首页 发现 帮助
登录
mirrors
/
nginx-proxy
镜像自地址 https://github.com/nginx-proxy/nginx-proxy.git
2
0
派生 0
文件
浏览代码

fix: prevent incorrect loading of wildcard domains in vhost configuration

Co-authored-by: Sjoerd de Wit <sjoerd@superlatief.nl>
Co-authored-by: Minjong Kim <make.dirty.code@gmail.com>
Sjoerd de Wit 1 月之前
父节点
366ff4530a
当前提交
32743b04ac
共有 1 个文件被更改,包括 10 次插入10 次删除
合并视图 显示文件统计
  1. 10 10
      nginx.tmpl

+ 10 - 10
nginx.tmpl
查看文件 

@@ -65,9 +65,9 @@
 
 #     (none)
 
 #     (none)
 
     {{- end }}
 
     {{- end }}
 
 {{- else }}
 
 {{- else }}
 
-# /!\ WARNING: Failed to find the Docker container labeled "{{ $globals.config.nginx_container_label }}" or the one running docker-gen. 
+# /!\ WARNING: Failed to find the Docker container labeled "{{ $globals.config.nginx_container_label }}" or the one running docker-gen.
 
 #              All upstream (backend) application containers will appear to be unreachable.
 
 #              All upstream (backend) application containers will appear to be unreachable.
 
-#              Try removing the -only-exposed and -only-published arguments to docker-gen if you pass either of those. 
+#              Try removing the -only-exposed and -only-published arguments to docker-gen if you pass either of those.
 
 #              See https://github.com/nginx-proxy/docker-gen/issues/458.
 
 #              See https://github.com/nginx-proxy/docker-gen/issues/458.
 
 {{- end }}
 
 {{- end }}
 
 
 
@@ -291,7 +291,7 @@
 
         {{- $override = printf "/etc/nginx/vhost.d/%s_location_override" .Host }}
 
         {{- $override = printf "/etc/nginx/vhost.d/%s_location_override" .Host }}
 
     {{- end }}
 
     {{- end }}
 
     {{- if exists $override }}
 
     {{- if exists $override }}
 
-    include {{ $override }};
 
+    include {{  printf "%s" (replace $override "*" "\\*" -1) }};
 
     {{- else }}
 
     {{- else }}
 
         {{- $keepalive := $vpath.keepalive }}
 
         {{- $keepalive := $vpath.keepalive }}
 
     location {{ .Path }} {
 
     location {{ .Path }} {
 
@@ -339,9 +339,9 @@
 
         {{- end }}
 
         {{- end }}
 
 
 
         {{- if (exists (printf "/etc/nginx/vhost.d/%s_%s_location" .Host (sha1 .Path) )) }}
 
         {{- if (exists (printf "/etc/nginx/vhost.d/%s_%s_location" .Host (sha1 .Path) )) }}
 
-        include {{ printf "/etc/nginx/vhost.d/%s_%s_location" .Host (sha1 .Path) }};
 
+        include {{ printf "/etc/nginx/vhost.d/%s_%s_location" (replace .Host "*" "\\*" -1) (sha1 .Path) }};
 
         {{- else if (exists (printf "/etc/nginx/vhost.d/%s_location" .Host)) }}
 
         {{- else if (exists (printf "/etc/nginx/vhost.d/%s_location" .Host)) }}
 
-        include {{ printf "/etc/nginx/vhost.d/%s_location" .Host}};
 
+        include {{ printf "/etc/nginx/vhost.d/%s_location" (replace .Host "*" "\\*" -1) }};
 
         {{- else if (exists "/etc/nginx/vhost.d/default_location") }}
 
         {{- else if (exists "/etc/nginx/vhost.d/default_location") }}
 
         include /etc/nginx/vhost.d/default_location;
 
         include /etc/nginx/vhost.d/default_location;
 
         {{- end }}
 
         {{- end }}
 
@@ -788,7 +788,7 @@ proxy_set_header Proxy "";
 
     {{- $ssl_policy := groupByKeys $vhost_containers "Env.SSL_POLICY" | first | default "" }}
 
     {{- $ssl_policy := groupByKeys $vhost_containers "Env.SSL_POLICY" | first | default "" }}
 
 
 
     {{- /* Get ssl_verify_client defined by containers w/ the same vhost, falling back to "on" */}}
 
     {{- /* Get ssl_verify_client defined by containers w/ the same vhost, falling back to "on" */}}
 
-    {{- $ssl_verify_client := groupByLabel $vhost_containers "com.github.nginx-proxy.nginx-proxy.ssl_verify_client" | keys | first | default "on" }}																						   
+    {{- $ssl_verify_client := groupByLabel $vhost_containers "com.github.nginx-proxy.nginx-proxy.ssl_verify_client" | keys | first | default "on" }}
 
 
 
     {{- /* Get the HSTS defined by containers w/ the same vhost, falling back to "max-age=31536000". */}}
 
     {{- /* Get the HSTS defined by containers w/ the same vhost, falling back to "max-age=31536000". */}}
 
     {{- $hsts := groupByKeys $vhost_containers "Env.HSTS" | first | default $globals.config.hsts }}
 
     {{- $hsts := groupByKeys $vhost_containers "Env.HSTS" | first | default $globals.config.hsts }}
 
@@ -811,7 +811,7 @@ proxy_set_header Proxy "";
 
         "acme_http_challenge_enabled" $acme_http_challenge_enabled
 
         "acme_http_challenge_enabled" $acme_http_challenge_enabled
 
         "server_tokens" $server_tokens
 
         "server_tokens" $server_tokens
 
         "ssl_policy" $ssl_policy
 
         "ssl_policy" $ssl_policy
 
-        "ssl_verify_client" $ssl_verify_client											  
+        "ssl_verify_client" $ssl_verify_client
 
         "trust_default_cert" $trust_default_cert
 
         "trust_default_cert" $trust_default_cert
 
         "upstream_name" $upstream_name
 
         "upstream_name" $upstream_name
 
         "vhost_root" $vhost_root
 
         "vhost_root" $vhost_root
 
@@ -1067,7 +1067,7 @@ server {
 
     {{- $vhostFileName :=  $vhost.is_regexp | ternary (sha1 $hostname) $hostname }}
 
     {{- $vhostFileName :=  $vhost.is_regexp | ternary (sha1 $hostname) $hostname }}
 
 
 
     {{- if (exists (printf "/etc/nginx/vhost.d/%s" $vhostFileName)) }}
 
     {{- if (exists (printf "/etc/nginx/vhost.d/%s" $vhostFileName)) }}
 
-    include {{ printf "/etc/nginx/vhost.d/%s" $vhostFileName }};
 
+    include {{ printf "/etc/nginx/vhost.d/%s" (replace $vhostFileName "*" "\\*" -1) }};
 
     {{- else if (exists "/etc/nginx/vhost.d/default") }}
 
     {{- else if (exists "/etc/nginx/vhost.d/default") }}
 
     include /etc/nginx/vhost.d/default;
 
     include /etc/nginx/vhost.d/default;
 
     {{- end }}
 
     {{- end }}
 
@@ -1075,11 +1075,11 @@ server {
 
     {{/* SSL Client Certificate Validation */}}
 
     {{/* SSL Client Certificate Validation */}}
 
     {{/* If vhost(hash).ca.crt exists, include CA */}}
 
     {{/* If vhost(hash).ca.crt exists, include CA */}}
 
     {{- if (exists (printf "/etc/nginx/certs/%s.ca.crt" $vhostFileName)) }}
 
     {{- if (exists (printf "/etc/nginx/certs/%s.ca.crt" $vhostFileName)) }}
 
-    ssl_client_certificate {{ printf "/etc/nginx/certs/%s.ca.crt" $vhostFileName }}; 
+    ssl_client_certificate {{ printf "/etc/nginx/certs/%s.ca.crt" $vhostFileName }};
 
     ssl_verify_client {{ $vhost.ssl_verify_client }};
 
     ssl_verify_client {{ $vhost.ssl_verify_client }};
 
         {{/* If vhost(hash).crl.pem exists, include CRL */}}
 
         {{/* If vhost(hash).crl.pem exists, include CRL */}}
 
         {{- if (exists (printf "/etc/nginx/certs/%s.crl.pem" $vhostFileName)) }}
 
         {{- if (exists (printf "/etc/nginx/certs/%s.crl.pem" $vhostFileName)) }}
 
-    ssl_crl {{ printf "/etc/nginx/certs/%s.crl.pem" $vhostFileName }}; 
+    ssl_crl {{ printf "/etc/nginx/certs/%s.crl.pem" $vhostFileName }};
 
         {{ end }}
 
         {{ end }}
 
     {{/* Else if no vhost CA file exists, but a global ca.crt exists include it */}}
 
     {{/* Else if no vhost CA file exists, but a global ca.crt exists include it */}}
 
     {{ else if (exists "/etc/nginx/certs/ca.crt") }}
 
     {{ else if (exists "/etc/nginx/certs/ca.crt") }}