Merge pull request #443 from frappe/develop

feat: allow nginx configuration customization

build/common/nginx-default.conf.template

@@ -43,9 +43,9 @@ server {
         proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
-        proxy_set_header X-Frappe-Site-Name $host;
         proxy_set_header Origin $proxy_x_forwarded_proto://$http_host;
-        proxy_set_header Host $http_host;
+        proxy_set_header X-Frappe-Site-Name ${FRAPPE_SITE_NAME_HEADER};
+        proxy_set_header Host ${HTTP_HOST};
 
         proxy_pass http://socketio-server;
     }
@@ -66,8 +66,8 @@ server {
     location @webserver {
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
-        proxy_set_header X-Frappe-Site-Name $host;
-        proxy_set_header Host $http_host;
+        proxy_set_header X-Frappe-Site-Name ${FRAPPE_SITE_NAME_HEADER};
+        proxy_set_header Host ${HTTP_HOST};
         proxy_set_header X-Use-X-Accel-Redirect True;
         proxy_read_timeout ${HTTP_TIMEOUT};
         proxy_redirect off;

build/frappe-nginx/docker-entrypoint.sh

@@ -45,15 +45,35 @@ if [[ -z "$UPSTREAM_REAL_IP_HEADER" ]]; then
     export UPSTREAM_REAL_IP_HEADER="X-Forwarded-For"
 fi
 
-envsubst '${FRAPPE_PY}
-    ${FRAPPE_PY_PORT}
-    ${FRAPPE_SOCKETIO}
-    ${SOCKETIO_PORT}
-    ${HTTP_TIMEOUT}
-    ${UPSTREAM_REAL_IP_ADDRESS}
-    ${UPSTREAM_REAL_IP_RECURSIVE}
-    ${UPSTREAM_REAL_IP_HEADER}' \
-    < /etc/nginx/conf.d/default.conf.template > /etc/nginx/conf.d/default.conf
+if [[ -z "$FRAPPE_SITE_NAME_HEADER" ]]; then
+    export FRAPPE_SITE_NAME_HEADER="\$host"
+fi
+
+if [[ -z "$HTTP_HOST" ]]; then
+    export HTTP_HOST="\$http_host"
+fi
+
+if [[ -z "$SKIP_NGINX_TEMPLATE_GENERATION" ]]; then
+    export SKIP_NGINX_TEMPLATE_GENERATION=0
+fi
+
+if [[ $SKIP_NGINX_TEMPLATE_GENERATION -eq 1 ]]
+then
+  echo "Skipping default NGINX template generation. Please mount your own NGINX config file inside /etc/nginx/conf.d"
+else
+  echo "Generating default template"
+  envsubst '${FRAPPE_PY}
+        ${FRAPPE_PY_PORT}
+        ${FRAPPE_SOCKETIO}
+        ${SOCKETIO_PORT}
+        ${HTTP_TIMEOUT}
+        ${UPSTREAM_REAL_IP_ADDRESS}
+        ${UPSTREAM_REAL_IP_RECURSIVE}
+        ${FRAPPE_SITE_NAME_HEADER}
+        ${HTTP_HOST}
+        ${UPSTREAM_REAL_IP_HEADER}' \
+        < /etc/nginx/conf.d/default.conf.template > /etc/nginx/conf.d/default.conf
+fi
 
 echo "Waiting for frappe-python to be available on $FRAPPE_PY port $FRAPPE_PY_PORT"
 timeout 10 bash -c 'until printf "" 2>>/dev/null >>/dev/tcp/$0/$1; do sleep 1; done' $FRAPPE_PY $FRAPPE_PY_PORT

docs/environment-variables.md

@@ -24,6 +24,9 @@ These variables are set on every container start. Change in these variables will
 - `UPSTREAM_REAL_IP_ADDRESS `: The trusted address (or ip range) of upstream proxy servers. If set, this will tell nginx to trust the X-Forwarded-For header from these proxy servers in determining the real IP address of connecting clients. Default: 127.0.0.1
 - `UPSTREAM_REAL_IP_RECURSIVE`: When set to `on`, this will tell nginx to not just look to the last upstream proxy server in determining the real IP address. Default: off
 - `UPSTREAM_REAL_IP_HEADER`: Set this to the header name sent by your upstream proxy server to indicate the real IP of connecting clients. Default: X-Forwarded-For
+- `FRAPPE_SITE_NAME_HEADER`: NGINX `X-Frappe-Site-Name` header in the HTTP request which matches a site name. Default: `$host`
+- `HTTP_HOST`: NGINX `Host` header in the HTTP request which matches a site name. Default: `$http_host`
+- `SKIP_NGINX_TEMPLATE_GENERATION`: When set to `1`, this will not generate a default NGINX configuration. The config file must be mounted inside the container (`/etc/nginx/conf.d`) by the user in this case. Default: `0`
 
 ### frappe-socketio