Skip to content

Commit be71afa

Browse files
evertramosevertramos
committed
Fix nginx.tmpl file
1 parent f5584c8 commit be71afa

File tree

2 files changed

+12
-52
lines changed

2 files changed

+12
-52
lines changed

nginx.tmpl

Lines changed: 11 additions & 51 deletions
Original file line numberDiff line numberDiff line change
@@ -42,9 +42,7 @@ map $http_upgrade $proxy_connection {
4242
server_names_hash_bucket_size 128;
4343

4444
# Default dhparam
45-
{{ if (exists "/etc/nginx/dhparam/dhparam.pem") }}
4645
ssl_dhparam /etc/nginx/dhparam/dhparam.pem;
47-
{{ end }}
4846

4947
# Set appropriate X-Forwarded-Ssl header
5048
map $scheme $proxy_x_forwarded_ssl {
@@ -60,10 +58,6 @@ log_format vhost '$host $remote_addr - $remote_user [$time_local] '
6058

6159
access_log off;
6260

63-
{{ if $.Env.RESOLVERS }}
64-
resolver {{ $.Env.RESOLVERS }};
65-
{{ end }}
66-
6761
{{ if (exists "/etc/nginx/proxy.conf") }}
6862
include /etc/nginx/proxy.conf;
6963
{{ else }}
@@ -124,7 +118,7 @@ upstream {{ $upstream_name }} {
124118

125119
{{ range $knownNetwork := $CurrentContainer.Networks }}
126120
{{ range $containerNetwork := $container.Networks }}
127-
{{ if (and (ne $containerNetwork.Name "ingress") (or (eq $knownNetwork.Name $containerNetwork.Name) (eq $knownNetwork.Name "host"))) }}
121+
{{ if or (eq $knownNetwork.Name $containerNetwork.Name) (eq $knownNetwork.Name "host") }}
128122
## Can be connect with "{{ $containerNetwork.Name }}" network
129123

130124
{{/* If only 1 port exposed, use that */}}
@@ -149,19 +143,9 @@ upstream {{ $upstream_name }} {
149143
{{/* Get the VIRTUAL_PROTO defined by containers w/ the same vhost, falling back to "http" */}}
150144
{{ $proto := trim (or (first (groupByKeys $containers "Env.VIRTUAL_PROTO")) "http") }}
151145

152-
{{/* Get the NETWORK_ACCESS defined by containers w/ the same vhost, falling back to "external" */}}
153-
{{ $network_tag := or (first (groupByKeys $containers "Env.NETWORK_ACCESS")) "external" }}
154-
155-
{{/* Get the NETWORK_ACCESS defined by containers w/ the same vhost, falling back to "external" */}}
156-
{{ $network_tag := or (first (groupByKeys $containers "Env.NETWORK_ACCESS")) "external" }}
157-
158146
{{/* Get the HTTPS_METHOD defined by containers w/ the same vhost, falling back to "redirect" */}}
159147
{{ $https_method := or (first (groupByKeys $containers "Env.HTTPS_METHOD")) "redirect" }}
160148

161-
{{/* Get the VIRTUAL_ROOT By containers w/ use fastcgi root */}}
162-
{{ $vhost_root := or (first (groupByKeys $containers "Env.VIRTUAL_ROOT")) "/var/www/public" }}
163-
164-
165149
{{/* Get the first cert name defined by containers w/ the same vhost */}}
166150
{{ $certName := (first (groupByKeys $containers "Env.CERT_NAME")) }}
167151

@@ -199,11 +183,6 @@ server {
199183
{{ end }}
200184
access_log /var/log/nginx/access.log vhost;
201185

202-
{{ if eq $network_tag "internal" }}
203-
# Only allow traffic from internal clients
204-
include /etc/nginx/network_internal.conf;
205-
{{ end }}
206-
207186
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
208187
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS';
209188

@@ -219,12 +198,6 @@ server {
219198
ssl_dhparam {{ printf "/etc/nginx/certs/%s.dhparam.pem" $cert }};
220199
{{ end }}
221200

222-
{{ if (exists (printf "/etc/nginx/certs/%s.chain.crt" $cert)) }}
223-
ssl_stapling on;
224-
ssl_stapling_verify on;
225-
ssl_trusted_certificate {{ printf "/etc/nginx/certs/%s.chain.crt" $cert }};
226-
{{ end }}
227-
228201
{{ if (ne $https_method "noredirect") }}
229202
add_header Strict-Transport-Security "max-age=31536000";
230203
{{ end }}
@@ -239,10 +212,6 @@ server {
239212
{{ if eq $proto "uwsgi" }}
240213
include uwsgi_params;
241214
uwsgi_pass {{ trim $proto }}://{{ trim $upstream_name }};
242-
{{ else if eq $proto "fastcgi" }}
243-
root {{ trim $vhost_root }};
244-
include fastcgi.conf;
245-
fastcgi_pass {{ trim $upstream_name }};
246215
{{ else }}
247216
proxy_pass {{ trim $proto }}://{{ trim $upstream_name }};
248217
{{ end }}
@@ -251,11 +220,11 @@ server {
251220
auth_basic "Restricted {{ $host }}";
252221
auth_basic_user_file {{ (printf "/etc/nginx/htpasswd/%s" $host) }};
253222
{{ end }}
254-
{{ if (exists (printf "/etc/nginx/vhost.d/%s_location" $host)) }}
255-
include {{ printf "/etc/nginx/vhost.d/%s_location" $host}};
256-
{{ else if (exists "/etc/nginx/vhost.d/default_location") }}
257-
include /etc/nginx/vhost.d/default_location;
258-
{{ end }}
223+
{{ if (exists (printf "/etc/nginx/vhost.d/%s_location" $host)) }}
224+
include {{ printf "/etc/nginx/vhost.d/%s_location" $host}};
225+
{{ else if (exists "/etc/nginx/vhost.d/default_location") }}
226+
include /etc/nginx/vhost.d/default_location;
227+
{{ end }}
259228
}
260229
}
261230

@@ -271,11 +240,6 @@ server {
271240
{{ end }}
272241
access_log /var/log/nginx/access.log vhost;
273242

274-
{{ if eq $network_tag "internal" }}
275-
# Only allow traffic from internal clients
276-
include /etc/nginx/network_internal.conf;
277-
{{ end }}
278-
279243
{{ if (exists (printf "/etc/nginx/vhost.d/%s" $host)) }}
280244
include {{ printf "/etc/nginx/vhost.d/%s" $host }};
281245
{{ else if (exists "/etc/nginx/vhost.d/default") }}
@@ -286,22 +250,18 @@ server {
286250
{{ if eq $proto "uwsgi" }}
287251
include uwsgi_params;
288252
uwsgi_pass {{ trim $proto }}://{{ trim $upstream_name }};
289-
{{ else if eq $proto "fastcgi" }}
290-
root {{ trim $vhost_root }};
291-
include fastcgi.conf;
292-
fastcgi_pass {{ trim $upstream_name }};
293253
{{ else }}
294254
proxy_pass {{ trim $proto }}://{{ trim $upstream_name }};
295255
{{ end }}
296256
{{ if (exists (printf "/etc/nginx/htpasswd/%s" $host)) }}
297257
auth_basic "Restricted {{ $host }}";
298258
auth_basic_user_file {{ (printf "/etc/nginx/htpasswd/%s" $host) }};
299259
{{ end }}
300-
{{ if (exists (printf "/etc/nginx/vhost.d/%s_location" $host)) }}
301-
include {{ printf "/etc/nginx/vhost.d/%s_location" $host}};
302-
{{ else if (exists "/etc/nginx/vhost.d/default_location") }}
303-
include /etc/nginx/vhost.d/default_location;
304-
{{ end }}
260+
{{ if (exists (printf "/etc/nginx/vhost.d/%s_location" $host)) }}
261+
include {{ printf "/etc/nginx/vhost.d/%s_location" $host}};
262+
{{ else if (exists "/etc/nginx/vhost.d/default_location") }}
263+
include /etc/nginx/vhost.d/default_location;
264+
{{ end }}
305265
}
306266
}
307267

run.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ fi
1414
docker network create $NETWORK
1515

1616
# 3. Download the latest version of nginx.tmpl
17-
curl https://raw.githubusercontent.com/jwilder/nginx-proxy/master/nginx.tmpl > nginx.tmpl
17+
#curl https://raw.githubusercontent.com/jwilder/nginx-proxy/master/nginx.tmpl > nginx.tmpl
1818

1919
# 4. Start proxy
2020
docker-compose up -d

0 commit comments

Comments
 (0)