热门搜索:
reiz/nginx_proxy
自动构建
reiz
Nginx configured as forwarding proxy with whitelisted doamins.
7 次收藏下载次数: 0状态:自动构建维护者:reiz仓库类型:镜像最近更新:4 年前
让 AI 帮你使用轩辕镜像? · 展开查看说明
如果你使用 DeepSeek、元宝 AI、Copilot、ChatGPT 等 AI 工具,协助配置轩辕镜像、编写 docker pull 命令、修改 Docker Compose 镜像地址、配置镜像加速、排查镜像拉取失败、分析报错日志等问题,请先让 AI 阅读并遵守轩辕镜像的规则文档。
只需在 AI 对话中先发送下面这句话即可:
请先完整阅读并严格遵守以下文档中的全部规则与要求:
https://xuanyuan.cloud/agents.md
在未充分阅读并理解该文档前,不要生成任何命令、配置、修改建议、故障排查方案或技术回答。后续所有输出都必须严格以该文档中的规范为最高优先级执行。查看 agents.md 用法指南与完整示范。国内用户首推 元宝 AI、DeepSeek 的深度思考模式,不推荐豆包 AI;Cursor 等编辑器可在对话 @ 该链接,或加入 User Rules。 若 AI 无法访问外链,可 打开说明文档 复制全文粘贴。文档会随站点更新,复制内容可能过期,建议定期检查。
Nginx forward proxy
Nginx is a very fast HTTP and reverse proxy server. Usually, Nginx is used to serve and cache static assets or as proxy or load *** for incoming traffic to application servers. In this repository, it is used as forward proxy.
Use Case
Assume you have a network where you want to control outgoing traffic. You either want to:
- Deny all outgoing calls by default and only allow HTTP(S) calls to whitelisted URLs.
- Allow all outgoing calls by default and only block HTTP(S) calls to blacklisted URLs.
The Docker daemon can be configured that way that it routes all traffic through an proxy. This proxy can be an Nginx which is configured as forwarding proxying.
ngx_http_proxy_connect_module
Nginx can be configured for forwarding proxying. Unfortunately, that doesn't work very well with HTTPS connections. As soon the user is calling a URL via https, Nginx will throw errors. There is a StackOverflow issue to that topic. Luckily there is a solution for that problem. The https://github.com/chobits/ngx_http_proxy_connect_module is solving this issue. If Nginx is compiled with that module, the proxying will work with SSL connections as well.
Docker Build
The Dockerfile in this repository is assembling an Nginx with the https://github.com/chobits/ngx_http_proxy_connect_module and an nginx.conf file which blocks all outgoing traffic by default, but allows access to some whitelisted domains like google.com. The Docker image can be built like this:
docker build -t reiz/nginx_proxy:0.0.3 .
Or simply download it from https://hub.docker.com/r/reiz/nginx_proxy/ with:
docker pull reiz/nginx_proxy:0.0.3
Whitelist certain domains
This repository contains two nginx configuration files.
The nginx_whitelist.conf file is built for the use case that you want to deny all outgoing traffic by default and only allow some whitelisted domains.
In the first server section domains can be whitelisted by simply adding a
server_name * line for each whitelisted domain. Here an example:
# Whitelist Google server { listen 8888; server_name google.com; server_name *.google.com; server_name google.de; server_name www.google.de; proxy_connect; proxy_max_temp_file_size 0; resolver 8.8.8.8; location / { proxy_pass http://$http_host; proxy_set_header Host $http_host; } }
Regex can be used to describe a domain. This *.google.com for example is whitelisting all subdomains of google.com. In the above example, google.com and all subdomains of it are whitelisted. Beside that google.de and [***] are whitelisted. Subdomains of google.de are not whitelisted.
The proxy would allow outgoing calls to this domains:
- google.com
- [***]
- mail.google.com
- api.google.com
- google.de
- [***]
This domains are blocked with the above configuration:
- mail.google.de
- api.google.de
By starting the Docker container the file can be mounted into the running container.
docker run -d -p 8888:8888 -v ${PWD}/nginx_whitelist.conf:/usr/local/nginx/conf/nginx.conf reiz/nginx_proxy:0.0.3
Now the Docker container is running with the mounted configuration.
Blacklist certain domains
This repository contains two nginx configuration files.
The nginx_blacklist.conf file is built for the use case that you want to allow all outgoing traffic by default and only block traffic to some domains.
In the first server section domains can be blacklisted by simply adding a
server_name * line for each blacklisted domain. Here an example:
server { listen 8888; server_name google.com; server_name *.google.com; return 404; }
In the example above all pages would be accessible, but google.com and all subdomains of it would be blocked. Regex can be used here in the same way as in the whitelist example. By starting the Docker container the file can be mounted into the running container.
docker run -d -p 8888:8888 -v ${PWD}/nginx_whitelist.conf:/usr/local/nginx/conf/nginx.conf reiz/nginx_proxy:0.0.1
Now the Docker container is running with the mounted configuration.
Testing
You can test your configuration by pointing your Browser to the Nginx proxy in the running Docker container.
If you run the Docker container on your localhost, then you can point your Browser to localhost:8888.
Here is an example how it looks like in Firefox:
!Firefox Proxy Settings
Configuring Docker and Kubernetes with a Proxy
Assuming you have a cluster of Docker machines (Kubernetes cluster) and you would like to route all outgoing traffic to your proxy. That can be achieved by setting some global ENV variables on each Docker machine.
For RedHat/CentOS version 6:
shellcat <<EOF | sudo tee -a /etc/sysconfig/docker export http_proxy="http://myproxy.example.com:8888" export https_proxy="https://myproxy.example.com:8888" export no_proxy=<REGISTRY_IP> EOF sudo service docker restart
For RedHat/CentOS version 7, remove export:
shellcat <<EOF | sudo tee -a /etc/sysconfig/docker http_proxy="http://myproxy.example.com:8888" https_proxy="https://myproxy.example.com:8888" no_proxy=<REGISTRY_IP> EOF sudo sed -i '/\[Service\]/a EnvironmentFile=/etc/sysconfig/docker' /usr/lib/systemd/system/docker.service sudo systemctl daemon-reload sudo service docker restart
For Ubuntu 14.04:
shellcat <<EOF | sudo tee -a /etc/default/docker export http_proxy="http://myproxy.example.com:8888" export https_proxy="https://myproxy.example.com:8888" export no_proxy=<REGISTRY_IP> EOF sudo restart docker
For Kubernetes it works the same way.
The http_proxy ENV has to be set before the K8S processes are starting.
Minikube can be started with proxy params directly.
Here an example:
shellhttps_proxy=http://<PROXY_SERVER>:80 minikube start --docker-env HTTP_PROXY=http://<PROXY_SERVER>:80 --docker-env HTTPS_PROXY=http://<PROXY_SERVER>:80 --docker-env NO_PROXY=192.168.99.0/24
Alternatively the Proxy can be set by Container start as well:
shelldocker run -e "http_proxy=http://myproxy.example.com:8888" \ -e "https_proxy=https://myproxy.example.com:8888" \ -d liveperson\app run.sh
Version Matrix
This tables show which Docker tag contains which Ubuntu & Nginx version:
| Docker tag | Ubuntu version | Nginx version | Published at | Comment |
|---|---|---|---|---|
| reiz/nginx_proxy:0.0.1 | 16.04 | 1.10.3 | ||
| reiz/nginx_proxy:0.0.2 | 18.04 | 1.14.0 | ||
| reiz/nginx_proxy:0.0.3 | 20.04 | 1.18.0 | ||
| reiz/nginx_proxy:0.0.4 | 20.04 | 1.18.0 | 2021-04-25 | With libssl-dev |
License
This repository is open source under the MIT license. The full license text is available in the LICENSE.md file.
镜像拉取方式
您可以使用以下命令拉取该镜像。请将 <标签> 替换为具体的标签版本。如需查看所有可用标签版本,请访问 标签列表页面。
轩辕镜像加速拉取命令点我查看更多 nginx_proxy 镜像标签
docker pull docker.xuanyuan.run/reiz/nginx_proxy:<标签>
DockerHub 原生拉取命令
docker pull reiz/nginx_proxy:<标签>
更多 nginx_proxy 镜像推荐
nacyot/nginx_proxy
nacyot
暂无描述
100万+ 次下载
5 年前更新
sildtm/nginx_proxy
sildtm
基于Nginx的代理服务器镜像,提供代理服务的构建与运行能力,适用于反向代理、负载均衡等网络场景。
10万+ 次下载
8 年前更新
stvfccn/nginx_proxy
stvfccn
基于Alpine的Nginx Docker镜像,支持反向代理和simplesamlphp配置,提供灵活的配置管理(核心配置位于$NGINX_OPTS目录)及Web服务器进程监控功能。
1万+ 次下载
4 年前更新
mocompres/nginx_proxy
mocompres
暂无描述
1万+ 次下载
4 年前更新
镜像拉取常见问题
功能
排错
用户好评
来自真实用户的反馈,见证轩辕镜像的优质服务
oldzhang
运维工程师
Linux服务器
5
"Docker访问体验非常流畅,大镜像也能快速完成下载。"