瀏覽代碼

Add fallback to the proxy containers env for HTTPS_METHOD and HSTS

Signed-off-by: Julius Härtl <jus@bitgrid.net>
Julius Härtl 5 年之前
父節點
當前提交
f8b4553eee
共有 2 個文件被更改,包括 4 次插入4 次删除
  1. 2 2
      README.md
  2. 2 2
      nginx.tmpl

+ 2 - 2
README.md

@@ -285,8 +285,8 @@ a 500.
 To serve traffic in both SSL and non-SSL modes without redirecting to SSL, you can include the
 To serve traffic in both SSL and non-SSL modes without redirecting to SSL, you can include the
 environment variable `HTTPS_METHOD=noredirect` (the default is `HTTPS_METHOD=redirect`).  You can also
 environment variable `HTTPS_METHOD=noredirect` (the default is `HTTPS_METHOD=redirect`).  You can also
 disable the non-SSL site entirely with `HTTPS_METHOD=nohttp`, or disable the HTTPS site with
 disable the non-SSL site entirely with `HTTPS_METHOD=nohttp`, or disable the HTTPS site with
-`HTTPS_METHOD=nohttps`. `HTTPS_METHOD` must be specified on each container for which you want to
-override the default behavior.  If `HTTPS_METHOD=noredirect` is used, Strict Transport Security (HSTS)
+`HTTPS_METHOD=nohttps`. `HTTPS_METHOD` can be specified on each container for which you want to
+override the default behavior or on the proxy container to set it globally. If `HTTPS_METHOD=noredirect` is used, Strict Transport Security (HSTS)
 is disabled to prevent HTTPS users from being redirected by the client.  If you cannot get to the HTTP
 is disabled to prevent HTTPS users from being redirected by the client.  If you cannot get to the HTTP
 site after changing this setting, your browser has probably cached the HSTS policy and is automatically
 site after changing this setting, your browser has probably cached the HSTS policy and is automatically
 redirecting you back to HTTPS.  You will need to clear your browser's HSTS cache or use an incognito
 redirecting you back to HTTPS.  You will need to clear your browser's HSTS cache or use an incognito

+ 2 - 2
nginx.tmpl

@@ -209,13 +209,13 @@ upstream {{ $upstream_name }} {
 {{ $network_tag := or (first (groupByKeys $containers "Env.NETWORK_ACCESS")) "external" }}
 {{ $network_tag := or (first (groupByKeys $containers "Env.NETWORK_ACCESS")) "external" }}
 
 
 {{/* Get the HTTPS_METHOD defined by containers w/ the same vhost, falling back to "redirect" */}}
 {{/* Get the HTTPS_METHOD defined by containers w/ the same vhost, falling back to "redirect" */}}
-{{ $https_method := or (first (groupByKeys $containers "Env.HTTPS_METHOD")) "redirect" }}
+{{ $https_method := or (first (groupByKeys $containers "Env.HTTPS_METHOD")) (or $.Env.HTTPS_METHOD "redirect") }}
 
 
 {{/* Get the SSL_POLICY defined by containers w/ the same vhost, falling back to empty string (use default) */}}
 {{/* Get the SSL_POLICY defined by containers w/ the same vhost, falling back to empty string (use default) */}}
 {{ $ssl_policy := or (first (groupByKeys $containers "Env.SSL_POLICY")) "" }}
 {{ $ssl_policy := or (first (groupByKeys $containers "Env.SSL_POLICY")) "" }}
 
 
 {{/* Get the HSTS defined by containers w/ the same vhost, falling back to "max-age=31536000" */}}
 {{/* Get the HSTS defined by containers w/ the same vhost, falling back to "max-age=31536000" */}}
-{{ $hsts := or (first (groupByKeys $containers "Env.HSTS")) "max-age=31536000" }}
+{{ $hsts := or (first (groupByKeys $containers "Env.HSTS")) (or $.Env.HSTS "max-age=31536000") }}
 
 
 {{/* Get the VIRTUAL_ROOT By containers w/ use fastcgi root */}}
 {{/* Get the VIRTUAL_ROOT By containers w/ use fastcgi root */}}
 {{ $vhost_root := or (first (groupByKeys $containers "Env.VIRTUAL_ROOT")) "/var/www/public" }}
 {{ $vhost_root := or (first (groupByKeys $containers "Env.VIRTUAL_ROOT")) "/var/www/public" }}