ducky/nginx

Paddy 2015-06-22 Child:16bf0d2d11d1

0:20206854e82f Browse Files

The beginning of an nginx reverse proxy. Set up a reverse proxy that is based on secondbit/nginx and uses the lua authenticaiton. Right now, this passes correctly to an auth service and a subscriptions service. It also had a debug endpoint for echoing back the headers the request was made with. Right now, everything is super-fragilely hard-coded to use the IP of Paddy's local machine, which obviously should not be the case. Still need to figure out how we're going to do this to work with kubernetes _and_ locally. Kubernetes will give us `my-svc.my-namespace.svc.cluster.local` DNS names to route, round-robin style, to the correct backend, but that's hard to emulate locally (I assume? I haven't looked into it).

Dockerfile nginx/conf/nginx.conf 

     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/Dockerfile	Mon Jun 22 00:48:17 2015 -0400
     1.3 @@ -0,0 +1,2 @@
     1.4 +FROM secondbit/nginx:latest
     1.5 +EXPOSE 8080

     2.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     2.2 +++ b/nginx/conf/nginx.conf	Mon Jun 22 00:48:17 2015 -0400
     2.3 @@ -0,0 +1,72 @@
     2.4 +worker_processes 2;
     2.5 +
     2.6 +events {
     2.7 +  worker_connections 1024;
     2.8 +}
     2.9 +
    2.10 +env JWT_SECRET;
    2.11 +env JWT_SECRET_IS_BASE64_ENCODED;
    2.12 +env TZ=UTC;
    2.13 +
    2.14 +http {
    2.15 +  access_log /dev/stdout;
    2.16 +  keepalive_timeout 65;
    2.17 +
    2.18 +  lua_shared_dict locks 1M;
    2.19 +  lua_shared_dict cache 10M;
    2.20 +
    2.21 +  # see https://github.com/openresty/lua-resty-core
    2.22 +  init_by_lua '
    2.23 +    require "resty.core"
    2.24 +  ';
    2.25 +
    2.26 +  server {
    2.27 +    listen 8080;
    2.28 +    default_type application/json;
    2.29 +
    2.30 +    location / {
    2.31 +      access_by_lua '
    2.32 +        local jwt = require("nginx-jwt")
    2.33 +	jwt.auth()
    2.34 +      ';
    2.35 +
    2.36 +      proxy_set_header X-Forwarded-Host $host;
    2.37 +      proxy_set_header X-Forwarded-Server $host;
    2.38 +      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    2.39 +      proxy_pass http://192.168.1.10:5000/;
    2.40 +      proxy_redirect off;
    2.41 +    }
    2.42 +
    2.43 +    location /auth {
    2.44 +      return 302 /auth/;
    2.45 +    }
    2.46 +
    2.47 +    location /auth/ {
    2.48 +      access_by_lua '
    2.49 +        local jwt = require("nginx-jwt")
    2.50 +        jwt.auth()
    2.51 +      ';
    2.52 +      proxy_set_header X-Forwarded-Host $host;
    2.53 +      proxy_set_header X-Forwarded-Server $host;
    2.54 +      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    2.55 +      proxy_pass http://192.168.1.10:9000/;
    2.56 +      proxy_redirect / /auth/;
    2.57 +    }
    2.58 +
    2.59 +    location /subscriptions {
    2.60 +      return 302 /subscriptions/;
    2.61 +    }
    2.62 +
    2.63 +    location /subscriptions/ {
    2.64 +      access_by_lua '
    2.65 +        local jwt = require("nginx-jwt")
    2.66 +        jwt.auth()
    2.67 +      ';
    2.68 +      proxy_set_header X-Forwarded-Host $host;
    2.69 +      proxy_set_header X-Forwarded-Server $host;
    2.70 +      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    2.71 +      proxy_pass http://192.168.1.10:9001/;
    2.72 +      proxy_redirect / /subscriptions/;
    2.73 +    }
    2.74 +  }
    2.75 +}