{"id":20028845,"url":"https://github.com/phase2/docker-https-proxy","last_synced_at":"2025-05-05T03:32:18.777Z","repository":{"id":30274721,"uuid":"124445815","full_name":"phase2/docker-https-proxy","owner":"phase2","description":"Handles HTTPS proxying with automatic self-signed certs for SSL termination.","archived":false,"fork":false,"pushed_at":"2022-01-06T09:00:52.000Z","size":12,"stargazers_count":25,"open_issues_count":5,"forks_count":4,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-08T16:05:40.500Z","etag":null,"topics":["docker-image","outrigger","ssl-termination"],"latest_commit_sha":null,"homepage":"https://hub.docker.com/r/outrigger/https-proxy/","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/phase2.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-03-08T20:42:07.000Z","updated_at":"2024-05-16T11:59:09.000Z","dependencies_parsed_at":"2022-08-07T15:01:36.928Z","dependency_job_id":null,"html_url":"https://github.com/phase2/docker-https-proxy","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phase2%2Fdocker-https-proxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phase2%2Fdocker-https-proxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phase2%2Fdocker-https-proxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phase2%2Fdocker-https-proxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/phase2","download_url":"https://codeload.github.com/phase2/docker-https-proxy/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252435188,"owners_count":21747361,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker-image","outrigger","ssl-termination"],"created_at":"2024-11-13T09:16:48.347Z","updated_at":"2025-05-05T03:32:18.509Z","avatar_url":"https://github.com/phase2.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Outrigger HTTPS Proxy\n\n\u003e Handles HTTPS proxying with automatic self-signed serts for SSL termination.\n\n[![GitHub tag](https://img.shields.io/github/tag/phase2/docker-https-proxy.svg)](https://github.com/phase2/docker-https-proxy) [![Docker Stars](https://img.shields.io/docker/stars/outrigger/https-proxy.svg)](https://hub.docker.com/r/outrigger/https-proxy) [![Docker Pulls](https://img.shields.io/docker/pulls/outrigger/https-proxy.svg)](https://hub.docker.com/r/outrigger/https-proxy) [![](https://images.microbadger.com/badges/image/outrigger/https-proxy:dev.svg)](https://microbadger.com/images/outrigger/https-proxy:dev 'Get your own image badge on microbadger.com')\n\nThis HTTPS proxy container is intended primarily for use with APIs (headless web services).\n\nWhile many languages in which you write such services have a strong HTTP library, they\nare not full-featured, production-grade HTTP servers covering all the standard needs out-of-box, and it is easier to configure nginx and rely on it's maturity than build many\nof these features in custom code.\n\n## Usage\n\n### Docker Run\n\n```bash\ndocker run --rm -it \\\n  -e \"UPSTREAM_DOMAIN=api.projectname.vm\" \\\n  -e \"UPSTREAM_PORT=3773\" \\\n  -e \"PROXY_DOMAIN=proxy.projectname.vm\" \\\n  -l \"com.dnsdock.name=proxy\" \\\n  -l \"com.dnsdock.image=projectname\" \\\n  outrigger/https-proxy:1.0\n```\n\n### Docker Compose\n\n```yaml\n  # docker-compose run --rm proxy\n  # The UPSTREAM service must be running.\n  # https://proxy.projectname.vm\n  proxy:\n    build: outrigger/https-proxy:1.0\n    container_name: projectname_http_proxy\n    depends_on:\n      - api\n    labels:\n      com.dnsdock.name: proxy\n      com.dnsdock.image: projectname\n    environment:\n      UPSTREAM_DOMAIN: api.projectname.vm\n      UPSTREAM_PORT: 3773\n      PROXY_DOMAIN: proxy.projectname.vm\n    network_mode: bridge\n```\n\n## Features\n\n### SSL Termination\n\nThis image was created after finding https://github.com/fsouza/docker-ssl-proxy\nwas very difficult to customize, but the simple untrusted SSL for local development\nwas still valuable.\n\nIn the future steps might be taken to facilitate more of a trust mechanism.\n\n#### Certificates and CA location\n\nThe SSL certificate is generated using a own-ROOT-ca that is available in the\ndirectory /etc/nginx/ca. If made available to other containers or the local\nsystem this will serve as the basis to trust the application certificate.\n\n#### Using Existing Certificate\n\nYou can use existing SSL certificates for your proxy domain by mounting a volume\nto /etc/nginx/certs with following files inside:\n\n* **key.pem:** Private key file\n* **cert.pem:** Certificate file\n\nThe certificate generator will abort if it finds an existing key.pem file.\n\n### gzip Compression\n\nResponses of at least 1000 bytes will be subject to gzip compression at level 6.\n\n### Rate Limiting\n\nRate Limits are more common with API-based services than other webapps. It is a request\nthrottle to ensure no one system monopolizes the available server resources.\n\nThis is defaulted to enabled (at 20 requests per second) but can be disabled by setting the RATE_LIMIT environment variable to \"0\".\n\nIn the event the limit is reached, nginx will respond with a 429 Too Many Requests response.\n\n* https://www.nginx.com/blog/rate-limiting-nginx/\n* http://nginx.org/en/docs/http/ngx_http_limit_req_module.html\n* https://tools.ietf.org/html/rfc6585#section-4\n\n### IP-based Access Example\n\nThere is a configuration file to impose IP-based Whitelisting and Blacklisting rules.\nThese are best handled in the nginx layer rather than in your application, as your application\nis unlikely to handle it as efficiently as nginx can.\n\nFollow the instructions in ./root/etc/nginx/conf.d/10-ip-access.conf to use it in your project.\n\n## Environment Variables\n\nOutrigger images use Environment Variables and [confd](https://github.com/kelseyhightower/confd)\nto templatize a number of Docker environment configurations. These templates are\nprocessed on startup with environment variables passed in via the docker run\ncommand-line or via your `docker-compose.yml` manifest file.\n\n* `CLIENT_MAX_BODY_SIZE`: [`20M`] Maximium size of client uploads.\n* `GZIP_APPROVED_MIME_TYPES`: [``] Additional MIME types to include in gzip compression.\n* `PROXY_DOMAIN`: [`www.example.com`] The domain in the SSL certificate. Relayed via X-Forwarded-Host HTTP header.\n* `RATE_LIMIT`: [`20`] Throttled requests per second per client IP address.\n* `RATE_LIMIT_BURST_QUEUE`: [`10`] Number of requests to delay before enforcing the limit.\n* `UPSTREAM_DOMAIN`: [`proxied.example.com`] The target host for the reverse proxy. Relayed via Host HTTP header.\n* `UPSTREAM_PORT`: [`80`] The target port for the proxied service.\n\n## Maintainers\n\n[![Phase2 Logo](https://s3.amazonaws.com/phase2.public/logos/phase2-logo.png)](https://www.phase2technology.com)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphase2%2Fdocker-https-proxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fphase2%2Fdocker-https-proxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphase2%2Fdocker-https-proxy/lists"}