thib8956/nginx-proxy
1
0
Fork 0
mirror of https://github.com/thib8956/nginx-proxy synced 2025-02-24 09:48:14 +00:00
Code Issues Releases Wiki Activity
1,414 Commits 3 Branches 6 Tags
Commit Graph

302 Commits

Author SHA1 Message Date
Nicolas Duchon
271e31dec4 fix: wildcard certificates should only work one level deep 2024-12-07 19:33:53 +01:00
Nicolas Duchon
5aea820aaa feat: PREFER_IPV6_NETWORK environment variable 2024-05-15 19:38:18 +02:00
Mehdi Zakaria Benadel
a4c694fefc feat: basic implementation of ipv6 for ipv6 docker networks 2024-05-03 17:41:07 +02:00
Nicolas Duchon
469765bbb7 feat: default certificate optional trust 2024-11-03 23:56:39 +01:00
Nicolas Duchon
023a3d17da fix: force enable HTTP when both vhost and default cert are missing 2024-11-03 21:06:23 +01:00
Nicolas Duchon
57e503c830 feat: trust default certificate 2024-11-03 20:10:32 +01:00
Nicolas Duchon
b0efe80f05 fix: debug endpoint formatting 2024-11-26 01:06:51 +01:00
Nicolas Duchon
90e9308f87 refactor: better virtual hosts merging 2024-11-26 01:06:01 +01:00
Nicolas Duchon
f325dadd6a refactor: enhance readability 2024-11-26 01:05:08 +01:00
Nicolas Duchon
4d03645200 refactor: deduplicate upstream_name definition 2024-11-26 01:01:55 +01:00
Nicolas Duchon
52ffab1ce6 feat: enable keepalive by default 2024-11-25 09:16:57 +01:00
Nicolas Duchon
fdb7310cda fix: do not render regexp hostname in debug endpoint response 2024-11-04 23:03:01 +01:00
Nicolas Duchon
fbf3e2f458 docs: complete debug endpoint docs 2024-11-03 11:44:50 +01:00
Nicolas Duchon
7d909782f9 refactor: move debug's hostname into vhost 2024-11-03 11:28:39 +01:00
Nicolas Duchon
72bb8a66d8 refactor: further align template syntax 2024-11-02 23:45:31 +01:00
Nicolas Duchon
01d14f0942 refactor: align global config template syntax 2024-11-02 23:11:39 +01:00
Nicolas Duchon
cab2a2d151 refactor: move log configs to $globals.config 2024-11-02 22:05:58 +01:00
Nicolas Duchon
a06cd1ae9a refactor: move resolvers to $globals.config 2024-11-02 21:58:37 +01:00
Nicolas Duchon
946485e0b8 refactor: move default host to $globals.config 2024-11-02 21:52:27 +01:00
Nicolas Duchon
db0421eb4a refactor: move https method to $globals.config 2024-11-02 21:46:56 +01:00
Nicolas Duchon
30b909de8e refactor: move https enforcing to $globals.config 2024-11-02 21:32:41 +01:00
Nicolas Duchon
dcbb695a4b refactor: move global http2/http3 to $globals.config 2024-11-02 21:19:14 +01:00
Nicolas Duchon
07aef2bd83 refactor: move global acme challenge location to $globals.config 2024-11-02 21:13:56 +01:00
Nicolas Duchon
52100c40af refactor: move global hsts to $globals.config 2024-11-02 21:02:16 +01:00
Nicolas Duchon
32ad9b7102 feat: protection against too long debug response 2024-11-02 16:04:21 +01:00
Nicolas Duchon
dce7663b69 refactor: remove duplicate code 2024-11-02 16:04:21 +01:00
Nicolas Duchon
fe52878940 refactor: expose clearly access log status in debug endpoint 2024-11-02 16:04:21 +01:00
Nicolas Duchon
ebed622fd7 feat: nginx-proxy debug endpoint 2024-11-02 16:04:21 +01:00
Nicolas Duchon
8fed348ff7 refactor: move global config properties to a sub dict 2024-11-02 16:04:21 +01:00
Nicolas Duchon
73ba28091a fix: use sha1 hash for config files when using regex host 2024-11-01 20:32:00 +01:00
Nicolas Duchon
8417046748
Merge pull request #2510 from liuxiaoy/patch-1 
fix: correctly enable TLSv1 and TLSv1.1
 2024-10-12 19:33:33 +02:00
Nicolas Duchon
3ba0678ce5 fix: re-enable TLSv1 and TLSv1.1 on relevant policies 2024-10-06 15:45:10 +02:00
Nicolas Duchon
712a7ef176 fix: reject SSL handshake rather than using empty certificate 2024-10-03 09:57:20 +02:00
liuxy
246da3ff85
Fix nginx.tmpl when enabled TLSv1 TLSv1.1 2024-09-13 14:23:16 +08:00
mikfar
c5f054ed36
fix: limit exposed ports in template comment to 10 (#2494) 
Co-authored-by: Nicolas Duchon <nicolas.duchon@gmail.com>
 2024-07-29 21:00:42 +02:00
Nicolas Duchon
5f4e77b6e7 fix: use fastcgi.conf on alpine and fastcgi_params on debien 2024-07-29 18:15:04 +02:00
Gilles Filippini
4606b15309 fix: nohttp(s) shouldn't disable fallback server 
Say we have two containers:
- `app1` with `HTTPS_METHOD=redirect`
- `app2` with `HTTPS_METHOD=nohttps`

Without this change the fallback answer on an HTTPS request to an unknown
server would change depending on whether `app1` is up (503) or not
(connection refused). This is not wanted.

In case someone doesn't want HTTPS at all, they just have to not bind
port 443.
 2024-06-06 22:04:15 +02:00
Gilles Filippini
60b123d249 feat: ENABLE_HTTP_ON_MISSING_CERT variable 
Default: true
 2024-06-06 11:26:17 +02:00
Nicolas Duchon
4bd542de99
feat: handle acme challenge location by default 2024-06-05 08:47:11 +02:00
pini-gh
9cf736f1f8
feat: variable ACME_HTTP_CHALLENGE_LOCATION (#2468) 
Values:
* `legacy` (default): generate location blocks for ACME HTP Challenge
  excepted when `HTTPS_METHOD=noredirect` or there is no certificate for
  the domain
* `true`: generate location blocks for ACME HTP Challenge in all cases
* `false`: do not generate location blocks for ACME HTP Challenge

This feature is currently needed because acme-companion may generate
the HTTP Challenge configuration while it was done already by nginx-proxy
(see #2465#issuecomment-2136361373).

Also sometimes a hardcoded ACME challenge location is not wanted because
the challenge validation is not done with acme-companion / Let's Encrypt,
and with a challenge location setup differently.
 2024-05-31 00:10:44 +02:00
pini-gh
5f3ec18b28
docs: explicit policy on missing certificate (#2465) 
* chore/doc: explicit policy on missing certificate

This doesn't change the current nginx-proxy behavior, but makes explicit
the current HTTPS_METHOD policy on missing certificate.

* fix: bad wording about missing certificate

Co-authored-by: Nicolas Duchon <nicolas.duchon@gmail.com>

* docs: typo in suggestion

---------

Co-authored-by: Nicolas Duchon <nicolas.duchon@gmail.com>
 2024-05-27 20:50:13 +02:00
Nicolas Duchon
fb9c3a646a
feat: custom default error page (#2430) 
* feat: customizable error page

* fix: use regex on catchall root location to fix DEFAULT_ROOT=none test

* docs: custom error pages

* fix: don't use default nginx image error page

* docs: small fix
 2024-05-22 08:23:48 +02:00
Rodrigo Aguilera
8e372c39c2
fix: include a complete fastcgi_params config 2024-05-16 13:11:50 +02:00
Gilles Filippini
91652aac48 fix: constistent behavior for HTTPS_METHOD=nohttp 
Without this fix the response of nohttp sites to HTTP requests changes
depending on the existence of at least one HTTP enabled site:
* no HTTP enabled sites -> connection refused
* at least one HTTP enabled site -> 503

This fix ensures the response is always 503.
 2024-05-14 22:37:32 +02:00
Gilles Filippini
6c1b532ffb Improve acme-challenge handling 
So that there is no need anymore for the Let's Encrypt companion to fiddle
with vhosts nginx configuration.

When `HTTPS_METHOD=nohttp` and the certificate is missing, enforce nohttp
instead of switching to `HTTPS_METHOD=redirect`.
 2024-05-13 21:10:48 +02:00
Nicolas Duchon
be7c4c8c85
fix: do not discard containers without VIRTUAL_PATH 
For containers grouped by identical VIRTUAL_HOST,
those with no VIRTUAL_PATH variable were silently discarded
when at least one container with VIRTUAL_PATH existed.
 2024-05-05 16:36:04 +02:00
Nicolas Duchon
53e9a03ac9
feat: print warning on unparsable VIRTUAL_HOST_MULTIPORTS 2024-05-05 16:15:28 +02:00
Nicolas Duchon
0baff189bc
refactor: get rid of get_path_info template 2024-05-05 16:15:28 +02:00
Nicolas Duchon
47e2838e61
refactor: rename VIRTUAL_HOST_YAML -> VIRTUAL_HOST_MULTIPORTS 2024-05-05 16:15:27 +02:00
Nicolas Duchon
62d9c08474
fix: default values if port and dest are missing 2024-05-05 16:15:27 +02:00