Added VIRTUAL_ALLOW to limit access to container

[itsafire]

I did a change to nginx.tmpl to provide a VIRTUAL_ALLOW environment variable to limit access to containers. Adding -e VIRTUAL_ALLOW=10.1.1.0/24,10.1.3.55 will result in:

allow 10.1.1.0/24;
allow 10.1.3.55;
deny all;

[itsafire]

The added code to the server section in nginx.tmpl:

    {{ $firstContainer := index $containers 0 }}
    {{ if $firstContainer.Env.VIRTUAL_ALLOW }}
        {{ range $i, $allowed := split $firstContainer.Env.VIRTUAL_ALLOW "," }}
            allow {{ $allowed }};
        {{ end }}
        deny all;
    {{ end }}

[md5]

I believe this can be closed since #106 was merged. See the README for instructions: https://github.com/jwilder/nginx-proxy/blob/master/README.md#custom-nginx-configuration

[moul]

Hi, even if #106 lets us do the equivalent of this PR,

I think this PR is a better solution when you want to handle all the configuration from the proxyfied container with environment variables.
It's a little by annoying to put some configuration in the proxyfied container and update a file on the host.
particularly when you use nginx-proxy as the host nginx and want to just handle new containers without thinking about it

What do you think about keeping #106 to handle every cases, and use this PR as an additional method ?

[aimxhaisse]

👍

[tpiron]

👍

[md5]

@moul You guys might want to check out the discussion in #134. Two possible options discussed there are a JSON-formatted VIRTUAL_HOST_CONFIG variable or a naming convention for variables starting with NGINX_PROXY_* to expose any (or perhaps just most) Nginx settings.

[thaJeztah]

Perhaps labels are an option too; e.g. org.jsonwilder.nginx-proxy.something=val

[md5]

@thaJeztah Thanks for the reminder about labels. I haven't gotten around to playing with them yet, unfortunately.

Looks like label support was added to go-dockerclient here: fsouza/go-dockerclient@bd32742

[md5]

This is relevant too: nginx-proxy/docker-gen#81