mirror/nginx-proxy
1
0
Fork 0
mirror of https://github.com/nginx-proxy/nginx-proxy synced 2024-11-08 07:49:22 +01:00
Code Issues
1,362 Commits 10 Branches 34 Tags 25 MiB
main
Commit Graph

291 Commits

Author SHA1 Message Date
Richard Hansen
0da38122bd chore: Consistent indentation 2023-01-17 00:42:20 -05:00
Richard Hansen
f20662eeaa chore: Use {{- instead of {{ to clean up whitespace 2023-01-17 00:42:20 -05:00
Richard Hansen
d6d8b2205f chore: Fix comment terminators 2023-01-17 00:42:20 -05:00
Richard Hansen
4651bf411d chore: Fix comment for $proxy_connection variable 2023-01-17 00:42:20 -05:00
Richard Hansen
744bd82c54 chore: Combine identical HTTP and HTTPS servers 2023-01-17 00:42:20 -05:00
Richard Hansen
491642b1e9 chore: Factor out duplicate virtual path code 2023-01-17 00:42:20 -05:00
Richard Hansen
14d0f3f222 chore: Rename $container to $containers 
The value is actually a slice/array of containers so it should be
pluralized.
 2023-01-17 00:42:20 -05:00
Richard Hansen
05423c681a fix: Use parseBool to parse boolean strings 2023-01-17 00:42:20 -05:00
Richard Hansen
c117ae8fd8 chore: Use boolean for $server_found variable 2023-01-17 00:42:20 -05:00
浊酒
af877cf784 feat: Add proxy header X-Forwarded-Host 
Co-authored-by: Richard Hansen <rhansen@rhansen.org>
 2022-12-26 17:59:50 -05:00
Nicolas Duchon
6f4f9ec20c
Merge pull request #1927 from rhansen/untrusted-headers 
feat: Option to not trust `X-Forwarded-*` headers from clients
 2022-12-26 20:47:05 +01:00
Richard Hansen
8aa00fcea2 feat: Option to not trust X-Forwarded-* headers from clients 
If header values from a malicious client are passed to the backend
server unchecked and unchanged, the client may be able to subvert
security checks done by the backend server.
 2022-12-19 02:48:01 -05:00
SilverFire - Dmitry Naumenko
510d376f00 Make sure networks order is the same 2022-05-11 12:56:18 +00:00
Nitin Jain
998d56c473 chore: indent location, upstream in template 2022-04-14 13:32:58 +05:30
Richard Hansen
55d913255d Fix IPv6 HTTP listen port 2022-03-20 18:54:07 -04:00
Nicolas Duchon
b6b7133a2e
fix: minor fixes on nginx template 2022-02-24 15:17:47 +01:00
Alexander Lieret
08c9586346
fix: Handle VIRTUAL_PROTO on virtual path basis 2022-02-24 15:08:18 +01:00
Alexander Lieret
28c74e8dae
fix: Move NETWORK_ACCESS to location block 2022-02-24 15:08:18 +01:00
Nicolas Duchon
efb250da01
fix: use most specific custom location config first 
Co-authored-by: Jonathan Underwood <junderwood@bitcoinbank.co.jp>
 2022-02-24 15:08:17 +01:00
Alexander Lieret
33eab70d32
feat: Add custom location block to virtual paths 
This features allows the custom location blocks to be added to the
virtual path based routing. The custom config can be specified for each
container individually.
 2022-02-24 15:08:17 +01:00
Alexander Lieret
4b85e95824
feat: Replace path stripping with variable 
This commit removes the automatic path stripping and replaces it with a
user configurable environment variable. This can be set individually for
each container.
 2022-02-24 15:08:17 +01:00
Alexander Lieret
9df330e51e
feat: Add user customizable default root response 2022-02-24 15:08:15 +01:00
Nicolas Duchon
28c73e5b52
fix: non working https with virtual path 2022-02-24 15:07:49 +01:00
Greg Symons
2901b917a0
feat: support for path-based routing 
Co-authored-by: Josh Trow <josh.trow@gmail.com>
Co-authored-by: Adrian <WolfspiritM@users.noreply.github.com>
Co-authored-by: Rodrigo Aguilera <hi@rodrigoaguilera.net>
Co-authored-by: Alexander Lieret <alexander.lieret@fau.de>
 2022-02-24 15:06:57 +01:00
Nicolas Duchon
fbf37456d0
feat: display container version 2022-01-11 22:38:30 +01:00
Unchun Yang
0780e636f9
Remove unnecessary tabs 2021-10-23 00:08:32 +09:00
Nicolas Duchon
e748ffdce4
feat: sha1 upstream names 2021-08-17 21:51:09 +02:00
Nicolas Duchon
89d37882b6
fix: always use sha1 of hostname as upstream name 2021-08-04 22:28:00 +02:00
Gilles Filippini
dfc84558a5 fix: upstream fallback entry with load balancing 2021-06-21 00:48:21 +02:00
Nicolas Duchon
2006968c05
Merge pull request #1667 from pini-gh/pini-1609 
Use `server 127.0.0.1 down` entry only when required
 2021-06-20 18:04:19 +02:00
Gilles Filippini
fca248a965 fix: server 127.0.0.1 down entry only when required 2021-06-15 23:54:24 +02:00
John Stucklen
fa8b0d7bad
fix: HTTPS redirection with custom HTTPS port 2021-06-15 00:33:06 +02:00
Scott Dutton
e9ab13781d
Fix spacing 2021-06-09 20:51:51 +01:00
Scott Dutton
9f069a42ac
Improve logging 
Currently its almost impossible to know which host actually handled the request, this extra variable logs the upstream server too
 2021-06-09 20:51:08 +01:00
Gilles Filippini
97a5dec57a Honor VIRTUAL_PORT + DEBUG flag + fallback entry 
The VIRTUAL_PORT environment variable should always be honored.
Even when the related port is not exposed.
Fix for nging-proxy/nginx-proxy#1132.

This commit also add the DEBUG environment variable which enables more
verbose comments in the nginx comfiguration file to help troubleshooting
unreachable containers.

Finaly it fixes nging-proxy/nginx-proxy#1105 as well by defining only one
fallback entry per upstream block.
 2021-05-28 00:04:43 +02:00
Laurynas Alekna
fb7a11212f Make server_tokens configurable per virtual-host 2021-05-13 21:52:06 +01:00
Nicolas Duchon
e3e8d24930
Merge pull request #1185 from kressh/master 
Set proper X-Forwarded-Ssl for SSL-terminated setups
 2021-05-05 16:32:47 +02:00
Chris Heald
85327a871e
Suffix upstream names to prevent confusion with FQDNs 2021-04-29 02:21:19 +02:00
Nicolas Duchon
bf2d7295d3
Merge pull request #1409 from nginx-proxy/no-https-redirect-acme 
Bring ACME no redirection inline with companion
 2021-03-17 20:31:37 +01:00
Jason Wilder
b0c6c9f67e
Merge pull request #1386 from juliushaertl/enh/hsts-https-method-fallback 
Add fallback to the proxy containers env for HTTPS_METHOD and HSTS
 2020-06-29 11:38:05 -06:00
Jason Wilder
8219788df6
Merge branch 'master' into master 2020-03-25 14:26:30 -06:00
Nicolas Duchon
944163d70d
Bring ACME no redirection inline with companion 
Add the following to the Let's Encrypt ACME challenge "no redirection to HTTPS"
https://github.com/nginx-proxy/docker-letsencrypt-nginx-proxy-companion/pull/570
https://github.com/nginx-proxy/docker-letsencrypt-nginx-proxy-companion/pull/335
 2020-03-20 22:28:15 +01:00
Jason Wilder
b4709639b3
Merge pull request #1353 from nanawel/feature/custom-external-ports-support 
Add support for custom external HTTP/HTTPS ports
 2020-03-03 00:24:21 -05:00
Jason Wilder
4a2dc46002
Merge pull request #1198 from umevoshi/master 
Add gRPC protocol support (#1345)
 2020-02-11 11:45:53 -07:00
Julius Härtl
f8b4553eee
Add fallback to the proxy containers env for HTTPS_METHOD and HSTS 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2020-01-30 08:24:38 +01:00
nanawel
a3e64a9433 Add support for custom external HTTP/HTTPS ports (see https://groups.google.com/forum/#!topic/nginx-proxy/0I2jevmgTLI) 2019-11-03 14:48:16 +01:00
Maurits van Mastrigt
11d644d645
Do not HTTPS redirect Let'sEncrypt ACME challenge 
The auto renewal of Let'sEncrypt certificates fails due to the HTTPS redirect of the ACME challenge.

This workaround resolves the issue:
https://gist.github.com/codekitchen/2c519eb7572002afab6a5f979cd42913#file-letsencrypt-diff

Found through this comment:
https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion/issues/526#issuecomment-476253642
 2019-10-01 16:00:41 +02:00
Jason Wilder
4443ee8b5a
Merge pull request #1116 from qiqizjl/master 
fix fastcgi bug
 2019-09-26 13:21:12 -06:00
came88
eba7d8af77
Fix comment about Mozilla Modern Policy and TLS1.3 
Thanks to @deAtog for pointing it out
 2019-09-09 12:45:20 +02:00
Lorenzo Cameroni
26e764950f Update ssl configuration 2019-08-29 22:14:14 +02:00
umevoshi
62d51562b5 Add gRPC protocol support 2018-11-15 01:02:57 +09:00
Sergey Besedin
330d2cdc0e Set proper X-Forwarded-Ssl for SSL-terminated setups 2018-10-24 19:10:24 +03:00
Steve Kamerman
936e57a6de
Fixed #1080, can't disable HSTS with noredirect 2018-08-01 11:30:06 -04:00
Steve Kamerman
4e6900e872
Added TLSv1.3 support 2018-04-22 18:29:35 -04:00
耐小心
59aa78a4a6 fix fastcgi bug 2018-04-17 21:52:58 +08:00
Jason Wilder
ccbbbeb928
Merge pull request #1073 from b1f6c1c4/b1f6c1c4-patch-1 
Add HSTS header regardless of status code
 2018-03-30 17:34:02 -04:00
耐小心
1c7ccc473f fix fastcgi bug 2018-03-30 09:47:57 +08:00
Mario Carbajal
f68383add9
Set DISABLE_ACCESS_LOGS to disable access logs 2018-03-27 21:18:45 -03:00
Jason Wilder
6290f38069
Merge pull request #1106 from hwellmann/master 
do not create an empty upstream entry for invisible containers
 2018-03-23 12:14:37 -06:00
Jason Wilder
1dce981707
Merge pull request #984 from sydoveton/master 
OCSP Stapling was not working
 2018-03-23 08:57:27 -06:00
Harald Wellmann
b61c841929 do not create an empty upstream entry for a container from an invisible Docker network 2018-03-22 10:56:41 +01:00
Sergei Filippov
37714fa4f8
Grammar Police 
Tiny grammatical fix.
 2018-03-09 10:48:14 +13:00
b1f6c1c4
7a769a6a22
Add HSTS header regardless of status code 
See nginx [doc](http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header) and [blog](https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/).
 2018-02-20 17:59:52 +08:00
Jason Wilder
226bfe158f
Merge pull request #926 from Paike/patch-1 
Fallback if container has no IP
 2018-01-20 23:04:40 -07:00
mouhamed
1eac894902
Remove duplicate 2018-01-09 21:12:37 +01:00
Sy Doveton
6e9dc343cd
Changed the SSL stapling cert extension to pem from crt. SSL stapling was not working due to the incorrect file extension. 2017-11-19 11:35:30 +00:00
Nicolas Duchon
bf16afc665 Use enumerable SSL_POLICY instead of bool 2017-11-18 09:18:55 +01:00
Nicolas Duchon
ea80027525
Merge branch 'master' into ssl-modern 2017-11-16 22:47:25 +01:00
Steve Kamerman
a312472fb5
Added custom HSTS support (issue #953) 2017-11-08 22:30:24 -05:00
Nicolas Duchon
ea98780960 Enable optional mozilla modern profile 2017-10-27 10:28:42 +02:00
Nicolas Duchon
2528a35656 Don't presume the existence of default dhparam 
The default dhparam at /etc/nginx/dhparam/dhparam.pem won't be auto generated with the separate containers setup.
 2017-10-25 12:32:09 +02:00
Jason Wilder
3ef600a3b5 Merge pull request #842 from kamermans/feature/external_internal_network 
Allow containers to be restricted to internal network
 2017-10-20 10:04:08 -06:00
Jason Wilder
fc36514eb8 Merge pull request #863 from qiqizjl/master 
support fastcgi
 2017-10-20 10:00:27 -06:00
Steve Kamerman
93d90884e2
Implemented NETWORK_ACCESS (squash commit) 2017-10-18 13:29:12 -04:00
Patrick
3156b97f3a Fallback if container has no IP 
Sometimes containers will not be assigned an IP (after reboot or due to misconfiguration). This leads to an incorrect "server <missing ip> down;" line in default.conf and crashes nginx. 
@therealgambo  provided a fix for this: https://github.com/jwilder/nginx-proxy/issues/845
 2017-09-13 12:37:06 +02:00
Jason Wilder
f05f7a0ff9 Merge pull request #574 from teohhanhui/ocsp-stapling-chain 
Enable OCSP stapling if certificate trust chain is provided
 2017-08-16 11:53:17 -06:00
Remi Pichon
fff84de367 Do not bind upstream with 'ingress' network 
Merging https://github.com/jwilder/nginx-proxy/pull/774 and a8ee64b059
 2017-08-10 12:30:00 +02:00
Teoh Han Hui
065dd7f1ea
Fix build 2017-07-31 17:46:58 +08:00
Steve Kamerman
0cc71fad49
Add dynamically-computed DNS resolvers to nginx (for PR #574) 2017-07-31 17:44:27 +08:00
耐小心
2eb2ae9c93 support fastcgi 2017-06-24 14:48:05 +08:00
耐小心
29fffd6de8 Revert "support fastcgi" 
This reverts commit 8ac755e1d661ba382da9cb6864e7eac1026080bf.
 2017-06-24 14:05:42 +08:00
NaiXiaoXin
8ac755e1d6 support fastcgi 2017-06-24 13:51:02 +08:00
Jason Wilder
02121df3b9 Merge pull request #589 from kamermans/feature_ssl_improvement 
SSL security enhancement
 2017-06-22 11:54:51 -06:00
Jason Wilder
57a33aaf8b Merge pull request #849 from Neilpang/Branch_0.6.0 
running proxy on host network
 2017-06-22 09:50:39 -06:00
Jason Wilder
c41186a3a4 Merge branch 'master' into feature_ssl_improvement 2017-06-14 16:31:12 -06:00
neilpang
a8ee64b059 running proxy on host network 2017-06-10 15:07:45 +08:00
Jason Wilder
4e4733f68e Trim $host and $proto before they are used 2017-06-09 12:55:39 -06:00
Steve Kamerman
ad9af2884d Merged master, fixed BATS conflict 2017-03-06 10:48:12 -05:00
Jason Wilder
985c46d8b5 Merge pull request #679 from thomasleveil/issue-677 
regexp: use sha1 for upstream only if regexp is used
 2017-02-16 12:11:06 -07:00
Thomas LEVEIL
f0951df040 optional IPv6 support 
Fix #127 and fix #717 by improving #713
 2017-02-15 11:50:16 +01:00
Marc Schreiber
8b67b2182f Add IPv6 listen address 2017-02-11 13:28:34 +01:00
Steve Kamerman
d320b43476 Merged conflict in BATS SSL test 2017-01-26 13:46:11 -05:00
Thomas LEVEIL
3f6381d0fa regexp: use sha1 for upstream only if regexp is used 
avoid confusions such as in #677
 2017-01-14 11:40:33 +01:00
Steve Kamerman
276b4dbe3e Merge branch 'master' into feature_nohttps 2017-01-13 13:07:03 -05:00
Steve Kamerman
dfdd67f5a4 Implemented background dhparam generation 2017-01-11 22:43:09 -05:00
Steve Kamerman
f186815c2d Merged upstream 2017-01-11 22:42:35 -05:00
Jason Wilder
3d20c626c8 Merge pull request #359 from sw-double/master 
Set appropriate X-Forwarded-Ssl header
 2017-01-10 09:21:19 -07:00
Konstantin L
16c9853dc2 Set appropriate X-Forwarded-Ssl header. 2017-01-10 15:44:02 +01:00
Thomas LÉVEIL
019fa89c53 add comment to ease debugging 2017-01-10 10:10:46 +01:00
Thomas LEVEIL
1bfc1c85ce fix regexp in VIRTUAL_HOST using end-of-string matching () 2017-01-08 01:49:05 +01:00
Steve Kamerman
fc7653bf3d Merge branch 'master' into feature_nohttps 2016-12-05 09:06:39 -05:00
Steve Kamerman
b0de80d46b Moved config edits from Dockerfile to template 2016-10-03 10:21:31 -04:00
Steve Kamerman
374b1256cd Add HTTPS_METHOD=https to disable SSL site 2016-10-01 11:22:48 -04:00
Steve Kamerman
d3a0da451a TLSv1 End-of-life pushed to June 30, 2018, rolled back for compatibility 2016-09-29 21:35:37 -04:00
Steve Kamerman
c51c9980cf Removed TLS 1.0 as it is considered unsafe and must be disabled for PCI compliance 2016-09-29 19:52:20 -04:00
Steve Kamerman
6f2b3f1c54 Issue #586 Removed DES-based SSL ciphers 2016-09-29 17:10:17 -04:00
Steve Kamerman
9ef0bb3356 Comment typo 2016-09-29 16:06:53 -04:00
Steve Kamerman
124b8cd757 Honor upstream forwarded port if available 2016-09-29 11:33:21 -04:00
Steve Kamerman
6ebbdb10c7 Merge branch 'master' into feature_x_forwarded_port 2016-09-29 11:26:51 -04:00
Chulki Lee
4661bf4dd9 add ssl_session_tickets to default site 
Fixes #580
 2016-09-23 21:58:09 -07:00
pvlg
fe9a538ec8 Replace "replace" to "trimSuffix" 
I have a domain key-mydomain.com. When I add domain www.key-mydomain.com with ssl cert I did not get the desired result. Function replace cut name ssl cert "www.key-mydomain.com.key" to "www-mydomain.com".
 2016-09-17 16:53:01 +03:00
mplx
37323320c8 do not enable HSTS for subdomains 2016-09-12 09:46:59 +02:00
Jason Wilder
ec7169c112 Merge pull request #323 from pabra/master 
connect to uWSGI backends
 2016-09-09 14:16:08 -06:00
Ruben
87879c1ee2 Update ciphers and HTST settings to get A+ rating 
The default config gets you an 'A' rating. Cipher settings are copied from [Mozilla SSL Configartion Generator](https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.10.1&openssl=1.0.1t&hsts=yes&profile=intermediate)
 2016-09-01 11:34:56 +02:00
Steve Kamerman
2e29168d92 Added X-Forwarded-Port 2016-07-21 11:23:35 -04:00
Steve Kamerman
fd127517b9 Added comments about httpoxy 2016-07-19 11:03:41 -04:00
Steve Kamerman
357d58ad97 Mitigate httpoxy attack (httpoxy.org, CVE-2016-(5385-5388,1000109-1000110) 2016-07-18 13:34:37 -04:00
Jason Wilder
580517725f Revert 9c93efa 2016-06-13 00:10:49 -06:00
Jason Wilder
d1e6e1c0be Merge pull request #344 from schmunk42/feature/error-code 
changed error code for non-usable/default SSL cert, fixes #341
 2016-06-12 15:54:40 -06:00
Jason Wilder
fc619d63ad Merge pull request #460 from kumy/patch-1 
Fix a typo in comment
 2016-06-12 15:28:40 -06:00
Jason Wilder
c36b42933d Merge pull request #462 from kamermans/master 
Disable HSTS when HTTPS_METHOD=noredirect
 2016-06-12 15:28:08 -06:00
Jason Wilder
9c93efaef9 Fix template error when /etc/nginx/certs does not exist 2016-06-12 14:10:40 -06:00
Steve Kamerman
da3e257843 Removed HSTS when HTTPS_METHOD=noredirect, added tests, improved docs wrt HSTS 2016-05-19 23:20:43 -04:00
kumy
8c76ea9f9b Fix a typo in comment 2016-05-17 01:46:46 +02:00
Jason Wilder
5b9264d945 Merge pull request #298 from kamermans/master 
Added env var to disable SSL redirect
 2016-05-01 17:45:45 -06:00
Baptiste Donaux
ebab7cf2b9 [TEMPLATE] fix variable call 2016-02-23 13:59:30 +01:00
Baptiste Donaux
658e20f661 Support container in one network shared with current container 2016-02-05 09:16:43 +01:00
Tobias Munk
b4e5f780e3 changed error code for non-usable/default SSL cert, fixes #341 2016-01-21 12:31:03 +01:00
Baptiste Donaux
a66115f560 Use new Network interface to support new overlay network 2016-01-17 12:29:55 +01:00
pabra
51c219d651 connect to uWSGI backends 2015-12-22 21:20:44 +01:00
Steve Kamerman
97c6340a9f Implemented HTTPS noredir 2015-11-20 17:37:06 -05:00
Steve Kamerman
9dd6ad8503 First try at HTTPS_METHOD 2015-11-20 16:53:50 -05:00
Marius Gundersen
1e0b930174 trim whitespace from host and port 
based on latest docker-gen
 2015-10-13 21:48:59 +02:00
Jonas Svatos
5c2280df84 fix condition for default config location 
Signed-off-by: Jonas Svatos <jonas.svatos@etnetera.cz>
 2015-10-08 12:03:28 +02:00
Mike Dillon
6b5e12a946 Add missing access_log statement to HTTPS fallback 2015-10-06 21:18:00 -07:00
Aleš Roubíček
e06d5917a2 Use HTTP/2 instead of SPDY 2015-09-23 17:48:40 +02:00
Aleš Roubíček
249fb204f1 Use HTTP/2 instead of SPDY 2015-09-23 17:47:18 +02:00
Jason Wilder
8c193ba7e1 Merge pull request #215 from gradecam/feature/customize_improvements 
customizability improvements
 2015-09-12 15:23:53 -06:00
Jason Wilder
bddb647b5f Merge pull request #230 from appropriate/remove_duplicate_access_log_entries 
Remove duplicate access log entries
 2015-09-12 15:12:31 -06:00
Mike Dillon
900a676af8 Move access_log from the http level to server 
This prevents duplicate access_log entries from being written for each request
 2015-09-03 08:33:33 -07:00
CoreOS Admin
ae0da36d75 Fix bugs in config file from refactor 2015-08-29 18:38:43 -06:00
Ray Walker
d066bd32e0 Fix for #188 - add SSL server block outside hosts loop 2015-08-26 18:35:47 +10:00
Ray Walker
d3f56468b1 Fix for #188 - remove hostname from default SSL block 2015-08-26 12:49:59 +10:00
Mike Dillon
924fcd7984 Remove error_log setting from nginx.tmpl 
It's already set correctly in nginx.conf
 2015-08-23 09:00:23 -07:00
Richard Bateman
405f4876b9 As per pull request feedback, update names to be consistent 2015-08-14 12:26:19 -06:00
Richard Bateman
d9ee7ed704 Add support for adding options to the location block of a vhost 2015-08-14 12:26:19 -06:00
Richard Bateman
b131b00e19 Add support for vhosts.d/defaults file with default vhost options 
- Only used if it exists and a vhost-specific one doesn't
 2015-08-14 12:26:19 -06:00
Richard Bateman
2eff96969a Add support for overriding default proxy settings 
- If /etc/nginx/proxy.conf exists use that, otherwise use the default
 2015-08-14 12:26:07 -06:00
Wolfgang Ebner
6965b1ead4 fallback when DEFAULT_HOST is not set 2015-07-26 11:38:45 +02:00
Wolfgang Ebner
b0647dd5e9 set default_server also for https 2015-07-24 10:39:56 +02:00