How to add extra headers without rebuilding the image

[xtremebiker]

Is there a way to add custom response headers to the nginx conf in the running container? In the docs I see you can add extra server configs, but I would like to modify the one being used. Is there a way to do it without rebuilding the whole image, I mean, using volumes? I would like to have Access-Control-Allow-Origin in the response headers.

Great work!

[Valian]

Hi @xtremebiker! I guess you're using my image without any custom configuration, is it correct? In this case, if your container is already running and you don't have any configuration volumes attached, there is no good way of altering configuration. Adding custom headers using just env variables is impossible, at least for now.

You should prepare a custom configuration file, stop this container and start a new one with configuration volume correctly attached, or build a new image on top of mine with updated configuration.

[xtremebiker]

I already have a configuration volume as it's told in the docs.. My issue is that the container creates a file here for configuration, with the name mydomain.com.conf and the default configuration is here. If I add my header here, the file gets overwritten when I restart the container, so it gets removed. If I add another file with extra config for mydomain.com I get a warning at nginx start up telling that the server is duplicated and its going to ignore it.

Any ideas? I just want to add an extra header to my only server, not add an extra server!

[Valian]

Two options:

1. Go for https://github.com/Valian/docker-nginx-auto-ssl#using-sites-with-your-own-template. Simply override this default template with your own (by building your own image or using volumes), it will be used for your SITES env variable.
2. Don't use SITES env variable and just add your own custom servers into /etc/nginx/conf.d, like this: https://github.com/Valian/docker-nginx-auto-ssl#includes-from-etcnginxconfdconf

Both options are perfectly fine and should solve your issue :) I'm usually going for option 2.

[xtremebiker]

Thanks for the advice!

I've tried the second choice, removing the SITES env variable and creating two config files inside the volume, in the /letsencrypt/conf.d directory. As an example, for the server poiting to my phpmyadmin instance I have this db.mysite.com.conf file:

server {
  listen 443 ssl default_server;

  # remember about this line!
  include resty-server-https.conf;

  location / {
    proxy_pass http://phpmyadmin;
  }
}

For the line include resty-server-https.conf; am I supposed to have this resty-server-https.conf; file in the directory? Searching in the volume gives me no result for a file with that name...

Finally, when I restart the container I get this log:

2019/07/22 17:52:24 [error] 23#23: 15 [lua] ssl_certificate.lua:221: set_cert(): auto-ssl: failed to set ocsp stapling for db.mysite.com - continuing anyway - failed to get ocsp response: OCSP responder query failed (http://ocsp.int-x3.letsencrypt.org): address not available, context: ssl_certificate_by_lua, client: 83.212.153.247, server: 0.0.0.0:443

And when I access https://db.mysite.com I get this page:

Welcome to OpenResty!

If you see this page, the OpenResty web platform is successfully installed and working. Further configuration is required.

For online documentation and support please refer to openresty.org.
Commercial support is available at openresty.com.

Thank you for flying OpenResty.

[Valian]

@xtremebiker

add your own custom servers into /etc/nginx/conf.d

Not /letsencrypt/conf.d. About resty-server-https.conf, it's already available for nginx, it's inside the image in path where nginx can find it.

[xtremebiker]

Achieved! Finally I set up another volume mapping the nginx config dir and included the files there. Thanks!