|
@@ -143,6 +143,7 @@ proxy_set_header Proxy "";
|
|
{{ $enable_ipv6 := eq (or ($.Env.ENABLE_IPV6) "") "true" }}
|
|
{{ $enable_ipv6 := eq (or ($.Env.ENABLE_IPV6) "") "true" }}
|
|
server {
|
|
server {
|
|
server_name _; # This is just an invalid value which will never trigger on a real hostname.
|
|
server_name _; # This is just an invalid value which will never trigger on a real hostname.
|
|
|
|
+ server_tokens off;
|
|
listen {{ $external_http_port }};
|
|
listen {{ $external_http_port }};
|
|
{{ if $enable_ipv6 }}
|
|
{{ if $enable_ipv6 }}
|
|
listen [::]:{{ $external_http_port }};
|
|
listen [::]:{{ $external_http_port }};
|
|
@@ -154,6 +155,7 @@ server {
|
|
{{ if (and (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }}
|
|
{{ if (and (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }}
|
|
server {
|
|
server {
|
|
server_name _; # This is just an invalid value which will never trigger on a real hostname.
|
|
server_name _; # This is just an invalid value which will never trigger on a real hostname.
|
|
|
|
+ server_tokens off;
|
|
listen {{ $external_https_port }} ssl http2;
|
|
listen {{ $external_https_port }} ssl http2;
|
|
{{ if $enable_ipv6 }}
|
|
{{ if $enable_ipv6 }}
|
|
listen [::]:{{ $external_https_port }} ssl http2;
|
|
listen [::]:{{ $external_https_port }} ssl http2;
|
|
@@ -210,6 +212,9 @@ upstream {{ $upstream_name }} {
|
|
{{/* Get the VIRTUAL_PROTO defined by containers w/ the same vhost, falling back to "http" */}}
|
|
{{/* Get the VIRTUAL_PROTO defined by containers w/ the same vhost, falling back to "http" */}}
|
|
{{ $proto := trim (or (first (groupByKeys $containers "Env.VIRTUAL_PROTO")) "http") }}
|
|
{{ $proto := trim (or (first (groupByKeys $containers "Env.VIRTUAL_PROTO")) "http") }}
|
|
|
|
|
|
|
|
+{{/* Get the SERVER_TOKENS defined by containers w/ the same vhost, falling back to "" */}}
|
|
|
|
+{{ $server_tokens := trim (or (first (groupByKeys $containers "Env.SERVER_TOKENS")) "") }}
|
|
|
|
+
|
|
{{/* Get the NETWORK_ACCESS defined by containers w/ the same vhost, falling back to "external" */}}
|
|
{{/* Get the NETWORK_ACCESS defined by containers w/ the same vhost, falling back to "external" */}}
|
|
{{ $network_tag := or (first (groupByKeys $containers "Env.NETWORK_ACCESS")) "external" }}
|
|
{{ $network_tag := or (first (groupByKeys $containers "Env.NETWORK_ACCESS")) "external" }}
|
|
|
|
|
|
@@ -246,6 +251,9 @@ upstream {{ $upstream_name }} {
|
|
{{ if eq $https_method "redirect" }}
|
|
{{ if eq $https_method "redirect" }}
|
|
server {
|
|
server {
|
|
server_name {{ $host }};
|
|
server_name {{ $host }};
|
|
|
|
+ {{ if $server_tokens }}
|
|
|
|
+ server_tokens {{ $server_tokens }};
|
|
|
|
+ {{ end }}
|
|
listen {{ $external_http_port }} {{ $default_server }};
|
|
listen {{ $external_http_port }} {{ $default_server }};
|
|
{{ if $enable_ipv6 }}
|
|
{{ if $enable_ipv6 }}
|
|
listen [::]:{{ $external_http_port }} {{ $default_server }};
|
|
listen [::]:{{ $external_http_port }} {{ $default_server }};
|
|
@@ -270,6 +278,9 @@ server {
|
|
|
|
|
|
server {
|
|
server {
|
|
server_name {{ $host }};
|
|
server_name {{ $host }};
|
|
|
|
+ {{ if $server_tokens }}
|
|
|
|
+ server_tokens {{ $server_tokens }};
|
|
|
|
+ {{ end }}
|
|
listen {{ $external_https_port }} ssl http2 {{ $default_server }};
|
|
listen {{ $external_https_port }} ssl http2 {{ $default_server }};
|
|
{{ if $enable_ipv6 }}
|
|
{{ if $enable_ipv6 }}
|
|
listen [::]:{{ $external_https_port }} ssl http2 {{ $default_server }};
|
|
listen [::]:{{ $external_https_port }} ssl http2 {{ $default_server }};
|
|
@@ -342,6 +353,9 @@ server {
|
|
|
|
|
|
server {
|
|
server {
|
|
server_name {{ $host }};
|
|
server_name {{ $host }};
|
|
|
|
+ {{ if $server_tokens }}
|
|
|
|
+ server_tokens {{ $server_tokens }};
|
|
|
|
+ {{ end }}
|
|
listen {{ $external_http_port }} {{ $default_server }};
|
|
listen {{ $external_http_port }} {{ $default_server }};
|
|
{{ if $enable_ipv6 }}
|
|
{{ if $enable_ipv6 }}
|
|
listen [::]:80 {{ $default_server }};
|
|
listen [::]:80 {{ $default_server }};
|
|
@@ -387,6 +401,9 @@ server {
|
|
{{ if (and (not $is_https) (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }}
|
|
{{ if (and (not $is_https) (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }}
|
|
server {
|
|
server {
|
|
server_name {{ $host }};
|
|
server_name {{ $host }};
|
|
|
|
+ {{ if $server_tokens }}
|
|
|
|
+ server_tokens {{ $server_tokens }};
|
|
|
|
+ {{ end }}
|
|
listen {{ $external_https_port }} ssl http2 {{ $default_server }};
|
|
listen {{ $external_https_port }} ssl http2 {{ $default_server }};
|
|
{{ if $enable_ipv6 }}
|
|
{{ if $enable_ipv6 }}
|
|
listen [::]:{{ $external_https_port }} ssl http2 {{ $default_server }};
|
|
listen [::]:{{ $external_https_port }} ssl http2 {{ $default_server }};
|