Skip to content

Commit 04b99b2

Browse files
bfrenbfren
authored
v1.1.1 (#6)
Minor updates * Redirect weekly update to update log Documentation updates * Updating licence and readme to 2021 * Switching volumes / environment to be a table * Adding Nginx configuration helpers Version bump to 1.1.1
1 parent ed692b2 commit 04b99b2

File tree

5 files changed

+47
-23
lines changed

5 files changed

+47
-23
lines changed

LICENSE

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
MIT License
22

3-
Copyright (c) 2020 Ben Green
3+
Copyright (c) 2021 Ben Green
44

55
Permission is hereby granted, free of charge, to any person obtaining a copy
66
of this software and associated documentation files (the "Software"), to deal

README.md

Lines changed: 41 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -4,31 +4,55 @@
44

55
[Docker Repository](https://hub.docker.com/r/bcgdesign/nginx-proxy) - [bcg|design ecosystem](https://github.com/bencgreen/docker)
66

7-
Nginx Proxy which uses [getssl](https://github.com/srvrco/getssl) to automate requesting and renewing SSL certificates via Let's Encrypt.
7+
Nginx Proxy which uses [getssl](https://github.com/srvrco/getssl) to automate requesting and renewing SSL certificates via Let's Encrypt. Certificates are checked for renewal every week - the last check can be viewed in the `/ssl` volume.
88

99
## Ports
1010

11+
For SSL certificate requests to work correctly, ports 80 and 443 need mapping from the host to your proxy container, e.g. adding `"0.0.0.0:80:80"` to the ports section of your docker compose file.
12+
1113
* 80 (from base image)
1214
* 443
1315

14-
## Environment Variables
15-
16-
Required:
16+
## Volumes
1717

18-
```bash
19-
LETS_ENCRYPT_EMAIL= # used for renewal notification emails
20-
```
18+
| Volume | Purpose |
19+
| -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
20+
| `/www` | *From base image* |
21+
| `/sites` | Nginx site configuration, auto-generated on first run based on `conf.sh`. After they are generated, you can alter them to suit their needs. Running `nginx-regenerate` will wipe them all and start again. |
22+
| `/ssl` | Contains auto-generated SSL configuration and certificates (for backup purposes). Your `conf.sh` file should be stored in here for auto-configuration (see `ssl-conf-sample.sh`). Certificate update log (`update.log`) will be created here weekly. |
2123

22-
Optional:
24+
## Environment Variables
2325

24-
```bash
25-
CLEAN_INSTALL=0 # clean all config and certificates before doing anything else
26-
LETS_ENCRYPT_LIVE=0 # set to 1 to use live instead of staging server
27-
SSL_DHPARAM_BITS=4096 # set to the number of bits to use for generating DH parameters
28-
SSL_REDIRECT_INSECURE=0 # HTTPS redirection
29-
SSL_REDIRECT_TO_CANONICAL=0 # canonical domain name redirection
30-
SSL_REQUEST_ON_STARTUP=0 # automatically request certificates on startup
31-
```
26+
| Variable | Values | Description | Default |
27+
| ------------------------------ | --------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- |
28+
| `LETS_ENCRYPT_EMAIL` | A valid email address | Used by Lets Encrypt for notification emails. | *None* - **required** |
29+
| `CLEAN_INSTALL` | 0 or 1 | If 1, all Nginx and SSL configuration and certificates will be deleted and regenerated. | 0 |
30+
| `LETS_ENCRYPT_LIVE` | 0 or 1 | Only set to 1 (to request live certificates) when your config is correct - Lets Encrypt rate limit certificate requests. | 0 |
31+
| `SSL_DHPARAM_BITS` | A valid integer | The size of your DHPARAM variables - adjust down only if you have limited processing resources. | 4096 |
32+
| `SSL_REDIRECT_INSECURE` | 0 or 1 | If 1, all insecured (HTTP) requests will be upgraded by Nginx to secure (HTTPS). | 0 |
33+
| `SSL_REDIRECT_TO_CANONICAL` | 0 or 1 | If 1, all requests will be redirected to the primary domain (defined in `conf.sh`). | 0 |
34+
| `SSL_REQUEST_ON_STARTUP` | 0 or 1 | If 1, SSL certificates will be automatically requested - otherwise you'll need to use `ssl-request`. | 0 |
35+
| `GETSSL_SKIP_HTTP_TOKEN_CHECK` | true or false | Set to true to enable `getssl`'s [skip HTTP token check](https://github.com/srvrco/getssl/wiki/Config-variables#skip_http_token_checkfalse). | false |
36+
37+
## Helper Functions
38+
39+
| Function | Arguments | Description |
40+
| ------------------ | --------- | ----------------------------------------------------------------------------------- |
41+
| `nginx-regenerate` | *None* | Removes Nginx configuration files (in `/sites`) and regenerates based on `conf.sh`. |
42+
| `ssl-init` | *None* | Initialises SSL configuration based on `conf.sh`. |
43+
| `ssl-regenerate` | *None* | Removes SSL configuration files (in `/ssl`) and regenerates based on `conf.sh`. |
44+
| `ssl-request` | *None* | Requests SSL certificates from Lets Encrypt. |
45+
| `ssl-update` | *None* | Attempts to update SSL certificates manually. |
46+
47+
## Nginx Configuration Helpers
48+
49+
The image contains a handful of useful Nginx configuration 'helper' files, which you can find in `/overlay/etc/nginx/helpers`.
50+
51+
| Helper | Description |
52+
| --------------------- | ---------------------------------------------------------------------------------------------------------------- |
53+
| `proxy-params.conf` | Headers commonly required when proxying a site. |
54+
| `secure-headers.conf` | Standard secure headers - see [Mozilla SSL Configuration Generator](https://ssl-config.mozilla.org/). |
55+
| `tls1_3-only.conf` | If you want to be ultra-secure (and not support older browsers), this will disable all TLS protocols except 1.3. |
3256

3357
## Authors
3458

@@ -40,5 +64,5 @@ SSL_REQUEST_ON_STARTUP=0 # automatically request certificates on startup
4064
4165
## Copyright
4266

43-
> Copyright (c) 2020 Ben Green <https://bcgdesign.com>
67+
> Copyright (c) 2021 Ben Green <https://bcgdesign.com>
4468
> Unless otherwise stated

VERSION

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
1.1.0
1+
1.1.1

overlay/etc/periodic/weekly/update-certs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,2 @@
1-
#!/bin/bash
2-
ssl-update
1+
#!/usr/bin/with-contenv bash
2+
ssl-update > ${SSL}/update.log

ssl-conf-sample.sh

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22

33
#======================================================================================================================
44
# This file should be modified to define domain arrays
5-
# and then stored in /ssl/conf/sites.sh
5+
# and then stored in /ssl/conf.sh
66
#
77
# DOMAINS is an associative array
88
# key: (string) primary domain name
@@ -12,7 +12,7 @@
1212
# key: (string) primary domain name - if it doesn't match one of the keys in DOMAINS, it will be ignored
1313
# value: (string) alias domain names to be included in the SSL certificate, separated by a space
1414
#
15-
# These arrays will generate configuration files that will be stored in /ssl/conf
15+
# These arrays will generate configuration files that will be stored in /sites and /ssl/certs
1616
# After generation they can be modified to suit your needs - after modification, the container should be restarted
1717
#======================================================================================================================
1818

0 commit comments

Comments
 (0)