mirror of
https://github.com/thib8956/nginx-proxy
synced 2024-11-22 03:46:29 +00:00
Update Readme
This commit is contained in:
Pan Teparak
parent
31d2ed172b
commit
92379d8131
28
README.md
28
README.md
@ -150,12 +150,12 @@ Finally, start your containers with `VIRTUAL_HOST` environment variables.
|
|||||||
$ docker run -e VIRTUAL_HOST=foo.bar.com ...
|
$ docker run -e VIRTUAL_HOST=foo.bar.com ...
|
||||||
### SSL Support using letsencrypt
|
### SSL Support using letsencrypt
|
||||||
|
|
||||||
[letsencrypt-nginx-proxy-companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion) is a lightweight companion container for the nginx-proxy. It allow the creation/renewal of Let's Encrypt certificates automatically.
|
[letsencrypt-nginx-proxy-companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion) is a lightweight companion container for the nginx-proxy. It allow the creation/renewal of Let's Encrypt certificates automatically.
|
||||||
|
|
||||||
Set `GENERATE_DHPARAM` environment variable to `false` to disabled Diffie-Hellman parameters completely. This will also ignore auto-generation made by `nginx-proxy`.
|
Set `DHPARAM_GENERATION` environment variable to `false` to disabled Diffie-Hellman parameters completely. This will also ignore auto-generation made by `nginx-proxy`.
|
||||||
The default value is `true`
|
The default value is `true`
|
||||||
|
|
||||||
$ docker run -e GENERATE_DHPARAM=false ....
|
$ docker run -e DHPARAM_GENERATION=false ....
|
||||||
### SSL Support
|
### SSL Support
|
||||||
|
|
||||||
SSL is supported using single host, wildcard and SNI certificates using naming conventions for
|
SSL is supported using single host, wildcard and SNI certificates using naming conventions for
|
||||||
@ -187,7 +187,7 @@ at startup. Since it can take minutes to generate a new `dhparam.pem`, it is do
|
|||||||
background. Once generation is complete, the `dhparams.pem` is saved on a persistent volume and nginx
|
background. Once generation is complete, the `dhparams.pem` is saved on a persistent volume and nginx
|
||||||
is reloaded. This generation process only occurs the first time you start `nginx-proxy`.
|
is reloaded. This generation process only occurs the first time you start `nginx-proxy`.
|
||||||
|
|
||||||
> COMPATIBILITY WARNING: The default generated `dhparam.pem` key is 2048 bits for A+ security. Some
|
> COMPATIBILITY WARNING: The default generated `dhparam.pem` key is 2048 bits for A+ security. Some
|
||||||
> older clients (like Java 6 and 7) do not support DH keys with over 1024 bits. In order to support these
|
> older clients (like Java 6 and 7) do not support DH keys with over 1024 bits. In order to support these
|
||||||
> clients, you must either provide your own `dhparam.pem`, or tell `nginx-proxy` to generate a 1024-bit
|
> clients, you must either provide your own `dhparam.pem`, or tell `nginx-proxy` to generate a 1024-bit
|
||||||
> key on startup by passing `-e DHPARAM_BITS=1024`.
|
> key on startup by passing `-e DHPARAM_BITS=1024`.
|
||||||
@ -210,7 +210,7 @@ The SSL cipher configuration is based on the [Mozilla nginx intermediate profile
|
|||||||
should provide compatibility with clients back to Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1,
|
should provide compatibility with clients back to Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1,
|
||||||
Windows XP IE8, Android 2.3, Java 7. Note that the DES-based TLS ciphers were removed for security.
|
Windows XP IE8, Android 2.3, Java 7. Note that the DES-based TLS ciphers were removed for security.
|
||||||
The configuration also enables HSTS, PFS, OCSP stapling and SSL session caches. Currently TLS 1.0, 1.1 and 1.2
|
The configuration also enables HSTS, PFS, OCSP stapling and SSL session caches. Currently TLS 1.0, 1.1 and 1.2
|
||||||
are supported. TLS 1.0 is deprecated but its end of life is not until June 30, 2018. It is being
|
are supported. TLS 1.0 is deprecated but its end of life is not until June 30, 2018. It is being
|
||||||
included because the following browsers will stop working when it is removed: Chrome < 22, Firefox < 27,
|
included because the following browsers will stop working when it is removed: Chrome < 22, Firefox < 27,
|
||||||
IE < 11, Safari < 7, iOS < 5, Android Browser < 5.
|
IE < 11, Safari < 7, iOS < 5, Android Browser < 5.
|
||||||
|
|
||||||
@ -227,12 +227,12 @@ a 500.
|
|||||||
|
|
||||||
To serve traffic in both SSL and non-SSL modes without redirecting to SSL, you can include the
|
To serve traffic in both SSL and non-SSL modes without redirecting to SSL, you can include the
|
||||||
environment variable `HTTPS_METHOD=noredirect` (the default is `HTTPS_METHOD=redirect`). You can also
|
environment variable `HTTPS_METHOD=noredirect` (the default is `HTTPS_METHOD=redirect`). You can also
|
||||||
disable the non-SSL site entirely with `HTTPS_METHOD=nohttp`, or disable the HTTPS site with
|
disable the non-SSL site entirely with `HTTPS_METHOD=nohttp`, or disable the HTTPS site with
|
||||||
`HTTPS_METHOD=nohttps`. `HTTPS_METHOD` must be specified on each container for which you want to
|
`HTTPS_METHOD=nohttps`. `HTTPS_METHOD` must be specified on each container for which you want to
|
||||||
override the default behavior. If `HTTPS_METHOD=noredirect` is used, Strict Transport Security (HSTS)
|
override the default behavior. If `HTTPS_METHOD=noredirect` is used, Strict Transport Security (HSTS)
|
||||||
is disabled to prevent HTTPS users from being redirected by the client. If you cannot get to the HTTP
|
is disabled to prevent HTTPS users from being redirected by the client. If you cannot get to the HTTP
|
||||||
site after changing this setting, your browser has probably cached the HSTS policy and is automatically
|
site after changing this setting, your browser has probably cached the HSTS policy and is automatically
|
||||||
redirecting you back to HTTPS. You will need to clear your browser's HSTS cache or use an incognito
|
redirecting you back to HTTPS. You will need to clear your browser's HSTS cache or use an incognito
|
||||||
window / different browser.
|
window / different browser.
|
||||||
|
|
||||||
### Basic Authentication Support
|
### Basic Authentication Support
|
||||||
@ -348,7 +348,7 @@ Before submitting pull requests or issues, please check github to make sure an e
|
|||||||
To run tests, you need to prepare the docker image to test which must be tagged `jwilder/nginx-proxy:test`:
|
To run tests, you need to prepare the docker image to test which must be tagged `jwilder/nginx-proxy:test`:
|
||||||
|
|
||||||
docker build -t jwilder/nginx-proxy:test . # build the Debian variant image
|
docker build -t jwilder/nginx-proxy:test . # build the Debian variant image
|
||||||
|
|
||||||
and call the [test/pytest.sh](test/pytest.sh) script.
|
and call the [test/pytest.sh](test/pytest.sh) script.
|
||||||
|
|
||||||
Then build the Alpine variant of the image:
|
Then build the Alpine variant of the image:
|
||||||
@ -361,6 +361,6 @@ and call the [test/pytest.sh](test/pytest.sh) script again.
|
|||||||
If your system has the `make` command, you can automate those tasks by calling:
|
If your system has the `make` command, you can automate those tasks by calling:
|
||||||
|
|
||||||
make test
|
make test
|
||||||
|
|
||||||
|
|
||||||
You can learn more about how the test suite works and how to write new tests in the [test/README.md](test/README.md) file.
|
|
||||||
|
You can learn more about how the test suite works and how to write new tests in the [test/README.md](test/README.md) file.
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user