Closed little-dude closed 7 years ago
Couldn't you run the nginx proxy on the host OS and have it handle all of the HTTPS bits, then proxy to the devpi app in the backend with regular HTTP?
In other words, does the nginx service really need to be within the container?
Yes, what you say is tperfeclty doable. The reasons I'm doing it like this are :
Thanks for looking into this, I am generally +1 to merge but see my comments.
IMHO https is not a reason to include nginx into the container but serving static files using nginx it is. If you managed to send a pull request later with a non intrusive way to enable TLS (disabled by default), I'll merge it.
Thanks for looking into this, I am generally +1 to merge but see my comments.
Thanks for reviewing and commenting. I'll repush soon.
IMHO https is not a reason to include nginx into the container but serving static files using nginx it is. If you managed to send a pull request later with a non intrusive way to enable TLS (disabled by default), I'll merge it.
I was planning on adding a HTTPS
env variable. If set to true, both http and https would be enabled (on ports 3141 and 3142 respectively). The image would be shipped with a default self-signed certificate, but I'd specify in the README that it's recommended to use your own CA. Does that sound good?
I was planning on adding a HTTPS env variable. If set to true, both http and https would be enabled (on ports 3141 and 3142 respectively). The image would be shipped with a default self-signed certificate, but I'd specify in the README that it's recommended to use your own CA. Does that sound good?
:ok_hand:
@dangra I re-pushed taking your comments into account, and squashed everything to make reviewing easier. I also added the HTTPS config to the nginx template. Thanks for the env | sed
command, it's pretty awesome.
Please don't merge, since for the moment, https does not work and i have no idea why.
wouldn't make more sense to keep the container running only one service you can always add nginx as proxy running in another container and use container linking to connect it with devpi. Here's the example how i do it when running in amazon elastic beanstalk https://github.com/InnovativeTravel/devpi-beanstalk
I found your image thanks to https://dantehranian.wordpress.com/2014/09/03/a-local-caching-proxy-for-pypi-python-org-via-docker/
I'd like to use NGINX to do https. This PR does not introduce HTTPS yet, but it adds nginx as reverse proxy, which is the first step.
There are some other smaller changes (see the commit message) which are not directly related, so let me know if you want me to do several PRs.
From a user point of view those changes should be transparent. The behaviour is unchanged, but hunder the hood, the image uses nginx as reverse proxy.
Note that despite the fact that everything is working, I'm seeing errors in nginx logs sometimes :
I'm not familiar with nginx so if you have any idea to fix this...