184 lines
6.2 KiB
Python
Executable File
184 lines
6.2 KiB
Python
Executable File
#!/usr/bin/python3.4
|
|
|
|
from docker import Client
|
|
from docker.errors import APIError
|
|
from string import Template
|
|
import json
|
|
import signal
|
|
import os
|
|
import logging
|
|
|
|
target_path="/tmp/nginx/"
|
|
pid_file="/var/run/nginx.pid"
|
|
non_location_template = """# proxy for container '$containername'
|
|
server {
|
|
listen $listen;
|
|
server_name $name;
|
|
location / {
|
|
proxy_set_header X-Real-IP $$remote_addr;
|
|
proxy_set_header X-Forwarded-For $$remote_addr;
|
|
proxy_set_header Host $$host;
|
|
proxy_pass http://$ip:$port/;
|
|
}
|
|
}
|
|
"""
|
|
|
|
location_template="""# proxy for container '$containername'
|
|
server {
|
|
listen $listen;
|
|
server_name $name;
|
|
location / {
|
|
return 301 $$scheme://$name/$location;
|
|
}
|
|
location /$location {
|
|
proxy_set_header X-Real-IP $$remote_addr;
|
|
proxy_set_header X-Forwarded-For $$remote_addr;
|
|
proxy_set_header Host $$host;
|
|
proxy_pass http://$ip:$port/;
|
|
}
|
|
}
|
|
"""
|
|
|
|
def print_json(data):
|
|
"""Prints the given value in JSON to stdout. Use this for debugging only"""
|
|
print(json.dumps(data, sort_keys=True, indent=4))
|
|
|
|
def analyse_env_vars(inspect_data):
|
|
"""Extracts the environment variables from the given result of an 'inspect
|
|
container' call."""
|
|
env_data = {}
|
|
for env_var in inspect_data['Config']['Env']:
|
|
t = env_var.split("=")
|
|
env_data[t[0]] = t[1]
|
|
return env_data
|
|
|
|
def analyse_proxy_data(data):
|
|
"""Extracts the data for the proxy configuration (envrionment variable
|
|
'PROXY_DATA' and converts it to a dictionary."""
|
|
proxy_data = {}
|
|
for proxy_var in data['PROXY_DATA'].split(','):
|
|
t = proxy_var.split(":",1)
|
|
proxy_data[t[0]] = t[1]
|
|
return proxy_data
|
|
|
|
def extract_ip(inspect_data):
|
|
"""extracts the container's ip from the given inspect data"""
|
|
return inspect_data['NetworkSettings']['IPAddress']
|
|
|
|
def extract_name(inspect_data):
|
|
"""extracts the container's name from the given inspect data"""
|
|
return inspect_data['Name']
|
|
|
|
def get_if_available(dict, key, defValue):
|
|
if key in dict:
|
|
return dict[key]
|
|
else:
|
|
return defValue
|
|
|
|
def handle_container(id):
|
|
"""This function take a container's id and collects all data required
|
|
to create a proper proxy configuration. The configuration is then
|
|
written to the directory of temporary nginx files"""
|
|
inspect_data = client.inspect_container(id)
|
|
env_vars = analyse_env_vars(inspect_data)
|
|
if 'PROXY_DATA' in env_vars:
|
|
proxy_data = analyse_proxy_data(env_vars)
|
|
container_listen_ip = get_if_available(proxy_data, 'ip', '0.0.0.0')
|
|
if container_listen_ip != '0.0.0.0' and container_listen_ip not in listen_ips:
|
|
logging.info('container "%s"(%s) does not listen on %s.', extract_name(inspect_data), container_listen_ip, str(listen_ips))
|
|
return
|
|
logging.info('container "%s"(%s) is allowed to listen on %s.', extract_name(inspect_data), container_listen_ip, str(listen_ips))
|
|
substitutes = {
|
|
'containername': extract_name(inspect_data),
|
|
'ip': extract_ip(inspect_data),
|
|
'location': get_if_available(proxy_data, 'location', ''),
|
|
'name': get_if_available(proxy_data, 'server_name', ''),
|
|
'port': get_if_available(proxy_data, 'port', 80),
|
|
'listen': '*:80'
|
|
}
|
|
logging.info('writing to %sproxy_%s', target_path, id)
|
|
with open(target_path + '/proxy_'+id, 'w') as file:
|
|
if substitutes['location'] == '':
|
|
del substitutes['location']
|
|
file.write(Template(non_location_template).substitute(substitutes))
|
|
else:
|
|
file.write(Template(location_template).substitute(substitutes))
|
|
|
|
def reload_nginx_configuration():
|
|
logging.info('HUPing nginx')
|
|
os.kill(pid, signal.SIGHUP)
|
|
|
|
def get_pid():
|
|
"""This function reads the process id from the given file."""
|
|
with open(pid_file, 'r') as file:
|
|
return int(file.read())
|
|
|
|
def get_docker_id():
|
|
"""This function extracts the container's id from /proc/self/cgroup."""
|
|
id = ''
|
|
with open('/proc/self/cgroup', 'r') as file:
|
|
lines = file.read().split('\n')
|
|
for line in lines:
|
|
index = line.find('docker-')
|
|
if index != -1:
|
|
id = line[index+7:-6]
|
|
break
|
|
return id
|
|
|
|
def get_listen_ips():
|
|
inspect_data = client.inspect_container(get_docker_id())
|
|
logging.info('count %s', len(inspect_data['NetworkSettings']['Ports']['80/tcp']))
|
|
ips = []
|
|
for data in inspect_data['NetworkSettings']['Ports']['80/tcp']:
|
|
ips.append(data['HostIp'])
|
|
return ips
|
|
|
|
def setup_logging():
|
|
logging.basicConfig(format='%(asctime)s [%(levelname)s]: %(message)s', level=logging.INFO)
|
|
|
|
if __name__ == '__main__':
|
|
setup_logging()
|
|
|
|
# prepare required stuff
|
|
pid = get_pid()
|
|
logging.info('nginx pid: %s', str(pid))
|
|
if not os.path.exists(target_path):
|
|
logging.info('creating target path: %s', target_path)
|
|
os.mkdir(target_path)
|
|
|
|
client = Client(base_url='unix://var/run/docker.sock', version='1.15')
|
|
|
|
listen_ips = get_listen_ips()
|
|
logging.info('Listening on %s.', listen_ips)
|
|
if len(listen_ips) != 1:
|
|
logging.error('auto_proxy should only listen on 1 IP at a time, everything else can have security implications.')
|
|
exit()
|
|
|
|
# handle all running containers existing at startup of this container
|
|
container_ids = client.containers(quiet=True)
|
|
for container_id in container_ids:
|
|
handle_container(container_id['Id'])
|
|
reload_nginx_configuration()
|
|
|
|
# hook to the events
|
|
for line in client.events():
|
|
line_str = line.decode("utf-8")
|
|
event = json.loads(line_str)
|
|
|
|
container_id = event['id']
|
|
try:
|
|
inspect_data = client.inspect_container(container_id)
|
|
ip = extract_ip(inspect_data)
|
|
except APIError:
|
|
ip = ''
|
|
|
|
if ip == '':
|
|
logging.info('removing %sproxy_%s', target_path, container_id)
|
|
if os.path.exists(target_path + 'proxy_' + container_id):
|
|
os.remove(target_path + 'proxy_' + container_id)
|
|
else:
|
|
handle_container(container_id)
|
|
|
|
reload_nginx_configuration()
|
|
|