feat(nginx.conf): provide docker specific nginx.conf to enable local testing with docker-compose (#49)

ixxeL2097 · Frederic Spiers · web-flow · commit 95a004bd08c2 · 2025-09-17T11:01:37.000+02:00
Co-authored-by: Frederic Spiers &lt;frederic.spiers@gitguardian.com&gt;
diff --git a/README.md b/README.md
@@ -19,6 +19,9 @@ Once the tunnel is established, a proxy server is deployed on the GitGuardian si
 
 ## Install and configure
 
+For GGBridge configuration instructions, please refer to our public documentation:
+- https://docs.gitguardian.com/platform/enterprise-administration/ggbridge
+
 **ggbridge** is distributed as a Distroless Docker image based on Wolfi OS, ensuring minimal dependencies and enhanced security.
 Additionaly, a **shell** variant of the Docker image is available, this version includes additional tools and allows you to connect to the container via a shell, facilitating troubleshooting and debugging during development or integration.
 
@@ -44,8 +47,9 @@ services:
       TLS_ENABLED: 'true'
     volumes:
       - ./tls/ca.crt:/etc/ggbridge/tls/ca.crt:ro
-      - ./tls/client.crt:/etc/ggbridge/tls/client.crt:ro
-      - ./tls/client.key:/etc/ggbridge/tls/client.key:ro
+      - ./tls/tls.crt:/etc/ggbridge/tls/client.crt:ro
+      - ./tls/tls.key:/etc/ggbridge/tls/client.key:ro
+      - ./docker/nginx/nginx.local.conf:/etc/ggbridge/nginx.conf
     restart: on-failure
 ```
 
diff --git a/docker/nginx/nginx.local.conf b/docker/nginx/nginx.local.conf
@@ -0,0 +1,56 @@
+load_module "/usr/lib/nginx/modules/ngx_stream_module.so";
+
+worker_processes 1;
+
+error_log  stderr  notice;
+pid        /var/run/nginx.pid;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    map_hash_bucket_size 128;
+    map_hash_max_size 4096;
+
+    log_format main '$remote_addr - $remote_user [$time_local] '
+                             '"$request" $status $body_bytes_sent '
+                             '"$http_referer" "$http_user_agent"';
+
+    access_log /dev/stdout main;
+
+    server {
+        listen 127.0.0.1:8081;
+
+        location / {
+            return 404;
+        }
+
+        location /healthz {
+            default_type text/plain;
+            return 200 "OK\n";
+        }
+    }
+}
+
+stream {
+    map_hash_bucket_size 128;
+    map_hash_max_size 4096;
+
+    log_format main '$proxy_protocol_addr - $remote_addr [$time_local] '
+                    '$protocol $status $bytes_sent $bytes_received '
+                    '$session_time "$upstream_addr" '
+                      '"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
+
+    access_log /dev/stdout main;
+
+    resolver 127.0.0.11 valid=30s;
+    resolver_timeout 5s;
+
+    server {
+        listen 127.0.0.1:8443 proxy_protocol;
+        ssl_preread on;
+        proxy_pass $ssl_preread_server_name:443;
+        proxy_protocol off;
+    }
+}
