arno
/
nginx
1
0
フォーク 0
コード イシュー プルリクエスト リリース Wiki アクティビティ
Super simple semi-automated Nginx reverse proxy
選択できるのは25トピックまでです。 トピックは、先頭が英数字で、英数字とダッシュ('-')を使用した35文字以内のものにしてください。
11 コミット
1 ブランチ
0 タグ
6.3 MiB
 
 
 
 
ブランチ タグ
${ item.name }
タグ ${ searchTerm } を作成
ブランチ ${ searchTerm } を作成
'master' から
${ noResults }
ファイルへ移動
Andy 09637b4120
small refactoring and logging improvements 		8年前
extra add missing files 8年前
service small refactoring and logging improvements 8年前
Dockerfile small refactoring and logging improvements 8年前
LICENSE Initial commit 8年前
README.md update readme 8年前
nginx.conf small refactoring and logging improvements 8年前

README.md

nginx simple semi-automated reverse proxy

Simply mount your volume or a directory as /etc/nginx/conf.d to the container, it will automatically detect the differences in there and load-up the new configuration!

To build and run the image:

docker build --ulimit nofile=1024:1024 -t andrey01/nginx .
docker run --rm -ti --name nginx -p 80:80 -p 443:443 andrey01/nginx

Smaller nofile ulimit -n is needed when running the grsecurity patched kernel, otherwise things may go terribly slow. You may consider using --default-ulimit "nofile=1024:2048" argument to a docker daemon.

docker-compose.yml file example

version '2'

networks:
  backend: {}
  frontend: {}

services:
  nginx:
    image: andrey01/nginx
    networks:
      - backend
      - frontend
    volumes:
      - /srv/letsencrypt:/etc/letsencrypt:ro
      - /srv/nginx:/etc/nginx/conf.d:ro
    ports:
      - 80:80
      - 443:443
    restart: always

Then you can add some configuration to the /home/docker/configs/nginx directory, for example you may add the following config:

webmail.conf file example

server {
  listen 80;
  server_name webmail.mydomain.com;
  return 301 https://$host$request_uri;
}

server {
  listen 443 ssl http2;
  server_name webmail.mydomain.com;
  ssl on;
  ssl_certificate /etc/letsencrypt/live/webmail.mydomain.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/webmail.mydomain.com/privkey.pem;

  # enable HSTS (HTTP Strict Transport Security) to avoid SSL stripping
  add_header Strict-Transport-Security "max-age=15768000; includeSubdomains" always;

  # Built-in Docker's DNS server
  resolver 127.0.0.11:53 ipv6=off valid=10s;
  set $upstream_endpoint http://webmail:8080;

  location / {
    client_max_body_size 100M;

    proxy_pass $upstream_endpoint;
    proxy_redirect off;
    proxy_buffering off;

    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
}

You can have your webmail service running in the backend network, of which the nginx will take care of and pass it to the frontend.