Public | Automated Build

Last pushed: 5 days ago
Short Description
pro nginx docker container - alpine based with a+ ssl, acme, openssl, htaccess and config via env
Full Description

Docker production ready NGINX Container (servercontainers/nginx)

maintained by ServerContainers

FAQ - All you need to know about the servercontainers Containers

What is it

This Dockerfile (available as servercontainers/nginx) gives you a NGINX on alpine. It is also possible to configure an auto lets encrypt certificate or self signed certificate and reverse proxy mechanism.

For Configuration of the Server you use environment Variables.

It's based on the nginx:alpine Image

View in Docker Registry servercontainers/nginx

View in GitHub ServerContainers/nginx

Usage

You can try this container with the provided _docker_compose.yml_ which starts an mysql container with phpmyadmin
and adds a reverse proxy location to the nginx.

So you can open the phpmyadmin SSL protected at https://localhost/phpmyadmin/

Environment variables and defaults

NGINX

All options for the OpenSSL Stuff

  • NGINX_CONFIG_myconfigname
    • multiple variables/confgurations possible by adding unique configname to NGINXCONFIG
    • adds a new nginx configuration
    • server_name is required
    • example:
      • "server {server_name localhost; location / {root /data; index index.html;}}"
    • by default http redirects to ssl, ssl options get injected

to get an a+ rating at the qualys ssl test you need to set the Strict-Transport-Security
inside your nginx configuration like this:

# only this domain
add_header Strict-Transport-Security "max-age=31536000";
# apply also on subdomains
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
  • NGINX_RAW_CONFIG_myconfigname
    • multiple variables/confgurations possible by adding unique configname to NGINX_RAWCONFIG
    • adds a new nginx configuration without any modification
    • example:

HTACCESS

  • HTACCESS_ACCOUNT_username
    • multiple variables/accounts possible
    • adds a new htaccess account with the given username and the env value as password
    • htaccess file will be saved at /conf/auth.htpasswd

to enable authentication add the following to your nginx config (inside or outside the location tag):

auth_basic "Restricted Area"; auth_basic_user_file /conf/auth.htpasswd;

ACME (Googles golang Let's Encrypt Client)

You need to accept the terms of the certificate authority, look inside to logs to find the URL where you get the current version.

Terms:         https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf
  • SSL_ACME_REGISTER_MAIL
    • set this to your email to get notifications from the certificate authority
    • needs to be set to enable the ACME client

OpenSSL

All options for the OpenSSL Stuff

  • DH_SIZE
    • no default - needed only if you don't trust my shipped 4096 version.
    • if set a new one with given size is generated
    • only use a number as value

Specials

Docker Registry proxy with Basic Auth

You can indeed use this container as a Docker Registry Proxy with Basic Authentication.
Just add some Accounts with the HTACCESS_ACCOUNT_username variables and take a look at the following NGINX_CONFIG_myconfigname configuration.

HTACCESS_ACCOUNT_marvin=MyRegistRyPasSwOrD
NGINX_CONFIG_myDockerRegistry="upstream docker-registry {server registry:5000;} server {server_name registry.example.com; include /etc/nginx/snippets/docker-registry-proxy.conf;}"

You need to specify the docker registry upstream, add a server_name necessary for the certificate generation.
Most importantly include the file include /etc/nginx/snippets/docker-registry-proxy.conf; inside your server statement.

Thats all - now you have a working docker registry proxy with ssl, basic auth!

Docker Pull Command
Owner
servercontainers
Source Repository

Comments (0)