Git Product home page Git Product logo

nginx's Introduction

Nginx Docker Container Images

Build Status Docker Pulls Docker Stars

Docker Images

❗For better reliability we release images with stability tags (wodby/nginx:1.21-X.X.X) which correspond to git tags. We strongly recommend using images only with stability tags.

Overview:

Supported tags and respective Dockerfile links:

All images built for linux/amd64 and linux/arm64

Environment Variables

Variable Default Value Description
NGINX_ALLOW_ACCESS_HIDDEN_FILES
NGINX_BACKEND_FAIL_TIMEOUT 0
NGINX_BACKEND_HOST Varies with a preset
NGINX_BACKEND_PORT Varies with a preset
NGINX_BROTLI on
NGINX_BROTLI_STATIC on
NGINX_BROTLI_COMP_LEVEL 1
NGINX_CLIENT_BODY_BUFFER_SIZE 16k
NGINX_CLIENT_BODY_TIMEOUT 60s
NGINX_CLIENT_HEADER_BUFFER_SIZE 4k
NGINX_CLIENT_HEADER_TIMEOUT 60s
NGINX_CLIENT_MAX_BODY_SIZE 32m
NGINX_CONF_INCLUDE conf.d/*.conf
NGINX_DISABLE_CACHING
NGINX_DJANGO_MEDIA_ROOT /var/www/html/media/
NGINX_DJANGO_MEDIA_URL /media/
NGINX_DJANGO_STATIC_ROOT /var/www/html/static/
NGINX_DJANGO_STATIC_URL /static/
NGINX_DRUPAL_ALLOW_XML_ENDPOINTS
NGINX_DRUPAL_FILE_PROXY_URL e.g. http://dev.example.com
NGINX_DRUPAL_FILES_STATIC_EXT_REGEX txt
NGINX_DRUPAL_HIDE_HEADERS
NGINX_DRUPAL_XMLRPC_SERVER_NAME Drupal 7 only
NGINX_DRUPAL_NOT_FOUND_REGEX (see Drupal)
NGINX_WP_NOT_FOUND_REGEX (see Wordpress)
NGINX_ERROR_403_URI
NGINX_ERROR_404_URI
NGINX_ERROR_LOG_LEVEL error
NGINX_ERROR_MESSAGE_50x
NGINX_FASTCGI_BUFFER_SIZE 32k For PHP-based presets only
NGINX_FASTCGI_BUFFERS 16 32k For PHP-based presets only
NGINX_FASTCGI_INDEX index.php For PHP-based presets only
NGINX_FASTCGI_INTERCEPT_ERRORS on For PHP-based presets only
NGINX_FASTCGI_READ_TIMEOUT 900 For PHP-based presets only
NGINX_GZIP_BUFFERS 16 8k
NGINX_GZIP_COMP_LEVEL 1
NGINX_GZIP_DISABLE msie6
NGINX_GZIP_HTTP_VERSION 1.1
NGINX_GZIP_MIN_LENGTH 20
NGINX_GZIP_PROXIED any
NGINX_GZIP_VARY on
NGINX_GZIP on
NGINX_HEADERS_CONTENT_SECURITY_POLICY frame-ancestors: 'none' different for Drupal and WP presets
NGINX_HIDE_50x_ERRORS
NGINX_HTTP2
NGINX_INDEX_FILE Varies with a preset Hard-coded for Drupal and WP
NGINX_KEEPALIVE_REQUESTS 100
NGINX_KEEPALIVE_TIMEOUT 75s
NGINX_LARGE_CLIENT_HEADER_BUFFERS 8 16k
NGINX_LOG_FORMAT_OVERRIDE
NGINX_METRICS_ENABLED off
NGINX_METRICS_FORMAT html html, json, jsonp, prometheus
NGINX_METRICS_ALLOW_FROM
NGINX_MODSECURITY_ENABLED See ModSecurity
NGINX_MODSECURITY_INBOUND_ANOMALY_SCORE_THRESHOLD 7
NGINX_MODSECURITY_OUTBOUND_ANOMALY_SCORE_THRESHOLD 7
NGINX_MODSECURITY_POST_CORE_RULES Location to rules loaded after CRS
NGINX_MODSECURITY_PRE_CORE_RULES Location to rules loaded before CRS
NGINX_MODSECURITY_USE_OWASP_CRS See ModSecurity
NGINX_MULTI_ACCEPT on
NGINX_NO_DEFAULT_HEADERS
NGINX_REAL_IP_HEADER X-Real-IP
NGINX_REAL_IP_RECURSIVE off
NGINX_RESET_TIMEDOUT_CONNECTION off
NGINX_SEND_TIMEOUT 60s
NGINX_SENDFILE on
NGINX_SERVER_EXTRA_CONF_FILEPATH
NGINX_SERVER_NAME default
NGINX_SERVER_ROOT /var/www/html
NGINX_SERVER_TOKENS off
NGINX_SET_REAL_IP_FROM
NGINX_SET_REAL_IPS_FROM json array as string
NGINX_STATIC_404_TRY_INDEX
NGINX_STATIC_ACCESS_LOG off
NGINX_STATIC_EXPIRES 1y
NGINX_STATIC_MP4_BUFFER_SIZE 1M
NGINX_STATIC_MP4_MAX_BUFFER_SIZE 5M
NGINX_STATIC_OPEN_FILE_CACHE_ERRORS on
NGINX_STATIC_OPEN_FILE_CACHE_MIN_USES 2
NGINX_STATIC_OPEN_FILE_CACHE_VALID 30s
NGINX_STATIC_OPEN_FILE_CACHE max=1000 inactive=30s
NGINX_STATIC_EXT_REGEX (see below)
NGINX_STATUS_ALLOW_FROM e.g. 172.18.0.0/16
NGINX_STATUS_ENABLED off
NGINX_TCP_NODELAY on
NGINX_TCP_NOPUSH on
NGINX_TRACK_UPLOADS uploads 60s
NGINX_UNDERSCORES_IN_HEADERS off
NGINX_UPLOAD_PROGRESS uploads 1m
NGINX_USER nginx
NGINX_VHOST_NO_DEFAULTS
NGINX_VHOST_PRESET html
NGINX_WORKER_CONNECTIONS 1024
NGINX_WORKER_PROCESSES auto
NGINX_WP_FILE_PROXY_URL e.g. http://dev.example.com
NGINX_WP_GOOGLE_XML_SITEMAP See WordPress
NGINX_WP_YOAST_XML_SITEMAP See WordPress

Static files extension defined via the regex and can be overridden via the env var NGINX_STATIC_EXT_REGEX, default:

css|cur|js|jpe?g|gif|htc|ico|png|xml|otf|ttf|eot|woff|woff2|svg|mp4|svgz|ogg|ogv|pdf|pptx?|zip|tgz|gz|rar|bz2|doc|xls|exe|tar|mid|midi|wav|bmp|rtf|txt|map|webp

Some environment variables can be overridden or added per preset.

Build arguments

Argument Default value
WODBY_GROUP_ID 1000
WODBY_USER_ID 1000

Nginx modules

Name Version Dynamic
brotli 9aec15e
http_addition
http_auth_request
http_dav
http_flv
http_gunzip
http_gzip_static
http_image_filter
http_modsecurity See ModSecurity
http_mp4
http_random_index
http_realip
http_secure_link
http_slice
http_ssl
http_stub_status
http_sub
http_uploadprogress 0.9.1
http_v2
http_xslt
mail_ssl
stream_realip
stream_ssl
stream_ssl_preread
vts 3c6cf41

ModSecurity

Component Version
ModSecurity Nginx module 1.0.0
ModSecurity Library 3.0.3
OWASP CRS 3.1.0

Compiled as a dynamic module, disabled by default. To enable set $NGINX_MODSECURITY_ENABLED to any value. Additionally, you can enable OWASP Core Rule Set (CRS) by setting $NGINX_MODSECURITY_USE_OWASP_CRS to any value, ️be wary since it may block some requests with the default configuration. See env vars starting with $NGINX_MODSECURITY_ for advanced configuration.

Default behavior

Applied to all presets by default, can be disabled via $NGINX_VHOST_NO_DEFAULTS:

  • /.well-known/ location supported
  • /ads.txt allowed
  • /robots.txt allowed
  • /humans.txt allowed
  • /favicon.ico allowed
  • .flv, .m4a, .mp4, .mov locations supported and handled with appropriate modules
  • /.healthz location supported, requests not shown in access log

Customization

  • Pass real IP from a reverse proxy via $NGINX_SET_REAL_IP_FROM, e.g. 172.17.0.0/16 for docker network
  • Pass multiple real IP from reverse proxies via $NGINX_SET_REAL_IPS_FROM In a docker-compose.yml this can be done like this:
    environment:
      NGINX_SET_REAL_IPS_FROM: "[\"172.17.0.0/16\", \"192.168.0.10\"]"
    
    environment:
      NGINX_SET_REAL_IPS_FROM: |-
        ["172.17.0.0/16", "192.168.0.10"]
    
  • Customize the header which value will be used to replace the client address via $NGINX_REAL_IP_HEADER
  • Default recommended headers can be disabled via $NGINX_NO_DEFAULT_HEADERS (defined in nginx.conf)
  • The value for the Content-Security-Policy header can be changed using $NGINX_HEADERS_CONTENT_SECURITY_POLICY, it's default value is frame-ancestors: 'none'. More information on this header can be found here.
  • Error page file can be customized for HTTP errors 403 ($NGINX_ERROR_403_URI) and 404 ($NGINX_ERROR_404_URI)
  • Default error page for HTTP errors 500, 502, 503, 504 can be disabled via $NGINX_HIDE_50x_ERRORS
  • Access to hidden files (starting with .) can be allowed via $NGINX_ALLOW_ACCESS_HIDDEN_FILES
  • Caching can be disabled via $NGINX_DISABLE_CACHING
  • Add extra locations via $NGINX_SERVER_EXTRA_CONF_FILEPATH=/filepath/to/nginx-locations.conf, the file will be included at the end of default rules (server context)
  • Completely override include of the virtual host config by overriding NGINX_CONF_INCLUDE, it will be included in nginx.conf
  • Define custom preset
  • Status page /.statusz can be enabled via $NGINX_STATUS_ENABLED, requests not shown in access log
  • Metrics page /.metricsz can be enabled via $NGINX_METRICS_ENABLED, requests not shown in access log
  • Metrics page format can be customized via $NGINX_METRICS_FORMAT, supports json, html, jsonp and prometheus

Virtual hosts presets

Virtual host preset html will be used by default, you can change it via env var $NGINX_VHOST_PRESET. The list of available presets:

HTML

Overridden default values:

Variable Default Value
NGINX_INDEX_FILE index.html

HTTP proxy (application server)

  • Preset template
  • Usage: add NGINX_VHOST_PRESET=http-proxy and NGINX_BACKEND_HOST=[HOST]

Overridden default values:

Variable Default Value
NGINX_BACKEND_HOST
NGINX_BACKEND_PORT 8080

Django

Same as HTTP proxy but with additional media/static locations for Django.

Overridden default values:

Variable Default Value
NGINX_BACKEND_HOST python
NGINX_BACKEND_PORT 8080

PHP-based (FastCGI)

Overridden default values:

Variable Default Value
NGINX_BACKEND_HOST php
NGINX_BACKEND_PORT 9000

PHP

  • Preset template
  • Usage: add NGINX_VHOST_PRESET=php, optionally modify NGINX_BACKEND_HOST

Overridden default values:

Variable Default Value
NGINX_INDEX_FILE index.php index.html

WordPress

  • Preset template
  • Usage: add NGINX_VHOST_PRESET=wordpress, optionally modify NGINX_BACKEND_HOST
  • Access to *.txt files allowed only if they are located in uploads directory
  • Access to /wp-content/uploads/woocommerce_uploads disallowed
  • Dynamic generated /robots.txt supported
  • Supports /wp-sitemap.xml endpoint
  • Alternative sitemap.xml endpoints:
  • Default value of NGINX_HEADERS_CONTENT_SECURITY_POLICY overridden to frame-ancestors: 'self'

Default value of NGINX_WP_NOT_FOUND_REGEX (backspaces must be escaped) is: .+\\.(?:txt|md|pot|sh|.*sql?)|(?:composer\\.(json|lock)|(package|package-lock)\\.json|yarn\\.lock)$

Drupal

  • Preset templates: Drupal 10, Drupal 9, Drupal 8, Drupal 7
  • Usage: add NGINX_VHOST_PRESET= with the value of drupal10, drupal9, drupal8 or drupal7. Optionally modify NGINX_BACKEND_HOST
  • If you want to use stage_file_proxy module, set $NGINX_STATIC_404_TRY_INDEX=1 to redirect 404 static files requests to Drupal
  • Access to .txt (can be overridden via NGINX_DRUPAL_FILES_STATIC_EXT_REGEX) files allowed only if they are located in files directory
  • Access to certs extensions gives 404 based on the value of $NGINX_DRUPAL_NOT_FOUND_REGEX
  • Default value of NGINX_HEADERS_CONTENT_SECURITY_POLICY overridden to frame-ancestors: 'self'

Default value of NGINX_DRUPAL_NOT_FOUND_REGEX (backspaces must be escaped) is taken from Drupal's .htaccess and depends on the Drupal version:

Drupal 10/9/8:

\\.(engine|md|txt|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\\.php)?|xtmpl|yml|yaml)(~|\\.sw[op]|\\.bak|\\.orig|\\.save)?$|^(\\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template)$|(web\\.config|composer\\.(json|lock)|(package|package-lock)\\.json|yarn\\.lock)$|^#.*#$|\\.php(~|\\.sw[op]|\\.bak|\\.orig|\\.save)$

Drupal 7:

\\.(engine|txt|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\\.php)?|xtmpl|yml|yaml)(~|\\.sw[op]|\\.bak|\\.orig|\\.save)?$|^(\\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\\.(json|lock)|(package|package-lock)\\.json|yarn\\.lock)$|^#.*#$|\\.php(~|\\.sw[op]|\\.bak|\\.orig\\.save)$

Matomo

Based on https://github.com/matomo-org/matomo-nginx

The default value of NGINX_STATIC_EXT_REGEX overridden:

css|cur|js|jpe?g|gif|htc|ico|png|xml|otf|ttf|eot|woff|woff2|svg|mp4|svgz|ogg|ogv|pdf|pptx?|zip|tgz|gz|rar|bz2|doc|xls|exe|tar|mid|midi|wav|bmp|rtf|txt|map|webp|json|html

Custom preset

You can use a custom by preset by mounting your preset to /etc/gotpl/presets/[my-preset-name].conf.tmpl and setting $NGINX_VHOST_PRESET=[my-preset-name].

No preset

To disable presets set $NGINX_VHOST_PRESET=""

Maintenance

Updates to Nginx and base image automated via wodby/images.

Orchestration actions

Usage:

make COMMAND [params ...]

commands:
    init
    git-checkout [target is_hash]
    check-ready [host max_try wait_seconds delay_seconds]

default params values:
    host localhost
    max_try 1
    wait_seconds 1
    delay_seconds 0

nginx's People

Contributors

allupaku avatar chexwarrior avatar csandanov avatar dhallek avatar elaman avatar fortis avatar jnpwebdeveloper avatar koendierckx avatar niklan avatar pprishchepa avatar spleshka avatar wodbot avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar

nginx's Issues

Overriding log format

I'm having some trouble overriding log_format.

I added the NGINX_LOG_FORMAT_OVERRIDE variable with the following string:

$http_x_forwarded_for - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"

When I redeploy my stack, I receive the error:

nginx: [emerg] duplicate "log_format" name "combined" in /etc/nginx/nginx.conf:20

My stack is running the wodby/drupal-nginx:7-1.15-4.2.0 image.

Uploadprogress does not work in Drupal 7

Uploadprogress does not work in Drupal 7. Actually, I'm not sure about other apps, it seems because Drupal 7 use old-fashion technique of detection uploading progress instead of uploading via JS.

The way to reproduce the issue:

  1. Setup vanilla Drupal 7
  2. Install modules:
composer require drupal/media drupal/media_bulk_upload drupal/plupload drupal/multiform
drush en media_bulk_upload
  1. Go to http://example.com/file/add/upload/archive
  2. Try to upload a file large than 1Mb

Custom Preset naming / error

Hello there,
does this still function as expected?

**Custom preset**
You can use a custom by preset by mounting your preset to /etc/gotpl/presets/[my-preset-name].conf.tmpl and setting $NGINX_VHOST_PRESET=[my-preset-name].

I copied the wordpress preset with the intention of adding some roots/bedrock redirect logic (but have not added it yet).

my docker-compose looks like so

`  
nginx:
    image: wodby/nginx:$NGINX_TAG
    container_name: "${PROJECT_NAME}_nginx"
    depends_on:
    - php
    environment:
      NGINX_STATIC_OPEN_FILE_CACHE: "off"
      NGINX_ERROR_LOG_LEVEL: debug
      NGINX_BACKEND_HOST: php
      NGINX_VHOST_PRESET: bedrock
      NGINX_SERVER_ROOT: /var/www/html/web
    volumes:
    - ./:/var/www/html:cached
    #to add redirects for bedrock assets added to wp prior to bedrock eg: wp-content/uploads/*
    - ./bedrock.conf.tmpl:/etc/gotpl/presets/bedrock.conf.tmpl
## Alternative for macOS users: Mutagen https://wodby.com/docs/stacks/wordpress/local#docker-for-mac
#    - mutagen:/var/www/html
    labels:
    - "traefik.http.routers.${PROJECT_NAME}_nginx.rule=Host(`${PROJECT_BASE_URL}`)"
`

my bedrock.config.tmpl is a clone of your wordpress template

the nginx container will crash with nginx: [emerg] no port in upstream "php" in /etc/nginx/preset.conf:103

However, if I change bedrock.config.tmlp to wordpress.config.tmlp and update the docker-compose.yml it will copy my template over and show my changes.

My question is, Am I doing something wrong in the docker compose
NGINX_VHOST_PRESET: bedrock
to where it doesn't know what file to look for?
I can verify that the file does exist inside the container /etc/gotpl/presets/bedrock.conf.tmpl (if I set the vhost back to wordpress to keep the container running).

Thanks in advance, and not a huge issue just more of a "but how do it do" sort of situation.
Take care :)

always build fastcgi.conf.tmpl and other

i like wodby/nginx and i want use it for my symfony project
but when i add my symfony.conf.tmpl and set $NGINX_VHOST_PRESET to symfony fastcgi.conf.tmpl not compiled

I also think that $NGINX_VHOST_PRESET may differ in different environments, and conditional compilation does not make sense

TLS handshake issue: expose 443 to avoid TLS termination.

The Drupal project based on the Docker4Drupal stack performs the HTTP response even if the request comes through Traefik 443 port with SSL.
Is there a configuration to pass TLS connection? Or is there any workaround to make the Drupal project perform HTTPS response?

Custom preset upstream.conf not correctly checked

entrypoint.sh is not checking correctly the custom upstream conf path

This is currently set to check a relative path, although this needs to be absolute.

        elif [[ -f "includes/upstream.${NGINX_VHOST_PRESET}.conf.tmpl" ]]; then
            _gotpl "includes/upstream.${NGINX_VHOST_PRESET}.conf.tmpl" "/etc/nginx/upstream.conf"
        else

Allow .yml in files directory (just like .txt)

YAML files are often attached to content for explanatory or documentation purposes. A blanket ban makes no sense, and .yaml is still allowed sitewide anyway.
A concrete example of uploaded .yml files is in a developer portal, where a valid OpenAPI specification can be in JSON or YAML format, and needs to be uploaded for later rendering via SwaggerUI or a similar library. There are certainly other use cases that are all completely valid. YAML or JSON files in the files directory are safe because of all the other precautions we have in the config. I realize that the blanket 404 is a straight port from Drupal's .htaccess, and it should be fixed there as well, but here we can start.

Proposed change to line 39 of templates/presets/drupal9.conf.tmpl (and earlier Drupal versions as well):

-   location ~* /sites/.+/files/.+\.txt {
+   location ~* /sites/.+/files/.+\.(txt|yml) {

Port 443 not working

I cant figure out how to enable port 443.
This is my docker-compose file:

nginx:
image: wodby/nginx:$NGINX_TAG
container_name: "${PROJECT_NAME}_nginx"
depends_on:
- php
ports:
- "80:80"
- "443:443"
environment:
NGINX_STATIC_OPEN_FILE_CACHE: "off"
NGINX_ERROR_LOG_LEVEL: debug
NGINX_BACKEND_HOST: php
NGINX_VHOST_PRESET: wordpress
#NGINX_SERVER_ROOT: /var/www/html/subdir
volumes:
- $PWD/codebase:/var/www/html
- /etc/nginx

I checked the port , but it says its closed. (also not used by other services). I use nginx with wordpress.

502 Bad Gateway

With this docker-compose.yml I'm receiving:

  • 502 Bad Gateway when accessing the site from host: http://localhost:8080
  • Accessing from the php container, I'm getting Recv failure: Connection reset by peer for "http://php:9000" (note that using port 80, it gives Failed to connect to php port 80)

Any clue?

version: "2"
services:
  php:
    image: wodby/drupal-php:8.1-4.37.12
    environment:
      DB_HOST: mariadb
      DB_USER: drupal
      DB_PASSWORD: drupal
      DB_NAME: drupal
      DB_DRIVER: mysql
      PHP_XDEBUG: 0
      PHP_FPM_USER: wodby
      PHP_FPM_GROUP: wodby
      PHP_FPM_CLEAR_ENV: "yes"
      PHP_OPCACHE_PRELOAD_USER: wodby
      PHP_XDEBUG_DEFAULT_ENABLE: 0
      PHP_XDEBUG_REMOTE_CONNECT_BACK: 1
      PHP_XDEBUG_REMOTE_HOST: "10.254.254.254"
      PHP_XDEBUG_IDEKEY: "PHPSTORM"
      PHP_IDE_CONFIG: "serverName=drupalextension"
    volumes:
      - ./:/var/www/html

  mariadb:
    image: wodby/mariadb:10.3-3.8.4
    stop_grace_period: 30s
    environment:
      MYSQL_ROOT_PASSWORD: password
      MYSQL_DATABASE: drupal
      MYSQL_USER: drupal
      MYSQL_PASSWORD: drupal

  nginx:
    image: wodby/nginx:1.16-5.11.3
    depends_on:
      - php
    environment:
      NGINX_STATIC_OPEN_FILE_CACHE: "off"
      NGINX_ERROR_LOG_LEVEL: debug
      NGINX_BACKEND_HOST: php
      NGINX_BACKEND_PORT: 80
      NGINX_SERVER_ROOT: /var/www/html
      NGINX_VHOST_PRESET: drupal9
    volumes:
      - ./:/var/www/html
    ports:
      - "8080:80"

default NGINX_BROTLI_COMP_LEVEL to big

I think level 6 - not best idea.
It slower than gzip, also i can't use brotli_static and gzip together for static files.
I runed some tests and think than 2 - better level by default, response smaller than gziped and nginx work fast.

Custom presets

Custom presets will not work. Look at the docker-entrypoint.sh:
if [[ "${NGINX_VHOST_PRESET}" =~ ^drupal8|drupal7|drupal6|wordpress|php$ ]]; then
_gotpl "includes/upstream.php.conf.tmpl" "/etc/nginx/upstream.conf"
elif [[ "${NGINX_VHOST_PRESET}" =~ ^http-proxy|django$ ]]; then
if [[ -z "${NGINX_BACKEND_HOST}" && "${NGINX_VHOST_PRESET}" == "django" ]]; then
export NGINX_BACKEND_HOST="python";
fi

        _gotpl "includes/upstream.http-proxy.conf.tmpl" "/etc/nginx/upstream.conf"
    fi

As you see upstream is not gonna be parsed for custom preset and an error is generated:
nginx: [emerg] no port in upstream "php" in

Add -dev-macos version like in php container

When trying to use nfs volume on Catalina OS it is important to have the user wodby with uid 501:20 . In php container there is a work around by having -dev-macos. Is there any container for nginx? And also other containers mariadb and so on. Is there any other way to change the user with environment variables?

NGINX_INDEX_FILE doesn't work from v5.1.0 and above

Hello all.
Using the nginx 1.5-5.0.18 I can set the default index file other than index.php with the environment variable NGINX_INDEX_FILE, with NGINX_VHOST_PRESET: php

Unfortunately if I try to use any other version from 1.15-5.1.0 and above this doesn't work. Of 'course none of the available versions of 1.17 works as well.

Then change that happened at the php preset is at line 5 where
{{ $index := (getenv "NGINX_INDEX_FILE" "index.php") }}
cahnged to
{{ $index := (getenv "NGINX_FASTCGI_INDEX" "index.php") }}

As a result of the above is to have a different file mentioned at the produced preset.conf file inside /etc/nginx, where on every version from 5.1.0 there is the following line
try_files $uri /index.php?$args;
instead of
try_files $uri /front.php?$args;
For the above I set the NGINX_INDEX_FILE: front.php

Of 'course if I set both ENV variables the same file, it works just fine. i.e.
NGINX_INDEX_FILE: 'front.php'
NGINX_FASTCGI_INDEX: 'front.php'

Is this intentional or a mistake? I am asking because the documentation doesn't mention it anywhere.

Do not show header X-Page-Speed

Consider hiding header like X-Page-Speed: 1.13.35.2-0 or replacing it by boolean flag to do not disclosure PageSpeed version.

Unable to set NGINX_SERVER_EXTRA_CONF_FILEPATH

Actually I'm not able to load any custom setup for nginx. Whatever path I set with NGINX_SERVER_EXTRA_CONF_FILEPATH custom conf file is not found.

Or if someone can point me, need to set some custom location { ... } with proxy_pass
thanks

location ~* ^.+.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off; log_not_found off; expires max;

add_header Access-Control-Allow-Origin *;
try_files $uri @production;

}

location @production {
resolver 1.1.1.1;
#proxy_ssl_session_reuse on;
#proxy_ssl_verify off;
#proxy_ssl_verify_depth 2;
#proxy_ssl on;
#proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#proxy_ssl_server_name on;
proxy_pass https://someurl.com/$uri;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}

Making www-data user id customizable?

Just a question: would it be maybe possible to make user id of www-data user customizable by environmental variable?

Currently when I'm running drupal-nginx container, the owner of the volume directory becomes user 82, which makes problems. Maybe customizable user id of www-data could solve the problem, by making it possible to set www-data user to the same id as the user on the host? Is it even possible? Or maybe there is some other way to get around of this? I'm kind of new so maybe I missed something.

change root path

Hello,

Lets say we have a php project in the directory located at /var/www/html/my-project
When trying to define that as the root dir of nginx, something seems to be failing:

https://github.com/wodby/nginx/blob/master/templates/includes/defaults.conf.tmpl#L7-L9

It looks like nginx will respond with some happy's 302 all the time, probably that sentence does not know the root it in that special directory. (this is a wordpress site, with the 'wordpress' preset been used)

What can we do about this?

It looks like nginx does not allow to put 'root /var/www/html/my-project ' in that particular sentence.

Thanks!

Query parameters are not being passed to the script

Is there any reason why in fastcgi_params.tpl there is no fastcgi_param QUERY_STRING $query_string; line? I just finished a long debugging session to conclude that query parameters are not being passed to the web server, because of lack of this line, and this breaks some ready nginx configurations available on the internet. As you can see, in nginx this parameter is set by default: https://github.com/nginx/nginx/blob/branches/stable-1.10/conf/fastcgi_params

Enable Brotli compression

Brotli (br) compression can give quite a performance boost. Especially when CDN proxies it transparently.

Add X-Forwarded-Proto pagespeed directive

since most of the installations will be behind some sort of docker ingress/load balancer/proxy - this would be great to have RespectXForwardedProto enabled by default:
https://www.modpagespeed.com/doc/https_support#RespectXForwardedProto

I believe it's a non-breaking change, or otherwise possibly an array or an environment var can be introduced to inject custom config lines without extra files. Ie just an ENV variable out in nginx config, instead of
https://github.com/wodby/nginx/blob/3d4db7d40e2decafa5b5bc0fff88272fea5ef809/templates/includes/defaults.conf.tmpl#L77-L80

Thank you.

Are AdvAgg rules working?

Hi there. I'm using the AdvAgg module and everything is working great except one small thing. Im using the D7 configuration but for some reason the location directive in line #55 is not working:

location ~* /sites/.*/files/advagg_css/css[_[:alnum:]]+\.css$ {
    access_log {{ getenv "NGINX_STATIC_ACCESS_LOG" "off" }};
    try_files $uri @drupal;
}

For one, I've disabled the static access log so AdvAgg files shouldn't be logged but they are. Also, I'm trying to send the inmutable cache-control directive in the same block, like this, but it's being ignored:

location ~* /sites/.*/files/advagg_css/css[_[:alnum:]]+\.css$ {
    access_log {{ getenv "NGINX_STATIC_ACCESS_LOG" "off" }};
    add_header Cache-Control "public, max-age=31536000, no-transform, immutable";
    try_files $uri @drupal;
}

If I put the directive in the outer block it works just fine. The issue seems to be the regex used to match the naming of AdvAgg's generated files. At least in the latest version (7.x-2.34) for Drupal 7, files are named something like this:

/sites/default/files/advagg_css/css__Tdw-8Mmgx7YtZQ05A9emTDXqrePB-bcUuv-axU4dEPc__ojEG3uFjJdKmsUekgDv2pRvliB8cz3RA2wwjKCXw8KA__0DJ0ZG79NTA--zXyGIopzC36trgu9i59TXgnuPuToaE.css

I'm not an expert but it looks like the css[_[:alnum:]]+\.css expression is trying to match a string like css_0123456789.css (obviously it may contain many more numbers) but in any case it won't be able to match anything given the current naming convention.

Should I just drop these lines in the outer block?

Thanks a lot in advance!

Drupal Backup and Migrate restore path generates 404 in nginx

The popular Drupal module Backup and Migrate has an option to save the backup files on the server, and to restore them from there.

The module generates a URL of the form /admin/config/development/backup_migrate/settings/destination/backups/private_files/restore/backup-2022-08-23T16-26-47.tar.gz to perform the restore functionality. It seems that the presence of the full filename in the URL confuses nginx to attempt to locate the static file, which fails and throws a 404.

Any suggestion to add a special case to the config to avoid this error?

Nginx Drupal 8 preset is not compatible with robotstxt module

Steps to reproduce:

  • Up and running Docker4Drupal stack;
  • Installed the latest version of Drupal 8.
  • removed web/robots.txt file;
  • enabled robotstxt module on Drupal 8 installation;
  • go to the /robots.txt page;

Expected results:

  • Status code - 200;
  • Returned default content of robots.txt file provided by robotstxt module;

Actual result:

  • Status code - 404;
  • No result provided. No request redirected to index.php when robots.txt file not exists.

HSTS

I could not find a configuration to activate HSTS is there plans of implementing?

Change the default value of ssl_session_cache?

The Nginx official document recommends to enable ssl_session_cache and set that to shared:name:size, which enables cache shared between all worker processes.

"To reduce the processor load it is recommended to set the number of worker processes equal to the number of processors, enable keep-alive connections,enable the shared session cache,"

I wonder whether the default setting need to be changed. Thanks.

NGINX_SERVER_EXTRA_CONF_FILEPATH is not working in wordpress template

Hello, please help me to set NGINX_SERVER_EXTRA_CONF_FILEPATH for nginx in wodby/wordpress.
Here is my docker-compose

nginx:
    image: wodby/nginx:$NGINX_TAG
    container_name: "${PROJECT_NAME}_nginx"
    depends_on:
      - php
    environment:
      NGINX_STATIC_OPEN_FILE_CACHE: "off"
      NGINX_ERROR_LOG_LEVEL: debug
      NGINX_BACKEND_HOST: php
      NGINX_VHOST_PRESET: wordpress
      NGINX_SERVER_EXTRA_CONF_FILEPATH: /etc/nginx/nginx-locations.conf
    volumes:
      - ./www:/var/www/html
      - ./nginx/nginx-locations.conf:/etc/nginx/nginx-locations.conf
    labels:
    - "traefik.http.routers.${PROJECT_NAME}_nginx.rule=Host(`${PROJECT_BASE_URL}`)"

And here is nginx-locations.conf:

location ~ ^/wp-content/uploads/(.*) {
      try_files $uri @live_uploads;
    }

    location @live_uploads {
        rewrite ^/wp-content/uploads/(.*)$ https://mysite.ru/wp-content/uploads/$1 permanent;
    }

And the whole combination is not working. What I am doing wrong?

Why can't I use the Environment Variables when I am extending wodby/nginx ?

Hi :)
First I want to say that I am absolutely loving all the containers and that you've done a wonderful job.
And second - to the question:

I want to use the wodby/nginx:1.17-5.6.8 but I want to additionally install yarn there so I thought I could use it and just extend it.
So this is what I did:
docker-compose.yml:

version: "3"
services:
  styleguide:
    build: nginx
    container_name: "${PROJECT_NAME}_page"
    environment:
      NGINX_SERVER_ROOT: /var/www/html/dist
    volumes:
      - ./:/var/www/html
    labels:
      - "traefik.http.routers.${PROJECT_NAME}_styleguide.rule=Host(`${PROJECT_BASE_URL}`)"

nginx/Dockerfile:

FROM wodby/nginx:1.17-5.6.8

RUN apk add yarn

I also have a .env file of course with the PROJECT_NAME, PROJECT_BASE_URL values.

The thig is that when I am doing it so - it builds, but the environment variable NGINX_SERVER_ROOT does not get recognized.

on the other hand if I am not extending it, but simply am doing

version: "3"
services:
  styleguide:
    image: wodby/nginx:1.17-5.6.8
    container_name: "${PROJECT_NAME}_page"
    environment:
      NGINX_SERVER_ROOT: /var/www/html/dist
    volumes:
      - ./:/var/www/html
    labels:
      - "traefik.http.routers.${PROJECT_NAME}_styleguide.rule=Host(`${PROJECT_BASE_URL}`)"

using directly the image, without re-building - it of course works.
Would you please advise me on how could I both extend, and re-use the wonderful Environment Variables of this project?

Cheers and have a nice day,
Nikolay

defaults.conf always generates 50x pages location

In theory NGINX_HIDE_50x_ERRORS allows to exclude the creation of the error handler. However, leaving empty, setting 0 "Off" or "0" still generates the location section.

What is the value that we need to put there?

This is the definition on my docker-compose.yml file

  nginx:
    image: wodby/nginx:$NGINX_TAG
    container_name: "${PROJECT_NAME}_nginx"
    depends_on:
      - php
    environment:
      NGINX_STATIC_OPEN_FILE_CACHE: "off"
      NGINX_ERROR_LOG_LEVEL: debug
      NGINX_BACKEND_HOST: php
      NGINX_SERVER_ROOT: /var/www/html/docroot
      NGINX_VHOST_PRESET: $NGINX_VHOST_PRESET
      NGINX_HIDE_50x_ERRORS:
    volumes:
      - ./docroot:/var/www/html:cached

WordPress: W3 Total Cache conflict

Howdy,

I have found a conflict between Wodby and W3 Total Cache which I believe is due to a rewrite that needs a condition in the nginx WordPress preset.
Nginx will throw a 404 when a user tries to access an HTML file that do not exist when "Browser cache" is enabled in W3 Total Cache.

It is the following configuration, added in W3's Nginx configuration, that will start the problem:

location ~ \.(html|htm|rtf|rtx|svg|txt|xsd|xsl|xml)$ {
    expires 3600s;
    etag on;
    if_modified_since exact;
    add_header Pragma "public";
    add_header Cache-Control "public";
    add_header X-Powered-By "W3 Total Cache/0.9.7.3";
}

This configuration will cause an error giving a 404 response in Nginx instead of passing the URL to the web app when a user tries to access a static html file that do not exist. See the error message below.

nginx_1    | 2019/05/10 13:18:07 [notice] 42#42: *8 "/wp-admin$" does not match "/test-test.html", client: 172.18.0.2, server: default, request: "GET /test-test.html HTTP/1.1", host: "nginx-test.localhost"
nginx_1    | 2019/05/10 13:18:07 [notice] 42#42: *8 "^/[_0-9a-zA-Z-]+(/wp-.*)" does not match "/test-test.html", client: 172.18.0.2, server: default, request: "GET /test-test.html HTTP/1.1", host: "nginx-test.localhost"
nginx_1    | 2019/05/10 13:18:07 [notice] 42#42: *8 "^/[_0-9a-zA-Z-]+(/.*\.php)$" does not match "/test-test.html", client: 172.18.0.2, server: default, request: "GET /test-test.html HTTP/1.1", host: "nginx-test.localhost"
nginx_1    | 2019/05/10 13:18:07 [notice] 42#42: *8 "/wp-admin$" does not match "/test-test.html", client: 172.18.0.2, server: default, request: "GET /test-test.html HTTP/1.1", host: "nginx-test.localhost"
nginx_1    | 2019/05/10 13:18:07 [error] 42#42: *8 open() "/var/www/html/test-test.html" failed (2: No such file or directory), client: 172.18.0.2, server: default, request: "GET /test-test.html HTTP/1.1", host: "nginx-test.localhost"
nginx_1    | 172.18.0.2 - - [10/May/2019:13:18:07 +0000] "GET /test-test.html HTTP/1.1" 404 193 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"

I'm guessing it's this rewrite rule that's the cause of the conflict: https://github.com/wodby/nginx/blob/master/templates/presets/wordpress.conf.tmpl#L109

How to reproduce:

  • Create a fresh install of WordPress with the docker4wordpress Docker stack.
  • Install W3 Total Cache plugin
  • Enable Browser cache in W3 Total Cache (or import this json settings file )
  • Add the new nginx.conf file in the root of the WordPress site (NGINX_SERVER_EXTRA_CONF_FILEPATH: /var/www/html/dev.nginx.conf)
  • Try to access a random path ending with .html (example: http://vanilla-install.localhost/unknown-path.html)
  • Nginx will now throw a 404 page without passing the URL to WordPress.

What was expected?

I expected the URL to be passed to WordPress so WordPress would be able to determine if it was an actual error or not. Right now Nginx just throws a 404 without hitting the web app.

Edit: Updated line-number in WordPress preset template.

Pagespeed: authorized and 4xx status code

We are having some trouble with pagespeed and HTTPS resources.
Example where you can see it: https://conscia.com/solutions/?PageSpeedFilters=+debug

Some of our assets do not get processed because of the following messages, when enabling pagespeed:
<!--The preceding resource was not rewritten because it is not authorized-->
<!--4xx status code, preventing rewriting of https://...-->

Looking around the internet it could be related to some of the following:
https://www.modpagespeed.com/doc/domains#mapping_origin
https://www.modpagespeed.com/doc/https_support#https_fetch

... and more unlikely something about certificates but it might be an issue based on the alpine build (we're hosted at Wodby and use Let's Encrypt certificates on the provided website):
https://www.modpagespeed.com/doc/https_support#configuring_ssl_certificates

Enable CORS for Drupal 8

Hi there,
I am using the entire Docker4Drupal stack for de-coupled Drupal development. I enabled 'CORS' in drupal services.yml and I need to enable Nginx to allow for CORS as well. By default, it uses the preset 'drupal8.conf.tmpl', how can I modify this tmpl file to enable CORS?

Thanks,

Fails when the volume is mounted readonly

I would like to mount my volume readonly but the container exits because it can't change ownership of the files.

Steps to reproduce:

$ docker run -v /home/user/www/:/var/www/html/:ro -p 8080:80 wodby/nginx:1.20

Result:

chown: /var/www/html: Read-only file system

Using container standalone isseu

I am trying to use this container in a working project, the website loads but assets arend loaded en get a 404 from drupal. I am sharing only the files dir on a volume to nginx. Is there a way to get nginx to load js and css from core modules through the webserver? At the moment it tries to send it to index.php which result in a 404

Error log location

I see the error_log location is /proc/self/fd/2 and it is not a regular file, how can I view the error log? And can I customize the location of error_log?

Help me understand how the nginx environment works

Hi there,

We got the requirement to start nginx using sudo -E nginx instead of just the default sudo nginx (= I dont provide a command at all).

I tried changing the docker command to sudo -E nginx , but it fails to come up entirely now. So I'm trying to understand how it all works.
The container runs as wodby user, where all the environment variables reside. Now the nginx is started with a regular sudo (without "-E") and it works. But how?
If all the env vars are registered in the shell the container runs as (=wodby), how does the nginx see all these env vars? Are they passed into the sudo environment somehow?
Or maybe the nginx doesnt even need the env vars since it's config is being generated out of these? But then why won't it work with sudo -E since there should be a proper config file either way. I really hope someone can help me understand, thank you!!

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.