docker_nginx_auto_proxy/README.md

52 lines
3.2 KiB
Markdown

# Automated Nginx reverse Proxy for Docker Webservices
This image attaches to the docker event queue and creates/removes proxy settings in the contained nginx.
## How it works
Containers that should be proxied need meta information in the environment variable *PROXY_DATA* available.
This variable must be of the following format:
`PROXY_DATA=server_names:test.com;www.test.com,port:80`
Or written as regex:
PROXY\_DATA=(KEY:VALUE,)\*KEY:VALUE
The following options are possible:
* **server_names**(required) the names of the virtual hosts separated by ";"
* **port**(optional, defaults to 80) the port on the target container
* **ip**(optional, defaults to listen on all IPs) the IP on which the proxy should listen.
* **location**(optional) if the proxied web application is not running on the /-path
* **body_size**(optional, defaults to 1MB) the allowed maximal body size as defined in http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size
* **auth_data**(optional, defaults to none) If set, the value must be constructed like `Realm;Username;Password` e.g. `SecretWebsite;admin;$apr1$RR/RTfI.$s7mRx/yKay7g3Jxmg/eMT/`. The crypted password can be created with `htpasswd`: ` htpasswd -n -b admin supersecret`. **Note**: If used in with docker-compose, the `$` must be doubled: `SecretWebsite;admin;$$apr1$$RR/RTfI.$$s7mRx/yKay7g3Jxmg/eMT/`
## Starting the container
Since the container uses Docker's internal event reporting, it needs access to the daemon. At the
moment, only access via UNIX socket is possible. Because of that, the socket has to be handed
into the container (*-v /var/run/docker.sock:/var/run/docker.sock*).
### Single IP / All IPs
This option is used if your Docker Host has only one IP or if there is no need to differentiate between different IPs regarding wether a Web App
is available on it.
Run the container like this:
`docker run --name auto_proxy -d -v /var/run/docker.sock:/var/run/docker.sock -p 80:80 docker_nginx_auto_proxy`
That means that the container exposes all Web Apps on all IPs. Do **not** use the *ip* option from above on the target containers. The *PROXY_DATA* environment variables would be something like
`PROXY_DATA=server_names:cooldomain.test.com,port:8080,location:/webApp`
### Multiple IPs
This option is used if your Docker Host has multiple IPs (perhaps a public IP in the internet and a private IP on a VPN). It is possible to expose some Web Apps only to the private network.
One container must be started for each IP that should host Web Apps. For example, if there is a public IP of 1.2.3.4 and a private IP 10.1.2.3, then 2 Containers would be started:
`docker run --name auto_proxy_public -d -v /var/run/docker.sock:/var/run/docker.sock -p 1.2.3.4:80:80 docker_nginx_auto_proxy`
`docker run --name auto_proxy_private -d -v /var/run/docker.sock:/var/run/docker.sock -p 10.1.2.3:80:80 docker_nginx_auto_proxy`
If a target container does **not** have the *ip* option set, it listens on **all** IP adresses and will be handled by both containers.
If a container uses, e.g.,
`PROXY_DATA=server_names:cooldomain.test.com,port:8080,location:/webApp,ip:10.1.2.3`
then it will be only available on the private 10.1.2.3 IP (perhaps using a VPN).