dperson / nginx Goto Github PK
View Code? Open in Web Editor NEWnginx docker instance
License: GNU Affero General Public License v3.0
nginx docker instance
License: GNU Affero General Public License v3.0
Trying to utilise your image via a docker compose file (in conjunction with your openvpn-client) however im trying to proxy multiple apps. i have tried every possible way to execute the "command: -w" command however just cant get it to work... and ideas?
command: "-w http://service1:80;/service1 -w http://service2:80;/service2"
Since nginx 1.9.0 (the open source one) support for TCP proxying has been added with the inclusion of the Stream Core module.
Would it be possible to add support for configuring TCP proxies? This would greatly help out with some of the "how to expose a non-HTTP service" issue people are having with dperson/openvpn-client ๐.
I've used your combination of the openvpn-client, transmission and nginx containers and I'm wondering if it would be possible to use the nginx container to not only proxy traffic to the transmision container but also to other docker containers that need ssl termination. Is this something that works now or would be possible to implement?
My nginx container is crashing. Attaching to the container reveals the following error codes:
nginx | /usr/bin/nginx.sh: eval: line 584: unexpected EOF while looking for matching `"'
nginx | /usr/bin/nginx.sh: eval: line 585: syntax error: unexpected end of file
nginx | 2019/07/08 14:18:09 [emerg] 1#1: cannot load certificate "/etc/nginx/ssl/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/ssl/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx | nginx: [emerg] cannot load certificate "/etc/nginx/ssl/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/ssl/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx exited with code 1
I'm loading the container using docker-compose, config file here
Right now you only have a debian:stretch build, it would be nice to have arm ones to go with the open vpn client.
I appear to be getting HTTP 400 Errors when issuing POST requests from a jackett UI when accessing through a reverse proxy whilst using openvpn for jackett. I've had a look around and seem to be hitting the issue described in a previous issue on the jackett repo:ย linuxserver/docker-jackett#63 (comment)
I don't understand the solution that was provided there. Can anyone help?
Hello. Thank you for this nginx docker. I recently experimented with PFS and found errant behavior in the current script nginx.sh
when PFS is enabled and the nginx service is restarted. It will fail with repeating fatal error
2020/09/13 23:01:14 [emerg] 6#6: "ssl_dhparam" directive is duplicate in /etc/nginx/conf.d/perfect_forward_secrecy.conf:6
nginx: [emerg] "ssl_dhparam" directive is duplicate in /etc/nginx/conf.d/perfect_forward_secrecy.conf:6
This is due to the persistent docker volume you create in the Dockerfile, therefore perfect_forward_secrecy.conf
persists between restarts, therefore when the nginx.sh
script runs on restart, line 142 appends another copy of ssl_dhparam
and other lines.
docker-compose.yml
with a service nginx
using dperson/nginx
image with various settings including PFS=1
docker-compose up -d
docker-compose restart nginx
docker container ls
and notice the constantly restarting container for nginxdocker logs xxxxxxx
with the containerID of the ever restarting nginx container to see the repeating errorLine 142 in aff6c52
A quick fix might be to change line 142 to be a single >
instead of the current >>
so that the file is created clean on each restart. Otherwise, a search/replace for a pre-existing ssl_dhparam
and other settings could be done with a tool like sed
.
I'm attempting to setup a reverse proxy for linuxserver.io's sonarr docker container. The docker container works fine, and I can successfully create both the nginx and Sonarr containers. The problem arises when I try and access the Sonarr container.
Specifically, instead of being presented the Sonarr web UI, I see the following:
Sonarr Ver.
If you inspect the page, you'll see valid HTML you'd expect from Sonarr. You can see several additional requests for CSS/JS, but these all fail with a 404. This appears to be caused by the fact that Sonarr expects these files to be served from http://example.com/Content
however, I have Sonarr being served from http://example.com/sonarr
behind nginx. This causes the requests to be routed to http://example.com/sonarr/Content
.
Is there anyway to rewrite the URLs such that requests to http://example.com/sonarr/Content/
are properly routed to the Sonarr container?
I've set up rutorrent/nginx/openvpn as per the instructions but when I go to the url for rutorrent it loads the page incorrectly as you can see in the image.
I'm really struggling to figure out what I need to do to get this working correctly.
If I start ruTorrent without passing through openvpn/nginx I can navigate successfully to the page.
I have a similar issue when using Deluge in the same way whereby the page seems to load and has the correct header, but the page shows blank.
Could be a similar issue? Please let me know what information you need from me in order to diagnose the issue.
As a side note, I'm using a few of your docker setups and the documentation and support you provide for them seems fantastic and I really appreciate any help you can give me.
I have been using this container for a while now. I recently reinstalled and, using the same command (via Ansible), I am unable to start the container. The command is as follows:
sudo docker run --name web -p 80:80 -p 443:443 --link vpn:transmission --link vpn:nzbget -d dperson/nginx -w "http://transmission:9091/transmission;/transmission" -w "http://nzbget:6789;/"
Like I said, this worked last week using this command. It seems when I grabbed the latest release it stopped working.
Is there a way for me to grab the logs to see what is happening?
Big fan of this image, I've been using it for some time!
In order to clean up my URLs, I was playing with the new proxy host parameter and I've run into some issues:
Maybe I'm misunderstanding the purpose, but if I am using it e.g. for transmission, I should be able to do something like -W "http://transmission:9091;transmission.lan"
, correct? I suspect the following issues:
"http://<server[:port]>/;/<location>/"
which I'm guessing is a copy & paste error. I'm happy to sort these out for you once I'm sure to have understood the purpose of the new proxy_host correctlyLet me know if I'm misunderstanding the purpose, I was just getting started with this.
Cheers
I am trying remove the Upgrade
header and replace the Connection
header with $http_connection
.
As per issue #25 it seems that these get overwritten by the default template in order to support WebSockets. If a specific web proxy has no interest in WS support then these should be able to be removed.
The syntax in the README for setting headers is a little unclear and there are no examples. Can you describe how this should work and whether it can overwrite the default behaviours? Are any of the following acceptable:
-w "http://container:1234;/destination;Connection \"$http_connection\";Upgrade \"no\"" -w "http://container:1234;/destination;Connection $http_connection;Upgrade no" -w "http://container:1234;/destination;Connection $http_connection;Upgrade \"no\"" -w "http://container:1234;/destination;Connection \"$http_connection\" Upgrade \"no\"" -w "http://container:1234;/destination;Connection $http_connection Upgrade \"no\""
I am not sure if I am doing something wrong, but I cannot seem to get this to work with Deluge
Here is how I setup the Deluge container (hooked into your great openvpn-client docker):
docker create --name deluge --net=container:vpn -e PUID=1000 -e PGID=1000 -e TZ=America/Toronto -v /docker/deluge/downloads:/downloads -v /docker/deluge/config:/config linuxserver/deluge
And the nginx link
sudo docker run -it --name web -p 80:80 -p 443:443 --link vpn:deluge -d dperson/nginx -w "http://deluge:8112/;/deluge"
Any help would be appriciated!
Thanks in advance.
Is there a way to proxy Deluge with this docker file? I must set a header with the following value:
proxy_set_header X-Deluge-Base "/deluge/";
Now I type in this line, and can't get Deluge to work:
-w "http://deluge:8112;/deluge"
Nginx gives me the following error:
No Such Resource
No such child resource.
I am trying to enable basic auth on a linked container where nginx is a web proxy. Here is command I used. The basic auth does not work and the page loads with no auth.
docker run -it --name web -p 80:80 -p 443:443 --restart=always \
--link vpn:transmission \
-d dperson/nginx \
-b "/transmission" \
-U "dperson;test" \
-w "http://transmission:9091/transmission;/transmission"
I ssh'd into the container and viewed the /etc/nginx/conf.d/default.conf
file but did not see the auth setting at all.
If I basic auth protect a non proxied/linked path it works just fine.
server {
listen 80 default_server;
# listen [::]:80 default_server ipv6only=on;
root /srv/www;
# Make site accessible from http://localhost/
server_name localhost;
#charset koi8-r;
#access_log /var/log/nginx/log/host.access.log main;
error_log stderr notice;
proxy_cache mmcache;
location / {
index index.html index.htm;
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
location /transmission {
proxy_pass http://transmission:9091/transmission;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
# Mitigate httpoxy attack (see README for details)
proxy_set_header Proxy "";
## Required for websockets
proxy_http_version 1.1;
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
proxy_read_timeout 600s;
## Optional: Do not log, get it at the destination
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
## Handle the GFC (Great Firewal of China) breaking DNS for BT to random IPs
location /announc {
access_log off;
error_log off;
default_type text/plain;
return 410 "d14:failure reason13:not a tracker8:retry in5:nevere";
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
If possible, it would be great to tag pushed images with a build number and keep a few of them around. Right now I only see "latest". If a breaking change is pushed out and we update, there's no easy way to rollback.
Hi, thanks for creating this docker image.
I ran the following line:
docker run -it --name web -p 81:80 -p 444:443 -p 51413:51413 -p 51413:51413/udp --link vpn:transmission -d dperson/nginx:aarch64 -w "http://transmission:9091/transmission;/transmission"
and it reports:
`
Generating a RSA private key
................................................................................................................+++++
.........................+++++
writing new private key to '/etc/nginx/ssl/privkey.pem'
2020/03/28 10:53:16 [emerg] 6#6: the size 52428800 of shared memory zone "SSL" conflicts with already declared size 2097152 in /etc/nginx/conf.d/sessions.conf:2
nginx: [emerg] the size 52428800 of shared memory zone "SSL" conflicts with already declared size 2097152 in /etc/nginx/conf.d/sessions.conf:2
`
I tried to run
docker run -it --name web -d dperson/nginx:aarch64
The error persists.
I have been using the reverse proxy successfully for some time. One of the applications that I'm running behind the proxy has updated and requires the following headers to work properly. What is the correct way to set these headers?
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
The following configuration was working until recently:
command: -w "http://example-container:8989/example-path/;/example-path/"
I wanted to use this image to add basic auth to rtorrent, so I tried to use something like
command: -w "http://rtorrent:8080/;/bt/" -q -b "/bt/" -U "user;pass"
but I'm not getting 304 errors, so I'm thinking nginx is skipping auth for this.
I was wondering if you knew of any specific issues around running jackett behind this proxy, I'm using your vpn repo as well and have configured jackett and sonarr to use the vpn as there main internet connection and both can reach outside websites however they cannot talk to eachother.
Do you know what IP or URL I should be giving sonarr to allow it to talk to jackett?
Internet --- VPN Docker --- Docker Containers sharing VPN connection (jackett & sonarr)
I tried installing dperson/nginx and suddenly got this error (I've used it several times before and it suddenly stopped working:
`Generating a RSA private key
................................+++++
...................................................................................................................................................................................+++++
writing new private key to '/etc/nginx/ssl/privkey.pem'
3069854608:error:0D0D90AD:asn1 encoding routines:ASN1_TIME_adj:error getting time:crypto/asn1/a_time.c:330:
2071/06/10 20:38:56 [emerg] 7#7: cannot load certificate "/etc/nginx/ssl/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/ssl/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] cannot load certificate "/etc/nginx/ssl/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/ssl/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
2071/06/27 15:25:20 [emerg] 8#8: cannot load certificate "/etc/nginx/ssl/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/ssl/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] cannot load certificate "/etc/nginx/ssl/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/ssl/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)`
Just stuck, feels like I'm doing everything right below but it's just failing to allow me to access transmission.... I'm running your openvpn-client and attempting to pass that traffic through the proxy from transmission.
docker run -it --cap-add=NET_ADMIN --device /dev/net/tun --name vpn-client -v /opt/openvpn-client:/vpn:ro --restart=always -d dperson/openvpn-client
This seems good.
Thu Oct 27 14:32:07 2016 Initialization Sequence Completed
Then I start transmission and assign the net to the vpn-client container
docker run -it --name transmission --net=container:vpn-client -d dperson/transmission
Then for the proxy. Seems so straight forward with..
docker run -it --name vpn-proxy -p 80:80 -p 443:443 --link vpn-client:transmission \
-d dperson/nginx -w "http://transmission:9091/transmission;/transmission"
transmission is up and when i nav to what I expect is the site I get this. so close..
Hi.
Thanks for an awesome container, I've been using it alongside your vpn-container and everything is working smoothly with the necessary redirects to other containers.
However, I also want Nginx to host an index.php site to get some information. Specifically I wanted to run https://www.ezservermonitor.com/esm-web/documentation, but I'm unable to set it up.
For reference this is the docker run command I'm currently using:
"
docker run -it --name web2 -p 80:80 -p 443:443 -e SSI=y
--link vpn:deluge --link vpn:sonarr --link vpn:radarr -d
-v /home/core/.docker/configs/nginx:/etc/nginx/
-v /home/core/.docker/configs/nginx/www:/srv/www:ro
dperson/nginx
"
Redirects and all else seems to be working - but I can't for the life of me setup PHP to work. I'm pretty sure it's cause there isn't a PHP-engine in the current nginx-container, but I'm also unable to apt-get it when I enter the container.
Do you have any suggestions how I might set this up?
Thanks in advance.
PS. I recognize this isn't directly related to your container, per se, but I noticed that you're very helpful in general and I'm hoping you might help me resolve this issue :)
Hello.
I have a setup where I run deluge through a container with nordvpn and access it through nginx using the following code:
sudo docker run -it --name web -p 80:80 -p 443:443 --link vpn:deluge
--link vpn:plex -d dperson/nginx
-w "http://deluge:8112/;/deluge;X-Deluge-Base "/deluge/"" \
I want to do the same with plex, but cannot access plex. I have tried with
-w "http://plex:32400/;/plex"
as well as
-w "http://plex:32400/web/;/plex"
but i cannot get it to work. Any suggestions?
After building the alpine image, I was having trouble getting a basic proxy running and would get this error
/usr/bin/nginx.sh: eval: line 584: unexpected EOF while looking for matching `"'
/usr/bin/nginx.sh: eval: line 585: syntax error: unexpected end of file
I managed to pinpoint the problem coming from the sed command while reading in the script options.
I was able to reproduce the problem sed command and fix it within the alpine image:
bash-5.0# echo "http://test:80/testing;/testing/" | sed 's/^\|$/"/g; s/;/" "/g'
"http://test:80/testing" "/testing/
bash-5.0# echo "http://test:80/testing;/testing/" | sed 's/^\|$/"/g; s/;/" "/g; s/$/"/g'
"http://test:80/testing" "/testing/"
I haven't fully tested this yet but it looks like the fix is to replace lines like:
w) eval proxy $(sed 's/^\|$/"/g; s/;/" "/g' <<< $OPTARG) ;;
to
w) eval proxy $(sed 's/^\|$/"/g; s/;/" "/g; s/$/"/g' <<< $OPTARG) ;;
Hi, thank you for maintaining this image.
I have the following problem when trying to configure reverse proxy to multiple containers with
command: -w "http://transmission:9091;/transmission" -w "http://couchpotato:5050;/couchpotato"
I can access the following URL normally
https://localhost:443/transmission
However, when I try to access https://localhost:443/couchpotato the following happen
docker-compose logs -f nginx-reverse-proxy
Attaching to nginx-reverse-proxy
nginx-reverse-proxy | Generating a 2048 bit RSA private key
nginx-reverse-proxy | ................+++
nginx-reverse-proxy | .............................................+++
nginx-reverse-proxy | unable to write 'random state'
nginx-reverse-proxy | writing new private key to '/etc/nginx/ssl/privkey.pem'
nginx-reverse-proxy | -----
nginx-reverse-proxy | 172.18.0.1 - ant [08/Mar/2018:19:52:59 +0000] "GET / HTTP/2.0" 200 384 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36" "-" 0.000 -
ginx-reverse-proxy | 172.18.0.1 - ant [08/Mar/2018:19:53:52 +0000] "GET / HTTP/2.0" 200 384 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36" "-" 0.000 -
I have verified http://couchpotato:5050 is responding from within the container.
Could you please advise or fix the issue?
My docker-compose.yml is as follows:
version: '3.4'
services:
openvpn-client:
image: dperson/openvpn-client
container_name: openvpn-client
cap_add:
- net_admin
environment:
TZ: 'GMT/UTC'
read_only: true
restart: unless-stopped
security_opt:
- label:disable
stdin_open: true
tty: true
networks:
- default
volumes:
- /dev/net:/dev/net:z
transmission:
image: dperson/transmission
depends_on:
- openvpn-client
container_name: transmission
network_mode: "service:openvpn-client"
environment:
TZ: 'GMT/UTC'
restart: unless-stopped
stdin_open: true
tty: true
couchpotato:
image: linuxserver/couchpotato
depends_on:
- openvpn-client
container_name: couchpotato
restart: unless-stopped
network_mode: "service:openvpn-client"
nginx-reverse-proxy:
image: dperson/nginx
container_name: nginx-reverse-proxy
depends_on:
- transmission
- couchpotato
environment:
TZ: 'UTC'
links:
- openvpn-client:transmission
- openvpn-client:couchpotato
networks:
- default
ports:
- "443:443"
read_only: true
tmpfs:
- /run
- /tmp
- /var/cache/nginx
restart: unless-stopped
stdin_open: true
tty: true
command: -w "http://transmission:9091;/transmission" -w "http://couchpotato:5050;/couchpotato"
networks:
default:
The resulting /etc/nginx/conf.d/default.conf is
# You may add here your
# server {
# ...
# }
# statements for each of your virtual hosts to this file
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
proxy_cache_path /var/cache/nginx/cache levels=1:2 keys_zone=mmcache:10m
loader_threshold=300 loader_files=200 max_size=50m;
# HTTPS server
#
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
root /srv/www;
ssl_certificate /etc/nginx/ssl/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/privkey.pem;
# Make site accessible from http://localhost/
server_name localhost;
#charset koi8-r;
#access_log /var/log/nginx/log/host.access.log main;
error_log stderr;
proxy_cache mmcache;
location / {
index index.html index.htm;
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
location /couchpotato {
proxy_pass http://couchpotato:5050;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
# Mitigate httpoxy attack (see README for details)
proxy_set_header Proxy "";
## Required for websockets
proxy_http_version 1.1;
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
proxy_read_timeout 600s;
## Optional: Do not log, get it at the destination
access_log off;
}
location /transmission {
proxy_pass http://transmission:9091;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
# Mitigate httpoxy attack (see README for details)
proxy_set_header Proxy "";
## Required for websockets
proxy_http_version 1.1;
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
proxy_read_timeout 600s;
## Optional: Do not log, get it at the destination
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
## Handle the GFC (Great Firewal of China) breaking DNS for BT to random IPs
location /announc {
access_log off;
error_log off;
default_type text/plain;
return 410 "d14:failure reason13:not a tracker8:retry in5:nevere";
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_split_path_info ^(.+\.php)(/.+)$;
# # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
#
# # With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php5-fpm:
# fastcgi_pass unix:/run/php5-fpm.sock;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
server {
listen 80;
listen [::]:80;
root /srv/www;
# Make site accessible from http://localhost/
server_name localhost;
#charset koi8-r;
#access_log /var/log/nginx/log/host.access.log main;
error_log stderr notice;
proxy_cache mmcache;
location / {
index index.html index.htm;
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
location /couchpotato {
proxy_pass http://couchpotato:5050;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
# Mitigate httpoxy attack (see README for details)
proxy_set_header Proxy "";
## Required for websockets
proxy_http_version 1.1;
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
proxy_read_timeout 600s;
## Optional: Do not log, get it at the destination
access_log off;
}
location /transmission {
proxy_pass http://transmission:9091;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
# Mitigate httpoxy attack (see README for details)
proxy_set_header Proxy "";
## Required for websockets
proxy_http_version 1.1;
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
proxy_read_timeout 600s;
## Optional: Do not log, get it at the destination
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
## Handle the GFC (Great Firewal of China) breaking DNS for BT to random IPs
location /announc {
access_log off;
error_log off;
default_type text/plain;
return 410 "d14:failure reason13:not a tracker8:retry in5:nevere";
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# root html;
# index index.html index.htm;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
Is there a possiblity to define multible users via environment variables? I found out that it's possible via command line args (-U "foo;bar" -U "baz;bla"
).
It would be pretty useful to assign it via HTTPUSER
because it's not good to define passwords in a docker-compose file for example.
My suggestion would be to define them in HTTPUSER
with a separator like ,
: HTTPUSER=foo;bar,baz;bla
Line 692 in 3d00052
There are missing some lines in /etc/nginx/nginx.conf
for stream to be working :
stream {
include /etc/nginx/conf.d/*.stream;
}
This will be the minimum required to enable streams, i don't know if anything else is required or not. But with this it does work.
Without these lines, all /etc/nginx/conf.d/*.stream
files are being ignored.
As a test you can write a random string in /etc/nginx/conf.d/default.stream
and run service nginx configtest
from inside the container, it will result in a config being OK. It means the file is being ignored.
I have been testing your openvpn-client on one of my odroids and would like to use your nginx container as well. Didn't see an armhf tagged build of nginx for your container at dockerhub, and was wondering if there's anything that could be done to make such a container. Thanks in advance for the consideration as well as for your other great work.
Hi dperson,
Firstly thanks for all the content you have provided on github in relation to docker, i have succesfully been able to create an openvpn docker using (dperson/openvpn-client) on my osmc rpi setup. However continuing on following your local network access for this setup you use this github (dperson/nginx) which unlike the above mentioned container does not work on my osmc rpi setup. (exec user process caused "exec format error" ~indicating to me wrong architecture - pls correct me if im wrong)
Are there any other ways to achieve local network access without using the dperson/nginx described method ?
Any help much appreciated.
(Linux version 4.19.55-6-osmc (root@vero3-db) (gcc version 6.3.0 20170516 (Debian 6.3.0-18+deb9u1)) #1 SMP PREEMPT Sun Nov 3 22:15:28 UTC 2019)
In nginx.sh
there is a line
chown -Rh nginx. /var/cache/nginx 2>&1 | grep -iv 'Read-only' || :
which throw an error (see docker logs nginx
) because user nginx.
does not exists.
According to /etc/nginx/nginx.conf
the user is www-data
Hi!
Could you please tag & version Docker images?
This commit broke our app because we relied on this files :)
Hi,
When I deploy the following YML it works if i go to 192.168.1.1:8008/hydra. However when I want to forward this ip and port with traefik (reversed proxy) to an external address/domain, its doesn't work. gets stuck in a loop. maybe because it exist in a bridge network mode, i dont know.
Any suggestions?
from: 192.168.1.1:8008/hydra
to: https://hydra.domain.com
the yml:
version: "3.4"
services:
nordvpn:
image: bubuntux/nordvpn
container_name: nordvpn
cap_add:
- NET_ADMIN # Required
- SYS_MODULE # Required for TECHNOLOGY=NordLynx
sysctls:
- net.ipv4.conf.all.rp_filter=2
devices:
- /dev/net/tun
environment:
- "[email protected]"
- "PASS=mypassword"
- CONNECT=Netherlands
- TECHNOLOGY=NordLynx
- TZ=Europe/Amsterdam
- DEBUG=On
hydra:
image: linuxserver/nzbhydra2
container_name: hydra
environment:
- PUID=1000
- PGID=100
- TZ=Europe/Amsterdam
volumes:
- /share/docker/compose/appdata/hydra2:/config
- /share/downloads:/downloads
restart: always
network_mode: service:nordvpn
depends_on:
- nordvpn
web:
image: dperson/nginx
links:
- nordvpn:jackett
- nordvpn:hydra
depends_on:
- jackett
- hydra
tmpfs:
- /run
- /tmp
- /var/cache/nginx
ports:
- 8008:80
- 4431:443
command: -w "http://hydra:5076/hydra;/hydra"
the logs look good, no errors or anything so I feel like something is missing in the YML file. related to networking/bridge at the nginx part.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.