-----
--- a/test/test_fallback/test_fallback.data/nodefault.certs/https-and-http.nginx-proxy.test.crt
+++ b/test/test_fallback/test_fallback.data/nodefault.certs/https-and-http.nginx-proxy.test.crt
@ -0,0 +1,71 @@
 Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4096 (0x1000)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: O=nginx-proxy test suite, CN=www.nginx-proxy.tld
        Validity
            Not Before: Feb  7 21:53:19 2023 GMT
            Not After : Jun 25 21:53:19 2050 GMT
        Subject: CN=https-and-http.nginx-proxy.test
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:97:85:d1:7f:6b:50:29:f3:87:b7:4e:f5:25:
                    40:6a:d8:fa:a1:63:3c:4a:2e:68:4a:c6:8b:38:df:
                    07:81:d0:08:9d:fc:17:f5:37:28:7f:31:e6:f3:81:
                    28:4e:22:b6:bd:a2:4e:f2:2f:e5:0f:dd:55:3c:e1:
                    04:84:4c:45:1b:1a:ae:b7:f0:2a:da:43:05:71:91:
                    92:b8:d1:49:fe:80:0a:53:b9:66:da:54:60:9a:fc:
                    e1:b2:e8:28:48:7f:96:94:3c:92:a3:b2:37:f6:7a:
                    c2:de:0b:12:f0:ae:4e:92:fe:2d:c1:b2:95:28:1f:
                    88:8d:79:99:81:19:ae:22:a4:95:f5:9f:db:25:8e:
                    1d:cf:43:cd:6f:85:93:5f:79:ee:f8:f3:d4:82:e1:
                    e9:4d:c9:ad:ae:5b:92:43:3a:3c:71:51:70:f7:3e:
                    bd:1b:24:52:6a:a3:cf:54:72:57:ed:fe:72:ea:96:
                    9b:5a:02:02:a7:df:85:b7:68:ae:1e:07:77:9f:59:
                    a5:a0:8b:28:c2:c8:b7:bb:8a:42:50:df:05:73:bf:
                    9c:55:13:b5:82:79:77:40:57:a4:8f:88:a5:71:50:
                    d7:70:b0:4d:0c:d9:86:b3:9b:db:8a:20:bd:19:68:
                    10:52:2d:53:ba:0e:2e:1c:ad:80:54:bb:b6:c9:ab:
                    11:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Alternative Name: 
                DNS:https-and-http.nginx-proxy.test
    Signature Algorithm: sha256WithRSAEncryption
         2c:f3:e5:47:3f:8e:5a:28:b1:df:e5:95:50:85:6f:27:2f:a6:
         8d:f1:5e:cf:df:e2:52:66:97:61:36:59:81:26:25:19:99:c9:
         93:e5:85:cb:ca:69:af:4b:21:a3:d2:7a:bf:b5:5e:2d:42:fb:
         99:f8:22:58:e5:bf:79:b8:8a:74:7e:c6:94:14:d9:f2:27:63:
         b6:e5:74:21:5b:59:fb:f6:c8:a9:28:fb:60:f7:5e:bd:c2:e6:
         74:24:14:96:61:95:6c:c2:66:b4:52:25:a1:85:5a:97:e5:68:
         5c:62:cf:69:3b:b0:a9:56:d8:e3:5f:74:dc:84:18:d5:3e:4f:
         c9:35:39:26:88:dc:9b:80:d9:40:e1:4f:09:27:8d:d2:89:55:
         30:91:02:86:35:04:95:1e:1d:58:14:5b:c6:e0:2e:a7:bf:a8:
         f6:2b:76:8a:4e:71:79:bc:c0:04:cd:db:81:73:46:ce:68:ed:
         25:b0:0e:42:8d:96:64:77:3b:f4:9d:1a:c9:f6:78:4c:56:4f:
         92:17:29:3d:80:50:71:77:4b:a8:29:c2:12:fc:ad:0a:37:81:
         38:4c:fb:54:99:4d:12:5f:98:dc:d1:a9:7b:08:45:c4:6f:7e:
         fe:00:e0:db:79:fe:d1:28:e3:8e:82:d1:fb:bc:0a:c4:42:93:
         c9:5e:eb:ba
 -----BEGIN CERTIFICATE-----
 MIIDFTCCAf2gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwPzEfMB0GA1UECgwWbmdp
 bngtcHJveHkgdGVzdCBzdWl0ZTEcMBoGA1UEAwwTd3d3Lm5naW54LXByb3h5LnRs
 ZDAgFw0yMzAyMDcyMTUzMTlaGA8yMDUwMDYyNTIxNTMxOVowKjEoMCYGA1UEAwwf
 aHR0cHMtYW5kLWh0dHAubmdpbngtcHJveHkudGVzdDCCASIwDQYJKoZIhvcNAQEB
 BQADggEPADCCAQoCggEBALeXhdF/a1Ap84e3TvUlQGrY+qFjPEouaErGizjfB4HQ
 CJ38F/U3KH8x5vOBKE4itr2iTvIv5Q/dVTzhBIRMRRsarrfwKtpDBXGRkrjRSf6A
 ClO5ZtpUYJr84bLoKEh/lpQ8kqOyN/Z6wt4LEvCuTpL+LcGylSgfiI15mYEZriKk
 lfWf2yWOHc9DzW+Fk1957vjz1ILh6U3Jra5bkkM6PHFRcPc+vRskUmqjz1RyV+3+
 cuqWm1oCAqffhbdorh4Hd59ZpaCLKMLIt7uKQlDfBXO/nFUTtYJ5d0BXpI+IpXFQ
 13CwTQzZhrOb24ogvRloEFItU7oOLhytgFS7tsmrETkCAwEAAaMuMCwwKgYDVR0R
 BCMwIYIfaHR0cHMtYW5kLWh0dHAubmdpbngtcHJveHkudGVzdDANBgkqhkiG9w0B
 AQsFAAOCAQEALPPlRz+OWiix3+WVUIVvJy+mjfFez9/iUmaXYTZZgSYlGZnJk+WF
 y8ppr0sho9J6v7VeLUL7mfgiWOW/ebiKdH7GlBTZ8idjtuV0IVtZ+/bIqSj7YPde
 vcLmdCQUlmGVbMJmtFIloYVal+VoXGLPaTuwqVbY41903IQY1T5PyTU5Jojcm4DZ
 QOFPCSeN0olVMJEChjUElR4dWBRbxuAup7+o9it2ik5xebzABM3bgXNGzmjtJbAO
 Qo2WZHc79J0ayfZ4TFZPkhcpPYBQcXdLqCnCEvytCjeBOEz7VJlNEl+Y3NGpewhF
 xG9+/gDg23n+0SjjjoLR+7wKxEKTyV7rug==
 -----END CERTIFICATE-----
--- a/test/test_fallback/test_fallback.data/nodefault.certs/https-and-http.nginx-proxy.test.key
+++ b/test/test_fallback/test_fallback.data/nodefault.certs/https-and-http.nginx-proxy.test.key
@ -0,0 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
 MIIEpAIBAAKCAQEAt5eF0X9rUCnzh7dO9SVAatj6oWM8Si5oSsaLON8HgdAInfwX
 9TcofzHm84EoTiK2vaJO8i/lD91VPOEEhExFGxqut/Aq2kMFcZGSuNFJ/oAKU7lm
 2lRgmvzhsugoSH+WlDySo7I39nrC3gsS8K5Okv4twbKVKB+IjXmZgRmuIqSV9Z/b
 JY4dz0PNb4WTX3nu+PPUguHpTcmtrluSQzo8cVFw9z69GyRSaqPPVHJX7f5y6pab
 WgICp9+Ft2iuHgd3n1mloIsowsi3u4pCUN8Fc7+cVRO1gnl3QFekj4ilcVDXcLBN
 DNmGs5vbiiC9GWgQUi1Tug4uHK2AVLu2yasROQIDAQABAoIBACT4KSVHoEdzOyvw
 GME6sB8T9Fw9TG2vrKaqFmzsVGmqh6Gwmu5xHgGG/fe44XHigaPsJDOWu2yXaEur
 ECrH5P6RP++gODDdYCI/ayk2U80g4XN8mR6L8Swkkhphr4Lx1lOhYvH9uFE05Tqr
 RjQbFY16C6K+oFSFDQ1YGDYsAqnM3RD7PH+lHpo8UN1TO/vogdSQEpMYZDwLAYnW
 uD5G3c0u2PsGu9YLuz2p8hcs3chh+cqKJWXOeW0JLrNGx1bqeQWkn6nXRDdRYi9V
 cJlTgDqGuF54bieSyq9ABDZQP4Ol+moYKDoIz5PwurNjcYSklrT1tw0gqHZoQK1L
 fDjw3QECgYEA7QMRU1AFKTvO7/8WLHLN5BT63n31wm0e9PYpz/XVLWEfxBcp9Xmf
 xAIhXZ/U9P4dfNqxTjN9mVGzCHh5KfDJnUFqOXFy/zvfMeRzJf6dJo6/4OX9Bijr
 Tgd454vyGXYQP2t+F14UAwl6vlGOAjttiP5qY5Ef1gllBEeIPe9Ts9kCgYEAxkzZ
 pq4HJ/5/iDquMEHXNXzpNPavSvgxQdl1ILvJ49LJImmQFBCP9PqiOTIfePz1OqUI
 C4baFuc0FEDJ3x9CUNmMY1lEi2ZUq2agPSXaQNsMcKtEJH8SoJlJIRpkQA7unX09
 zb4dam6g79OaGmb8scePuezXMLv1Ee6WWtXbzGECgYEA6PYn9Gzl9cacu9dOUzgw
 2ewpPcIvawDY+cxwAsHO3MDneVWPX4JBoGa7pwvwRTL1hwBqYMRJwwbD5CKObcQI
 V/KxV28Eqo2N77tt1z2x9/E99u/4yTI1P0gm9ejfeVlL1RpyIMPPBcEujZ0Z6WXC
 X3I63k0KLtajHRa2erIf4tkCgYAfunAgwTuX5JqXO3xfcEl033WY6deGUUvgU2Dw
 Sdu1viY8gVNyQmwmMGwAZsquWxsJtRoibgM7IucsTml+b8v2j7hstP3IqCjn+9Wr
 swDG28WTyXNvu31JgP04dLaRoVIAlOdsofym6OiLNvozO0M3VsziXMjZnVlK8zfP
 dORkQQKBgQDXAJEJPygxVA+bF104dzCMWGmU7K8ShEWC5eOdKK4KWf9bNDpY6M6c
 i6zga/xBbj7e3Bxqprpp8Wy2gIsnYiVo4V9EQethbLdomPxOpBMNMARw81rL1CpO
 jbHB7bIDcKs2tQoZEXUW86ZxC8sdaDaWTJTfUO0RpJow6ZO3yvxVIQ==
 -----END RSA PRIVATE KEY-----
--- a/test/test_fallback/test_fallback.data/nodefault.certs/https-only.nginx-proxy.test.crt
+++ b/test/test_fallback/test_fallback.data/nodefault.certs/https-only.nginx-proxy.test.crt
@ -0,0 +1,71 @@
 Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4096 (0x1000)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: O=nginx-proxy test suite, CN=www.nginx-proxy.tld
        Validity
            Not Before: Feb  7 21:53:49 2023 GMT
            Not After : Jun 25 21:53:49 2050 GMT
        Subject: CN=https-only.nginx-proxy.test
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:87:48:02:85:f4:5f:0d:90:7e:4c:4f:13:89:
                    41:ca:41:15:c2:6f:fd:a8:c7:17:83:c6:dd:8c:fe:
                    19:a4:b2:6b:0b:35:4f:b4:3d:7c:40:0a:04:33:2a:
                    fd:10:72:f7:63:63:99:5b:3d:ec:78:ee:c6:4d:c8:
                    0e:4c:be:f2:3f:e3:02:74:57:9a:c1:fe:15:95:63:
                    4e:e7:2c:eb:70:f2:6b:c8:ba:01:a2:ca:a1:c7:76:
                    ff:38:e4:c2:b0:66:fc:85:d2:af:0f:22:81:d4:82:
                    eb:d5:b0:e6:69:14:37:dd:8d:ad:29:ce:93:68:5a:
                    ce:f4:77:76:6f:78:13:b6:c8:2f:fe:e0:b6:7e:fb:
                    29:16:be:e2:f5:45:3b:39:5b:52:dc:26:b7:ca:0c:
                    b6:1c:fc:a8:38:0b:dd:c1:f4:04:9b:2d:38:c9:a5:
                    2d:3e:f1:42:88:53:a2:3b:17:cf:d5:3c:2b:d6:6a:
                    7f:6f:05:8d:c5:b7:5d:64:1e:83:1b:e7:ec:80:3d:
                    6d:34:c1:66:b2:e6:5d:d9:a7:6e:46:75:14:bf:10:
                    16:c5:fc:47:8e:63:fa:e5:b4:bd:f2:b9:e0:cb:ea:
                    75:f9:68:ee:7d:8f:ea:8f:1a:9f:34:27:7a:4a:9f:
                    85:fd:3e:17:a7:96:c3:d0:4e:50:a2:a2:e0:45:92:
                    d0:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Alternative Name: 
                DNS:https-only.nginx-proxy.test
    Signature Algorithm: sha256WithRSAEncryption
         8a:52:46:42:a9:74:18:6a:52:90:ef:a4:e9:c5:54:d5:97:3a:
         ff:8b:c2:76:4f:9e:47:aa:e1:ea:e5:b9:af:9d:33:e3:85:17:
         54:7d:32:bd:ac:90:3f:5c:d2:a1:42:17:52:2b:b1:83:e5:c3:
         bf:81:f0:e7:38:e2:88:67:7b:d8:59:fe:f9:94:99:ba:be:f4:
         3c:24:b2:c7:9e:f0:98:21:c6:2d:c2:e8:f3:67:bd:62:00:aa:
         ce:34:fa:b4:53:6d:c1:09:5e:55:bd:43:aa:86:c6:f8:c5:83:
         46:3a:49:12:a2:ec:30:36:0c:99:44:74:09:9d:cc:4b:98:1f:
         7e:c9:9b:68:a0:f8:1e:00:14:d0:da:2a:bf:c8:ca:a8:1c:10:
         b5:68:a2:f1:41:93:0c:f3:3f:c0:c6:53:3c:8d:a7:dd:a5:7b:
         35:cc:44:e0:5b:6d:c5:cb:33:6f:c1:43:7e:06:df:21:99:11:
         b3:91:41:b4:5e:f0:37:1e:8e:e5:73:85:dc:4a:21:d5:41:f9:
         4e:b8:f5:ed:21:93:09:91:c2:8c:6b:04:a4:84:ab:3a:fe:35:
         64:fa:6b:a7:8d:40:a6:64:89:30:84:ac:28:99:5a:01:79:77:
         c0:df:88:da:a9:75:5f:c4:51:ae:a8:45:7b:d2:e1:a2:81:29:
         60:cd:7b:cd
 -----BEGIN CERTIFICATE-----
 MIIDDTCCAfWgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwPzEfMB0GA1UECgwWbmdp
 bngtcHJveHkgdGVzdCBzdWl0ZTEcMBoGA1UEAwwTd3d3Lm5naW54LXByb3h5LnRs
 ZDAgFw0yMzAyMDcyMTUzNDlaGA8yMDUwMDYyNTIxNTM0OVowJjEkMCIGA1UEAwwb
 aHR0cHMtb25seS5uZ2lueC1wcm94eS50ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOC
 AQ8AMIIBCgKCAQEA2YdIAoX0Xw2QfkxPE4lBykEVwm/9qMcXg8bdjP4ZpLJrCzVP
 tD18QAoEMyr9EHL3Y2OZWz3seO7GTcgOTL7yP+MCdFeawf4VlWNO5yzrcPJryLoB
 osqhx3b/OOTCsGb8hdKvDyKB1ILr1bDmaRQ33Y2tKc6TaFrO9Hd2b3gTtsgv/uC2
 fvspFr7i9UU7OVtS3Ca3ygy2HPyoOAvdwfQEmy04yaUtPvFCiFOiOxfP1Twr1mp/
 bwWNxbddZB6DG+fsgD1tNMFmsuZd2aduRnUUvxAWxfxHjmP65bS98rngy+p1+Wju
 fY/qjxqfNCd6Sp+F/T4Xp5bD0E5QoqLgRZLQtQIDAQABoyowKDAmBgNVHREEHzAd
 ghtodHRwcy1vbmx5Lm5naW54LXByb3h5LnRlc3QwDQYJKoZIhvcNAQELBQADggEB
 AIpSRkKpdBhqUpDvpOnFVNWXOv+LwnZPnkeq4erlua+dM+OFF1R9Mr2skD9c0qFC
 F1IrsYPlw7+B8Oc44ohne9hZ/vmUmbq+9Dwkssee8Jghxi3C6PNnvWIAqs40+rRT
 bcEJXlW9Q6qGxvjFg0Y6SRKi7DA2DJlEdAmdzEuYH37Jm2ig+B4AFNDaKr/Iyqgc
 ELVoovFBkwzzP8DGUzyNp92lezXMROBbbcXLM2/BQ34G3yGZEbORQbRe8DcejuVz
 hdxKIdVB+U649e0hkwmRwoxrBKSEqzr+NWT6a6eNQKZkiTCErCiZWgF5d8DfiNqp
 dV/EUa6oRXvS4aKBKWDNe80=
 -----END CERTIFICATE-----
--- a/test/test_fallback/test_fallback.data/nodefault.certs/https-only.nginx-proxy.test.key
+++ b/test/test_fallback/test_fallback.data/nodefault.certs/https-only.nginx-proxy.test.key
@ -0,0 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
 MIIEowIBAAKCAQEA2YdIAoX0Xw2QfkxPE4lBykEVwm/9qMcXg8bdjP4ZpLJrCzVP
 tD18QAoEMyr9EHL3Y2OZWz3seO7GTcgOTL7yP+MCdFeawf4VlWNO5yzrcPJryLoB
 osqhx3b/OOTCsGb8hdKvDyKB1ILr1bDmaRQ33Y2tKc6TaFrO9Hd2b3gTtsgv/uC2
 fvspFr7i9UU7OVtS3Ca3ygy2HPyoOAvdwfQEmy04yaUtPvFCiFOiOxfP1Twr1mp/
 bwWNxbddZB6DG+fsgD1tNMFmsuZd2aduRnUUvxAWxfxHjmP65bS98rngy+p1+Wju
 fY/qjxqfNCd6Sp+F/T4Xp5bD0E5QoqLgRZLQtQIDAQABAoIBAAWs//YA5MVuJy0E
 dLO/yxWp6RVvsqCqwTRRBgrdvnGLrjtWosPDLvDE0iM7peq99TKEsMWusfLd2BLD
 e4wJF20PUUsT1hflt050juR9SY9i4+kS4WQMAXig5DvpzCKqLUCYpLSyY8zVta2X
 tgtb2bFQNwp2N2ZrqCa8zzxNV8ZXGoW+ZlvBJEDtBwt1DCDhY39/pqHfIhFl4Vwk
 YhhbVjID145D1j/fP6vLceM2YA4uRmF1itj1iQ6YNNpXRspUGE4DXdqR6HcbduiX
 trZjmdtKXY8mJg6jyLZxYbjFlKV/LvqKRYF3Jb9K0vdd4juBdZoy7DQzoLhcnzui
 pEnPLakCgYEA9tN6KdQGKGBXGuF+ZqhXfB/XSkKUf8o/5j62cbu11ZIJ+iEBx+d6
 lQAxTz5hHUL6a3c5qiM+AWBxYuFD6oqptIlTlBfIXI978neDNvEWWffivPvQLbt9
 o9ohOirfK1iGPvtrpAwjv5ylE5SiTmJ/6wDvQWjNGAnJ3aaxkesJUSMCgYEA4Z0K
 UHZVtnKLtzzIY7KfLbuKF/fJEDfMNr4Wgl6ny21vqO9kJGmA7SaoNdhx8RDcKmeV
 /Vey4ug6YlOG48eapKLTthdRz5mx+jIkUfdOhj81m28xm/OPTqCrviTHCNOHeYDy
 NKAIlJMo2z0vTKJn5eP6CsYmDWLpHQNyXY5qcEcCgYAzDBWt5O3JF/Or2Yr8zEAb
 qbIq544yx69jfQDakMnQe72Yf48Quuz9N+b6zpnjJWEJLMU+TL+cJUgN/SzAqyDh
 96zTaf/ENOCbiuAWUtIelUfNcf7iFm6rnodUsl0pZ8uL5w+iA+i4zjrNy+WtdG2k
 OrNAwd345L1dHAaJeSSaJQKBgQCUnF3r7Fa/TCpt87LHwSQK+sqWyRf+/9IbiRDI
 pVL/s8FmVPHw7jIHhHwuo7lCImnz4LGy5C6oOnIizIRAy/04Ty0Hd8ri5YmPlbHI
 8A8gbMiB7zeNU1zlXP5jzFPyo2tMhLyGH5gnTdwOtfnPD/dCPe45ZJYyISIOg3O0
 3peMBwKBgH20cskAOCNclfoG+Nis52h8FqmDlflJ8waUarvk26JhO1e009kOytw8
 x/qSuttpGtTG+4fdc2wJvFNczr4h9ZlftBdgZXj8PKgRpcIe8q97Xg8PUj+Xfu/t
 vD/QV+tVcGoAMsQq4NeFxiTbPfwVyXdYFT1XVCu6JEdLL+gpWh5W
 -----END RSA PRIVATE KEY-----
--- a/test/test_fallback/test_fallback.data/nodefault.yml
+++ b/test/test_fallback/test_fallback.data/nodefault.yml
@ -0,0 +1,39 @@
 services:
  nginx-proxy:
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - ${PYTEST_MODULE_PATH}/test_fallback.data/nodefault.certs:/etc/nginx/certs:ro
  https-and-http:
    image: web
    expose:
      - "81"
    environment:
      WEB_PORTS: "81"
      VIRTUAL_HOST: https-and-http.nginx-proxy.test
  https-only:
    image: web
    expose:
      - "82"
    environment:
      WEB_PORTS: "82"
      VIRTUAL_HOST: https-only.nginx-proxy.test
      HTTPS_METHOD: nohttp
  http-only:
    image: web
    expose:
      - "83"
    environment:
      WEB_PORTS: "83"
      VIRTUAL_HOST: http-only.nginx-proxy.test
      HTTPS_METHOD: nohttps
  missing-cert:
    image: web
    expose:
      - "84"
    environment:
      WEB_PORTS: "84"
      VIRTUAL_HOST: missing-cert.nginx-proxy.test
--- a/test/test_fallback/test_fallback.data/nohttp-on-app.yml
+++ b/test/test_fallback/test_fallback.data/nohttp-on-app.yml
@ -0,0 +1,16 @@
 services:
  nginx-proxy:
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - ${PYTEST_MODULE_PATH}/test_fallback.data/withdefault.certs:/etc/nginx/certs:ro
    environment:
      HTTPS_METHOD: redirect
  https-only:
    image: web
    expose:
      - "82"
    environment:
      WEB_PORTS: "82"
      HTTPS_METHOD: nohttp
      VIRTUAL_HOST: https-only.nginx-proxy.test
--- a/test/test_fallback/test_fallback.data/nohttp-with-missing-cert.yml
+++ b/test/test_fallback/test_fallback.data/nohttp-with-missing-cert.yml
@ -0,0 +1,33 @@
 services:
  nginx-proxy:
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - ${PYTEST_MODULE_PATH}/test_fallback.data/withdefault.certs:/etc/nginx/certs:ro
    environment:
      HTTPS_METHOD: nohttp
  https-only:
    image: web
    expose:
      - "82"
    environment:
      WEB_PORTS: "82"
      VIRTUAL_HOST: https-only.nginx-proxy.test
  missing-cert:
    image: web
    expose:
      - "84"
    environment:
      WEB_PORTS: "84"
      VIRTUAL_HOST: missing-cert.nginx-proxy.test
  missing-cert-default-untrusted:
    image: web
    expose:
      - "85"
    environment:
      WEB_PORTS: "85"
      VIRTUAL_HOST: missing-cert.default-untrusted.nginx-proxy.test
    labels:
      com.github.nginx-proxy.nginx-proxy.trust-default-cert: "false"
--- a/test/test_fallback/test_fallback.data/nohttp.yml
+++ b/test/test_fallback/test_fallback.data/nohttp.yml
@ -0,0 +1,15 @@
 services:
  nginx-proxy:
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - ${PYTEST_MODULE_PATH}/test_fallback.data/withdefault.certs:/etc/nginx/certs:ro
    environment:
      HTTPS_METHOD: nohttp
  https-only:
    image: web
    expose:
      - "82"
    environment:
      WEB_PORTS: "82"
      VIRTUAL_HOST: https-only.nginx-proxy.test
--- a/Show more
+++ b/Show more
`@ -1,2 +1,2 @@`
	`dockergen: docker-gen -watch -notify "nginx -s reload" /app/nginx.tmpl /etc/nginx/conf.d/default.conf`	`dockergen: docker-gen -watch -notify "nginx -s reload" /app/nginx.tmpl /etc/nginx/conf.d/default.conf`
	`nginx: nginx`	`nginx: nginx -g "daemon off;"`
		`@ -1 +0,0 @@`
			`This directory contains tests that showcase scenarios known to break the expected behavior of nginx-proxy.`