Fabio/nginx-proxy-auto-docker
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: allow nginx / docker-gen network segregation

Browse source
This commit is contained in:
Knapoc 2023-07-24 11:36:17 +02:00
parent c430825733
commit 5ed66eaa2a
2 changed files with 30 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -295,6 +295,12 @@ Finally, start your containers with `VIRTUAL_HOST` environment variables.
docker run -e VIRTUAL_HOST=foo.bar.com ... docker run -e VIRTUAL_HOST=foo.bar.com ...
``` ```
To allow for network segregation of the nginx and docker-gen containers, the label `com.github.nginx-proxy.nginx-proxy.nginx` must be applied to the nginx container, otherwise it is assumed that nginx and docker-gen share the same network:
```console
docker run -d -p 80:80 --name nginx -l "com.github.nginx-proxy.nginx-proxy.nginx" -v /tmp/nginx:/etc/nginx/conf.d -t nginx
```
### SSL Support using an ACME CA ### SSL Support using an ACME CA
[acme-companion](https://github.com/nginx-proxy/acme-companion) is a lightweight companion container for the nginx-proxy. It allows the automated creation/renewal of SSL certificates using the ACME protocol. [acme-companion](https://github.com/nginx-proxy/acme-companion) is a lightweight companion container for the nginx-proxy. It allows the automated creation/renewal of SSL certificates using the ACME protocol.

22
nginx.tmpl
View file

@ -11,6 +11,7 @@
{{- $_ := set $globals "Env" $.Env }} {{- $_ := set $globals "Env" $.Env }}
{{- $_ := set $globals "Docker" $.Docker }} {{- $_ := set $globals "Docker" $.Docker }}
{{- $_ := set $globals "CurrentContainer" (where $globals.containers "ID" $globals.Docker.CurrentContainerID | first) }} {{- $_ := set $globals "CurrentContainer" (where $globals.containers "ID" $globals.Docker.CurrentContainerID | first) }}
{{- $_ := set $globals "NginxContainer" (whereLabelExists $globals.containers "com.github.nginx-proxy.nginx-proxy.nginx" | first) }}
{{- $_ := set $globals "default_cert_ok" (and (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }} {{- $_ := set $globals "default_cert_ok" (and (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }}
{{- $_ := set $globals "external_http_port" (coalesce $globals.Env.HTTP_PORT "80") }} {{- $_ := set $globals "external_http_port" (coalesce $globals.Env.HTTP_PORT "80") }}
{{- $_ := set $globals "external_https_port" (coalesce $globals.Env.HTTPS_PORT "443") }} {{- $_ := set $globals "external_https_port" (coalesce $globals.Env.HTTPS_PORT "443") }}
@ -22,14 +23,21 @@
{{- $_ := set $globals "ssl_policy" (or ($globals.Env.SSL_POLICY) "Mozilla-Intermediate") }} {{- $_ := set $globals "ssl_policy" (or ($globals.Env.SSL_POLICY) "Mozilla-Intermediate") }}
{{- $_ := set $globals "vhosts" (dict) }} {{- $_ := set $globals "vhosts" (dict) }}
{{- $_ := set $globals "networks" (dict) }} {{- $_ := set $globals "networks" (dict) }}
# Networks available to the container running docker-gen (which are assumed to # Networks available to the container labeled "com.github.nginx-proxy.nginx-proxy.nginx" or the one running docker-gen (which are assumed to
# match the networks available to the container running nginx): # match the networks available to the container running nginx):
{{- /* {{- /*
* Note: $globals.CurrentContainer may be nil in some circumstances due to * Note: $globals.CurrentContainer may be nil in some circumstances due to
* <https://github.com/nginx-proxy/docker-gen/issues/458>. For more context * <https://github.com/nginx-proxy/docker-gen/issues/458>. For more context
* see <https://github.com/nginx-proxy/nginx-proxy/issues/2189>. * see <https://github.com/nginx-proxy/nginx-proxy/issues/2189>.
*/}} */}}
{{- if $globals.CurrentContainer }} {{- if $globals.NginxContainer }}
{{- range sortObjectsByKeysAsc $globals.NginxContainer.Networks "Name" }}
{{- $_ := set $globals.networks .Name . }}
# {{ .Name }}
{{- else }}
# (none)
{{- end }}
{{- else if $globals.CurrentContainer }}
{{- range sortObjectsByKeysAsc $globals.CurrentContainer.Networks "Name" }} {{- range sortObjectsByKeysAsc $globals.CurrentContainer.Networks "Name" }}
{{- $_ := set $globals.networks .Name . }} {{- $_ := set $globals.networks .Name . }}
# {{ .Name }} # {{ .Name }}
@ -74,6 +82,15 @@
{{- $ip = "127.0.0.1" }} {{- $ip = "127.0.0.1" }}
{{- continue }} {{- continue }}
{{- end }} {{- end }}
{{- if $.globals.NginxContainer }}
{{- range sortObjectsByKeysAsc $.globals.NginxContainer.Networks "Name" }}
{{- if and . .Gateway }}
# container is in host network mode, using {{ .Name }} gateway IP
{{- $ip = .Gateway }}
{{- break }}
{{- end }}
{{- end }}
{{- else }}
{{- range sortObjectsByKeysAsc $.globals.CurrentContainer.Networks "Name" }} {{- range sortObjectsByKeysAsc $.globals.CurrentContainer.Networks "Name" }}
{{- if and . .Gateway }} {{- if and . .Gateway }}
# container is in host network mode, using {{ .Name }} gateway IP # container is in host network mode, using {{ .Name }} gateway IP
@ -81,6 +98,7 @@
{{- break }} {{- break }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }}
{{- if $ip }} {{- if $ip }}
{{- continue }} {{- continue }}
{{- end }} {{- end }}