├── .gitignore ├── Dockerfile ├── LICENSE ├── README.md ├── img └── architecture.png ├── nginx ├── extra │ └── empty-for-build.conf ├── nginx.conf ├── proxy_nossl.conf └── proxy_ssl.conf ├── packer.json └── start.sh /.gitignore: -------------------------------------------------------------------------------- 1 | *~ 2 | *.swp 3 | *.swo 4 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | # Copyright 2015 Google Inc. All rights reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | #you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # 14 | # nginx-ssl-proxy 15 | # 16 | # VERSION 0.0.1 17 | 18 | FROM nginx 19 | 20 | MAINTAINER Evan Brown 21 | 22 | RUN rm /etc/nginx/conf.d/*.conf 23 | 24 | RUN mkdir -p /etc/nginx/extra-conf.d 25 | 26 | WORKDIR /usr/src 27 | 28 | ADD start.sh /usr/src/ 29 | ADD nginx/nginx.conf /etc/nginx/ 30 | ADD nginx/proxy*.conf /usr/src/ 31 | ADD nginx/extra/*.conf /etc/nginx/extra-conf.d/ 32 | 33 | ENTRYPOINT ./start.sh 34 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright {yyyy} {name of copyright owner} 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | #nginx-ssl-proxy 2 | This repository is used to build a Docker image that acts as an HTTP [reverse proxy](http://en.wikipedia.org/wiki/Reverse_proxy) with optional (but strongly encouraged) support for acting as an [SSL termination proxy](http://en.wikipedia.org/wiki/SSL_termination_proxy). The proxy can also be configured to enforce [HTTP basic access authentication](http://en.wikipedia.org/wiki/Basic_access_authentication). Nginx is the HTTP server, and its SSL configuration is included (and may be modified to suit your needs) at `nginx/proxy_ssl.conf` in this repository. 3 | 4 | ## Building the Image 5 | Build the image yourself by cloning this repository then running: 6 | 7 | ```shell 8 | docker build -t nginx-ssl-proxy . 9 | ``` 10 | 11 | ## Using with Kubernetes 12 | This image is optimized for use in a Kubernetes cluster to provide SSL termination for other services in the cluster. It should be deployed as a [Kubernetes replication controller](https://github.com/GoogleCloudPlatform/kubernetes/blob/master/docs/replication-controller.md) with a [service and public load balancer](https://github.com/GoogleCloudPlatform/kubernetes/blob/master/docs/services.md) in front of it. SSL certificates, keys, and other secrets are managed via the [Kubernetes Secrets API](https://github.com/GoogleCloudPlatform/kubernetes/blob/master/docs/design/secrets.md). 13 | 14 | Here's how the replication controller and service would function terminating SSL for Jenkins in a Kubernetes cluster: 15 | 16 | ![](img/architecture.png) 17 | 18 | See [https://github.com/GoogleCloudPlatform/kube-jenkins-imager](https://github.com/GoogleCloudPlatform/kube-jenkins-imager) for a complete tutorial that uses the `nginx-ssl-proxy` in Kubernetes. 19 | 20 | ## Run an SSL Termination Proxy from the CLI 21 | To run an SSL termination proxy you must have an existing SSL certificate and key. These instructions assume they are stored at /path/to/secrets/ and named `cert.crt` and `key.pem`. You'll need to change those values based on your actual file path and names. 22 | 23 | 1. **Create a DHE Param** 24 | 25 | The nginx SSL configuration for this image also requires that you generate your own DHE parameter. It's easy and takes just a few minutes to complete: 26 | 27 | ```shell 28 | openssl dhparam -out /path/to/secrets/dhparam.pem 2048 29 | ``` 30 | 31 | 2. **Launch a Container** 32 | 33 | Modify the below command to include the actual address or host name you want to proxy to, as well as the correct /path/to/secrets for your certificate, key, and dhparam: 34 | 35 | ```shell 36 | docker run \ 37 | -e ENABLE_SSL=true \ 38 | -e TARGET_SERVICE=THE_ADDRESS_OR_HOST_YOU_ARE_PROXYING_TO \ 39 | -v /path/to/secrets/cert.crt:/etc/secrets/proxycert \ 40 | -v /path/to/secrets/key.pem:/etc/secrets/proxykey \ 41 | -v /path/to/secrets/dhparam.pem:/etc/secrets/dhparam \ 42 | nginx-ssl-proxy 43 | ``` 44 | The really important thing here is that you map in your cert to `/etc/secrets/proxycert`, your key to `/etc/secrets/proxykey`, and your dhparam to `/etc/secrets/dhparam` as shown in the command above. 45 | 46 | 3. **Enable Basic Access Authentication** 47 | 48 | Create an htpaddwd file: 49 | 50 | ```shell 51 | htpasswd -nb YOUR_USERNAME SUPER_SECRET_PASSWORD > /path/to/secrets/htpasswd 52 | ``` 53 | 54 | Launch the container, enabling the feature and mapping in the htpasswd file: 55 | 56 | ```shell 57 | docker run \ 58 | -e ENABLE_SSL=true \ 59 | -e ENABLE_BASIC_AUTH=true \ 60 | -e TARGET_SERVICE=THE_ADDRESS_OR_HOST_YOU_ARE_PROXYING_TO \ 61 | -v /path/to/secrets/cert.crt:/etc/secrets/proxycert \ 62 | -v /path/to/secrets/key.pem:/etc/secrets/proxykey \ 63 | -v /path/to/secrets/dhparam.pem:/etc/secrets/dhparam \ 64 | -v /path/to/secrets/htpasswd:/etc/secrets/htpasswd \ 65 | nginx-ssl-proxy 66 | ``` 67 | 4. **Add additional nginx config** 68 | 69 | All *.conf from [nginx/extra](nginx/extra) are added during *built* to **/etc/nginx/extra-conf.d** and get included on startup of the container. Using volumes you can overwrite them on *start* of the container: 70 | 71 | ```shell 72 | docker run \ 73 | -e ENABLE_SSL=true \ 74 | -e TARGET_SERVICE=THE_ADDRESS_OR_HOST_YOU_ARE_PROXYING_TO \ 75 | -v /path/to/secrets/cert.crt:/etc/secrets/proxycert \ 76 | -v /path/to/secrets/key.pem:/etc/secrets/proxykey \ 77 | -v /path/to/secrets/dhparam.pem:/etc/secrets/dhparam \ 78 | -v /path/to/additional-nginx.conf:/etc/nginx/extra-conf.d/additional_proxy.conf \ 79 | nginx-ssl-proxy 80 | ``` 81 | 82 | That way it is possible to setup additional proxies or modifying the nginx configuration. -------------------------------------------------------------------------------- /img/architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/nginx-ssl-proxy/203704804a0eeede65beafc59604c576a6ca5a2a/img/architecture.png -------------------------------------------------------------------------------- /nginx/extra/empty-for-build.conf: -------------------------------------------------------------------------------- 1 | #this file is intentionally left emtpy, because 2 | #otherwise docker-compose or the hub fails the build... -------------------------------------------------------------------------------- /nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | user nginx; 2 | worker_processes 1; 3 | 4 | error_log /var/log/nginx/error.log warn; 5 | pid /var/run/nginx.pid; 6 | 7 | 8 | events { 9 | worker_connections 1024; 10 | } 11 | 12 | 13 | http { 14 | include /etc/nginx/mime.types; 15 | default_type application/octet-stream; 16 | 17 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 18 | '$status $body_bytes_sent "$http_referer" ' 19 | '"$http_user_agent" "$http_x_forwarded_for"'; 20 | 21 | access_log /var/log/nginx/access.log main; 22 | 23 | sendfile on; 24 | #tcp_nopush on; 25 | 26 | keepalive_timeout 65; 27 | 28 | #gzip on; 29 | client_max_body_size 20M; 30 | include /etc/nginx/conf.d/proxy.conf; 31 | 32 | #additional config 33 | include /etc/nginx/extra-conf.d/*; 34 | } 35 | -------------------------------------------------------------------------------- /nginx/proxy_nossl.conf: -------------------------------------------------------------------------------- 1 | upstream target_service { 2 | server {{TARGET_SERVICE}}; 3 | } 4 | 5 | server { 6 | server_name _; 7 | listen 80; 8 | 9 | location / { 10 | proxy_set_header Host $host; 11 | proxy_set_header X-Real-IP $remote_addr; 12 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 13 | proxy_set_header X-Forwarded-Proto $scheme; 14 | proxy_pass http://target_service; 15 | proxy_read_timeout 90; 16 | #auth_basic "Restricted"; 17 | #auth_basic_user_file /etc/secrets/htpasswd; 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /nginx/proxy_ssl.conf: -------------------------------------------------------------------------------- 1 | upstream target_service { 2 | server {{TARGET_SERVICE}}; 3 | } 4 | 5 | server { 6 | server_name _; 7 | listen 80; 8 | return 301 https://$host$request_uri; 9 | } 10 | 11 | server { 12 | server_name _; 13 | listen 443; 14 | 15 | ssl on; 16 | ssl_certificate /etc/secrets/proxycert; 17 | ssl_certificate_key /etc/secrets/proxykey; 18 | ssl_dhparam /etc/secrets/dhparam; 19 | 20 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 21 | ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-RC4-SHA:AES128-GCM-SHA256:HIGH:!RC4:!MD5:!aNULL:!EDH:!CAMELLIA; 22 | ssl_prefer_server_ciphers on; 23 | 24 | ssl_session_cache shared:SSL:10m; 25 | ssl_session_timeout 10m; 26 | 27 | ssl_session_tickets off; 28 | ssl_stapling on; 29 | ssl_stapling_verify on; 30 | resolver 8.8.8.8 8.8.4.4 valid=300s; 31 | resolver_timeout 5s; 32 | 33 | add_header Strict-Transport-Security max-age=15638400; 34 | add_header X-Frame-Options DENY; 35 | add_header X-Content-Type-Options nosniff; 36 | 37 | location / { 38 | proxy_set_header Host $host; 39 | proxy_set_header X-Real-IP $remote_addr; 40 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 41 | proxy_set_header X-Forwarded-Proto $scheme; 42 | proxy_set_header X-Forwarded-Host $http_host; 43 | proxy_pass http://target_service; 44 | proxy_read_timeout 90; 45 | proxy_redirect http:// https://; 46 | #auth_basic "Restricted"; 47 | #auth_basic_user_file /etc/secrets/htpasswd; 48 | } 49 | } 50 | 51 | -------------------------------------------------------------------------------- /packer.json: -------------------------------------------------------------------------------- 1 | { 2 | "variables": { 3 | "name": "nginx-ssl-proxy", 4 | "git_commit": "", 5 | "git_branch": "", 6 | "account_file": "", 7 | "project_id": "null" 8 | }, 9 | "builders": [ 10 | { 11 | "type": "docker", 12 | "image": "nginx", 13 | "commit": "true" 14 | } 15 | ], 16 | "provisioners": [ 17 | { 18 | "type": "shell", 19 | "inline": [ 20 | "rm /etc/nginx/conf.d/*.conf" 21 | ] 22 | }, 23 | { 24 | "type": "file", 25 | "source": "nginx/nginx.conf", 26 | "destination": "/etc/nginx/nginx.conf" 27 | }, 28 | { 29 | "type": "file", 30 | "source": "nginx/proxy_ssl.conf", 31 | "destination": "/usr/src/proxy_ssl.conf" 32 | }, 33 | { 34 | "type": "file", 35 | "source": "nginx/proxy_nossl.conf", 36 | "destination": "/usr/src/proxy_nossl.conf" 37 | }, 38 | { 39 | "type": "file", 40 | "source": "start.sh", 41 | "destination": "/usr/bin/start.sh" 42 | } 43 | ], 44 | "post-processors": [ 45 | [ 46 | { 47 | "type": "docker-tag", 48 | "repository": "gcr.io/{{user `project_id`}}/{{user `name`}}", 49 | "tag": "{{user `git_branch`}}-{{user `git_commit`}}", 50 | "only": ["docker"] 51 | } 52 | ] 53 | ] 54 | } 55 | -------------------------------------------------------------------------------- /start.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright 2015 Google Inc. All rights reserved. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | #you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | 15 | # Env says we're using SSL 16 | if [ -n "${ENABLE_SSL+1}" ] && [ "${ENABLE_SSL,,}" = "true" ]; then 17 | echo "Enabling SSL..." 18 | cp /usr/src/proxy_ssl.conf /etc/nginx/conf.d/proxy.conf 19 | else 20 | # No SSL 21 | cp /usr/src/proxy_nossl.conf /etc/nginx/conf.d/proxy.conf 22 | fi 23 | 24 | # If an htpasswd file is provided, download and configure nginx 25 | if [ -n "${ENABLE_BASIC_AUTH+1}" ] && [ "${ENABLE_BASIC_AUTH,,}" = "true" ]; then 26 | echo "Enabling basic auth..." 27 | sed -i "s/#auth_basic/auth_basic/g;" /etc/nginx/conf.d/proxy.conf 28 | fi 29 | 30 | # If the SERVICE_HOST_ENV_NAME and SERVICE_PORT_ENV_NAME vars are provided, 31 | # there are two options: 32 | # - Option 1: 33 | # they point to the env vars set by Kubernetes that contain the actual 34 | # target address and port. Override the default with them. 35 | # - Option 2: 36 | # they point to a host and port accessible from the container, respectively, 37 | # as in a multi-container pod scenario in Kubernetes. 38 | # E.g. 39 | # - SERVICE_HOST_ENV_NAME=localhost 40 | # - SERVICE_PORT_ENV_NAME=8080 41 | if [ -n "${SERVICE_HOST_ENV_NAME+1}" ]; then 42 | # get value of the env variable in SERVICE_HOST_ENV_NAME as host, if that's not set, 43 | # SERVICE_HOST_ENV_NAME has the host value 44 | TARGET_SERVICE=${!SERVICE_HOST_ENV_NAME:=$SERVICE_HOST_ENV_NAME} 45 | fi 46 | if [ -n "${SERVICE_PORT_ENV_NAME+1}" ]; then 47 | # get value of the env variable in SERVICE_PORT_ENV_NAME as port, if that's not set, 48 | # SERVICE_PORT_ENV_NAME has the port value 49 | TARGET_SERVICE="$TARGET_SERVICE:${!SERVICE_PORT_ENV_NAME:=$SERVICE_PORT_ENV_NAME}" 50 | fi 51 | 52 | # Tell nginx the address and port of the service to proxy to 53 | sed -i "s/{{TARGET_SERVICE}}/${TARGET_SERVICE}/g;" /etc/nginx/conf.d/proxy.conf 54 | 55 | echo "Starting nginx..." 56 | nginx -g 'daemon off;' 57 | --------------------------------------------------------------------------------