/Dockerfile
Created Apr 29, 2016
Nginx HTTPS proxy for Rails
| FROM alpine:3.2 | |
| MAINTAINER ryan@slatehorse.com | |
| RUN apk add --update nginx openssl && rm -rf /var/cache/apk/* | |
| COPY ./nginx.conf /etc/nginx/nginx.conf | |
| # Generate certificates | |
| ENV CERTIFICATE_DIR=/usr/local/app/certs | |
| # The hostname used in the certificate. For OSX/Windows you can use the VM IP. | |
| # For Linux, localhost works fine. | |
| ENV DOCKER_HOSTNAME=192.168.99.100 | |
| RUN mkdir -p /usr/local/app/certs | |
| RUN openssl req -new -x509 -nodes -subj "/CN=${DOCKER_HOSTNAME}/O=Your Company Name/C=UK" -keyout $CERTIFICATE_DIR/server.key -out $CERTIFICATE_DIR/server.crt | |
| VOLUME /var/log/nginx/ | |
| EXPOSE 80 443 | |
| CMD ["nginx", "-g", "daemon off;"] |
| user nobody nogroup; | |
| pid /tmp/nginx.pid; | |
| error_log stderr; | |
| # error_log /var/log/nginx/error.log; | |
| events { | |
| worker_connections 1024; # increase if you have lots of clients | |
| accept_mutex off; # "on" if nginx worker_processes > 1 | |
| # use epoll; # enable for Linux 2.6+ | |
| # use kqueue; # enable for FreeBSD, OSX | |
| } | |
| http { | |
| include mime.types; | |
| default_type application/octet-stream; | |
| # access_log /var/log/nginx/access.log combined; | |
| access_log /dev/stdout; | |
| sendfile on; | |
| tcp_nopush on; # off may be better for *some* Comet/long-poll stuff | |
| tcp_nodelay off; # on may be better for some Comet/long-poll stuff | |
| gzip on; | |
| gzip_http_version 1.0; | |
| gzip_proxied any; | |
| gzip_min_length 500; | |
| gzip_disable "MSIE [1-6]\."; | |
| # So Rails can be aware of whether it's HTTP/HTTPS | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| upstream app_server { | |
| server rails:3000 fail_timeout=0; | |
| } | |
| # global certs per ip but a cert can sign *.mysite.dev mysite.dev | |
| ssl_certificate /usr/local/app/certs/server.crt; | |
| ssl_certificate_key /usr/local/app/certs/server.key; | |
| server { | |
| listen 80; | |
| server_name 192.168.99.100; | |
| return 301 https://$server_name$request_uri; | |
| } | |
| server { | |
| listen 443 ssl; | |
| server_name 192.168.99.100; | |
| ssl on; | |
| client_max_body_size 4G; | |
| keepalive_timeout 5; | |
| root /usr/src/app/; | |
| try_files $uri/index.html $uri.html $uri @app; | |
| location @app { | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| proxy_pass http://app_server; | |
| } | |
| # Rails error pages | |
| error_page 500 502 503 504 /500.html; | |
| location = /500.html { | |
| root /usr/src/app/public; | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment