Steve Kamerman
2e29168d92
Added X-Forwarded-Port
2016-07-21 11:23:35 -04:00
Steve Kamerman
fd127517b9
Added comments about httpoxy
2016-07-19 11:03:41 -04:00
Steve Kamerman
357d58ad97
Mitigate httpoxy attack (httpoxy.org, CVE-2016-(5385-5388,1000109-1000110)
2016-07-18 13:34:37 -04:00
Jason Wilder
580517725f
Revert 9c93efa
2016-06-13 00:10:49 -06:00
Jason Wilder
d1e6e1c0be
Merge pull request #344 from schmunk42/feature/error-code
...
changed error code for non-usable/default SSL cert, fixes #341
2016-06-12 15:54:40 -06:00
Jason Wilder
fc619d63ad
Merge pull request #460 from kumy/patch-1
...
Fix a typo in comment
2016-06-12 15:28:40 -06:00
Jason Wilder
c36b42933d
Merge pull request #462 from kamermans/master
...
Disable HSTS when HTTPS_METHOD=noredirect
2016-06-12 15:28:08 -06:00
Jason Wilder
9c93efaef9
Fix template error when /etc/nginx/certs does not exist
2016-06-12 14:10:40 -06:00
Steve Kamerman
da3e257843
Removed HSTS when HTTPS_METHOD=noredirect, added tests, improved docs wrt HSTS
2016-05-19 23:20:43 -04:00
kumy
8c76ea9f9b
Fix a typo in comment
2016-05-17 01:46:46 +02:00
Jason Wilder
5b9264d945
Merge pull request #298 from kamermans/master
...
Added env var to disable SSL redirect
2016-05-01 17:45:45 -06:00
Baptiste Donaux
ebab7cf2b9
[TEMPLATE] fix variable call
2016-02-23 13:59:30 +01:00
Baptiste Donaux
658e20f661
Support container in one network shared with current container
2016-02-05 09:16:43 +01:00
Tobias Munk
b4e5f780e3
changed error code for non-usable/default SSL cert, fixes #341
2016-01-21 12:31:03 +01:00
Baptiste Donaux
a66115f560
Use new Network interface to support new overlay network
2016-01-17 12:29:55 +01:00
Steve Kamerman
97c6340a9f
Implemented HTTPS noredir
2015-11-20 17:37:06 -05:00
Steve Kamerman
9dd6ad8503
First try at HTTPS_METHOD
2015-11-20 16:53:50 -05:00
Marius Gundersen
1e0b930174
trim whitespace from host and port
...
based on latest docker-gen
2015-10-13 21:48:59 +02:00
Jonas Svatos
5c2280df84
fix condition for default config location
...
Signed-off-by: Jonas Svatos <jonas.svatos@etnetera.cz>
2015-10-08 12:03:28 +02:00
Mike Dillon
6b5e12a946
Add missing access_log statement to HTTPS fallback
2015-10-06 21:18:00 -07:00
Aleš Roubíček
e06d5917a2
Use HTTP/2 instead of SPDY
2015-09-23 17:48:40 +02:00
Aleš Roubíček
249fb204f1
Use HTTP/2 instead of SPDY
2015-09-23 17:47:18 +02:00
Jason Wilder
8c193ba7e1
Merge pull request #215 from gradecam/feature/customize_improvements
...
customizability improvements
2015-09-12 15:23:53 -06:00
Jason Wilder
bddb647b5f
Merge pull request #230 from appropriate/remove_duplicate_access_log_entries
...
Remove duplicate access log entries
2015-09-12 15:12:31 -06:00
Mike Dillon
900a676af8
Move access_log from the http level to server
...
This prevents duplicate access_log entries from being written for each request
2015-09-03 08:33:33 -07:00
CoreOS Admin
ae0da36d75
Fix bugs in config file from refactor
2015-08-29 18:38:43 -06:00
Ray Walker
d066bd32e0
Fix for #188 - add SSL server block outside hosts loop
2015-08-26 18:35:47 +10:00
Ray Walker
d3f56468b1
Fix for #188 - remove hostname from default SSL block
2015-08-26 12:49:59 +10:00
Mike Dillon
924fcd7984
Remove error_log setting from nginx.tmpl
...
It's already set correctly in nginx.conf
2015-08-23 09:00:23 -07:00
Richard Bateman
405f4876b9
As per pull request feedback, update names to be consistent
2015-08-14 12:26:19 -06:00
Richard Bateman
d9ee7ed704
Add support for adding options to the location block of a vhost
2015-08-14 12:26:19 -06:00
Richard Bateman
b131b00e19
Add support for vhosts.d/defaults file with default vhost options
...
- Only used if it exists and a vhost-specific one doesn't
2015-08-14 12:26:19 -06:00
Richard Bateman
2eff96969a
Add support for overriding default proxy settings
...
- If /etc/nginx/proxy.conf exists use that, otherwise use the default
2015-08-14 12:26:07 -06:00
Wolfgang Ebner
6965b1ead4
fallback when DEFAULT_HOST is not set
2015-07-26 11:38:45 +02:00
Wolfgang Ebner
b0647dd5e9
set default_server also for https
2015-07-24 10:39:56 +02:00
Viranch Mehta
4f5351265a
Use define & template for re-usable blocks of upstream server template
2015-07-15 20:51:10 +05:30
Viranch Mehta
784507df1a
Cascade two else blocks into one using coalesce on VIRTUAL_PORT and 80
...
This also takes care of the case when VIRTUAL_PORT is not actually
exposed.
2015-07-11 01:19:44 +05:30
Viranch Mehta
c4923d1f58
Use container host's IP:port if we're connected to a swarm master
2015-07-04 18:43:52 +05:30
Mike Dillon
f36ca3d7a3
Prevent generating broken config
...
Fixes #115
2015-06-23 17:05:12 -07:00
Kuo-Cheng Yeu
d74a4146c8
fix indention, and file nameing
2015-05-21 23:43:09 +08:00
Kuo-Cheng Yeu
a10d1b50bf
add support for ssl_dhparams to prevent 'Logjam' attack
2015-05-21 15:19:58 +08:00
Jason Wilder
503072c03f
Merge pull request #72 from BenHall/default_host
...
Ability to set a default host for nginx
2015-05-14 10:00:04 -06:00
Markus Kosmal
b680fb003e
Close marker instead of empty
2015-05-09 23:15:26 +02:00
Kuo-Cheng Yeu
4d2403b5d7
Add SPDY support
2015-04-29 14:41:25 +08:00
Jason Wilder
4a99ac5548
Remove includeSubdomains from HSTS header
...
includeSubdomains can lead to issues where not all subdomains are
able to use HTTPS. This options might be too strict for the general
case: https://www.owasp.org/index.php/HTTP_Strict_Transport_Security .
It can be re-enabled w/ a custom template if needed.
Fixes #109
2015-02-28 15:50:59 -07:00
Mike Dillon
aa5dfdb3d5
Fix HTTP->HTTPS redirect for wildcard hosts
...
Uses Nginx's $host instead of interpolating `{{ $host }}` in the template
2015-02-25 10:29:59 -08:00
Jason Wilder
d831c058f3
Merge pull request #106 from md5/per-vhost-includes
...
Per VIRTUAL_HOST configuration files
2015-02-23 12:20:55 -07:00
Jason Wilder
c3534b7195
Merge pull request #91 from pirelenito/master
...
fixes SSL support while mixing HTTPS and non-HTTPS hosts
2015-02-22 15:00:48 -07:00
Mike Dillon
2010332395
Support per-VIRTUAL_HOST Nginx conf files
2015-02-22 09:25:50 -08:00
Mike Dillon
6c3b3c87be
Support VIRTUAL_PROTO=https for HTTPS backends
2015-02-14 16:02:39 -08:00