docker_nginx_auto_proxy/nginx_proxy.py

184 lines
6.2 KiB
Python
Executable File

#!/usr/bin/python3.4
from docker import Client
from docker.errors import APIError
from string import Template
import json
import signal
import os
import logging
target_path="/tmp/nginx/"
pid_file="/var/run/nginx.pid"
non_location_template = """# proxy for container '$containername'
server {
listen $listen;
server_name $name;
location / {
proxy_set_header X-Real-IP $$remote_addr;
proxy_set_header X-Forwarded-For $$remote_addr;
proxy_set_header Host $$host;
proxy_pass http://$ip:$port/;
}
}
"""
location_template="""# proxy for container '$containername'
server {
listen $listen;
server_name $name;
location / {
return 301 $$scheme://$name/$location;
}
location /$location {
proxy_set_header X-Real-IP $$remote_addr;
proxy_set_header X-Forwarded-For $$remote_addr;
proxy_set_header Host $$host;
proxy_pass http://$ip:$port/;
}
}
"""
def print_json(data):
"""Prints the given value in JSON to stdout. Use this for debugging only"""
print(json.dumps(data, sort_keys=True, indent=4))
def analyse_env_vars(inspect_data):
"""Extracts the environment variables from the given result of an 'inspect
container' call."""
env_data = {}
for env_var in inspect_data['Config']['Env']:
t = env_var.split("=")
env_data[t[0]] = t[1]
return env_data
def analyse_proxy_data(data):
"""Extracts the data for the proxy configuration (envrionment variable
'PROXY_DATA' and converts it to a dictionary."""
proxy_data = {}
for proxy_var in data['PROXY_DATA'].split(','):
t = proxy_var.split(":",1)
proxy_data[t[0]] = t[1]
return proxy_data
def extract_ip(inspect_data):
"""extracts the container's ip from the given inspect data"""
return inspect_data['NetworkSettings']['IPAddress']
def extract_name(inspect_data):
"""extracts the container's name from the given inspect data"""
return inspect_data['Name']
def get_if_available(dict, key, defValue):
if key in dict:
return dict[key]
else:
return defValue
def handle_container(id):
"""This function take a container's id and collects all data required
to create a proper proxy configuration. The configuration is then
written to the directory of temporary nginx files"""
inspect_data = client.inspect_container(id)
env_vars = analyse_env_vars(inspect_data)
if 'PROXY_DATA' in env_vars:
proxy_data = analyse_proxy_data(env_vars)
container_listen_ip = get_if_available(proxy_data, 'ip', '0.0.0.0')
if container_listen_ip != '0.0.0.0' and container_listen_ip not in listen_ips:
logging.info('container "%s"(%s) does not listen on %s.', extract_name(inspect_data), container_listen_ip, str(listen_ips))
return
logging.info('container "%s"(%s) is allowed to listen on %s.', extract_name(inspect_data), container_listen_ip, str(listen_ips))
substitutes = {
'containername': extract_name(inspect_data),
'ip': extract_ip(inspect_data),
'location': get_if_available(proxy_data, 'location', ''),
'name': get_if_available(proxy_data, 'server_name', ''),
'port': get_if_available(proxy_data, 'port', 80),
'listen': '*:80'
}
logging.info('writing to %sproxy_%s', target_path, id)
with open(target_path + '/proxy_'+id, 'w') as file:
if substitutes['location'] == '':
del substitutes['location']
file.write(Template(non_location_template).substitute(substitutes))
else:
file.write(Template(location_template).substitute(substitutes))
def reload_nginx_configuration():
logging.info('HUPing nginx')
os.kill(pid, signal.SIGHUP)
def get_pid():
"""This function reads the process id from the given file."""
with open(pid_file, 'r') as file:
return int(file.read())
def get_docker_id():
"""This function extracts the container's id from /proc/self/cgroup."""
id = ''
with open('/proc/self/cgroup', 'r') as file:
lines = file.read().split('\n')
for line in lines:
index = line.find('docker-')
if index != -1:
id = line[index+7:-6]
break
return id
def get_listen_ips():
inspect_data = client.inspect_container(get_docker_id())
logging.info('count %s', len(inspect_data['NetworkSettings']['Ports']['80/tcp']))
ips = []
for data in inspect_data['NetworkSettings']['Ports']['80/tcp']:
ips.append(data['HostIp'])
return ips
def setup_logging():
logging.basicConfig(format='%(asctime)s [%(levelname)s]: %(message)s', level=logging.INFO)
if __name__ == '__main__':
setup_logging()
# prepare required stuff
pid = get_pid()
logging.info('nginx pid: %s', str(pid))
if not os.path.exists(target_path):
logging.info('creating target path: %s', target_path)
os.mkdir(target_path)
client = Client(base_url='unix://var/run/docker.sock', version='1.15')
listen_ips = get_listen_ips()
logging.info('Listening on %s.', listen_ips)
if len(listen_ips) != 1:
logging.error('auto_proxy should only listen on 1 IP at a time, everything else can have security implications.')
exit()
# handle all running containers existing at startup of this container
container_ids = client.containers(quiet=True)
for container_id in container_ids:
handle_container(container_id['Id'])
reload_nginx_configuration()
# hook to the events
for line in client.events():
line_str = line.decode("utf-8")
event = json.loads(line_str)
container_id = event['id']
try:
inspect_data = client.inspect_container(container_id)
ip = extract_ip(inspect_data)
except APIError:
ip = ''
if ip == '':
logging.info('removing %sproxy_%s', target_path, container_id)
if os.path.exists(target_path + 'proxy_' + container_id):
os.remove(target_path + 'proxy_' + container_id)
else:
handle_container(container_id)
reload_nginx_configuration()