mirror of
https://github.com/ledgersmb/ledgersmb-docker.git
synced 2025-08-20 15:47:24 -04:00
62e773da73
* feat: provide image with nginx * Re-use parent container configuration and startup scripts * Rewrite proxy Dockerfile: * ARCH used to be hard-coded; is now set according to the architecture being built * Build from the associated LedgerSMB base image (not from 'lsmb-split') * More deletion of non-required files (/usr/share/doc/*) * Fewer layers by combining RUN commands * Use 'server-start' script generated by the installer instead of repeating ourselves * Don't expose the status module It won't be accessible anyway: the localhost address is the one inside the container... * Ensure relative redirects When the container port :80 is exposed as :8080 on the host, nginx redirects to http://localhost:80/login.pl with a relative path, instead of http://localhost:8080/login.pl; the container isn't bound to :80, so that request fails... * Rename proxy layer image * Adjust 'build' script to publish base and regular images --------- Co-authored-by: Walid Mujahid <walidmujahid@gmail.com>
82 lines
1.9 KiB
Nginx Configuration File
82 lines
1.9 KiB
Nginx Configuration File
# This is a full (minimal) nginx configuration file
|
|
|
|
error_log /dev/stderr info;
|
|
pid /tmp/nginx.pid;
|
|
worker_processes 1;
|
|
|
|
events {
|
|
worker_connections 1024;
|
|
}
|
|
|
|
http {
|
|
client_body_temp_path /tmp/client_body;
|
|
proxy_temp_path /tmp/proxy_temp;
|
|
fastcgi_temp_path /tmp/fastcgi_temp;
|
|
scgi_temp_path /tmp/scgi_temp;
|
|
uwsgi_temp_path /tmp/uwsgi_temp;
|
|
|
|
sendfile on;
|
|
tcp_nopush on;
|
|
tcp_nodelay on;
|
|
keepalive_timeout 65;
|
|
types_hash_max_size 2048;
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
access_log /dev/stdout;
|
|
error_log /dev/stderr info;
|
|
|
|
gzip off;
|
|
gzip_static on;
|
|
|
|
server {
|
|
listen 8080 default_server;
|
|
listen [::]:8080 default_server ipv6only=on;
|
|
|
|
root /srv/ledgersmb/UI;
|
|
|
|
access_log /dev/stdout;
|
|
error_log /dev/stderr info;
|
|
|
|
# Don't log status polls
|
|
location /nginx_status {
|
|
stub_status on;
|
|
access_log off;
|
|
allow 127.0.0.1;
|
|
allow ::1;
|
|
deny all;
|
|
}
|
|
|
|
# Configuration files don't exist
|
|
location ^~ \.conf$ {
|
|
return 404;
|
|
}
|
|
|
|
# 'Hidden' files don't exist
|
|
location ~ /\. {
|
|
return 404;
|
|
}
|
|
|
|
location = / {
|
|
return 301 /login.pl;
|
|
}
|
|
|
|
# JS & CSS
|
|
location ~* \.(js|css)$ {
|
|
add_header Pragma "public";
|
|
add_header Cache-Control "public, must-revalidate, proxy-revalidate"; # Production
|
|
expires 7d; # Indicate that the resource can be cached for 1 week # Production
|
|
try_files $uri =404;
|
|
}
|
|
|
|
location / {
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_read_timeout 300;
|
|
proxy_pass http://lsmb:5762;
|
|
}
|
|
}
|
|
}
|