Home Explore Help
Sign In
mirrors
/
nginx-proxy
mirror of https://github.com/nginx-proxy/nginx-proxy.git
2
0
Fork 0
Files
Browse Source

Add fallback to the proxy containers env for HTTPS_METHOD and HSTS

Signed-off-by: Julius Härtl <jus@bitgrid.net>
Julius Härtl 5 years ago
parent
e762468759
commit
f8b4553eee
2 changed files with 4 additions and 4 deletions
Unified View Show Diff Stats
  1. 2 2
      README.md
  2. 2 2
      nginx.tmpl

+ 2 - 2
README.md
View File 

@@ -285,8 +285,8 @@ a 500.
 
 To serve traffic in both SSL and non-SSL modes without redirecting to SSL, you can include the
 
 To serve traffic in both SSL and non-SSL modes without redirecting to SSL, you can include the
 
 environment variable `HTTPS_METHOD=noredirect` (the default is `HTTPS_METHOD=redirect`).  You can also
 
 environment variable `HTTPS_METHOD=noredirect` (the default is `HTTPS_METHOD=redirect`).  You can also
 
 disable the non-SSL site entirely with `HTTPS_METHOD=nohttp`, or disable the HTTPS site with
 
 disable the non-SSL site entirely with `HTTPS_METHOD=nohttp`, or disable the HTTPS site with
 
-`HTTPS_METHOD=nohttps`. `HTTPS_METHOD` must be specified on each container for which you want to
 
-override the default behavior.  If `HTTPS_METHOD=noredirect` is used, Strict Transport Security (HSTS)
 
+`HTTPS_METHOD=nohttps`. `HTTPS_METHOD` can be specified on each container for which you want to
 
+override the default behavior or on the proxy container to set it globally. If `HTTPS_METHOD=noredirect` is used, Strict Transport Security (HSTS)
 
 is disabled to prevent HTTPS users from being redirected by the client.  If you cannot get to the HTTP
 
 is disabled to prevent HTTPS users from being redirected by the client.  If you cannot get to the HTTP
 
 site after changing this setting, your browser has probably cached the HSTS policy and is automatically
 
 site after changing this setting, your browser has probably cached the HSTS policy and is automatically
 
 redirecting you back to HTTPS.  You will need to clear your browser's HSTS cache or use an incognito
 
 redirecting you back to HTTPS.  You will need to clear your browser's HSTS cache or use an incognito

+ 2 - 2
nginx.tmpl
View File 

@@ -209,13 +209,13 @@ upstream {{ $upstream_name }} {
 
 {{ $network_tag := or (first (groupByKeys $containers "Env.NETWORK_ACCESS")) "external" }}
 
 {{ $network_tag := or (first (groupByKeys $containers "Env.NETWORK_ACCESS")) "external" }}
 
 
 
 {{/* Get the HTTPS_METHOD defined by containers w/ the same vhost, falling back to "redirect" */}}
 
 {{/* Get the HTTPS_METHOD defined by containers w/ the same vhost, falling back to "redirect" */}}
 
-{{ $https_method := or (first (groupByKeys $containers "Env.HTTPS_METHOD")) "redirect" }}
 
+{{ $https_method := or (first (groupByKeys $containers "Env.HTTPS_METHOD")) (or $.Env.HTTPS_METHOD "redirect") }}
 
 
 
 {{/* Get the SSL_POLICY defined by containers w/ the same vhost, falling back to empty string (use default) */}}
 
 {{/* Get the SSL_POLICY defined by containers w/ the same vhost, falling back to empty string (use default) */}}
 
 {{ $ssl_policy := or (first (groupByKeys $containers "Env.SSL_POLICY")) "" }}
 
 {{ $ssl_policy := or (first (groupByKeys $containers "Env.SSL_POLICY")) "" }}
 
 
 
 {{/* Get the HSTS defined by containers w/ the same vhost, falling back to "max-age=31536000" */}}
 
 {{/* Get the HSTS defined by containers w/ the same vhost, falling back to "max-age=31536000" */}}
 
-{{ $hsts := or (first (groupByKeys $containers "Env.HSTS")) "max-age=31536000" }}
 
+{{ $hsts := or (first (groupByKeys $containers "Env.HSTS")) (or $.Env.HSTS "max-age=31536000") }}
 
 
 
 {{/* Get the VIRTUAL_ROOT By containers w/ use fastcgi root */}}
 
 {{/* Get the VIRTUAL_ROOT By containers w/ use fastcgi root */}}
 
 {{ $vhost_root := or (first (groupByKeys $containers "Env.VIRTUAL_ROOT")) "/var/www/public" }}
 
 {{ $vhost_root := or (first (groupByKeys $containers "Env.VIRTUAL_ROOT")) "/var/www/public" }}