codesuki / Ecs Nginx Proxy
Labels
Projects that are alternatives of or similar to Ecs Nginx Proxy
ecs-nginx-proxy
ecs-nginx-proxy lets you run a nginx reverse proxy in an AWS ECS cluster.
Uses ecs-gen to automatically make containers accessible by subdomain as they are started.
My use case is using a wildcard domain to make per branch test environments accessible by branch.domain.com. Heavily inspired by nginx-proxy.
Security notice
Currently I am only using this for a development cluster in a private network. I advise against using this in a production environment. If you want to do this consider using ecs-gen to create your own nginx config + container setup which is as secure as you need it to be.
Sample use case
You want to spin up development environments on AWS ECS for each pull request on your project.
How do you make this easy to use? Do you look up the instance IP and connect directly?
The easiest, at least for me, is to setup a wildcard DNS record and route to each deployed branch based on the subdomain, e.g. *.domain.com, branch.domain.com.
This projects enables you to do that.
Usage
Requirements
- Wildcard domain like
*.domain.com - ELB/ALB for this domain
- ECS Cluster
IAM Policy
- EC2 instances in the cluster need a role including
ecs:Describe*,ecs:List*andec2:Describe* - Easiest is to use
AmazonEC2ContainerServiceFullAccessalthough that gives more permissions than needed
Setup
- Create a new ECS task
- Add a container using the
codesuki/ecs-nginx-proxydocker image and make port 80 accessible - Create a new service using the above task and a ELB
- Connect to the ELB serving the wildcard domain
Adding containers
Each container you want to make accessible needs to have its corresponding port mapped (can be random mapping) and the environment variable VIRTUAL_HOST set to the hostname it should respond to.
You can customize nginx settings per container by adding environment variables prefixed by NGINX_GEN_. For examples, you could add an environment variable named NGINX_GEN_client_max_body_size to configure the nginx client_max_body_size setting.
Sample ECS task and service description
For reference JSON descriptions for the ecs-nginx-proxy task, service and a sample task can be found in the examples/ folder.
Check out the commands below or just the sample descriptions if you already know how to work with AWS ECS.
To register the sample tasks and services with your AWS ECS cluster run the following commands.
Register task
Requirements
- ECS Cluster
- Cluster EC2 instances need
ecs:Describe*andecs:List*permissions (see Requirements above)
aws ecs register-task-definition --cli-input-json file://./examples/task.json
Register service
Requirements
- ELB or ALB + Target Group
- Service role for the ELB/ALB containing
AmazonEC2ContainerServiceRole
If you use ELB
You need to supply the load balancer name.
aws ecs create-service --cluster <NAME> --role <NAME> --load-balancers loadBalancerName=<NAME>,containerName=ecs-nginx-proxy,containerPort=80 --cli-input-json file://./examples/service.json
If you use ALB
You need to supply the target group ARN.
aws ecs create-service --cluster <NAME> --role <NAME> --load-balancers targetGroupArn=<ARN>,containerName=ecs-nginx-proxy,containerPort=80 --cli-input-json file://./examples/service.json
Register sample task
Before running the commands below change the VIRTUAL_HOST environment variable in examples/samples_task.json to a domain corresponding to your load balancer setup.
aws ecs register-task-definition --cli-input-json file://./examples/sample_task.json
Register sample service
aws ecs create-service --cluster <NAME> --service-name sample-service --task-definition sample-task --desired-count 1
TODO
- Support SSL connections (for now you can do SSL termination at the ALB)
- Support path based routing (e.g. domain.com/service)