mirror of
https://github.com/thib8956/nginx-proxy
synced 2024-11-22 03:46:29 +00:00
Update Readme
This commit is contained in:
Pan Teparak
parent
31d2ed172b
commit
92379d8131
28
README.md
28
README.md
@ -150,12 +150,12 @@ Finally, start your containers with `VIRTUAL_HOST` environment variables.
|
||||
$ docker run -e VIRTUAL_HOST=foo.bar.com ...
|
||||
### SSL Support using letsencrypt
|
||||
|
||||
[letsencrypt-nginx-proxy-companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion) is a lightweight companion container for the nginx-proxy. It allow the creation/renewal of Let's Encrypt certificates automatically.
|
||||
[letsencrypt-nginx-proxy-companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion) is a lightweight companion container for the nginx-proxy. It allow the creation/renewal of Let's Encrypt certificates automatically.
|
||||
|
||||
Set `GENERATE_DHPARAM` environment variable to `false` to disabled Diffie-Hellman parameters completely. This will also ignore auto-generation made by `nginx-proxy`.
|
||||
Set `DHPARAM_GENERATION` environment variable to `false` to disabled Diffie-Hellman parameters completely. This will also ignore auto-generation made by `nginx-proxy`.
|
||||
The default value is `true`
|
||||
|
||||
$ docker run -e GENERATE_DHPARAM=false ....
|
||||
$ docker run -e DHPARAM_GENERATION=false ....
|
||||
### SSL Support
|
||||
|
||||
SSL is supported using single host, wildcard and SNI certificates using naming conventions for
|
||||
@ -187,7 +187,7 @@ at startup. Since it can take minutes to generate a new `dhparam.pem`, it is do
|
||||
background. Once generation is complete, the `dhparams.pem` is saved on a persistent volume and nginx
|
||||
is reloaded. This generation process only occurs the first time you start `nginx-proxy`.
|
||||
|
||||
> COMPATIBILITY WARNING: The default generated `dhparam.pem` key is 2048 bits for A+ security. Some
|
||||
> COMPATIBILITY WARNING: The default generated `dhparam.pem` key is 2048 bits for A+ security. Some
|
||||
> older clients (like Java 6 and 7) do not support DH keys with over 1024 bits. In order to support these
|
||||
> clients, you must either provide your own `dhparam.pem`, or tell `nginx-proxy` to generate a 1024-bit
|
||||
> key on startup by passing `-e DHPARAM_BITS=1024`.
|
||||
@ -210,7 +210,7 @@ The SSL cipher configuration is based on the [Mozilla nginx intermediate profile
|
||||
should provide compatibility with clients back to Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1,
|
||||
Windows XP IE8, Android 2.3, Java 7. Note that the DES-based TLS ciphers were removed for security.
|
||||
The configuration also enables HSTS, PFS, OCSP stapling and SSL session caches. Currently TLS 1.0, 1.1 and 1.2
|
||||
are supported. TLS 1.0 is deprecated but its end of life is not until June 30, 2018. It is being
|
||||
are supported. TLS 1.0 is deprecated but its end of life is not until June 30, 2018. It is being
|
||||
included because the following browsers will stop working when it is removed: Chrome < 22, Firefox < 27,
|
||||
IE < 11, Safari < 7, iOS < 5, Android Browser < 5.
|
||||
|
||||
@ -227,12 +227,12 @@ a 500.
|
||||
|
||||
To serve traffic in both SSL and non-SSL modes without redirecting to SSL, you can include the
|
||||
environment variable `HTTPS_METHOD=noredirect` (the default is `HTTPS_METHOD=redirect`). You can also
|
||||
disable the non-SSL site entirely with `HTTPS_METHOD=nohttp`, or disable the HTTPS site with
|
||||
`HTTPS_METHOD=nohttps`. `HTTPS_METHOD` must be specified on each container for which you want to
|
||||
override the default behavior. If `HTTPS_METHOD=noredirect` is used, Strict Transport Security (HSTS)
|
||||
is disabled to prevent HTTPS users from being redirected by the client. If you cannot get to the HTTP
|
||||
site after changing this setting, your browser has probably cached the HSTS policy and is automatically
|
||||
redirecting you back to HTTPS. You will need to clear your browser's HSTS cache or use an incognito
|
||||
disable the non-SSL site entirely with `HTTPS_METHOD=nohttp`, or disable the HTTPS site with
|
||||
`HTTPS_METHOD=nohttps`. `HTTPS_METHOD` must be specified on each container for which you want to
|
||||
override the default behavior. If `HTTPS_METHOD=noredirect` is used, Strict Transport Security (HSTS)
|
||||
is disabled to prevent HTTPS users from being redirected by the client. If you cannot get to the HTTP
|
||||
site after changing this setting, your browser has probably cached the HSTS policy and is automatically
|
||||
redirecting you back to HTTPS. You will need to clear your browser's HSTS cache or use an incognito
|
||||
window / different browser.
|
||||
|
||||
### Basic Authentication Support
|
||||
@ -348,7 +348,7 @@ Before submitting pull requests or issues, please check github to make sure an e
|
||||
To run tests, you need to prepare the docker image to test which must be tagged `jwilder/nginx-proxy:test`:
|
||||
|
||||
docker build -t jwilder/nginx-proxy:test . # build the Debian variant image
|
||||
|
||||
|
||||
and call the [test/pytest.sh](test/pytest.sh) script.
|
||||
|
||||
Then build the Alpine variant of the image:
|
||||
@ -361,6 +361,6 @@ and call the [test/pytest.sh](test/pytest.sh) script again.
|
||||
If your system has the `make` command, you can automate those tasks by calling:
|
||||
|
||||
make test
|
||||
|
||||
|
||||
You can learn more about how the test suite works and how to write new tests in the [test/README.md](test/README.md) file.
|
||||
|
||||
You can learn more about how the test suite works and how to write new tests in the [test/README.md](test/README.md) file.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user