From 12c4f0c7c2f664eb7f7ed04659fe35e329a56b51 Mon Sep 17 00:00:00 2001 From: KagurazakaNyaa Date: Fri, 28 Oct 2022 10:33:55 +0800 Subject: [PATCH] Support TCP and UDP proxy --- Dockerfile.alpine | 4 +++- Dockerfile.debian | 4 +++- docs/README.md | 56 +++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 62 insertions(+), 2 deletions(-) diff --git a/Dockerfile.alpine b/Dockerfile.alpine index e6eccdc..34a0595 100644 --- a/Dockerfile.alpine +++ b/Dockerfile.alpine @@ -17,8 +17,10 @@ ENV NGINX_PROXY_VERSION=${NGINX_PROXY_VERSION} \ RUN apk add --no-cache --virtual .run-deps bash openssl # Configure Nginx -RUN sed -i 's/worker_connections.*;$/worker_connections 10240;/' /etc/nginx/nginx.conf \ +RUN echo -e "\ninclude /etc/nginx/toplevel.conf.d/*.conf;" >> /etc/nginx/nginx.conf \ + && sed -i 's/worker_connections.*;$/worker_connections 10240;/' /etc/nginx/nginx.conf \ && sed -i -e '/^\}$/{s//\}\nworker_rlimit_nofile 20480;/;:a' -e '$!N;$!ba' -e '}' /etc/nginx/nginx.conf \ + && mkdir -p '/etc/nginx/toplevel.conf.d' \ && mkdir -p '/etc/nginx/dhparam' \ && mkdir -p '/etc/nginx/certs' diff --git a/Dockerfile.debian b/Dockerfile.debian index 485542d..840673d 100644 --- a/Dockerfile.debian +++ b/Dockerfile.debian @@ -14,8 +14,10 @@ ENV NGINX_PROXY_VERSION=${NGINX_PROXY_VERSION} \ DOCKER_HOST=unix:///tmp/docker.sock # Configure Nginx -RUN sed -i 's/worker_connections.*;$/worker_connections 10240;/' /etc/nginx/nginx.conf \ +RUN echo "\ninclude /etc/nginx/toplevel.conf.d/*.conf;" >> /etc/nginx/nginx.conf \ + && sed -i 's/worker_connections.*;$/worker_connections 10240;/' /etc/nginx/nginx.conf \ && sed -i -e '/^\}$/{s//\}\nworker_rlimit_nofile 20480;/;:a' -e '$!N;$!ba' -e '}' /etc/nginx/nginx.conf \ + && mkdir -p '/etc/nginx/toplevel.conf.d' \ && mkdir -p '/etc/nginx/dhparam' \ && mkdir -p '/etc/nginx/certs' diff --git a/docs/README.md b/docs/README.md index 6e29e03..23e91be 100644 --- a/docs/README.md +++ b/docs/README.md @@ -11,6 +11,7 @@ - [HTTP/2 and HTTP/3](#http2-and-http3) - [Headers](#headers) - [Custom Nginx Configuration](#custom-nginx-configuration) +- [TCP and UDP stream](#tcp-and-udp-stream) - [Unhashed vs SHA1 upstream names](#unhashed-vs-sha1-upstream-names) - [Separate Containers](#separate-containers) - [Docker Compose](#docker-compose) @@ -699,6 +700,61 @@ Per virtual-host `servers_tokens` directive can be configured by passing appropr ⬆️ [back to table of contents](#table-of-contents) +## TCP and UDP stream + +If you want to proxy non-HTTP traffic, you can use nginx's stream module. Write a configuration file and mount it inside `/etc/nginx/toplevel.conf.d`. + +```nginx +# stream.conf +stream { + upstream stream_backend { + server backend1.example.com:12345; + server backend2.example.com:12345; + server backend3.example.com:12346; + # ... + } + server { + listen 12345; + #TCP traffic will be forwarded to the "stream_backend" upstream group + proxy_pass stream_backend; + } + + server { + listen 12346; + #TCP traffic will be forwarded to the specified server + proxy_pass backend.example.com:12346; + } + + upstream dns_servers { + server 192.168.136.130:53; + server 192.168.136.131:53; + # ... + } + server { + listen 53 udp; + #UDP traffic will be forwarded to the "dns_servers" upstream group + proxy_pass dns_servers; + } + # ... +} +``` + +```console +docker run --detach \ + --name nginx-proxy \ + --publish 80:80 \ + --publish 12345:12345 \ + --publish 12346:12346 \ + --publish 53:53:udp \ + --volume /var/run/docker.sock:/tmp/docker.sock:ro \ + --volume ./stream.conf:/etc/nginx/toplevel.conf.d/stream.conf:ro \ + nginxproxy/nginx-proxy:1.5 +``` + +Please note that TCP and UDP stream are not core features of nginx-proxy, so the above is provided as an example only, without any guarantee. + +⬆️ [back to table of contents](#table-of-contents) + ## Unhashed vs SHA1 upstream names By default the nginx configuration `upstream` blocks will use this block's corresponding hostname as a predictable name. However, this can cause issues in some setups (see [this issue](https://github.com/nginx-proxy/nginx-proxy/issues/1162)). In those cases you might want to switch to SHA1 names for the `upstream` blocks by setting the `SHA1_UPSTREAM_NAME` environment variable to `true` on the nginx-proxy container.