Public | Automated Build

Last pushed: 7 months ago
Short Description
nginx with a customised nginx.conf for reverse proxying to a container running a unicorn web server
Full Description

gordonchan/nginx-unicorn-rails

The official nginx with a customised nginx.conf designed for reverse proxying (with SSL support) to a container running a unicorn web server.

The nginx.conf file is based on the nginx example file provided by unicorn.

I have made modifications for my selfish needs but it should be generic enough for general use.

Notes

  • This image assumes the hostname app1 and app2 will connect to the containers running the unicorn servers. Basic load balancing is configured, however it is perfectly okay to have only one unicorn server container running.
  • This image assumes the SSL certificate and key files are located at /etc/nginx/certs/fullchain.pem and /etc/nginx/certs/privkey.pem on the container respectively.
  • The SSL cipher suite is the 'moderate' profile cipher suite recommended by Mozilla.
  • The SSL cipher suite disables non-EC Diffie-Hellman key exchange to avoid the need to generate a Diffie-Hellman group. For more information visti: https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/. In a future update, I may write a entrypoint.sh to generate a DH group in the container.
  • For connections coming from CloudFlare, preserve the originating IP of the visitor.

License

Copyright (c) 2016 Gordon Chan. Released under the MIT License. It is free software, and may be redistributed under the terms specified in the LICENSE file.

Docker Pull Command
Owner
gordonchan
Source Repository

Comments (0)