dperson / nginx Goto Github PK

Trying to utilise your image via a docker compose file (in conjunction with your openvpn-client) however im trying to proxy multiple apps. i have tried every possible way to execute the "command: -w" command however just cant get it to work... and ideas?

command: "-w http://service1:80;/service1 -w http://service2:80;/service2"

Since nginx 1.9.0 (the open source one) support for TCP proxying has been added with the inclusion of the Stream Core module.

Would it be possible to add support for configuring TCP proxies? This would greatly help out with some of the "how to expose a non-HTTP service" issue people are having with dperson/openvpn-client 😄.

I've used your combination of the openvpn-client, transmission and nginx containers and I'm wondering if it would be possible to use the nginx container to not only proxy traffic to the transmision container but also to other docker containers that need ssl termination. Is this something that works now or would be possible to implement?

My nginx container is crashing. Attaching to the container reveals the following error codes:

nginx | /usr/bin/nginx.sh: eval: line 584: unexpected EOF while looking for matching `"'
nginx | /usr/bin/nginx.sh: eval: line 585: syntax error: unexpected end of file
nginx | 2019/07/08 14:18:09 [emerg] 1#1: cannot load certificate "/etc/nginx/ssl/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/ssl/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx | nginx: [emerg] cannot load certificate "/etc/nginx/ssl/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/ssl/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx exited with code 1

I'm loading the container using docker-compose, config file here

Right now you only have a debian:stretch build, it would be nice to have arm ones to go with the open vpn client.

I appear to be getting HTTP 400 Errors when issuing POST requests from a jackett UI when accessing through a reverse proxy whilst using openvpn for jackett. I've had a look around and seem to be hitting the issue described in a previous issue on the jackett repo: linuxserver/docker-jackett#63 (comment)

I don't understand the solution that was provided there. Can anyone help?

Hello. Thank you for this nginx docker. I recently experimented with PFS and found errant behavior in the current script nginx.sh when PFS is enabled and the nginx service is restarted. It will fail with repeating fatal error

2020/09/13 23:01:14 [emerg] 6#6: "ssl_dhparam" directive is duplicate in /etc/nginx/conf.d/perfect_forward_secrecy.conf:6
nginx: [emerg] "ssl_dhparam" directive is duplicate in /etc/nginx/conf.d/perfect_forward_secrecy.conf:6

This is due to the persistent docker volume you create in the Dockerfile, therefore perfect_forward_secrecy.conf persists between restarts, therefore when the nginx.sh script runs on restart, line 142 appends another copy of ssl_dhparam and other lines.

Repro

1. Create a docker-compose.yml with a service nginx using dperson/nginx image with various settings including PFS=1
2. docker-compose up -d
3. docker-compose restart nginx
4. docker container ls and notice the constantly restarting container for nginx
5. docker logs xxxxxxx with the containerID of the ever restarting nginx container to see the repeating error

Fix

A quick fix might be to change line 142 to be a single > instead of the current >> so that the file is created clean on each restart. Otherwise, a search/replace for a pre-existing ssl_dhparam and other settings could be done with a tool like sed.

I'm attempting to setup a reverse proxy for linuxserver.io's sonarr docker container. The docker container works fine, and I can successfully create both the nginx and Sonarr containers. The problem arises when I try and access the Sonarr container.

Specifically, instead of being presented the Sonarr web UI, I see the following:

Sonarr Ver.

If you inspect the page, you'll see valid HTML you'd expect from Sonarr. You can see several additional requests for CSS/JS, but these all fail with a 404. This appears to be caused by the fact that Sonarr expects these files to be served from http://example.com/Content however, I have Sonarr being served from http://example.com/sonarr behind nginx. This causes the requests to be routed to http://example.com/sonarr/Content.

Is there anyway to rewrite the URLs such that requests to http://example.com/sonarr/Content/ are properly routed to the Sonarr container?

I've set up rutorrent/nginx/openvpn as per the instructions but when I go to the url for rutorrent it loads the page incorrectly as you can see in the image.

I'm really struggling to figure out what I need to do to get this working correctly.

If I start ruTorrent without passing through openvpn/nginx I can navigate successfully to the page.

I have a similar issue when using Deluge in the same way whereby the page seems to load and has the correct header, but the page shows blank.

Could be a similar issue? Please let me know what information you need from me in order to diagnose the issue.

As a side note, I'm using a few of your docker setups and the documentation and support you provide for them seems fantastic and I really appreciate any help you can give me.

I have been using this container for a while now. I recently reinstalled and, using the same command (via Ansible), I am unable to start the container. The command is as follows:

sudo docker run --name web -p 80:80 -p 443:443 --link vpn:transmission --link vpn:nzbget -d dperson/nginx -w "http://transmission:9091/transmission;/transmission" -w "http://nzbget:6789;/"

Like I said, this worked last week using this command. It seems when I grabbed the latest release it stopped working.

Is there a way for me to grab the logs to see what is happening?

Big fan of this image, I've been using it for some time!

In order to clean up my URLs, I was playing with the new proxy host parameter and I've run into some issues:

Maybe I'm misunderstanding the purpose, but if I am using it e.g. for transmission, I should be able to do something like -W "http://transmission:9091;transmission.lan", correct? I suspect the following issues:

1. The -W parameter seems to create a 443 server only, shouldn't it listen to 80 as well?
2. The corresponding server section seems to lack a server_name, thus the default server section is used and the newly created section never gets called
3. I don't know if this is on purpose, but the locations added by -w get added to the new server block created by -W as well if calling in the order -W -w -w, which seems odd
4. There seem to be some errors in the readme corresponding to this new command, e.g. it still says "http://<server[:port]>/;/<location>/" which I'm guessing is a copy & paste error. I'm happy to sort these out for you once I'm sure to have understood the purpose of the new proxy_host correctly

Let me know if I'm misunderstanding the purpose, I was just getting started with this.

Cheers

I am trying remove the Upgrade header and replace the Connection header with $http_connection.

As per issue #25 it seems that these get overwritten by the default template in order to support WebSockets. If a specific web proxy has no interest in WS support then these should be able to be removed.

The syntax in the README for setting headers is a little unclear and there are no examples. Can you describe how this should work and whether it can overwrite the default behaviours? Are any of the following acceptable:

-w "http://container:1234;/destination;Connection \"$http_connection\";Upgrade \"no\"" -w "http://container:1234;/destination;Connection $http_connection;Upgrade no" -w "http://container:1234;/destination;Connection $http_connection;Upgrade \"no\"" -w "http://container:1234;/destination;Connection \"$http_connection\" Upgrade \"no\"" -w "http://container:1234;/destination;Connection $http_connection Upgrade \"no\""

I am not sure if I am doing something wrong, but I cannot seem to get this to work with Deluge

Here is how I setup the Deluge container (hooked into your great openvpn-client docker):
docker create --name deluge --net=container:vpn -e PUID=1000 -e PGID=1000 -e TZ=America/Toronto -v /docker/deluge/downloads:/downloads -v /docker/deluge/config:/config linuxserver/deluge

And the nginx link

sudo docker run -it --name web -p 80:80 -p 443:443 --link vpn:deluge -d dperson/nginx -w "http://deluge:8112/;/deluge"

Any help would be appriciated!

Thanks in advance.

Is there a way to proxy Deluge with this docker file? I must set a header with the following value:
proxy_set_header X-Deluge-Base "/deluge/";

Now I type in this line, and can't get Deluge to work:
-w "http://deluge:8112;/deluge"

Nginx gives me the following error:
No Such Resource

No such child resource.

I am trying to enable basic auth on a linked container where nginx is a web proxy. Here is command I used. The basic auth does not work and the page loads with no auth.

docker run -it --name web -p 80:80 -p 443:443 --restart=always \
--link vpn:transmission \
-d dperson/nginx \
-b "/transmission" \
-U "dperson;test" \
-w "http://transmission:9091/transmission;/transmission"

I ssh'd into the container and viewed the /etc/nginx/conf.d/default.conf file but did not see the auth setting at all.
If I basic auth protect a non proxied/linked path it works just fine.

server {
    listen 80 default_server;
    # listen [::]:80 default_server ipv6only=on;
    root   /srv/www;

    # Make site accessible from http://localhost/
    server_name localhost;

    #charset koi8-r;
    #access_log  /var/log/nginx/log/host.access.log  main;
    error_log stderr notice;
    proxy_cache mmcache;

    location / {
        index  index.html index.htm;

        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
    }

    location /transmission {
        proxy_pass       http://transmission:9091/transmission;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        # Mitigate httpoxy attack (see README for details)
        proxy_set_header Proxy "";



        ## Required for websockets
        proxy_http_version 1.1;
        proxy_set_header Connection "upgrade";
        proxy_set_header Upgrade $http_upgrade;
        proxy_read_timeout 600s;

        ## Optional: Do not log, get it at the destination
        access_log off;
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    ## Handle the GFC (Great Firewal of China) breaking DNS for BT to random IPs
    location /announc {
        access_log off;
        error_log off;
        default_type text/plain;
        return 410 "d14:failure reason13:not a tracker8:retry in5:nevere";
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

If possible, it would be great to tag pushed images with a build number and keep a few of them around. Right now I only see "latest". If a breaking change is pushed out and we update, there's no easy way to rollback.

https://hub.docker.com/r/dperson/nginx/tags/

Hi, thanks for creating this docker image.

I ran the following line:
docker run -it --name web -p 81:80 -p 444:443 -p 51413:51413 -p 51413:51413/udp --link vpn:transmission -d dperson/nginx:aarch64 -w "http://transmission:9091/transmission;/transmission"

and it reports:

`
Generating a RSA private key

................................................................................................................+++++

.........................+++++

writing new private key to '/etc/nginx/ssl/privkey.pem'

2020/03/28 10:53:16 [emerg] 6#6: the size 52428800 of shared memory zone "SSL" conflicts with already declared size 2097152 in /etc/nginx/conf.d/sessions.conf:2

nginx: [emerg] the size 52428800 of shared memory zone "SSL" conflicts with already declared size 2097152 in /etc/nginx/conf.d/sessions.conf:2

`

I tried to run

docker run -it --name web -d dperson/nginx:aarch64

The error persists.

I have been using the reverse proxy successfully for some time. One of the applications that I'm running behind the proxy has updated and requires the following headers to work properly. What is the correct way to set these headers?

proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;

The following configuration was working until recently:
command: -w "http://example-container:8989/example-path/;/example-path/"

I wanted to use this image to add basic auth to rtorrent, so I tried to use something like

    command: -w "http://rtorrent:8080/;/bt/" -q -b "/bt/" -U "user;pass"

but I'm not getting 304 errors, so I'm thinking nginx is skipping auth for this.

I was wondering if you knew of any specific issues around running jackett behind this proxy, I'm using your vpn repo as well and have configured jackett and sonarr to use the vpn as there main internet connection and both can reach outside websites however they cannot talk to eachother.
Do you know what IP or URL I should be giving sonarr to allow it to talk to jackett?

Internet --- VPN Docker --- Docker Containers sharing VPN connection (jackett & sonarr)

I tried installing dperson/nginx and suddenly got this error (I've used it several times before and it suddenly stopped working:

`Generating a RSA private key

................................+++++

...................................................................................................................................................................................+++++

writing new private key to '/etc/nginx/ssl/privkey.pem'

3069854608:error:0D0D90AD:asn1 encoding routines:ASN1_TIME_adj:error getting time:crypto/asn1/a_time.c:330:

2071/06/10 20:38:56 [emerg] 7#7: cannot load certificate "/etc/nginx/ssl/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/ssl/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)

nginx: [emerg] cannot load certificate "/etc/nginx/ssl/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/ssl/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)

2071/06/27 15:25:20 [emerg] 8#8: cannot load certificate "/etc/nginx/ssl/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/ssl/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)

nginx: [emerg] cannot load certificate "/etc/nginx/ssl/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/ssl/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)`

Just stuck, feels like I'm doing everything right below but it's just failing to allow me to access transmission.... I'm running your openvpn-client and attempting to pass that traffic through the proxy from transmission.

docker run -it --cap-add=NET_ADMIN --device /dev/net/tun --name vpn-client -v /opt/openvpn-client:/vpn:ro --restart=always -d dperson/openvpn-client

This seems good.

Thu Oct 27 14:32:07 2016 Initialization Sequence Completed

Then I start transmission and assign the net to the vpn-client container

docker run -it --name transmission --net=container:vpn-client -d dperson/transmission

Then for the proxy. Seems so straight forward with..

docker run -it --name vpn-proxy -p 80:80 -p 443:443 --link vpn-client:transmission \
            -d dperson/nginx -w "http://transmission:9091/transmission;/transmission"

transmission is up and when i nav to what I expect is the site I get this. so close..

http://imgur.com/a/Iy4gM

Hi.

Thanks for an awesome container, I've been using it alongside your vpn-container and everything is working smoothly with the necessary redirects to other containers.

However, I also want Nginx to host an index.php site to get some information. Specifically I wanted to run https://www.ezservermonitor.com/esm-web/documentation, but I'm unable to set it up.

For reference this is the docker run command I'm currently using:
"
docker run -it --name web2 -p 80:80 -p 443:443 -e SSI=y
--link vpn:deluge --link vpn:sonarr --link vpn:radarr -d
-v /home/core/.docker/configs/nginx:/etc/nginx/
-v /home/core/.docker/configs/nginx/www:/srv/www:ro
dperson/nginx
"

Redirects and all else seems to be working - but I can't for the life of me setup PHP to work. I'm pretty sure it's cause there isn't a PHP-engine in the current nginx-container, but I'm also unable to apt-get it when I enter the container.

Do you have any suggestions how I might set this up?

Thanks in advance.

PS. I recognize this isn't directly related to your container, per se, but I noticed that you're very helpful in general and I'm hoping you might help me resolve this issue :)

Hello.

I have a setup where I run deluge through a container with nordvpn and access it through nginx using the following code:
sudo docker run -it --name web -p 80:80 -p 443:443 --link vpn:deluge
--link vpn:plex -d dperson/nginx
-w "http://deluge:8112/;/deluge;X-Deluge-Base "/deluge/"" \

I want to do the same with plex, but cannot access plex. I have tried with
-w "http://plex:32400/;/plex"

as well as
-w "http://plex:32400/web/;/plex"

but i cannot get it to work. Any suggestions?

After building the alpine image, I was having trouble getting a basic proxy running and would get this error

/usr/bin/nginx.sh: eval: line 584: unexpected EOF while looking for matching `"'
/usr/bin/nginx.sh: eval: line 585: syntax error: unexpected end of file

I managed to pinpoint the problem coming from the sed command while reading in the script options.
I was able to reproduce the problem sed command and fix it within the alpine image:

bash-5.0# echo "http://test:80/testing;/testing/" | sed 's/^\|$/"/g; s/;/" "/g'
"http://test:80/testing" "/testing/
bash-5.0# echo "http://test:80/testing;/testing/" | sed 's/^\|$/"/g; s/;/" "/g; s/$/"/g'
"http://test:80/testing" "/testing/"

I haven't fully tested this yet but it looks like the fix is to replace lines like:
w) eval proxy $(sed 's/^\|$/"/g; s/;/" "/g' <<< $OPTARG) ;;
to
w) eval proxy $(sed 's/^\|$/"/g; s/;/" "/g; s/$/"/g' <<< $OPTARG) ;;

Hi, thank you for maintaining this image.

I have the following problem when trying to configure reverse proxy to multiple containers with

command: -w "http://transmission:9091;/transmission" -w "http://couchpotato:5050;/couchpotato"

I can access the following URL normally

https://localhost:443/transmission

However, when I try to access https://localhost:443/couchpotato the following happen

• The 'Welcome to nginx!' page appears
• The URL is rewritten to https://localhost:443/#couchpotato
• I get the following logs

docker-compose logs -f nginx-reverse-proxy
Attaching to nginx-reverse-proxy
nginx-reverse-proxy    | Generating a 2048 bit RSA private key
nginx-reverse-proxy    | ................+++
nginx-reverse-proxy    | .............................................+++
nginx-reverse-proxy    | unable to write 'random state'
nginx-reverse-proxy    | writing new private key to '/etc/nginx/ssl/privkey.pem'
nginx-reverse-proxy    | -----
nginx-reverse-proxy    | 172.18.0.1 - ant [08/Mar/2018:19:52:59 +0000] "GET / HTTP/2.0" 200 384 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36" "-" 0.000 -
ginx-reverse-proxy    | 172.18.0.1 - ant [08/Mar/2018:19:53:52 +0000] "GET / HTTP/2.0" 200 384 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36" "-" 0.000 -

I have verified http://couchpotato:5050 is responding from within the container.

Could you please advise or fix the issue?

My docker-compose.yml is as follows:

version: '3.4'

services:
  openvpn-client:
    image: dperson/openvpn-client
    container_name: openvpn-client
    cap_add:
      - net_admin
    environment:
      TZ: 'GMT/UTC'
    read_only: true
    restart: unless-stopped
    security_opt:
      - label:disable
    stdin_open: true
    tty: true
    networks:
      - default
    volumes:
      - /dev/net:/dev/net:z

  transmission:
    image: dperson/transmission
    depends_on:
      - openvpn-client
    container_name: transmission
    network_mode: "service:openvpn-client"
    environment:
      TZ: 'GMT/UTC'
    restart: unless-stopped
    stdin_open: true
    tty: true

  couchpotato:
    image: linuxserver/couchpotato
    depends_on:
      - openvpn-client
    container_name: couchpotato
    restart: unless-stopped
    network_mode: "service:openvpn-client"

  nginx-reverse-proxy:
    image: dperson/nginx
    container_name: nginx-reverse-proxy
    depends_on:
      - transmission
      - couchpotato
    environment:
      TZ: 'UTC'
    links:
      - openvpn-client:transmission
      - openvpn-client:couchpotato
    networks:
      - default
    ports:
      - "443:443"
    read_only: true
    tmpfs:
      - /run
      - /tmp
      - /var/cache/nginx
    restart: unless-stopped
    stdin_open: true
    tty: true
    command: -w "http://transmission:9091;/transmission" -w "http://couchpotato:5050;/couchpotato"

networks:
  default:

The resulting /etc/nginx/conf.d/default.conf is

# You may add here your
# server {
#    ...
# }
# statements for each of your virtual hosts to this file

##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

proxy_cache_path /var/cache/nginx/cache levels=1:2 keys_zone=mmcache:10m
            loader_threshold=300 loader_files=200 max_size=50m;


# HTTPS server
#
server {
    listen      443 ssl http2 default_server;
    listen      [::]:443 ssl http2 default_server;
    root        /srv/www;

    ssl_certificate      /etc/nginx/ssl/fullchain.pem;
    ssl_certificate_key  /etc/nginx/ssl/privkey.pem;

    # Make site accessible from http://localhost/
    server_name localhost;

    #charset koi8-r;
    #access_log  /var/log/nginx/log/host.access.log  main;
    error_log stderr;
    proxy_cache mmcache;

    location / {
        index  index.html index.htm;

        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
    }

    location /couchpotato {
        proxy_pass       http://couchpotato:5050;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        # Mitigate httpoxy attack (see README for details)
        proxy_set_header Proxy "";



        ## Required for websockets
        proxy_http_version 1.1;
        proxy_set_header Connection "upgrade";
        proxy_set_header Upgrade $http_upgrade;
        proxy_read_timeout 600s;

        ## Optional: Do not log, get it at the destination
        access_log off;
    }

    location /transmission {
        proxy_pass       http://transmission:9091;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        # Mitigate httpoxy attack (see README for details)
        proxy_set_header Proxy "";



        ## Required for websockets
        proxy_http_version 1.1;
        proxy_set_header Connection "upgrade";
        proxy_set_header Upgrade $http_upgrade;
        proxy_read_timeout 600s;

        ## Optional: Do not log, get it at the destination
        access_log off;
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    ## Handle the GFC (Great Firewal of China) breaking DNS for BT to random IPs
    location /announc {
        access_log off;
        error_log off;
        default_type text/plain;
        return 410 "d14:failure reason13:not a tracker8:retry in5:nevere";
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #    root html;
    #    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    #    # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
    #
    #    # With php5-cgi alone:
    #    fastcgi_pass 127.0.0.1:9000;
    #    # With php5-fpm:
    #    fastcgi_pass unix:/run/php5-fpm.sock;
    #    fastcgi_index index.php;
    #    fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
    #    include fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny all;
    #}

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}


server {
    listen 80;
    listen [::]:80;
    root   /srv/www;

    # Make site accessible from http://localhost/
    server_name localhost;

    #charset koi8-r;
    #access_log  /var/log/nginx/log/host.access.log  main;
    error_log stderr notice;
    proxy_cache mmcache;

    location / {
        index  index.html index.htm;

        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
    }

    location /couchpotato {
        proxy_pass       http://couchpotato:5050;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        # Mitigate httpoxy attack (see README for details)
        proxy_set_header Proxy "";



        ## Required for websockets
        proxy_http_version 1.1;
        proxy_set_header Connection "upgrade";
        proxy_set_header Upgrade $http_upgrade;
        proxy_read_timeout 600s;

        ## Optional: Do not log, get it at the destination
        access_log off;
    }

    location /transmission {
        proxy_pass       http://transmission:9091;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        # Mitigate httpoxy attack (see README for details)
        proxy_set_header Proxy "";



        ## Required for websockets
        proxy_http_version 1.1;
        proxy_set_header Connection "upgrade";
        proxy_set_header Upgrade $http_upgrade;
        proxy_read_timeout 600s;

        ## Optional: Do not log, get it at the destination
        access_log off;
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    ## Handle the GFC (Great Firewal of China) breaking DNS for BT to random IPs
    location /announc {
        access_log off;
        error_log off;
        default_type text/plain;
        return 410 "d14:failure reason13:not a tracker8:retry in5:nevere";
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}


# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
#    listen 8000;
#    listen somename:8080;
#    server_name somename alias another.alias;
#    root html;
#    index index.html index.htm;
#
#    location / {
#        try_files $uri $uri/ =404;
#    }
#}

Is there a possiblity to define multible users via environment variables? I found out that it's possible via command line args (-U "foo;bar" -U "baz;bla").

It would be pretty useful to assign it via HTTPUSER because it's not good to define passwords in a docker-compose file for example.

My suggestion would be to define them in HTTPUSER with a separator like ,: HTTPUSER=foo;bar,baz;bla

There are missing some lines in /etc/nginx/nginx.conf for stream to be working :

stream {
        include /etc/nginx/conf.d/*.stream;
}

This will be the minimum required to enable streams, i don't know if anything else is required or not. But with this it does work.

Without these lines, all /etc/nginx/conf.d/*.stream files are being ignored.
As a test you can write a random string in /etc/nginx/conf.d/default.stream and run service nginx configtest from inside the container, it will result in a config being OK. It means the file is being ignored.

I have been testing your openvpn-client on one of my odroids and would like to use your nginx container as well. Didn't see an armhf tagged build of nginx for your container at dockerhub, and was wondering if there's anything that could be done to make such a container. Thanks in advance for the consideration as well as for your other great work.

Hi dperson,

Firstly thanks for all the content you have provided on github in relation to docker, i have succesfully been able to create an openvpn docker using (dperson/openvpn-client) on my osmc rpi setup. However continuing on following your local network access for this setup you use this github (dperson/nginx) which unlike the above mentioned container does not work on my osmc rpi setup. (exec user process caused "exec format error" ~indicating to me wrong architecture - pls correct me if im wrong)

Are there any other ways to achieve local network access without using the dperson/nginx described method ?

Any help much appreciated.

(Linux version 4.19.55-6-osmc (root@vero3-db) (gcc version 6.3.0 20170516 (Debian 6.3.0-18+deb9u1)) #1 SMP PREEMPT Sun Nov 3 22:15:28 UTC 2019)

In nginx.sh there is a line

chown -Rh nginx. /var/cache/nginx 2>&1 | grep -iv 'Read-only' || :

which throw an error (see docker logs nginx) because user nginx. does not exists.

According to /etc/nginx/nginx.conf the user is www-data

Hi!

Could you please tag & version Docker images?

bf19dec

This commit broke our app because we relied on this files :)

Hi,

When I deploy the following YML it works if i go to 192.168.1.1:8008/hydra. However when I want to forward this ip and port with traefik (reversed proxy) to an external address/domain, its doesn't work. gets stuck in a loop. maybe because it exist in a bridge network mode, i dont know.

Any suggestions?

from: 192.168.1.1:8008/hydra
to: https://hydra.domain.com

the yml:

version: "3.4"
services:
  nordvpn:
    image: bubuntux/nordvpn
    container_name: nordvpn
    cap_add:
      - NET_ADMIN               # Required
      - SYS_MODULE              # Required for TECHNOLOGY=NordLynx
    sysctls:
      - net.ipv4.conf.all.rp_filter=2
    devices:
      - /dev/net/tun
    environment:
      - "[email protected]"
      - "PASS=mypassword"
      - CONNECT=Netherlands
      - TECHNOLOGY=NordLynx
      - TZ=Europe/Amsterdam
      - DEBUG=On

  hydra:
    image: linuxserver/nzbhydra2
    container_name: hydra
    environment:
      - PUID=1000
      - PGID=100
      - TZ=Europe/Amsterdam
    volumes:
      - /share/docker/compose/appdata/hydra2:/config
      - /share/downloads:/downloads
    restart: always
    network_mode: service:nordvpn
    depends_on: 
      - nordvpn
   
  web:
    image: dperson/nginx
    links:
      - nordvpn:jackett
      - nordvpn:hydra
    depends_on:
      - jackett
      - hydra
    tmpfs:
      - /run
      - /tmp
      - /var/cache/nginx
    ports:
      - 8008:80
      - 4431:443
    command: -w  "http://hydra:5076/hydra;/hydra"

the logs look good, no errors or anything so I feel like something is missing in the YML file. related to networking/bridge at the nginx part.