Merge branch 'master' into with-authelia

* master:
  Update README.md (evertramos#178)
  update error message
  Get start script to create .env file for new users
  update nginx.template
  Update README.md
  Add Beerpay's badge
  Reload Instructions
  update nginx.tmpl file
  Fix issue evertramos#113 (evertramos#124)
  update realip address with private intranets options
  Update README.md
  update folder name
  Support for running on Synology DSM Nas and configureable ports for docker host (evertramos#110)
  update NGINX_FILES_PATH (evertramos#108)
  Update README.md
  Update .env.sample
  Update README.md

# Conflicts:
#	nginx.tmpl

Author: joe307bad

.env.sample

@@ -20,7 +20,7 @@ DOCKER_GEN=nginx-gen
 LETS_ENCRYPT=nginx-letsencrypt
 
 #
-# Your external IP address
+# Set the IP address of the external access Interface
 #
 IP=0.0.0.0
 
@@ -48,9 +48,11 @@ NETWORK=webproxy
 #SERVICE_NETWORK_OPTIONS="--opt encrypted=true"
 
 #
-# NGINX file path
-#
-NGINX_FILES_PATH=/path/to/your/nginx/data
+## NGINX file path (mount into the host)
+# Here you can configure the path where nginx stores all the configurations and certificates.
+# With the value ./nginx-data it creates a new sub-folder into your current path.
+
+NGINX_FILES_PATH=./nginx-data
 
 #
 # NGINX use special conf files
@@ -89,3 +91,11 @@ NGINX_FILES_PATH=/path/to/your/nginx/data
 #NGINX_LETSENCRYPT_LOG_DRIVER=json-file
 #NGINX_LETSENCRYPT_LOG_MAX_SIZE=2m
 #NGINX_LETSENCRYPT_LOG_MAX_FILE=10
+
+#
+# Set the local exposed ports for http and https on the Host
+#
+# NOTE: The default values are 80 and 443, only change this options if you really know what you are doing
+#
+#DOCKER_HTTP=80
+#DOCKER_HTTPS=443

.github/README.md

@@ -51,7 +51,7 @@ DOCKER_GEN=nginx-gen
 LETS_ENCRYPT=nginx-letsencrypt
 
 #
-# Your external IP address
+# Set the IP address of the external access Interface
 #
 IP=0.0.0.0
 
@@ -79,9 +79,11 @@ NETWORK=webproxy
 #SERVICE_NETWORK_OPTIONS="--opt encrypted=true"
 
 #
-# NGINX file path
-#
-NGINX_FILES_PATH=/path/to/your/nginx/data
+## NGINX file path (mount into the host)
+# Here you can configure the path where nginx stores all the configurations and certificates.
+# With the value ./nginx-data it creates a new sub-folder into your current path.
+
+NGINX_FILES_PATH=./nginx-data
 
 #
 # NGINX use special conf files
@@ -200,12 +202,23 @@ Or as of below:
 docker run [...] -e VIRTUAL_PORT=8545 [...]
 ```
 
+4. Restarting proxy container
+
+In some cases you will need to restart the proxy in order to read, as an example, the Basic Auth, if you set it after your service container is already up and running. So, the way I use to restart the proxy (NGINX) is as following, which has no downtime:
+
+```bash
+docker exec -it ${NGINX_WEB} nginx -s reload
+```
+
+Where *${NGINX_WEB}* is your proxy container name, which in the original `.env` file is set as *nginx-web*.
+
+
 ## Testing your proxy with scripts preconfigured 
 
 1. Run the script `test.sh` informing your domain already configured in your DNS to point out to your server as follow:
 
 ```bash
-./test_start.sh your.domain.com
+./test_start_ssl.sh your.domain.com
 ```
 
 or simply run:
@@ -228,11 +241,18 @@ Or simply run:
 docker stop test-web && docker rm test-web 
 ```
 
+## Running this Proxy on a Synology NAS
+
+Please checkout this [howto](https://github.com/evertramos/docker-compose-letsencrypt-nginx-proxy-companion/blob/master/docs/HOWTO-Synlogy.md).
+
+
 ## Production Environment using Web Proxy and Wordpress
 
 1. [docker-wordpress-letsencrypt](https://github.com/evertramos/docker-wordpress-letsencrypt)
 2. [docker-portainer-letsencrypt](https://github.com/evertramos/docker-portainer-letsencrypt)
 3. [docker-nextcloud-letsencrypt](https://github.com/evertramos/docker-nextcloud-letsencrypt)
+4. [docker-registry-letsencrypt](https://github.com/evertramos/docker-registry-letsencrypt)
+5. [gitlab-docker-letsencrypt](https://github.com/steevepay/gitlab-docker-letsencrypt)
 
 In this repo you will find a docker-compose file to start a production environment for a new wordpress site.
 
@@ -252,3 +272,8 @@ Credits goes to:
 - [@buchdag](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion/pull/226#event-1145800062)
 - [@fracz](https://github.com/fracz) - Many contributions!
 
+
+## Support on Beerpay
+Hey dude! Help me out for a couple of :beers:!
+
+[![Beerpay](https://beerpay.io/evertramos/docker-compose-letsencrypt-nginx-proxy-companion/badge.svg?style=beer-square)](https://beerpay.io/evertramos/docker-compose-letsencrypt-nginx-proxy-companion)  [![Beerpay](https://beerpay.io/evertramos/docker-compose-letsencrypt-nginx-proxy-companion/make-wish.svg?style=flat-square)](https://beerpay.io/evertramos/docker-compose-letsencrypt-nginx-proxy-companion?focus=wish)

.idea/$PRODUCT_WORKSPACE_FILE$

@@ -15,9 +15,9 @@
 #
 # The option 'set_real_ip_from'
 # must correspont to your docker network address
-set_real_ip_from  172.18.0.0/32;
-real_ip_header    X-Real-IP;
-real_ip_recursive on;
+set_real_ip_from 172.16.0.0/12;
+set_real_ip_from 10.0.0.0/8;
+set_real_ip_from 192.168.0.0/16;
 
 #
 # CloudFlare settings
@@ -26,25 +26,32 @@ real_ip_recursive on;
 # user's real IP to your app services you 
 # must uncomment all lines below and be sure
 # to comment the lines of the "Basic settings"
-#set_real_ip_from 103.21.244.0/22;
-#set_real_ip_from 103.22.200.0/22;
-#set_real_ip_from 103.31.4.0/22;
-#set_real_ip_from 104.16.0.0/12;
-#set_real_ip_from 108.162.192.0/18;
-#set_real_ip_from 131.0.72.0/22;
-#set_real_ip_from 141.101.64.0/18;
-#set_real_ip_from 162.158.0.0/15;
-#set_real_ip_from 172.64.0.0/13;
-#set_real_ip_from 173.245.48.0/20;
-#set_real_ip_from 188.114.96.0/20;
-#set_real_ip_from 190.93.240.0/20;
-#set_real_ip_from 197.234.240.0/22;
-#set_real_ip_from 198.41.128.0/17;
-#set_real_ip_from 2400:cb00::/32;
-#set_real_ip_from 2606:4700::/32;
-#set_real_ip_from 2803:f800::/32;
-#set_real_ip_from 2405:b500::/32;
-#set_real_ip_from 2405:8100::/32;
-#set_real_ip_from 2c0f:f248::/32;
-#set_real_ip_from 2a06:98c0::/29;
-#real_ip_header X-Forwarded-For;
+set_real_ip_from 103.21.244.0/22;
+set_real_ip_from 103.22.200.0/22;
+set_real_ip_from 103.31.4.0/22;
+set_real_ip_from 104.16.0.0/12;
+set_real_ip_from 108.162.192.0/18;
+set_real_ip_from 131.0.72.0/22;
+set_real_ip_from 141.101.64.0/18;
+set_real_ip_from 162.158.0.0/15;
+set_real_ip_from 172.64.0.0/13;
+set_real_ip_from 173.245.48.0/20;
+set_real_ip_from 188.114.96.0/20;
+set_real_ip_from 190.93.240.0/20;
+set_real_ip_from 197.234.240.0/22;
+set_real_ip_from 198.41.128.0/17;
+set_real_ip_from 2400:cb00::/32;
+set_real_ip_from 2606:4700::/32;
+set_real_ip_from 2803:f800::/32;
+set_real_ip_from 2405:b500::/32;
+set_real_ip_from 2405:8100::/32;
+set_real_ip_from 2c0f:f248::/32;
+set_real_ip_from 2a06:98c0::/29;
+
+#
+# Header for Real IP Address
+#
+real_ip_header X-Forwarded-For;
+#real_ip_header    X-Real-IP;
+real_ip_recursive on;
+

.idea/.gitignore

@@ -7,8 +7,8 @@ services:
     container_name: ${NGINX_WEB:-nginx-web}
     restart: always
     ports:
-      - "${IP:-0.0.0.0}:80:80"
-      - "${IP:-0.0.0.0}:443:443"
+      - "${IP:-0.0.0.0}:${DOCKER_HTTP:-80}:80"
+      - "${IP:-0.0.0.0}:${DOCKER_HTTPS:-443}:443"
     volumes:
       - ${NGINX_FILES_PATH:-./data}/conf.d:/etc/nginx/conf.d
       - ${NGINX_FILES_PATH:-./data}/vhost.d:/etc/nginx/vhost.d

.idea/lets-encrypt.iml

@@ -7,8 +7,8 @@ services:
     container_name: ${NGINX_WEB:-nginx-web}
     restart: always
     ports:
-      - "${IP:-0.0.0.0}:80:80"
-      - "${IP:-0.0.0.0}:443:443"
+      - "${IP:-0.0.0.0}:${DOCKER_HTTP:-80}:80"
+      - "${IP:-0.0.0.0}:${DOCKER_HTTPS:-443}:443"
     volumes:
       - ${NGINX_FILES_PATH:-./data}/conf.d:/etc/nginx/conf.d
       - ${NGINX_FILES_PATH:-./data}/vhost.d:/etc/nginx/vhost.d

.idea/misc.xml

@@ -0,0 +1,27 @@
+## Port mapping
+Synology default installs a web server on port 80 blocking certificate generation. 
+
+To circumvent this - if you do not need external access to the default web server (and you should not expose it anyway) configure your .env to use alternative ports and your router to forward the external official port to the alternative internal ports:
+
+#
+# Set the local exposed ports for http and https - this will allow you to run with a legacy web 
+# server already installed for local use
+#
+# NOTE: For this to function your internet router must forward the official ports to the mapped ports - 
+#       in this example external port 80 to docker host 81 and external port 443 to docker host 444
+#
+DOCKER_HTTP=81
+DOCKER_HTTPS=444
+
+## File permissions
+To setup the needed configuration directoties and proper permissions run the below commands (assuming default ./data is where you have your catalog for persistent files)
+
+mkdir -p data/certs
+mkdir data/htpasswd
+mkdir data/conf.d
+mkdir data/vhost.d
+mkdir data/html
+chgrp -R 101 data
+chmod -R g+rwx data
+
+Contributed by https://github.com/nicolailang/