Commit graph

202 commits

Author SHA1 Message Date
Jason Wilder
95df1d225e Update to docker-gen 0.3.9 2015-03-13 17:25:53 -06:00
Jason Wilder
98254dd565 Merge pull request #123 from berfarah/master
Updated docker-gen version to 0.3.8
2015-03-13 17:04:45 -06:00
Bernardo Farah
1f426a6e61 Updated docker-gen version to 0.3.8 2015-03-13 14:53:40 -07:00
Jason Wilder
5216c71418 Merge pull request #119 from md5/update-nginx-1.7.10
Update to nginx:1.7.10
2015-03-10 23:19:52 -06:00
Mike Dillon
8d885aac1a Update to nginx:1.7.10 2015-03-10 21:15:42 -07:00
Jason Wilder
f03c08068b Merge pull request #111 from jwilder/jw-hsts
Remove includeSubdomains from HSTS header
2015-03-04 14:00:04 -07:00
Jason Wilder
4a99ac5548 Remove includeSubdomains from HSTS header
includeSubdomains can lead to issues where not all subdomains are
able to use HTTPS.  This options might be too strict for the general
case: https://www.owasp.org/index.php/HTTP_Strict_Transport_Security.
It can be re-enabled w/ a custom template if needed.

Fixes #109
2015-02-28 15:50:59 -07:00
Jason Wilder
879bb59d90 Merge pull request #108 from md5/fix-wildcard-https-redirect
Fix HTTP->HTTPS redirect for wildcard hosts
2015-02-25 11:37:21 -07:00
Mike Dillon
aa5dfdb3d5 Fix HTTP->HTTPS redirect for wildcard hosts
Uses Nginx's $host instead of interpolating `{{ $host }}` in the template
2015-02-25 10:29:59 -08:00
Jason Wilder
d831c058f3 Merge pull request #106 from md5/per-vhost-includes
Per VIRTUAL_HOST configuration files
2015-02-23 12:20:55 -07:00
Jason Wilder
c3534b7195 Merge pull request #91 from pirelenito/master
fixes SSL support while mixing HTTPS and non-HTTPS hosts
2015-02-22 15:00:48 -07:00
Mike Dillon
927e583f6a Document custom config for multi-host VIRTUAL_HOST 2015-02-22 11:19:33 -08:00
Mike Dillon
c4b3955ab9 Fix typo; shorten example conf file name 2015-02-22 10:02:13 -08:00
Mike Dillon
d4d9755a42 Document custom Nginx configuration in README.md 2015-02-22 09:50:19 -08:00
Mike Dillon
2010332395 Support per-VIRTUAL_HOST Nginx conf files 2015-02-22 09:25:50 -08:00
Jason Wilder
a431122d8b Merge pull request #102 from md5/virtual-proto
Support VIRTUAL_PROTO=https for HTTPS backends
2015-02-15 16:32:33 -07:00
Mike Dillon
3f199d56c1 Add VIRTUAL_PROTO to README.md 2015-02-14 16:19:27 -08:00
Mike Dillon
6c3b3c87be Support VIRTUAL_PROTO=https for HTTPS backends 2015-02-14 16:02:39 -08:00
Jason Wilder
93ee4acb23 Fix grammar 2015-02-03 14:55:14 -07:00
Jason Wilder
71a17c127f Update SSL doc grammar 2015-01-29 09:42:58 -07:00
Paulo Ragonha
37e4a0d00e fixes SSL support while mixing HTTPS and non-HTTPS services
nginx was throwing the following error: `no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking`

ref: https://github.com/jwilder/nginx-proxy/issues/74
2015-01-22 14:37:10 -02:00
Jason Wilder
71a7ce39b2 Merge pull request #90 from schmunk42/feature/wildcard-dns
added wildcard hosts, fixes #89
2015-01-21 21:36:13 -07:00
Tobias Munk
134e037d48 added wildcard hosts, fixes #89 2015-01-22 02:46:51 +01:00
Jason Wilder
450ecf23ed Add nginx/license badges 2015-01-14 09:51:21 -07:00
Jason Wilder
824c424d53 Merge pull request #77 from jperville/allow-longer-virtual-host-names
Allow for even longer virtual host names (should work to at least 50 chars).
2015-01-12 16:45:50 -07:00
Jason Wilder
07793dbc48 Merge pull request #81 from asmundg/x-gzip-javascript
Gzip application/javascript
2015-01-12 16:34:19 -07:00
Jason Wilder
67933f0e29 Merge pull request #84 from wenlock/master
Adding license for usage
2015-01-08 12:37:24 -07:00
Edward Raigosa
231fe01c81 Adding license for usage
Adding a license so we can use it with other projects.
2015-01-08 11:29:04 -08:00
Åsmund Grammeltvedt
36039f8e13 Gzip application/javascript
As per RFC4329, nginx uses application/javascript as the default MIME
type for .js files. Nginx-proxy will now gzip these files if the client
requests it.
2015-01-05 13:31:26 +01:00
Julien Pervillé
d7e499e4e6 Allow for even longer virtual host names (should work to at least 50 chars). 2015-01-02 10:49:21 +06:30
Ben Hall
30a53fb60a Ability to set a default host for nginx 2014-12-24 12:21:40 +00:00
Albert Murillo Aguirre
6d646d92f8 Basic Authentication Support 2014-12-19 16:26:42 -07:00
Jason Wilder
56b4a2e182 Fix README grammar 2014-12-15 12:30:58 -07:00
Jason Wilder
654e037741 Merge pull request #65 from josephpage/patch-1
Bump to nginx 1.7.8
2014-12-13 16:59:29 -07:00
Jason Wilder
e546afd4bc Merge pull request #66 from maxcnunes/fix-server-name-max-length
fixes problem to set server name max length…
2014-12-13 16:56:57 -07:00
Max Claus Nunes
10bc94f6db fixes problem to set server name max length…
current base image does not have commented configurations which means is impossible to use the previous configuration to set the server name max length
2014-12-13 10:00:45 -02:00
Joseph Page
a668579392 Bump to nginx 1.7.8 2014-12-10 11:37:44 +01:00
Jason Wilder
4a38297009 Merge pull request #62 from md5/log-format-host
Add $host to logs
2014-12-08 10:23:31 -07:00
Mike Dillon
ac1f2d8875 Include Host or SERVER_NAME in logs 2014-12-06 17:46:25 -08:00
Mike Dillon
54b9043323 Remove redundant access_log and error_log 2014-12-06 17:45:59 -08:00
Jason Wilder
1aef35678e Merge branch 'thaJeztah-switch-to-nginx-image' 2014-12-03 11:15:33 -07:00
Jason Wilder
db924dba76 Use nginx:1.7.7 2014-12-03 11:12:01 -07:00
Jason Wilder
080a5157e6 Remove OCSP stapling
Looks like it was not actually working before and failing silently
because ssl_trusted_certificate was not specified.  Will need to
revisit implementing this functionality so removing it for now
to prevent the warnings logged by nginx now.
2014-12-03 11:06:11 -07:00
Sebastiaan van Stijn
3c5843264e Switch to official nginx base-image.
This changes the base-image to the official nginx image,
reducing the virtual size of the image by approx 50%.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2014-12-03 10:20:58 +01:00
Jason Wilder
0580726415 Ensure cert exists before referencing it 2014-12-02 23:29:00 -07:00
Jason Wilder
35b81f5092 Fix separate containers instructions 2014-12-02 16:17:58 -07:00
Jason Wilder
50839742f2 Grammar/formatting 2014-12-02 14:43:50 -07:00
Jason Wilder
61c3933e0e Merge pull request #56 from jwilder/jw-https
Add SSL Support
2014-12-01 17:40:44 -07:00
Jason Wilder
51c5c172ee Update README w/ SSL docs 2014-11-27 12:49:44 -07:00
Jason Wilder
2e43a5459b Add SSL support
This adds SSL support for containers.  It supports single host
certificates, wildcards and SNI using naming conventions for
certificates or optionally specify a cert name (for SNI).  The SSL
cipher configuration is based on mozilla intermediate profile which
should provide compatibility with clients back to Firefox 1, Chrome 1,
IE 7, Opera 5, Safari 1, Windows XP IE8, Android 2.3, Java 7.  The
configuration also enables OCSP stapling, HSTS, and ssl session caches.

To enable SSL, nginx-proxy should be started w/ -p 443:443 and -v
/path/to/certs:/etc/nginx/certs.  Certificates must be named:
<virtualhost>.crt and <virtualhost>.key where <virtualhost> matches
the a value of VIRTUAL_HOST on a container.

For wildcard certificates, the certificate and private key should be
named after the wildcard domain with .crt and .key suffixes.  For example,
*.example.com should be name example.com.crt and example.com.key.

For SNI where a certificate may be used for multiple domain names, the
container can specify a CERT_NAME env var that corresponds to the base
file name of the certificate and key.  For example, if you have a cert
allowing *.example.com and *.bar.com, it can be name shared.crt and
shared.key.  A container can use that cert by having CERT_NAME=shared and
VIRTUAL_HOST=foo.example.com.  The name "shared" is arbitrary and can
be whatever makes sense.

The behavior for the proxy when port 80 and 443 is defined is as
follows:

* If a container has a usable cert, port 80 will redirect to
443 for that container to always prefer HTTPS when available.
* If the container does not have a usable cert 503 will be returned.

In the last case, a self-signed or generic cert can be defined as
"default.crt" and "default.key" which will allow a client browser to
at least make a SSL connection.
2014-11-27 12:49:38 -07:00