From 13de8d1bf33b3666439d43a7564eca1986c8de00 Mon Sep 17 00:00:00 2001 From: Ian Howell Date: Wed, 14 Apr 2021 16:43:36 -0500 Subject: [PATCH] Add the vino-reverse-proxy image This image can be used to put basic auth in front of a service. Change-Id: I8105da864e1b39ccd6af8ba646133fa7f24b9317 --- vino-reverse-proxy/Dockerfile | 11 +++ vino-reverse-proxy/Makefile | 111 ++++++++++++++++++++++++ vino-reverse-proxy/assets/default.conf | 17 ++++ vino-reverse-proxy/assets/entrypoint.sh | 16 ++++ 4 files changed, 155 insertions(+) create mode 100644 vino-reverse-proxy/Dockerfile create mode 100644 vino-reverse-proxy/Makefile create mode 100644 vino-reverse-proxy/assets/default.conf create mode 100755 vino-reverse-proxy/assets/entrypoint.sh diff --git a/vino-reverse-proxy/Dockerfile b/vino-reverse-proxy/Dockerfile new file mode 100644 index 0000000..6b8107a --- /dev/null +++ b/vino-reverse-proxy/Dockerfile @@ -0,0 +1,11 @@ +FROM nginx:alpine + +ENV BASIC_AUTH_USERNAME="username" +ENV BASIC_AUTH_PASSWORD="password" + +RUN apk add --update --no-cache apache2-utils + +COPY assets/default.conf /etc/nginx/conf.d/default.conf +COPY assets/entrypoint.sh /entrypoint.sh + +ENTRYPOINT /entrypoint.sh diff --git a/vino-reverse-proxy/Makefile b/vino-reverse-proxy/Makefile new file mode 100644 index 0000000..c93e5f3 --- /dev/null +++ b/vino-reverse-proxy/Makefile @@ -0,0 +1,111 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +SHELL := /bin/bash +BUILD_DIR ?= build +PUSH_IMAGE ?= false +IMAGE_ID ?= none +COMMIT ?= $(shell git rev-parse HEAD) +LABEL ?= org.airshipit.build=community +IMAGE_NAME ?= vino-reverse-proxy +DOCKER_REGISTRY ?= quay.io +IMAGE_PREFIX ?= airshipit +IMAGE_TAG ?= latest +IMAGE := ${DOCKER_REGISTRY}/${IMAGE_PREFIX}/${IMAGE_NAME}:${IMAGE_TAG} +SH_TO_CHECK := $(wildcard files/*.sh ) +PROXY ?= http://proxy.foo.com:8000 +NO_PROXY ?= localhost,127.0.0.1,.svc.cluster.local +USE_PROXY ?= false + +all: lint images + +check-docker: + @if [ -z $$(which docker) ]; then \ + echo "Missing \`docker\` client which is required for development"; \ + exit 2; \ + fi + +images: check-docker build_vino-reverse-proxy + +docs: clean build_docs + +build_docs: + echo TODO + +run_images: run_vino-reverse-proxy + +run_vino-reverse-proxy: + echo TODO + +build_vino-reverse-proxy: + mkdir -p $(BUILD_DIR) +ifeq ($(IMAGE_ID), none) +ifeq ($(USE_PROXY), true) + docker build . \ + --iidfile $(BUILD_DIR)/image_id \ + --tag $(IMAGE) \ + --label $(LABEL) \ + --label "org.opencontainers.image.revision=$(COMMIT)" \ + --label "org.opencontainers.image.created=\ + $(shell date --rfc-3339=seconds --utc)" \ + --label "org.opencontainers.image.title=$(IMAGE_NAME)" \ + --build-arg http_proxy=$(PROXY) \ + --build-arg https_proxy=$(PROXY) \ + --build-arg HTTP_PROXY=$(PROXY) \ + --build-arg HTTPS_PROXY=$(PROXY) \ + --build-arg no_proxy=$(NO_PROXY) \ + --build-arg NO_PROXY=$(NO_PROXY) \ + --build-arg GIT_COMMIT=$(COMMIT) +else + docker build . \ + --iidfile $(BUILD_DIR)/image_id \ + --tag $(IMAGE) \ + --label $(LABEL) \ + --label "org.opencontainers.image.revision=$(COMMIT)" \ + --label "org.opencontainers.image.created=\ + $(shell date --rfc-3339=seconds --utc)" \ + --label "org.opencontainers.image.title=$(IMAGE_NAME)" \ + --build-arg GIT_COMMIT=$(COMMIT) +endif +else + echo $(IMAGE_ID) > $(BUILD_DIR)/image_id +endif +# push image +ifeq ($(PUSH_IMAGE), true) + docker push $(IMAGE) +endif + +clean: +ifeq ($(IMAGE_ID), none) + if [[ -s $(BUILD_DIR)/image_id ]]; \ + then \ + docker rmi $$(cat $(BUILD_DIR)/image_id); \ + fi +endif + rm -rf $(BUILD_DIR) + +# style checks +lint: test-shellcheck + +tests: lint unit_tests run_vino-reverse-proxy + +test-shellcheck: $(SH_TO_CHECK) + +unit_tests: + echo TODO + +$(SH_TO_CHECK): + docker run --rm -v $(shell pwd):/mnt \ + nlknguyen/alpine-shellcheck -x /mnt/$(@) + +.PHONY: test clean $(SH_TO_CHECK) test-shellcheck tests lint build_vino-reverse-proxy \ + run_vino-reverse-proxy run_images all build_docs docs check-docker images diff --git a/vino-reverse-proxy/assets/default.conf b/vino-reverse-proxy/assets/default.conf new file mode 100644 index 0000000..1b6f71d --- /dev/null +++ b/vino-reverse-proxy/assets/default.conf @@ -0,0 +1,17 @@ +server { + listen 8000; + server_name localhost; + location / { + proxy_pass http://localhost:5000/; + + # Basic Auth + limit_except OPTIONS { + auth_basic "Restricted"; + auth_basic_user_file "auth.htpasswd"; + } + } + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } +} diff --git a/vino-reverse-proxy/assets/entrypoint.sh b/vino-reverse-proxy/assets/entrypoint.sh new file mode 100755 index 0000000..a587ac2 --- /dev/null +++ b/vino-reverse-proxy/assets/entrypoint.sh @@ -0,0 +1,16 @@ +#!/bin/sh + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +htpasswd -Bbn "$BASIC_AUTH_USERNAME" "$BASIC_AUTH_PASSWORD" > /etc/nginx/auth.htpasswd +nginx -g 'daemon off;'