nginx_proxy: Support extra user-defined network ports and http block configuration #3406
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
So in summary, the commits here provide two new features in the NGINX proxy:
server
s within the existingshare/nginx_proxy/
customization.http
blockMy use case is making a specific
server
to re-serve a home assistant integration's URLs in a more protected manner. By having a dedicated server block and port, I can be sure no unintended locations are reachable from it and also apply more external firewall rules with the added separation.As far as I can tell, there's no way to dynamically apply a container:host port mapping to an addon, so multiple unused and default-off mappings were added to allow a reasonable amount of flexibility for users going onward.
I'd also like to apply rate limiting to custom NGINX server blocks, which needs a
limit_req_zone
statement inside of the top-levelhttp
context to work in order to work.Both commits tested in my local HAOS deployment and seems to work fine.
UI Examples
Considered Alternatives
/share/nginx_proxy_default*.conf
? In my use case, there's no way to then stop thelocation /
block from running if my newlocation
doesn't match, which is a problem.443
as well? SNI-based routing makes this a non-starter.tcp/80
mapping with your own external port? Using this port results in TLS errors because it attempts to redirect HTTPS traffic to a HTTP listener.