README
¶
Luzifer / dockerproxy
DockerProxy is a small application to shield HTTP exporting Docker containers. The proxy supports SNI to shield the containers with HTTPs certificates. To discover the containers the Docker daemon needs to listen on a tcp port which should be shielded by a firewall to ensure the security of the Docker host.
Design Flaw
Currently Docker does not support container tagging so this proxy is using the environment variables to detect the "slug" and the port of a container. This can be fixed as soon as there is a tagging concept similar as the EC2 tagging in AWS.
Configuration
Docker daemon
- Ensure the daemon is listening on a tcp port reachable from the dockerproxy. In this example port
9999is used. - Start your docker containers with some special environment variables used for container detection:
ROUTER_SLUG: The slug used in the proxy configuration to identify the containerROUTER_PORT: The public exported HTTP port the proxy can send its requests to
dockerproxy
The configuration is written in YAML (or JSON) format and read every minute by the daemon:
domains: Dict of domain configurations the proxy is able to respond toslug: The slug defined in the Docker container to determine which container should handle the requestforce_ssl: The proxy does not forward request but return a redirect to SSL based connectionssl(optional): SSL configuration for that domaincert: x509 certificate file (Intermediate certificates belongs in this file too. Put them under your own certificate.)key: The key for the cerficate without password protection
authentication: Configure authentication for this domaintype: The authentication mechanism to use (Available:basic-auth)config: Authentication specific configuration
generic: A generic suffix on which the proxy will forward to every configured containerlistenHTTP: An address binding for HTTP traffic like:80listenHTTPS: An address binding for HTTPs traffic like:443docker: Docker host configurationhosts: Dict of private to public host/ip associations (The Proxy will query the Docker daemon on the private host/ip and send traffic to the public host/ip)port: Port to use for querying the Docker daemon
Example configuration:
---
generic: .dockersrv.example.com
listenHTTP: ":8081"
listenHTTPS: ":4443"
domains:
host1.example.com:
slug: container1
force_ssl: true
ssl:
cert: ssl/host1.example.com.crt
key: ssl/host1.example.com.key
host2.example.com:
slug: container2
authentication:
type: basic-auth
config:
alice: cat
bob: password
docker:
hosts:
localhost: docker01.servers.example.com
port: 9999
Authentication provider config
-
basic-auth:- Map of usernames / passwords
authentication: type: basic-auth config: alice: cat bob: password
Documentation
¶
There is no documentation for this package.
Source Files
¶
Directories
¶
| Path | Synopsis |
|---|---|
|
Godeps
|
|
|
_workspace/src/github.com/Luzifer/rconfig
Package rconfig implements a CLI configuration reader with struct-embedded defaults, environment variables and posix compatible flag parsing using the pflag library.
|
Package rconfig implements a CLI configuration reader with struct-embedded defaults, environment variables and posix compatible flag parsing using the pflag library. |
|
_workspace/src/github.com/elazarl/goproxy
Taken from $GOROOT/src/pkg/net/http/chunked needed to write https responses to client.
|
Taken from $GOROOT/src/pkg/net/http/chunked needed to write https responses to client. |
|
_workspace/src/github.com/elazarl/goproxy/examples/goproxy-yui-minify
This example would minify standalone Javascript files (identified by their content type) using the command line utility YUI compressor http://yui.github.io/yuicompressor/ Example usage: ./yui -java /usr/local/bin/java -yuicompressor ~/Downloads/yuicompressor-2.4.8.jar $ curl -vx localhost:8080 http://golang.org/lib/godoc/godocs.js (function(){function g(){var u=$("#search");if(u.length===0){return}function t(){if(....
|
This example would minify standalone Javascript files (identified by their content type) using the command line utility YUI compressor http://yui.github.io/yuicompressor/ Example usage: ./yui -java /usr/local/bin/java -yuicompressor ~/Downloads/yuicompressor-2.4.8.jar $ curl -vx localhost:8080 http://golang.org/lib/godoc/godocs.js (function(){function g(){var u=$("#search");if(u.length===0){return}function t(){if(.... |
|
_workspace/src/github.com/elazarl/goproxy/ext/html
extension to goproxy that will allow you to easily filter web browser related content.
|
extension to goproxy that will allow you to easily filter web browser related content. |
|
_workspace/src/github.com/ericchiang/letsencrypt
Package letsencrypt implements an ACME client.
|
Package letsencrypt implements an ACME client. |
|
_workspace/src/github.com/ericchiang/letsencrypt/internal/base64
Package base64 implements base64 encoding as specified by RFC 4648.
|
Package base64 implements base64 encoding as specified by RFC 4648. |
|
_workspace/src/github.com/fsouza/go-dockerclient
Package docker provides a client for the Docker remote API.
|
Package docker provides a client for the Docker remote API. |
|
_workspace/src/github.com/fsouza/go-dockerclient/external/github.com/docker/docker/pkg/parsers
Package parsers provides helper functions to parse and validate different type of string.
|
Package parsers provides helper functions to parse and validate different type of string. |
|
_workspace/src/github.com/fsouza/go-dockerclient/external/github.com/docker/docker/pkg/pools
Package pools provides a collection of pools which provide various data types with buffers.
|
Package pools provides a collection of pools which provide various data types with buffers. |
|
_workspace/src/github.com/fsouza/go-dockerclient/external/github.com/docker/docker/pkg/ulimit
Package ulimit provides structure and helper function to parse and represent resource limits (Rlimit and Ulimit, its human friendly version).
|
Package ulimit provides structure and helper function to parse and represent resource limits (Rlimit and Ulimit, its human friendly version). |
|
_workspace/src/github.com/fsouza/go-dockerclient/external/github.com/docker/docker/pkg/units
Package units provides helper function to parse and print size and time units in human-readable format.
|
Package units provides helper function to parse and print size and time units in human-readable format. |
|
_workspace/src/github.com/fsouza/go-dockerclient/external/github.com/gorilla/context
Package context stores values shared during a request lifetime.
|
Package context stores values shared during a request lifetime. |
|
_workspace/src/github.com/fsouza/go-dockerclient/external/github.com/gorilla/mux
Package gorilla/mux implements a request router and dispatcher.
|
Package gorilla/mux implements a request router and dispatcher. |
|
_workspace/src/github.com/fsouza/go-dockerclient/testing
Package testing provides a fake implementation of the Docker API, useful for testing purpose.
|
Package testing provides a fake implementation of the Docker API, useful for testing purpose. |
|
_workspace/src/github.com/robfig/cron
This library implements a cron spec parser and runner.
|
This library implements a cron spec parser and runner. |
|
_workspace/src/github.com/spf13/pflag
Package pflag is a drop-in replacement for Go's flag package, implementing POSIX/GNU-style --flags.
|
Package pflag is a drop-in replacement for Go's flag package, implementing POSIX/GNU-style --flags. |
|
_workspace/src/github.com/square/go-jose
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards.
|
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. |
|
_workspace/src/gopkg.in/yaml.v2
Package yaml implements YAML support for the Go language.
|
Package yaml implements YAML support for the Go language. |
Click to show internal directories.
Click to hide internal directories.