Encourage using read-only mount for docker.sock
This commit is contained in:
parent
02bc7d2c1b
commit
6719f7636f
1 changed files with 7 additions and 7 deletions
14
README.md
14
README.md
|
@ -8,7 +8,7 @@ See [Automated Nginx Reverse Proxy for Docker][2] for why you might want to use
|
||||||
|
|
||||||
To run it:
|
To run it:
|
||||||
|
|
||||||
$ docker run -d -p 80:80 -v /var/run/docker.sock:/tmp/docker.sock jwilder/nginx-proxy
|
$ docker run -d -p 80:80 -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy
|
||||||
|
|
||||||
Then start any containers you want proxied with an env var `VIRTUAL_HOST=subdomain.youdomain.com`
|
Then start any containers you want proxied with an env var `VIRTUAL_HOST=subdomain.youdomain.com`
|
||||||
|
|
||||||
|
@ -39,7 +39,7 @@ If you would like to connect to your backend using HTTPS instead of HTTP, set `V
|
||||||
|
|
||||||
To set the default host for nginx use the env var `DEFAULT_HOST=foo.bar.com` for example
|
To set the default host for nginx use the env var `DEFAULT_HOST=foo.bar.com` for example
|
||||||
|
|
||||||
$ docker run -d -p 80:80 -e DEFAULT_HOST=foo.bar.com -v /var/run/docker.sock:/tmp/docker.sock jwilder/nginx-proxy
|
$ docker run -d -p 80:80 -e DEFAULT_HOST=foo.bar.com -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy
|
||||||
|
|
||||||
|
|
||||||
### Separate Containers
|
### Separate Containers
|
||||||
|
@ -60,7 +60,7 @@ Then start the docker-gen container with the shared volume and template:
|
||||||
|
|
||||||
```
|
```
|
||||||
$ docker run --volumes-from nginx \
|
$ docker run --volumes-from nginx \
|
||||||
-v /var/run/docker.sock:/tmp/docker.sock \
|
-v /var/run/docker.sock:/tmp/docker.sock:ro \
|
||||||
-v $(pwd):/etc/docker-gen/templates \
|
-v $(pwd):/etc/docker-gen/templates \
|
||||||
-t jwilder/docker-gen -notify-sighup nginx -watch -only-exposed /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
|
-t jwilder/docker-gen -notify-sighup nginx -watch -only-exposed /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
|
||||||
```
|
```
|
||||||
|
@ -76,7 +76,7 @@ certificates or optionally specifying a cert name (for SNI) as an environment va
|
||||||
|
|
||||||
To enable SSL:
|
To enable SSL:
|
||||||
|
|
||||||
$ docker run -d -p 80:80 -p 443:443 -v /path/to/certs:/etc/nginx/certs -v /var/run/docker.sock:/tmp/docker.sock jwilder/nginx-proxy
|
$ docker run -d -p 80:80 -p 443:443 -v /path/to/certs:/etc/nginx/certs -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy
|
||||||
|
|
||||||
The contents of `/path/to/certs` should contain the certificates and private keys for any virtual
|
The contents of `/path/to/certs` should contain the certificates and private keys for any virtual
|
||||||
hosts in use. The certificate and keys should be named after the virtual host with a `.crt` and
|
hosts in use. The certificate and keys should be named after the virtual host with a `.crt` and
|
||||||
|
@ -128,7 +128,7 @@ In order to be able to securize your virtual host, you have to create a file nam
|
||||||
$ docker run -d -p 80:80 -p 443:443 \
|
$ docker run -d -p 80:80 -p 443:443 \
|
||||||
-v /path/to/htpasswd:/etc/nginx/htpasswd \
|
-v /path/to/htpasswd:/etc/nginx/htpasswd \
|
||||||
-v /path/to/certs:/etc/nginx/certs \
|
-v /path/to/certs:/etc/nginx/certs \
|
||||||
-v /var/run/docker.sock:/tmp/docker.sock \
|
-v /var/run/docker.sock:/tmp/docker.sock:ro \
|
||||||
jwilder/nginx-proxy
|
jwilder/nginx-proxy
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -154,7 +154,7 @@ RUN { \
|
||||||
|
|
||||||
Or it can be done by mounting in your custom configuration in your `docker run` command:
|
Or it can be done by mounting in your custom configuration in your `docker run` command:
|
||||||
|
|
||||||
$ docker run -d -p 80:80 -p 443:443 -v /path/to/my_proxy.conf:/etc/nginx/conf.d/my_proxy.conf:ro -v /var/run/docker.sock:/tmp/docker.sock jwilder/nginx-proxy
|
$ docker run -d -p 80:80 -p 443:443 -v /path/to/my_proxy.conf:/etc/nginx/conf.d/my_proxy.conf:ro -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy
|
||||||
|
|
||||||
#### Per-VIRTUAL_HOST
|
#### Per-VIRTUAL_HOST
|
||||||
|
|
||||||
|
@ -164,7 +164,7 @@ In order to allow virtual hosts to be dynamically configured as backends are add
|
||||||
|
|
||||||
For example, if you have a virtual host named `app.example.com`, you could provide a custom configuration for that host as follows:
|
For example, if you have a virtual host named `app.example.com`, you could provide a custom configuration for that host as follows:
|
||||||
|
|
||||||
$ docker run -d -p 80:80 -p 443:443 -v /path/to/vhost.d:/etc/nginx/vhost.d:ro -v /var/run/docker.sock:/tmp/docker.sock jwilder/nginx-proxy
|
$ docker run -d -p 80:80 -p 443:443 -v /path/to/vhost.d:/etc/nginx/vhost.d:ro -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy
|
||||||
$ { echo 'server_tokens off;'; echo 'client_max_body_size 100m;'; } > /path/to/vhost.d/app.example.com
|
$ { echo 'server_tokens off;'; echo 'client_max_body_size 100m;'; } > /path/to/vhost.d/app.example.com
|
||||||
|
|
||||||
If you are using multiple hostnames for a single container (e.g. `VIRTUAL_HOST=example.com,www.example.com`), the virtual host configuration file must exist for each hostname. If you would like to use the same configuration for multiple virtual host names, you can use a symlink:
|
If you are using multiple hostnames for a single container (e.g. `VIRTUAL_HOST=example.com,www.example.com`), the virtual host configuration file must exist for each hostname. If you would like to use the same configuration for multiple virtual host names, you can use a symlink:
|
||||||
|
|
Reference in a new issue