{"id":16368307,"url":"https://github.com/bfren/docker-nginx-proxy","last_synced_at":"2026-03-01T18:02:48.022Z","repository":{"id":37041711,"uuid":"313528578","full_name":"bfren/docker-nginx-proxy","owner":"bfren","description":"Docker Nginx Proxy image.","archived":false,"fork":false,"pushed_at":"2026-01-20T19:51:33.000Z","size":507,"stargazers_count":2,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-01-21T04:46:11.855Z","etag":null,"topics":["docker-image","docker-nginx-proxy","getssl","lets-encrypt","nginx"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bfren.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"bfren","patreon":"bfren"}},"created_at":"2020-11-17T06:34:36.000Z","updated_at":"2025-11-07T12:07:02.000Z","dependencies_parsed_at":"2024-07-30T19:29:24.491Z","dependency_job_id":"81fc9b15-04f4-4cbf-a9c0-8c15be3bf9ba","html_url":"https://github.com/bfren/docker-nginx-proxy","commit_stats":null,"previous_names":[],"tags_count":160,"template":false,"template_full_name":null,"purl":"pkg:github/bfren/docker-nginx-proxy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bfren%2Fdocker-nginx-proxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bfren%2Fdocker-nginx-proxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bfren%2Fdocker-nginx-proxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bfren%2Fdocker-nginx-proxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bfren","download_url":"https://codeload.github.com/bfren/docker-nginx-proxy/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bfren%2Fdocker-nginx-proxy/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29977966,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-01T16:35:47.903Z","status":"ssl_error","status_checked_at":"2026-03-01T16:35:44.899Z","response_time":124,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker-image","docker-nginx-proxy","getssl","lets-encrypt","nginx"],"created_at":"2024-10-11T02:52:23.527Z","updated_at":"2026-03-01T18:02:47.990Z","avatar_url":"https://github.com/bfren.png","language":"Shell","funding_links":["https://github.com/sponsors/bfren","https://patreon.com/bfren"],"categories":[],"sub_categories":[],"readme":"# Docker Nginx Proxy\n\n![GitHub release (latest by date)](https://img.shields.io/github/v/release/bfren/docker-nginx-proxy) ![Docker Pulls](https://img.shields.io/endpoint?url=https%3A%2F%2Fbfren.dev%2Fdocker%2Fpulls%2Fnginx-proxy) ![Docker Image Size](https://img.shields.io/endpoint?url=https%3A%2F%2Fbfren.dev%2Fdocker%2Fsize%2Fnginx-proxy) ![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/bfren/docker-nginx-proxy/dev.yml?branch=main)\n\n[Docker Repository](https://hub.docker.com/r/bfren/nginx-proxy) - [bfren ecosystem](https://github.com/bfren/docker)\n\nNginx Proxy which uses [getssl](https://github.com/srvrco/getssl) to automate requesting and renewing SSL certificates via Let's Encrypt. Certificates are checked for renewal every day - the last check can be viewed in the `/ssl` volume. Also includes [NAXSI](https://github.com/nbs-system/naxsi), a web application firewall.\n\nAs of v4, configuration is handled via a JSON file - see ssl-conf-sample.json for an example and ssl-conf-schema.json for the full file definition.\n\n## Contents\n\n* [Ports](#ports)\n* [Volumes](#volumes)\n* [Environment Variables](#environment-variables)\n* [Helper Functions](#helper-functions)\n* [Nginx Configuration Helpers](#nginx-configuration-helpers)\n* [Licence / Copyright](#licence)\n\n## Ports\n\nFor SSL certificate requests to work correctly, ports 80 and 443 need mapping from the host to your proxy container, e.g. adding `\"0.0.0.0:80:80\"` to the ports section of your docker compose file.\n\n* 80 (from base image)\n* 443\n\n## Volumes\n\n| Volume | Purpose |\n| -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n| `/www` | *From base image.* |\n| `/sites` | Nginx site configuration, auto-generated on first run based on `conf.json`. After they are generated, you can alter them to suit their needs. Running `nginx-regenerate` will wipe them all and start again. |\n| `/ssl` | Contains auto-generated SSL configuration and certificates (for backup purposes). Your `conf.json` file should be stored in here for auto-configuration (see `ssl-conf-sample.json`). Certificate update log (`update.log`) will be created here daily. |\n\n## Environment Variables\n\n| Variable | Values | Description | Default |\n| ------------------------------------- | --------------------- | --------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- |\n| `PROXY_AUTO_PRIMARY` | URI | If set (along with PROXY_AUTO_UPSTREAM) SSL config will be generated on first startup. | *None* |\n| `PROXY_AUTO_UPSTREAM` | URI | If set (along with PROXY_AUTO_PRIMARY) SSL config will be generated on first startup. | *None* |\n| `PROXY_AUTO_ALIASES` | string of URIs | Add aliases to the auto-generated conf.json on first startup. | *None* |\n| `PROXY_AUTO_CUSTOM` | 0 or 1 | Mark the auto-generated SSL config to 'custom' so the Nginx configuration is not regenerated on startup. | 0 |\n| `PROXY_CLEAN_INSTALL` | 0 or 1 | If 1, all Nginx and SSL configuration and certificates will be deleted and regenerated. | 0 |\n| `PROXY_DOMAIN` | URI | The base domain of the proxy server - will be used to handle unbound requests. | *None* - **required** |\n| `PROXY_ENABLE_NAXSI` | 0 or 1 | If 1, NAXSI web application firewall will be enabled for all sites. | 0 |\n| `PROXY_GETSSL_SKIP_HTTP_TOKEN_CHECK` | true or false | Set to true to enable `getssl`'s [skip HTTP token check](https://github.com/srvrco/getssl/wiki/Config-variables#skip_http_token_checkfalse). | false |\n| `PROXY_HARDEN` | 0 or 1 | If 1, only modern SSL ciphers and protocols will be enabled (some older devices may not be able to access it). | 0 |\n| `PROXY_LETS_ENCRYPT_EMAIL` | A valid email address | Used by Lets Encrypt for notification emails. | *None* - **required** |\n| `PROXY_LETS_ENCRYPT_LIVE` | 0 or 1 | Only set to 1 (to request live certificates) when your config is correct - Lets Encrypt rate limit certificate requests. | 0 |\n| `PROXY_MAINTENANCE_REFRESH_SECONDS` | A valid integer | The number of seconds to count down before the maintenance page auto-refreshes. | 6 |\n| `PROXY_SSL_DHPARAM_BITS` | A valid integer | The size of your DHPARAM variables - adjust down only if you have limited processing resources. | 4096 |\n| `PROXY_SSL_REDIRECT_TO_CANONICAL` | 0 or 1 | If 1, all requests will be redirected to the primary domain (defined in `conf.json`). | 0 |\n| `PROXY_UPSTREAM_DNS_RESOLVER` | IP address | Upstream DNS resolver - set to Docker's by default. | 127.0.0.11 |\n\n## Helper Functions\n\n| Function | Arguments | Description |\n| --------------------- | --------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- |\n| `nginx-adduser` | 0: username, 1: password | Add a user to enable basic HTTP auth. |\n| `nginx-regenerate` | -a: all domains, -d XXXXXX: only domain XXXXXX, -f: force | Removes non-custom Nginx configuration files (in `/sites`) and regenerates based on `conf.json` (with force, removes all). |\n| `ssl-cleanup` | -m: mode | Removes SSL and Nginx configuration files and directories not defined in `conf.json` (mode 0 = dry run, 1 = live). |\n| `ssl-init` | -a: all domains, -d XXXXXX: only domain XXXXXX | Initialises SSL configuration based on `conf.json`. |\n| `ssl-regenerate` | -a: all domains, -d XXXXXX: only domain XXXXXX | Removes SSL configuration files (in `/ssl/certs`) and regenerates based on `conf.json`. |\n| `ssl-regenerate-full` | *None* | Removes SSL configuration files (in `/ssl/certs`), as well as DH parameters, and regenerates based on `conf.json`. |\n| `ssl-request` | -a: all domains, -d XXXXXX: only domain XXXXXX | Requests SSL certificates from Lets Encrypt. |\n| `ssl-update` | -a: all domains, -d XXXXXX: only domain XXXXXX | Attempts to update SSL certificates manually. |\n\n## Nginx Configuration Helpers\n\nThe image contains a handful of useful Nginx configuration 'helper' files, which you can find in `/overlay/etc/nginx/helpers`. They all begin with the prefix 'proxy':\n\n| Helper | Description |\n| ------------------------- | ---------------------------------------------------------------------------------------------------------------- |\n| `-maintenance.conf` | Displays a maintenance page (used when upstream server is returning an error 50x). |\n| `-params.conf` | Headers commonly required when proxying a site. |\n| `-params-websockets.conf` | Headers required to use websockets. |\n| `-secure-headers.conf` | Standard secure headers - see [Mozilla SSL Configuration Generator](https://ssl-config.mozilla.org/). |\n| `-tls1_3-only.conf` | If you want to be ultra-secure (and not support older browsers), this will disable all TLS protocols except 1.3. |\n\n## Licence\n\n\u003e [MIT](https://mit.bfren.dev/2020)\n\n## Copyright\n\n\u003e Copyright (c) 2020-2024 [bfren](https://bfren.dev) (unless otherwise stated)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbfren%2Fdocker-nginx-proxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbfren%2Fdocker-nginx-proxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbfren%2Fdocker-nginx-proxy/lists"}