From 4606b15309e69ecf80a406638d0c18609ab7256a Mon Sep 17 00:00:00 2001 From: Gilles Filippini Date: Thu, 6 Jun 2024 21:44:45 +0200 Subject: [PATCH 01/12] fix: nohttp(s) shouldn't disable fallback server Say we have two containers: - `app1` with `HTTPS_METHOD=redirect` - `app2` with `HTTPS_METHOD=nohttps` Without this change the fallback answer on an HTTPS request to an unknown server would change depending on whether `app1` is up (503) or not (connection refused). This is not wanted. In case someone doesn't want HTTPS at all, they just have to not bind port 443. --- nginx.tmpl | 2 +- test/test_fallback.py | 9 ++++----- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/nginx.tmpl b/nginx.tmpl index a7f4a0c18..07e1314ea 100644 --- a/nginx.tmpl +++ b/nginx.tmpl @@ -664,7 +664,7 @@ proxy_set_header Proxy ""; {{- $http3_enabled = or $http3_enabled $vhost.http3_enabled }} {{- end }} {{- $fallback_http := not $default_http_exists }} - {{- $fallback_https := and $https_exists (not $default_https_exists) }} + {{- $fallback_https := not $default_https_exists }} {{- /* * If there are no vhosts at all, create fallbacks for both plain http * and https so that clients get something more useful than a connection diff --git a/test/test_fallback.py b/test/test_fallback.py index 16da3d7d6..ed11fc02b 100644 --- a/test/test_fallback.py +++ b/test/test_fallback.py @@ -33,7 +33,6 @@ def _get(url): INTERNAL_ERR_RE = re.compile("TLSV1_ALERT_INTERNAL_ERROR") -CONNECTION_REFUSED_RE = re.compile("Connection refused") @pytest.mark.parametrize("compose_file,url,want_code,want_err_re", [ @@ -79,14 +78,14 @@ def _get(url): ("nohttp-with-missing-cert.yml", "https://unknown.nginx-proxy.test/", 503, None), # HTTPS_METHOD=nohttps on nginx-proxy, HTTPS_METHOD unset on the app container. ("nohttps.yml", "http://http-only.nginx-proxy.test/", 200, None), - ("nohttps.yml", "https://http-only.nginx-proxy.test/", None, CONNECTION_REFUSED_RE), + ("nohttps.yml", "https://http-only.nginx-proxy.test/", None, INTERNAL_ERR_RE), ("nohttps.yml", "http://unknown.nginx-proxy.test/", 503, None), - ("nohttps.yml", "https://unknown.nginx-proxy.test/", None, CONNECTION_REFUSED_RE), + ("nohttps.yml", "https://unknown.nginx-proxy.test/", None, INTERNAL_ERR_RE), # HTTPS_METHOD=redirect on nginx-proxy, HTTPS_METHOD=nohttps on the app container. ("nohttps-on-app.yml", "http://http-only.nginx-proxy.test/", 200, None), - ("nohttps-on-app.yml", "https://http-only.nginx-proxy.test/", None, CONNECTION_REFUSED_RE), + ("nohttps-on-app.yml", "https://http-only.nginx-proxy.test/", None, INTERNAL_ERR_RE), ("nohttps-on-app.yml", "http://unknown.nginx-proxy.test/", 503, None), - ("nohttps-on-app.yml", "https://unknown.nginx-proxy.test/", None, CONNECTION_REFUSED_RE), + ("nohttps-on-app.yml", "https://unknown.nginx-proxy.test/", None, INTERNAL_ERR_RE), # Custom nginx config that has a `server` directive that uses `default_server` and simply # returns 418. Nginx should successfully start (in particular, the `default_server` in the # custom config should not conflict with the fallback server generated by nginx-proxy) and nginx From ff4657181a024b1c1052689ece9443029d2aa190 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Jun 2024 04:59:33 +0000 Subject: [PATCH 02/12] ci: bump pytest from 8.2.1 to 8.2.2 in /test/requirements Bumps [pytest](https://github.com/pytest-dev/pytest) from 8.2.1 to 8.2.2. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest/compare/8.2.1...8.2.2) --- updated-dependencies: - dependency-name: pytest dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- test/requirements/python-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/requirements/python-requirements.txt b/test/requirements/python-requirements.txt index c3e2218a1..b5d225aad 100644 --- a/test/requirements/python-requirements.txt +++ b/test/requirements/python-requirements.txt @@ -1,4 +1,4 @@ backoff==2.2.1 docker==7.1.0 -pytest==8.2.1 +pytest==8.2.2 requests==2.32.3 From 705dfa090bef79b0ecbff5e9d2ec8d90c17c9c42 Mon Sep 17 00:00:00 2001 From: Niek <100143256+SchoNie@users.noreply.github.com> Date: Mon, 10 Jun 2024 09:42:07 +0200 Subject: [PATCH 03/12] docs: update version in README.md --- README.md | 6 +++--- docs/README.md | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index d29c15d38..afce7abab 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ docker run --detach \ --name nginx-proxy \ --publish 80:80 \ --volume /var/run/docker.sock:/tmp/docker.sock:ro \ - nginxproxy/nginx-proxy:1.5 + nginxproxy/nginx-proxy:1.6 ``` Then start any containers (here an nginx container) you want proxied with an env var `VIRTUAL_HOST=subdomain.yourdomain.com` @@ -48,7 +48,7 @@ The nginx-proxy images are available in two flavors. This image is based on the nginx:mainline image, itself based on the debian slim image. ```console -docker pull nginxproxy/nginx-proxy:1.5 +docker pull nginxproxy/nginx-proxy:1.6 ``` #### Alpine based version (`-alpine` suffix) @@ -56,7 +56,7 @@ docker pull nginxproxy/nginx-proxy:1.5 This image is based on the nginx:alpine image. ```console -docker pull nginxproxy/nginx-proxy:1.5-alpine +docker pull nginxproxy/nginx-proxy:1.6-alpine ``` #### :warning: a note on `latest` and `alpine`: diff --git a/docs/README.md b/docs/README.md index 6dea7c8e6..f0c4882f2 100644 --- a/docs/README.md +++ b/docs/README.md @@ -817,7 +817,7 @@ docker run --detach \ --publish 80:80 \ --volume /var/run/docker.sock:/tmp/docker.sock:ro \ --volume /path/to/error.html:/usr/share/nginx/html/errors/50x.html:ro \ - nginxproxy/nginx-proxy:1.5 + nginxproxy/nginx-proxy ``` Note that this will not replace your own services error pages. @@ -872,7 +872,7 @@ docker run --detach \ --publish 53:53:udp \ --volume /var/run/docker.sock:/tmp/docker.sock:ro \ --volume ./stream.conf:/etc/nginx/toplevel.conf.d/stream.conf:ro \ - nginxproxy/nginx-proxy:1.5 + nginxproxy/nginx-proxy ``` Please note that TCP and UDP stream are not core features of nginx-proxy, so the above is provided as an example only, without any guarantee. From 261ac6f43bdd7a18239715e1d6d23d044216d32c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Jun 2024 04:26:56 +0000 Subject: [PATCH 04/12] ci: bump docker/build-push-action from 5 to 6 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5 to 6. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v5...v6) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-publish.yml b/.github/workflows/build-publish.yml index 6aeb9f540..b714de7a8 100644 --- a/.github/workflows/build-publish.yml +++ b/.github/workflows/build-publish.yml @@ -81,7 +81,7 @@ jobs: - name: Build and push the image id: docker_build - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: context: . file: Dockerfile.${{ matrix.base }} From f4ccdbd656e6f72afc84ba4362605de6e959dcbd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Jul 2024 04:05:13 +0000 Subject: [PATCH 05/12] ci: bump pytest from 8.2.2 to 8.3.1 in /test/requirements Bumps [pytest](https://github.com/pytest-dev/pytest) from 8.2.2 to 8.3.1. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest/compare/8.2.2...8.3.1) --- updated-dependencies: - dependency-name: pytest dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- test/requirements/python-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/requirements/python-requirements.txt b/test/requirements/python-requirements.txt index b5d225aad..748ea6f3c 100644 --- a/test/requirements/python-requirements.txt +++ b/test/requirements/python-requirements.txt @@ -1,4 +1,4 @@ backoff==2.2.1 docker==7.1.0 -pytest==8.2.2 +pytest==8.3.1 requests==2.32.3 From 5fe52442bbe8f9c2bd5ab4f2cf473cfd572db1c9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jul 2024 04:07:25 +0000 Subject: [PATCH 06/12] ci: bump pytest from 8.3.1 to 8.3.2 in /test/requirements Bumps [pytest](https://github.com/pytest-dev/pytest) from 8.3.1 to 8.3.2. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest/compare/8.3.1...8.3.2) --- updated-dependencies: - dependency-name: pytest dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- test/requirements/python-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/requirements/python-requirements.txt b/test/requirements/python-requirements.txt index 748ea6f3c..f525a04ac 100644 --- a/test/requirements/python-requirements.txt +++ b/test/requirements/python-requirements.txt @@ -1,4 +1,4 @@ backoff==2.2.1 docker==7.1.0 -pytest==8.3.1 +pytest==8.3.2 requests==2.32.3 From 5f4e77b6e718f30dad8311e18f05f815309b7b9a Mon Sep 17 00:00:00 2001 From: Nicolas Duchon Date: Mon, 29 Jul 2024 18:15:04 +0200 Subject: [PATCH 07/12] fix: use fastcgi.conf on alpine and fastcgi_params on debien --- nginx.tmpl | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/nginx.tmpl b/nginx.tmpl index 07e1314ea..bb3b4aaf5 100644 --- a/nginx.tmpl +++ b/nginx.tmpl @@ -264,8 +264,14 @@ include uwsgi_params; uwsgi_pass {{ trim $proto }}://{{ trim $upstream }}; {{- else if eq $proto "fastcgi" }} - root {{ trim .VhostRoot }}; + {{- if (exists "/etc/nginx/fastcgi.conf") }} include fastcgi.conf; + {{- else if (exists "/etc/nginx/fastcgi_params") }} + include fastcgi_params; + {{- else }} + # neither /etc/nginx/fastcgi.conf nor /etc/nginx/fastcgi_params found, fastcgi won't work + {{- end }} + root {{ trim .VhostRoot }}; fastcgi_pass {{ trim $upstream }}; {{- if ne $keepalive "disabled" }} fastcgi_keep_conn on; From c5f054ed36a0afb94f0a46607be78912bf5c0252 Mon Sep 17 00:00:00 2001 From: mikfar <45609856+mikfar@users.noreply.github.com> Date: Mon, 29 Jul 2024 20:00:42 +0100 Subject: [PATCH 08/12] fix: limit exposed ports in template comment to 10 (#2494) Co-authored-by: Nicolas Duchon --- nginx.tmpl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nginx.tmpl b/nginx.tmpl index bb3b4aaf5..960786b33 100644 --- a/nginx.tmpl +++ b/nginx.tmpl @@ -125,7 +125,7 @@ */}} {{- define "container_port" }} {{- /* If only 1 port exposed, use that as a default, else 80. */}} - # exposed ports:{{ range sortObjectsByKeysAsc $.container.Addresses "Port" }} {{ .Port }}/{{ .Proto }}{{ else }} (none){{ end }} + # exposed ports (first ten):{{ range $index, $address := (sortObjectsByKeysAsc $.container.Addresses "Port") }}{{ if lt $index 10 }} {{ $address.Port }}/{{ $address.Proto }}{{ end }}{{ else }} (none){{ end }} {{- $default_port := when (eq (len $.container.Addresses) 1) (first $.container.Addresses).Port "80" }} # default port: {{ $default_port }} {{- $port := when (eq $.port "default") $default_port (when (eq $.port "legacy") (or $.container.Env.VIRTUAL_PORT $default_port) $.port) }} @@ -480,7 +480,7 @@ proxy_set_header Proxy ""; {{- range $hostname, $vhost := $parsedVhosts }} {{- $vhost_data := when (hasKey $globals.vhosts $hostname) (get $globals.vhosts $hostname) (dict) }} {{- $paths := coalesce $vhost_data.paths (dict) }} - + {{- if (empty $vhost) }} {{ $vhost = dict "/" (dict) }} {{- end }} From dee91b4d9311f562fa22952fc633cdb1af7f18d5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 31 Jul 2024 18:25:26 +0000 Subject: [PATCH 09/12] build: bump nginxproxy/docker-gen from 0.14.0-debian to 0.14.1-debian Bumps nginxproxy/docker-gen from 0.14.0-debian to 0.14.1-debian. --- updated-dependencies: - dependency-name: nginxproxy/docker-gen dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Dockerfile.alpine | 2 +- Dockerfile.debian | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile.alpine b/Dockerfile.alpine index 244ecb76c..641b61afa 100644 --- a/Dockerfile.alpine +++ b/Dockerfile.alpine @@ -1,4 +1,4 @@ -FROM docker.io/nginxproxy/docker-gen:0.14.0 AS docker-gen +FROM docker.io/nginxproxy/docker-gen:0.14.1 AS docker-gen FROM docker.io/nginxproxy/forego:0.18.1 AS forego diff --git a/Dockerfile.debian b/Dockerfile.debian index d3f5945ce..65baedeec 100644 --- a/Dockerfile.debian +++ b/Dockerfile.debian @@ -1,4 +1,4 @@ -FROM docker.io/nginxproxy/docker-gen:0.14.0-debian AS docker-gen +FROM docker.io/nginxproxy/docker-gen:0.14.1-debian AS docker-gen FROM docker.io/nginxproxy/forego:0.18.1-debian AS forego From 54a1b0aa259b13eaf2fc6bf3dfddf59b2fa8cf9a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 27 Aug 2024 05:13:17 +0000 Subject: [PATCH 10/12] build: bump nginxproxy/forego from 0.18.1-debian to 0.18.2-debian Bumps nginxproxy/forego from 0.18.1-debian to 0.18.2-debian. --- updated-dependencies: - dependency-name: nginxproxy/forego dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Dockerfile.alpine | 2 +- Dockerfile.debian | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile.alpine b/Dockerfile.alpine index 641b61afa..b5833664d 100644 --- a/Dockerfile.alpine +++ b/Dockerfile.alpine @@ -1,6 +1,6 @@ FROM docker.io/nginxproxy/docker-gen:0.14.1 AS docker-gen -FROM docker.io/nginxproxy/forego:0.18.1 AS forego +FROM docker.io/nginxproxy/forego:0.18.2 AS forego # Build the final image FROM docker.io/library/nginx:1.27.0-alpine diff --git a/Dockerfile.debian b/Dockerfile.debian index 65baedeec..3ab783008 100644 --- a/Dockerfile.debian +++ b/Dockerfile.debian @@ -1,6 +1,6 @@ FROM docker.io/nginxproxy/docker-gen:0.14.1-debian AS docker-gen -FROM docker.io/nginxproxy/forego:0.18.1-debian AS forego +FROM docker.io/nginxproxy/forego:0.18.2-debian AS forego # Build the final image FROM docker.io/library/nginx:1.27.0 From 1c00b898a36c3e0c41081dece14c1fa7d29af609 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 27 Aug 2024 05:28:30 +0000 Subject: [PATCH 11/12] build: bump nginxproxy/docker-gen from 0.14.1-debian to 0.14.2-debian Bumps nginxproxy/docker-gen from 0.14.1-debian to 0.14.2-debian. --- updated-dependencies: - dependency-name: nginxproxy/docker-gen dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Dockerfile.alpine | 2 +- Dockerfile.debian | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile.alpine b/Dockerfile.alpine index b5833664d..17ae3018b 100644 --- a/Dockerfile.alpine +++ b/Dockerfile.alpine @@ -1,4 +1,4 @@ -FROM docker.io/nginxproxy/docker-gen:0.14.1 AS docker-gen +FROM docker.io/nginxproxy/docker-gen:0.14.2 AS docker-gen FROM docker.io/nginxproxy/forego:0.18.2 AS forego diff --git a/Dockerfile.debian b/Dockerfile.debian index 3ab783008..96b060342 100644 --- a/Dockerfile.debian +++ b/Dockerfile.debian @@ -1,4 +1,4 @@ -FROM docker.io/nginxproxy/docker-gen:0.14.1-debian AS docker-gen +FROM docker.io/nginxproxy/docker-gen:0.14.2-debian AS docker-gen FROM docker.io/nginxproxy/forego:0.18.2-debian AS forego From 1baf048a6e10ed359f06750aea4d4f2b150fc279 Mon Sep 17 00:00:00 2001 From: Niek <100143256+SchoNie@users.noreply.github.com> Date: Tue, 27 Aug 2024 21:50:30 +0200 Subject: [PATCH 12/12] build: bump nginx 1.27.0 to 1.27.1 (#2506) * build: bump nginx 1.27.0 to 1.27.1 * Update README.md Link to nginx changelog Co-authored-by: Nicolas Duchon --------- Co-authored-by: Nicolas Duchon --- Dockerfile.alpine | 2 +- Dockerfile.debian | 2 +- README.md | 2 +- test/certs/create_server_certificate.sh | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile.alpine b/Dockerfile.alpine index 17ae3018b..a20e8959e 100644 --- a/Dockerfile.alpine +++ b/Dockerfile.alpine @@ -3,7 +3,7 @@ FROM docker.io/nginxproxy/docker-gen:0.14.2 AS docker-gen FROM docker.io/nginxproxy/forego:0.18.2 AS forego # Build the final image -FROM docker.io/library/nginx:1.27.0-alpine +FROM docker.io/library/nginx:1.27.1-alpine ARG NGINX_PROXY_VERSION # Add DOCKER_GEN_VERSION environment variable because diff --git a/Dockerfile.debian b/Dockerfile.debian index 96b060342..bbae9ee8b 100644 --- a/Dockerfile.debian +++ b/Dockerfile.debian @@ -3,7 +3,7 @@ FROM docker.io/nginxproxy/docker-gen:0.14.2-debian AS docker-gen FROM docker.io/nginxproxy/forego:0.18.2-debian AS forego # Build the final image -FROM docker.io/library/nginx:1.27.0 +FROM docker.io/library/nginx:1.27.1 ARG NGINX_PROXY_VERSION # Add DOCKER_GEN_VERSION environment variable because diff --git a/README.md b/README.md index afce7abab..8eb3cd46c 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ [![Test](https://github.com/nginx-proxy/nginx-proxy/actions/workflows/test.yml/badge.svg)](https://github.com/nginx-proxy/nginx-proxy/actions/workflows/test.yml) [![GitHub release](https://img.shields.io/github/v/release/nginx-proxy/nginx-proxy)](https://github.com/nginx-proxy/nginx-proxy/releases) -![nginx 1.27.0](https://img.shields.io/badge/nginx-1.27.0-brightgreen.svg) +[![nginx 1.27.1](https://img.shields.io/badge/nginx-1.27.1-brightgreen.svg?logo=nginx)](https://nginx.org/en/CHANGES) [![Docker Image Size](https://img.shields.io/docker/image-size/nginxproxy/nginx-proxy?sort=semver)](https://hub.docker.com/r/nginxproxy/nginx-proxy "Click to view the image on Docker Hub") [![Docker stars](https://img.shields.io/docker/stars/nginxproxy/nginx-proxy.svg)](https://hub.docker.com/r/nginxproxy/nginx-proxy "DockerHub") [![Docker pulls](https://img.shields.io/docker/pulls/nginxproxy/nginx-proxy.svg)](https://hub.docker.com/r/nginxproxy/nginx-proxy "DockerHub") diff --git a/test/certs/create_server_certificate.sh b/test/certs/create_server_certificate.sh index f9d6b9764..bf0509ef7 100755 --- a/test/certs/create_server_certificate.sh +++ b/test/certs/create_server_certificate.sh @@ -24,7 +24,7 @@ fi # Create a nginx container (which conveniently provides the `openssl` command) ############################################################################### -CONTAINER=$(docker run -d -v $DIR:/work -w /work -e SAN="$ALTERNATE_DOMAINS" nginx:1.27.0) +CONTAINER=$(docker run -d -v $DIR:/work -w /work -e SAN="$ALTERNATE_DOMAINS" nginx:1.27.1) # Configure openssl docker exec $CONTAINER bash -c ' mkdir -p /ca/{certs,crl,private,newcerts} 2>/dev/null