Compare commits
No commits in common. "proposed-changes-for-v2" and "main" have entirely different histories.
proposed-c
...
main
10
nginx.tmpl
10
nginx.tmpl
@ -349,8 +349,8 @@ proxy_set_header Proxy "";
|
||||
|
||||
{{- /*
|
||||
* Precompute some information about each vhost. This is done early because
|
||||
* the creation of fallback servers depends on DEFAULT_HOST and
|
||||
* HTTPS_METHOD.
|
||||
* the creation of fallback servers depends on DEFAULT_HOST, HTTPS_METHOD,
|
||||
* and whether there are any missing certs.
|
||||
*/}}
|
||||
{{- range $vhost, $containers := groupByMulti $globals.containers "Env.VIRTUAL_HOST" "," }}
|
||||
{{- $vhost := trim $vhost }}
|
||||
@ -380,7 +380,7 @@ proxy_set_header Proxy "";
|
||||
{{- $default_http_exists := false }}
|
||||
{{- $default_https_exists := false }}
|
||||
{{- range $vhost := $globals.vhosts }}
|
||||
{{- $http := ne $vhost.https_method "nohttp" }}
|
||||
{{- $http := or (ne $vhost.https_method "nohttp") (not $vhost.cert_ok) }}
|
||||
{{- $https := ne $vhost.https_method "nohttps" }}
|
||||
{{- $http_exists = or $http_exists $http }}
|
||||
{{- $https_exists = or $https_exists $https }}
|
||||
@ -484,7 +484,7 @@ server {
|
||||
{{- /* Get the VIRTUAL_ROOT By containers w/ use fastcgi root */}}
|
||||
{{- $vhost_root := or (first (groupByKeys $containers "Env.VIRTUAL_ROOT")) "/var/www/public" }}
|
||||
|
||||
{{- if eq $https_method "redirect" }}
|
||||
{{- if and $cert_ok (eq $https_method "redirect") }}
|
||||
server {
|
||||
server_name {{ $host }};
|
||||
{{- if $server_tokens }}
|
||||
@ -522,7 +522,7 @@ server {
|
||||
server_tokens {{ $server_tokens }};
|
||||
{{- end }}
|
||||
{{ $globals.access_log }}
|
||||
{{- if or (eq $https_method "nohttps") (eq $https_method "noredirect") }}
|
||||
{{- if or (eq $https_method "nohttps") (not $cert_ok) (eq $https_method "noredirect") }}
|
||||
listen {{ $globals.external_http_port }} {{ $default_server }};
|
||||
{{- if $globals.enable_ipv6 }}
|
||||
listen [::]:{{ $globals.external_http_port }} {{ $default_server }};
|
||||
|
||||
@ -12,8 +12,6 @@ services:
|
||||
image: nginxproxy/nginx-proxy:test
|
||||
volumes:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
environment:
|
||||
HTTPS_METHOD: nohttps
|
||||
|
||||
webA:
|
||||
networks:
|
||||
|
||||
@ -21,4 +21,3 @@ sut:
|
||||
- /var/run/docker.sock:/f00.sock:ro
|
||||
environment:
|
||||
DOCKER_HOST: unix:///f00.sock
|
||||
HTTPS_METHOD: nohttps
|
||||
|
||||
@ -4,8 +4,6 @@ services:
|
||||
image: nginxproxy/nginx-proxy:test
|
||||
volumes:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
environment:
|
||||
HTTPS_METHOD: nohttps
|
||||
|
||||
web:
|
||||
image: web
|
||||
|
||||
@ -4,8 +4,6 @@ nginx-proxy:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
- ./my_custom_proxy_settings.conf:/etc/nginx/vhost.d/default_location:ro
|
||||
- ./my_custom_proxy_settings_bar.conf:/etc/nginx/vhost.d/web3.nginx-proxy.local_location:ro
|
||||
environment:
|
||||
HTTPS_METHOD: nohttps
|
||||
|
||||
web1:
|
||||
image: web
|
||||
|
||||
@ -5,8 +5,6 @@ services:
|
||||
volumes:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
- ./my_custom_proxy_settings.conf:/etc/nginx/proxy.conf:ro
|
||||
environment:
|
||||
HTTPS_METHOD: nohttps
|
||||
|
||||
web1:
|
||||
image: web
|
||||
|
||||
@ -5,8 +5,6 @@ services:
|
||||
volumes:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
- ./my_custom_proxy_settings.conf:/etc/nginx/vhost.d/web1.nginx-proxy.local_location:ro
|
||||
environment:
|
||||
HTTPS_METHOD: nohttps
|
||||
|
||||
web1:
|
||||
image: web
|
||||
|
||||
@ -5,8 +5,6 @@ services:
|
||||
volumes:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
- ./my_custom_proxy_settings.conf:/etc/nginx/vhost.d/web1.nginx-proxy.local:ro
|
||||
environment:
|
||||
HTTPS_METHOD: nohttps
|
||||
|
||||
web1:
|
||||
image: web
|
||||
|
||||
@ -5,8 +5,6 @@ services:
|
||||
volumes:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
- ./my_custom_proxy_settings.conf:/etc/nginx/conf.d/my_custom_proxy_settings.conf:ro
|
||||
environment:
|
||||
HTTPS_METHOD: nohttps
|
||||
|
||||
web1:
|
||||
image: web
|
||||
|
||||
@ -15,4 +15,3 @@ sut:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
environment:
|
||||
DEFAULT_HOST: web1.tld
|
||||
HTTPS_METHOD: nohttps
|
||||
|
||||
@ -5,7 +5,6 @@ services:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
environment:
|
||||
DEFAULT_ROOT: none
|
||||
HTTPS_METHOD: nohttps
|
||||
web:
|
||||
image: web
|
||||
expose:
|
||||
|
||||
@ -15,8 +15,6 @@ services:
|
||||
volumes:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
- ../../nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl
|
||||
environment:
|
||||
HTTPS_METHOD: nohttps
|
||||
|
||||
web:
|
||||
image: web
|
||||
|
||||
@ -13,8 +13,6 @@ services:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
- ../../nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl
|
||||
- nginx_conf:/etc/nginx/conf.d
|
||||
environment:
|
||||
HTTPS_METHOD: nohttps
|
||||
|
||||
web:
|
||||
image: web
|
||||
|
||||
@ -2,5 +2,3 @@ nginxproxy:
|
||||
image: nginxproxy/nginx-proxy:test
|
||||
volumes:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
environment:
|
||||
HTTPS_METHOD: nohttps
|
||||
|
||||
@ -44,7 +44,7 @@ CONNECTION_REFUSED_RE = re.compile("Connection refused")
|
||||
("withdefault.yml", "https://https-only.nginx-proxy.test/", 200, None),
|
||||
("withdefault.yml", "http://http-only.nginx-proxy.test/", 200, None),
|
||||
("withdefault.yml", "https://http-only.nginx-proxy.test/", 503, None),
|
||||
("withdefault.yml", "http://missing-cert.nginx-proxy.test/", 301, None),
|
||||
("withdefault.yml", "http://missing-cert.nginx-proxy.test/", 200, None),
|
||||
("withdefault.yml", "https://missing-cert.nginx-proxy.test/", 500, None),
|
||||
("withdefault.yml", "http://unknown.nginx-proxy.test/", 503, None),
|
||||
("withdefault.yml", "https://unknown.nginx-proxy.test/", 503, None),
|
||||
@ -55,7 +55,7 @@ CONNECTION_REFUSED_RE = re.compile("Connection refused")
|
||||
("nodefault.yml", "https://https-only.nginx-proxy.test/", 200, None),
|
||||
("nodefault.yml", "http://http-only.nginx-proxy.test/", 200, None),
|
||||
("nodefault.yml", "https://http-only.nginx-proxy.test/", None, INTERNAL_ERR_RE),
|
||||
("nodefault.yml", "http://missing-cert.nginx-proxy.test/", 301, None),
|
||||
("nodefault.yml", "http://missing-cert.nginx-proxy.test/", 200, None),
|
||||
("nodefault.yml", "https://missing-cert.nginx-proxy.test/", None, INTERNAL_ERR_RE),
|
||||
("nodefault.yml", "http://unknown.nginx-proxy.test/", 503, None),
|
||||
("nodefault.yml", "https://unknown.nginx-proxy.test/", None, INTERNAL_ERR_RE),
|
||||
@ -69,13 +69,15 @@ CONNECTION_REFUSED_RE = re.compile("Connection refused")
|
||||
("nohttp-on-app.yml", "https://https-only.nginx-proxy.test/", 200, None),
|
||||
("nohttp-on-app.yml", "http://unknown.nginx-proxy.test/", None, CONNECTION_REFUSED_RE),
|
||||
("nohttp-on-app.yml", "https://unknown.nginx-proxy.test/", 503, None),
|
||||
# Same as nohttp.yml, except there is a vhost with a missing cert. The missing cert should not
|
||||
# cause that vhost to downgrade from https to http.
|
||||
("nohttp-with-missing-cert.yml", "http://https-only.nginx-proxy.test/", None, CONNECTION_REFUSED_RE),
|
||||
# Same as nohttp.yml, except there is a vhost with a missing cert. This causes its
|
||||
# HTTPS_METHOD=nohttp setting to effectively become HTTPS_METHOD=noredirect. This means that
|
||||
# there will be a plain http server solely to support that vhost, so http requests to other
|
||||
# vhosts get a 503, not a connection refused error.
|
||||
("nohttp-with-missing-cert.yml", "http://https-only.nginx-proxy.test/", 503, None),
|
||||
("nohttp-with-missing-cert.yml", "https://https-only.nginx-proxy.test/", 200, None),
|
||||
("nohttp-with-missing-cert.yml", "http://missing-cert.nginx-proxy.test/", None, CONNECTION_REFUSED_RE),
|
||||
("nohttp-with-missing-cert.yml", "http://missing-cert.nginx-proxy.test/", 200, None),
|
||||
("nohttp-with-missing-cert.yml", "https://missing-cert.nginx-proxy.test/", 500, None),
|
||||
("nohttp-with-missing-cert.yml", "http://unknown.nginx-proxy.test/", None, CONNECTION_REFUSED_RE),
|
||||
("nohttp-with-missing-cert.yml", "http://unknown.nginx-proxy.test/", 503, None),
|
||||
("nohttp-with-missing-cert.yml", "https://unknown.nginx-proxy.test/", 503, None),
|
||||
# HTTPS_METHOD=nohttps on nginx-proxy, HTTPS_METHOD unset on the app container.
|
||||
("nohttps.yml", "http://http-only.nginx-proxy.test/", 200, None),
|
||||
|
||||
@ -20,5 +20,3 @@ sut:
|
||||
image: nginxproxy/nginx-proxy:test
|
||||
volumes:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
environment:
|
||||
HTTPS_METHOD: nohttps
|
||||
|
||||
@ -11,5 +11,4 @@ sut:
|
||||
volumes:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
environment:
|
||||
HTTP_PORT: 8080
|
||||
HTTPS_METHOD: nohttps
|
||||
HTTP_PORT: 8080
|
||||
@ -20,5 +20,4 @@ sut:
|
||||
volumes:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
- ./network_internal.conf:/etc/nginx/network_internal.conf:ro
|
||||
environment:
|
||||
HTTPS_METHOD: nohttps
|
||||
|
||||
|
||||
@ -24,5 +24,4 @@ sut:
|
||||
volumes:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
- ./network_internal.conf:/etc/nginx/network_internal.conf:ro
|
||||
environment:
|
||||
HTTPS_METHOD: nohttps
|
||||
|
||||
|
||||
@ -35,6 +35,5 @@ services:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
environment:
|
||||
ENABLE_IPV6: "true"
|
||||
HTTPS_METHOD: nohttps
|
||||
networks:
|
||||
- net1
|
||||
|
||||
@ -4,8 +4,6 @@ services:
|
||||
volumes:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
- ./test_location-override.vhost.d:/etc/nginx/vhost.d:ro
|
||||
environment:
|
||||
HTTPS_METHOD: nohttps
|
||||
|
||||
explicit-root:
|
||||
image: web
|
||||
|
||||
@ -12,5 +12,4 @@ sut:
|
||||
volumes:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
environment:
|
||||
HTTPS_METHOD: nohttps
|
||||
LOG_FORMAT: "$$remote_addr - $$remote_user [$$time_local] \"$$request\" $$status $$body_bytes_sent \"$$http_referer\" \"$$http_user_agent\" request_time=$$request_time $$upstream_response_time"
|
||||
|
||||
@ -11,5 +11,3 @@ sut:
|
||||
image: nginxproxy/nginx-proxy:test
|
||||
volumes:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
environment:
|
||||
HTTPS_METHOD: nohttps
|
||||
|
||||
@ -16,8 +16,6 @@ services:
|
||||
- net2
|
||||
- net3a
|
||||
- net3b
|
||||
environment:
|
||||
HTTPS_METHOD: nohttps
|
||||
|
||||
web1:
|
||||
image: web
|
||||
|
||||
@ -12,5 +12,3 @@ sut:
|
||||
image: nginxproxy/nginx-proxy:test
|
||||
volumes:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
environment:
|
||||
HTTPS_METHOD: nohttps
|
||||
|
||||
@ -12,5 +12,3 @@ sut:
|
||||
image: nginxproxy/nginx-proxy:test
|
||||
volumes:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
environment:
|
||||
HTTPS_METHOD: nohttps
|
||||
|
||||
@ -11,5 +11,3 @@ sut:
|
||||
image: nginxproxy/nginx-proxy:test
|
||||
volumes:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
environment:
|
||||
HTTPS_METHOD: nohttps
|
||||
|
||||
@ -11,5 +11,3 @@ sut:
|
||||
image: nginxproxy/nginx-proxy:test
|
||||
volumes:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
environment:
|
||||
HTTPS_METHOD: nohttps
|
||||
|
||||
@ -35,5 +35,3 @@ services:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
networks:
|
||||
- net1
|
||||
environment:
|
||||
HTTPS_METHOD: nohttps
|
||||
|
||||
@ -39,7 +39,6 @@ services:
|
||||
image: nginxproxy/nginx-proxy:test
|
||||
environment:
|
||||
ENABLE_IPV6: "true"
|
||||
HTTPS_METHOD: nohttps
|
||||
volumes:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
networks:
|
||||
|
||||
@ -27,5 +27,3 @@ sut:
|
||||
image: nginxproxy/nginx-proxy:test
|
||||
volumes:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
environment:
|
||||
HTTPS_METHOD: nohttps
|
||||
|
||||
@ -10,5 +10,3 @@ sut:
|
||||
image: nginxproxy/nginx-proxy:test
|
||||
volumes:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
environment:
|
||||
HTTPS_METHOD: nohttps
|
||||
|
||||
@ -11,5 +11,3 @@ sut:
|
||||
image: nginxproxy/nginx-proxy:test
|
||||
volumes:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
environment:
|
||||
HTTPS_METHOD: nohttps
|
||||
|
||||
@ -13,5 +13,3 @@ services:
|
||||
image: nginxproxy/nginx-proxy:test
|
||||
volumes:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
environment:
|
||||
HTTPS_METHOD: nohttps
|
||||
|
||||
@ -14,5 +14,4 @@ services:
|
||||
volumes:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
environment:
|
||||
HTTPS_METHOD: nohttps
|
||||
SHA1_UPSTREAM_NAME: "true"
|
||||
|
||||
@ -3,8 +3,6 @@ services:
|
||||
image: nginxproxy/nginx-proxy:test
|
||||
volumes:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
environment:
|
||||
HTTPS_METHOD: nohttps
|
||||
web1:
|
||||
image: web
|
||||
expose:
|
||||
|
||||
@ -12,8 +12,6 @@ services:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
networks:
|
||||
- net1
|
||||
environment:
|
||||
HTTPS_METHOD: nohttps
|
||||
|
||||
web:
|
||||
image: web
|
||||
|
||||
@ -40,7 +40,6 @@ sut:
|
||||
image: nginxproxy/nginx-proxy:test
|
||||
environment:
|
||||
DEFAULT_ROOT: 418
|
||||
HTTPS_METHOD: nohttps
|
||||
volumes:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
- ./foo.conf:/etc/nginx/vhost.d/foo.nginx-proxy.test:ro
|
||||
|
||||
@ -12,6 +12,6 @@ sut:
|
||||
image: nginxproxy/nginx-proxy:test
|
||||
volumes:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
- ./certs:/etc/nginx/certs:ro
|
||||
environment:
|
||||
DEFAULT_ROOT: 301 http://$$host/web1$$request_uri
|
||||
HTTPS_METHOD: nohttps
|
||||
- DEFAULT_ROOT=301 http://$$host/web1$$request_uri
|
||||
|
||||
@ -35,5 +35,3 @@ sut:
|
||||
- ./default.conf:/etc/nginx/vhost.d/default_location:ro
|
||||
- ./host.conf:/etc/nginx/vhost.d/bar.nginx-proxy.test_location:ro
|
||||
- ./path.conf:/etc/nginx/vhost.d/bar.nginx-proxy.test_99f2db0ed8aa95dbb5b87fca79c7eff2ff6bb8bd_location:ro
|
||||
environment:
|
||||
HTTPS_METHOD: nohttps
|
||||
|
||||
@ -40,5 +40,3 @@ sut:
|
||||
image: nginxproxy/nginx-proxy:test
|
||||
volumes:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
environment:
|
||||
HTTPS_METHOD: nohttps
|
||||
|
||||
@ -35,5 +35,3 @@ sut:
|
||||
image: nginxproxy/nginx-proxy:test
|
||||
volumes:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
environment:
|
||||
HTTPS_METHOD: nohttps
|
||||
|
||||
Loading…
Reference in New Issue
Block a user