mirror of
https://github.com/thib8956/nginx-proxy
synced 2024-12-24 11:36:31 +00:00
Merge branch 'master' into feature_nohttps
This commit is contained in:
commit
276b4dbe3e
12
.travis.yml
12
.travis.yml
@ -1,16 +1,17 @@
|
||||
dist: trusty
|
||||
sudo: required
|
||||
services:
|
||||
- docker
|
||||
|
||||
env:
|
||||
global:
|
||||
- DOCKER_VERSION=1.12.1-0~trusty
|
||||
- DOCKER_VERSION=1.12.3-0~trusty
|
||||
|
||||
before_install:
|
||||
# list docker-engine versions
|
||||
- apt-cache madison docker-engine
|
||||
# upgrade docker-engine to specific version
|
||||
- sudo apt-get -o Dpkg::Options::="--force-confnew" install -y docker-engine=${DOCKER_VERSION}
|
||||
- sudo apt-get -o Dpkg::Options::="--force-confnew" install -y --force-yes docker-engine=${DOCKER_VERSION}
|
||||
- docker version
|
||||
- docker info
|
||||
- sudo add-apt-repository ppa:duggan/bats --yes
|
||||
@ -18,5 +19,10 @@ before_install:
|
||||
- sudo apt-get install -qq bats
|
||||
- make update-dependencies
|
||||
|
||||
matrix:
|
||||
include:
|
||||
- env: TEST_ID=test-debian
|
||||
- env: TEST_ID=test-alpine
|
||||
|
||||
script:
|
||||
- make test
|
||||
- make $TEST_ID
|
||||
|
@ -1,4 +1,4 @@
|
||||
FROM nginx:1.11.3
|
||||
FROM nginx:1.11.8
|
||||
MAINTAINER Jason Wilder mail@jasonwilder.com
|
||||
|
||||
# Install wget and install/updates certificates
|
||||
|
31
Dockerfile.alpine
Normal file
31
Dockerfile.alpine
Normal file
@ -0,0 +1,31 @@
|
||||
FROM nginx:1.11.8-alpine
|
||||
MAINTAINER Jason Wilder mail@jasonwilder.com
|
||||
|
||||
# Install wget and install/updates certificates
|
||||
RUN apk add --no-cache --virtual .run-deps \
|
||||
ca-certificates bash wget \
|
||||
&& update-ca-certificates
|
||||
|
||||
# Configure Nginx and apply fix for very long server names
|
||||
RUN echo "daemon off;" >> /etc/nginx/nginx.conf \
|
||||
&& sed -i 's/^http {/&\n server_names_hash_bucket_size 128;/g' /etc/nginx/nginx.conf
|
||||
|
||||
# Install Forego
|
||||
ADD https://github.com/jwilder/forego/releases/download/v0.16.1/forego /usr/local/bin/forego
|
||||
RUN chmod u+x /usr/local/bin/forego
|
||||
|
||||
ENV DOCKER_GEN_VERSION 0.7.3
|
||||
|
||||
RUN wget --quiet https://github.com/jwilder/docker-gen/releases/download/$DOCKER_GEN_VERSION/docker-gen-alpine-linux-amd64-$DOCKER_GEN_VERSION.tar.gz \
|
||||
&& tar -C /usr/local/bin -xvzf docker-gen-alpine-linux-amd64-$DOCKER_GEN_VERSION.tar.gz \
|
||||
&& rm /docker-gen-alpine-linux-amd64-$DOCKER_GEN_VERSION.tar.gz
|
||||
|
||||
COPY . /app/
|
||||
WORKDIR /app/
|
||||
|
||||
ENV DOCKER_HOST unix:///tmp/docker.sock
|
||||
|
||||
VOLUME ["/etc/nginx/certs"]
|
||||
|
||||
ENTRYPOINT ["/app/docker-entrypoint.sh"]
|
||||
CMD ["forego", "start", "-r"]
|
11
Makefile
11
Makefile
@ -3,12 +3,19 @@
|
||||
|
||||
update-dependencies:
|
||||
docker pull jwilder/docker-gen:0.7.3
|
||||
docker pull nginx:1.11.3
|
||||
docker pull nginx:1.11.6
|
||||
docker pull nginx:1.11.8-alpine
|
||||
docker pull python:3
|
||||
docker pull rancher/socat-docker:latest
|
||||
docker pull appropriate/curl:latest
|
||||
docker pull docker:1.10
|
||||
|
||||
test:
|
||||
test-debian:
|
||||
docker build -t jwilder/nginx-proxy:bats .
|
||||
bats test
|
||||
|
||||
test-alpine:
|
||||
docker build -f Dockerfile.alpine -t jwilder/nginx-proxy:bats .
|
||||
bats test
|
||||
|
||||
test: test-debian test-alpine
|
||||
|
@ -1,4 +1,4 @@
|
||||
![nginx 1.11.3](https://img.shields.io/badge/nginx-1.11.3-brightgreen.svg) ![License MIT](https://img.shields.io/badge/license-MIT-blue.svg) [![Build Status](https://travis-ci.org/jwilder/nginx-proxy.svg?branch=master)](https://travis-ci.org/jwilder/nginx-proxy) [![](https://img.shields.io/docker/stars/jwilder/nginx-proxy.svg)](https://hub.docker.com/r/jwilder/nginx-proxy 'DockerHub') [![](https://img.shields.io/docker/pulls/jwilder/nginx-proxy.svg)](https://hub.docker.com/r/jwilder/nginx-proxy 'DockerHub')
|
||||
![nginx 1.11.8](https://img.shields.io/badge/nginx-1.11.8-brightgreen.svg) ![License MIT](https://img.shields.io/badge/license-MIT-blue.svg) [![Build Status](https://travis-ci.org/jwilder/nginx-proxy.svg?branch=master)](https://travis-ci.org/jwilder/nginx-proxy) [![](https://img.shields.io/docker/stars/jwilder/nginx-proxy.svg)](https://hub.docker.com/r/jwilder/nginx-proxy 'DockerHub') [![](https://img.shields.io/docker/pulls/jwilder/nginx-proxy.svg)](https://hub.docker.com/r/jwilder/nginx-proxy 'DockerHub')
|
||||
|
||||
|
||||
nginx-proxy sets up a container running nginx and [docker-gen][1]. docker-gen generates reverse proxy configs for nginx and reloads nginx when containers are started and stopped.
|
||||
@ -125,6 +125,9 @@ $ docker run --volumes-from nginx \
|
||||
Finally, start your containers with `VIRTUAL_HOST` environment variables.
|
||||
|
||||
$ docker run -e VIRTUAL_HOST=foo.bar.com ...
|
||||
### SSL Support using letsencrypt
|
||||
|
||||
[letsencrypt-nginx-proxy-companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion)is a lightweight companion container for the nginx-proxy. It allow the creation/renewal of Let's Encrypt certificates automatically.
|
||||
|
||||
### SSL Support
|
||||
|
||||
@ -224,6 +227,7 @@ proxy_set_header Connection $proxy_connection;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
|
||||
proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
|
||||
proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
|
||||
|
||||
# Mitigate httpoxy attack (see README for details)
|
||||
|
20
nginx.tmpl
20
nginx.tmpl
@ -38,6 +38,12 @@ map $http_upgrade $proxy_connection {
|
||||
'' close;
|
||||
}
|
||||
|
||||
# Set appropriate X-Forwarded-Ssl header
|
||||
map $scheme $proxy_x_forwarded_ssl {
|
||||
default off;
|
||||
https on;
|
||||
}
|
||||
|
||||
gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
|
||||
|
||||
log_format vhost '$host $remote_addr - $remote_user [$time_local] '
|
||||
@ -58,6 +64,7 @@ proxy_set_header Connection $proxy_connection;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
|
||||
proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
|
||||
proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
|
||||
|
||||
# Mitigate httpoxy attack (see README for details)
|
||||
@ -85,8 +92,9 @@ server {
|
||||
{{ end }}
|
||||
|
||||
{{ range $host, $containers := groupByMulti $ "Env.VIRTUAL_HOST" "," }}
|
||||
|
||||
upstream {{ $host }} {
|
||||
{{ $upstream_name := sha1 $host }}
|
||||
# {{ $host }}
|
||||
upstream {{ $upstream_name }} {
|
||||
{{ range $container := $containers }}
|
||||
{{ $addrLen := len $container.Addresses }}
|
||||
|
||||
@ -179,9 +187,9 @@ server {
|
||||
location / {
|
||||
{{ if eq $proto "uwsgi" }}
|
||||
include uwsgi_params;
|
||||
uwsgi_pass {{ trim $proto }}://{{ trim $host }};
|
||||
uwsgi_pass {{ trim $proto }}://{{ trim $upstream_name }};
|
||||
{{ else }}
|
||||
proxy_pass {{ trim $proto }}://{{ trim $host }};
|
||||
proxy_pass {{ trim $proto }}://{{ trim $upstream_name }};
|
||||
{{ end }}
|
||||
{{ if (exists (printf "/etc/nginx/htpasswd/%s" $host)) }}
|
||||
auth_basic "Restricted {{ $host }}";
|
||||
@ -213,9 +221,9 @@ server {
|
||||
location / {
|
||||
{{ if eq $proto "uwsgi" }}
|
||||
include uwsgi_params;
|
||||
uwsgi_pass {{ trim $proto }}://{{ trim $host }};
|
||||
uwsgi_pass {{ trim $proto }}://{{ trim $upstream_name }};
|
||||
{{ else }}
|
||||
proxy_pass {{ trim $proto }}://{{ trim $host }};
|
||||
proxy_pass {{ trim $proto }}://{{ trim $upstream_name }};
|
||||
{{ end }}
|
||||
{{ if (exists (printf "/etc/nginx/htpasswd/%s" $host)) }}
|
||||
auth_basic "Restricted {{ $host }}";
|
||||
|
@ -43,13 +43,28 @@ function setup {
|
||||
|
||||
@test "[$TEST_FILE] VIRTUAL_HOST=~^foo\.bar\..*\.bats" {
|
||||
# WHEN
|
||||
prepare_web_container bats-wildcard-hosts-2 80 -e VIRTUAL_HOST=~^foo\.bar\..*\.bats
|
||||
dockergen_wait_for_event $SUT_CONTAINER start bats-wildcard-hosts-2
|
||||
prepare_web_container bats-wildcard-hosts-3 80 -e VIRTUAL_HOST=~^foo\.bar\..*\.bats
|
||||
dockergen_wait_for_event $SUT_CONTAINER start bats-wildcard-hosts-3
|
||||
sleep 1
|
||||
|
||||
# THEN
|
||||
assert_200 foo.bar.whatever.bats
|
||||
assert_200 foo.bar.why.not.bats
|
||||
assert_200 foo.bar.why.not.bats-to-infinity-and-beyond
|
||||
assert_503 unexpected.host.bats
|
||||
|
||||
}
|
||||
|
||||
@test "[$TEST_FILE] VIRTUAL_HOST=~^foo\.bar\..*\.bats$" {
|
||||
# WHEN
|
||||
prepare_web_container bats-wildcard-hosts-4 80 -e VIRTUAL_HOST=~^foo\.bar\..*\.bats$
|
||||
dockergen_wait_for_event $SUT_CONTAINER start bats-wildcard-hosts-4
|
||||
sleep 1
|
||||
|
||||
# THEN
|
||||
assert_200 foo.bar.whatever.bats
|
||||
assert_200 foo.bar.why.not.bats
|
||||
assert_503 foo.bar.why.not.bats-to-infinity-and-beyond
|
||||
assert_503 unexpected.host.bats
|
||||
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user