{"id":27160988,"url":"https://github.com/flownative/docker-nginx","last_synced_at":"2025-04-09T00:08:29.252Z","repository":{"id":40485731,"uuid":"236991996","full_name":"flownative/docker-nginx","owner":"flownative","description":"Docker image providing Nginx for Beach and Local Beach","archived":false,"fork":false,"pushed_at":"2025-03-16T14:07:21.000Z","size":1410,"stargazers_count":1,"open_issues_count":1,"forks_count":1,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-03-16T15:22:47.412Z","etag":null,"topics":["docker","docker-image","flownative-beach","nginx"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/flownative.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["robertlemke"]}},"created_at":"2020-01-29T13:46:11.000Z","updated_at":"2025-03-16T14:06:34.000Z","dependencies_parsed_at":"2022-09-12T10:12:11.849Z","dependency_job_id":"266bfe3b-a0cd-4013-a577-d9bd8b80cc0c","html_url":"https://github.com/flownative/docker-nginx","commit_stats":null,"previous_names":[],"tags_count":152,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flownative%2Fdocker-nginx","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flownative%2Fdocker-nginx/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flownative%2Fdocker-nginx/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flownative%2Fdocker-nginx/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/flownative","download_url":"https://codeload.github.com/flownative/docker-nginx/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247947857,"owners_count":21023066,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","docker-image","flownative-beach","nginx"],"created_at":"2025-04-09T00:08:28.763Z","updated_at":"2025-04-09T00:08:29.243Z","avatar_url":"https://github.com/flownative.png","language":"Shell","funding_links":["https://github.com/sponsors/robertlemke"],"categories":[],"sub_categories":[],"readme":"[![MIT license](http://img.shields.io/badge/license-MIT-brightgreen.svg)](http://opensource.org/licenses/MIT)\n[![Maintenance level: Love](https://img.shields.io/badge/maintenance-%E2%99%A1%E2%99%A1%E2%99%A1-ff69b4.svg)](https://www.flownative.com/en/products/open-source.html)\n![Build Docker Image daily](https://github.com/flownative/docker-nginx/actions/workflows/docker.build.yaml/badge.svg)\n![Build Docker Image on tag](https://github.com/flownative/docker-nginx/actions/workflows/docker.build.onpush.yaml/badge.svg)\n# Flownative Nginx Image\n\nA Docker image providing [Nginx](https://nginx.org)\nfor [Beach](https://www.flownative.com/beach),\n[Local Beach](https://www.flownative.com/localbeach) and other purposes.\nCompared to other\nNginx images, this one provides specific features which come in handy for\nrunning a\n[Neos CMS](https://www.neos.io) instance or Neos Flow application.\n\n## tl;dr\n\n```bash\n$ docker run flownative/nginx\n```\n\n## Hosting a Neos website or Flow application\n\ntbd.\n\n## Hosting a static website\n\nSet the environment variable \"BEACH_NGINX_MODE\" to \"Static\" and\noptionally set the variable \"NGINX_STATIC_ROOT\" to the path leading to\nthe root of your static site.\n\nThe BEACH_NGINX_MODE variable follows legacy naming and will be renamed\n/ replaced by another concept in the future.\n\n## Configuration\n\n### Logging\n\nBy default, the access log is written to STDOUT, and the error log is\nredirected to STDERR. That way, you can follow logs by watching\ncontainer logs with `docker logs` or using a similar mechanism in\nKubernetes or your actual platform.\n\nAdditionally, logs are also stored in /opt/flownative/log/nginx-error.log\nand /opt/flownative/log/nginx-access.log. If the log format is \"json\",\nthe access log file is /opt/flownative/log/nginx-access.json.log\n\nNote that the error log only contains errors related to the webserver itself.\nRequests resulting in status codes like 404 (not found) or 503 (internal\nserver error) are logged to the access log, if it is enabled.\n\nThe log level for the error log can be defined via the `NGINX_LOG_LEVEL`\nenvironment variable. See the\n[Nginx documentation](https://docs.nginx.com/nginx/admin-guide/monitoring/logging/)\nfor possible values. The default value is `warn`.\n\nThe access log is disabled by default, it can be enabled by setting\n`NGINX_ACCESS_LOG_ENABLE` to \"true\".\n\nThe access log's default format is similar to the standard Nginx\n\"combined\" format with a few additions, so that the IP address of\nthe original request is shown since this Nginx is usually operated\nbehind a reverse proxy.\n\nInstead of the default format, a JSON format can be used by setting\n`NGINX_ACCESS_LOG_FORMAT` to \"json\".\n\nThe access log may contain a lot of entries, if enabled. If you are only\ninterested in requests resulting in certain status codes (for example\ninternal server errors), you can define a regular expression which filters out\nother log entries. Setting `NGINX_ACCESS_LOG_IGNORED_STATUS_CODES_REGEX` to\n\"^[234]\" will ignore all responses whose status code starts with \"2\", \"3\" or\n\"4\" respectively. Therefore, only 5xx errors will then end up in the access\nlog.\n\nBy default, connection-related status (1xx) and redirects (3xx) will be ignored.\n\nNOTE: Be careful when specifying the regular expression, because syntax\nerrors might keep Nginx from starting.\n\n### Environment variables\n\n| Variable Name | Type | Default | Description |\n|:--------------------------------------------|:--------|:--------------------------------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| NGINX_BASE_PATH | string | /opt/flownative/nginx | Base path for Nginx |\n| NGINX_ERROR_LOG_LEVEL | string | warn | Nginx log level (see [documentation](https://docs.nginx.com/nginx/admin-guide/monitoring/logging/)) |\n| NGINX_ACCESS_LOG_ENABLE | boolean | no | Nginx log level (see [documentation](https://docs.nginx.com/nginx/admin-guide/monitoring/logging/)) |\n| NGINX_ACCESS_LOG_FORMAT | string | default | Format of the access log; possible values are \"default\" and \"json\" |\n| NGINX_ACCESS_LOG_MODE | string | dynamic | Defines which requests should be logged: \"dynamic\" only logs dynamic requests to PHP, \"all\" also includes requests to static files |\n| NGINX_ACCESS_LOG_IGNORED_STATUS_CODES_REGEX | string | ^[13] | Regular expression which defines which status codes should NOT be logged into the access log |\n| NGINX_CACHE_ENABLE | boolean | no | If the FastCGI cache should be enabled; see section about caching |\n| NGINX_CACHE_NAME | string | application | Name of the memory zone Nginx should use for caching |\n| NGINX_CACHE_DEFAULT_LIFETIME | string | 5s | Default cache lifetime to use when caching is enabled |\n| NGINX_CACHE_MAX_SIZE | string | 1024m | Maximum memory size for the FastCGI cache |\n| NGINX_CACHE_INACTIVE | string | 1h | Time after which cache entries are removed automatically |\n| NGINX_CACHE_USE_STALE_OPTIONS | string | updating error timeout invalid_header | Options to pass to the `fastcgi_cache_use_stale` directive |\n| NGINX_CACHE_BACKGROUND_UPDATE | boolean | off | If background updates should be enabled |\n| NGINX_CUSTOM_ERROR_PAGE_CODES | string | 500 501 502 503 | FastCGI error codes which should redirect to the custom error page; codes are separated by spaces |\n| NGINX_CUSTOM_ERROR_PAGE_TARGET | string | | Upstream URL to use for custom FastCGI error pages, for example https://example.com/maintenance.html |\n| NGINX_CUSTOM_LOCATION_BLOCK_BASE64 | string | | Base64-encoded Nginx location block to include in the server configuration. The block will be included in the server configuration before the default location block. Be careful! |\n| NGINX_STATIC_ROOT | string | /var/www/html | Document root path for when BEACH_NGINX_MODE is \"Static\" |\n| NGINX_STRICT_TRANSPORT_SECURITY_ENABLE | boolean | no | If Strict-Transport-Security headers should be sent (HSTS) |\n| NGINX_STRICT_TRANSPORT_SECURITY_PRELOAD | boolean | no | If site should be added to list of HTTPS-only sites by Google and others |\n| NGINX_STRICT_TRANSPORT_SECURITY_MAX_AGE | boolean | 31536000 | Maxmimum age for Strict-Transport-Security header, if enabled |\n| NGINX_AUTH_BASIC_REALM | string | off | Realm for HTTP Basic Authentication; if \"off\", authentication is disabled |\n| NGINX_AUTH_BASIC_USERNAME | string | | Username for HTTP Basic Authentication |\n| NGINX_AUTH_BASIC_ENCODED_HASHED_PASSWORD | string | | Base64-encoded hashed password (using httpasswd) for HTTP Basic Authentication |\n| NGINX_ENABLE_UNDERSCORES_IN_HEADERS | boolean | no | Enables or disables the use of underscores in client request header fields. |\n| BEACH_NGINX_CUSTOM_METRICS_ENABLE | boolean | no | If support for a custom metrics endpoint should be enabled |\n| BEACH_NGINX_CUSTOM_METRICS_SOURCE_PATH | string | /metrics | Path where metrics are located |\n| BEACH_NGINX_CUSTOM_METRICS_TARGET_PORT | integer | 8082 | Port at which Nginx should listen to provide the metrics for scraping |\n| BEACH_NGINX_MODE | string | Flow | Either \"Flow\" or \"Static\"; this variable is going to be renamed in the future |\n| BEACH_ASSET_PROXY_ENDPOINT | string | | Endpoint of a cloud storage frontend to use for proxying requests to Flow persistent resources. Requires BEACH_PERSISTENT_RESOURCES_BASE_PATH to be set. Example: \"https://assets.flownative.com/example-bucket/\" |\n| BEACH_ASSET_PROXY_RESOLVER | string | 8.8.8.8 | IP address of a DNS server to use for resolving domains when proxying assets. Set this to 127.0.0.11 when using Local Beach. |\n| BEACH_PERSISTENT_RESOURCES_BASE_PATH | string | | Base path of URLs pointing to Flow persistent resources; example: \"https://www.flownative.com/assets/\" |\n| BEACH_STATIC_RESOURCES_LIFETIME | string | 30d | Expiration time for static resources; examples: \"3600s\" or \"7d\" or \"max\" |\n| FLOW_HTTP_TRUSTED_PROXIES | string | 10.0.0.0/8 | Nginx passes FLOW_HTTP_TRUSTED_PROXIES to the virtual host using the value of this variable |\n\n## Asset Proxy\n\nBy default, the direct URL of an asset stored in the cloud storage is used as\npart of the Flow or Neos frontend output. In order to make URLs more\nuser-friendly or hide the fact that assets are stored in a cloud storage,\nNginx can act as a reverse proxy and make assets available through a\nsub-path of the website's main domain.\n\nFor example, if the website is reachable via \"https://www.example.com\", the\nproxy can be configured to map the path \"https://www.example.com/assets/\" to\nassets stored in a cloud storage bucket which is accessible at\n\"https://some.cloud.storage/some-bucket/\".\n\nThe environment variables to set for the above example are as follows:\n\n```\nBEACH_PERSISTENT_RESOURCES_BASE_PATH=/assets/\nBEACH_ASSET_PROXY_ENDPOINT=https://some.cloud.storage/some-bucket\n```\n\n\u003e Note: Make sure that both values are formatted exactly like in the given\n\u003e examples, for example don't forget the trailing \"/\" in\n\u003e `BEACH_PERSISTENT_RESOURCES_BASE_PATH` and don't add a trailing \"/\" in\n\u003e \"BEACH_ASSET_PROXY_ENDPOINT\".\n\n## Security aspects\n\nThis image is designed to run as a non-root container. Using an\nunprivileged user generally improves the security of an image, but may\nhave a few side effects, especially when you try to debug something by\nlogging in to the container using `docker exec`.\n\nWhen you are running this image with Docker or in a Kubernetes context,\nyou can take advantage of the non-root approach by disallowing privilege\nescalation:\n\n```yaml\n$ docker run flownative/nginx:latest --security-opt=no-new-privileges\n```\n\nBecause Nginx runs as a non-root user, it cannot bind to port 80 and\nusers port 8080 instead. Since you can map that port to any other port\nby telling Docker or Kubernetes, this won't be a problem in practice.\nHowever, be aware that you need to specify 8080 as the container port –\notherwise you won't get a connection.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fflownative%2Fdocker-nginx","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fflownative%2Fdocker-nginx","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fflownative%2Fdocker-nginx/lists"}