thib8956/nginx-proxy
1
0
Fork 0
mirror of https://github.com/thib8956/nginx-proxy synced 2025-08-23 07:51:56 +00:00
Code Issues Releases Wiki Activity
1,503 Commits 3 Branches 6 Tags
554689cc08d7d504dbe8182b039542a8d5e6a001
Commit Graph

309 Commits

Author SHA1 Message Date
Povilas Kanapickas
4c8f22ebcc feat: support ACME challenges for unknown virtual hosts 
Currently any ACME challenge for unknown virtual host returns 503. This
is inconvenient because if the user does not use wildcard certificates,
then the user must match the configuration of certificate renewal script
to what virtual hosts are enabled at the time.

This must be done automatically, because due to short certificate
lifetime the renewal script runs automatically. Additionally, enabling a
previously disabled virtual host forces certificate renewal.

Accordingly, it's worthwhile supporting unknown virtual hosts for the
purposes of passing ACME challenges. This is done by introducing a
global ACME_HTTP_CHALLENGE_ACCEPT_UNKNOWN_HOST variable to control this.
 2025-05-19 20:10:02 +02:00
Nicolas Duchon
40744f6f41 refactor: deduplicate code 2025-05-11 12:28:32 +02:00
Knapoc
9711ade7a6 feat: allow nginx / docker-gen network segregation 
* fix merge conflicts
 2025-04-22 11:58:44 +02:00
Nicolas Duchon
18030a7896 Merge pull request #1737 from junderw/fix-redirect 
feat: redirect non-GET methods using 308 instead of 301
 2025-01-18 22:03:27 +01:00
Nicolas Duchon
9fc7cec15c feat: customizable non get redirect code 2025-01-18 20:25:01 +01:00
junderw
1859811311 feat: redirect using 308 for non-GET requests 2025-01-18 20:25:01 +01:00
Nicolas Duchon
9bd84fc95e fix: add proto to VIRTUAL_HOST_MULTIPORTS 2024-12-08 11:59:48 +01:00
Nicolas Duchon
271e31dec4 fix: wildcard certificates should only work one level deep 2024-12-07 19:33:53 +01:00
Nicolas Duchon
5aea820aaa feat: PREFER_IPV6_NETWORK environment variable 2024-05-15 19:38:18 +02:00
Mehdi Zakaria Benadel
a4c694fefc feat: basic implementation of ipv6 for ipv6 docker networks 2024-05-03 17:41:07 +02:00
Nicolas Duchon
469765bbb7 feat: default certificate optional trust 2024-11-03 23:56:39 +01:00
Nicolas Duchon
023a3d17da fix: force enable HTTP when both vhost and default cert are missing 2024-11-03 21:06:23 +01:00
Nicolas Duchon
57e503c830 feat: trust default certificate 2024-11-03 20:10:32 +01:00
Nicolas Duchon
b0efe80f05 fix: debug endpoint formatting 2024-11-26 01:06:51 +01:00
Nicolas Duchon
90e9308f87 refactor: better virtual hosts merging 2024-11-26 01:06:01 +01:00
Nicolas Duchon
f325dadd6a refactor: enhance readability 2024-11-26 01:05:08 +01:00
Nicolas Duchon
4d03645200 refactor: deduplicate upstream_name definition 2024-11-26 01:01:55 +01:00
Nicolas Duchon
52ffab1ce6 feat: enable keepalive by default 2024-11-25 09:16:57 +01:00
Nicolas Duchon
fdb7310cda fix: do not render regexp hostname in debug endpoint response 2024-11-04 23:03:01 +01:00
Nicolas Duchon
fbf3e2f458 docs: complete debug endpoint docs 2024-11-03 11:44:50 +01:00
Nicolas Duchon
7d909782f9 refactor: move debug's hostname into vhost 2024-11-03 11:28:39 +01:00
Nicolas Duchon
72bb8a66d8 refactor: further align template syntax 2024-11-02 23:45:31 +01:00
Nicolas Duchon
01d14f0942 refactor: align global config template syntax 2024-11-02 23:11:39 +01:00
Nicolas Duchon
cab2a2d151 refactor: move log configs to $globals.config 2024-11-02 22:05:58 +01:00
Nicolas Duchon
a06cd1ae9a refactor: move resolvers to $globals.config 2024-11-02 21:58:37 +01:00
Nicolas Duchon
946485e0b8 refactor: move default host to $globals.config 2024-11-02 21:52:27 +01:00
Nicolas Duchon
db0421eb4a refactor: move https method to $globals.config 2024-11-02 21:46:56 +01:00
Nicolas Duchon
30b909de8e refactor: move https enforcing to $globals.config 2024-11-02 21:32:41 +01:00
Nicolas Duchon
dcbb695a4b refactor: move global http2/http3 to $globals.config 2024-11-02 21:19:14 +01:00
Nicolas Duchon
07aef2bd83 refactor: move global acme challenge location to $globals.config 2024-11-02 21:13:56 +01:00
Nicolas Duchon
52100c40af refactor: move global hsts to $globals.config 2024-11-02 21:02:16 +01:00
Nicolas Duchon
32ad9b7102 feat: protection against too long debug response 2024-11-02 16:04:21 +01:00
Nicolas Duchon
dce7663b69 refactor: remove duplicate code 2024-11-02 16:04:21 +01:00
Nicolas Duchon
fe52878940 refactor: expose clearly access log status in debug endpoint 2024-11-02 16:04:21 +01:00
Nicolas Duchon
ebed622fd7 feat: nginx-proxy debug endpoint 2024-11-02 16:04:21 +01:00
Nicolas Duchon
8fed348ff7 refactor: move global config properties to a sub dict 2024-11-02 16:04:21 +01:00
Nicolas Duchon
73ba28091a fix: use sha1 hash for config files when using regex host 2024-11-01 20:32:00 +01:00
Nicolas Duchon
8417046748 Merge pull request #2510 from liuxiaoy/patch-1 
fix: correctly enable TLSv1 and TLSv1.1
 2024-10-12 19:33:33 +02:00
Nicolas Duchon
3ba0678ce5 fix: re-enable TLSv1 and TLSv1.1 on relevant policies 2024-10-06 15:45:10 +02:00
Nicolas Duchon
712a7ef176 fix: reject SSL handshake rather than using empty certificate 2024-10-03 09:57:20 +02:00
liuxy
246da3ff85 Fix nginx.tmpl when enabled TLSv1 TLSv1.1 2024-09-13 14:23:16 +08:00
mikfar
c5f054ed36 fix: limit exposed ports in template comment to 10 (#2494) 
Co-authored-by: Nicolas Duchon <nicolas.duchon@gmail.com>
 2024-07-29 21:00:42 +02:00
Nicolas Duchon
5f4e77b6e7 fix: use fastcgi.conf on alpine and fastcgi_params on debien 2024-07-29 18:15:04 +02:00
Gilles Filippini
4606b15309 fix: nohttp(s) shouldn't disable fallback server 
Say we have two containers:
- `app1` with `HTTPS_METHOD=redirect`
- `app2` with `HTTPS_METHOD=nohttps`

Without this change the fallback answer on an HTTPS request to an unknown
server would change depending on whether `app1` is up (503) or not
(connection refused). This is not wanted.

In case someone doesn't want HTTPS at all, they just have to not bind
port 443.
 2024-06-06 22:04:15 +02:00
Gilles Filippini
60b123d249 feat: ENABLE_HTTP_ON_MISSING_CERT variable 
Default: true
 2024-06-06 11:26:17 +02:00
Nicolas Duchon
4bd542de99 feat: handle acme challenge location by default 2024-06-05 08:47:11 +02:00
pini-gh
9cf736f1f8 feat: variable ACME_HTTP_CHALLENGE_LOCATION (#2468) 
Values:
* `legacy` (default): generate location blocks for ACME HTP Challenge
  excepted when `HTTPS_METHOD=noredirect` or there is no certificate for
  the domain
* `true`: generate location blocks for ACME HTP Challenge in all cases
* `false`: do not generate location blocks for ACME HTP Challenge

This feature is currently needed because acme-companion may generate
the HTTP Challenge configuration while it was done already by nginx-proxy
(see #2465#issuecomment-2136361373).

Also sometimes a hardcoded ACME challenge location is not wanted because
the challenge validation is not done with acme-companion / Let's Encrypt,
and with a challenge location setup differently.
 2024-05-31 00:10:44 +02:00
pini-gh
5f3ec18b28 docs: explicit policy on missing certificate (#2465) 
* chore/doc: explicit policy on missing certificate

This doesn't change the current nginx-proxy behavior, but makes explicit
the current HTTPS_METHOD policy on missing certificate.

* fix: bad wording about missing certificate

Co-authored-by: Nicolas Duchon <nicolas.duchon@gmail.com>

* docs: typo in suggestion

---------

Co-authored-by: Nicolas Duchon <nicolas.duchon@gmail.com>
 2024-05-27 20:50:13 +02:00
Nicolas Duchon
fb9c3a646a feat: custom default error page (#2430) 
* feat: customizable error page

* fix: use regex on catchall root location to fix DEFAULT_ROOT=none test

* docs: custom error pages

* fix: don't use default nginx image error page

* docs: small fix
 2024-05-22 08:23:48 +02:00
Rodrigo Aguilera
8e372c39c2 fix: include a complete fastcgi_params config 2024-05-16 13:11:50 +02:00