A simple reverse proxy using NGINX in Docker for terminating TLS/SSL.
$ docker build -t flaccid/tls-proxy .
An example:
docker run \
-itd \
-e UPSTREAM_HOST=icanhazip.com \
-e FORCE_HTTPS=true \
-e ENABLE_HTTP2=true \
-e ENABLE_WEBSOCKET=true \
-e SELF_SIGNED=true \
-p 80:80 \
-p 443:443 \
flaccid/tls-proxy
There should be a reasonable amount of flexibility using the available variables. If not please raise an issue so your use case can be covered!
TLS_CERTIFICATE- the TLS/SSL certificate (x509), with chain if neededTLS_KEY- the TLS/SSL key (x509)SELF_SIGNED- generate and use a self-signed certificate (trueorfalse, default isfalse)SELF_SIGNED_SUBJECT- the subject DN (distinguished name) for the generated self-signed certificateFORCE_HTTPS- force (redirect plain HTTP requests) HTTPs (trueorfalse, default isfalse)SERVER_NAME- the server name to listen with (default is_which is any host name)LISTEN_PORT- listen port for the NGINX SSL port (default is443)UPSTREAM_HOST- the hostname or IP to reverse proxy to (default islocalhost)UPSTREAM_PORT- the upstream host's port (default is80)ENABLE_WEBSOCKET- enable WebSocket support i.e.ws[s]://(default isfalse)ENABLE_HTTP2- enable HTTP/2 support (default isfalse)
$ docker push flaccid/tls-proxy
- Author: Chris Fordham (chris@fordham-nagy.id.au)
Copyright 2017, Chris Fordham
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.