1
0
mirror of https://github.com/thib8956/nginx-proxy synced 2024-11-25 05:16:30 +00:00
Commit Graph

142 Commits

Author SHA1 Message Date
Maurits van Mastrigt
11d644d645
Do not HTTPS redirect Let'sEncrypt ACME challenge
The auto renewal of Let'sEncrypt certificates fails due to the HTTPS redirect of the ACME challenge.

This workaround resolves the issue:
https://gist.github.com/codekitchen/2c519eb7572002afab6a5f979cd42913#file-letsencrypt-diff

Found through this comment:
https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion/issues/526#issuecomment-476253642
2019-10-01 16:00:41 +02:00
Jason Wilder
4443ee8b5a
Merge pull request #1116 from qiqizjl/master
fix fastcgi bug
2019-09-26 13:21:12 -06:00
came88
eba7d8af77
Fix comment about Mozilla Modern Policy and TLS1.3
Thanks to @deAtog for pointing it out
2019-09-09 12:45:20 +02:00
Lorenzo Cameroni
26e764950f Update ssl configuration 2019-08-29 22:14:14 +02:00
Steve Kamerman
936e57a6de
Fixed #1080, can't disable HSTS with noredirect 2018-08-01 11:30:06 -04:00
Steve Kamerman
4e6900e872
Added TLSv1.3 support 2018-04-22 18:29:35 -04:00
耐小心
59aa78a4a6 fix fastcgi bug 2018-04-17 21:52:58 +08:00
Jason Wilder
ccbbbeb928
Merge pull request #1073 from b1f6c1c4/b1f6c1c4-patch-1
Add HSTS header regardless of status code
2018-03-30 17:34:02 -04:00
耐小心
1c7ccc473f fix fastcgi bug 2018-03-30 09:47:57 +08:00
Jason Wilder
6290f38069
Merge pull request #1106 from hwellmann/master
do not create an empty upstream entry for invisible containers
2018-03-23 12:14:37 -06:00
Jason Wilder
1dce981707
Merge pull request #984 from sydoveton/master
OCSP Stapling was not working
2018-03-23 08:57:27 -06:00
Harald Wellmann
b61c841929 do not create an empty upstream entry for a container from an invisible Docker network 2018-03-22 10:56:41 +01:00
Sergei Filippov
37714fa4f8
Grammar Police
Tiny grammatical fix.
2018-03-09 10:48:14 +13:00
b1f6c1c4
7a769a6a22
Add HSTS header regardless of status code
See nginx [doc](http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header) and [blog](https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/).
2018-02-20 17:59:52 +08:00
Jason Wilder
226bfe158f
Merge pull request #926 from Paike/patch-1
Fallback if container has no IP
2018-01-20 23:04:40 -07:00
mouhamed
1eac894902
Remove duplicate 2018-01-09 21:12:37 +01:00
Sy Doveton
6e9dc343cd
Changed the SSL stapling cert extension to pem from crt. SSL stapling was not working due to the incorrect file extension. 2017-11-19 11:35:30 +00:00
Nicolas Duchon
bf16afc665 Use enumerable SSL_POLICY instead of bool 2017-11-18 09:18:55 +01:00
Nicolas Duchon
ea80027525
Merge branch 'master' into ssl-modern 2017-11-16 22:47:25 +01:00
Steve Kamerman
a312472fb5
Added custom HSTS support (issue #953) 2017-11-08 22:30:24 -05:00
Nicolas Duchon
ea98780960 Enable optional mozilla modern profile 2017-10-27 10:28:42 +02:00
Nicolas Duchon
2528a35656 Don't presume the existence of default dhparam
The default dhparam at /etc/nginx/dhparam/dhparam.pem won't be auto generated with the separate containers setup.
2017-10-25 12:32:09 +02:00
Jason Wilder
3ef600a3b5 Merge pull request #842 from kamermans/feature/external_internal_network
Allow containers to be restricted to internal network
2017-10-20 10:04:08 -06:00
Jason Wilder
fc36514eb8 Merge pull request #863 from qiqizjl/master
support fastcgi
2017-10-20 10:00:27 -06:00
Steve Kamerman
93d90884e2
Implemented NETWORK_ACCESS (squash commit) 2017-10-18 13:29:12 -04:00
Patrick
3156b97f3a Fallback if container has no IP
Sometimes containers will not be assigned an IP (after reboot or due to misconfiguration). This leads to an incorrect "server <missing ip> down;" line in default.conf and crashes nginx. 
@therealgambo  provided a fix for this: https://github.com/jwilder/nginx-proxy/issues/845
2017-09-13 12:37:06 +02:00
Jason Wilder
f05f7a0ff9 Merge pull request #574 from teohhanhui/ocsp-stapling-chain
Enable OCSP stapling if certificate trust chain is provided
2017-08-16 11:53:17 -06:00
Remi Pichon
fff84de367 Do not bind upstream with 'ingress' network
Merging https://github.com/jwilder/nginx-proxy/pull/774 and a8ee64b059
2017-08-10 12:30:00 +02:00
Teoh Han Hui
065dd7f1ea
Fix build 2017-07-31 17:46:58 +08:00
Steve Kamerman
0cc71fad49
Add dynamically-computed DNS resolvers to nginx (for PR #574) 2017-07-31 17:44:27 +08:00
耐小心
2eb2ae9c93 support fastcgi 2017-06-24 14:48:05 +08:00
耐小心
29fffd6de8 Revert "support fastcgi"
This reverts commit 8ac755e1d6.
2017-06-24 14:05:42 +08:00
NaiXiaoXin
8ac755e1d6 support fastcgi 2017-06-24 13:51:02 +08:00
Jason Wilder
02121df3b9 Merge pull request #589 from kamermans/feature_ssl_improvement
SSL security enhancement
2017-06-22 11:54:51 -06:00
Jason Wilder
57a33aaf8b Merge pull request #849 from Neilpang/Branch_0.6.0
running proxy on host network
2017-06-22 09:50:39 -06:00
Jason Wilder
c41186a3a4 Merge branch 'master' into feature_ssl_improvement 2017-06-14 16:31:12 -06:00
neilpang
a8ee64b059 running proxy on host network 2017-06-10 15:07:45 +08:00
Jason Wilder
4e4733f68e Trim $host and $proto before they are used 2017-06-09 12:55:39 -06:00
Steve Kamerman
ad9af2884d Merged master, fixed BATS conflict 2017-03-06 10:48:12 -05:00
Jason Wilder
985c46d8b5 Merge pull request #679 from thomasleveil/issue-677
regexp: use sha1 for upstream only if regexp is used
2017-02-16 12:11:06 -07:00
Thomas LEVEIL
f0951df040 optional IPv6 support
Fix #127 and fix #717 by improving #713
2017-02-15 11:50:16 +01:00
Marc Schreiber
8b67b2182f Add IPv6 listen address 2017-02-11 13:28:34 +01:00
Steve Kamerman
d320b43476 Merged conflict in BATS SSL test 2017-01-26 13:46:11 -05:00
Thomas LEVEIL
3f6381d0fa regexp: use sha1 for upstream only if regexp is used
avoid confusions such as in #677
2017-01-14 11:40:33 +01:00
Steve Kamerman
276b4dbe3e Merge branch 'master' into feature_nohttps 2017-01-13 13:07:03 -05:00
Steve Kamerman
dfdd67f5a4 Implemented background dhparam generation 2017-01-11 22:43:09 -05:00
Steve Kamerman
f186815c2d Merged upstream 2017-01-11 22:42:35 -05:00
Jason Wilder
3d20c626c8 Merge pull request #359 from sw-double/master
Set appropriate X-Forwarded-Ssl header
2017-01-10 09:21:19 -07:00
Konstantin L
16c9853dc2 Set appropriate X-Forwarded-Ssl header. 2017-01-10 15:44:02 +01:00
Thomas LÉVEIL
019fa89c53 add comment to ease debugging 2017-01-10 10:10:46 +01:00