jlusiardi
/
docker_nginx_auto_proxy
1
0
Fork 0
Code Issues Pull Requests Projects Releases 2 Wiki Activity

Adds validation of proxy_data variable 

This introduces a check for the value of the PROXY_DATA
variables so wrong variables do not crash the proxy.
This commit is contained in:
Joachim Lusiardi 2016-05-17 22:49:15 +02:00
parent 1094e4043d
commit 1c29d8e962
2 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@ -7,6 +7,10 @@ This variable must be of the following format:
`PROXY_DATA=server_names:test.com;www.test.com,port:80` `PROXY_DATA=server_names:test.com;www.test.com,port:80`
Or written as regex:
PROXY\_DATA=(KEY:VALUE,)\*KEY:VALUE
The following options are possible: The following options are possible:
* **server_names**(required) the names of the virtual hosts separated by ";" * **server_names**(required) the names of the virtual hosts separated by ";"
@ -30,7 +34,7 @@ Run the container like this:
That means that the container exposes all Web Apps on all IPs. Do **not** use the *ip* option from above on the target containers. The *PROXY_DATA* environment variables would be something like That means that the container exposes all Web Apps on all IPs. Do **not** use the *ip* option from above on the target containers. The *PROXY_DATA* environment variables would be something like
`PROXY_DATA=server_names:cooldomain.test.com,port:8080,location=/webApp` `PROXY_DATA=server_names:cooldomain.test.com,port:8080,location:/webApp`
### Multiple IPs ### Multiple IPs
This option is used if your Docker Host has multiple IPs (perhaps a public IP in the internet and a private IP on a VPN). It is possible to expose some Web Apps only to the private network. This option is used if your Docker Host has multiple IPs (perhaps a public IP in the internet and a private IP on a VPN). It is possible to expose some Web Apps only to the private network.
@ -41,6 +45,6 @@ One container must be started for each IP that should host Web Apps. For example
If a target container does **not** have the *ip* option set, it listens on **all** IP adresses and will be handled by both containers. If a target container does **not** have the *ip* option set, it listens on **all** IP adresses and will be handled by both containers.
If a container uses, e.g., If a container uses, e.g.,
`PROXY_DATA=server_names:cooldomain.test.com,port:8080,location=/webApp,ip=10.1.2.3` `PROXY_DATA=server_names:cooldomain.test.com,port:8080,location:/webApp,ip:10.1.2.3`
then it will be only available on the private 10.1.2.3 IP (perhaps using a VPN). then it will be only available on the private 10.1.2.3 IP (perhaps using a VPN).

13
nginx_proxy.py
View File

@ -4,6 +4,7 @@ from docker import Client
from docker.errors import APIError from docker.errors import APIError
from string import Template from string import Template
import json import json
import re
import signal import signal
import os import os
import logging import logging
@ -71,6 +72,15 @@ def analyse_proxy_data(data):
return proxy_data return proxy_data
def check_proxy_data_format(var_content):
"""
Validates the content of the variable.
:param var_content: content of the proxy data variable
:return: True if the content is of valid format, False otherwise
"""
return re.match(r"^(\w+:[^:,]+,)+\w+:[^:,]+$", var_content) is not None
def extract_ip(inspect_data): def extract_ip(inspect_data):
"""extracts the container's ip from the given inspect data""" """extracts the container's ip from the given inspect data"""
return inspect_data['NetworkSettings']['IPAddress'] return inspect_data['NetworkSettings']['IPAddress']
@ -95,6 +105,9 @@ def handle_container(id):
inspect_data = client.inspect_container(id) inspect_data = client.inspect_container(id)
env_vars = analyse_env_vars(inspect_data) env_vars = analyse_env_vars(inspect_data)
if 'PROXY_DATA' in env_vars: if 'PROXY_DATA' in env_vars:
if not check_proxy_data_format(env_vars['PROXY_DATA']):
logging.info('cannot handle container with id "%s" named "%s": %s', id, extract_name(inspect_data), env_vars['PROXY_DATA'])
return
proxy_data = analyse_proxy_data(env_vars) proxy_data = analyse_proxy_data(env_vars)
container_listen_ip = get_if_available(proxy_data, 'ip', '0.0.0.0') container_listen_ip = get_if_available(proxy_data, 'ip', '0.0.0.0')
if container_listen_ip != '0.0.0.0' and container_listen_ip not in listen_ips: if container_listen_ip != '0.0.0.0' and container_listen_ip not in listen_ips: