nginx-proxy · buchdag · May 8, 2024 · Oct 28, 2022
diff --git a/Dockerfile.alpine b/Dockerfile.alpine
@@ -17,8 +17,10 @@ ENV NGINX_PROXY_VERSION=${NGINX_PROXY_VERSION} \
 RUN apk add --no-cache --virtual .run-deps bash openssl
 
 # Configure Nginx
-RUN sed -i 's/worker_connections.*;$/worker_connections   10240;/' /etc/nginx/nginx.conf \
+RUN echo -e "\ninclude /etc/nginx/toplevel.conf.d/*.conf;" >> /etc/nginx/nginx.conf \
+   && sed -i 's/worker_connections.*;$/worker_connections   10240;/' /etc/nginx/nginx.conf \
    && sed -i -e '/^\}$/{s//\}\nworker_rlimit_nofile 20480;/;:a' -e '$!N;$!ba' -e '}' /etc/nginx/nginx.conf \
+   && mkdir -p '/etc/nginx/toplevel.conf.d' \
    && mkdir -p '/etc/nginx/dhparam' \
    && mkdir -p '/etc/nginx/certs'
 

diff --git a/Dockerfile.debian b/Dockerfile.debian
@@ -14,8 +14,10 @@ ENV NGINX_PROXY_VERSION=${NGINX_PROXY_VERSION} \
    DOCKER_HOST=unix:///tmp/docker.sock
 
 # Configure Nginx
-RUN sed -i 's/worker_connections.*;$/worker_connections  10240;/' /etc/nginx/nginx.conf \
+RUN echo "\ninclude /etc/nginx/toplevel.conf.d/*.conf;" >> /etc/nginx/nginx.conf \
+   && sed -i 's/worker_connections.*;$/worker_connections  10240;/' /etc/nginx/nginx.conf \
    && sed -i -e '/^\}$/{s//\}\nworker_rlimit_nofile 20480;/;:a' -e '$!N;$!ba' -e '}' /etc/nginx/nginx.conf \
+   && mkdir -p '/etc/nginx/toplevel.conf.d' \
    && mkdir -p '/etc/nginx/dhparam' \
    && mkdir -p '/etc/nginx/certs'
 

diff --git a/docs/README.md b/docs/README.md
@@ -11,6 +11,7 @@
 - [HTTP/2 and HTTP/3](#http2-and-http3)
 - [Headers](#headers)
 - [Custom Nginx Configuration](#custom-nginx-configuration)
+- [TCP and UDP stream](#tcp-and-udp-stream)
 - [Unhashed vs SHA1 upstream names](#unhashed-vs-sha1-upstream-names)
 - [Separate Containers](#separate-containers)
 - [Docker Compose](#docker-compose)
@@ -699,6 +700,61 @@ Per virtual-host `servers_tokens` directive can be configured by passing appropr
 
 ⬆️ [back to table of contents](#table-of-contents)
 
+## TCP and UDP stream
+
+If you want to proxy non-HTTP traffic, you can use nginx's stream module. Write a configuration file and mount it inside `/etc/nginx/toplevel.conf.d`.
+
+```nginx
+# stream.conf
+stream {
+    upstream stream_backend {
+        server backend1.example.com:12345;
+        server backend2.example.com:12345;
+        server backend3.example.com:12346;
+        # ...
+    }
+    server {
+        listen     12345;
+        #TCP traffic will be forwarded to the "stream_backend" upstream group
+        proxy_pass stream_backend;
+    }
+
+    server {
+        listen     12346;
+        #TCP traffic will be forwarded to the specified server
+        proxy_pass backend.example.com:12346;
+    }
+
+    upstream dns_servers {
+        server 192.168.136.130:53;
+        server 192.168.136.131:53;
+        # ...
+    }
+    server {
+        listen     53 udp;
+        #UDP traffic will be forwarded to the "dns_servers" upstream group
+        proxy_pass dns_servers;
+    }
+    # ...
+}
+```
+
+```console
+docker run --detach \
+    --name nginx-proxy \
+    --publish 80:80 \
+    --publish 12345:12345 \
+    --publish 12346:12346 \
+    --publish 53:53:udp \
+    --volume /var/run/docker.sock:/tmp/docker.sock:ro \
+    --volume ./stream.conf:/etc/nginx/toplevel.conf.d/stream.conf:ro \
+    nginxproxy/nginx-proxy:1.5
+```
+
+Please note that TCP and UDP stream are not core features of nginx-proxy, so the above is provided as an example only, without any guarantee.
+
+⬆️ [back to table of contents](#table-of-contents)
+
 ## Unhashed vs SHA1 upstream names
 
 By default the nginx configuration `upstream` blocks will use this block's corresponding hostname as a predictable name. However, this can cause issues in some setups (see [this issue](https://github.com/nginx-proxy/nginx-proxy/issues/1162)). In those cases you might want to switch to SHA1 names for the `upstream` blocks by setting the `SHA1_UPSTREAM_NAME` environment variable to `true` on the nginx-proxy container.