Build Nginx Binary in Docker and Using If Directive
When we should use break in If
http://agentzh.blogspot.com/2011/03/how-nginx-location-if-works.html
If is evil
https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
Official document about If
http://nginx.org/en/docs/http/ngx_http_rewrite_module.html#if
Instead of using Map, I use if to check the header in request
server {
listen 8443;
client_max_body_size 10M;
# redirect pairing and status check traffic to aws lambda
resolver 8.8.4.4 8.8.8.8;
set $ocpServer 'https://ocp.{{targetDomain}}';
location / {
if ( $http_user_agent = 'oldclientsproxy' ) {
proxy_pass http://local-external-ip:5080;
}
if ( $http_user_agent != 'oldclientsproxy' ) {
proxy_pass $ocpServer;
}
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_ssl_server_name on;
}
ssl on;
ssl_certificate /usr/local/nginx-1.14.0/ssl/cert.pem;
ssl_certificate_key /usr/local/nginx-1.14.0/ssl/cert.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ‘xxxxxxxxxxMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_dhparam /usr/local/nginx-1.14.0/ssl/dhparams.pem;
ssl_prefer_server_ciphers on;
}
So the request will go to system DNS and go through /etc/host for oldclientsproxy request and go to local-external-ip:5080.
I use $ocpServer which is a variable there, so nginx will go to resolver 8.8.8.8 to look up the DNS.
Here is how I build the nginx binary from the source on top of Ubuntu 12.04
Makefile
IMAGE=sillycat/sillycat-localproxy
TAG=1.0
NAME=sillycat-localproxy
REPOSITORY=xxxxxxx.dkr.ecr.us-west-1.amazonaws.com
push-local:
docker push $(REPOSITORY)/$(IMAGE):$(TAG)
docker-context:
prepare:
rm -fr ./install
rm -fr ./dist
mkdir ./install
wget https://nginx.org/download/nginx-1.14.0.tar.gz -P ./install/
mkdir ./dist
build: docker-context
docker build -t $(REPOSITORY)/$(IMAGE):$(TAG) .
run-dev:
docker run -e RUNNING_ENV=dev -v ${CURDIR}/dist:/dist --name $(NAME) $(REPOSITORY)/$(IMAGE):$(TAG)
run-stage:
docker run -e RUNNING_ENV=stage -v ${CURDIR}/dist:/dist --name $(NAME) $(REPOSITORY)/$(IMAGE):$(TAG)
debug:
docker run -ti -e RUNNING_ENV=dev -v ${CURDIR}/dist:/dist --name $(NAME) $(REPOSITORY)/$(IMAGE):$(TAG) /bin/bash
clean:
docker stop ${NAME}
docker rm ${NAME}
logs:
docker logs -t -f ${NAME}
publish:
docker push ${IMAGE}
Dockerfile
FROM ubuntu:12.04
#prepare OS
RUN apt-get -y update
RUN apt-get install -y procps
RUN apt-get install -y vim-tiny
RUN apt-get install -y sudo
RUN apt-get install -y python-pip python-dev build-essential
RUN apt-get install -y libpcre3 libpcre3-dev
#prepare the resources
RUN mkdir -p /install/
RUN mkdir -p /dist/
RUN mkdir -p /tool/conf
RUN chmod -R a+x /tool/conf
RUN mkdir -p /tool/ssl/
ADD ./install/nginx-1.14.0.tar.gz /install/
ADD template/nginx.conf /tool/template/
ADD template/ngproxy /tool/template/
ADD script/conf_gen.py /tool/script/
ADD conf/cert-*.pem /tool/ssl/
ADD conf/cert-*.key /tool/ssl/
ADD conf/dhparams-*.pem /tool/ssl/
#compile nginx
#set up the python engine env
RUN apt-get install -y python-jinja2
WORKDIR /tool/
RUN mkdir -p /app/
ADD start.sh /app/
CMD /app/start.sh
Start.sh
#!/bin/sh -ex
#prepare the configuration
python script/conf_gen.py
#compile the nginx
cd /install/nginx-1.14.0
./configure --prefix=/usr/local/nginx-1.14.0 --with-http_ssl_module
make
make install
#overwrite the configuration
mkdir -p /usr/local/nginx-1.14.0/sites-available
mkdir -p /usr/local/nginx-1.14.0/sites-enabled
mkdir -p /usr/local/nginx-1.14.0/ssl
cp /tool/conf/nginx.conf /usr/local/nginx-1.14.0/conf/nginx.conf
cp /tool/conf/ngproxy /usr/local/nginx-1.14.0/sites-available/ngproxy
ln -s /usr/local/nginx-1.14.0/sites-available/ngproxy /usr/local/nginx-1.14.0/sites-enabled/ngproxy
cp /tool/ssl/cert-${RUNNING_ENV}.key /usr/local/nginx-1.14.0/ssl/cert.key
cp /tool/ssl/cert-${RUNNING_ENV}.pem /usr/local/nginx-1.14.0/ssl/cert.pem
cp /tool/ssl/dhparams-${RUNNING_ENV}.pem /usr/local/nginx-1.14.0/ssl/dhparams.pem
#compress to dist
cd /usr/local/
tar czf nginx-1.14.0-bin.tar.gz nginx-1.14.0
cp /usr/local/nginx-1.14.0-bin.tar.gz /dist/nginx-1.14.0-bin.tar.gz
Using Python Script script/conf_gen.py to generate the configuration from template
#!/usr/bin/python
from jinja2 import Environment, FileSystemLoader
import os
from sys import exit
SCRIPT_DIR = os.path.abspath(os.path.dirname(__file__))
ROOT_DIR = os.path.abspath(os.path.join(SCRIPT_DIR, '../'))
TEMPLATE_DIR = os.path.abspath(os.path.join(ROOT_DIR, 'template'))
CONF_DIR = os.path.abspath(os.path.join(ROOT_DIR, 'conf'))
print("SCRIPT = " + SCRIPT_DIR)
print("TEMPLATE = " + TEMPLATE_DIR)
print("CONF = " + CONF_DIR)
env_domain_mappings = {
'dev': ‘sillycatclouddev.com',
'stage': ‘sillycatcloudbeta.com',
'prod': ‘sillycatcloud.com'
}
def generateConf():
try:
runningEnv = os.environ['RUNNING_ENV']
except KeyError as e:
exit("RUNNING_ENV is not set in ENV, exit!")
print("Generating nginx.conf for " + runningEnv)
generate_conf_env = {
'runningEnv': runningEnv
}
print(generate_conf_env)
generateFile('template/nginx.conf', 'conf/nginx.conf', generate_conf_env)
def generateProxy():
try:
runningEnv = os.environ['RUNNING_ENV']
except KeyError as e:
exit("{0} is not set in environment".format(e))
print("Generating ngproxy for " + runningEnv)
targetDomain = env_domain_mappings[runningEnv]
generate_proxy_env = {
'targetDomain':targetDomain
}
print(generate_proxy_env)
generateFile('template/ngproxy', 'conf/ngproxy', generate_proxy_env)
def generateFile(template_name, output_file_name, params):
env = Environment(loader=FileSystemLoader(ROOT_DIR), trim_blocks=True)
output_content = env.get_template(template_name).render(params)
with open(output_file_name, 'w') as file:
file.write(output_content)
if __name__ == '__main__':
print("Generate the nginx.conf file")
generateConf()
print("Generate the ngproxy file")
generateProxy()
It is working great.
References:
http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass
http://nginx.org/en/docs/http/ngx_http_rewrite_module.html#break
http://agentzh.blogspot.com/2011/03/how-nginx-location-if-works.html
https://stackoverflow.com/questions/32825703/syntax-for-if-statement-in-nginx
When we should use break in If
http://agentzh.blogspot.com/2011/03/how-nginx-location-if-works.html
If is evil
https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
Official document about If
http://nginx.org/en/docs/http/ngx_http_rewrite_module.html#if
Instead of using Map, I use if to check the header in request
server {
listen 8443;
client_max_body_size 10M;
# redirect pairing and status check traffic to aws lambda
resolver 8.8.4.4 8.8.8.8;
set $ocpServer 'https://ocp.{{targetDomain}}';
location / {
if ( $http_user_agent = 'oldclientsproxy' ) {
proxy_pass http://local-external-ip:5080;
}
if ( $http_user_agent != 'oldclientsproxy' ) {
proxy_pass $ocpServer;
}
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_ssl_server_name on;
}
ssl on;
ssl_certificate /usr/local/nginx-1.14.0/ssl/cert.pem;
ssl_certificate_key /usr/local/nginx-1.14.0/ssl/cert.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ‘xxxxxxxxxxMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_dhparam /usr/local/nginx-1.14.0/ssl/dhparams.pem;
ssl_prefer_server_ciphers on;
}
So the request will go to system DNS and go through /etc/host for oldclientsproxy request and go to local-external-ip:5080.
I use $ocpServer which is a variable there, so nginx will go to resolver 8.8.8.8 to look up the DNS.
Here is how I build the nginx binary from the source on top of Ubuntu 12.04
Makefile
IMAGE=sillycat/sillycat-localproxy
TAG=1.0
NAME=sillycat-localproxy
REPOSITORY=xxxxxxx.dkr.ecr.us-west-1.amazonaws.com
push-local:
docker push $(REPOSITORY)/$(IMAGE):$(TAG)
docker-context:
prepare:
rm -fr ./install
rm -fr ./dist
mkdir ./install
wget https://nginx.org/download/nginx-1.14.0.tar.gz -P ./install/
mkdir ./dist
build: docker-context
docker build -t $(REPOSITORY)/$(IMAGE):$(TAG) .
run-dev:
docker run -e RUNNING_ENV=dev -v ${CURDIR}/dist:/dist --name $(NAME) $(REPOSITORY)/$(IMAGE):$(TAG)
run-stage:
docker run -e RUNNING_ENV=stage -v ${CURDIR}/dist:/dist --name $(NAME) $(REPOSITORY)/$(IMAGE):$(TAG)
debug:
docker run -ti -e RUNNING_ENV=dev -v ${CURDIR}/dist:/dist --name $(NAME) $(REPOSITORY)/$(IMAGE):$(TAG) /bin/bash
clean:
docker stop ${NAME}
docker rm ${NAME}
logs:
docker logs -t -f ${NAME}
publish:
docker push ${IMAGE}
Dockerfile
FROM ubuntu:12.04
#prepare OS
RUN apt-get -y update
RUN apt-get install -y procps
RUN apt-get install -y vim-tiny
RUN apt-get install -y sudo
RUN apt-get install -y python-pip python-dev build-essential
RUN apt-get install -y libpcre3 libpcre3-dev
#prepare the resources
RUN mkdir -p /install/
RUN mkdir -p /dist/
RUN mkdir -p /tool/conf
RUN chmod -R a+x /tool/conf
RUN mkdir -p /tool/ssl/
ADD ./install/nginx-1.14.0.tar.gz /install/
ADD template/nginx.conf /tool/template/
ADD template/ngproxy /tool/template/
ADD script/conf_gen.py /tool/script/
ADD conf/cert-*.pem /tool/ssl/
ADD conf/cert-*.key /tool/ssl/
ADD conf/dhparams-*.pem /tool/ssl/
#compile nginx
#set up the python engine env
RUN apt-get install -y python-jinja2
WORKDIR /tool/
RUN mkdir -p /app/
ADD start.sh /app/
CMD /app/start.sh
Start.sh
#!/bin/sh -ex
#prepare the configuration
python script/conf_gen.py
#compile the nginx
cd /install/nginx-1.14.0
./configure --prefix=/usr/local/nginx-1.14.0 --with-http_ssl_module
make
make install
#overwrite the configuration
mkdir -p /usr/local/nginx-1.14.0/sites-available
mkdir -p /usr/local/nginx-1.14.0/sites-enabled
mkdir -p /usr/local/nginx-1.14.0/ssl
cp /tool/conf/nginx.conf /usr/local/nginx-1.14.0/conf/nginx.conf
cp /tool/conf/ngproxy /usr/local/nginx-1.14.0/sites-available/ngproxy
ln -s /usr/local/nginx-1.14.0/sites-available/ngproxy /usr/local/nginx-1.14.0/sites-enabled/ngproxy
cp /tool/ssl/cert-${RUNNING_ENV}.key /usr/local/nginx-1.14.0/ssl/cert.key
cp /tool/ssl/cert-${RUNNING_ENV}.pem /usr/local/nginx-1.14.0/ssl/cert.pem
cp /tool/ssl/dhparams-${RUNNING_ENV}.pem /usr/local/nginx-1.14.0/ssl/dhparams.pem
#compress to dist
cd /usr/local/
tar czf nginx-1.14.0-bin.tar.gz nginx-1.14.0
cp /usr/local/nginx-1.14.0-bin.tar.gz /dist/nginx-1.14.0-bin.tar.gz
Using Python Script script/conf_gen.py to generate the configuration from template
#!/usr/bin/python
from jinja2 import Environment, FileSystemLoader
import os
from sys import exit
SCRIPT_DIR = os.path.abspath(os.path.dirname(__file__))
ROOT_DIR = os.path.abspath(os.path.join(SCRIPT_DIR, '../'))
TEMPLATE_DIR = os.path.abspath(os.path.join(ROOT_DIR, 'template'))
CONF_DIR = os.path.abspath(os.path.join(ROOT_DIR, 'conf'))
print("SCRIPT = " + SCRIPT_DIR)
print("TEMPLATE = " + TEMPLATE_DIR)
print("CONF = " + CONF_DIR)
env_domain_mappings = {
'dev': ‘sillycatclouddev.com',
'stage': ‘sillycatcloudbeta.com',
'prod': ‘sillycatcloud.com'
}
def generateConf():
try:
runningEnv = os.environ['RUNNING_ENV']
except KeyError as e:
exit("RUNNING_ENV is not set in ENV, exit!")
print("Generating nginx.conf for " + runningEnv)
generate_conf_env = {
'runningEnv': runningEnv
}
print(generate_conf_env)
generateFile('template/nginx.conf', 'conf/nginx.conf', generate_conf_env)
def generateProxy():
try:
runningEnv = os.environ['RUNNING_ENV']
except KeyError as e:
exit("{0} is not set in environment".format(e))
print("Generating ngproxy for " + runningEnv)
targetDomain = env_domain_mappings[runningEnv]
generate_proxy_env = {
'targetDomain':targetDomain
}
print(generate_proxy_env)
generateFile('template/ngproxy', 'conf/ngproxy', generate_proxy_env)
def generateFile(template_name, output_file_name, params):
env = Environment(loader=FileSystemLoader(ROOT_DIR), trim_blocks=True)
output_content = env.get_template(template_name).render(params)
with open(output_file_name, 'w') as file:
file.write(output_content)
if __name__ == '__main__':
print("Generate the nginx.conf file")
generateConf()
print("Generate the ngproxy file")
generateProxy()
It is working great.
References:
http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass
http://nginx.org/en/docs/http/ngx_http_rewrite_module.html#break
http://agentzh.blogspot.com/2011/03/how-nginx-location-if-works.html
https://stackoverflow.com/questions/32825703/syntax-for-if-statement-in-nginx
3755
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
