1
0
mirror of https://github.com/thib8956/nginx-proxy synced 2024-11-24 04:46:31 +00:00
Commit Graph

588 Commits

Author SHA1 Message Date
Mike Dillon
2010332395 Support per-VIRTUAL_HOST Nginx conf files 2015-02-22 09:25:50 -08:00
Jason Wilder
a431122d8b Merge pull request #102 from md5/virtual-proto
Support VIRTUAL_PROTO=https for HTTPS backends
2015-02-15 16:32:33 -07:00
Mike Dillon
3f199d56c1 Add VIRTUAL_PROTO to README.md 2015-02-14 16:19:27 -08:00
Mike Dillon
6c3b3c87be Support VIRTUAL_PROTO=https for HTTPS backends 2015-02-14 16:02:39 -08:00
Jason Wilder
93ee4acb23 Fix grammar 2015-02-03 14:55:14 -07:00
Jason Wilder
71a17c127f Update SSL doc grammar 2015-01-29 09:42:58 -07:00
Paulo Ragonha
37e4a0d00e fixes SSL support while mixing HTTPS and non-HTTPS services
nginx was throwing the following error: `no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking`

ref: https://github.com/jwilder/nginx-proxy/issues/74
2015-01-22 14:37:10 -02:00
Jason Wilder
71a7ce39b2 Merge pull request #90 from schmunk42/feature/wildcard-dns
added wildcard hosts, fixes #89
2015-01-21 21:36:13 -07:00
Tobias Munk
134e037d48 added wildcard hosts, fixes #89 2015-01-22 02:46:51 +01:00
Jason Wilder
450ecf23ed Add nginx/license badges 2015-01-14 09:51:21 -07:00
Jason Wilder
824c424d53 Merge pull request #77 from jperville/allow-longer-virtual-host-names
Allow for even longer virtual host names (should work to at least 50 chars).
2015-01-12 16:45:50 -07:00
Jason Wilder
07793dbc48 Merge pull request #81 from asmundg/x-gzip-javascript
Gzip application/javascript
2015-01-12 16:34:19 -07:00
Jason Wilder
67933f0e29 Merge pull request #84 from wenlock/master
Adding license for usage
2015-01-08 12:37:24 -07:00
Edward Raigosa
231fe01c81 Adding license for usage
Adding a license so we can use it with other projects.
2015-01-08 11:29:04 -08:00
Åsmund Grammeltvedt
36039f8e13 Gzip application/javascript
As per RFC4329, nginx uses application/javascript as the default MIME
type for .js files. Nginx-proxy will now gzip these files if the client
requests it.
2015-01-05 13:31:26 +01:00
Julien Pervillé
d7e499e4e6 Allow for even longer virtual host names (should work to at least 50 chars). 2015-01-02 10:49:21 +06:30
Ben Hall
30a53fb60a Ability to set a default host for nginx 2014-12-24 12:21:40 +00:00
Albert Murillo Aguirre
6d646d92f8 Basic Authentication Support 2014-12-19 16:26:42 -07:00
Jason Wilder
56b4a2e182 Fix README grammar 2014-12-15 12:30:58 -07:00
Jason Wilder
654e037741 Merge pull request #65 from josephpage/patch-1
Bump to nginx 1.7.8
2014-12-13 16:59:29 -07:00
Jason Wilder
e546afd4bc Merge pull request #66 from maxcnunes/fix-server-name-max-length
fixes problem to set server name max length…
2014-12-13 16:56:57 -07:00
Max Claus Nunes
10bc94f6db fixes problem to set server name max length…
current base image does not have commented configurations which means is impossible to use the previous configuration to set the server name max length
2014-12-13 10:00:45 -02:00
Joseph Page
a668579392 Bump to nginx 1.7.8 2014-12-10 11:37:44 +01:00
Jason Wilder
4a38297009 Merge pull request #62 from md5/log-format-host
Add $host to logs
2014-12-08 10:23:31 -07:00
Mike Dillon
ac1f2d8875 Include Host or SERVER_NAME in logs 2014-12-06 17:46:25 -08:00
Mike Dillon
54b9043323 Remove redundant access_log and error_log 2014-12-06 17:45:59 -08:00
Jason Wilder
1aef35678e Merge branch 'thaJeztah-switch-to-nginx-image' 2014-12-03 11:15:33 -07:00
Jason Wilder
db924dba76 Use nginx:1.7.7 2014-12-03 11:12:01 -07:00
Jason Wilder
080a5157e6 Remove OCSP stapling
Looks like it was not actually working before and failing silently
because ssl_trusted_certificate was not specified.  Will need to
revisit implementing this functionality so removing it for now
to prevent the warnings logged by nginx now.
2014-12-03 11:06:11 -07:00
Sebastiaan van Stijn
3c5843264e Switch to official nginx base-image.
This changes the base-image to the official nginx image,
reducing the virtual size of the image by approx 50%.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2014-12-03 10:20:58 +01:00
Jason Wilder
0580726415 Ensure cert exists before referencing it 2014-12-02 23:29:00 -07:00
Jason Wilder
35b81f5092 Fix separate containers instructions 2014-12-02 16:17:58 -07:00
Jason Wilder
50839742f2 Grammar/formatting 2014-12-02 14:43:50 -07:00
Jason Wilder
61c3933e0e Merge pull request #56 from jwilder/jw-https
Add SSL Support
2014-12-01 17:40:44 -07:00
Jason Wilder
51c5c172ee Update README w/ SSL docs 2014-11-27 12:49:44 -07:00
Jason Wilder
2e43a5459b Add SSL support
This adds SSL support for containers.  It supports single host
certificates, wildcards and SNI using naming conventions for
certificates or optionally specify a cert name (for SNI).  The SSL
cipher configuration is based on mozilla intermediate profile which
should provide compatibility with clients back to Firefox 1, Chrome 1,
IE 7, Opera 5, Safari 1, Windows XP IE8, Android 2.3, Java 7.  The
configuration also enables OCSP stapling, HSTS, and ssl session caches.

To enable SSL, nginx-proxy should be started w/ -p 443:443 and -v
/path/to/certs:/etc/nginx/certs.  Certificates must be named:
<virtualhost>.crt and <virtualhost>.key where <virtualhost> matches
the a value of VIRTUAL_HOST on a container.

For wildcard certificates, the certificate and private key should be
named after the wildcard domain with .crt and .key suffixes.  For example,
*.example.com should be name example.com.crt and example.com.key.

For SNI where a certificate may be used for multiple domain names, the
container can specify a CERT_NAME env var that corresponds to the base
file name of the certificate and key.  For example, if you have a cert
allowing *.example.com and *.bar.com, it can be name shared.crt and
shared.key.  A container can use that cert by having CERT_NAME=shared and
VIRTUAL_HOST=foo.example.com.  The name "shared" is arbitrary and can
be whatever makes sense.

The behavior for the proxy when port 80 and 443 is defined is as
follows:

* If a container has a usable cert, port 80 will redirect to
443 for that container to always prefer HTTPS when available.
* If the container does not have a usable cert 503 will be returned.

In the last case, a self-signed or generic cert can be defined as
"default.crt" and "default.key" which will allow a client browser to
at least make a SSL connection.
2014-11-27 12:49:38 -07:00
Jason Wilder
7c4d0d22ac upgrade to docker-gen 0.3.6 2014-11-26 15:48:17 -07:00
Jason Wilder
20093a1f83 Merge pull request #52 from thaJeztah/optimize-dockerfile
Optimize Dockerfile.
2014-11-26 10:38:23 -07:00
Sebastiaan van Stijn
d68be71a3f Optimize Dockerfile.
This optimizes the Dockerfile by;

- Combining RUN statements so that files are removed in the
  same layer as they are added.
- Removing the downloaded .tar.gz of the docker-gen binary
  after expanding
- Adding `--no-install-recommends` (but explicitly installing
  ca-certificates)
- Replacing `ADD` with `COPY` (recommended if no unpacking is
  required)

Also added a `.dockerignore` file to prevent the `.git` directory
and README.md being added to the image.

These changes reduce the size of the image with 34 MB (was 268.4 MB,
now 233.9 MB), and results in less layers being produced.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2014-11-26 11:00:01 +01:00
Jason Wilder
1a03ac35c6 Merge pull request #49 from md5/reduce-redundancy
Simplify template output
2014-11-25 17:58:57 -07:00
Mike Dillon
0306692b31 Move gzip_types, access_log, and error_log to http 2014-11-25 16:56:16 -08:00
Mike Dillon
a84aee4a84 Drop unused index variables from range statement 2014-11-25 16:56:16 -08:00
Mike Dillon
3414a02edf Make template more readable
* $value -> $container
2014-11-25 16:56:16 -08:00
Mike Dillon
e1bbe8cde0 Raise proxy_buffering statement to http level 2014-11-25 16:56:16 -08:00
Mike Dillon
5b9e8c4554 Move settings that don't differ per container to the top level 2014-11-25 16:56:16 -08:00
Jason Wilder
a912287461 Merge pull request #50 from bettse/master
Typo in readme
2014-11-16 08:45:12 -08:00
Eric Betts
f117bfa5f3 Typo in readme 2014-11-15 20:47:38 -08:00
Jason Wilder
55878cd36c Merge pull request #46 from md5/connection-upgrade
Send "Connection: upgrade" when "Upgrade" header is received
2014-10-30 10:23:16 -06:00
Mike Dillon
6c2221bdcc Set "Connection: upgrade" when we receive an "Upgrade" header
Fixes #37
2014-10-25 17:13:17 -07:00
Mike Dillon
0028cdafe9 Add comment about X-Forwarded-Proto mapping 2014-10-25 17:13:04 -07:00