{"id":13776087,"url":"https://github.com/adi90x/rancher-active-proxy","last_synced_at":"2025-05-11T08:35:04.768Z","repository":{"id":201328272,"uuid":"76635116","full_name":"adi90x/rancher-active-proxy","owner":"adi90x","description":"All in one active reverse proxy for Rancher ! For Kubernetes : https://github.com/adi90x/kube-active-proxy  ","archived":false,"fork":false,"pushed_at":"2020-04-06T19:41:55.000Z","size":383,"stargazers_count":156,"open_issues_count":25,"forks_count":55,"subscribers_count":18,"default_branch":"master","last_synced_at":"2024-11-17T11:47:49.096Z","etag":null,"topics":["activeproxy","docker","nginx-proxy","proxy","rancher","rancher-server"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/adi90x.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2016-12-16T08:14:39.000Z","updated_at":"2024-09-13T08:54:22.000Z","dependencies_parsed_at":null,"dependency_job_id":"6efbf485-8153-45d1-89f6-e5e575b7a99a","html_url":"https://github.com/adi90x/rancher-active-proxy","commit_stats":null,"previous_names":["adi90x/rancher-active-proxy"],"tags_count":23,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adi90x%2Francher-active-proxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adi90x%2Francher-active-proxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adi90x%2Francher-active-proxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adi90x%2Francher-active-proxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/adi90x","download_url":"https://codeload.github.com/adi90x/rancher-active-proxy/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253540626,"owners_count":21924522,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["activeproxy","docker","nginx-proxy","proxy","rancher","rancher-server"],"created_at":"2024-08-03T17:02:00.034Z","updated_at":"2025-05-11T08:35:04.387Z","avatar_url":"https://github.com/adi90x.png","language":"Shell","funding_links":[],"categories":["Shell","\u003ca id=\"01e6651181d405ecdcd92a452989e7e0\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"e9f97504fbd14c8bb4154bd0680e9e62\"\u003e\u003c/a\u003e反向代理"],"readme":"![nginx latest](https://img.shields.io/badge/nginx-latest-brightgreen.svg)[![build status](https://img.shields.io/gitlab/pipeline/adi90x/rancher-active-proxy/master)](https://gitlab.com/adi90x/rancher-active-proxy)  ![License MIT](https://img.shields.io/badge/license-MIT-blue.svg)   [![Docker Pulls](https://img.shields.io/docker/pulls/adi90x/rancher-active-proxy.svg)](https://hub.docker.com/r/adi90x/rancher-active-proxy/)  [![Docker Automated buil](https://img.shields.io/docker/automated/adi90x/rancher-active-proxy.svg)](https://hub.docker.com/r/adi90x/rancher-active-proxy/)\n\nIf you look for a Kubernetes version : Have a look to [Kube Active Proxy](https://github.com/adi90x/kube-active-proxy)\n\n## Rancher Active Proxy\n\nRancher Active Proxy is an all-in-one reverse proxy for [Rancher](http://rancher.com), supporting Letsencrypt out of the box !\n\nRancher Active Proxy is based on the excellent idea of [jwilder/nginx-proxy](https://github.com/jwilder/nginx-proxy).\n\nRancher Active Proxy replace docker-gen by Rancher-gen-rap [adi90x/rancher-gen-rap](https://github.com/adi90x/rancher-gen-rap) ( a fork of the also excellent [janeczku/go-rancher-gen](https://github.com/janeczku/go-rancher-gen) adding some more function )\n\nRancher Active Proxy use label instead of environmental value.\n\nI would recommend to use latest image from DockerHub or you can use tag versions. Keep in mind that branch are mostly development features and could not work as expected.\n\n### Easy Setup with catalog\n\nAdd `https://github.com/adi90x/rancher-active-proxy.git` to your custom catalog list( Rancher \u003e Admin \u003e Settings ).\n\nThen go to catalog and install Rancher Active Proxy !\n\n### Usage\n\nMinimal Params To run it:\n\n    $ docker run -d -p 80:80  adi90x/rancher-active-proxy\n\nThen start any containers you want proxied with a label `rap.host=subdomain.youdomain.com`\n\n    $ docker run -l rap.host=foo.bar.com  ...\n\nThe containers being proxied must [expose](https://docs.docker.com/engine/reference/run/#expose-incoming-ports) the port to be proxied, either by using the `EXPOSE` directive in their `Dockerfile` or by using the `--expose` flag to `docker run` or `docker create`.\n\nProvided your DNS is setup to forward foo.bar.com to the a host running `rancher-active-proxy`, the request will be routed to a container with the `rap.host` label set.\n\n#### Summary of available labels for proxied containers.\n\n\n|       Label                |            Description         |\n| ---------------------------|------------------------------- |\n| `rap.host`                 | Virtual host to use ( several value could be separate by `,` )\n| `rap.port`                 | Port of the container to use ( only needed if several port are exposed ). Default `Expose Port` or `80`\n| `rap.proto`                | Protocol used to contact container ( http,https,uwsgi ). Default : `http`\n| `rap.timeout`              | Timeout for reading from this container ( in seconds ). Default : nginx default (60s)\n| `rap.cert_name`            | Certificate name to use for the virtual host. Default `rap.host`\n| `rap.https_method`         | Https method (redirect, noredirect, nohttps). Default : `redirect`\n| `rap.le_host`              | Certificate to create/renew with Letsencrypt\n| `rap.le_email`             | Email to use for Letsencrypt\n| `rap.le_test  `            | Set to true to use stagging letsencrypt server\n| `rap.le_bypass`            | Set to true to create a special bypass to use LE\n| `rap.http_listen_ports`    | External Port you want Rancher-Active-Proxy to listen to http for this server ( Default : `80` )\n| `rap.https_listen_ports`   | External Port you want Rancher-Active-Proxy to listen to https for this server ( Default : `443` )\n| `rap.server_tokens`    \t | Enable to specify the server_token value per container\n| `rap.client_max_body_size` | Enable to specify the client_max_body_size directive per container\n| `rap.rap_name`             | If `RAP_NAME` is specified for a RAP instance only container with label value matching `RAP_NAME` value will be publish\n\n#### Summary of environment variable available for Rancher Active Proxy.\n\n|       Label        |            Description         |\n| ------------------ | ------------------------------ |\n| `DEBUG`            | Set to `true` to enable more output. Default : `False`\n| `CRON`             | Cron like expression to define when certs are renew. Default : `0 2 * * *`\n| `DEFAULT_HOST`     | Default Nginx host.\n| `DEFAULT_EMAIL`    | Default Email for Letsencrypt.\n| `RAP_DEBUG` \t\t | Define Rancher-Gen-Rap verbosity (Valid values: \"debug\", \"info\", \"warn\", and \"error\"). Default: `info`\n| `DEFAULT_PORT` \t | Default port use for containers ( Default : `80` )\n| `SPECIFIC_HOST` \t | Limit RAP to only containers of a specific host name\n| `RAP_NAME` \t     | If specify RAP will only publish service with `rap.rap_name = RAP_NAME`\n| `ACME_INTERNAL` \t | Enable passing ACME request to another RAP instance ( check PR #48)\n\n#### Quick Summary of interesting volume to mount.\n\n|       Path            |            Description         |\n| --------------------- | ------------------------------ |\n| `/etc/letsencrypt`    | Folder with all certificates used for https and Letsencrypt parameters\n| `/etc/nginx/htpasswd` | Basic Authentication Support ( file should be `rap.host`)\n| `/etc/nginx/vhost.d`  | Specifc vhost configuration ( file should be `rap.host`) . Location configuration should end with `_location`\n\n#### Special Attention for standalone containers\n\nRancher Active Proxy is also able to work for standalone containers on the host it is launched.\n\nThere is only one limit to this : You should not use the same host name ( `rap.host` label ) for a standalone container and for a service.\n\nThis feature even enables you to proxy rancher-server, just start it with something like that :\n\n`docker run -d --restart=unless-stopped -p 8080:8080 --name=rancher-server -l rap.host=admin.foo.com -l rap.port=8080 -l rap.le_host=admin.foo.com -l  rap.le_email=foo@bar.com -l io.rancher.container.pull_image=always rancher/server`\n\nIn this case `admin.foo.com` will enable you to acces rancher administration, but it is better to keep port 8080 exposed and use `http://foo.com:8080` as the host registration URL.\n\n#### Let's Encrypt support out of box\n\nRancher Active Proxy is using `certbot` from Let's Encrypt in order to automatically get SSL certificates for containers.\n\nIn order to enable that feature you need to add `rap.le_host` label to the container ( you probably want it to be equal to `rap.host`)\n\nAnd you should either start Rancher Active Proxy with environment variable `DEFAULT_EMAIL` or specify `rap.le_email` as a container label.\n\nIf you are developing I recommend to add `rap.le_test=true` to the container in order to use Let's Encrypt staging environment and to not exceed limits.\n\n#### SAN certificates\n\nRancher Active Proxy support SAN certifcates ( one certificate for several domains ).\n\nTo create a SAN certificate you need to separate hostnames with \";\" ( instead of \",\" for separate domains)\n\n`rap.le_host=admin.foo.com;api.foo.com;mail.foo.com`\n\nThis will create a single certificate matching : admin.foo.com, api.foo.com, mail.foo.com .\nThe certificate created will be named `admin.foo.com` but symlink will be create to match all domains.\n\n\n### Multiple Ports\n\nIf your container exposes multiple ports, Rancher Active Proxy will use `rap.port` label, then use the exposed port if there is only one port exposed, or default to `DEFAULT_PORT` environmental variable ( which is set by default to `80` ).\nOr you can try your hand at the [Advanced `rap.host` syntax](#advanced-raphost-syntax).\n\n### Special ByPass for Let's Encrypt\n\nIf your container uses its own letsencrypt process to get some certificates\nSet `rap.le_bypass` to `true` to add a location to the http server block to forward `/.well-known/acme-certificate/` to upstream through http instead of redirecting it to https\n\n### Advanced `rap.host` syntax\n\nUsing the Advanced `rap.host` syntax you can specify multiple host names to each go to their own backend port.\nBasically this provides support for `rap.host`, `rap.port`, and `rap.proto` all in one field.\n\nFor example, given the following:\n\n```\nrap.host=api.example.com=\u003ehttp:80,api-admin.example.com=\u003ehttp:8001,secure.example.com=\u003ehttps:8443\n```\n\nThis would yield 3 different server/upstream configurations...\n\n 1. Requests for api.example.com would route to this container's port 80 via http\n 2. Requests for api-admin.example.com would route to this containers port 8001 via http\n 3. Requests for secure.example.com would route to this containers port 8443 via https\n\n\n### Multiple Listening Port\n\nIf needed you can use Rancher-Active-Proxy to listen for different ports.\n\n`docker run -d -p 8081:8081 -p 81:81  adi90x/rancher-active-proxy`\n\nIn this case, you can specify on which port Rancher Active Proxy should listen for a specific hostname :\n\n`docker run -d -l rap.host=foo.bar.com -l rap.http_listen_ports=\"81,8081\" -l rap.port=\"53\" containerexposing/port53`\n\nIn this situation Rancher Active Proxy will listen for request matching `rap.host` on both port `81` and `8081` of your host\nand route those request to port `53` of your container.\n\nLikewise, `rap.https_listen_ports` will work for https requests.\n\nIf you are not using port `80` and `443` at all you won't be able to use Let's Encrypt Automatic certificates.\n\n### Specific Host Name\n\nUsing environmental value `SPECIFIC_HOST` you can limit Rancher Active Proxy to containers running on a single host.\n\nJust start Rancher Active Proxy like that : `docker run -d -p 80:80 -e SPECIFIC_HOST=Hostnameofthehost adi90x/rancher-active-proxy`\n\n### Remove Script\n\nRancher Active Proxy provides an easy script to revoke/delete a certificate.\n\nYou can run it : `docker run adi90x/rancher-active-proxy /app/remove DomainCertToRemove`\n\nScript is adding '*' at the end of the command therefore `/app/remove foo` will delete `foo.bar.com , foo.bar.org, foo.bar2.com ..`\n\n_Special attention_: If you are using it with SAN certificates you need to be careful and run it for each domain in the SAN certificate.\n\nDo not forget to delete the label on the container before using that script or it will be recreated on next update.\n\nIf you are starting it with Rancher do not forget to set Auto Restart : Never (Start Once)\n\n### Per-host server configuration\n\nIf you want to 100% personalize your server section on a per-`rap.host` basis, add your server configuration in a file under `/etc/nginx/vhost.d`\nThe file should use the suffix `_server`.\n\nFor example, if you have a virtual host named `app.example.com` and you have configured a proxy_cache `my-cache` in another custom file, you could tell it to use a proxy cache as follows:\n\n    $ docker run -d -p 80:80 -p 443:443 -v /path/to/vhost.d:/etc/nginx/vhost.d:ro adi90x/rancher-active-proxy\n\nYou should therefore have a file `app.example.com_server` in the `/etc/nginx/vhost.d` folder that contains the whole server block you want to use :\n\n```\nserver {\n        server_name app.example.com\n        listen 80;\n        access_log /var/log/nginx/access.log vhost;\n\n        location / {\n                proxy_pass http://app.example.com;\n        }\n}\n\n```\n\nIf you are using multiple hostnames for a single container (e.g. `rap.host=example.com,www.example.com`), the virtual host configuration file must exist for each hostname.\nIf you would like to use the same configuration for multiple virtual host names, you can use a symlink.\n\n### Per-host server default configuration\n\nIf you want most of your virtual hosts to use a default single `server` block configuration and then override it on a few specific ones, add a `/etc/nginx/vhost.d/default_server` file.\nThis file will be used on any virtual host which does not have a `/etc/nginx/vhost.d/{rap.host}_server` file associated with it.\n\n### Limit RAP to some containers\n\nIf you want a RAP instance to only publish some specific containers/services, you can start the RAP container with environment variable `RAP_NAME = example`\nIn that situation, all containers to be published by this instance of RAP should have a label `rap.rap_name = example`\nIf a container should be published by several RAP instances just use a label matching regex like `rap.rap_name = internal,external` to be published by RAP instance named `internal` or `external`\n\n***\n\nThe below part is mostly taken from jwilder/nginx-proxy [README](https://github.com/jwilder/nginx-proxy/blob/master/README.md) and modified to reflect Rancher Active Proxy\n\n### Multiple Hosts\n\nIf you need to support multiple virtual hosts for a container, you can separate each entry with commas.  For example, `foo.bar.com,baz.bar.com,bar.com` and each host will be setup the same.\n\n### Wildcard Hosts\n\nYou can also use wildcards at the beginning and the end of host name, like `*.bar.com` or `foo.bar.*`. Or even a regular expression, which can be very useful in conjunction with a wildcard DNS service like [xip.io](http://xip.io), using `~^foo\\.bar\\..*\\.xip\\.io` will match `foo.bar.127.0.0.1.xip.io`, `foo.bar.10.0.2.2.xip.io` and all other given IPs. More information about this topic can be found in the nginx documentation about [`server_names`](http://nginx.org/en/docs/http/server_names.html).\n\n### SSL Backends\n\nIf you would like the reverse proxy to connect to your backend using HTTPS instead of HTTP\nset `rap.proto=https` on the backend container.\n\n### uWSGI Backends\n\nIf you would like to connect to uWSGI backend, set `rap.proto=uwsgi` on the backend container.\nYour backend container should than listen on a port rather than a socket and expose that port.\n\n### Default Host\n\nTo set the default host for nginx use the env var `DEFAULT_HOST=foo.bar.com` for example :\n\n    $ docker run -d -p 80:80 -e DEFAULT_HOST=foo.bar.com adi90x/rancher-active-proxy\n\n### SSL Support\n\nSSL is supported using single host, wildcard and SNI certificates using naming conventions for certificates\nor optionally specifying a cert name (for SNI) as an environment variable.\n\nTo enable SSL:\n\n    $ docker run -d -p 80:80 -p 443:443 -v /path/to/certs:/etc/nginx/certs  adi90x/rancher-active-proxy\n\nThe contents of `/path/to/certs` should contain the certificates and private keys for any virtual\nhosts in use.  The certificate and keys should be named after the virtual host with a `.crt` and\n`.key` extension.  For example, a container with label `rap.host=foo.bar.com` should have a\n`foo.bar.com.crt` and `foo.bar.com.key` file in the certs directory.\n\nIf you are running the container in a virtualized environment (Hyper-V, VirtualBox, etc...),\n`/path/to/certs` must exist in that environment or be made accessible to that environment.\nBy default, Docker is not able to mount directories on the host machine to containers running in a virtual machine.\n\n### Diffie-Hellman Groups\n\nIf you have Diffie-Hellman groups enabled, the files should be named after the virtual host with a\n`dhparam` suffix and `.pem` extension. For example, a container with `rap.host=foo.bar.com`\nshould have a `foo.bar.com.dhparam.pem` file in the certs directory.\n\n### Wildcard Certificates\n\nWildcard certificates and keys should be named after the domain name with a `.crt` and `.key` extension.\nFor example `rap.host=foo.bar.com` would use cert name `bar.com.crt` and `bar.com.key`.\n\n### SNI\n\nIf your certificate(s) supports multiple domain names, you can start a container with `rap.cert_name=\u003cname\u003e`\nto identify the certificate to be used.  For example, a certificate for `*.foo.com` and `*.bar.com`\ncould be named `shared.crt` and `shared.key`.  A container running with `rap.host=foo.bar.com`\nand `rap.cert_name=shared` will then use this shared cert.\n\n### How SSL Support Works\n\nThe SSL cipher configuration is based on [mozilla nginx intermediate profile](https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx) which\nshould provide compatibility with clients back to Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1,\nWindows XP IE8, Android 2.3, Java 7.  The configuration also enables HSTS, and SSL\nsession caches.\n\nThe default behavior for the proxy when port 80 and 443 are exposed is as follows:\n\n* If a container has a usable cert, port 80 will redirect to 443 for that container so that HTTPS\nis always preferred when available.\n* If the container does not have a usable cert, a 503 will be returned.\n\nNote that in the latter case, a browser may get an connection error as no certificate is available\nto establish a connection.  A self-signed or generic cert named `default.crt` and `default.key`\nwill allow a client browser to make a SSL connection (likely w/ a warning) and subsequently receive\na 503.\n\nTo serve traffic in both SSL and non-SSL modes without redirecting to SSL, you can include the\nlabel  `rap.https_method=noredirect` (the default is `rap.https_method=redirect`).  You can also\ndisable the non-SSL site entirely with `rap.https_method=nohttp`. `rap.https_method` must be specified\non each container for which you want to override the default behavior.  If `rap.https_method=noredirect` is\nused, Strict Transport Security (HSTS) is disabled to prevent HTTPS users from being redirected by the\nclient.  If you cannot get to the HTTP site after changing this setting, your browser has probably cached\nthe HSTS policy and is automatically redirecting you back to HTTPS.  You will need to clear your browser's\nHSTS cache or use an incognito window / different browser.\n\n### Basic Authentication Support\n\nIn order to be able to secure your virtual host, you have to create a file named as its equivalent `rap.host` label on directory\n/etc/nginx/htpasswd/`rap.host`\n\n```\n$ docker run -d -p 80:80 -p 443:443 \\\n    -v /path/to/htpasswd:/etc/nginx/htpasswd \\\n    -v /path/to/certs:/etc/nginx/certs \\\n    adi90x/rancher-active-proxy\n```\n\nYou'll need apache2-utils on the machine where you plan to create the htpasswd file.\nOr you can use an nginx container to create the file ( using OpenSSL as explained in [Nginx Readme](http://wiki.nginx.org/Faq#How_do_I_generate_an_.htpasswd_file_without_having_Apache_tools_installed.3F) )\n\n`docker run -it nginx printf \"Username_to_use:$(openssl passwd -crypt Password_to_use)\\n\" \u003e\u003e /path/to/htpasswd/{rap.host}`\n\nA default htpasswd can be used to secure all hosts using this proxy. Good for development environments to keep prying eyes out. To use, create the htpasswd file named 'default' here: `/etc/nginx/htpasswd/default`.\n\n### Custom Nginx Configuration\n\nIf you need to configure Nginx beyond what is possible using environment variables, you can provide custom configuration files on either a proxy-wide or per-`rap.host` basis.\n\n### Replacing default proxy settings\n\nIf you want to replace the default proxy settings for the nginx container, add a configuration file at `/etc/nginx/proxy.conf`. A file with the default settings would\nlook like this:\n\n```Nginx\n# HTTP 1.1 support\nproxy_http_version 1.1;\nproxy_buffering off;\nproxy_set_header Host $http_host;\nproxy_set_header Upgrade $http_upgrade;\nproxy_set_header Connection $proxy_connection;\nproxy_set_header X-Real-IP $remote_addr;\nproxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\nproxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;\nproxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;\n\n# Mitigate httpoxy attack (see README for details)\nproxy_set_header Proxy \"\";\n```\n\n***NOTE***: If you provide this file it will replace the defaults; you may want to check the nginx.tmpl file to make sure you have all of the needed options.\n\n***NOTE***: The default configuration blocks the `Proxy` HTTP request header from being sent to downstream servers.  This prevents attackers from using the so-called [httpoxy attack](http://httpoxy.org).  There is no legitimate reason for a client to send this header, and there are many vulnerable languages / platforms (`CVE-2016-5385`, `CVE-2016-5386`, `CVE-2016-5387`, `CVE-2016-5388`, `CVE-2016-1000109`, `CVE-2016-1000110`, `CERT-VU#797896`).\n\n### Proxy-wide\n\nTo add settings on a proxy-wide basis, add your configuration file under `/etc/nginx/conf.d` using a name ending in `.conf`.\n\nThis can be done in a derived image by creating the file in a `RUN` command or by `COPY`ing the file into `conf.d`:\n\n```Dockerfile\nFROM adi90x/rancher-active-proxy\nRUN { \\\n      echo 'server_tokens off;'; \\\n      echo 'client_max_body_size 100m;'; \\\n    } \u003e /etc/nginx/conf.d/my_proxy.conf\n```\n\nOr it can be done by mounting in your custom configuration in your `docker run` command:\n\n    $ docker run -d -p 80:80 -p 443:443 -v /path/to/my_proxy.conf:/etc/nginx/conf.d/my_proxy.conf:ro adi90x/rancher-active-proxy\n\n### Per-VIRTUAL_HOST\n\nTo add settings on a per-`rap.host` basis, add your configuration file under `/etc/nginx/vhost.d`. Unlike in the proxy-wide case, which allows multiple config files with any name ending in `.conf`, the per-`rap.host` file must be named exactly after the `rap.host`.\n\nIn order to allow virtual hosts to be dynamically configured as backends are added and removed, it makes the most sense to mount an external directory as `/etc/nginx/vhost.d` as opposed to using derived images or mounting individual configuration files.\n\nFor example, if you have a virtual host named `app.example.com`, you could provide a custom configuration for that host as follows:\n\n    $ docker run -d -p 80:80 -p 443:443 -v /path/to/vhost.d:/etc/nginx/vhost.d:ro adi90x/rancher-active-proxy\n    $ { echo 'server_tokens off;'; echo 'client_max_body_size 100m;'; } \u003e /path/to/vhost.d/app.example.com\n\nIf you are using multiple hostnames for a single container (e.g. `rap.host=example.com,www.example.com`), the virtual host configuration file must exist for each hostname. If you would like to use the same configuration for multiple virtual host names, you can use a symlink:\n\n    $ { echo 'server_tokens off;'; echo 'client_max_body_size 100m;'; } \u003e /path/to/vhost.d/www.example.com\n    $ ln -s /path/to/vhost.d/www.example.com /path/to/vhost.d/example.com\n\n### Per-VIRTUAL_HOST default configuration\n\nIf you want most of your virtual hosts to use a default single configuration and then override on a few specific ones, add those settings to the `/etc/nginx/vhost.d/default` file. This file\nwill be used on any virtual host which does not have a `/etc/nginx/vhost.d/{rap.host}` file associated with it.\n\n### Per-VIRTUAL_HOST location configuration\n\nTo add settings to the \"location\" block on a per-`rap.host` basis, add your configuration file under `/etc/nginx/vhost.d`\njust like the previous section except with the suffix `_location`.\n\nFor example, if you have a virtual host named `app.example.com` and you have configured a proxy_cache `my-cache` in another custom file, you could tell it to use a proxy cache as follows:\n\n    $ docker run -d -p 80:80 -p 443:443 -v /path/to/vhost.d:/etc/nginx/vhost.d:ro adi90x/rancher-active-proxy\n    $ { echo 'proxy_cache my-cache;'; echo 'proxy_cache_valid  200 302  60m;'; echo 'proxy_cache_valid  404 1m;' } \u003e /path/to/vhost.d/app.example.com_location\n\nIf you are using multiple hostnames for a single container (e.g. `rap.host=example.com,www.example.com`), the virtual host configuration file must exist for each hostname. If you would like to use the same configuration for multiple virtual host names, you can use a symlink:\n\n    $ { echo 'proxy_cache my-cache;'; echo 'proxy_cache_valid  200 302  60m;'; echo 'proxy_cache_valid  404 1m;' } \u003e /path/to/vhost.d/app.example.com_location\n    $ ln -s /path/to/vhost.d/www.example.com /path/to/vhost.d/example.com\n\n### Per-VIRTUAL_HOST location default configuration\n\nIf you want most of your virtual hosts to use a default single `location` block configuration and then override on a few specific ones, add those settings to the `/etc/nginx/vhost.d/default_location` file. This file\nwill be used on any virtual host which does not have a `/etc/nginx/vhost.d/{rap.host}` file associated with it.\n\n## Contributing\n\nDo not hesitate to send issues or pull requests !\n\nAutomated Gitlab CI is used to build Rancher Active Proxy therefore send any pull request/issues to [Rancher Active Proxy on Gitlab.com](https://gitlab.com/adi90x/rancher-active-proxy/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadi90x%2Francher-active-proxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fadi90x%2Francher-active-proxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadi90x%2Francher-active-proxy/lists"}