dockerproxy

command module

v1.14.1 Latest Latest Go to latest Published: Dec 15, 2016 License: MIT Imports: 38 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/Luzifer/dockerproxy

Links

Open Source Insights

README ¶

Luzifer / dockerproxy

DockerProxy is a small application to shield HTTP exporting Docker containers. The proxy supports SNI to shield the containers with HTTPs certificates. To discover the containers the Docker daemon needs to listen on a tcp port which should be shielded by a firewall to ensure the security of the Docker host.

Design Flaw

Currently Docker does not support container tagging so this proxy is using the environment variables to detect the "slug" and the port of a container. This can be fixed as soon as there is a tagging concept similar as the EC2 tagging in AWS.

Configuration

Docker daemon

Ensure the daemon is listening on a tcp port reachable from the dockerproxy. In this example port 9999 is used.
Start your docker containers with some special environment variables used for container detection:
- ROUTER_SLUG: The slug used in the proxy configuration to identify the container
- ROUTER_PORT: The public exported HTTP port the proxy can send its requests to

dockerproxy

The configuration is written in YAML (or JSON) format and read every minute by the daemon:

domains: Dict of domain configurations the proxy is able to respond to
- slug: The slug defined in the Docker container to determine which container should handle the request
- force_ssl: The proxy does not forward request but return a redirect to SSL based connection
- ssl (optional): SSL configuration for that domain
  - cert: x509 certificate file (Intermediate certificates belongs in this file too. Put them under your own certificate.)
  - key: The key for the cerficate without password protection
- letsencrypt: Enable fetching the certificate from LetsEncrypt
- authentication: Configure authentication for this domain
  - type: The authentication mechanism to use (Available: basic-auth)
  - config: Authentication specific configuration
generic: A generic suffix on which the proxy will forward to every configured container
listenHTTP: An address binding for HTTP traffic like :80
listenHTTPS: An address binding for HTTPs traffic like :443
docker: Docker host configuration
- hosts: Dict of private to public host/ip associations (The Proxy will query the Docker daemon on the private host/ip and send traffic to the public host/ip)
- port: Port to use for querying the Docker daemon

Example configuration:

---
generic: .dockersrv.example.com
listenHTTP: ":8081"
listenHTTPS: ":4443"

domains:
  host1.example.com:
    slug: container1
    force_ssl: true
    ssl:
      cert: ssl/host1.example.com.crt
      key: ssl/host1.example.com.key
  host2.example.com:
    slug: container2
    authentication:
      type: basic-auth
      config:
        alice: cat
        bob: password
  letsencrypt.example.com:
    slug: container1
    force_ssl: true
    letsencrypt: true

docker:
  hosts:
    localhost: docker01.servers.example.com
  port: 9999

Authentication provider config

basic-auth:

Map of usernames / passwords

authentication:
  type: basic-auth
  config:
    alice: cat
    bob: password

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
auth
basic
sni

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL