first commit

Dockerfile

@@ -0,0 +1,11 @@
+FROM alpine:3.3
+MAINTAINER Andrey Arapov <andrey.arapov@nixaid.com>
+
+RUN echo '@testing http://dl-cdn.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories && \
+    apk update && \
+    apk add nginx-naxsi@testing inotify-tools && \
+    mkdir /tmp/nginx
+
+COPY nginx.conf /etc/nginx/nginx.conf
+COPY launch /launch
+ENTRYPOINT /launch

README.md

@@ -0,0 +1,64 @@
+# nginx simple semi-automated reverse proxy
+
+Simply mount your volume or a directory as `/etc/nginx/conf.d` to the container,
+it will automatically detect the differences in there and load-up the new configuration!
+
+
+**docker-compose.yml** file example
+```
+version '2'
+services:
+  nginx:
+    image: andrey01/nginx
+    networks:
+      - backend
+      - frontend
+    volumes:
+      - /home/docker/configs/letsencrypt:/etc/letsencrypt:ro
+      - /home/docker/configs/nginx:/etc/nginx/conf.d:ro
+    ports:
+      - 80:80
+      - 443:443
+    restart: always
+```
+
+Then you can add some configuration to the `/home/docker/configs/nginx` directory,
+for example you may add the following config:
+
+**webmail.conf** file example
+```
+server {
+  listen 80;
+  server_name webmail.mydomain.com;
+  return 301 https://$host$request_uri;
+}
+
+server {
+  listen 443 ssl http2;
+  server_name webmail.mydomain.com;
+  ssl on;
+  ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
+
+  # enable HSTS (HTTP Strict Transport Security) to avoid SSL stripping
+  add_header Strict-Transport-Security "max-age=15768000; includeSubdomains" always;
+
+  # Built-in Docker's DNS server
+  resolver 127.0.0.11:53 ipv6=off valid=10s;
+  set $upstream_endpoint http://webmail:8080;
+
+  location / {
+    proxy_pass $upstream_endpoint;
+    proxy_redirect off;
+    proxy_buffering off;
+
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  }
+}
+```
+
+You can have your `webmail` service running in the `backend` network, of which the nginx will take care of and pass it to the frontend.
+

launch

@@ -0,0 +1,12 @@
+#!/bin/sh
+# debug
+# set -x
+
+while true; do
+  inotifywait -e close_write,moved_to,create,delete /etc/nginx/conf.d
+  sleep 2
+  echo "INFO: nginx configuration change detected, attempting to load the new configuration ..."
+  nginx -t && nginx -s reload || echo "ERROR: nginx configuration has problems, thus cannot be reloaded."
+done &
+
+/usr/sbin/nginx

nginx.conf

@@ -0,0 +1,25 @@
+daemon off;
+error_log stderr info;
+user nginx;
+worker_processes 1;
+pid /var/run/nginx.pid;
+
+events {
+  worker_connections 1024;
+}
+
+http {
+  include mime.types;
+  default_type application/octet-stream;
+
+  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                    '$status $body_bytes_sent "$http_referer" '
+                    '"$http_user_agent" "$http_x_forwarded_for"';
+  access_log /var/log/nginx/access.log main;
+
+  sendfile on;
+  keepalive_timeout 65;
+  gzip on;
+  server_tokens off;
+  include conf.d/*.conf;
+}