Skip to content
/ docker-nginx Public

Nginx docker image with dynamic settings

12 stars 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Tivix/docker-nginx

BranchesTags

Repository files navigation

docker-nginx

A meant-for-docker, nginx-based, HTTP proxy for serving static files, forwarding requests to upstreams, as well as local development.

USAGE

proxy:
  image: tivix/docker-nginx:v16
  ports:
    - 127.0.0.1:80:80
  environment:
    # Point paths (<path>:<container>:<port>) to your backend containers
    - UPSTREAMS=/api:backend:8000,/:frontend:80
    # Point paths (<path>:<some-dir-in-docker-nginx-container>) to static files server directly by nginx
    - STATICS=/static:/data/static

Some of the envrionment variables available:

  • MAINTENANCE=true nginx sets root to static html page; set true to activate, delete var to deactivate
  • UPSTREAMS=/:backend:8000 a comma separated list of <path>:<upstream>:<port>. Each of those of those elements creates a location block with proxy_pass in it.
  • STATICS=/static:/data/static a comma separated list of <path>:<directory>. Creates a location block with alias directive.
  • HTTPS_REDIRECT=true enabled a standard, ELB compliant https redirect.
  • BASIC_AUTH_ALL=true enables a catch-all basic auth protection. Must be used in conjuction with BASIC_AUTH_USER and BASIC_AUTH_PASS (or AWS Secrets Manager, see below)
  • BASIC_AUTH_LOCATIONS=/api enables basic auth protection for selected locations. The paths must be declared in UPSTREAMS first.
  • AWS_SM_PATH and AWS_SM_KEY will get the basic auth password from AWS Secrets Manager. Requires standard AWS API access, either via Instance Profile or API keys.
AWS_SM_PATH=staging
AWS_SM_KEY=NGINX_PASSWORD
AWS_DEFAULT_REGION=us-west-1

The above will get the password from AWS Secret Manager secret named staging, and extract the value of NGINX_PASSWORD from it.

  • LOG_LEVEL=info allows you to set nginx error_log verbosity. Defaults to notice.
  • GZIP=true enables standard GZIP compression with some sane defaults
  • REAL_IP=true enables parsing of X-Forwarded-For header.
  • REAL_IP_HEADER=X-Real-Ip customizes which header to use for real_ip
  • REAL_IP_CIDRS=10.0.0.0/8,192.168.0.0/16 sets the set_real_ip_from directive
  • MICROCACHE=true enables "microcaching". Nginx will cache upstream responses for short ammount of time.
  • MICROCACHE_TIMEOUT how long to cache responses for. Defaults to 1s.
  • DEBUG makes things verbose
  • DEV_SSL_CERT somewhat hacky for now. Adds a ssl on listen directive with (currently) hardcoded, self-signed certificate.
  • WORKER_PROCESSES=auto number of nginx processes. Access the same values as worker_processes directive.
  • UWSGI=true switches proxy_pass to uwsgi_pass
  • STATS=/stats creates a stub_status endpoint at the defined path, accessible from 127.0.0.1 only.
  • STATS_PORT=8080 port the stats endpoint listens at. Defaults to 8080.
  • HEALTHCHECK=/health enables simple healthcheck endpoint at the defined path, accessible from 127.0.0.1 only. Think Docker healthcheck-cmd curl -sSf 127.0.0.1:8080/health
  • HEALTHCHECK_PORT=8080 port the healthcheck listens at. Defaults to 8080.
  • HEALTHCHECK_LISTEN=127.0.0.1 IP address the healthcheck listens on. Defaults to 127.0.0.1.
  • NOSNIFF=true enables X-Content-Type-Options: nosniff. Defaults to false.
  • CSP=true enables Content Security Policy. Defaults to false.
  • CLEAR_SERVER_HEADER removes the Server header from responses. Defaults to true.

...and some others. See the code.

About

Nginx docker image with dynamic settings

Resources

Readme
Activity
Custom properties

Stars

12 stars

Watchers

9 watching

Forks

7 forks
Report repository

Releases 11

v18 Latest
Apr 9, 2024
+ 10 releases

Packages

No packages published

Contributors 6

Languages