Skip to content

Instantly share code, notes, and snippets.

@jpbriend

jpbriend/Dockerfile

Created July 28, 2015 13:58
Show Gist options
  • Save jpbriend/4cce33e92d17919c4e87 to your computer and use it in GitHub Desktop.
Save jpbriend/4cce33e92d17919c4e87 to your computer and use it in GitHub Desktop.
Download ZIP
Dockerfile Nginx reverse-proxy with SSL and SPDY support
Raw
Dockerfile
FROM debian:jessie
MAINTAINER Jean-Philippe Briend <[email protected]> (@jpbriend)
ENV NGINX_VERSION 1.9.3
# Install dependency packages
RUN apt-get update && \
apt-get install -y \
curl \
make \
gcc \
libssl-dev \
libpcre3 \
libpcre3-dev \
libssl-dev
# Fetch and unarchive nginx source
RUN curl -L http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz > /tmp/nginx-${NGINX_VERSION}.tar.gz && \
cd /tmp && \
tar zxf nginx-${NGINX_VERSION}.tar.gz
# Compile nginx
RUN cd /tmp/nginx-${NGINX_VERSION} && \
./configure \
--prefix=/opt/nginx \
--conf-path=/etc/nginx/nginx.conf \
--sbin-path=/opt/nginx/sbin/nginx \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--with-pcre \
--with-http_spdy_module \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_stub_status_module \
--with-mail \
--with-mail_ssl_module && \
make && \
make install && \
rm -rf /tmp/*
RUN mkdir -p /etc/nginx && \
mkdir -p /var/run && \
mkdir -p /etc/nginx/conf.d
# forward request and error logs to docker log collector
RUN ln -sf /dev/stdout /var/log/nginx/access.log
RUN ln -sf /dev/stderr /var/log/nginx/error.log
# Add config files
COPY files/nginx.conf /etc/nginx/nginx.conf
COPY files/ssl/* /etc/nginx/ssl/
EXPOSE 80 443
CMD ["/opt/nginx/sbin/nginx", "-g", "daemon off;"]
Raw
nginx.conf
#Global parameters
worker_processes 4 ;
events {
worker_connections 1024;
multi_accept on;
use epoll;
}
http {
##################### Protocole Configuration #####################
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 15;
gzip on;
gzip_types text/css application/javascript text/plain text/javascript;
##################### !Protocole Configuration #####################
##################### UPSTREAM SERVERS #####################
#Keep Alive on SSL connections
upstream proxified_server {
server 192.168.0.1:80;
keepalive 32;
}
##################### !UPSTREAM SERVERS #####################
server {
##################### SERVER CONFIGURATION #####################
listen 443 ssl spdy;
ssl_certificate ssl/cert.pem;
ssl_certificate_key ssl/cert.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_verify_client off;
proxy_ssl_session_reuse on;
##################### !SERVER CONFIGURATION #####################
##################### HEADER REWRITING #####################
#Proxy server configurations
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Connection "Keep-Alive";
proxy_hide_header X-Powered-By;
proxy_hide_header Pragma;
proxy_intercept_errors on;
proxy_ignore_client_abort on;
##################### !HEADER REWRITING #####################
location / {
##################### PROXY CONFIGURATION #####################
proxy_pass http://proxified_server;
proxy_redirect off;
proxy_buffering off;
#proxy_buffer_size 128k;
#proxy_buffers 100 128k;
proxy_http_version 1.1;
proxy_set_header Connection "";
add_header Spdy-version $spdy always; # Used to check if your connection has been spdyfied
##################### !PROXY CONFIGURATION #####################
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment