Dockerfile for an nginx SPDY proxy

We can enable this once the changes to gce/create.go are in. https://code.google.com/p/camlistore/issues/detail?id=534 Change-Id: I7ea77bf9b09a2f6d91e4f5e228320fa97d54dfa2
2014-11-09 18:21:41 +00:00 · 2014-11-09 18:21:41 +00:00 · 4ed9ebb9fd
parent 200a5cbcde
commit 4ed9ebb9fd
5 changed files with 100 additions and 0 deletions
--- a/misc/docker/spdyproxy/.gitignore
+++ b/misc/docker/spdyproxy/.gitignore
@ -0,0 +1 @@
+runginx
--- a/misc/docker/spdyproxy/Dockerfile
+++ b/misc/docker/spdyproxy/Dockerfile
@ -0,0 +1,20 @@
+# This container runs nginx as a SPDY proxy to Camlistore on GCE.
+# Run it with --link <camlistore container>:camlistored.
+FROM debian
+
+ENV DEBIAN_FRONTEND noninteractive
+
+# Get the latest nginx
+RUN apt-key adv --keyserver pgp.mit.edu --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
+RUN echo "deb http://nginx.org/packages/mainline/debian/ wheezy nginx" >> /etc/apt/sources.list
+
+RUN apt-get update
+RUN apt-get -y upgrade
+RUN apt-get -y install nginx ca-certificates
+
+ADD nginx.conf /etc/nginx/nginx.conf
+ADD runginx  /runginx
+
+EXPOSE 80 443
+
+CMD ["/runginx"]
--- a/misc/docker/spdyproxy/Makefile
+++ b/misc/docker/spdyproxy/Makefile
@ -0,0 +1,8 @@
+docker: Dockerfile runnginx nginx.conf
+	docker build -t camlistore/spdyproxy .
+
+runginx: runginx.go
+	GOARCH=amd64 GOOS=linux go build runginx.go
+
+push: docker
+	docker push camlistore/spdyproxy
--- a/misc/docker/spdyproxy/nginx.conf
+++ b/misc/docker/spdyproxy/nginx.conf
@ -0,0 +1,22 @@
+daemon off;
+events {
+    worker_connections 1024;
+}
+http {
+    server {
+        listen 80;
+        return 301 https://$host$request_uri;
+    }
+    server {
+        listen 443 ssl spdy;
+        ssl_certificate /etc/nginx/tls.crt;
+        ssl_certificate_key /etc/nginx/tls.key;
+        location / {
+            proxy_pass http://camlistored:3179;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+    }
+}
--- a/misc/docker/spdyproxy/runginx.go
+++ b/misc/docker/spdyproxy/runginx.go
@ -0,0 +1,49 @@
+package main
+
+import (
+	"io/ioutil"
+	"log"
+	"path"
+	"strings"
+	"syscall"
+
+	"camlistore.org/pkg/wkfs"
+	_ "camlistore.org/pkg/wkfs/gcs"
+
+	"camlistore.org/third_party/github.com/bradfitz/gce"
+)
+
+func downloadFile(dst, src string) error {
+	f, err := wkfs.Open(src)
+	if err != nil {
+		return err
+	}
+	b, err := ioutil.ReadAll(f)
+	if err != nil {
+		return err
+	}
+	return ioutil.WriteFile(dst, b, 555)
+}
+
+func main() {
+	v, err := gce.InstanceAttributeValue("camlistore-config-bucket")
+	if err != nil {
+		log.Fatalf("Error getting config bucket: %v", err)
+	}
+	cfgPath := path.Clean("/gcs/" + strings.TrimPrefix(v, "gs://"))
+
+	err = downloadFile("/etc/nginx/tls.crt", cfgPath+"/tls.crt")
+	if err != nil {
+		log.Fatalf("Error getting TLS certificate: %v", err)
+	}
+	log.Print("Wrote /etc/nginx/tls.crt")
+
+	err = downloadFile("/etc/nginx/tls.key", cfgPath+"/tls.key")
+	if err != nil {
+		log.Fatalf("Error getting TLS key: %v", err)
+	}
+	log.Print("Wrote /etc/nginx/tls.key")
+
+	log.Print("Launching nginx")
+	syscall.Exec("/usr/sbin/nginx", []string{"nginx"}, []string{})
+}