diff --git a/misc/docker/spdyproxy/.gitignore b/misc/docker/spdyproxy/.gitignore new file mode 100644 index 000000000..48cfa345b --- /dev/null +++ b/misc/docker/spdyproxy/.gitignore @@ -0,0 +1 @@ +runginx diff --git a/misc/docker/spdyproxy/Dockerfile b/misc/docker/spdyproxy/Dockerfile new file mode 100644 index 000000000..7c32db955 --- /dev/null +++ b/misc/docker/spdyproxy/Dockerfile @@ -0,0 +1,20 @@ +# This container runs nginx as a SPDY proxy to Camlistore on GCE. +# Run it with --link :camlistored. +FROM debian + +ENV DEBIAN_FRONTEND noninteractive + +# Get the latest nginx +RUN apt-key adv --keyserver pgp.mit.edu --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 +RUN echo "deb http://nginx.org/packages/mainline/debian/ wheezy nginx" >> /etc/apt/sources.list + +RUN apt-get update +RUN apt-get -y upgrade +RUN apt-get -y install nginx ca-certificates + +ADD nginx.conf /etc/nginx/nginx.conf +ADD runginx /runginx + +EXPOSE 80 443 + +CMD ["/runginx"] diff --git a/misc/docker/spdyproxy/Makefile b/misc/docker/spdyproxy/Makefile new file mode 100644 index 000000000..40c1bf157 --- /dev/null +++ b/misc/docker/spdyproxy/Makefile @@ -0,0 +1,8 @@ +docker: Dockerfile runnginx nginx.conf + docker build -t camlistore/spdyproxy . + +runginx: runginx.go + GOARCH=amd64 GOOS=linux go build runginx.go + +push: docker + docker push camlistore/spdyproxy diff --git a/misc/docker/spdyproxy/nginx.conf b/misc/docker/spdyproxy/nginx.conf new file mode 100644 index 000000000..6ee3ca096 --- /dev/null +++ b/misc/docker/spdyproxy/nginx.conf @@ -0,0 +1,22 @@ +daemon off; +events { + worker_connections 1024; +} +http { + server { + listen 80; + return 301 https://$host$request_uri; + } + server { + listen 443 ssl spdy; + ssl_certificate /etc/nginx/tls.crt; + ssl_certificate_key /etc/nginx/tls.key; + location / { + proxy_pass http://camlistored:3179; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + } +} diff --git a/misc/docker/spdyproxy/runginx.go b/misc/docker/spdyproxy/runginx.go new file mode 100644 index 000000000..dc1c38dc9 --- /dev/null +++ b/misc/docker/spdyproxy/runginx.go @@ -0,0 +1,49 @@ +package main + +import ( + "io/ioutil" + "log" + "path" + "strings" + "syscall" + + "camlistore.org/pkg/wkfs" + _ "camlistore.org/pkg/wkfs/gcs" + + "camlistore.org/third_party/github.com/bradfitz/gce" +) + +func downloadFile(dst, src string) error { + f, err := wkfs.Open(src) + if err != nil { + return err + } + b, err := ioutil.ReadAll(f) + if err != nil { + return err + } + return ioutil.WriteFile(dst, b, 555) +} + +func main() { + v, err := gce.InstanceAttributeValue("camlistore-config-bucket") + if err != nil { + log.Fatalf("Error getting config bucket: %v", err) + } + cfgPath := path.Clean("/gcs/" + strings.TrimPrefix(v, "gs://")) + + err = downloadFile("/etc/nginx/tls.crt", cfgPath+"/tls.crt") + if err != nil { + log.Fatalf("Error getting TLS certificate: %v", err) + } + log.Print("Wrote /etc/nginx/tls.crt") + + err = downloadFile("/etc/nginx/tls.key", cfgPath+"/tls.key") + if err != nil { + log.Fatalf("Error getting TLS key: %v", err) + } + log.Print("Wrote /etc/nginx/tls.key") + + log.Print("Launching nginx") + syscall.Exec("/usr/sbin/nginx", []string{"nginx"}, []string{}) +}