You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

81 lines
2.1 KiB

# nginx simple semi-automated reverse proxy
Simply mount your volume or a directory as `/etc/nginx/conf.d` to the container,
it will automatically detect the differences in there and load-up the new configuration!
To build and run the image:
docker build --ulimit nofile=1024:1024 -t andrey01/nginx .
docker run --rm -ti --name nginx -p 80:80 -p 443:443 andrey01/nginx
> Smaller nofile `ulimit -n` is needed when running the grsecurity patched kernel, otherwise things may go terribly slow.
> You may consider using `--default-ulimit "nofile=1024:2048"` argument to a docker daemon.
**docker-compose.yml** file example
version '2'
backend: {}
frontend: {}
image: andrey01/nginx
- backend
- frontend
- /srv/letsencrypt:/etc/letsencrypt:ro
- /srv/nginx:/etc/nginx/conf.d:ro
- 80:80
- 443:443
restart: always
Then you can add some configuration to the `/home/docker/configs/nginx` directory,
for example you may add the following config:
**webmail.conf** file example
server {
listen 80;
return 301 https://$host$request_uri;
server {
listen 443 ssl http2;
ssl on;
ssl_certificate /etc/letsencrypt/live/;
ssl_certificate_key /etc/letsencrypt/live/;
# enable HSTS (HTTP Strict Transport Security) to avoid SSL stripping
add_header Strict-Transport-Security "max-age=15768000; includeSubdomains" always;
# Built-in Docker's DNS server
resolver ipv6=off valid=10s;
set $upstream_endpoint http://webmail:8080;
location / {
client_max_body_size 100M;
proxy_pass $upstream_endpoint;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
You can have your `webmail` service running in the `backend` network,
of which the nginx will take care of and pass it to the frontend.