Super simple semi-automated Nginx reverse proxy
Go to file
2016-07-16 00:33:59 +02:00
extra add missing files 2016-07-16 00:04:18 +02:00
service nginx does not write to /dev/log 2016-07-16 00:33:59 +02:00
Dockerfile use the newest sw 2016-07-16 00:01:43 +02:00
LICENSE Initial commit 2016-04-20 19:29:02 +02:00
nginx.conf server_tokens should be set in conf.d 2016-05-20 15:48:39 +02:00
README.md update readme 2016-07-16 00:20:56 +02:00

nginx simple semi-automated reverse proxy

Simply mount your volume or a directory as /etc/nginx/conf.d to the container, it will automatically detect the differences in there and load-up the new configuration!

To build and run the image:

docker build --ulimit nofile=1024:1024 -t andrey01/nginx .
docker run --rm -ti --name nginx -p 80:80 -p 443:443 andrey01/nginx

Smaller nofile ulimit -n is needed when running the grsecurity patched kernel, otherwise things may go terribly slow. You may consider using --default-ulimit "nofile=1024:2048" argument to a docker daemon.

docker-compose.yml file example

version '2'

networks:
  backend: {}
  frontend: {}

services:
  nginx:
    image: andrey01/nginx
    networks:
      - backend
      - frontend
    volumes:
      - /srv/letsencrypt:/etc/letsencrypt:ro
      - /srv/nginx:/etc/nginx/conf.d:ro
    ports:
      - 80:80
      - 443:443
    restart: always

Then you can add some configuration to the /home/docker/configs/nginx directory, for example you may add the following config:

webmail.conf file example

server {
  listen 80;
  server_name webmail.mydomain.com;
  return 301 https://$host$request_uri;
}

server {
  listen 443 ssl http2;
  server_name webmail.mydomain.com;
  ssl on;
  ssl_certificate /etc/letsencrypt/live/webmail.mydomain.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/webmail.mydomain.com/privkey.pem;

  # enable HSTS (HTTP Strict Transport Security) to avoid SSL stripping
  add_header Strict-Transport-Security "max-age=15768000; includeSubdomains" always;

  # Built-in Docker's DNS server
  resolver 127.0.0.11:53 ipv6=off valid=10s;
  set $upstream_endpoint http://webmail:8080;

  location / {
    client_max_body_size 100M;

    proxy_pass $upstream_endpoint;
    proxy_redirect off;
    proxy_buffering off;

    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
}

You can have your webmail service running in the backend network, of which the nginx will take care of and pass it to the frontend.