All Projects → srault95 → docker-proxy-api

srault95 / docker-proxy-api

Licence: Apache-2.0 license
Nginx Proxy with Basic auth and SSL for Docker Rest API

Programming Languages

shell
77523 projects

Projects that are alternatives of or similar to docker-proxy-api

Lua Nginx Redis
🌺 Redis、Lua、Nginx、OpenResty 笔记和资料
Stars: ✭ 757 (+4631.25%)
Mutual labels:  nginx-proxy
Symfony 4 Docker Env
Docker Environment for Symfony. PHP-FPM, NGINX SSL Proxy, MySQL, LEMP
Stars: ✭ 119 (+643.75%)
Mutual labels:  nginx-proxy
Nginx Proxy Automation
Automated docker nginx proxy integrated with letsencrypt.
Stars: ✭ 2,302 (+14287.5%)
Mutual labels:  nginx-proxy
Containerized Guacamole
Apache Guacamole out of the box compose setup with Nginx Reverse Proxy, Lets Encrypt. Simple and easy deployable with Docker Compose. Uses only Official Guacamole Docker Images
Stars: ✭ 49 (+206.25%)
Mutual labels:  nginx-proxy
Vouch Proxy
an SSO and OAuth / OIDC login solution for Nginx using the auth_request module
Stars: ✭ 1,239 (+7643.75%)
Mutual labels:  nginx-proxy
Usenet Docker
Docker-compose configuration for Sabnzbd, CouchPotato, Plex, Sonarr, Plexpy, Nzbhydra, Muximux, Radarr, NZBGet and Ombi with a Nginx proxy.
Stars: ✭ 153 (+856.25%)
Mutual labels:  nginx-proxy
Engintron
Engintron for cPanel/WHM is the easiest way to integrate Nginx on your cPanel/WHM server. Engintron will improve the performance & web serving capacity of your server, while reducing CPU/RAM load at the same time, by installing & configuring the popular Nginx webserver to act as a reverse caching proxy in front of Apache.
Stars: ✭ 587 (+3568.75%)
Mutual labels:  nginx-proxy
nginx-proxy
Docker container for automatically creating nginx configuration based on active services in docker host.
Stars: ✭ 28 (+75%)
Mutual labels:  nginx-proxy
Docker Oidc Proxy
Docker Image built on Alpine Linux for secure OpenID Connect (OIDC) proxy authentication
Stars: ✭ 91 (+468.75%)
Mutual labels:  nginx-proxy
Nginx Admins Handbook
How to improve NGINX performance, security, and other important things.
Stars: ✭ 12,463 (+77793.75%)
Mutual labels:  nginx-proxy
Docker Compose
Collection of my docker-compose.yml files
Stars: ✭ 52 (+225%)
Mutual labels:  nginx-proxy
Dockerize Your Dev
Docker compose a VM to get LetsEncrypt / NGINX proxy auto provisioning, ELK logging, Prometheus / Grafana monitoring, Portainer GUI, and more...
Stars: ✭ 61 (+281.25%)
Mutual labels:  nginx-proxy
Nginx
NGINX Accelerated! This is a Docker image that creates a high performance (FAST!), optimized image for NGINX for use with Redis and PHP-FMP. Deliver sites and applications with performance, reliability, security, and scale. This NGINX server offers advanced performance, web and mobile acceleration, security controls, application monitoring, and management.
Stars: ✭ 157 (+881.25%)
Mutual labels:  nginx-proxy
The World Is Yours
Nginx L7 DDoS Protection! And many more features 💥 ⚡️
Stars: ✭ 20 (+25%)
Mutual labels:  nginx-proxy
Docker Waf
An NGINX and ModSecurity based Web Application Firewall for Docker
Stars: ✭ 181 (+1031.25%)
Mutual labels:  nginx-proxy
Docker Letsencrypt Nginx Proxy Companion
Automated ACME SSL certificate generation for nginx-proxy
Stars: ✭ 6,350 (+39587.5%)
Mutual labels:  nginx-proxy
Rancher Active Proxy
All in one active reverse proxy for Rancher ! For Kubernetes : https://github.com/adi90x/kube-active-proxy
Stars: ✭ 149 (+831.25%)
Mutual labels:  nginx-proxy
casper
Yelp's internal caching proxy, powered by Nginx and OpenResty at its core
Stars: ✭ 81 (+406.25%)
Mutual labels:  nginx-proxy
Reading Code Of Nginx 1.9.2
nginx-1.9.2源码通读分析注释,带详尽函数中文分析注释以及相关函数流程调用注释,最全面的nginx源码阅读分析中文注释,更新完毕
Stars: ✭ 3,458 (+21512.5%)
Mutual labels:  nginx-proxy
Htpc Docker Standup
A simple docker-compose based configuration to stand up a new HTPC w/ Plex, Deluge, Sonarr, Radarr and more!
Stars: ✭ 160 (+900%)
Mutual labels:  nginx-proxy

Nginx Proxy for Docker Rest API

Https secure proxy and auth for Docker daemon (Rest API)

Tested with Docker 1.3.1 on Ubuntu 14.04

Features

  • Basic auth http
  • Secure http by SSL certificate

Schema

Big picture

Quick Start

  • Transparent installation. No port mapping
  • Replace DOCKER_USER and DOCKER_PASSWORD by your values
$ docker pull srault95/docker-proxy-api

$ docker run --restart always -d --name docker-proxy -e DOCKER_USER=myuser -e DOCKER_PASSWORD=password srault95/docker-proxy-api

$ DOCKER_PROXY=$(docker inspect -f '{{.NetworkSettings.IPAddress}}' docker-proxy)

$ curl -k https://${DOCKER_PROXY}:2375/_ping

$ curl -k -u myuser:password https://${DOCKER_PROXY}:2375/info

Pull image from registry

$ docker pull srault95/docker-proxy-api

Build

Image from Dockerfile

$ git clone https://github.com/srault95/docker-proxy-api.git

$ cd docker-proxy-api

$ docker build -t docker-proxy-api .

Configure docker daemon

172.17.42.1 is default ip address for docker0 interface in ubuntu trusty

$ vi /etc/default/docker

DOCKER_OPTS="-H tcp://172.17.42.1:4444 -H unix:///var/run/docker.sock"

$ service docker reload

Run for testing

$ docker run -it --rm -p 2375:2375 srault95/docker-proxy-api

Run for production

$ docker run -d --name docker-proxy -p 2375:2375 srault95/docker-proxy-api

Test Rest request with curl

Use curl -k or --insecure for curl with auto-certificate

# without authentication (only for _ping)
$ curl -k https://127.0.0.1:2375/_ping
OK

# with authentication
$ curl -k -u docker:docker https://127.0.0.1:2375/info
{"Containers":38,"Debug":0,"Driver":"aufs","DriverStatus":[["Root Dir","/home/docker/aufs"],["Dirs","893"]],"ExecutionDriver":"native-0.2","IPv4Forwarding":1,"Images":811,"IndexServerAddress":"https://index.docker.io/v1/","InitPath":"/usr/bin/docker","InitSha1":"","KernelVersion":"3.13.0-39-generic","MemoryLimit":1,"NEventsListener":0,"NFd":16,"NGoroutines":23,"OperatingSystem":"Ubuntu 14.04.1 LTS","SwapLimit":1}

No port mapping

$ docker run -d --name docker-proxy srault95/docker-proxy-api

$ DOCKER_PROXY=$(docker inspect -f '{{.NetworkSettings.IPAddress}}' docker-proxy)

$ curl -k https://${DOCKER_PROXY}:2375/_ping
OK

For remplace SSL certificate and password on start contenair

$ docker run -e FORCE_CONFIG=1 -d --name docker-proxy -p 2375:2375 srault95/docker-proxy-api

For change SSL parameters

# Default values
SSL_COMMON_NAME=localhost
SSL_RSA_BIT=4096
SSL_DAYS=365

$ docker run -d --name docker-proxy -p 2375:2375 \
  -e FORCE_CONFIG=1 -e SSL_COMMON_NAME=my_common_name -e SSL_RSA_BIT=2048 -e SSL_DAYS=730 \
  srault95/docker-proxy-api

For change login/password

Password max length: 8 characters

# Default values
DOCKER_USER=docker
DOCKER_PASSWORD=docker

$ docker run -d --name docker-proxy -p 2375:2375 \
  -e FORCE_CONFIG=1 -e DOCKER_USER=user -e DOCKER_PASSWORD=password \
  srault95/docker-proxy-api

$ curl -k -u user:password https://127.0.0.1:2375/info

For use external certificate

Warning: if you use "-e FORCE_CONFIG=1" after creating your certificates, your files will be deleted

  1. Generate your certificate with openssl or import your existant certificat:

    $ mkdir nginx-certs
    $ openssl genrsa -out nginx-certs/server.key 1024
    $ openssl req -new -newkey rsa:4096 -days 365 -nodes -subj "/C=/ST=/L=/O=/CN=localhost" -keyout nginx-certs/server.key -out nginx-certs/server.csr
    $ openssl x509 -req -days 365 -in nginx-certs/server.csr -signkey nginx-certs/server.key -out nginx-certs/server.crt
    
  2. Use docker volume:

    $ docker run -d --name docker-proxy -p 2375:2375 \
      -v `pwd`/nginx-certs:/etc/nginx/certs \
      srault95/docker-proxy-api
    

For use external password file

  1. Create new password file:

    $ printf "user:$(openssl passwd -crypt 12345678)\n" > my_passwd_file
    
  2. Run contenair with volume option:

    $ docker run -e NO_GEN_PASSWORD=1 -d --name docker-proxy -p 2375:2375 \
      -v `pwd`/my_passwd_file:/etc/nginx/.passwd \
      srault95/docker-proxy-api
    
  3. Test:

    $ curl -k -u user:12345678 https://127.0.0.1:2375/info
    

Change ip:port address of your docker daemon

  • Copy or edit docker-proxy.conf and change value:

    proxy_pass http://172.17.42.1:4444;
    
  • Use docker-proxy.conf in volume:

    $ docker run -d --name docker-proxy -p 2375:2375 \
      -v /docker-proxy.conf:/etc/nginx/docker-proxy.conf \
      srault95/docker-proxy-api
    

Access with python

$ virtualenv docker

$ source docker/bin/activate

$ pip install docker-py

$ python
>>> import docker
>>> tls_config = docker.tls.TLSConfig(verify=False)
>>> c = docker.Client(base_url='https://127.0.0.1:2375', tls=tls_config)
>>> c.auth = ('docker', 'docker')
>>> c.ping()

For disable SSL warnings from urllib3

>>> from requests.packages import urllib3
>>> urllib3.disable_warnings()

Nginx Logs

  • Nginx logs redirect to /dev/stdout and /dev/stderr for display in "docker logs CID"
  • Accès logs on host with json format
DOCKER_PROXY_ID=$(docker inspect -f '{{.Id}}' docker-proxy)

cat /var/lib/docker/containers/${DOCKER_PROXY_ID}/${DOCKER_PROXY_ID}-json.log

$ echo /var/lib/docker/containers/${DOCKER_PROXY_ID}/${DOCKER_PROXY_ID}-json.log
/var/lib/docker/containers/ddda603702be34d99ab5b0a8bdea06bd821ebe4870ef50414063e4417901c532/ddda603702be34d99ab5b0a8bdea06bd821ebe4870ef50414063e4417901c532-json.log

$ python
>>> import json, pprint
>>> values = open('/var/lib/docker/containers/ddda603702be34d99ab5b0a8bdea06bd821ebe4870ef50414063e4417901c532/ddda603702be34d99ab5b0a8bdea06bd821ebe4870ef50414063e4417901c532-json.log').readlines()

>>> for value in values: pprint.pprint(json.loads(value))
...
{u'log': u'SSL certificate generation...\n',
 u'stream': u'stdout',
 u'time': u'2014-12-12T09:56:12.912944973Z'}
{u'log': u'Password generation...\n',
 u'stream': u'stdout',
 u'time': u'2014-12-12T09:56:13.796529889Z'}

>>> for value in values: print json.loads(value)['time']
...
2014-12-12T09:56:12.912944973Z
2014-12-12T09:56:13.796529889Z

Todos / Ideas

  • Documentation en Français

  • Add schema

  • Publish to HUB registry

  • Drone test: Drone

  • Test with -api-enable-cors

  • Optimisations nginx

  • Configuration for ip address of docker in proxy_pass

  • Add authentication method

  • optionnal ssl and password

  • Interest of links from this contenair:

    $ docker run -it --rm --link docker-proxy:proxy ubuntu env | grep PROXY_PORT    
    
    PROXY_PORT_2375_TCP=tcp://172.17.0.15:2375
    PROXY_PORT_2375_TCP_ADDR=172.17.0.15
    PROXY_PORT_2375_TCP_PORT=2375
    PROXY_PORT_2375_TCP_PROTO=tcp
    
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].