Merge d3787de3ef into 95d4f67a59

Dockerfile

@@ -10,6 +10,12 @@ RUN apt-get update
 RUN apt-get install -y nginx
 RUN echo "daemon off;" >> /etc/nginx/nginx.conf
 
+RUN mkdir /etc/nginx/ssl
+WORKDIR /etc/nginx/ssl
+RUN openssl genrsa  -out server.key 2048
+RUN openssl req -new -batch -key server.key -out server.csr
+RUN openssl x509 -req -days 10000 -in server.csr -signkey server.key -out server.crt
+
 RUN mkdir /app
 WORKDIR /app
 ADD . /app

README.md

@@ -1,4 +1,4 @@
-nginx-proxy sets up a container running nginx and [docker-gen][1].  docker-gen generate reverse proxy configs for nginx and reloads nginx when containers they are started and stopped.
+nginx-proxy sets up a container running nginx and [docker-gen][1].  docker-gen generates reverse proxy configs for nginx and reloads nginx when containers are started and stopped.
 
 See [Automated Nginx Reverse Proxy for Docker][2] for why you might want to use this.
 
@@ -6,7 +6,7 @@ See [Automated Nginx Reverse Proxy for Docker][2] for why you might want to use
 
 To run it:
 
-    $ docker run -d -p 80:80 -v /var/run/docker.sock:/tmp/docker.sock -t jwilder/nginx-proxy
+    $ docker run -d -p 80:80 -p 443:443 -v /var/run/docker.sock:/tmp/docker.sock -t jwilder/nginx-proxy
 
 Then start any containers you want proxied with an env var VIRTUAL_HOST=subdomain.youdomain.com
 
@@ -18,5 +18,15 @@ Provided your DNS is setup to forward foo.bar.com to the a host running nginx-pr
 
 If your container exposes multiple ports, nginx-proxy will default to the service running on port 80.  If you need to specify a different port, you can set a VIRTUAL_PORT env var to select a different one.  If your container only exposes one port and it has a VIRTUAL_HOST env var set, that port will be selected.
 
+### SSL Support
+
+You can enable SSL by setting VIRTUAL_SSL_HOST on your container:
+
+    $ docker run -e VIRTUAL_HOST=foo.bar.com -e VIRTUAL_SSL_HOST=foo.bar.com -t ...
+
+VIRTUAL_SSL_PORT can also be set on your container to override the default port, 443.
+
+Self signed certs are generated on docker build, please replace them with your own for production use.
+
   [1]: https://github.com/jwilder/docker-gen
   [2]: http://jasonwilder.com/blog/2014/03/25/automated-nginx-reverse-proxy-for-docker/

nginx.tmpl

@@ -33,7 +33,7 @@ upstream {{ $host }} {
 		   server {{ $address.IP }}:{{ $address.Port }};
 		   {{ end }}
 		{{ end }}
-    {{ end }}
+        {{ end }}
 {{ end }}
 }
 
@@ -53,3 +53,46 @@ server {
 	}
 }
 {{ end }}
+
+{{ range $host, $containers := groupBy $ "Env.VIRTUAL_SSL_HOST" }}
+upstream ssl-{{ $host }} {
+
+{{ range $index, $value := $containers }}
+        {{ if $value.Env.VIRTUAL_SSL_PORT }}
+                {{ range $i, $address := $value.Addresses }}
+                   {{ if eq $address.Port $value.Env.VIRTUAL_SSL_PORT }}
+                   # {{$value.Name}}
+                   server {{ $address.IP }}:{{ $address.Port }};
+                   {{end}}
+                {{end}}
+        {{ else }}
+                {{ range $i, $address := $value.Addresses }}
+                   {{ if eq $address.Port "443" }}
+                   # {{$value.Name}}
+                   server {{ $address.IP }}:{{ $address.Port }};
+                   {{ end }}
+                {{ end }}
+        {{ end }}
+{{ end }}
+}
+
+server {
+        listen 443 ssl;
+
+        server_name {{ $host }};
+        proxy_buffering off;
+
+        location / {
+            proxy_pass https://ssl-{{ $host }};
+            include /etc/nginx/proxy_params;
+        }
+}
+{{ end }}
+
+{{/* Should consider retrieving proper certs from a remote server, keyed by $VIRTUAL_SSL_HOST */}}
+ssl_certificate /etc/nginx/ssl/server.crt;
+ssl_certificate_key /etc/nginx/ssl/server.key;
+ssl_session_timeout  5m;
+ssl_protocols        SSLv3 TLSv1;
+ssl_ciphers          ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+EXP;
+ssl_prefer_server_ciphers   on;