Categorygithub.com/gasserk/interlockpluginsnginx
package
0.2.11
Repository: https://github.com/gasserk/interlock.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
17
Dependents
0
Files
751 SLOC

# README

nginx

This is an nginx plugin. It will dynamically build backends based upon container events (start adds backends, stop/remove removes backends).

Note: Interlock nginx plugin requires nginx v1.6+

Configuration

The following configuration is available through environment variables:

  • NGINX_PROXY_CONFIG_PATH: nginx generated config file path (default: /etc/nginx/nginx.conf)
  • NGINX_PROXY_BACKEND_OVERRIDE_ADDRESS: Manually set the proxy backend address -- this is needed if not using Swarm (i.e. only Docker)
  • NGINX_PORT: Port to serve (default: 80)
  • NGINX_PID_PATH: nginx pid path (default: /nginx.pid)
  • NGINX_MAX_CONN: Max connections (default: 1024)
  • NGINX_MAX_PROCESSES: Max connections (default: 2)
  • NGINX_RLIMIT_NOFILE: Max number of open files (default: 65535)
  • NGINX_PROXY_CONNECT_TIMEOUT: proxy connect timeout in seconds (default: 600)
  • NGINX_PROXY_READ_TIMEOUT: proxy read timeout in seconds (default: 600)
  • NGINX_PROXY_SEND_TIMEOUT: proxy send timeout in seconds (default: 600)
  • NGINX_SEND_TIMEOUT: send timeout in seconds (default: 600)
  • NGINX_SSL_PORT: SSL port (default: 443)
  • NGINX_SSL_CERT_DIR: Path to root directory for SSL certificates
  • NGINX_SSL_CIPHERS: List of SSL ciphers (default: HIGH:!aNULL:!MD5)
  • NGINX_SSL_PROTOCOLS: List of SSL protocols (default: SSLv3 TLSv1 TLSv1.1 TLSv1.2)
  • NGINX_USER: User to run nginx (default: www-data)

Note: environment variables are optional. There are sensible defaults provided.

Usage

An example run of an Interlock container using the nginx plugin is as follows:

docker run -p 80:80 -d ehazlett/interlock --swarm-url tcp://1.2.3.4:2375 --plugin nginx start

If you want SSL support, enter a path to the cert (probably want a mounted volume) and then expose 443:

Note: the SSL certificate must exist in the directory specified. The paths are joined so you only need to specify the certificate name -- not the full path.

docker run -p 80:80 -p 443:443 -d -v /etc/ssl:/ssl -e NGINX_SSL_CERT_DIR=/ssl ehazlett/interlock --swarm-url tcp://1.2.3.4:2375 --plugin nginx start

Then run a container using INTERLOCK_DATA to specify the certificate name to use:

docker run --rm -P --hostname foo.local -e INTERLOCK_DATA='{"ssl":true,"ssl_certificate":"evanhazlett.com.pem","ssl_certificate_key":"evanhazlett.com.key"}' ehazlett/docker-demo

Interlock Data

The HAProxy plugin can use additional data from a container's INTERLOCK_DATA environment variable. This must be specified as a JSON payload in the variable. The following options are available:

  • hostname: override the container hostname -- this is the combined with the domain to create the endpoint
  • domain: override the container domain
  • alias_domains: specify a list of alias domains to add ({"alias_domains": ["foo.com", "bar.com"]})
  • port: specify which container port to use for backend ({"port": 8080})
  • ssl: configure SSL for backend ({"ssl": true})
  • ssl_only: configure redirect to SSL for backend ({"ssl_only": true})
  • websocket_endpoints: list of endpoints to proxy websockets ({"websocket_endpoints": ["/exec"]})

For example:

docker run -ti \
    -P \
    -d \
    --hostname www.example.com \
    -e INTERLOCK_DATA='{"alias_domains": ["foo.com"], "port": 8080}' \
    ehazlett/go-demo

This will create a backend to access the container at "www.example.com" and an alias domain foo.com and use the port that was allocated for the container port "8080".

Monitoring

You can use /nginx_status to check the status of Nginx.

# Functions

No description provided by the author

# Structs

No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author