Super simple semi-automated Nginx reverse proxy
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Andrey Arapov 09637b4120
small refactoring and logging improvements
2 years ago
extra add missing files 2 years ago
service small refactoring and logging improvements 2 years ago
Dockerfile small refactoring and logging improvements 2 years ago
LICENSE Initial commit 3 years ago
README.md update readme 2 years ago
nginx.conf small refactoring and logging improvements 2 years ago

README.md

nginx simple semi-automated reverse proxy

Simply mount your volume or a directory as /etc/nginx/conf.d to the container, it will automatically detect the differences in there and load-up the new configuration!

To build and run the image:

docker build --ulimit nofile=1024:1024 -t andrey01/nginx .
docker run --rm -ti --name nginx -p 80:80 -p 443:443 andrey01/nginx

Smaller nofile ulimit -n is needed when running the grsecurity patched kernel, otherwise things may go terribly slow. You may consider using --default-ulimit "nofile=1024:2048" argument to a docker daemon.

docker-compose.yml file example

version '2'

networks:
  backend: {}
  frontend: {}

services:
  nginx:
    image: andrey01/nginx
    networks:
      - backend
      - frontend
    volumes:
      - /srv/letsencrypt:/etc/letsencrypt:ro
      - /srv/nginx:/etc/nginx/conf.d:ro
    ports:
      - 80:80
      - 443:443
    restart: always

Then you can add some configuration to the /home/docker/configs/nginx directory, for example you may add the following config:

webmail.conf file example

server {
  listen 80;
  server_name webmail.mydomain.com;
  return 301 https://$host$request_uri;
}

server {
  listen 443 ssl http2;
  server_name webmail.mydomain.com;
  ssl on;
  ssl_certificate /etc/letsencrypt/live/webmail.mydomain.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/webmail.mydomain.com/privkey.pem;

  # enable HSTS (HTTP Strict Transport Security) to avoid SSL stripping
  add_header Strict-Transport-Security "max-age=15768000; includeSubdomains" always;

  # Built-in Docker's DNS server
  resolver 127.0.0.11:53 ipv6=off valid=10s;
  set $upstream_endpoint http://webmail:8080;

  location / {
    client_max_body_size 100M;

    proxy_pass $upstream_endpoint;
    proxy_redirect off;
    proxy_buffering off;

    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
}

You can have your webmail service running in the backend network, of which the nginx will take care of and pass it to the frontend.