diff --git a/Dockerfile b/Dockerfile index 55f33ca..46d3ef8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,6 +24,7 @@ RUN wget https://github.com/jwilder/docker-gen/releases/download/0.3.0/docker-ge RUN tar xvzf docker-gen-linux-amd64-0.3.0.tar.gz EXPOSE 80 +EXPOSE 443 ENV DOCKER_HOST unix:///tmp/docker.sock CMD ["forego", "start", "-r"] diff --git a/README.md b/README.md index c4fbb13..cf7339c 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ See [Automated Nginx Reverse Proxy for Docker][2] for why you might want to use To run it: - $ docker run -d -p 80:80 -v /var/run/docker.sock:/tmp/docker.sock -t jwilder/nginx-proxy + $ docker run -d -p 80:80 -p 443:443 -v /var/run/docker.sock:/tmp/docker.sock -v /path/to/nginx/certificates:/etc/nginx/certificates -t jwilder/nginx-proxy Then start any containers you want proxied with an env var VIRTUAL_HOST=subdomain.youdomain.com diff --git a/nginx.tmpl b/nginx.tmpl index 2f1eac4..cc450f0 100644 --- a/nginx.tmpl +++ b/nginx.tmpl @@ -57,4 +57,34 @@ server { proxy_set_header Connection ""; } } + +server { + gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; + + listen 443; + server_name {{ $host }}; + proxy_buffering off; + error_log /proc/self/fd/2; + access_log /proc/self/fd/1; + + ssl on; + ssl_certificate /etc/nginx/certificates/server.crt; + ssl_certificate_key /etc/nginx/certificates/server.key; + ssl_session_timeout 5m; + ssl_protocols SSLv3 TLSv1; + ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; + ssl_prefer_server_ciphers on; + + location / { + proxy_pass http://{{ $host }}; + proxy_http_version 1.1; + + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; # help the backend application differenciate between HTTP/HTTPS + proxy_set_header HTTPS on; + } +} {{ end }}