From ff3916ab4188dbfb5db435cf225b609be3e3cd30 Mon Sep 17 00:00:00 2001 From: Anielkis Herrera Date: Thu, 27 Dec 2018 16:38:03 -0500 Subject: [PATCH] Creating index.html with a list of URLs to published containers --- Procfile | 1 + README.md | 78 ++++++++++++++++++++++++++++++++++++++++-------------- index.tmpl | 24 +++++++++++++++++ nginx.tmpl | 14 +++++++++- 4 files changed, 96 insertions(+), 21 deletions(-) create mode 100644 index.tmpl diff --git a/Procfile b/Procfile index 29fe166..dba9fac 100644 --- a/Procfile +++ b/Procfile @@ -1,2 +1,3 @@ dockergen: docker-gen -watch -notify "nginx -s reload" /app/nginx.tmpl /etc/nginx/conf.d/default.conf +dockergen2: docker-gen -watch /app/index.tmpl /usr/share/nginx/html/index.html nginx: nginx diff --git a/README.md b/README.md index a6504cd..8af7dca 100644 --- a/README.md +++ b/README.md @@ -48,15 +48,53 @@ services: - "80:80" volumes: - /var/run/docker.sock:/tmp/docker.sock:ro + networks: + - webproxy - whoami: - image: jwilder/whoami - environment: - - VIRTUAL_HOST=whoami.local +networks: + webproxy: ``` ```shell $ docker-compose up +``` + +Deploy a service +```yaml +version: '2' + +services: + whoami: + image: jwilder/whoami + environment: + - VIRTUAL_HOST=whoami.local + networks: + - nginx-proxy_webproxy + +networks: + nginx-proxy_webproxy: + external: true +``` + +```shell +$ docker-compose up +$ curl localhost + + + + + + + List + + + + + $ curl -H "Host: whoami.local" localhost I'm 5b129ab83266 ``` @@ -128,11 +166,11 @@ backend container. Your backend container should then listen on a port rather than a socket and expose that port. ### FastCGI Backends - + If you would like to connect to FastCGI backend, set `VIRTUAL_PROTO=fastcgi` on the backend container. Your backend container should then listen on a port rather than a socket and expose that port. - + ### FastCGI Filr Root Directory If you use fastcgi,you can set `VIRTUAL_ROOT=xxx` for your root directory @@ -181,7 +219,7 @@ Finally, start your containers with `VIRTUAL_HOST` environment variables. $ docker run -e VIRTUAL_HOST=foo.bar.com ... ### SSL Support using letsencrypt -[letsencrypt-nginx-proxy-companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion) is a lightweight companion container for the nginx-proxy. It allow the creation/renewal of Let's Encrypt certificates automatically. +[letsencrypt-nginx-proxy-companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion) is a lightweight companion container for the nginx-proxy. It allow the creation/renewal of Let's Encrypt certificates automatically. ### SSL Support @@ -214,7 +252,7 @@ at startup. Since it can take minutes to generate a new `dhparam.pem`, it is do background. Once generation is complete, the `dhparam.pem` is saved on a persistent volume and nginx is reloaded. This generation process only occurs the first time you start `nginx-proxy`. -> COMPATIBILITY WARNING: The default generated `dhparam.pem` key is 2048 bits for A+ security. Some +> COMPATIBILITY WARNING: The default generated `dhparam.pem` key is 2048 bits for A+ security. Some > older clients (like Java 6 and 7) do not support DH keys with over 1024 bits. In order to support these > clients, you must either provide your own `dhparam.pem`, or tell `nginx-proxy` to generate a 1024-bit > key on startup by passing `-e DHPARAM_BITS=1024`. @@ -282,19 +320,19 @@ a 500. To serve traffic in both SSL and non-SSL modes without redirecting to SSL, you can include the environment variable `HTTPS_METHOD=noredirect` (the default is `HTTPS_METHOD=redirect`). You can also -disable the non-SSL site entirely with `HTTPS_METHOD=nohttp`, or disable the HTTPS site with -`HTTPS_METHOD=nohttps`. `HTTPS_METHOD` must be specified on each container for which you want to -override the default behavior. If `HTTPS_METHOD=noredirect` is used, Strict Transport Security (HSTS) -is disabled to prevent HTTPS users from being redirected by the client. If you cannot get to the HTTP -site after changing this setting, your browser has probably cached the HSTS policy and is automatically -redirecting you back to HTTPS. You will need to clear your browser's HSTS cache or use an incognito +disable the non-SSL site entirely with `HTTPS_METHOD=nohttp`, or disable the HTTPS site with +`HTTPS_METHOD=nohttps`. `HTTPS_METHOD` must be specified on each container for which you want to +override the default behavior. If `HTTPS_METHOD=noredirect` is used, Strict Transport Security (HSTS) +is disabled to prevent HTTPS users from being redirected by the client. If you cannot get to the HTTP +site after changing this setting, your browser has probably cached the HSTS policy and is automatically +redirecting you back to HTTPS. You will need to clear your browser's HSTS cache or use an incognito window / different browser. -By default, [HTTP Strict Transport Security (HSTS)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security) -is enabled with `max-age=31536000` for HTTPS sites. You can disable HSTS with the environment variable +By default, [HTTP Strict Transport Security (HSTS)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security) +is enabled with `max-age=31536000` for HTTPS sites. You can disable HSTS with the environment variable `HSTS=off` or use a custom HSTS configuration like `HSTS=max-age=31536000; includeSubDomains; preload`. -*WARNING*: HSTS will force your users to visit the HTTPS version of your site for the `max-age` time - -even if they type in `http://` manually. The only way to get to an HTTP site after receiving an HSTS +*WARNING*: HSTS will force your users to visit the HTTPS version of your site for the `max-age` time - +even if they type in `http://` manually. The only way to get to an HTTP site after receiving an HSTS response is to clear your browser's HSTS cache. ### Basic Authentication Support @@ -410,7 +448,7 @@ Before submitting pull requests or issues, please check github to make sure an e To run tests, you need to prepare the docker image to test which must be tagged `jwilder/nginx-proxy:test`: docker build -t jwilder/nginx-proxy:test . # build the Debian variant image - + and call the [test/pytest.sh](test/pytest.sh) script. Then build the Alpine variant of the image: @@ -423,7 +461,7 @@ and call the [test/pytest.sh](test/pytest.sh) script again. If your system has the `make` command, you can automate those tasks by calling: make test - + You can learn more about how the test suite works and how to write new tests in the [test/README.md](test/README.md) file. diff --git a/index.tmpl b/index.tmpl new file mode 100644 index 0000000..d6ffc0e --- /dev/null +++ b/index.tmpl @@ -0,0 +1,24 @@ + + + + + + + + List + + + + + + + diff --git a/nginx.tmpl b/nginx.tmpl index d861050..d7b878e 100644 --- a/nginx.tmpl +++ b/nginx.tmpl @@ -19,7 +19,7 @@ server 127.0.0.1 down; {{ end }} {{ end }} - + {{ end }} # If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the @@ -115,6 +115,18 @@ server { } {{ end }} +server { + listen 80 default_server; + listen [::]:80 default_server; + server_name _; + root /usr/share/nginx/html; + index index.html; + + location / { + try_files $uri $uri/ =404; + } +} + {{ range $host, $containers := groupByMulti $ "Env.VIRTUAL_HOST" "," }} {{ $host := trim $host }}