mirror of
https://github.com/nginx-proxy/nginx-proxy
synced 2024-05-09 09:06:16 +02:00
dfd4f54c61
Before, if a site's certificate was not found, the site was served over http rather than https. Failing open like this is problematic for sites where security is important. Presumably the user set `HTTPS_METHOD` to a non-`noredirect` value (or left it unset) for a good reason; we should honor it even if it means serving error messages. WARNING: This change breaks compatibility. Any vhost where all of the following are true will fail after this change: * `HTTPS_METHOD` is either unset or set to a value other than `nohttps`. * The vhost does not have its own certificate (`default.crt` doesn't count). * Clients expect to be able to access the vhost by using plain http to nginx-proxy. To get the previous behavior, set `HTTPS_METHOD` to `nohttps` for the vhost.
50 lines
1.0 KiB
YAML
50 lines
1.0 KiB
YAML
|
|
foo:
|
|
image: web
|
|
expose:
|
|
- "42"
|
|
environment:
|
|
WEB_PORTS: "42"
|
|
VIRTUAL_HOST: "foo.nginx-proxy.test"
|
|
|
|
web1:
|
|
image: web
|
|
expose:
|
|
- "81"
|
|
environment:
|
|
WEB_PORTS: "81"
|
|
VIRTUAL_HOST: "nginx-proxy.test"
|
|
VIRTUAL_PATH: "/web1/"
|
|
VIRTUAL_DEST: "/"
|
|
|
|
web2:
|
|
image: web
|
|
expose:
|
|
- "82"
|
|
environment:
|
|
WEB_PORTS: "82"
|
|
VIRTUAL_HOST: "nginx-proxy.test"
|
|
VIRTUAL_PATH: "/web2/"
|
|
VIRTUAL_DEST: "/"
|
|
|
|
web3:
|
|
image: web
|
|
expose:
|
|
- "83"
|
|
environment:
|
|
WEB_PORTS: "83"
|
|
VIRTUAL_HOST: "nginx-proxy.test"
|
|
VIRTUAL_PATH: "~ ^/(web3|alt)/"
|
|
|
|
sut:
|
|
image: nginxproxy/nginx-proxy:test
|
|
environment:
|
|
DEFAULT_ROOT: 418
|
|
HTTPS_METHOD: nohttps
|
|
volumes:
|
|
- /var/run/docker.sock:/tmp/docker.sock:ro
|
|
- ./foo.conf:/etc/nginx/vhost.d/foo.nginx-proxy.test:ro
|
|
- ./bar.conf:/etc/nginx/vhost.d/nginx-proxy.test_918d687a929083edd0c7224ee2293e0e7c062ab4_location:ro
|
|
- ./alternate.conf:/etc/nginx/vhost.d/nginx-proxy.test_7fb22b74bbdf907425dbbad18e4462565cada230_location:ro
|
|
|