|
@@ -11,6 +11,7 @@
|
|
|
{{- $_ := set $globals "Env" $.Env }}
|
|
|
{{- $_ := set $globals "Docker" $.Docker }}
|
|
|
{{- $_ := set $globals "CurrentContainer" (where $globals.containers "ID" $globals.Docker.CurrentContainerID | first) }}
|
|
|
+{{- $_ := set $globals "NginxContainer" (whereLabelExists $globals.containers "com.github.nginx-proxy.nginx-proxy.nginx" | first) }}
|
|
|
|
|
|
{{- $config := dict }}
|
|
|
{{- $_ := set $config "nginx_proxy_version" $.Env.NGINX_PROXY_VERSION }}
|
|
@@ -44,14 +45,21 @@
|
|
|
|
|
|
{{- $_ := set $globals "vhosts" (dict) }}
|
|
|
{{- $_ := set $globals "networks" (dict) }}
|
|
|
-# Networks available to the container running docker-gen (which are assumed to
|
|
|
+# Networks available to the container labeled "com.github.nginx-proxy.nginx-proxy.nginx" or the one running docker-gen (which are assumed to
|
|
|
# match the networks available to the container running nginx):
|
|
|
{{- /*
|
|
|
* Note: $globals.CurrentContainer may be nil in some circumstances due to
|
|
|
* <https://github.com/nginx-proxy/docker-gen/issues/458>. For more context
|
|
|
* see <https://github.com/nginx-proxy/nginx-proxy/issues/2189>.
|
|
|
*/}}
|
|
|
-{{- if $globals.CurrentContainer }}
|
|
|
+{{- if $globals.NginxContainer }}
|
|
|
+ {{- range sortObjectsByKeysAsc $globals.NginxContainer.Networks "Name" }}
|
|
|
+ {{- $_ := set $globals.networks .Name . }}
|
|
|
+# {{ .Name }}
|
|
|
+ {{- else }}
|
|
|
+# (none)
|
|
|
+ {{- end }}
|
|
|
+{{- else if $globals.CurrentContainer }}
|
|
|
{{- range sortObjectsByKeysAsc $globals.CurrentContainer.Networks "Name" }}
|
|
|
{{- $_ := set $globals.networks .Name . }}
|
|
|
# {{ .Name }}
|
|
@@ -97,11 +105,21 @@
|
|
|
{{- $ipv4 = "127.0.0.1" }}
|
|
|
{{- continue }}
|
|
|
{{- end }}
|
|
|
- {{- range sortObjectsByKeysAsc $.globals.CurrentContainer.Networks "Name" }}
|
|
|
- {{- if and . .Gateway (not .Internal) }}
|
|
|
+ {{- if $.globals.NginxContainer }}
|
|
|
+ {{- range sortObjectsByKeysAsc $.globals.NginxContainer.Networks "Name" }}
|
|
|
+ {{- if and . .Gateway (not .Internal) }}
|
|
|
# container is in host network mode, using {{ .Name }} gateway IP
|
|
|
- {{- $ipv4 = .Gateway }}
|
|
|
- {{- break }}
|
|
|
+ {{- $ipv4 = .Gateway }}
|
|
|
+ {{- break }}
|
|
|
+ {{- end }}
|
|
|
+ {{- end }}
|
|
|
+ {{- else }}
|
|
|
+ {{- range sortObjectsByKeysAsc $.globals.CurrentContainer.Networks "Name" }}
|
|
|
+ {{- if and . .Gateway (not .Internal) }}
|
|
|
+ # container is in host network mode, using {{ .Name }} gateway IP
|
|
|
+ {{- $ipv4 = .Gateway }}
|
|
|
+ {{- break }}
|
|
|
+ {{- end }}
|
|
|
{{- end }}
|
|
|
{{- end }}
|
|
|
{{- if $ipv4 }}
|
|
@@ -114,7 +132,7 @@
|
|
|
{{- end }}
|
|
|
{{- /*
|
|
|
* Do not emit multiple `server` directives for this container if it
|
|
|
- * is reachable over multiple networks or multiple IP stacks. This avoids
|
|
|
+ * is reachable over multiple networks or multiple IP stacks. This avoids
|
|
|
* accidentally inflating the effective round-robin weight of a server due
|
|
|
* to the redundant upstream addresses that nginx sees as belonging to
|
|
|
* distinct servers.
|
|
@@ -397,7 +415,7 @@ upstream {{ $vpath.upstream }} {
|
|
|
{{- $debug_vpath := deepCopy $vpath | merge (dict "ports" $tmp_ports) }}
|
|
|
{{- $_ := set $debug_paths $path $debug_vpath }}
|
|
|
{{- end }}
|
|
|
-
|
|
|
+
|
|
|
{{- $debug_vhost := deepCopy .VHost }}
|
|
|
{{- /* If it's a regexp, do not render the Hostname to the response to avoid rendering config breaking characters */}}
|
|
|
{{- $_ := set $debug_vhost "hostname" (.VHost.is_regexp | ternary "Hostname is a regexp and unsafe to include in the debug response." .Hostname) }}
|
|
@@ -606,7 +624,7 @@ proxy_set_header Proxy "";
|
|
|
{{- $path_port_containers := get $path_ports $port | default (list) | concat $containers }}
|
|
|
{{- $_ := set $path_ports $port $path_port_containers }}
|
|
|
{{- $_ := set $path_data "ports" $path_ports }}
|
|
|
-
|
|
|
+
|
|
|
{{- if (not (hasKey $path_data "dest")) }}
|
|
|
{{- $_ := set $path_data "dest" $dest }}
|
|
|
{{- end }}
|
|
@@ -614,7 +632,7 @@ proxy_set_header Proxy "";
|
|
|
{{- if (not (hasKey $path_data "proto")) }}
|
|
|
{{- $_ := set $path_data "proto" $proto }}
|
|
|
{{- end }}
|
|
|
-
|
|
|
+
|
|
|
{{- $_ := set $paths $path $path_data }}
|
|
|
{{- end }}
|
|
|
{{- $_ := set $vhost_data "paths" $paths }}
|
|
@@ -666,7 +684,7 @@ proxy_set_header Proxy "";
|
|
|
{{- if (not (hasKey $path_data "proto")) }}
|
|
|
{{- $_ := set $path_data "proto" $proto }}
|
|
|
{{- end }}
|
|
|
-
|
|
|
+
|
|
|
{{- $_ := set $paths $path $path_data }}
|
|
|
{{- end }}
|
|
|
{{- $_ := set $vhost_data "paths" $paths }}
|
|
@@ -708,7 +726,7 @@ proxy_set_header Proxy "";
|
|
|
{{- end }}
|
|
|
|
|
|
{{- $userIdentifiedCert := groupByKeys $vhost_containers "Env.CERT_NAME" | first }}
|
|
|
-
|
|
|
+
|
|
|
{{- $vhostCert := "" }}
|
|
|
{{- if exists (printf "/etc/nginx/certs/%s.crt" $hostname) }}
|
|
|
{{- $vhostCert = $hostname }}
|
|
@@ -721,10 +739,10 @@ proxy_set_header Proxy "";
|
|
|
{{- $parentVhostCert = $parentHostname }}
|
|
|
{{- end }}
|
|
|
{{- end }}
|
|
|
-
|
|
|
+
|
|
|
{{- $trust_default_cert := groupByLabel $vhost_containers "com.github.nginx-proxy.nginx-proxy.trust-default-cert" | keys | first | default $globals.config.trust_default_cert | parseBool }}
|
|
|
{{- $defaultCert := and $trust_default_cert $globals.config.default_cert_ok | ternary "default" "" }}
|
|
|
-
|
|
|
+
|
|
|
{{- $cert := or $userIdentifiedCert $vhostCert $parentVhostCert $defaultCert }}
|
|
|
{{- $cert_ok := and (ne $cert "") (exists (printf "/etc/nginx/certs/%s.crt" $cert)) (exists (printf "/etc/nginx/certs/%s.key" $cert)) }}
|
|
|
|
|
@@ -738,10 +756,10 @@ proxy_set_header Proxy "";
|
|
|
{{- $https_method = "noredirect" }}
|
|
|
{{- end }}
|
|
|
{{- $non_get_redirect := groupByLabel $vhost_containers "com.github.nginx-proxy.nginx-proxy.non-get-redirect" | keys | first | default $globals.config.non_get_redirect }}
|
|
|
-
|
|
|
+
|
|
|
{{- $http2_enabled := groupByLabel $vhost_containers "com.github.nginx-proxy.nginx-proxy.http2.enable" | keys | first | default $globals.config.enable_http2 | parseBool }}
|
|
|
{{- $http3_enabled := groupByLabel $vhost_containers "com.github.nginx-proxy.nginx-proxy.http3.enable" | keys | first | default $globals.config.enable_http3 | parseBool }}
|
|
|
-
|
|
|
+
|
|
|
{{- $acme_http_challenge := groupByKeys $vhost_containers "Env.ACME_HTTP_CHALLENGE_LOCATION" | first | default $globals.config.acme_http_challenge }}
|
|
|
{{- $acme_http_challenge_legacy := eq $acme_http_challenge "legacy" }}
|
|
|
{{- $acme_http_challenge_enabled := false }}
|
|
@@ -903,7 +921,7 @@ server {
|
|
|
break;
|
|
|
}
|
|
|
{{- end }}
|
|
|
-
|
|
|
+
|
|
|
{{- if $vhost.enable_debug_endpoint }}
|
|
|
{{ template "debug_location" (dict "GlobalConfig" $globals.config "Hostname" $hostname "VHost" $vhost) }}
|
|
|
{{- end }}
|