From d1cf6b57d7bc1637b83aba03e52352a02037d1d9 Mon Sep 17 00:00:00 2001
From: Nicolas Duchon <nicolas.duchon@gmail.com>
Date: Tue, 15 Jun 2021 00:00:50 +0200
Subject: [PATCH 1/4] docs: custom external HTTP/HTTPS ports

---
 README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/README.md b/README.md
index c596e1a..5e12190 100644
--- a/README.md
+++ b/README.md
@@ -115,6 +115,12 @@ $ docker network connect my-other-network my-nginx-proxy
 
 In this example, the `my-nginx-proxy` container will be connected to `my-network` and `my-other-network` and will be able to proxy to other containers attached to those networks.
 
+### Custom external HTTP/HTTPS ports
+
+If you want to use `nginx-proxy` with different external ports that the default ones of `80` for `HTTP` traffic and `443` for `HTTPS` traffic, you'll have to use the environment variable(s) `HTTP_PORT` and/or `HTTPS_PORT` in addition to the changes to the Docker port mapping. Typical usage, here with the custom ports `1080` and `10443`:
+
+    $ docker run -d -p 1080:1080 -p 10443:10443 -e HTTP_PORT=1080 -e HTTPS_PORT=10443 -v /var/run/docker.sock:/tmp/docker.sock:ro nginxproxy/nginx-proxy
+
 ### Internet vs. Local Network Access
 
 If you allow traffic from the public internet to access your `nginx-proxy` container, you may want to restrict some containers to the internal network only, so they cannot be accessed from the public internet.  On containers that should be restricted to the internal network, you should set the environment variable `NETWORK_ACCESS=internal`.  By default, the *internal* network is defined as `127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16`.  To change the list of networks considered internal, mount a file on the `nginx-proxy` at `/etc/nginx/network_internal.conf` with these contents, edited to suit your needs:

From 6bb7c376059e5bbd63d8c111316dbac44cf1a2e7 Mon Sep 17 00:00:00 2001
From: John Stucklen <john.stucklen@runkeeper.com>
Date: Tue, 15 Jun 2021 00:13:06 +0200
Subject: [PATCH 2/4] test: custom HTTP port

---
 test/test_http_port.py  |  8 ++++++++
 test/test_http_port.yml | 15 +++++++++++++++
 2 files changed, 23 insertions(+)
 create mode 100644 test/test_http_port.py
 create mode 100644 test/test_http_port.yml

diff --git a/test/test_http_port.py b/test/test_http_port.py
new file mode 100644
index 0000000..26302c5
--- /dev/null
+++ b/test/test_http_port.py
@@ -0,0 +1,8 @@
+import pytest
+
+
+@pytest.mark.parametrize("subdomain", ["foo", "bar"])
+def test_web1_http_custom_port(docker_compose, nginxproxy, subdomain):
+    r = nginxproxy.get("http://%s.nginx-proxy.tld:8080/port" % subdomain, allow_redirects=False)
+    assert r.status_code == 200
+    assert "answer from port 81\n" in r.text
\ No newline at end of file
diff --git a/test/test_http_port.yml b/test/test_http_port.yml
new file mode 100644
index 0000000..a7fa0eb
--- /dev/null
+++ b/test/test_http_port.yml
@@ -0,0 +1,15 @@
+web1:
+  image: web
+  expose:
+    - "81"
+  environment:
+    WEB_PORTS: "81"
+    VIRTUAL_HOST: "*.nginx-proxy.tld"
+
+sut:
+  image: nginxproxy/nginx-proxy:test
+  volumes:
+    - /var/run/docker.sock:/tmp/docker.sock:ro
+    - ./lib/ssl/dhparam.pem:/etc/nginx/dhparam/dhparam.pem:ro
+  environment:
+    HTTP_PORT: 8080
\ No newline at end of file

From fa8b0d7bad7727dd115c356a0f96f6e3c7af1a6e Mon Sep 17 00:00:00 2001
From: John Stucklen <john.stucklen@runkeeper.com>
Date: Tue, 15 Jun 2021 00:22:17 +0200
Subject: [PATCH 3/4] fix: HTTPS redirection with custom HTTPS port

---
 README.md  | 2 +-
 nginx.tmpl | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 5e12190..8d007d2 100644
--- a/README.md
+++ b/README.md
@@ -117,7 +117,7 @@ In this example, the `my-nginx-proxy` container will be connected to `my-network
 
 ### Custom external HTTP/HTTPS ports
 
-If you want to use `nginx-proxy` with different external ports that the default ones of `80` for `HTTP` traffic and `443` for `HTTPS` traffic, you'll have to use the environment variable(s) `HTTP_PORT` and/or `HTTPS_PORT` in addition to the changes to the Docker port mapping. Typical usage, here with the custom ports `1080` and `10443`:
+If you want to use `nginx-proxy` with different external ports that the default ones of `80` for `HTTP` traffic and `443` for `HTTPS` traffic, you'll have to use the environment variable(s) `HTTP_PORT` and/or `HTTPS_PORT` in addition to the changes to the Docker port mapping. If you change the `HTTPS` port, the redirect for `HTTPS` traffic will also be configured to redirect to the custom port. Typical usage, here with the custom ports `1080` and `10443`:
 
     $ docker run -d -p 1080:1080 -p 10443:10443 -e HTTP_PORT=1080 -e HTTPS_PORT=10443 -v /var/run/docker.sock:/tmp/docker.sock:ro nginxproxy/nginx-proxy
 
diff --git a/nginx.tmpl b/nginx.tmpl
index 1dfbaba..ce55b72 100644
--- a/nginx.tmpl
+++ b/nginx.tmpl
@@ -276,7 +276,11 @@ server {
 	}
 	
 	location / {
+		{{ if eq $external_https_port "443" }}
 		return 301 https://$host$request_uri;
+		{{ else }}
+		return 301 https://$host:{{ $external_https_port }}$request_uri;
+		{{ end }}
 	}
 }
 {{ end }}

From 790785f1abdf8076913cbdb894ca06a7cb0f94de Mon Sep 17 00:00:00 2001
From: John Stucklen <john.stucklen@runkeeper.com>
Date: Tue, 15 Jun 2021 00:38:32 +0200
Subject: [PATCH 4/4] test: custom HTTPS port and redirection

---
 test/test_ssl/test_https_port.py  | 14 ++++++++++++++
 test/test_ssl/test_https_port.yml | 17 +++++++++++++++++
 2 files changed, 31 insertions(+)
 create mode 100644 test/test_ssl/test_https_port.py
 create mode 100644 test/test_ssl/test_https_port.yml

diff --git a/test/test_ssl/test_https_port.py b/test/test_ssl/test_https_port.py
new file mode 100644
index 0000000..214d4d9
--- /dev/null
+++ b/test/test_ssl/test_https_port.py
@@ -0,0 +1,14 @@
+import pytest
+
+@pytest.mark.parametrize("subdomain", ["foo", "bar"])
+def test_web1_http_redirects_to_https(docker_compose, nginxproxy, subdomain):
+    r = nginxproxy.get("http://%s.nginx-proxy.tld:8080/" % subdomain, allow_redirects=False)
+    assert r.status_code == 301
+    assert "Location" in r.headers
+    assert "https://%s.nginx-proxy.tld:8443/" % subdomain == r.headers['Location']
+
+@pytest.mark.parametrize("subdomain", ["foo", "bar"])
+def test_web1_https_is_forwarded(docker_compose, nginxproxy, subdomain):
+    r = nginxproxy.get("https://%s.nginx-proxy.tld:8443/port" % subdomain, allow_redirects=False)
+    assert r.status_code == 200
+    assert "answer from port 81\n" in r.text
\ No newline at end of file
diff --git a/test/test_ssl/test_https_port.yml b/test/test_ssl/test_https_port.yml
new file mode 100644
index 0000000..adcf2a8
--- /dev/null
+++ b/test/test_ssl/test_https_port.yml
@@ -0,0 +1,17 @@
+web1:
+  image: web
+  expose:
+    - "81"
+  environment:
+    WEB_PORTS: "81"
+    VIRTUAL_HOST: "*.nginx-proxy.tld"
+
+sut:
+  image: nginxproxy/nginx-proxy:test
+  volumes:
+    - /var/run/docker.sock:/tmp/docker.sock:ro
+    - ../lib/ssl/dhparam.pem:/etc/nginx/dhparam/dhparam.pem:ro
+    - ./certs:/etc/nginx/certs:ro
+  environment:
+    HTTP_PORT: 8080
+    HTTPS_PORT: 8443
\ No newline at end of file