Adds validation of proxy_data variable
This introduces a check for the value of the PROXY_DATA variables so wrong variables do not crash the proxy.
This commit is contained in:
parent
1094e4043d
commit
1c29d8e962
@ -7,6 +7,10 @@ This variable must be of the following format:
|
||||
|
||||
`PROXY_DATA=server_names:test.com;www.test.com,port:80`
|
||||
|
||||
Or written as regex:
|
||||
|
||||
PROXY\_DATA=(KEY:VALUE,)\*KEY:VALUE
|
||||
|
||||
The following options are possible:
|
||||
|
||||
* **server_names**(required) the names of the virtual hosts separated by ";"
|
||||
@ -30,7 +34,7 @@ Run the container like this:
|
||||
|
||||
That means that the container exposes all Web Apps on all IPs. Do **not** use the *ip* option from above on the target containers. The *PROXY_DATA* environment variables would be something like
|
||||
|
||||
`PROXY_DATA=server_names:cooldomain.test.com,port:8080,location=/webApp`
|
||||
`PROXY_DATA=server_names:cooldomain.test.com,port:8080,location:/webApp`
|
||||
|
||||
### Multiple IPs
|
||||
This option is used if your Docker Host has multiple IPs (perhaps a public IP in the internet and a private IP on a VPN). It is possible to expose some Web Apps only to the private network.
|
||||
@ -41,6 +45,6 @@ One container must be started for each IP that should host Web Apps. For example
|
||||
|
||||
If a target container does **not** have the *ip* option set, it listens on **all** IP adresses and will be handled by both containers.
|
||||
If a container uses, e.g.,
|
||||
`PROXY_DATA=server_names:cooldomain.test.com,port:8080,location=/webApp,ip=10.1.2.3`
|
||||
`PROXY_DATA=server_names:cooldomain.test.com,port:8080,location:/webApp,ip:10.1.2.3`
|
||||
|
||||
then it will be only available on the private 10.1.2.3 IP (perhaps using a VPN).
|
||||
|
||||
@ -4,6 +4,7 @@ from docker import Client
|
||||
from docker.errors import APIError
|
||||
from string import Template
|
||||
import json
|
||||
import re
|
||||
import signal
|
||||
import os
|
||||
import logging
|
||||
@ -71,6 +72,15 @@ def analyse_proxy_data(data):
|
||||
return proxy_data
|
||||
|
||||
|
||||
def check_proxy_data_format(var_content):
|
||||
"""
|
||||
Validates the content of the variable.
|
||||
:param var_content: content of the proxy data variable
|
||||
:return: True if the content is of valid format, False otherwise
|
||||
"""
|
||||
return re.match(r"^(\w+:[^:,]+,)+\w+:[^:,]+$", var_content) is not None
|
||||
|
||||
|
||||
def extract_ip(inspect_data):
|
||||
"""extracts the container's ip from the given inspect data"""
|
||||
return inspect_data['NetworkSettings']['IPAddress']
|
||||
@ -95,6 +105,9 @@ def handle_container(id):
|
||||
inspect_data = client.inspect_container(id)
|
||||
env_vars = analyse_env_vars(inspect_data)
|
||||
if 'PROXY_DATA' in env_vars:
|
||||
if not check_proxy_data_format(env_vars['PROXY_DATA']):
|
||||
logging.info('cannot handle container with id "%s" named "%s": %s', id, extract_name(inspect_data), env_vars['PROXY_DATA'])
|
||||
return
|
||||
proxy_data = analyse_proxy_data(env_vars)
|
||||
container_listen_ip = get_if_available(proxy_data, 'ip', '0.0.0.0')
|
||||
if container_listen_ip != '0.0.0.0' and container_listen_ip not in listen_ips:
|
||||
|
||||
Loading…
Reference in New Issue
Block a user