-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
✨ 🔖 Release 0.1 with basic functionality
- Loading branch information
1 parent
005354a
commit bb79893
Showing
8 changed files
with
201 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
# Changelog | ||
|
||
(see http://keepachangelog.com http://semver.org) | ||
(critical comment about semver: https://gist.github.com/jashkenas/cbd2b088e20279ae2c8e) | ||
|
||
## Unreleased | ||
|
||
## [0.1] - 2019-05-26 | ||
|
||
- ✨ Enable caching with `$CACHE=true` | ||
- ✨ Configure the reverse proxy with `$PROXY_URL` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
FROM nginx:1.15-alpine | ||
|
||
COPY nginx.main.conf /etc/nginx/nginx.conf | ||
COPY nginx.proxy.conf /etc/nginx/conf.d/default.conf | ||
COPY nginx.proxy-cached.conf /etc/nginx/conf.d/cached.conf | ||
COPY entrypoint.sh /entrypoint.sh | ||
|
||
ENTRYPOINT ["/entrypoint.sh"] | ||
CMD ["nginx", "-g", "daemon off;"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,56 @@ | ||
# Nginx reverse proxy | ||
|
||
This Docker image provides a simple Nginx reverse proxy that can be used to proxy all requests to one specific server. | ||
|
||
The purpose of this simple proxy is to be used in Kubernetes to proxy requests to an external service. Kubernetes has a service type `ExternalName` but there you can't have any advanced configuration like setting headers. Also the annotations on an `Ingress` are very limited for now. | ||
|
||
## Environment variables | ||
|
||
Have a look at [entrypoint.sh](entrypoint.sh) for how the environment variables change the Nginx config. | ||
|
||
### PROXY_URL | ||
|
||
Required. Specifies the domain that should be proxied. | ||
|
||
``` | ||
# Example | ||
PROXY_URL=example.com | ||
``` | ||
|
||
### CACHE | ||
|
||
Optional. Defaults to `false`. Specifies whether or not to cache the pages. | ||
|
||
``` | ||
# Example | ||
CACHE=true | ||
``` | ||
|
||
## Run locally | ||
|
||
When you want to test the Docker image, you can run it locally for example with the following command: | ||
|
||
```bash | ||
docker build -t nginx-reverse-proxy . | ||
docker run -p 80:80 --rm -e PROXY_URL=example.com nginx-reverse-proxy | ||
``` | ||
|
||
### Debugging | ||
|
||
Add this to the Dockerfile: | ||
|
||
``` | ||
ENV TCPDUMP_VERSION 4.9.2-r4 | ||
RUN apk add --update \ | ||
tcpdump==${TCPDUMP_VERSION} \ | ||
strace \ | ||
&& rm -rf /var/cache/apk/* | ||
``` | ||
|
||
And then: | ||
|
||
```bash | ||
docker build -t nginx-reverse-proxy . | ||
docker run --privileged -p 80:80 --rm -e PROXY_URL=example.com nginx-reverse-proxy strace nginx-debug -g 'daemon off;' | ||
docker exec -ti $(docker ps | grep nginx-reverse-proxy | awk '{print $1}') tcpdump not port 22 -vvv -s0 -q -XXX | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
0.1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
#!/bin/sh | ||
set -e | ||
|
||
# Set the default value of $PROXY_URL to production | ||
PROXY_URL="${PROXY_URL:-missing}" | ||
echo "Use \"$PROXY_URL\" for PROXY_URL" | ||
|
||
sed -i -e 's|%PROXY_URL%|'$PROXY_URL'|g' /etc/nginx/conf.d/default.conf | ||
sed -i -e 's|%PROXY_URL%|'$PROXY_URL'|g' /etc/nginx/conf.d/cached.conf | ||
echo "Nginx configured with PROXY_URL \"$PROXY_URL\"" | ||
|
||
# Set the default value of $CACHE to false | ||
CACHE="${CACHE:-false}" | ||
|
||
if test "$CACHE" = "true"; then | ||
echo "Use a cache" | ||
# Delete the non cache config | ||
rm /etc/nginx/conf.d/default.conf | ||
else | ||
echo "Don't use a cache" | ||
# Delete the cache config | ||
rm /etc/nginx/conf.d/cached.conf | ||
fi | ||
|
||
exec "$@" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
user nginx; | ||
worker_processes 1; | ||
|
||
error_log /var/log/nginx/error.log warn; | ||
pid /var/run/nginx.pid; | ||
|
||
events { | ||
worker_connections 1024; | ||
} | ||
|
||
http { | ||
include /etc/nginx/mime.types; | ||
default_type application/octet-stream; | ||
|
||
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | ||
'$status $body_bytes_sent "$http_referer" ' | ||
'"$http_user_agent" "$http_x_forwarded_for"'; | ||
|
||
log_format proxy_logging '[$time_iso8601] $request :: Upstream: $proxy_host ' | ||
':: $remote_addr :: upstream_response_time ' | ||
'$upstream_response_time request_time $request_time'; | ||
|
||
access_log /var/log/nginx/access.log main; | ||
|
||
sendfile on; | ||
# tcp_nopush on; | ||
|
||
keepalive_timeout 65; | ||
|
||
# gzip on; | ||
|
||
include /etc/nginx/conf.d/*.conf; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
proxy_cache_path /tmp/proxy-cache levels=1:2 keys_zone=default_cache:10m max_size=1g | ||
inactive=1d use_temp_path=off; | ||
|
||
server { | ||
resolver 1.1.1.1; | ||
|
||
listen 80; | ||
|
||
location /healthz { | ||
access_log off; | ||
add_header Content-Type text/plain; | ||
return 200 "OK\n"; | ||
} | ||
|
||
set $proxy_url "%PROXY_URL%"; | ||
|
||
location / { | ||
access_log /var/log/nginx/access.log proxy_logging; | ||
|
||
proxy_set_header Host $proxy_url; | ||
proxy_pass https://$proxy_url; | ||
proxy_ssl_server_name on; | ||
proxy_redirect http://$proxy_url/ /; | ||
proxy_redirect https://$proxy_url/ /; | ||
|
||
proxy_set_header X-Real-IP $remote_addr; | ||
proxy_set_header X-Forwared-For $proxy_add_x_forwarded_for; | ||
proxy_set_header X-Forwarded-Proto $scheme; | ||
|
||
# See https://www.nginx.com/blog/nginx-caching-guide/ | ||
proxy_cache default_cache; | ||
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; | ||
proxy_cache_background_update on; | ||
proxy_cache_lock on; | ||
} | ||
|
||
include /etc/nginx/extra-conf.d/*.conf; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
server { | ||
resolver 1.1.1.1; | ||
|
||
listen 80; | ||
|
||
location /healthz { | ||
access_log off; | ||
add_header Content-Type text/plain; | ||
return 200 "OK\n"; | ||
} | ||
|
||
set $proxy_url "%PROXY_URL%"; | ||
|
||
location / { | ||
access_log /var/log/nginx/access.log proxy_logging; | ||
|
||
proxy_set_header Host $proxy_url; | ||
proxy_pass https://$proxy_url; | ||
proxy_ssl_server_name on; | ||
proxy_redirect http://$proxy_url/ /; | ||
proxy_redirect https://$proxy_url/ /; | ||
|
||
proxy_set_header X-Real-IP $remote_addr; | ||
proxy_set_header X-Forwared-For $proxy_add_x_forwarded_for; | ||
proxy_set_header X-Forwarded-Proto $scheme; | ||
} | ||
|
||
include /etc/nginx/extra-conf.d/*.conf; | ||
} |