etoews · March 28, 2016 14:16
diff --git a/config.toml b/config.toml
 ListenAddr = ":8080"
 DockerURL = "tcp://192.168.99.105:3376"
 TLSCACert = "/etc/docker/ca.pem"
 TLSCert = "/etc/docker/server.pem"
 TLSKey = "/etc/docker/server-key.pem"
 AllowInsecure = false
 EnableMetrics = true

 [[extensions]]
 name = "nginx"
 configPath = "/etc/nginx/nginx.conf"
 pidPath = "/tmp/nginx.pid"
 templatePath = "/etc/interlock/nginx.conf.template"
 maxConn = 1024
 port = 80

 #[[extensions]]
 #name = "haproxy"
 #configPath = "/usr/local/etc/haproxy/haproxy.cfg"
 #pidPath = "/run/haproxy.pid"
 #templatePath = "/etc/interlock/haproxy.cfg.template"
 #backendOverrideAddress = "172.17.0.1"
 #maxConn = 1024
 #port = 80
 #adminUser = "admin"
 #adminPass = "interlock"
diff --git a/haproxy.cfg.template b/haproxy.cfg.template
 # managed by interlock
 global
    {{ if .Config.SyslogAddr }}log {{ .Config.SyslogAddr }} local0
    log-send-hostname{{ end }}
    maxconn {{ .Config.MaxConn }}
    pidfile {{ .Config.PidPath }}
    ssl-server-verify {{ .Config.SSLServerVerify }}
    tune.ssl.default-dh-param {{ .Config.SSLDefaultDHParam }}

 defaults
    mode http
    retries 3
    option redispatch
    option httplog
    option dontlognull
    option http-server-close
    option forwardfor
    timeout connect {{ .Config.ConnectTimeout }}
    timeout client {{ .Config.ClientTimeout }}
    timeout server {{ .Config.ServerTimeout }}

 frontend http-default
    bind *:{{ .Config.Port }}
    {{ if .Config.SSLCert }}bind *:{{ .Config.SSLPort }} ssl crt {{ .Config.SSLCert }} {{ .Config.SSLOpts }}{{ end }}
    monitor-uri /haproxy?monitor
    {{ if .Config.AdminUser }}stats realm Stats
    stats auth {{ .Config.AdminUser }}:{{ .Config.AdminPass}}{{ end }}
    stats enable
    stats uri /haproxy?stats
    stats refresh 5s
    {{ range $host := .Hosts }}
    use_backend {{ $host.Name }}
    {{ end }}
 {{ range $host := .Hosts }}backend {{ $host.Name }}
    http-response add-header X-Request-Start %Ts.%ms
    balance {{ $host.BalanceAlgorithm }}
    {{ range $option := $host.BackendOptions }}option {{ $option }}
    {{ end }}
    {{ if $host.Check }}option {{ $host.Check }}{{ end }}
    {{ if $host.SSLOnly }}redirect scheme https if !{ ssl_fc  }{{ end }}
    {{ range $i,$up := $host.Upstreams }}server {{ $up.Container }} {{ $up.Addr }} check inter {{ $up.CheckInterval }}{{ if $host.SSLBackend }} ssl sni req.hdr(Host) verify {{ $host.SSLBackendTLSVerify }}{{ end }}
    {{ end }}
 {{ end }}
  
diff --git a/interlock.sh b/interlock.sh
 # Interlock dev container

 git clone https://github.com/everett-toews/swarmer.git
 cd swarmer
 ./deploy.sh
 eval $(docker-machine env --swarm swarm-master)

 mkdir -p go/src/github.com/ehazlett
 cd go/src/github.com/ehazlett
 git clone [email protected]:ehazlett/interlock.git # this should be your fork
 cd interlock

 docker network create mynetwork

 docker run -it --rm \
  --name dev \
  --net mynetwork \
  --publish 8080:8080 \
  --volume $(pwd):/go/src/github.com/ehazlett/interlock \
  --volume $(pwd)/.config:/etc/interlock \
  --volume $DOCKER_CERT_PATH:/etc/docker \
  --env DOCKER_CERT_PATH=/etc/docker \
  --env DOCKER_TLS_VERIFY=1 \
  --env DOCKER_HOST=$DOCKER_HOST \
  --env DOCKER_HUB_USERNAME=$DOCKER_HUB_USERNAME \
  --env DOCKER_HUB_PASSWORD=$DOCKER_HUB_PASSWORD \
  --env REPO=etoews/interlock \
  --env TAG=templates \
  --workdir /go/src/github.com/ehazlett/interlock \
  etoews/go

 make build
 cmd/interlock/interlock -D run --config /etc/interlock/config.toml

 docker login -u $DOCKER_HUB_USERNAME -p $DOCKER_HUB_PASSWORD -e [email protected]
 make image
 docker push $REPO:$TAG

 # Need to pick one of Nginx or HAProxy for your proxy

 # Nginx

 docker run --detach \
  --name nginx2 \
  --net mynetwork \
  --publish 80:80 \
  --label interlock.ext.name=nginx \
  nginx:1.9

 docker exec nginx cat /etc/nginx/nginx.conf

 curl -s http://$(docker port nginx 80) | grep strong
 open http://$(docker port nginx 80)

 # HAProxy

 docker run --detach \
  --name haproxy \
  --net mynetwork \
  --restart unless-stopped \
  --publish 80:80 \
  --label interlock.ext.name=haproxy \
  haproxy:1.6

 docker exec haproxy cat /usr/local/etc/haproxy/haproxy.cfg

 curl -s http://$(docker port haproxy 80) | grep strong
 open http://$(docker port haproxy 80)
 open http://$(docker port haproxy 80)/haproxy?monitor
 open http://$(docker port haproxy 80)/haproxy?stats

 #  App

 docker run --detach \
  --net mynetwork \
  --expose 8080 \
  --label interlock.network=mynetwork \
  --label interlock.hostname=test \
  --label interlock.domain=local \
  ehazlett/docker-demo
diff --git a/nginx.conf.template b/nginx.conf.template
 # managed by interlock
 user  {{ .Config.User }};
 worker_processes  {{ .Config.WorkerProcesses }};
 worker_rlimit_nofile {{ .Config.RLimitNoFile }};

 error_log  /var/log/error.log warn;
 pid        {{ .Config.PidPath }};


 events {
    worker_connections  {{ .Config.MaxConn }};
 }


 http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    server_names_hash_bucket_size 128;
    client_max_body_size 2048M;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    # If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
    # scheme used to connect to this server
    map $http_x_forwarded_proto $proxy_x_forwarded_proto {
      default $http_x_forwarded_proto;
      ''      $scheme;
    }

    #gzip  on;
    proxy_connect_timeout {{ .Config.ProxyConnectTimeout }};
    proxy_send_timeout {{ .Config.ProxySendTimeout }};
    proxy_read_timeout {{ .Config.ProxyReadTimeout }};
    proxy_set_header        X-Real-IP         $remote_addr;
    proxy_set_header        X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Proto $proxy_x_forwarded_proto;
    proxy_set_header        Host              $http_host;
    send_timeout {{ .Config.SendTimeout }};

    # ssl
    ssl_ciphers {{ .Config.SSLCiphers }};
    ssl_protocols {{ .Config.SSLProtocols }};

    map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
    }

    {{ range $host := .Hosts }}
    upstream {{ $host.Upstream.Name }} {
        zone {{ $host.Upstream.Name }}_backend 64k;

        {{ range $up := $host.Upstream.Servers }}server {{ $up.Addr }};
        {{ end }}
    }
    server {
        listen {{ $host.Port }};

        {{ if $host.SSLOnly }}return 302 https://$server_name$request_uri;{{ else }}
        location / {
            {{ if $host.SSLBackend }}proxy_pass https://{{ $host.Upstream.Name }};{{ else }}proxy_pass http://{{ $host.Upstream.Name }};{{ end }}
        }

        {{ range $ws := $host.WebsocketEndpoints }}
        location {{ $ws }} {
            {{ if $host.SSLBackend }}proxy_pass https://{{ $host.Upstream.Name }};{{ else }}proxy_pass http://{{ $host.Upstream.Name }};{{ end }}
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
        }

        location /nginx_status {
            stub_status on;
            access_log off;
        }

        {{ end }}
        {{ end }}
    }
    {{ if $host.SSL }}
    server {
        listen {{ $host.SSLPort }};
        ssl on;
        ssl_certificate {{ $host.SSLCert }};
        ssl_certificate_key {{ $host.SSLCertKey }};

        location / {
            {{ if $host.SSLBackend }}proxy_pass https://{{ $host.Upstream.Name }};{{ else }}proxy_pass http://{{ $host.Upstream.Name }};{{ end }}
        }

        {{ range $ws := $host.WebsocketEndpoints }}
        location {{ $ws }} {
            {{ if $host.SSLBackend }}proxy_pass https://{{ $host.Upstream.Name }};{{ else }}proxy_pass http://{{ $host.Upstream.Name }};{{ end }}
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
        }

        location /nginx_status {
            stub_status on;
            access_log off;
        }
        {{ end }}
    }
    {{ end }}
    {{ end }}

    include {{ .Config.ConfigBasePath }}/conf.d/*.conf;
 }
	ListenAddr = ":8080"
	DockerURL = "tcp://192.168.99.105:3376"
	TLSCACert = "/etc/docker/ca.pem"
	TLSCert = "/etc/docker/server.pem"
	TLSKey = "/etc/docker/server-key.pem"
	AllowInsecure = false
	EnableMetrics = true

	[[extensions]]
	name = "nginx"
	configPath = "/etc/nginx/nginx.conf"
	pidPath = "/tmp/nginx.pid"
	templatePath = "/etc/interlock/nginx.conf.template"
	maxConn = 1024
	port = 80

	#[[extensions]]
	#name = "haproxy"
	#configPath = "/usr/local/etc/haproxy/haproxy.cfg"
	#pidPath = "/run/haproxy.pid"
	#templatePath = "/etc/interlock/haproxy.cfg.template"
	#backendOverrideAddress = "172.17.0.1"
	#maxConn = 1024
	#port = 80
	#adminUser = "admin"
	#adminPass = "interlock"
	# managed by interlock
	global
	{{ if .Config.SyslogAddr }}log {{ .Config.SyslogAddr }} local0
	log-send-hostname{{ end }}
	maxconn {{ .Config.MaxConn }}
	pidfile {{ .Config.PidPath }}
	ssl-server-verify {{ .Config.SSLServerVerify }}
	tune.ssl.default-dh-param {{ .Config.SSLDefaultDHParam }}

	defaults
	mode http
	retries 3
	option redispatch
	option httplog
	option dontlognull
	option http-server-close
	option forwardfor
	timeout connect {{ .Config.ConnectTimeout }}
	timeout client {{ .Config.ClientTimeout }}
	timeout server {{ .Config.ServerTimeout }}

	frontend http-default
	bind *:{{ .Config.Port }}
	{{ if .Config.SSLCert }}bind *:{{ .Config.SSLPort }} ssl crt {{ .Config.SSLCert }} {{ .Config.SSLOpts }}{{ end }}
	monitor-uri /haproxy?monitor
	{{ if .Config.AdminUser }}stats realm Stats
	stats auth {{ .Config.AdminUser }}:{{ .Config.AdminPass}}{{ end }}
	stats enable
	stats uri /haproxy?stats
	stats refresh 5s
	{{ range $host := .Hosts }}
	use_backend {{ $host.Name }}
	{{ end }}
	{{ range $host := .Hosts }}backend {{ $host.Name }}
	http-response add-header X-Request-Start %Ts.%ms
	balance {{ $host.BalanceAlgorithm }}
	{{ range $option := $host.BackendOptions }}option {{ $option }}
	{{ end }}
	{{ if $host.Check }}option {{ $host.Check }}{{ end }}
	{{ if $host.SSLOnly }}redirect scheme https if !{ ssl_fc }{{ end }}
	{{ range $i,$up := $host.Upstreams }}server {{ $up.Container }} {{ $up.Addr }} check inter {{ $up.CheckInterval }}{{ if $host.SSLBackend }} ssl sni req.hdr(Host) verify {{ $host.SSLBackendTLSVerify }}{{ end }}
	{{ end }}
	{{ end }}
	# Interlock dev container

	git clone https://github.com/everett-toews/swarmer.git
	cd swarmer
	./deploy.sh
	eval $(docker-machine env --swarm swarm-master)

	mkdir -p go/src/github.com/ehazlett
	cd go/src/github.com/ehazlett
	git clone [email protected]:ehazlett/interlock.git # this should be your fork
	cd interlock

	docker network create mynetwork

	docker run -it --rm \
	--name dev \
	--net mynetwork \
	--publish 8080:8080 \
	--volume $(pwd):/go/src/github.com/ehazlett/interlock \
	--volume $(pwd)/.config:/etc/interlock \
	--volume $DOCKER_CERT_PATH:/etc/docker \
	--env DOCKER_CERT_PATH=/etc/docker \
	--env DOCKER_TLS_VERIFY=1 \
	--env DOCKER_HOST=$DOCKER_HOST \
	--env DOCKER_HUB_USERNAME=$DOCKER_HUB_USERNAME \
	--env DOCKER_HUB_PASSWORD=$DOCKER_HUB_PASSWORD \
	--env REPO=etoews/interlock \
	--env TAG=templates \
	--workdir /go/src/github.com/ehazlett/interlock \
	etoews/go

	make build
	cmd/interlock/interlock -D run --config /etc/interlock/config.toml

	docker login -u $DOCKER_HUB_USERNAME -p $DOCKER_HUB_PASSWORD -e [email protected]
	make image
	docker push $REPO:$TAG

	# Need to pick one of Nginx or HAProxy for your proxy

	# Nginx

	docker run --detach \
	--name nginx2 \
	--net mynetwork \
	--publish 80:80 \
	--label interlock.ext.name=nginx \
	nginx:1.9

	docker exec nginx cat /etc/nginx/nginx.conf

	curl -s http://$(docker port nginx 80) \| grep strong
	open http://$(docker port nginx 80)

	# HAProxy

	docker run --detach \
	--name haproxy \
	--net mynetwork \
	--restart unless-stopped \
	--publish 80:80 \
	--label interlock.ext.name=haproxy \
	haproxy:1.6

	docker exec haproxy cat /usr/local/etc/haproxy/haproxy.cfg

	curl -s http://$(docker port haproxy 80) \| grep strong
	open http://$(docker port haproxy 80)
	open http://$(docker port haproxy 80)/haproxy?monitor
	open http://$(docker port haproxy 80)/haproxy?stats

	# App

	docker run --detach \
	--net mynetwork \
	--expose 8080 \
	--label interlock.network=mynetwork \
	--label interlock.hostname=test \
	--label interlock.domain=local \
	ehazlett/docker-demo
	# managed by interlock
	user {{ .Config.User }};
	worker_processes {{ .Config.WorkerProcesses }};
	worker_rlimit_nofile {{ .Config.RLimitNoFile }};

	error_log /var/log/error.log warn;
	pid {{ .Config.PidPath }};


	events {
	worker_connections {{ .Config.MaxConn }};
	}


	http {
	include /etc/nginx/mime.types;
	default_type application/octet-stream;
	server_names_hash_bucket_size 128;
	client_max_body_size 2048M;

	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
	'$status $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for"';

	access_log /var/log/nginx/access.log main;

	sendfile on;
	#tcp_nopush on;

	keepalive_timeout 65;

	# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
	# scheme used to connect to this server
	map $http_x_forwarded_proto $proxy_x_forwarded_proto {
	default $http_x_forwarded_proto;
	'' $scheme;
	}

	#gzip on;
	proxy_connect_timeout {{ .Config.ProxyConnectTimeout }};
	proxy_send_timeout {{ .Config.ProxySendTimeout }};
	proxy_read_timeout {{ .Config.ProxyReadTimeout }};
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
	proxy_set_header Host $http_host;
	send_timeout {{ .Config.SendTimeout }};

	# ssl
	ssl_ciphers {{ .Config.SSLCiphers }};
	ssl_protocols {{ .Config.SSLProtocols }};

	map $http_upgrade $connection_upgrade {
	default upgrade;
	'' close;
	}

	{{ range $host := .Hosts }}
	upstream {{ $host.Upstream.Name }} {
	zone {{ $host.Upstream.Name }}_backend 64k;

	{{ range $up := $host.Upstream.Servers }}server {{ $up.Addr }};
	{{ end }}
	}
	server {
	listen {{ $host.Port }};

	{{ if $host.SSLOnly }}return 302 https://$server_name$request_uri;{{ else }}
	location / {
	{{ if $host.SSLBackend }}proxy_pass https://{{ $host.Upstream.Name }};{{ else }}proxy_pass http://{{ $host.Upstream.Name }};{{ end }}
	}

	{{ range $ws := $host.WebsocketEndpoints }}
	location {{ $ws }} {
	{{ if $host.SSLBackend }}proxy_pass https://{{ $host.Upstream.Name }};{{ else }}proxy_pass http://{{ $host.Upstream.Name }};{{ end }}
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection $connection_upgrade;
	}

	location /nginx_status {
	stub_status on;
	access_log off;
	}

	{{ end }}
	{{ end }}
	}
	{{ if $host.SSL }}
	server {
	listen {{ $host.SSLPort }};
	ssl on;
	ssl_certificate {{ $host.SSLCert }};
	ssl_certificate_key {{ $host.SSLCertKey }};

	location / {
	{{ if $host.SSLBackend }}proxy_pass https://{{ $host.Upstream.Name }};{{ else }}proxy_pass http://{{ $host.Upstream.Name }};{{ end }}
	}

	{{ range $ws := $host.WebsocketEndpoints }}
	location {{ $ws }} {
	{{ if $host.SSLBackend }}proxy_pass https://{{ $host.Upstream.Name }};{{ else }}proxy_pass http://{{ $host.Upstream.Name }};{{ end }}
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection $connection_upgrade;
	}

	location /nginx_status {
	stub_status on;
	access_log off;
	}
	{{ end }}
	}
	{{ end }}
	{{ end }}

	include {{ .Config.ConfigBasePath }}/conf.d/*.conf;
	}