Nginx HTTPS proxy for Rails
FROM alpine:3.2 | |
MAINTAINER ryan@slatehorse.com | |
RUN apk add --update nginx openssl && rm -rf /var/cache/apk/* | |
COPY ./nginx.conf /etc/nginx/nginx.conf | |
# Generate certificates | |
ENV CERTIFICATE_DIR=/usr/local/app/certs | |
# The hostname used in the certificate. For OSX/Windows you can use the VM IP. | |
# For Linux, localhost works fine. | |
ENV DOCKER_HOSTNAME=192.168.99.100 | |
RUN mkdir -p /usr/local/app/certs | |
RUN openssl req -new -x509 -nodes -subj "/CN=${DOCKER_HOSTNAME}/O=Your Company Name/C=UK" -keyout $CERTIFICATE_DIR/server.key -out $CERTIFICATE_DIR/server.crt | |
VOLUME /var/log/nginx/ | |
EXPOSE 80 443 | |
CMD ["nginx", "-g", "daemon off;"] |
user nobody nogroup; | |
pid /tmp/nginx.pid; | |
error_log stderr; | |
# error_log /var/log/nginx/error.log; | |
events { | |
worker_connections 1024; # increase if you have lots of clients | |
accept_mutex off; # "on" if nginx worker_processes > 1 | |
# use epoll; # enable for Linux 2.6+ | |
# use kqueue; # enable for FreeBSD, OSX | |
} | |
http { | |
include mime.types; | |
default_type application/octet-stream; | |
# access_log /var/log/nginx/access.log combined; | |
access_log /dev/stdout; | |
sendfile on; | |
tcp_nopush on; # off may be better for *some* Comet/long-poll stuff | |
tcp_nodelay off; # on may be better for some Comet/long-poll stuff | |
gzip on; | |
gzip_http_version 1.0; | |
gzip_proxied any; | |
gzip_min_length 500; | |
gzip_disable "MSIE [1-6]\."; | |
# So Rails can be aware of whether it's HTTP/HTTPS | |
proxy_set_header X-Forwarded-Proto $scheme; | |
upstream app_server { | |
server rails:3000 fail_timeout=0; | |
} | |
# global certs per ip but a cert can sign *.mysite.dev mysite.dev | |
ssl_certificate /usr/local/app/certs/server.crt; | |
ssl_certificate_key /usr/local/app/certs/server.key; | |
server { | |
listen 80; | |
server_name 192.168.99.100; | |
return 301 https://$server_name$request_uri; | |
} | |
server { | |
listen 443 ssl; | |
server_name 192.168.99.100; | |
ssl on; | |
client_max_body_size 4G; | |
keepalive_timeout 5; | |
root /usr/src/app/; | |
try_files $uri/index.html $uri.html $uri @app; | |
location @app { | |
proxy_set_header Host $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
proxy_pass http://app_server; | |
} | |
# Rails error pages | |
error_page 500 502 503 504 /500.html; | |
location = /500.html { | |
root /usr/src/app/public; | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment