|
@@ -128,7 +128,7 @@
|
|
# exposed ports:{{ range sortObjectsByKeysAsc $.container.Addresses "Port" }} {{ .Port }}/{{ .Proto }}{{ else }} (none){{ end }}
|
|
# exposed ports:{{ range sortObjectsByKeysAsc $.container.Addresses "Port" }} {{ .Port }}/{{ .Proto }}{{ else }} (none){{ end }}
|
|
{{- $default_port := when (eq (len $.container.Addresses) 1) (first $.container.Addresses).Port "80" }}
|
|
{{- $default_port := when (eq (len $.container.Addresses) 1) (first $.container.Addresses).Port "80" }}
|
|
# default port: {{ $default_port }}
|
|
# default port: {{ $default_port }}
|
|
- {{- $port := when (eq $.port "legacy") (or $.container.Env.VIRTUAL_PORT $default_port) $.port }}
|
|
|
|
|
|
+ {{- $port := when (eq $.port "default") $default_port (when (eq $.port "legacy") (or $.container.Env.VIRTUAL_PORT $default_port) $.port) }}
|
|
# using port: {{ $port }}
|
|
# using port: {{ $port }}
|
|
{{- $addr_obj := where $.container.Addresses "Port" $port | first }}
|
|
{{- $addr_obj := where $.container.Addresses "Port" $port | first }}
|
|
{{- if and $addr_obj $addr_obj.HostPort }}
|
|
{{- if and $addr_obj $addr_obj.HostPort }}
|
|
@@ -338,49 +338,6 @@ upstream {{ $vpath.upstream }} {
|
|
}
|
|
}
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
|
|
-{{- /*
|
|
|
|
- * Template used as a function to collect virtual path properties from
|
|
|
|
- * the given containers. These properties are "returned" by storing their
|
|
|
|
- * values into the provided dot dict.
|
|
|
|
- *
|
|
|
|
- * The provided dot dict is expected to have the following entries:
|
|
|
|
- * - "Containers": List of container's RuntimeContainer struct.
|
|
|
|
- * - "Upstream_name"
|
|
|
|
- * - "Has_virtual_paths": boolean
|
|
|
|
- * - "Path"
|
|
|
|
- *
|
|
|
|
- * The return values will be added to the dot dict with keys:
|
|
|
|
- * - "dest"
|
|
|
|
- * - "proto"
|
|
|
|
- * - "network_tag"
|
|
|
|
- * - "upstream"
|
|
|
|
- * - "loadbalance"
|
|
|
|
- * - "keepalive"
|
|
|
|
- */}}
|
|
|
|
-{{- define "get_path_info" }}
|
|
|
|
- {{- /* Get the VIRTUAL_PROTO defined by containers w/ the same vhost-vpath, falling back to "http". */}}
|
|
|
|
- {{- $proto := trim (or (first (groupByKeys $.Containers "Env.VIRTUAL_PROTO")) "http") }}
|
|
|
|
- {{- /* Get the NETWORK_ACCESS defined by containers w/ the same vhost, falling back to "external". */}}
|
|
|
|
- {{- $network_tag := or (first (groupByKeys $.Containers "Env.NETWORK_ACCESS")) "external" }}
|
|
|
|
-
|
|
|
|
- {{- $loadbalance := first (keys (groupByLabel $.Containers "com.github.nginx-proxy.nginx-proxy.loadbalance")) }}
|
|
|
|
- {{- $keepalive := coalesce (first (keys (groupByLabel $.Containers "com.github.nginx-proxy.nginx-proxy.keepalive"))) "disabled" }}
|
|
|
|
-
|
|
|
|
- {{- $upstream := $.Upstream_name }}
|
|
|
|
- {{- $dest := "" }}
|
|
|
|
- {{- if $.Has_virtual_paths }}
|
|
|
|
- {{- $sum := sha1 $.Path }}
|
|
|
|
- {{- $upstream = printf "%s-%s" $upstream $sum }}
|
|
|
|
- {{- $dest = or (first (groupByKeys $.Containers "Env.VIRTUAL_DEST")) "" }}
|
|
|
|
- {{- end }}
|
|
|
|
- {{- $_ := set $ "proto" $proto }}
|
|
|
|
- {{- $_ := set $ "network_tag" $network_tag }}
|
|
|
|
- {{- $_ := set $ "upstream" $upstream }}
|
|
|
|
- {{- $_ := set $ "dest" $dest }}
|
|
|
|
- {{- $_ := set $ "loadbalance" $loadbalance }}
|
|
|
|
- {{- $_ := set $ "keepalive" $keepalive }}
|
|
|
|
-{{- end }}
|
|
|
|
-
|
|
|
|
# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
|
|
# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
|
|
# scheme used to connect to this server
|
|
# scheme used to connect to this server
|
|
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
|
|
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
|
|
@@ -500,15 +457,131 @@ proxy_set_header X-Original-URI $request_uri;
|
|
proxy_set_header Proxy "";
|
|
proxy_set_header Proxy "";
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
|
|
-{{- /* Precompute some information about each vhost. */}}
|
|
|
|
|
|
+{{- /* Precompute and store some information about vhost that use VIRTUAL_HOST_MULTIPORTS. */}}
|
|
|
|
+{{- range $vhosts_yaml, $containers := groupBy $globals.containers "Env.VIRTUAL_HOST_MULTIPORTS" }}
|
|
|
|
+ {{- /* Print a warning in the config if VIRTUAL_HOST_MULTIPORTS can't be parsed. */}}
|
|
|
|
+ {{- $parsedVhosts := fromYaml $vhosts_yaml }}
|
|
|
|
+ {{- if (empty $parsedVhosts) }}
|
|
|
|
+ {{- $containerNames := list }}
|
|
|
|
+ {{- range $container := $containers }}
|
|
|
|
+ {{- $containerNames = append $containerNames $container.Name }}
|
|
|
|
+ {{- end }}
|
|
|
|
+# /!\ WARNING: the VIRTUAL_HOST_MULTIPORTS environment variable used for {{ len $containerNames | plural "this container" "those containers" }} is not a valid YAML string:
|
|
|
|
+# {{ $containerNames | join ", " }}
|
|
|
|
+ {{- continue }}
|
|
|
|
+ {{- end }}
|
|
|
|
+
|
|
|
|
+ {{- range $hostname, $vhost := $parsedVhosts }}
|
|
|
|
+ {{- $vhost_data := when (hasKey $globals.vhosts $hostname) (get $globals.vhosts $hostname) (dict) }}
|
|
|
|
+ {{- $paths := coalesce $vhost_data.paths (dict) }}
|
|
|
|
+
|
|
|
|
+ {{- if (empty $vhost) }}
|
|
|
|
+ {{ $vhost = dict "/" (dict) }}
|
|
|
|
+ {{- end }}
|
|
|
|
+
|
|
|
|
+ {{- range $path, $vpath := $vhost }}
|
|
|
|
+ {{- if (empty $vpath) }}
|
|
|
|
+ {{- $vpath = dict "dest" "" "port" "default" }}
|
|
|
|
+ {{- end }}
|
|
|
|
+ {{- $dest := coalesce $vpath.dest "" }}
|
|
|
|
+ {{- $port := when (hasKey $vpath "port") (toString $vpath.port) "default" }}
|
|
|
|
+ {{- $path_data := when (hasKey $paths $path) (get $paths $path) (dict) }}
|
|
|
|
+ {{- $path_ports := when (hasKey $path_data "ports") (get $path_data "ports") (dict) }}
|
|
|
|
+ {{- $path_port_containers := when (hasKey $path_ports $port) (get $path_ports $port) (list) }}
|
|
|
|
+ {{- $path_port_containers = concat $path_port_containers $containers }}
|
|
|
|
+ {{- $_ := set $path_ports $port $path_port_containers }}
|
|
|
|
+ {{- $_ := set $path_data "ports" $path_ports }}
|
|
|
|
+ {{- if (not (hasKey $path_data "dest")) }}
|
|
|
|
+ {{- $_ := set $path_data "dest" $dest }}
|
|
|
|
+ {{- end }}
|
|
|
|
+ {{- $_ := set $paths $path $path_data }}
|
|
|
|
+ {{- end }}
|
|
|
|
+ {{- $_ := set $vhost_data "paths" $paths }}
|
|
|
|
+ {{- $is_regexp := hasPrefix "~" $hostname }}
|
|
|
|
+ {{- $_ := set $vhost_data "upstream_name" (when (or $is_regexp $globals.sha1_upstream_name) (sha1 $hostname) $hostname) }}
|
|
|
|
+ {{- $_ := set $globals.vhosts $hostname $vhost_data }}
|
|
|
|
+ {{- end }}
|
|
|
|
+{{- end }}
|
|
|
|
+
|
|
|
|
+{{- /* Precompute and store some information about vhost that use VIRTUAL_HOST. */}}
|
|
{{- range $hostname, $containers := groupByMulti $globals.containers "Env.VIRTUAL_HOST" "," }}
|
|
{{- range $hostname, $containers := groupByMulti $globals.containers "Env.VIRTUAL_HOST" "," }}
|
|
|
|
+ {{- /* Ignore containers with VIRTUAL_HOST set to the empty string. */}}
|
|
{{- $hostname = trim $hostname }}
|
|
{{- $hostname = trim $hostname }}
|
|
{{- if not $hostname }}
|
|
{{- if not $hostname }}
|
|
- {{- /* Ignore containers with VIRTUAL_HOST set to the empty string. */}}
|
|
|
|
{{- continue }}
|
|
{{- continue }}
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
|
|
- {{- $certName := first (groupByKeys $containers "Env.CERT_NAME") }}
|
|
|
|
|
|
+ {{- /* Drop containers with both VIRTUAL_HOST and VIRTUAL_HOST_MULTIPORTS set
|
|
|
|
+ * (VIRTUAL_HOST_MULTIPORTS takes precedence thanks to the previous loop).
|
|
|
|
+ */}}
|
|
|
|
+ {{- range $_, $containers_to_drop := groupBy $containers "Env.VIRTUAL_HOST_MULTIPORTS" }}
|
|
|
|
+ {{- range $container := $containers_to_drop }}
|
|
|
|
+ {{- $containers = without $containers $container }}
|
|
|
|
+ {{- end }}
|
|
|
|
+ {{- end }}
|
|
|
|
+ {{- if (eq (len $containers) 0) }}
|
|
|
|
+ {{- continue }}
|
|
|
|
+ {{- end }}
|
|
|
|
+
|
|
|
|
+ {{- $vhost_data := when (hasKey $globals.vhosts $hostname) (get $globals.vhosts $hostname) (dict) }}
|
|
|
|
+ {{- $paths := coalesce $vhost_data.paths (dict) }}
|
|
|
|
+
|
|
|
|
+ {{- $tmp_paths := groupByWithDefault $containers "Env.VIRTUAL_PATH" "/" }}
|
|
|
|
+
|
|
|
|
+ {{- range $path, $containers := $tmp_paths }}
|
|
|
|
+ {{- $dest := or (first (groupByKeys $containers "Env.VIRTUAL_DEST")) "" }}
|
|
|
|
+ {{- $port := "legacy" }}
|
|
|
|
+ {{- $path_data := when (hasKey $paths $path) (get $paths $path) (dict) }}
|
|
|
|
+ {{- $path_ports := when (hasKey $path_data "ports") (get $path_data "ports") (dict) }}
|
|
|
|
+ {{- $path_port_containers := when (hasKey $path_ports $port) (get $path_ports $port) (list) }}
|
|
|
|
+ {{- $path_port_containers = concat $path_port_containers $containers }}
|
|
|
|
+ {{- $_ := set $path_ports $port $path_port_containers }}
|
|
|
|
+ {{- $_ := set $path_data "ports" $path_ports }}
|
|
|
|
+ {{- if (not (hasKey $path_data "dest")) }}
|
|
|
|
+ {{- $_ := set $path_data "dest" $dest }}
|
|
|
|
+ {{- end }}
|
|
|
|
+ {{- $_ := set $paths $path $path_data }}
|
|
|
|
+ {{- end }}
|
|
|
|
+ {{- $_ := set $vhost_data "paths" $paths }}
|
|
|
|
+ {{- $is_regexp := hasPrefix "~" $hostname }}
|
|
|
|
+ {{- $_ := set $vhost_data "upstream_name" (when (or $is_regexp $globals.sha1_upstream_name) (sha1 $hostname) $hostname) }}
|
|
|
|
+ {{- $_ := set $globals.vhosts $hostname $vhost_data }}
|
|
|
|
+{{- end }}
|
|
|
|
+
|
|
|
|
+{{- /* Loop over $globals.vhosts and update it with the remaining informations about each vhost. */}}
|
|
|
|
+{{- range $hostname, $vhost_data := $globals.vhosts }}
|
|
|
|
+ {{- $vhost_containers := list }}
|
|
|
|
+ {{- range $path, $vpath_data := $vhost_data.paths }}
|
|
|
|
+ {{- $vpath_containers := list }}
|
|
|
|
+ {{- range $port, $vport_containers := $vpath_data.ports }}
|
|
|
|
+ {{ $vpath_containers = concat $vpath_containers $vport_containers }}
|
|
|
|
+ {{- end }}
|
|
|
|
+
|
|
|
|
+ {{- /* Get the VIRTUAL_PROTO defined by containers w/ the same vhost-vpath, falling back to "http". */}}
|
|
|
|
+ {{- $proto := trim (or (first (groupByKeys $vpath_containers "Env.VIRTUAL_PROTO")) "http") }}
|
|
|
|
+ {{- /* Get the NETWORK_ACCESS defined by containers w/ the same vhost, falling back to "external". */}}
|
|
|
|
+ {{- $network_tag := or (first (groupByKeys $vpath_containers "Env.NETWORK_ACCESS")) "external" }}
|
|
|
|
+
|
|
|
|
+ {{- $loadbalance := first (keys (groupByLabel $vpath_containers "com.github.nginx-proxy.nginx-proxy.loadbalance")) }}
|
|
|
|
+ {{- $keepalive := coalesce (first (keys (groupByLabel $vpath_containers "com.github.nginx-proxy.nginx-proxy.keepalive"))) "disabled" }}
|
|
|
|
+
|
|
|
|
+ {{- $upstream := $vhost_data.upstream_name }}
|
|
|
|
+ {{- if (not (eq $path "/")) }}
|
|
|
|
+ {{- $sum := sha1 $path }}
|
|
|
|
+ {{- $upstream = printf "%s-%s" $upstream $sum }}
|
|
|
|
+ {{- end }}
|
|
|
|
+
|
|
|
|
+ {{- $_ := set $vpath_data "proto" $proto }}
|
|
|
|
+ {{- $_ := set $vpath_data "network_tag" $network_tag }}
|
|
|
|
+ {{- $_ := set $vpath_data "upstream" $upstream }}
|
|
|
|
+ {{- $_ := set $vpath_data "loadbalance" $loadbalance }}
|
|
|
|
+ {{- $_ := set $vpath_data "keepalive" $keepalive }}
|
|
|
|
+ {{- $_ := set $vhost_data.paths $path $vpath_data }}
|
|
|
|
+
|
|
|
|
+ {{ $vhost_containers = concat $vhost_containers $vpath_containers }}
|
|
|
|
+ {{- end }}
|
|
|
|
+
|
|
|
|
+ {{- $certName := first (groupByKeys $vhost_containers "Env.CERT_NAME") }}
|
|
{{- $vhostCert := closest (dir "/etc/nginx/certs") (printf "%s.crt" $hostname) }}
|
|
{{- $vhostCert := closest (dir "/etc/nginx/certs") (printf "%s.crt" $hostname) }}
|
|
{{- $vhostCert = trimSuffix ".crt" $vhostCert }}
|
|
{{- $vhostCert = trimSuffix ".crt" $vhostCert }}
|
|
{{- $vhostCert = trimSuffix ".key" $vhostCert }}
|
|
{{- $vhostCert = trimSuffix ".key" $vhostCert }}
|
|
@@ -516,49 +589,23 @@ proxy_set_header Proxy "";
|
|
{{- $cert_ok := and (ne $cert "") (exists (printf "/etc/nginx/certs/%s.crt" $cert)) (exists (printf "/etc/nginx/certs/%s.key" $cert)) }}
|
|
{{- $cert_ok := and (ne $cert "") (exists (printf "/etc/nginx/certs/%s.crt" $cert)) (exists (printf "/etc/nginx/certs/%s.key" $cert)) }}
|
|
|
|
|
|
{{- $default := eq $globals.Env.DEFAULT_HOST $hostname }}
|
|
{{- $default := eq $globals.Env.DEFAULT_HOST $hostname }}
|
|
- {{- $https_method := or (first (groupByKeys $containers "Env.HTTPS_METHOD")) $globals.Env.HTTPS_METHOD "redirect" }}
|
|
|
|
- {{- $http2_enabled := parseBool (or (first (keys (groupByLabel $containers "com.github.nginx-proxy.nginx-proxy.http2.enable"))) $globals.Env.ENABLE_HTTP2 "true")}}
|
|
|
|
- {{- $http3_enabled := parseBool (or (first (keys (groupByLabel $containers "com.github.nginx-proxy.nginx-proxy.http3.enable"))) $globals.Env.ENABLE_HTTP3 "false")}}
|
|
|
|
-
|
|
|
|
- {{- $is_regexp := hasPrefix "~" $hostname }}
|
|
|
|
- {{- $upstream_name := when (or $is_regexp $globals.sha1_upstream_name) (sha1 $hostname) $hostname }}
|
|
|
|
|
|
+ {{- $https_method := or (first (groupByKeys $vhost_containers "Env.HTTPS_METHOD")) $globals.Env.HTTPS_METHOD "redirect" }}
|
|
|
|
+ {{- $http2_enabled := parseBool (or (first (keys (groupByLabel $vhost_containers "com.github.nginx-proxy.nginx-proxy.http2.enable"))) $globals.Env.ENABLE_HTTP2 "true")}}
|
|
|
|
+ {{- $http3_enabled := parseBool (or (first (keys (groupByLabel $vhost_containers "com.github.nginx-proxy.nginx-proxy.http3.enable"))) $globals.Env.ENABLE_HTTP3 "false")}}
|
|
|
|
|
|
{{- /* Get the SERVER_TOKENS defined by containers w/ the same vhost, falling back to "". */}}
|
|
{{- /* Get the SERVER_TOKENS defined by containers w/ the same vhost, falling back to "". */}}
|
|
- {{- $server_tokens := trim (or (first (groupByKeys $containers "Env.SERVER_TOKENS")) "") }}
|
|
|
|
|
|
+ {{- $server_tokens := trim (or (first (groupByKeys $vhost_containers "Env.SERVER_TOKENS")) "") }}
|
|
|
|
|
|
{{- /* Get the SSL_POLICY defined by containers w/ the same vhost, falling back to empty string (use default). */}}
|
|
{{- /* Get the SSL_POLICY defined by containers w/ the same vhost, falling back to empty string (use default). */}}
|
|
- {{- $ssl_policy := or (first (groupByKeys $containers "Env.SSL_POLICY")) "" }}
|
|
|
|
|
|
+ {{- $ssl_policy := or (first (groupByKeys $vhost_containers "Env.SSL_POLICY")) "" }}
|
|
|
|
|
|
{{- /* Get the HSTS defined by containers w/ the same vhost, falling back to "max-age=31536000". */}}
|
|
{{- /* Get the HSTS defined by containers w/ the same vhost, falling back to "max-age=31536000". */}}
|
|
- {{- $hsts := or (first (groupByKeys $containers "Env.HSTS")) (or $globals.Env.HSTS "max-age=31536000") }}
|
|
|
|
|
|
+ {{- $hsts := or (first (groupByKeys $vhost_containers "Env.HSTS")) (or $globals.Env.HSTS "max-age=31536000") }}
|
|
|
|
|
|
{{- /* Get the VIRTUAL_ROOT By containers w/ use fastcgi root */}}
|
|
{{- /* Get the VIRTUAL_ROOT By containers w/ use fastcgi root */}}
|
|
- {{- $vhost_root := or (first (groupByKeys $containers "Env.VIRTUAL_ROOT")) "/var/www/public" }}
|
|
|
|
-
|
|
|
|
-
|
|
|
|
- {{- $tmp_paths := groupBy $containers "Env.VIRTUAL_PATH" }}
|
|
|
|
- {{- $has_virtual_paths := gt (len $tmp_paths) 0}}
|
|
|
|
- {{- if not $has_virtual_paths }}
|
|
|
|
- {{- $tmp_paths = dict "/" $containers }}
|
|
|
|
- {{- end }}
|
|
|
|
|
|
+ {{- $vhost_root := or (first (groupByKeys $vhost_containers "Env.VIRTUAL_ROOT")) "/var/www/public" }}
|
|
|
|
|
|
- {{- $paths := dict }}
|
|
|
|
-
|
|
|
|
- {{- range $path, $containers := $tmp_paths }}
|
|
|
|
- {{- $args := dict "Containers" $containers "Path" $path "Upstream_name" $upstream_name "Has_virtual_paths" $has_virtual_paths }}
|
|
|
|
- {{- template "get_path_info" $args }}
|
|
|
|
- {{- $_ := set $paths $path (dict
|
|
|
|
- "ports" (dict "legacy" $containers)
|
|
|
|
- "dest" $args.dest
|
|
|
|
- "proto" $args.proto
|
|
|
|
- "network_tag" $args.network_tag
|
|
|
|
- "upstream" $args.upstream
|
|
|
|
- "loadbalance" $args.loadbalance
|
|
|
|
- "keepalive" $args.keepalive
|
|
|
|
- ) }}
|
|
|
|
- {{- end }}
|
|
|
|
-
|
|
|
|
- {{- $_ := set $globals.vhosts $hostname (dict
|
|
|
|
|
|
+ {{- $vhost_data = merge $vhost_data (dict
|
|
"cert" $cert
|
|
"cert" $cert
|
|
"cert_ok" $cert_ok
|
|
"cert_ok" $cert_ok
|
|
"default" $default
|
|
"default" $default
|
|
@@ -566,13 +613,14 @@ proxy_set_header Proxy "";
|
|
"https_method" $https_method
|
|
"https_method" $https_method
|
|
"http2_enabled" $http2_enabled
|
|
"http2_enabled" $http2_enabled
|
|
"http3_enabled" $http3_enabled
|
|
"http3_enabled" $http3_enabled
|
|
- "paths" $paths
|
|
|
|
"server_tokens" $server_tokens
|
|
"server_tokens" $server_tokens
|
|
"ssl_policy" $ssl_policy
|
|
"ssl_policy" $ssl_policy
|
|
"vhost_root" $vhost_root
|
|
"vhost_root" $vhost_root
|
|
) }}
|
|
) }}
|
|
|
|
+ {{- $_ := set $globals.vhosts $hostname $vhost_data }}
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
|
|
|
|
+
|
|
{{- /*
|
|
{{- /*
|
|
* If needed, create a catch-all fallback server to send an error code to
|
|
* If needed, create a catch-all fallback server to send an error code to
|
|
* clients that request something from an unknown vhost.
|
|
* clients that request something from an unknown vhost.
|
|
@@ -808,4 +856,4 @@ server {
|
|
}
|
|
}
|
|
{{- end }}
|
|
{{- end }}
|
|
}
|
|
}
|
|
-{{- end }}
|
|
|
|
|
|
+{{- end }}
|