Standard base #84
Merged
Standard base #84
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Split apart init scripts Include dhparams Include ssl.conf Include resolver.conf generation Include worker_processes.conf generation use nginx.conf and default site config formatted like swag (formatted similar to upstream nginx)
default.conf now universally handles /app/www/public or /config/www ssl.conf now includes mozilla recommendations
This was referenced Oct 18, 2021
$host sends $http_host without the port and falls back to sending $server_name if HTTP_HOST header is empty
quietsy
reviewed
Dec 6, 2021
quietsy
reviewed
Dec 6, 2021
1 similar comment
Merged
Merged
nemchik
added a commit
to linuxserver/reverse-proxy-confs
that referenced
this pull request
Sep 8, 2022
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
!! NOTICE !!
Some of the changes listed below have been rolled back in #98
Items listed below that are NOT checked have been rolled back.
Update:
linuxserver/cstate#114
https://github.com/linuxserver/cstate/blob/master/content/issues/2022-08-20-nginx-base.md
https://info.linuxserver.io/issues/2022-08-20-nginx-base/
Standardizing all images using our alpine nginx base. More info will be recorded here soon.
Objectives:
worker_processes.confand init script to generate it in the baseresolver.confand init script to generate it in the basessl.confin the base (the same as what is currently shipped in SWAG, but adjusted to use the self-signed certs generated by the base)include /config/nginx/site-confs/*.conf;with*.confextension (rename existing user files automatically)root/migrations/01-nginx-site-confs-defaultmigrate existingdefaulttodefault.confroot/etc/cont-init.d/11-folderscreates all the folders needed in /configroot/etc/cont-init.d/12-samplesremoves existing*.samplefiles from /config/nginx and copies any included*.samplefiles from the imageroot/etc/cont-init.d/13-nginxenable required configs (nginx.conf,default.conf) if they don't exist, setup dhparams, setupresolver.conf, setupworker_processes.confroot/etc/cont-init.d/14-phpconfigure phproot/etc/cont-init.d/15-keygencreate certificates forssl.confpossibly could be overwritten downstream (ex: swag could ship a different script for certs from certbot)root/etc/cont-init.d/20-permissionsset /config permissionsroot/etc/cont-init.d/85-version-checkscheck all enabled*.conffiles against all*.samplefiles shipped with the image and alert the user about updatesdefault.conf/app/www/public/, and if that does not exist, use/config/wwwssl.conf/config/nginx/.htpasswdand apply basic auth automaticallyPATH_INFOand mitigateHTTP_PROXYvulnerabilityroot/defaults/nginx/(presented in the container as/defaults/nginx/)/defaults/nginx/are recursively copied to the user's/config/nginx/(maintaining the structure)*.sampleand all include## Version YYYY/MM/DD - Changelog: <url to repo history>used by/etc/cont-init.d/85-version-checks/config/nginx/nginx.confand/config/nginx/site-confs/default.conf) are enabled by default. Downstream images can include and/or enable others as needed (ex: SWAG will enable/config/nginx/location-confs/proxy.conf,/config/nginx/server-confs/502.confand/config/nginx/server-confs/ssl.conf)/config/nginx/context):proxy.conf(swag),authelia-location.conf(swag),ldap-location.conf(swag)ssl.conf(base and swag)502.conf(swag),authelia-server.conf(swag),ldap-server.conf(swag)/config/nginx/site-confs/*included inside thehttpcontext in/config/nginx/nginx.confdefault.conf(base or downstream images)/config/nginx/http-confs/*included inside thehttpcontext in/config/nginx/nginx.conf/config/nginx/location-confs/*included inside thelocationcontext in/config/nginx/site-confs/default.conf/config/nginx/server-confs/*included inside theservercontext in/config/nginx/site-confs/default.conf/config/nginx/subdomain-confs/*included inside thehttpcontext in/config/nginx/site-confs/default.conf(swag)/config/nginx/subfolder-confs/*included inside thehttpcontext in/config/nginx/site-confs/default.conf(swag)