Merge ad976f91ae into 94fb8459cd

refactor: add 'ports' dict to the data structure

README.md

@@ -18,7 +18,7 @@ docker run --detach \
     --name nginx-proxy \
     --publish 80:80 \
     --volume /var/run/docker.sock:/tmp/docker.sock:ro \
-    nginxproxy/nginx-proxy:1.4
+    nginxproxy/nginx-proxy:1.5
 ```
 
 Then start any containers (here an nginx container) you want proxied with an env var `VIRTUAL_HOST=subdomain.yourdomain.com`
@@ -48,7 +48,7 @@ The nginx-proxy images are available in two flavors.
 This image is based on the nginx:mainline image, itself based on the debian slim image.
 
 ```console
-docker pull nginxproxy/nginx-proxy:1.4
+docker pull nginxproxy/nginx-proxy:1.5
 ```
 
 #### Alpine based version (`-alpine` suffix)
@@ -56,14 +56,14 @@ docker pull nginxproxy/nginx-proxy:1.4
 This image is based on the nginx:alpine image.
 
 ```console
-docker pull nginxproxy/nginx-proxy:1.4-alpine
+docker pull nginxproxy/nginx-proxy:1.5-alpine
 ```
 
 #### :warning: a note on `latest` and `alpine`:
 
 It is not recommended to use the `latest` (`nginxproxy/nginx-proxy`, `nginxproxy/nginx-proxy:latest`) or `alpine` (`nginxproxy/nginx-proxy:alpine`) tag for production setups.
 
-Those tags points to the latest commit in the `main` branch. They do not carry any promise of stability, and using them will probably put your nginx-proxy setup at risk of experiencing uncontrolled updates to non backward compatible versions (or versions with breaking changes). You should always specify the version you want to use explicitly to ensure your setup doesn't break when the image is updated.
+[Those tags point](https://hub.docker.com/r/nginxproxy/nginx-proxy/tags) to the latest commit in the `main` branch. They do not carry any promise of stability, and using them will probably put your nginx-proxy setup at risk of experiencing uncontrolled updates to non backward compatible versions (or versions with breaking changes). You should always specify the version you want to use explicitly to ensure your setup doesn't break when the image is updated.
 
 ### Additional documentation
 

docs/README.md

@@ -666,6 +666,8 @@ If you are using multiple hostnames for a single container (e.g. `VIRTUAL_HOST=e
 { echo 'server_tokens off;'; echo 'client_max_body_size 100m;'; } > /path/to/vhost.d/www.example.com
 ln -s /path/to/vhost.d/www.example.com /path/to/vhost.d/example.com
 ```
+#### Per-VIRTUAL_HOST http location
+To add settings on a per-`VIRTUAL_HOST` basis but for the http part, add your configuration file under `/etc/nginx/vhost.d` just like the previous section except with the suffix `_http`. This allow you to add configuration before the https redirection like the acme challenge. This is mostly usefull for all others 'not supporting https redirect' `.well-known` URIs.
 
 #### Per-VIRTUAL_HOST default configuration
 

nginx.tmpl

@@ -128,7 +128,7 @@
     #     exposed ports:{{ range sortObjectsByKeysAsc $.container.Addresses "Port" }} {{ .Port }}/{{ .Proto }}{{ else }} (none){{ end }}
     {{- $default_port := when (eq (len $.container.Addresses) 1) (first $.container.Addresses).Port "80" }}
     #     default port: {{ $default_port }}
-    {{- $port := or $.container.Env.VIRTUAL_PORT $default_port }}
+    {{- $port := when (eq $.port "legacy") (or $.container.Env.VIRTUAL_PORT $default_port) $.port }}
     #     using port: {{ $port }}
     {{- $addr_obj := where $.container.Addresses "Port" $port | first }}
     {{- if and $addr_obj $addr_obj.HostPort }}
@@ -242,6 +242,7 @@
 {{- end }}
 
 {{- define "location" }}
+    {{- $vpath := .VPath }}
     {{- $override := printf "/etc/nginx/vhost.d/%s_%s_location_override" .Host (sha1 .Path) }}
     {{- if and (eq .Path "/") (not (exists $override)) }}
         {{- $override = printf "/etc/nginx/vhost.d/%s_location_override" .Host }}
@@ -249,29 +250,32 @@
     {{- if exists $override }}
     include {{ $override }};
     {{- else }}
-        {{- $keepalive := coalesce (first (keys (groupByLabel .Containers "com.github.nginx-proxy.nginx-proxy.keepalive"))) "disabled" }}
+        {{- $keepalive := $vpath.keepalive }}
     location {{ .Path }} {
-        {{- if eq .NetworkTag "internal" }}
+        {{- if eq $vpath.network_tag "internal" }}
         # Only allow traffic from internal clients
         include /etc/nginx/network_internal.conf;
         {{- end }}
 
-        {{- if eq .Proto "uwsgi" }}
+        {{ $proto := $vpath.proto }}
+        {{ $upstream := $vpath.upstream }}
+        {{ $dest := $vpath.dest }}
+        {{- if eq $proto "uwsgi" }}
         include uwsgi_params;
-        uwsgi_pass {{ trim .Proto }}://{{ trim .Upstream }};
-        {{- else if eq .Proto "fastcgi" }}
+        uwsgi_pass {{ trim $proto }}://{{ trim $upstream }};
+        {{- else if eq $proto "fastcgi" }}
         root {{ trim .VhostRoot }};
         include fastcgi_params;
-        fastcgi_pass {{ trim .Upstream }};
+        fastcgi_pass {{ trim $upstream }};
             {{- if ne $keepalive "disabled" }}
         fastcgi_keep_conn on;
             {{- end }}
-        {{- else if eq .Proto "grpc" }}
-        grpc_pass {{ trim .Proto }}://{{ trim .Upstream }};
-        {{- else if eq .Proto "grpcs" }}
-        grpc_pass {{ trim .Proto }}://{{ trim .Upstream }};
+        {{- else if eq $proto "grpc" }}
+        grpc_pass {{ trim $proto }}://{{ trim $upstream }};
+        {{- else if eq $proto "grpcs" }}
+        grpc_pass {{ trim $proto }}://{{ trim $upstream }};
         {{- else }}
-        proxy_pass {{ trim .Proto }}://{{ trim .Upstream }}{{ trim .Dest }};
+        proxy_pass {{ trim $proto }}://{{ trim $upstream }}{{ trim $dest }};
         set $upstream_keepalive {{ if ne $keepalive "disabled" }}true{{ else }}false{{ end }};
         {{- end }}
 
@@ -295,24 +299,27 @@
 {{- end }}
 
 {{- define "upstream" }}
-upstream {{ .Upstream }} {
+    {{- $path := .Path }}
+    {{- $vpath := .VPath }}
+upstream {{ $vpath.upstream }} {
     {{- $servers := 0 }}
-    {{- $loadbalance := first (keys (groupByLabel .Containers "com.github.nginx-proxy.nginx-proxy.loadbalance")) }}
+    {{- $loadbalance := $vpath.loadbalance }}
     {{- if $loadbalance }}
     # From the container's loadbalance label:
     {{ $loadbalance }}
     {{- end }}
-    {{- range $container := .Containers }}
+    {{- range $port, $containers := $vpath.ports }}
+        {{- range $container := $containers }}
     # Container: {{ $container.Name }}
-        {{- $args := dict "globals" $.globals "container" $container }}
-        {{- template "container_ip" $args }}
-        {{- $ip := $args.ip }}
-        {{- $args := dict "container" $container }}
-        {{- template "container_port" $args }}
-        {{- $port := $args.port }}
-        {{- if $ip }}
-            {{- $servers = add1 $servers }}
-    server {{ $ip }}:{{ $port }};
+            {{- $args := dict "globals" $.globals "container" $container }}
+            {{- template "container_ip" $args }}
+            {{- $ip := $args.ip }}
+            {{- $args = dict "container" $container "path" $path "port" $port }}
+            {{- template "container_port" $args }}
+            {{- if $ip }}
+                {{- $servers = add1 $servers }}
+    server {{ $ip }}:{{ $args.port }};
+            {{- end }}
         {{- end }}
     {{- end }}
     {{- /* nginx-proxy/nginx-proxy#1105 */}}
@@ -320,7 +327,7 @@ upstream {{ .Upstream }} {
     # Fallback entry
     server 127.0.0.1 down;
     {{- end }}
-    {{- $keepalive := coalesce (first (keys (groupByLabel .Containers "com.github.nginx-proxy.nginx-proxy.keepalive"))) "disabled" }}
+    {{- $keepalive := $vpath.keepalive }}
     {{- if and (ne $keepalive "disabled") (gt $servers 0) }}
         {{- if eq $keepalive "auto" }}
     keepalive {{ mul $servers 2 }};
@@ -331,6 +338,49 @@ upstream {{ .Upstream }} {
 }
 {{- end }}
 
+{{- /*
+     * Template used as a function to collect virtual path properties from
+     * the given containers.  These properties are "returned" by storing their
+     * values into the provided dot dict.
+     *
+     * The provided dot dict is expected to have the following entries:
+     *   - "Containers": List of container's RuntimeContainer struct.
+     *   - "Upstream_name"
+     *   - "Has_virtual_paths": boolean
+     *   - "Path"
+     *
+     * The return values will be added to the dot dict with keys:
+     * - "dest"
+     * - "proto"
+     * - "network_tag"
+     * - "upstream"
+     * - "loadbalance"
+     * - "keepalive"
+     */}}
+{{- define "get_path_info" }}
+    {{- /* Get the VIRTUAL_PROTO defined by containers w/ the same vhost-vpath, falling back to "http". */}}
+    {{- $proto := trim (or (first (groupByKeys $.Containers "Env.VIRTUAL_PROTO")) "http") }}
+    {{- /* Get the NETWORK_ACCESS defined by containers w/ the same vhost, falling back to "external". */}}
+    {{- $network_tag := or (first (groupByKeys $.Containers "Env.NETWORK_ACCESS")) "external" }}
+
+    {{- $loadbalance := first (keys (groupByLabel $.Containers "com.github.nginx-proxy.nginx-proxy.loadbalance")) }}
+    {{- $keepalive := coalesce (first (keys (groupByLabel $.Containers "com.github.nginx-proxy.nginx-proxy.keepalive"))) "disabled" }}
+
+    {{- $upstream := $.Upstream_name }}
+    {{- $dest := "" }}
+    {{- if $.Has_virtual_paths }}
+        {{- $sum := sha1 $.Path }}
+        {{- $upstream = printf "%s-%s" $upstream $sum }}
+        {{- $dest = or (first (groupByKeys $.Containers "Env.VIRTUAL_DEST")) "" }}
+    {{- end }}
+    {{- $_ := set $ "proto" $proto }}
+    {{- $_ := set $ "network_tag" $network_tag }}
+    {{- $_ := set $ "upstream" $upstream }}
+    {{- $_ := set $ "dest" $dest }}
+    {{- $_ := set $ "loadbalance" $loadbalance }}
+    {{- $_ := set $ "keepalive" $keepalive }}
+{{- end }}
+
 # If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
 # scheme used to connect to this server
 map $http_x_forwarded_proto $proxy_x_forwarded_proto {
@@ -492,27 +542,19 @@ proxy_set_header Proxy "";
         {{- $tmp_paths = dict "/" $containers }}
     {{- end }}
 
-    {{ $paths := dict }}
+    {{- $paths := dict }}
 
     {{- range $path, $containers := $tmp_paths }}
-        {{- /* Get the VIRTUAL_PROTO defined by containers w/ the same vhost-vpath, falling back to "http". */}}
-        {{- $proto := trim (or (first (groupByKeys $containers "Env.VIRTUAL_PROTO")) "http") }}
-        {{- /* Get the NETWORK_ACCESS defined by containers w/ the same vhost, falling back to "external". */}}
-        {{- $network_tag := or (first (groupByKeys $containers "Env.NETWORK_ACCESS")) "external" }}
-
-        {{- $upstream := $upstream_name }}
-        {{- $dest := "" }}
-        {{- if $has_virtual_paths }}
-            {{- $sum := sha1 $path }}
-            {{- $upstream = printf "%s-%s" $upstream $sum }}
-            {{- $dest = (or (first (groupByKeys $containers "Env.VIRTUAL_DEST")) "") }}
-        {{- end }}
+        {{- $args := dict "Containers" $containers "Path" $path "Upstream_name" $upstream_name "Has_virtual_paths" $has_virtual_paths }}
+        {{- template "get_path_info" $args }}
         {{- $_ := set $paths $path (dict
-            "containers" $containers
-            "dest" $dest
-            "proto" $proto
-            "network_tag" $network_tag
-            "upstream" $upstream
+            "ports" (dict "legacy" $containers)
+            "dest" $args.dest
+            "proto" $args.proto
+            "network_tag" $args.network_tag
+            "upstream" $args.upstream
+            "loadbalance" $args.loadbalance
+            "keepalive" $args.keepalive
         ) }}
     {{- end }}
 
@@ -623,7 +665,7 @@ server {
 
     {{- range $path, $vpath := $vhost.paths }}
 # {{ $hostname }}{{ $path }}
-        {{ template "upstream" (dict "globals" $globals "Upstream" $vpath.upstream "Containers" $vpath.containers) }}
+        {{ template "upstream" (dict "globals" $globals "Path" $path "VPath" $vpath) }}
     {{- end }}
 
     {{- if and $vhost.cert_ok (eq $vhost.https_method "redirect") }}
@@ -637,6 +679,9 @@ server {
         {{- if $globals.enable_ipv6 }}
     listen [::]:{{ $globals.external_http_port }} {{ $default_server }};
         {{- end }}
+        {{- if (exists (printf "/etc/nginx/vhost.d/%s_http" $host)) }}
+    include {{ printf "/etc/nginx/vhost.d/%s_http" $host }};
+        {{- end }}
 
     # Do not HTTPS redirect Let's Encrypt ACME challenge
     location ^~ /.well-known/acme-challenge/ {
@@ -754,13 +799,9 @@ server {
     {{- range $path, $vpath := $vhost.paths }}
         {{- template "location" (dict
             "Path" $path
-            "Proto" $vpath.proto
-            "Upstream" $vpath.upstream
             "Host" $hostname
             "VhostRoot" $vhost.vhost_root
-            "Dest" $vpath.dest
-            "NetworkTag" $vpath.network_tag
-            "Containers" $vpath.containers
+            "VPath" $vpath
         ) }}
     {{- end }}
 

test/requirements/python-requirements.txt

@@ -1,4 +1,4 @@
 backoff==2.2.1
 docker==7.0.0
-pytest==8.1.0
+pytest==8.1.1
 requests==2.31.0