the base image of the rancher nginx letsencrypt proxy
Add labels to containers to indicate domain name and port (if non-80):
RGON-Proxy is currently in an development/alpha state cause of this it might be possible that default config files will change rapidly - To provide always an latest use of those config files please rename the config folder on your server before the update an merge changes by hand. We are currently on an discussion how to solve this problem in the future
Let’s Encrypt support
Let’s Encrypt support powered by hlandau/acme.
Automatic https redirect
rgon.redirect label is defined with
https rgon automatically redirects the specified domains to https.
Diffie-Hellman Key generation
On each start we check if there is allready an key present and if not we generate one.
Multiple Domain support
It is possible to define multiple domains in the
rgon.domain label seperated by an
rgon.ssl label is also present we generate an SNI Certificate for all this domains.
Custom/Default nginx vhost & location config
You can specify an default vhost or default location config file under
Or define an configuration for each domain with
%domain%[_location]. Please notice that if you use multiple domains the first one is the identifier.
HTTP Basic Auth
Add an file with the domain name of the
rgon.domain label under %YourPath%/htpasswd and your site is protected with an Basic Auth dialog.
[Experimental] Vertical scalability
We were able to run an nginx instance on each host using the scheduler commands of rancher but it is currently only possible for simple http requests because we need a centralized secure store for certificates before we can continiue this feature.
Rancher Labels can be used to specify various modes of operation.
One or many domains can be defined and comma-separated.
Domain Label Examples:
Optional redirect to the HTTPS port. Only valid when label value equals
https, is ignored otherwise.
Redirect Label Examples:
# Does nothing, leaves traffic routed to rgon.port label rgon.redirect= # Same as empty value rgon.redirect=http # Reroute traffic to :443 rgon.redirect=https
The Nginx Status module can be enabled by adding a
rgon.stats label. This label must specify the IP address of machines that are allowed to read these stats, or
all for open access. Multiple IP addresses can be comma-separated.
Status Label Examples:
rgon.stats=22.214.171.124 rgon.stats=126.96.36.199,188.8.131.52 rgon.stats=all
http://server-ip/nginx_status to access these stats - note it only work with the ip-address were the nginx is running on
Optional Nginx weight parameter determines the order of load balancing. Defaults to
1 and can be overridden with this label.
Weight Label Examples:
rgon.weight= rgon.weight=0 rgon.weight=2
Optional Nginx backup parameter specifies servers to use only in the case that the main upstream servers are down. Defaults to
"" and can be overridden with this label.
Backup Label Examples:
# Empty string, normal operation rgon.backup= # Specifies backup rgon.backup=backup
- Vertical scalability with SSL support
- Easier generation of an basic auth file
- Possibility to use multiple ports for use with subdomains [frontend:80/api:8080/monitoring:7071]
- Use of custom SSL-Certificates
- entrypoint.sh: Run on start
- Check for writable directories
- Check for
dhparam.pem, generate if missing
- Check for
nginx.conf, remove if present
- Single-run Rancher-Gen to build
- Reload nginx
- Init Rancher-Gen watcher
- Rancher-Gen: watch for metadata changes
- acmetool: Generate certificates if needed
- Reload nginx
- Repeat step 2