Intellection · zacblazic · Dec 8, 2020 · Dec 4, 2020 · Dec 4, 2020 · Dec 4, 2020
@@ -0,0 +1,3 @@
+*
+
+!config
@@ -0,0 +1,5 @@
+# Changelog
+
+## 1.19.5
+
+* Initial release.
@@ -0,0 +1,60 @@
+FROM zappi/nginx:1.19.5 as builder
+
+USER root
+
+# Install build dependencies
+RUN  apk add --no-cache \
+      alpine-sdk \
+      bash \
+      findutils \
+      gcc \
+      gd-dev \
+      geoip-dev \
+      libc-dev \
+      libedit-dev \
+      libxslt-dev \
+      linux-headers \
+      make \
+      mercurial \
+      openssl-dev \
+      pcre-dev \
+      perl-dev \
+      zlib-dev
+
+WORKDIR /usr/src/
+
+# Download nginx source
+ARG NGINX_VERSION="1.19.5"
+ARG NGINX_PKG="nginx-${NGINX_VERSION}.tar.gz"
+ARG NGINX_SHA="5c0a46afd6c452d4443f6ec0767f4d5c3e7c499e55a60cd6542b35a61eda799c"
+
+RUN wget "http://nginx.org/download/${NGINX_PKG}" && \
+    echo "${NGINX_SHA} *${NGINX_PKG}" | sha256sum -c - && \
+    tar --no-same-owner -xzf ${NGINX_PKG} --one-top-level=nginx --strip-components=1
+
+# Download headers-more module source
+ARG HEADERS_MORE_VERSION="0.33"
+ARG HEADERS_MORE_PKG="v${HEADERS_MORE_VERSION}.tar.gz"
+ARG HEADERS_MORE_SHA="a3dcbab117a9c103bc1ea5200fc00a7b7d2af97ff7fd525f16f8ac2632e30fbf"
+
+RUN wget "https://github.com/openresty/headers-more-nginx-module/archive/${HEADERS_MORE_PKG}" && \
+    echo "${HEADERS_MORE_SHA} *${HEADERS_MORE_PKG}" | sha256sum -c - && \
+    tar --no-same-owner -xzf ${HEADERS_MORE_PKG} --one-top-level=headers-more --strip-components=1
+
+# Compile nginx with headers-more module using original configure arguments
+RUN cd nginx && \
+    CONFIGURATION_ARGUMENTS=$(nginx -V 2>&1 | sed -n -e 's/^.*arguments: //p') && \
+    sh -c "./configure --with-compat ${CONFIGURATION_ARGUMENTS} --add-dynamic-module=/usr/src/headers-more" && \
+    make modules
+
+# Production container starts here
+FROM zappi/nginx:1.19.5
+
+# Copy compiled module
+COPY --from=builder /usr/src/nginx/objs/*_module.so /etc/nginx/modules/
+
+COPY ./config/ /etc/nginx/
+
+STOPSIGNAL SIGQUIT
+EXPOSE 8080
+USER nginx:nginx
@@ -1,3 +1,76 @@
 # Docker Nginx Proxy
 
-A basic reverse proxy designed to simplify adding or modifying headers.
+A basic reverse proxy designed to simplify header manipulation.
+
+## Usage
+
+To configure the upstream, create an `app.conf` with a `server` block:
+
+```nginx
+server {
+    listen 8080;
+
+    location / {
+        proxy_pass http://app:80;
+    }
+}
+```
+
+The file must be placed in `/etc/nginx`.
+
+## Header manipulation
+
+Within the `server` block you can maniplate headers using the [`headers-more`](https://github.com/openresty/headers-more-nginx-module) module:
+
+```nginx
+server {
+    ...
+
+    # Remove a header
+    more_clear_headers "Server";
+
+    # Set a header
+    more_set_headers 'X-Robots-Tag: "noindex, nofollow"';
+
+    ...
+}
+```
+
+## Further customisation
+
+Since you're defining a standard `server` block, you can configure it however you like over and above just header manipulation. For example, you can add a custom `location`:
+
+```nginx
+server {
+    ...
+
+    # Use the default robots.txt to disallow all bots
+    location /robots.txt {
+        alias /etc/nginx/robots.txt;
+    }
+
+    ...
+}
+```
+
+## Logging
+
+To change how logging is configured, mount a file at `/etc/nginx/log.conf`:
+```nginx 
+access_log off;
+error_log off;
+```
+
+## Core configuration
+
+It's also possible to modify [core configuration](http://nginx.org/en/docs/ngx_core_module.html) such as those in the `main` section by mounting a file at `/etc/nginx/main.conf`:
+```nginx
+worker_processes auto;
+worker_shutdown_timeout 300s;
+```
+
+It's important to note that overriding this file will remove the current defaults hence it's always a good idea to start with a copy of the defaults.
+
+## Health check
+
+A health check is available on port `18080` at `/healthz`.
@@ -0,0 +1,35 @@
+http {
+  include /etc/nginx/mime.types;
+  include /etc/nginx/log.conf;
+
+  server_tokens         off;
+  keepalive_timeout     20s;
+  sendfile              on;
+  tcp_nopush            on;
+  client_max_body_size  400m;
+  client_body_timeout   300s;
+
+  proxy_http_version  1.1;
+  proxy_set_header    Connection          "";
+  proxy_set_header    Host                $host;
+
+  proxy_set_header    X-Real-IP           $remote_addr;
+  proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
+  proxy_set_header    X-Forwarded-Proto   $scheme;
+  proxy_set_header    X-Forwarded-Ssl     on;
+  proxy_set_header    X-Forwarded-Port    $server_port;
+  proxy_set_header    X-Forwarded-Host    $host;
+
+  proxy_read_timeout  600s;
+
+  include /etc/nginx/app.conf;
+
+  server {
+      listen 18080 default_server;
+
+      location /healthz {
+          access_log off;
+          return 200;
+      }
+  }
+}
@@ -0,0 +1,6 @@
+log_format main '$remote_addr - $remote_user [$time_local]  $status '
+                '"$request" $body_bytes_sent "$http_referer" '
+                '"$http_user_agent" "$http_x_forwarded_for"';
+
+access_log /dev/stdout main;
+error_log /dev/stdout warn;
@@ -0,0 +1,7 @@
+worker_processes auto;
+worker_rlimit_nofile 8192;
+worker_shutdown_timeout 630s;
+
+events {
+    worker_connections 8000;
+}
@@ -0,0 +1,96 @@
+types {
+    text/html                                        html htm shtml;
+    text/css                                         css;
+    text/xml                                         xml;
+    image/gif                                        gif;
+    image/jpeg                                       jpeg jpg;
+    application/javascript                           js;
+    application/atom+xml                             atom;
+    application/rss+xml                              rss;
+
+    text/mathml                                      mml;
+    text/plain                                       txt;
+    text/vnd.sun.j2me.app-descriptor                 jad;
+    text/vnd.wap.wml                                 wml;
+    text/x-component                                 htc;
+
+    image/png                                        png;
+    image/svg+xml                                    svg svgz;
+    image/tiff                                       tif tiff;
+    image/vnd.wap.wbmp                               wbmp;
+    image/webp                                       webp;
+    image/x-icon                                     ico;
+    image/x-jng                                      jng;
+    image/x-ms-bmp                                   bmp;
+
+    font/woff                                        woff;
+    font/woff2                                       woff2;
+
+    application/java-archive                         jar war ear;
+    application/json                                 json;
+    application/mac-binhex40                         hqx;
+    application/msword                               doc;
+    application/pdf                                  pdf;
+    application/postscript                           ps eps ai;
+    application/rtf                                  rtf;
+    application/vnd.apple.mpegurl                    m3u8;
+    application/vnd.google-earth.kml+xml             kml;
+    application/vnd.google-earth.kmz                 kmz;
+    application/vnd.ms-excel                         xls;
+    application/vnd.ms-fontobject                    eot;
+    application/vnd.ms-powerpoint                    ppt;
+    application/vnd.oasis.opendocument.graphics      odg;
+    application/vnd.oasis.opendocument.presentation  odp;
+    application/vnd.oasis.opendocument.spreadsheet   ods;
+    application/vnd.oasis.opendocument.text          odt;
+    application/vnd.openxmlformats-officedocument.presentationml.presentation
+                                                     pptx;
+    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
+                                                     xlsx;
+    application/vnd.openxmlformats-officedocument.wordprocessingml.document
+                                                     docx;
+    application/vnd.wap.wmlc                         wmlc;
+    application/x-7z-compressed                      7z;
+    application/x-cocoa                              cco;
+    application/x-java-archive-diff                  jardiff;
+    application/x-java-jnlp-file                     jnlp;
+    application/x-makeself                           run;
+    application/x-perl                               pl pm;
+    application/x-pilot                              prc pdb;
+    application/x-rar-compressed                     rar;
+    application/x-redhat-package-manager             rpm;
+    application/x-sea                                sea;
+    application/x-shockwave-flash                    swf;
+    application/x-stuffit                            sit;
+    application/x-tcl                                tcl tk;
+    application/x-x509-ca-cert                       der pem crt;
+    application/x-xpinstall                          xpi;
+    application/xhtml+xml                            xhtml;
+    application/xspf+xml                             xspf;
+    application/zip                                  zip;
+
+    application/octet-stream                         bin exe dll;
+    application/octet-stream                         deb;
+    application/octet-stream                         dmg;
+    application/octet-stream                         iso img;
+    application/octet-stream                         msi msp msm;
+
+    audio/midi                                       mid midi kar;
+    audio/mpeg                                       mp3;
+    audio/ogg                                        ogg;
+    audio/x-m4a                                      m4a;
+    audio/x-realaudio                                ra;
+
+    video/3gpp                                       3gpp 3gp;
+    video/mp2t                                       ts;
+    video/mp4                                        mp4;
+    video/mpeg                                       mpeg mpg;
+    video/quicktime                                  mov;
+    video/webm                                       webm;
+    video/x-flv                                      flv;
+    video/x-m4v                                      m4v;
+    video/x-mng                                      mng;
+    video/x-ms-asf                                   asx asf;
+    video/x-ms-wmv                                   wmv;
+    video/x-msvideo                                  avi;
+}
@@ -0,0 +1,4 @@
+load_module modules/ngx_http_headers_more_filter_module.so;
+
+include /etc/nginx/main.conf;
+include /etc/nginx/http.conf;
@@ -0,0 +1,2 @@
+User-agent: *
+Disallow: /
@@ -0,0 +1,21 @@
+---
+version: '3.7'
+services:
+  app:
+    image: caddy:2.1.1-alpine
+    networks:
+      - local
+  proxy:
+    image: nginx-proxy:latest
+    build: .
+    ports:
+      - "8080:8080"
+    volumes:
+      - "./example/app.conf:/etc/nginx/app.conf"
+    depends_on:
+      - app
+    networks:
+      - local
+
+networks:
+  local:
@@ -0,0 +1,20 @@
+# Example application configuration
+
+server {
+    listen 8080;
+
+    # Remove a header
+    more_clear_headers "Server";
+
+    # Set a header
+    more_set_headers 'X-Robots-Tag: "noindex, nofollow"';
+
+    # Use the default robots.txt to disallow all bots
+    location /robots.txt {
+        alias /etc/nginx/robots.txt;
+    }
+
+    location / {
+        proxy_pass http://app:80;
+    }
+}