1
0
mirror of https://github.com/thib8956/nginx-proxy synced 2024-11-22 20:06:30 +00:00
Commit Graph

114 Commits

Author SHA1 Message Date
Patrick
3156b97f3a Fallback if container has no IP
Sometimes containers will not be assigned an IP (after reboot or due to misconfiguration). This leads to an incorrect "server <missing ip> down;" line in default.conf and crashes nginx. 
@therealgambo  provided a fix for this: https://github.com/jwilder/nginx-proxy/issues/845
2017-09-13 12:37:06 +02:00
Jason Wilder
f05f7a0ff9 Merge pull request #574 from teohhanhui/ocsp-stapling-chain
Enable OCSP stapling if certificate trust chain is provided
2017-08-16 11:53:17 -06:00
Remi Pichon
fff84de367 Do not bind upstream with 'ingress' network
Merging https://github.com/jwilder/nginx-proxy/pull/774 and a8ee64b059
2017-08-10 12:30:00 +02:00
Teoh Han Hui
065dd7f1ea
Fix build 2017-07-31 17:46:58 +08:00
Steve Kamerman
0cc71fad49
Add dynamically-computed DNS resolvers to nginx (for PR #574) 2017-07-31 17:44:27 +08:00
Jason Wilder
02121df3b9 Merge pull request #589 from kamermans/feature_ssl_improvement
SSL security enhancement
2017-06-22 11:54:51 -06:00
Jason Wilder
57a33aaf8b Merge pull request #849 from Neilpang/Branch_0.6.0
running proxy on host network
2017-06-22 09:50:39 -06:00
Jason Wilder
c41186a3a4 Merge branch 'master' into feature_ssl_improvement 2017-06-14 16:31:12 -06:00
neilpang
a8ee64b059 running proxy on host network 2017-06-10 15:07:45 +08:00
Jason Wilder
4e4733f68e Trim $host and $proto before they are used 2017-06-09 12:55:39 -06:00
Steve Kamerman
ad9af2884d Merged master, fixed BATS conflict 2017-03-06 10:48:12 -05:00
Jason Wilder
985c46d8b5 Merge pull request #679 from thomasleveil/issue-677
regexp: use sha1 for upstream only if regexp is used
2017-02-16 12:11:06 -07:00
Thomas LEVEIL
f0951df040 optional IPv6 support
Fix #127 and fix #717 by improving #713
2017-02-15 11:50:16 +01:00
Marc Schreiber
8b67b2182f Add IPv6 listen address 2017-02-11 13:28:34 +01:00
Steve Kamerman
d320b43476 Merged conflict in BATS SSL test 2017-01-26 13:46:11 -05:00
Thomas LEVEIL
3f6381d0fa regexp: use sha1 for upstream only if regexp is used
avoid confusions such as in #677
2017-01-14 11:40:33 +01:00
Steve Kamerman
276b4dbe3e Merge branch 'master' into feature_nohttps 2017-01-13 13:07:03 -05:00
Steve Kamerman
dfdd67f5a4 Implemented background dhparam generation 2017-01-11 22:43:09 -05:00
Steve Kamerman
f186815c2d Merged upstream 2017-01-11 22:42:35 -05:00
Jason Wilder
3d20c626c8 Merge pull request #359 from sw-double/master
Set appropriate X-Forwarded-Ssl header
2017-01-10 09:21:19 -07:00
Konstantin L
16c9853dc2 Set appropriate X-Forwarded-Ssl header. 2017-01-10 15:44:02 +01:00
Thomas LÉVEIL
019fa89c53 add comment to ease debugging 2017-01-10 10:10:46 +01:00
Thomas LEVEIL
1bfc1c85ce fix regexp in VIRTUAL_HOST using end-of-string matching () 2017-01-08 01:49:05 +01:00
Steve Kamerman
fc7653bf3d Merge branch 'master' into feature_nohttps 2016-12-05 09:06:39 -05:00
Steve Kamerman
b0de80d46b Moved config edits from Dockerfile to template 2016-10-03 10:21:31 -04:00
Steve Kamerman
374b1256cd Add HTTPS_METHOD=https to disable SSL site 2016-10-01 11:22:48 -04:00
Steve Kamerman
d3a0da451a TLSv1 End-of-life pushed to June 30, 2018, rolled back for compatibility 2016-09-29 21:35:37 -04:00
Steve Kamerman
c51c9980cf Removed TLS 1.0 as it is considered unsafe and must be disabled for PCI compliance 2016-09-29 19:52:20 -04:00
Steve Kamerman
6f2b3f1c54 Issue #586 Removed DES-based SSL ciphers 2016-09-29 17:10:17 -04:00
Steve Kamerman
9ef0bb3356 Comment typo 2016-09-29 16:06:53 -04:00
Steve Kamerman
124b8cd757 Honor upstream forwarded port if available 2016-09-29 11:33:21 -04:00
Steve Kamerman
6ebbdb10c7 Merge branch 'master' into feature_x_forwarded_port 2016-09-29 11:26:51 -04:00
Chulki Lee
4661bf4dd9 add ssl_session_tickets to default site
Fixes #580
2016-09-23 21:58:09 -07:00
pvlg
fe9a538ec8 Replace "replace" to "trimSuffix"
I have a domain key-mydomain.com. When I add domain www.key-mydomain.com with ssl cert I did not get the desired result. Function replace cut name ssl cert "www.key-mydomain.com.key" to "www-mydomain.com".
2016-09-17 16:53:01 +03:00
mplx
37323320c8 do not enable HSTS for subdomains 2016-09-12 09:46:59 +02:00
Jason Wilder
ec7169c112 Merge pull request #323 from pabra/master
connect to uWSGI backends
2016-09-09 14:16:08 -06:00
Ruben
87879c1ee2 Update ciphers and HTST settings to get A+ rating
The default config gets you an 'A' rating. Cipher settings are copied from [Mozilla SSL Configartion Generator](https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.10.1&openssl=1.0.1t&hsts=yes&profile=intermediate)
2016-09-01 11:34:56 +02:00
Steve Kamerman
2e29168d92 Added X-Forwarded-Port 2016-07-21 11:23:35 -04:00
Steve Kamerman
fd127517b9 Added comments about httpoxy 2016-07-19 11:03:41 -04:00
Steve Kamerman
357d58ad97 Mitigate httpoxy attack (httpoxy.org, CVE-2016-(5385-5388,1000109-1000110) 2016-07-18 13:34:37 -04:00
Jason Wilder
580517725f Revert 9c93efa 2016-06-13 00:10:49 -06:00
Jason Wilder
d1e6e1c0be Merge pull request #344 from schmunk42/feature/error-code
changed error code for non-usable/default SSL cert, fixes #341
2016-06-12 15:54:40 -06:00
Jason Wilder
fc619d63ad Merge pull request #460 from kumy/patch-1
Fix a typo in comment
2016-06-12 15:28:40 -06:00
Jason Wilder
c36b42933d Merge pull request #462 from kamermans/master
Disable HSTS when HTTPS_METHOD=noredirect
2016-06-12 15:28:08 -06:00
Jason Wilder
9c93efaef9 Fix template error when /etc/nginx/certs does not exist 2016-06-12 14:10:40 -06:00
Steve Kamerman
da3e257843 Removed HSTS when HTTPS_METHOD=noredirect, added tests, improved docs wrt HSTS 2016-05-19 23:20:43 -04:00
kumy
8c76ea9f9b Fix a typo in comment 2016-05-17 01:46:46 +02:00
Jason Wilder
5b9264d945 Merge pull request #298 from kamermans/master
Added env var to disable SSL redirect
2016-05-01 17:45:45 -06:00
Baptiste Donaux
ebab7cf2b9 [TEMPLATE] fix variable call 2016-02-23 13:59:30 +01:00
Baptiste Donaux
658e20f661 Support container in one network shared with current container 2016-02-05 09:16:43 +01:00