首頁 探索 說明
登入
mirrors
/
nginx-proxy
镜像来自 https://github.com/nginx-proxy/nginx-proxy.git
2
0
複刻 0
檔案
瀏覽代碼

Add fallback to the proxy containers env for HTTPS_METHOD and HSTS

Signed-off-by: Julius Härtl <jus@bitgrid.net>
Julius Härtl 5 年之前
父節點
e762468759
當前提交
f8b4553eee
共有 2 個文件被更改,包括 4 次插入4 次删除
統一視圖 顯示文件統計
  1. 2 2
      README.md
  2. 2 2
      nginx.tmpl

+ 2 - 2
README.md
查看文件 

@@ -285,8 +285,8 @@ a 500.
 
 To serve traffic in both SSL and non-SSL modes without redirecting to SSL, you can include the
 
 To serve traffic in both SSL and non-SSL modes without redirecting to SSL, you can include the
 
 environment variable `HTTPS_METHOD=noredirect` (the default is `HTTPS_METHOD=redirect`).  You can also
 
 environment variable `HTTPS_METHOD=noredirect` (the default is `HTTPS_METHOD=redirect`).  You can also
 
 disable the non-SSL site entirely with `HTTPS_METHOD=nohttp`, or disable the HTTPS site with
 
 disable the non-SSL site entirely with `HTTPS_METHOD=nohttp`, or disable the HTTPS site with
 
-`HTTPS_METHOD=nohttps`. `HTTPS_METHOD` must be specified on each container for which you want to
 
-override the default behavior.  If `HTTPS_METHOD=noredirect` is used, Strict Transport Security (HSTS)
 
+`HTTPS_METHOD=nohttps`. `HTTPS_METHOD` can be specified on each container for which you want to
 
+override the default behavior or on the proxy container to set it globally. If `HTTPS_METHOD=noredirect` is used, Strict Transport Security (HSTS)
 
 is disabled to prevent HTTPS users from being redirected by the client.  If you cannot get to the HTTP
 
 is disabled to prevent HTTPS users from being redirected by the client.  If you cannot get to the HTTP
 
 site after changing this setting, your browser has probably cached the HSTS policy and is automatically
 
 site after changing this setting, your browser has probably cached the HSTS policy and is automatically
 
 redirecting you back to HTTPS.  You will need to clear your browser's HSTS cache or use an incognito
 
 redirecting you back to HTTPS.  You will need to clear your browser's HSTS cache or use an incognito

+ 2 - 2
nginx.tmpl
查看文件 

@@ -209,13 +209,13 @@ upstream {{ $upstream_name }} {
 
 {{ $network_tag := or (first (groupByKeys $containers "Env.NETWORK_ACCESS")) "external" }}
 
 {{ $network_tag := or (first (groupByKeys $containers "Env.NETWORK_ACCESS")) "external" }}
 
 
 
 {{/* Get the HTTPS_METHOD defined by containers w/ the same vhost, falling back to "redirect" */}}
 
 {{/* Get the HTTPS_METHOD defined by containers w/ the same vhost, falling back to "redirect" */}}
 
-{{ $https_method := or (first (groupByKeys $containers "Env.HTTPS_METHOD")) "redirect" }}
 
+{{ $https_method := or (first (groupByKeys $containers "Env.HTTPS_METHOD")) (or $.Env.HTTPS_METHOD "redirect") }}
 
 
 
 {{/* Get the SSL_POLICY defined by containers w/ the same vhost, falling back to empty string (use default) */}}
 
 {{/* Get the SSL_POLICY defined by containers w/ the same vhost, falling back to empty string (use default) */}}
 
 {{ $ssl_policy := or (first (groupByKeys $containers "Env.SSL_POLICY")) "" }}
 
 {{ $ssl_policy := or (first (groupByKeys $containers "Env.SSL_POLICY")) "" }}
 
 
 
 {{/* Get the HSTS defined by containers w/ the same vhost, falling back to "max-age=31536000" */}}
 
 {{/* Get the HSTS defined by containers w/ the same vhost, falling back to "max-age=31536000" */}}
 
-{{ $hsts := or (first (groupByKeys $containers "Env.HSTS")) "max-age=31536000" }}
 
+{{ $hsts := or (first (groupByKeys $containers "Env.HSTS")) (or $.Env.HSTS "max-age=31536000") }}
 
 
 
 {{/* Get the VIRTUAL_ROOT By containers w/ use fastcgi root */}}
 
 {{/* Get the VIRTUAL_ROOT By containers w/ use fastcgi root */}}
 
 {{ $vhost_root := or (first (groupByKeys $containers "Env.VIRTUAL_ROOT")) "/var/www/public" }}
 
 {{ $vhost_root := or (first (groupByKeys $containers "Env.VIRTUAL_ROOT")) "/var/www/public" }}