114 Commits

Author	SHA1	Message	Date
Patrick	3156b97f3a	Fallback if container has no IP ... Sometimes containers will not be assigned an IP (after reboot or due to misconfiguration). This leads to an incorrect "server <missing ip> down;" line in default.conf and crashes nginx. @therealgambo provided a fix for this: https://github.com/jwilder/nginx-proxy/issues/845	2017-09-13 12:37:06 +02:00
Jason Wilder	f05f7a0ff9	Merge pull request #574 from teohhanhui/ocsp-stapling-chain ... Enable OCSP stapling if certificate trust chain is provided	2017-08-16 11:53:17 -06:00
Remi Pichon	fff84de367	Do not bind upstream with 'ingress' network ... Merging https://github.com/jwilder/nginx-proxy/pull/774 and a8ee64b059	2017-08-10 12:30:00 +02:00
Teoh Han Hui	065dd7f1ea	Fix build	2017-07-31 17:46:58 +08:00
Steve Kamerman	0cc71fad49	Add dynamically-computed DNS resolvers to nginx (for PR #574)	2017-07-31 17:44:27 +08:00
Jason Wilder	02121df3b9	Merge pull request #589 from kamermans/feature_ssl_improvement ... SSL security enhancement	2017-06-22 11:54:51 -06:00
Jason Wilder	57a33aaf8b	Merge pull request #849 from Neilpang/Branch_0.6.0 ... running proxy on host network	2017-06-22 09:50:39 -06:00
Jason Wilder	c41186a3a4	Merge branch 'master' into feature_ssl_improvement	2017-06-14 16:31:12 -06:00
neilpang	a8ee64b059	running proxy on host network	2017-06-10 15:07:45 +08:00
Jason Wilder	4e4733f68e	Trim $host and $proto before they are used	2017-06-09 12:55:39 -06:00
Steve Kamerman	ad9af2884d	Merged master, fixed BATS conflict	2017-03-06 10:48:12 -05:00
Jason Wilder	985c46d8b5	Merge pull request #679 from thomasleveil/issue-677 ... regexp: use sha1 for upstream only if regexp is used	2017-02-16 12:11:06 -07:00
Thomas LEVEIL	f0951df040	optional IPv6 support ... Fix #127 and fix #717 by improving #713	2017-02-15 11:50:16 +01:00
Marc Schreiber	8b67b2182f	Add IPv6 listen address	2017-02-11 13:28:34 +01:00
Steve Kamerman	d320b43476	Merged conflict in BATS SSL test	2017-01-26 13:46:11 -05:00
Thomas LEVEIL	3f6381d0fa	regexp: use sha1 for upstream only if regexp is used ... avoid confusions such as in #677	2017-01-14 11:40:33 +01:00
Steve Kamerman	276b4dbe3e	Merge branch 'master' into feature_nohttps	2017-01-13 13:07:03 -05:00
Steve Kamerman	dfdd67f5a4	Implemented background dhparam generation	2017-01-11 22:43:09 -05:00
Steve Kamerman	f186815c2d	Merged upstream	2017-01-11 22:42:35 -05:00
Jason Wilder	3d20c626c8	Merge pull request #359 from sw-double/master ... Set appropriate X-Forwarded-Ssl header	2017-01-10 09:21:19 -07:00
Konstantin L	16c9853dc2	Set appropriate X-Forwarded-Ssl header.	2017-01-10 15:44:02 +01:00
Thomas LÉVEIL	019fa89c53	add comment to ease debugging	2017-01-10 10:10:46 +01:00
Thomas LEVEIL	1bfc1c85ce	fix regexp in VIRTUAL_HOST using end-of-string matching ()	2017-01-08 01:49:05 +01:00
Steve Kamerman	fc7653bf3d	Merge branch 'master' into feature_nohttps	2016-12-05 09:06:39 -05:00
Steve Kamerman	b0de80d46b	Moved config edits from Dockerfile to template	2016-10-03 10:21:31 -04:00
Steve Kamerman	374b1256cd	Add HTTPS_METHOD=https to disable SSL site	2016-10-01 11:22:48 -04:00
Steve Kamerman	d3a0da451a	TLSv1 End-of-life pushed to June 30, 2018, rolled back for compatibility	2016-09-29 21:35:37 -04:00
Steve Kamerman	c51c9980cf	Removed TLS 1.0 as it is considered unsafe and must be disabled for PCI compliance	2016-09-29 19:52:20 -04:00
Steve Kamerman	6f2b3f1c54	Issue #586 Removed DES-based SSL ciphers	2016-09-29 17:10:17 -04:00
Steve Kamerman	9ef0bb3356	Comment typo	2016-09-29 16:06:53 -04:00
Steve Kamerman	124b8cd757	Honor upstream forwarded port if available	2016-09-29 11:33:21 -04:00
Steve Kamerman	6ebbdb10c7	Merge branch 'master' into feature_x_forwarded_port	2016-09-29 11:26:51 -04:00
Chulki Lee	4661bf4dd9	add ssl_session_tickets to default site ... Fixes #580	2016-09-23 21:58:09 -07:00
pvlg	fe9a538ec8	Replace "replace" to "trimSuffix" ... I have a domain key-mydomain.com. When I add domain www.key-mydomain.com with ssl cert I did not get the desired result. Function replace cut name ssl cert "www.key-mydomain.com.key" to "www-mydomain.com".	2016-09-17 16:53:01 +03:00
mplx	37323320c8	do not enable HSTS for subdomains	2016-09-12 09:46:59 +02:00
Jason Wilder	ec7169c112	Merge pull request #323 from pabra/master ... connect to uWSGI backends	2016-09-09 14:16:08 -06:00
Ruben	87879c1ee2	Update ciphers and HTST settings to get A+ rating ... The default config gets you an 'A' rating. Cipher settings are copied from [Mozilla SSL Configartion Generator](https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.10.1&openssl=1.0.1t&hsts=yes&profile=intermediate)	2016-09-01 11:34:56 +02:00
Steve Kamerman	2e29168d92	Added X-Forwarded-Port	2016-07-21 11:23:35 -04:00
Steve Kamerman	fd127517b9	Added comments about httpoxy	2016-07-19 11:03:41 -04:00
Steve Kamerman	357d58ad97	Mitigate httpoxy attack (httpoxy.org, CVE-2016-(5385-5388,1000109-1000110)	2016-07-18 13:34:37 -04:00
Jason Wilder	580517725f	Revert 9c93efa	2016-06-13 00:10:49 -06:00
Jason Wilder	d1e6e1c0be	Merge pull request #344 from schmunk42/feature/error-code ... changed error code for non-usable/default SSL cert, fixes #341	2016-06-12 15:54:40 -06:00
Jason Wilder	fc619d63ad	Merge pull request #460 from kumy/patch-1 ... Fix a typo in comment	2016-06-12 15:28:40 -06:00
Jason Wilder	c36b42933d	Merge pull request #462 from kamermans/master ... Disable HSTS when HTTPS_METHOD=noredirect	2016-06-12 15:28:08 -06:00
Jason Wilder	9c93efaef9	Fix template error when /etc/nginx/certs does not exist	2016-06-12 14:10:40 -06:00
Steve Kamerman	da3e257843	Removed HSTS when HTTPS_METHOD=noredirect, added tests, improved docs wrt HSTS	2016-05-19 23:20:43 -04:00
kumy	8c76ea9f9b	Fix a typo in comment	2016-05-17 01:46:46 +02:00
Jason Wilder	5b9264d945	Merge pull request #298 from kamermans/master ... Added env var to disable SSL redirect	2016-05-01 17:45:45 -06:00
Baptiste Donaux	ebab7cf2b9	[TEMPLATE] fix variable call	2016-02-23 13:59:30 +01:00
Baptiste Donaux	658e20f661	Support container in one network shared with current container	2016-02-05 09:16:43 +01:00