✨ 🔖 Release 0.1 with basic functionality

CHANGELOG.md

@@ -0,0 +1,11 @@
+# Changelog
+
+(see http://keepachangelog.com http://semver.org)
+(critical comment about semver: https://gist.github.com/jashkenas/cbd2b088e20279ae2c8e)
+
+## Unreleased
+
+## [0.1] - 2019-05-26
+
+- ✨ Enable caching with `$CACHE=true`
+- ✨ Configure the reverse proxy with `$PROXY_URL`

Dockerfile

@@ -0,0 +1,9 @@
+FROM nginx:1.15-alpine
+
+COPY nginx.main.conf /etc/nginx/nginx.conf
+COPY nginx.proxy.conf /etc/nginx/conf.d/default.conf
+COPY nginx.proxy-cached.conf /etc/nginx/conf.d/cached.conf
+COPY entrypoint.sh /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]
+CMD ["nginx", "-g", "daemon off;"]

README.md

@@ -1 +1,56 @@
 # Nginx reverse proxy
+
+This Docker image provides a simple Nginx reverse proxy that can be used to proxy all requests to one specific server.
+
+The purpose of this simple proxy is to be used in Kubernetes to proxy requests to an external service. Kubernetes has a service type `ExternalName` but there you can't have any advanced configuration like setting headers. Also the annotations on an `Ingress` are very limited for now.
+
+## Environment variables
+
+Have a look at [entrypoint.sh](entrypoint.sh) for how the environment variables change the Nginx config.
+
+### PROXY_URL
+
+Required. Specifies the domain that should be proxied.
+
+```
+# Example
+PROXY_URL=example.com
+```
+
+### CACHE
+
+Optional. Defaults to `false`. Specifies whether or not to cache the pages.
+
+```
+# Example
+CACHE=true
+```
+
+## Run locally
+
+When you want to test the Docker image, you can run it locally for example with the following command:
+
+```bash
+docker build -t nginx-reverse-proxy .
+docker run -p 80:80 --rm -e PROXY_URL=example.com nginx-reverse-proxy
+```
+
+### Debugging
+
+Add this to the Dockerfile:
+
+```
+ENV TCPDUMP_VERSION 4.9.2-r4
+RUN apk add --update \
+ tcpdump==${TCPDUMP_VERSION} \
+ strace \
+ && rm -rf /var/cache/apk/*
+```
+
+And then:
+
+```bash
+docker build -t nginx-reverse-proxy .
+docker run --privileged -p 80:80 --rm -e PROXY_URL=example.com nginx-reverse-proxy strace nginx-debug -g 'daemon off;'
+docker exec -ti $(docker ps | grep nginx-reverse-proxy | awk '{print $1}') tcpdump not port 22 -vvv -s0 -q -XXX
+```

VERSION

@@ -0,0 +1 @@
+0.1

entrypoint.sh

@@ -0,0 +1,25 @@
+#!/bin/sh
+set -e
+
+# Set the default value of $PROXY_URL to production
+PROXY_URL="${PROXY_URL:-missing}"
+echo "Use \"$PROXY_URL\" for PROXY_URL"
+
+sed -i -e 's|%PROXY_URL%|'$PROXY_URL'|g' /etc/nginx/conf.d/default.conf
+sed -i -e 's|%PROXY_URL%|'$PROXY_URL'|g' /etc/nginx/conf.d/cached.conf
+echo "Nginx configured with PROXY_URL \"$PROXY_URL\""
+
+# Set the default value of $CACHE to false
+CACHE="${CACHE:-false}"
+
+if test "$CACHE" = "true"; then
+ echo "Use a cache"
+ # Delete the non cache config
+ rm /etc/nginx/conf.d/default.conf
+else
+ echo "Don't use a cache"
+ # Delete the cache config
+ rm /etc/nginx/conf.d/cached.conf
+fi
+
+exec "$@"

nginx.main.conf

@@ -0,0 +1,33 @@
+user nginx;
+worker_processes 1;
+
+error_log /var/log/nginx/error.log warn;
+pid /var/run/nginx.pid;
+
+events {
+ worker_connections 1024;
+}
+
+http {
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+
+ log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+ '$status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
+
+ log_format proxy_logging '[$time_iso8601] $request :: Upstream: $proxy_host '
+ ':: $remote_addr :: upstream_response_time '
+ '$upstream_response_time request_time $request_time';
+
+ access_log /var/log/nginx/access.log main;
+
+ sendfile on;
+ # tcp_nopush on;
+
+ keepalive_timeout 65;
+
+ # gzip on;
+
+ include /etc/nginx/conf.d/*.conf;
+}

nginx.proxy-cached.conf

@@ -0,0 +1,38 @@
+proxy_cache_path /tmp/proxy-cache levels=1:2 keys_zone=default_cache:10m max_size=1g
+ inactive=1d use_temp_path=off;
+
+server {
+ resolver 1.1.1.1;
+
+ listen 80;
+
+ location /healthz {
+ access_log off;
+ add_header Content-Type text/plain;
+ return 200 "OK\n";
+ }
+
+ set $proxy_url "%PROXY_URL%";
+
+ location / {
+ access_log /var/log/nginx/access.log proxy_logging;
+
+ proxy_set_header Host $proxy_url;
+ proxy_pass https://$proxy_url;
+ proxy_ssl_server_name on;
+ proxy_redirect http://$proxy_url/ /;
+ proxy_redirect https://$proxy_url/ /;
+
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwared-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+
+ # See https://www.nginx.com/blog/nginx-caching-guide/
+ proxy_cache default_cache;
+ proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
+ proxy_cache_background_update on;
+ proxy_cache_lock on;
+ }
+
+ include /etc/nginx/extra-conf.d/*.conf;
+}

nginx.proxy.conf

@@ -0,0 +1,29 @@
+server {
+ resolver 1.1.1.1;
+
+ listen 80;
+
+ location /healthz {
+ access_log off;
+ add_header Content-Type text/plain;
+ return 200 "OK\n";
+ }
+
+ set $proxy_url "%PROXY_URL%";
+
+ location / {
+ access_log /var/log/nginx/access.log proxy_logging;
+
+ proxy_set_header Host $proxy_url;
+ proxy_pass https://$proxy_url;
+ proxy_ssl_server_name on;
+ proxy_redirect http://$proxy_url/ /;
+ proxy_redirect https://$proxy_url/ /;
+
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwared-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ }
+
+ include /etc/nginx/extra-conf.d/*.conf;
+}