Table of Contents
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
Environment variables
Several key configuration options of this container can be easily managed at runtime by setting environment variables. To set them, pass them on the command line to the container using -e VAR_NAME=VALUE or via docker-compose in the environment: stanza.
TZ
This variable sets the container’s time zone information. It is formatted as per the IANA standard that Linux uses (Region/Locality). For example, I am in Alberta, Canada so I use America/Edmonton which is Mountain Time. A good list can be found on wikipedia. By default, this is set to Universal Coordinated Time (GMT or ‘Zulu’) which is TZ=Etc/UTC.
SERVER_NAMES
Space-delimited list of hostnames to which NGINX should respond. This environment variable must be quoted (since it is space delimited) and most often is used to match SSL certificates. It is used to generate a list on the server which is used as a shorthand for global redirections. By default this is set to SERVER_NAMES=“_” which means ‘match anything’. While that is perfect for HTTP connections, it will obviously fail for HTTPS connections. Therefore, make sure you set this variable when you enable HTTPS!
HTTP_PORT
Unsurprisingly, this is set to port 80 by default. If you need/want to use a different port, specify it here. For example, you could set HTTP_PORT=8080. If you change this port mapping, remember to also change it when invoking the container using the -p switch, like -p 8080:8080 -e HTTP_PORT=8080 in our example. In most cases, you should not need to change this mapping since you can change it on the host instead using -p 8080:80.
HTTPS_PORT
Just as with the previous variable, it should not surprise you this is set to port 443 by default. Exactly as above, you can change it as desired/required. Again, remember to update your -p invocation option to match this value, for example -p 8443:8443 -e HTTPS_PORT 8443. Also like above, it is often more sensible to just change the mapping on the host like -p 8443:443.
ACCESS_LOG
This controls whether or not the access log is output to stdout (the container’s console). This variable can be set to either ACCESS_LOG=ON or ACCESS_LOG=OFF. The latter is the default for performance reasons. By default, if enabled, it uses the combined default format however, you can freely override this in your own nginx.conf or using a file in the config directory (better choice).
HSTS
Assuming you are using the default configuration and/or allowing the container to manage your SSL set up, this will enable the HSTS header for all pages. The header sets a max-age of 6 months, meaning that browsers are told to only accept SSL connections from your site(s) for the next 6 months. Because of this, be sure of your configuration before turning this option on! That being said, once your configuration is settled, you should definitely enable this option. Valid options are HSTS=FALSE and HSTS=TRUE. This setting is completely ignored if the container does not have certificates mounted.
TLS13_ONLY
Assuming you are allowing the container to manage your SSL set up, this will activate the TLS 1.3-only configuration. In this mode, the server will NOT fall back to TLS 1.2 communication, so make sure this is appropriate in your environment. If this is left disabled (the default), the server will accept TLS 1.2 connections but will also accept TLS 1.3 connections where possible and whenever requested. Valid options are TLS13_ONLY=FALSE and TLS13_ONLY=TRUE. This setting is completely ignored if the container does not have certificates mounted.