Skip to content

Instantly share code, notes, and snippets.

@meeuw

meeuw/proxy.py

Last active August 16, 2016 08:25
Show Gist options
  • Save meeuw/b6830557a75816313cd6 to your computer and use it in GitHub Desktop.
Save meeuw/b6830557a75816313cd6 to your computer and use it in GitHub Desktop.
Download ZIP
docker apache proxy
Raw
gistfile1.txt
# docker build -t="dockerproxy" .
FROM whatever
RUN yum install -y httpd mod_ssl
ADD ./proxy.py /root/bin/proxy.py
CMD python /root/bin/proxy.py
EXPOSE 80 443
ADD *.crt /etc/pki/tls/certs/
ADD *.key /etc/pki/tls/private/
Raw
proxy.py
#!/usr/bin/python
import os
with open('/etc/httpd/conf/httpd.conf', 'a') as f:
f.write('''NameVirtualHost *:80
NameVirtualHost *:443
SSLStrictSNIVHostCheck off
''')
virtualhost = {
'default': '''<VirtualHost *:80>
ServerName %(name)s
ServerAlias %(alias)s
ProxyPass / http://%(name)s/ timeout=9999999
RequestHeader set X-Forwarded-Proto "http"
</VirtualHost>
<VirtualHost *:443>
ServerName %(name)s
ServerAlias %(alias)s
ProxyPass / http://%(name)s/ timeout=9999999
RequestHeader set X-Forwarded-Proto "https"
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES
SSLCertificateFile /etc/pki/tls/certs/%(name)s.crt
SSLCertificateKeyFile /etc/pki/tls/private/%(name)s.key
SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
SetEnvIf User-Agent ".*MSIE.*" \\
nokeepalive ssl-unclean-shutdown \\
downgrade-1.0 force-response-1.0
Header edit Location ^http:// https://
</VirtualHost>
''',
'rewrite': '''<VirtualHost *:80>
ServerName %(name)s
ServerAlias %(alias)s
ProxyPass / http://%(name)s/ timeout=9999999
RequestHeader set X-Forwarded-Proto "http"
ProxyPreserveHost On
RequestHeader unset Accept-Encoding
AddOutputFilterByType SUBSTITUTE text/html
Substitute s/%(newname)s/%(name)s/ni
Header edit Location ^http://%(newname)s http://%(name)s
</VirtualHost>
<VirtualHost *:443>
ServerName %(name)s
ServerAlias %(alias)s
ProxyPass / http://%(name)s/ timeout=9999999
RequestHeader set X-Forwarded-Proto "https"
RequestHeader unset Accept-Encoding
AddOutputFilterByType SUBSTITUTE text/html
Substitute s/%(newname)s/%(name)s/ni
Header edit Location ^http://%(newname)s http://%(name)s
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES
SSLCertificateFile /etc/pki/tls/certs/%(name)s.crt
SSLCertificateKeyFile /etc/pki/tls/private/%(name)s.key
SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
SetEnvIf User-Agent ".*MSIE.*" \\
nokeepalive ssl-unclean-shutdown \\
downgrade-1.0 force-response-1.0
</VirtualHost>
'''
}
for key, value in os.environ.iteritems():
if key.endswith('_NAME'):
dockerproxy = key[:-5]+'_ENV_DOCKERPROXY'
typ = 'default'
if dockerproxy in os.environ:
typ = os.environ[dockerproxy]
if not typ in virtualhost:
typ = "default"
name = value.split('/')[2]
dockerproxy_alias = key[:-5]+'_ENV_DOCKERPROXY_ALIAS'
if dockerproxy_alias in os.environ:
alias = os.environ[dockerproxy_alias]
else:
alias = name
newname = name.replace('local.', 'www.')
f.write(virtualhost[typ] % {'name': name, 'newname': newname, 'alias': alias})
os.system('cat /etc/httpd/conf/httpd.conf')
os.system('/etc/init.d/httpd start')
os.system('tail -f /var/log/httpd/access_log')
Raw
start.py
#!/usr/bin/python3
import subprocess
import re
import json
subprocess.check_call(["docker", "build", "-t=\"dockerproxy\"", "/home/user/git/dockerproxy/"])
buf = subprocess.check_output(["docker", "ps"])
cmd = ['docker', 'run', '--rm', '-i', '-t', '--name=dockerproxy', '-p', '80:80', '-p', '443:443']
for line in buf.decode('utf8').split('\n'):
s = re.split(' +', line)
if len(s) != 7:
continue
name = s[6]
if name == "NAMES" or name == "dbserver-mysql": continue
cmd += ['--link', name]
cmd += ['dockerproxy']
subprocess.check_call(cmd)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment