fixed problem with listening on different IPs which is not possible in the classical way in docker

2015-02-19 19:27:52 +01:00 · 2015-02-19 19:27:52 +01:00 · a0c246169c
parent b37c8ab7de
commit a0c246169c
2 changed files with 59 additions and 8 deletions
--- a/README.md
+++ b/README.md
@ -1,13 +1,6 @@
 # Automated Nginx reverse Proxy for Docker Webservices
 This image attaches to the docker event queue and creates/removes proxy settings in the contained nginx.
 ## Starting the container
 The container is started as:
 `docker run --name auto_proxy -d -v /var/run/docker.sock:/var/run/docker.sock -p 80:80 docker_nginx_auto_proxy`
 The socket must be handed in so the container can get the events.
 ## How it works
 Containers that should be proxied neet meta information in the environment variable *PROXY_DATA* available.
 This variable must be of the following format:
@ -20,3 +13,30 @@ The following options are possible:
 * **port**(optional, defaults to 80) the port on the target container
 * **ip**(optional, defaults to listen on all IPs) the IP on which the proxy should listen. 
 * **location**(optional) if the proxied web application is not running on the /-path
 ## Starting the container
 Since the container uses Docker's internal event reporting, it needs access to the daemon. At the 
 moment, only access via UNIX socket ist possible. Because of that, the socket has to be handed 
 into the container (*-v /var/run/docker.sock:/var/run/docker.sock*). 
 ### Single IP / All IPs
 This option is used if your Docker Host has only one IP or if there is no need to differentiate between different IPs regarding wether a Web App is available on it.
 Run the container like this:
 `docker run --name auto_proxy -d -v /var/run/docker.sock:/var/run/docker.sock -p 80:80 docker_nginx_auto_proxy`
 That means that the container exposes all Wep Apps on all IPs. Do **not** use the *ip* option from above on the target containers. The *PROXY_DATA* environment variables would be something like:
 `PROXY_DATA=server_name:cooldomain.test.com,port:8080,location=/webApp` 
 ### Multiple IPs
 This option is used if your Docker Host has multiple IPs (perhaps a public IP in the internet and a private IP on a VPN). It is possible to expose some Web Apps only to the private network.
 One container must be started for each IP that should host Web Apps. For example, if there is a public IP of 1.2.3.4 and a private IP 10.1.2.3, then 2 Containers would be started:
 `docker run --name auto_proxy_public -d -v /var/run/docker.sock:/var/run/docker.sock -p 1.2.3.4:80:80 docker_nginx_auto_proxy`
 `docker run --name auto_proxy_private -d -v /var/run/docker.sock:/var/run/docker.sock -p 10.1.2.3:80:80 docker_nginx_auto_proxy
 `
 If a target container does **not** have the *ip* option set, it listens on **all** IP adresses and will be handled by both containers. If a container uses, e.g.  
 `PROXY_DATA=server_name:cooldomain.test.com,port:8080,location=/webApp,ip=10.1.2.3`
 Then it will be only available on the private 10.1.2.3 IP (perhaps using a VPN). 
--- a/nginx_proxy.py
+++ b/nginx_proxy.py
@ -83,13 +83,18 @@ def handle_container(id):
    env_vars = analyse_env_vars(inspect_data)
    if 'PROXY_DATA' in env_vars:
        proxy_data = analyse_proxy_data(env_vars)
        container_listen_ip = get_if_available(proxy_data, 'ip', '0.0.0.0')
        if container_listen_ip != '0.0.0.0' and container_listen_ip not in listen_ips:
            logging.info('container "%s"(%s) does not listen on %s.', extract_name(inspect_data), container_listen_ip, str(listen_ips))
            return
        logging.info('container "%s"(%s) is allowed to listen on %s.', extract_name(inspect_data), container_listen_ip, str(listen_ips))
        substitutes = {
            'containername': extract_name(inspect_data),
            'ip': extract_ip(inspect_data),
            'location': get_if_available(proxy_data, 'location', ''),
            'name': get_if_available(proxy_data, 'server_name', ''),
            'port': get_if_available(proxy_data, 'port', 80),
-            'listen': get_if_available(proxy_data, 'ip', '*') + ':80'
+            'listen': '*:80'
        }
        logging.info('writing to %sproxy_%s', target_path, id)
        with open(target_path + '/proxy_'+id, 'w') as file:
@ -108,6 +113,26 @@ def get_pid():
    with open(pid_file, 'r') as file:
        return int(file.read())
 def get_docker_id():
    """This function extracts the container's id from /proc/self/cgroup."""
    id = ''
    with open('/proc/self/cgroup', 'r') as file:
        lines = file.read().split('\n')
        for line in lines:
            index = line.find('docker-')
            if index != -1:
                id = line[index+7:-6]
                break
    return id
 def get_listen_ips():
    inspect_data = client.inspect_container(get_docker_id())
    logging.info('count %s', len(inspect_data['NetworkSettings']['Ports']['80/tcp']))
    ips = []
    for data in inspect_data['NetworkSettings']['Ports']['80/tcp']:
        ips.append(data['HostIp'])
    return ips
 def setup_logging():
    logging.basicConfig(format='%(asctime)s [%(levelname)s]: %(message)s', level=logging.INFO)
@ -123,6 +148,12 @@ if __name__ == '__main__':
    client = Client(base_url='unix://var/run/docker.sock', version='1.15')
    listen_ips = get_listen_ips()
    logging.info('Listening on %s.', listen_ips)
    if len(listen_ips) != 1:
        logging.error('auto_proxy should only listen on 1 IP at a time, everything else can have security implications.')
        exit()
    # handle all running containers existing at startup of this container
    container_ids = client.containers(quiet=True)
    for container_id in container_ids: