From 2eff96969ab47c2828fc9bb9dbbb359a75df9249 Mon Sep 17 00:00:00 2001 From: Richard Bateman Date: Fri, 14 Aug 2015 11:29:44 -0600 Subject: [PATCH 1/8] Add support for overriding default proxy settings - If /etc/nginx/proxy.conf exists use that, otherwise use the default --- README.md | 17 +++++++++++++++++ nginx.tmpl | 4 ++++ 2 files changed, 21 insertions(+) diff --git a/README.md b/README.md index d55cd39..f34f2f1 100644 --- a/README.md +++ b/README.md @@ -143,6 +143,23 @@ You'll need apache2-utils on the machine where you plan to create the htpasswd f If you need to configure Nginx beyond what is possible using environment variables, you can provide custom configuration files on either a proxy-wide or per-`VIRTUAL_HOST` basis. +#### Overriding default proxy settings + +If you want to override the default proxy settings for the nginx container, add a configuration file at `/etc/nginx/proxy.conf`. A file with the default settings would +look like this: + +```Nginx +# HTTP 1.1 support +proxy_http_version 1.1; +proxy_buffering off; +proxy_set_header Host $http_host; +proxy_set_header Upgrade $http_upgrade; +proxy_set_header Connection $proxy_connection; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; +``` + #### Proxy-wide To add settings on a proxy-wide basis, add your configuration file under `/etc/nginx/conf.d` using a name ending in `.conf`. diff --git a/nginx.tmpl b/nginx.tmpl index b4140f9..fba5e74 100644 --- a/nginx.tmpl +++ b/nginx.tmpl @@ -38,6 +38,9 @@ log_format vhost '$host $remote_addr - $remote_user [$time_local] ' access_log /proc/self/fd/1 vhost; error_log /proc/self/fd/2; +{{ if (exists "/etc/nginx/proxy.conf") }} +include /etc/nginx/proxy.conf; +{{ else }} # HTTP 1.1 support proxy_http_version 1.1; proxy_buffering off; @@ -47,6 +50,7 @@ proxy_set_header Connection $proxy_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; +{{ end }} server { server_name _; # This is just an invalid value which will never trigger on a real hostname. From d07a7d74874ade3c018c34284ee90e96367b1099 Mon Sep 17 00:00:00 2001 From: Richard Bateman Date: Fri, 14 Aug 2015 11:31:58 -0600 Subject: [PATCH 2/8] Fix example command in docs --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f34f2f1..891d8fc 100644 --- a/README.md +++ b/README.md @@ -192,4 +192,4 @@ For example, if you have a virtual host named `app.example.com`, you could provi If you are using multiple hostnames for a single container (e.g. `VIRTUAL_HOST=example.com,www.example.com`), the virtual host configuration file must exist for each hostname. If you would like to use the same configuration for multiple virtual host names, you can use a symlink: $ { echo 'server_tokens off;'; echo 'client_max_body_size 100m;'; } > /path/to/vhost.d/www.example.com - $ ln -s www.example.com /path/to/vhost.d/example.com + $ ln -s /path/to/vhost.d/www.example.com /path/to/vhost.d/example.com From b131b00e1984adb54f6905f92ba38ca83d181e1f Mon Sep 17 00:00:00 2001 From: Richard Bateman Date: Fri, 14 Aug 2015 11:34:56 -0600 Subject: [PATCH 3/8] Add support for vhosts.d/defaults file with default vhost options - Only used if it exists and a vhost-specific one doesn't --- README.md | 5 +++++ nginx.tmpl | 4 ++++ 2 files changed, 9 insertions(+) diff --git a/README.md b/README.md index 891d8fc..6c36a9f 100644 --- a/README.md +++ b/README.md @@ -193,3 +193,8 @@ If you are using multiple hostnames for a single container (e.g. `VIRTUAL_HOST=e $ { echo 'server_tokens off;'; echo 'client_max_body_size 100m;'; } > /path/to/vhost.d/www.example.com $ ln -s /path/to/vhost.d/www.example.com /path/to/vhost.d/example.com + +#### Per-VIRTUAL_HOST default configuration + +If you want most of your virtual hosts to use a default single configuration and then override on a few specific ones, add those settings to the `/etc/nginx/vhost.d/default` file. This file +will be used on any virtual host which does not have a `/etc/nginx/vhost.d/{VIRTUAL_HOST}` file associated with it. diff --git a/nginx.tmpl b/nginx.tmpl index fba5e74..b9b06dc 100644 --- a/nginx.tmpl +++ b/nginx.tmpl @@ -125,6 +125,8 @@ server { {{ if (exists (printf "/etc/nginx/vhost.d/%s" $host)) }} include {{ printf "/etc/nginx/vhost.d/%s" $host }}; + {{ else if (exists /etc/vhost.d/defaults) }} + include /etc/nginx/vhost.d/defaults {{ end }} location / { @@ -143,6 +145,8 @@ server { {{ if (exists (printf "/etc/nginx/vhost.d/%s" $host)) }} include {{ printf "/etc/nginx/vhost.d/%s" $host }}; + {{ else if (exists /etc/vhost.d/defaults) }} + include /etc/nginx/vhost.d/defaults {{ end }} location / { From d9ee7ed704e991c8e5a9b8737488fb477a7dca19 Mon Sep 17 00:00:00 2001 From: Richard Bateman Date: Fri, 14 Aug 2015 11:36:39 -0600 Subject: [PATCH 4/8] Add support for adding options to the location block of a vhost --- README.md | 21 +++++++++++++++++++++ nginx.tmpl | 10 ++++++++++ 2 files changed, 31 insertions(+) diff --git a/README.md b/README.md index 6c36a9f..c975129 100644 --- a/README.md +++ b/README.md @@ -198,3 +198,24 @@ If you are using multiple hostnames for a single container (e.g. `VIRTUAL_HOST=e If you want most of your virtual hosts to use a default single configuration and then override on a few specific ones, add those settings to the `/etc/nginx/vhost.d/default` file. This file will be used on any virtual host which does not have a `/etc/nginx/vhost.d/{VIRTUAL_HOST}` file associated with it. + +#### Per-VIRTUAL_HOST location configuration + +To add settings to the "location" block on a per-`VIRTUAL_HOST` basis, add your configuration file under `/etc/nginx/vhost.d` +just like the previous section except with the suffix `_location`. + +For example, if you have a virtual host named `app.example.com` and you have configured a proxy_cache `my-cache` in another custom file, you could tell it to use a proxy cache as follows: + + $ docker run -d -p 80:80 -p 443:443 -v /path/to/vhost.d:/etc/nginx/vhost.d:ro -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy + $ { echo 'proxy_cache my-cache;'; echo 'proxy_cache_valid 200 302 60m;'; echo 'proxy_cache_valid 404 1m;' } > /path/to/vhost.d/app.example.com_location + +If you are using multiple hostnames for a single container (e.g. `VIRTUAL_HOST=example.com,www.example.com`), the virtual host configuration file must exist for each hostname. If you would like to use the same configuration for multiple virtual host names, you can use a symlink: + + $ { echo 'proxy_cache my-cache;'; echo 'proxy_cache_valid 200 302 60m;'; echo 'proxy_cache_valid 404 1m;' } > /path/to/vhost.d/app.example.com_location + $ ln -s /path/to/vhost.d/www.example.com /path/to/vhost.d/example.com + +#### Per-VIRTUAL_HOST location default configuration + +If you want most of your virtual hosts to use a default single `location` block configuration and then override on a few specific ones, add those settings to the `/etc/nginx/vhost.d/default_location` file. This file +will be used on any virtual host which does not have a `/etc/nginx/vhost.d/{VIRTUAL_HOST}` file associated with it. + diff --git a/nginx.tmpl b/nginx.tmpl index b9b06dc..82ddb11 100644 --- a/nginx.tmpl +++ b/nginx.tmpl @@ -135,6 +135,11 @@ server { auth_basic "Restricted {{ $host }}"; auth_basic_user_file {{ (printf "/etc/nginx/htpasswd/%s" $host) }}; {{ end }} + {{ if (exists (printf "/etc/nginx/vhost.d/%s_location" $host)) }} + include {{ printf "/etc/nginx/vhost.d/%s_location"}} + {{ else if (exists /etc/vhost.d/defaults_location) }} + include /etc/nginx/vhost.d/defaults_location + {{ end }} } } {{ else }} @@ -155,6 +160,11 @@ server { auth_basic "Restricted {{ $host }}"; auth_basic_user_file {{ (printf "/etc/nginx/htpasswd/%s" $host) }}; {{ end }} + {{ if (exists (printf "/etc/nginx/vhost.d/%s_location" $host)) }} + include {{ printf "/etc/nginx/vhost.d/%s_location"}} + {{ else if (exists /etc/vhost.d/defaults_location) }} + include /etc/nginx/vhost.d/defaults_location + {{ end }} } } From 405f4876b924d612085b4ae9a75b2d5658d10bdc Mon Sep 17 00:00:00 2001 From: Richard Bateman Date: Fri, 14 Aug 2015 12:10:47 -0600 Subject: [PATCH 5/8] As per pull request feedback, update names to be consistent --- nginx.tmpl | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/nginx.tmpl b/nginx.tmpl index 82ddb11..f211565 100644 --- a/nginx.tmpl +++ b/nginx.tmpl @@ -125,8 +125,8 @@ server { {{ if (exists (printf "/etc/nginx/vhost.d/%s" $host)) }} include {{ printf "/etc/nginx/vhost.d/%s" $host }}; - {{ else if (exists /etc/vhost.d/defaults) }} - include /etc/nginx/vhost.d/defaults + {{ else if (exists /etc/vhost.d/default) }} + include /etc/nginx/vhost.d/default {{ end }} location / { @@ -137,8 +137,8 @@ server { {{ end }} {{ if (exists (printf "/etc/nginx/vhost.d/%s_location" $host)) }} include {{ printf "/etc/nginx/vhost.d/%s_location"}} - {{ else if (exists /etc/vhost.d/defaults_location) }} - include /etc/nginx/vhost.d/defaults_location + {{ else if (exists /etc/vhost.d/default_location) }} + include /etc/nginx/vhost.d/default_location {{ end }} } } @@ -150,8 +150,8 @@ server { {{ if (exists (printf "/etc/nginx/vhost.d/%s" $host)) }} include {{ printf "/etc/nginx/vhost.d/%s" $host }}; - {{ else if (exists /etc/vhost.d/defaults) }} - include /etc/nginx/vhost.d/defaults + {{ else if (exists /etc/vhost.d/default) }} + include /etc/nginx/vhost.d/default {{ end }} location / { @@ -162,8 +162,8 @@ server { {{ end }} {{ if (exists (printf "/etc/nginx/vhost.d/%s_location" $host)) }} include {{ printf "/etc/nginx/vhost.d/%s_location"}} - {{ else if (exists /etc/vhost.d/defaults_location) }} - include /etc/nginx/vhost.d/defaults_location + {{ else if (exists /etc/vhost.d/default_location) }} + include /etc/nginx/vhost.d/default_location {{ end }} } } From 66711ff026d0f61cc6ba4f2ccee77a896bce32bd Mon Sep 17 00:00:00 2001 From: Richard Bateman Date: Fri, 14 Aug 2015 12:19:53 -0600 Subject: [PATCH 6/8] Add warning about consequences of incorrectly using proxy_config.conf --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index c975129..4c49729 100644 --- a/README.md +++ b/README.md @@ -160,6 +160,8 @@ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; ``` +***NOTE***: If you provide this file it will replace the defaults; you may want to check the .tmpl file to make sure you have all of the needed options. + #### Proxy-wide To add settings on a proxy-wide basis, add your configuration file under `/etc/nginx/conf.d` using a name ending in `.conf`. From 5089bf77dd99fe466ee95651bc4b533000b0f2bc Mon Sep 17 00:00:00 2001 From: Richard Bateman Date: Fri, 14 Aug 2015 12:34:10 -0600 Subject: [PATCH 7/8] Update wording in docs as per pull request feedback --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 4c49729..6825a26 100644 --- a/README.md +++ b/README.md @@ -143,9 +143,9 @@ You'll need apache2-utils on the machine where you plan to create the htpasswd f If you need to configure Nginx beyond what is possible using environment variables, you can provide custom configuration files on either a proxy-wide or per-`VIRTUAL_HOST` basis. -#### Overriding default proxy settings +#### Replacing default proxy settings -If you want to override the default proxy settings for the nginx container, add a configuration file at `/etc/nginx/proxy.conf`. A file with the default settings would +If you want to replace the default proxy settings for the nginx container, add a configuration file at `/etc/nginx/proxy.conf`. A file with the default settings would look like this: ```Nginx From ae0da36d75430204253f46bf2dedb6244748115c Mon Sep 17 00:00:00 2001 From: CoreOS Admin Date: Sat, 29 Aug 2015 18:38:43 -0600 Subject: [PATCH 8/8] Fix bugs in config file from refactor --- nginx.tmpl | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/nginx.tmpl b/nginx.tmpl index f211565..6fc0bee 100644 --- a/nginx.tmpl +++ b/nginx.tmpl @@ -125,8 +125,8 @@ server { {{ if (exists (printf "/etc/nginx/vhost.d/%s" $host)) }} include {{ printf "/etc/nginx/vhost.d/%s" $host }}; - {{ else if (exists /etc/vhost.d/default) }} - include /etc/nginx/vhost.d/default + {{ else if (exists "/etc/vhost.d/default") }} + include /etc/nginx/vhost.d/default; {{ end }} location / { @@ -135,11 +135,11 @@ server { auth_basic "Restricted {{ $host }}"; auth_basic_user_file {{ (printf "/etc/nginx/htpasswd/%s" $host) }}; {{ end }} - {{ if (exists (printf "/etc/nginx/vhost.d/%s_location" $host)) }} - include {{ printf "/etc/nginx/vhost.d/%s_location"}} - {{ else if (exists /etc/vhost.d/default_location) }} - include /etc/nginx/vhost.d/default_location - {{ end }} + {{ if (exists (printf "/etc/nginx/vhost.d/%s_location" $host)) }} + include {{ printf "/etc/nginx/vhost.d/%s_location" $host}}; + {{ else if (exists "/etc/vhost.d/default_location") }} + include /etc/nginx/vhost.d/default_location; + {{ end }} } } {{ else }} @@ -150,8 +150,8 @@ server { {{ if (exists (printf "/etc/nginx/vhost.d/%s" $host)) }} include {{ printf "/etc/nginx/vhost.d/%s" $host }}; - {{ else if (exists /etc/vhost.d/default) }} - include /etc/nginx/vhost.d/default + {{ else if (exists "/etc/vhost.d/default") }} + include /etc/nginx/vhost.d/default; {{ end }} location / { @@ -160,11 +160,11 @@ server { auth_basic "Restricted {{ $host }}"; auth_basic_user_file {{ (printf "/etc/nginx/htpasswd/%s" $host) }}; {{ end }} - {{ if (exists (printf "/etc/nginx/vhost.d/%s_location" $host)) }} - include {{ printf "/etc/nginx/vhost.d/%s_location"}} - {{ else if (exists /etc/vhost.d/default_location) }} - include /etc/nginx/vhost.d/default_location - {{ end }} + {{ if (exists (printf "/etc/nginx/vhost.d/%s_location" $host)) }} + include {{ printf "/etc/nginx/vhost.d/%s_location" $host}}; + {{ else if (exists "/etc/vhost.d/default_location") }} + include /etc/nginx/vhost.d/default_location; + {{ end }} } }