|
@@ -10,10 +10,10 @@
|
|
|
{{- $_ := set $globals "containers" $ }}
|
|
|
{{- $_ := set $globals "Env" $.Env }}
|
|
|
{{- $_ := set $globals "Docker" $.Docker }}
|
|
|
-{{- $_ := set $globals "CurrentContainer" (where $globals.containers "ID" $globals.Docker.CurrentContainerID | first) }}
|
|
|
|
|
|
{{- $config := dict }}
|
|
|
{{- $_ := set $config "nginx_proxy_version" $.Env.NGINX_PROXY_VERSION }}
|
|
|
+{{- $_ := set $config "nginx_container_label" ($.Env.NGINX_CONTAINER_LABEL | default "com.github.nginx-proxy.nginx-proxy.nginx") }}
|
|
|
{{- $_ := set $config "default_cert_ok" (and (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }}
|
|
|
{{- $_ := set $config "external_http_port" ($globals.Env.HTTP_PORT | default "80") }}
|
|
|
{{- $_ := set $config "external_https_port" ($globals.Env.HTTPS_PORT | default "443") }}
|
|
@@ -44,26 +44,29 @@
|
|
|
|
|
|
{{- $_ := set $globals "vhosts" (dict) }}
|
|
|
{{- $_ := set $globals "networks" (dict) }}
|
|
|
-# Networks available to the container running docker-gen (which are assumed to
|
|
|
-# match the networks available to the container running nginx):
|
|
|
+
|
|
|
+{{- $currentContainer := where $globals.containers "ID" $globals.Docker.CurrentContainerID | first }}
|
|
|
+{{- $labeledContainer := whereLabelExists $globals.containers $globals.config.nginx_container_label | first }}
|
|
|
+{{- $_ := set $globals "NetworkContainer" ($labeledContainer | default $currentContainer) }}
|
|
|
+# Networks available to the container labeled "{{ $globals.config.nginx_container_label }}" or the one running docker-gen
|
|
|
+# (which are assumed to match the networks available to the container running nginx):
|
|
|
{{- /*
|
|
|
- * Note: $globals.CurrentContainer may be nil in some circumstances due to
|
|
|
- * <https://github.com/nginx-proxy/docker-gen/issues/458>. For more context
|
|
|
- * see <https://github.com/nginx-proxy/nginx-proxy/issues/2189>.
|
|
|
+ * Note:
|
|
|
+ * $globals.NetworkContainer may be nil in some circumstances due to https://github.com/nginx-proxy/docker-gen/issues/458.
|
|
|
+ * For more context see https://github.com/nginx-proxy/nginx-proxy/issues/2189.
|
|
|
*/}}
|
|
|
-{{- if $globals.CurrentContainer }}
|
|
|
- {{- range sortObjectsByKeysAsc $globals.CurrentContainer.Networks "Name" }}
|
|
|
+{{- if $globals.NetworkContainer }}
|
|
|
+ {{- range sortObjectsByKeysAsc $globals.NetworkContainer.Networks "Name" }}
|
|
|
{{- $_ := set $globals.networks .Name . }}
|
|
|
# {{ .Name }}
|
|
|
{{- else }}
|
|
|
# (none)
|
|
|
{{- end }}
|
|
|
{{- else }}
|
|
|
-# /!\ WARNING: Failed to find the Docker container running docker-gen. All
|
|
|
-# upstream (backend) application containers will appear to be
|
|
|
-# unreachable. Try removing the -only-exposed and -only-published
|
|
|
-# arguments to docker-gen if you pass either of those. See
|
|
|
-# <https://github.com/nginx-proxy/docker-gen/issues/458>.
|
|
|
+# /!\ WARNING: Failed to find the Docker container labeled "{{ $globals.config.nginx_container_label }}" or the one running docker-gen.
|
|
|
+# All upstream (backend) application containers will appear to be unreachable.
|
|
|
+# Try removing the -only-exposed and -only-published arguments to docker-gen if you pass either of those.
|
|
|
+# See https://github.com/nginx-proxy/docker-gen/issues/458.
|
|
|
{{- end }}
|
|
|
|
|
|
{{- /*
|
|
@@ -97,7 +100,7 @@
|
|
|
{{- $ipv4 = "127.0.0.1" }}
|
|
|
{{- continue }}
|
|
|
{{- end }}
|
|
|
- {{- range sortObjectsByKeysAsc $.globals.CurrentContainer.Networks "Name" }}
|
|
|
+ {{- range sortObjectsByKeysAsc $.globals.NetworkContainer.Networks "Name" }}
|
|
|
{{- if and . .Gateway (not .Internal) }}
|
|
|
# container is in host network mode, using {{ .Name }} gateway IP
|
|
|
{{- $ipv4 = .Gateway }}
|
|
@@ -114,7 +117,7 @@
|
|
|
{{- end }}
|
|
|
{{- /*
|
|
|
* Do not emit multiple `server` directives for this container if it
|
|
|
- * is reachable over multiple networks or multiple IP stacks. This avoids
|
|
|
+ * is reachable over multiple networks or multiple IP stacks. This avoids
|
|
|
* accidentally inflating the effective round-robin weight of a server due
|
|
|
* to the redundant upstream addresses that nginx sees as belonging to
|
|
|
* distinct servers.
|
|
@@ -397,7 +400,7 @@ upstream {{ $vpath.upstream }} {
|
|
|
{{- $debug_vpath := deepCopy $vpath | merge (dict "ports" $tmp_ports) }}
|
|
|
{{- $_ := set $debug_paths $path $debug_vpath }}
|
|
|
{{- end }}
|
|
|
-
|
|
|
+
|
|
|
{{- $debug_vhost := deepCopy .VHost }}
|
|
|
{{- /* If it's a regexp, do not render the Hostname to the response to avoid rendering config breaking characters */}}
|
|
|
{{- $_ := set $debug_vhost "hostname" (.VHost.is_regexp | ternary "Hostname is a regexp and unsafe to include in the debug response." .Hostname) }}
|
|
@@ -606,7 +609,7 @@ proxy_set_header Proxy "";
|
|
|
{{- $path_port_containers := get $path_ports $port | default (list) | concat $containers }}
|
|
|
{{- $_ := set $path_ports $port $path_port_containers }}
|
|
|
{{- $_ := set $path_data "ports" $path_ports }}
|
|
|
-
|
|
|
+
|
|
|
{{- if (not (hasKey $path_data "dest")) }}
|
|
|
{{- $_ := set $path_data "dest" $dest }}
|
|
|
{{- end }}
|
|
@@ -614,7 +617,7 @@ proxy_set_header Proxy "";
|
|
|
{{- if (not (hasKey $path_data "proto")) }}
|
|
|
{{- $_ := set $path_data "proto" $proto }}
|
|
|
{{- end }}
|
|
|
-
|
|
|
+
|
|
|
{{- $_ := set $paths $path $path_data }}
|
|
|
{{- end }}
|
|
|
{{- $_ := set $vhost_data "paths" $paths }}
|
|
@@ -666,7 +669,7 @@ proxy_set_header Proxy "";
|
|
|
{{- if (not (hasKey $path_data "proto")) }}
|
|
|
{{- $_ := set $path_data "proto" $proto }}
|
|
|
{{- end }}
|
|
|
-
|
|
|
+
|
|
|
{{- $_ := set $paths $path $path_data }}
|
|
|
{{- end }}
|
|
|
{{- $_ := set $vhost_data "paths" $paths }}
|
|
@@ -708,7 +711,7 @@ proxy_set_header Proxy "";
|
|
|
{{- end }}
|
|
|
|
|
|
{{- $userIdentifiedCert := groupByKeys $vhost_containers "Env.CERT_NAME" | first }}
|
|
|
-
|
|
|
+
|
|
|
{{- $vhostCert := "" }}
|
|
|
{{- if exists (printf "/etc/nginx/certs/%s.crt" $hostname) }}
|
|
|
{{- $vhostCert = $hostname }}
|
|
@@ -721,10 +724,10 @@ proxy_set_header Proxy "";
|
|
|
{{- $parentVhostCert = $parentHostname }}
|
|
|
{{- end }}
|
|
|
{{- end }}
|
|
|
-
|
|
|
+
|
|
|
{{- $trust_default_cert := groupByLabel $vhost_containers "com.github.nginx-proxy.nginx-proxy.trust-default-cert" | keys | first | default $globals.config.trust_default_cert | parseBool }}
|
|
|
{{- $defaultCert := and $trust_default_cert $globals.config.default_cert_ok | ternary "default" "" }}
|
|
|
-
|
|
|
+
|
|
|
{{- $cert := or $userIdentifiedCert $vhostCert $parentVhostCert $defaultCert }}
|
|
|
{{- $cert_ok := and (ne $cert "") (exists (printf "/etc/nginx/certs/%s.crt" $cert)) (exists (printf "/etc/nginx/certs/%s.key" $cert)) }}
|
|
|
|
|
@@ -738,10 +741,10 @@ proxy_set_header Proxy "";
|
|
|
{{- $https_method = "noredirect" }}
|
|
|
{{- end }}
|
|
|
{{- $non_get_redirect := groupByLabel $vhost_containers "com.github.nginx-proxy.nginx-proxy.non-get-redirect" | keys | first | default $globals.config.non_get_redirect }}
|
|
|
-
|
|
|
+
|
|
|
{{- $http2_enabled := groupByLabel $vhost_containers "com.github.nginx-proxy.nginx-proxy.http2.enable" | keys | first | default $globals.config.enable_http2 | parseBool }}
|
|
|
{{- $http3_enabled := groupByLabel $vhost_containers "com.github.nginx-proxy.nginx-proxy.http3.enable" | keys | first | default $globals.config.enable_http3 | parseBool }}
|
|
|
-
|
|
|
+
|
|
|
{{- $acme_http_challenge := groupByKeys $vhost_containers "Env.ACME_HTTP_CHALLENGE_LOCATION" | first | default $globals.config.acme_http_challenge }}
|
|
|
{{- $acme_http_challenge_legacy := eq $acme_http_challenge "legacy" }}
|
|
|
{{- $acme_http_challenge_enabled := false }}
|
|
@@ -903,7 +906,7 @@ server {
|
|
|
break;
|
|
|
}
|
|
|
{{- end }}
|
|
|
-
|
|
|
+
|
|
|
{{- if $vhost.enable_debug_endpoint }}
|
|
|
{{ template "debug_location" (dict "GlobalConfig" $globals.config "Hostname" $hostname "VHost" $vhost) }}
|
|
|
{{- end }}
|