diff --git a/.github/workflows/build-publish.yml b/.github/workflows/build-publish.yml index 6aeb9f540..b714de7a8 100644 --- a/.github/workflows/build-publish.yml +++ b/.github/workflows/build-publish.yml @@ -81,7 +81,7 @@ jobs: - name: Build and push the image id: docker_build - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: context: . file: Dockerfile.${{ matrix.base }} diff --git a/Dockerfile.alpine b/Dockerfile.alpine index 244ecb76c..a20e8959e 100644 --- a/Dockerfile.alpine +++ b/Dockerfile.alpine @@ -1,9 +1,9 @@ -FROM docker.io/nginxproxy/docker-gen:0.14.0 AS docker-gen +FROM docker.io/nginxproxy/docker-gen:0.14.2 AS docker-gen -FROM docker.io/nginxproxy/forego:0.18.1 AS forego +FROM docker.io/nginxproxy/forego:0.18.2 AS forego # Build the final image -FROM docker.io/library/nginx:1.27.0-alpine +FROM docker.io/library/nginx:1.27.1-alpine ARG NGINX_PROXY_VERSION # Add DOCKER_GEN_VERSION environment variable because diff --git a/Dockerfile.debian b/Dockerfile.debian index d3f5945ce..bbae9ee8b 100644 --- a/Dockerfile.debian +++ b/Dockerfile.debian @@ -1,9 +1,9 @@ -FROM docker.io/nginxproxy/docker-gen:0.14.0-debian AS docker-gen +FROM docker.io/nginxproxy/docker-gen:0.14.2-debian AS docker-gen -FROM docker.io/nginxproxy/forego:0.18.1-debian AS forego +FROM docker.io/nginxproxy/forego:0.18.2-debian AS forego # Build the final image -FROM docker.io/library/nginx:1.27.0 +FROM docker.io/library/nginx:1.27.1 ARG NGINX_PROXY_VERSION # Add DOCKER_GEN_VERSION environment variable because diff --git a/README.md b/README.md index d29c15d38..8eb3cd46c 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ [![Test](https://github.com/nginx-proxy/nginx-proxy/actions/workflows/test.yml/badge.svg)](https://github.com/nginx-proxy/nginx-proxy/actions/workflows/test.yml) [![GitHub release](https://img.shields.io/github/v/release/nginx-proxy/nginx-proxy)](https://github.com/nginx-proxy/nginx-proxy/releases) -![nginx 1.27.0](https://img.shields.io/badge/nginx-1.27.0-brightgreen.svg) +[![nginx 1.27.1](https://img.shields.io/badge/nginx-1.27.1-brightgreen.svg?logo=nginx)](https://nginx.org/en/CHANGES) [![Docker Image Size](https://img.shields.io/docker/image-size/nginxproxy/nginx-proxy?sort=semver)](https://hub.docker.com/r/nginxproxy/nginx-proxy "Click to view the image on Docker Hub") [![Docker stars](https://img.shields.io/docker/stars/nginxproxy/nginx-proxy.svg)](https://hub.docker.com/r/nginxproxy/nginx-proxy "DockerHub") [![Docker pulls](https://img.shields.io/docker/pulls/nginxproxy/nginx-proxy.svg)](https://hub.docker.com/r/nginxproxy/nginx-proxy "DockerHub") @@ -18,7 +18,7 @@ docker run --detach \ --name nginx-proxy \ --publish 80:80 \ --volume /var/run/docker.sock:/tmp/docker.sock:ro \ - nginxproxy/nginx-proxy:1.5 + nginxproxy/nginx-proxy:1.6 ``` Then start any containers (here an nginx container) you want proxied with an env var `VIRTUAL_HOST=subdomain.yourdomain.com` @@ -48,7 +48,7 @@ The nginx-proxy images are available in two flavors. This image is based on the nginx:mainline image, itself based on the debian slim image. ```console -docker pull nginxproxy/nginx-proxy:1.5 +docker pull nginxproxy/nginx-proxy:1.6 ``` #### Alpine based version (`-alpine` suffix) @@ -56,7 +56,7 @@ docker pull nginxproxy/nginx-proxy:1.5 This image is based on the nginx:alpine image. ```console -docker pull nginxproxy/nginx-proxy:1.5-alpine +docker pull nginxproxy/nginx-proxy:1.6-alpine ``` #### :warning: a note on `latest` and `alpine`: diff --git a/docs/README.md b/docs/README.md index 6dea7c8e6..f0c4882f2 100644 --- a/docs/README.md +++ b/docs/README.md @@ -817,7 +817,7 @@ docker run --detach \ --publish 80:80 \ --volume /var/run/docker.sock:/tmp/docker.sock:ro \ --volume /path/to/error.html:/usr/share/nginx/html/errors/50x.html:ro \ - nginxproxy/nginx-proxy:1.5 + nginxproxy/nginx-proxy ``` Note that this will not replace your own services error pages. @@ -872,7 +872,7 @@ docker run --detach \ --publish 53:53:udp \ --volume /var/run/docker.sock:/tmp/docker.sock:ro \ --volume ./stream.conf:/etc/nginx/toplevel.conf.d/stream.conf:ro \ - nginxproxy/nginx-proxy:1.5 + nginxproxy/nginx-proxy ``` Please note that TCP and UDP stream are not core features of nginx-proxy, so the above is provided as an example only, without any guarantee. diff --git a/nginx.tmpl b/nginx.tmpl index a7f4a0c18..960786b33 100644 --- a/nginx.tmpl +++ b/nginx.tmpl @@ -125,7 +125,7 @@ */}} {{- define "container_port" }} {{- /* If only 1 port exposed, use that as a default, else 80. */}} - # exposed ports:{{ range sortObjectsByKeysAsc $.container.Addresses "Port" }} {{ .Port }}/{{ .Proto }}{{ else }} (none){{ end }} + # exposed ports (first ten):{{ range $index, $address := (sortObjectsByKeysAsc $.container.Addresses "Port") }}{{ if lt $index 10 }} {{ $address.Port }}/{{ $address.Proto }}{{ end }}{{ else }} (none){{ end }} {{- $default_port := when (eq (len $.container.Addresses) 1) (first $.container.Addresses).Port "80" }} # default port: {{ $default_port }} {{- $port := when (eq $.port "default") $default_port (when (eq $.port "legacy") (or $.container.Env.VIRTUAL_PORT $default_port) $.port) }} @@ -264,8 +264,14 @@ include uwsgi_params; uwsgi_pass {{ trim $proto }}://{{ trim $upstream }}; {{- else if eq $proto "fastcgi" }} - root {{ trim .VhostRoot }}; + {{- if (exists "/etc/nginx/fastcgi.conf") }} include fastcgi.conf; + {{- else if (exists "/etc/nginx/fastcgi_params") }} + include fastcgi_params; + {{- else }} + # neither /etc/nginx/fastcgi.conf nor /etc/nginx/fastcgi_params found, fastcgi won't work + {{- end }} + root {{ trim .VhostRoot }}; fastcgi_pass {{ trim $upstream }}; {{- if ne $keepalive "disabled" }} fastcgi_keep_conn on; @@ -474,7 +480,7 @@ proxy_set_header Proxy ""; {{- range $hostname, $vhost := $parsedVhosts }} {{- $vhost_data := when (hasKey $globals.vhosts $hostname) (get $globals.vhosts $hostname) (dict) }} {{- $paths := coalesce $vhost_data.paths (dict) }} - + {{- if (empty $vhost) }} {{ $vhost = dict "/" (dict) }} {{- end }} @@ -664,7 +670,7 @@ proxy_set_header Proxy ""; {{- $http3_enabled = or $http3_enabled $vhost.http3_enabled }} {{- end }} {{- $fallback_http := not $default_http_exists }} - {{- $fallback_https := and $https_exists (not $default_https_exists) }} + {{- $fallback_https := not $default_https_exists }} {{- /* * If there are no vhosts at all, create fallbacks for both plain http * and https so that clients get something more useful than a connection diff --git a/test/certs/create_server_certificate.sh b/test/certs/create_server_certificate.sh index f9d6b9764..bf0509ef7 100755 --- a/test/certs/create_server_certificate.sh +++ b/test/certs/create_server_certificate.sh @@ -24,7 +24,7 @@ fi # Create a nginx container (which conveniently provides the `openssl` command) ############################################################################### -CONTAINER=$(docker run -d -v $DIR:/work -w /work -e SAN="$ALTERNATE_DOMAINS" nginx:1.27.0) +CONTAINER=$(docker run -d -v $DIR:/work -w /work -e SAN="$ALTERNATE_DOMAINS" nginx:1.27.1) # Configure openssl docker exec $CONTAINER bash -c ' mkdir -p /ca/{certs,crl,private,newcerts} 2>/dev/null diff --git a/test/requirements/python-requirements.txt b/test/requirements/python-requirements.txt index c3e2218a1..f525a04ac 100644 --- a/test/requirements/python-requirements.txt +++ b/test/requirements/python-requirements.txt @@ -1,4 +1,4 @@ backoff==2.2.1 docker==7.1.0 -pytest==8.2.1 +pytest==8.3.2 requests==2.32.3 diff --git a/test/test_fallback.py b/test/test_fallback.py index 16da3d7d6..ed11fc02b 100644 --- a/test/test_fallback.py +++ b/test/test_fallback.py @@ -33,7 +33,6 @@ def _get(url): INTERNAL_ERR_RE = re.compile("TLSV1_ALERT_INTERNAL_ERROR") -CONNECTION_REFUSED_RE = re.compile("Connection refused") @pytest.mark.parametrize("compose_file,url,want_code,want_err_re", [ @@ -79,14 +78,14 @@ def _get(url): ("nohttp-with-missing-cert.yml", "https://unknown.nginx-proxy.test/", 503, None), # HTTPS_METHOD=nohttps on nginx-proxy, HTTPS_METHOD unset on the app container. ("nohttps.yml", "http://http-only.nginx-proxy.test/", 200, None), - ("nohttps.yml", "https://http-only.nginx-proxy.test/", None, CONNECTION_REFUSED_RE), + ("nohttps.yml", "https://http-only.nginx-proxy.test/", None, INTERNAL_ERR_RE), ("nohttps.yml", "http://unknown.nginx-proxy.test/", 503, None), - ("nohttps.yml", "https://unknown.nginx-proxy.test/", None, CONNECTION_REFUSED_RE), + ("nohttps.yml", "https://unknown.nginx-proxy.test/", None, INTERNAL_ERR_RE), # HTTPS_METHOD=redirect on nginx-proxy, HTTPS_METHOD=nohttps on the app container. ("nohttps-on-app.yml", "http://http-only.nginx-proxy.test/", 200, None), - ("nohttps-on-app.yml", "https://http-only.nginx-proxy.test/", None, CONNECTION_REFUSED_RE), + ("nohttps-on-app.yml", "https://http-only.nginx-proxy.test/", None, INTERNAL_ERR_RE), ("nohttps-on-app.yml", "http://unknown.nginx-proxy.test/", 503, None), - ("nohttps-on-app.yml", "https://unknown.nginx-proxy.test/", None, CONNECTION_REFUSED_RE), + ("nohttps-on-app.yml", "https://unknown.nginx-proxy.test/", None, INTERNAL_ERR_RE), # Custom nginx config that has a `server` directive that uses `default_server` and simply # returns 418. Nginx should successfully start (in particular, the `default_server` in the # custom config should not conflict with the fallback server generated by nginx-proxy) and nginx