Add the vino-reverse-proxy image

This image can be used to put basic auth in front of a service. Change-Id: I8105da864e1b39ccd6af8ba646133fa7f24b9317
2021-04-14 16:43:36 -05:00 · 2021-04-14 16:43:36 -05:00 · 13de8d1bf3
commit 13de8d1bf3
parent 88a2792eb5
4 changed files with 155 additions and 0 deletions
--- a/vino-reverse-proxy/Dockerfile
+++ b/vino-reverse-proxy/Dockerfile
@ -0,0 +1,11 @@
+FROM nginx:alpine
+
+ENV BASIC_AUTH_USERNAME="username"
+ENV BASIC_AUTH_PASSWORD="password"
+
+RUN apk add --update --no-cache apache2-utils
+
+COPY assets/default.conf /etc/nginx/conf.d/default.conf
+COPY assets/entrypoint.sh /entrypoint.sh
+
+ENTRYPOINT /entrypoint.sh
--- a/vino-reverse-proxy/Makefile
+++ b/vino-reverse-proxy/Makefile
@ -0,0 +1,111 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+SHELL             := /bin/bash
+BUILD_DIR         ?= build
+PUSH_IMAGE        ?= false
+IMAGE_ID          ?= none
+COMMIT            ?= $(shell git rev-parse HEAD)
+LABEL             ?= org.airshipit.build=community
+IMAGE_NAME        ?= vino-reverse-proxy
+DOCKER_REGISTRY   ?= quay.io
+IMAGE_PREFIX      ?= airshipit
+IMAGE_TAG         ?= latest
+IMAGE             := ${DOCKER_REGISTRY}/${IMAGE_PREFIX}/${IMAGE_NAME}:${IMAGE_TAG}
+SH_TO_CHECK       := $(wildcard files/*.sh )
+PROXY             ?= http://proxy.foo.com:8000
+NO_PROXY          ?= localhost,127.0.0.1,.svc.cluster.local
+USE_PROXY         ?= false
+
+all: lint images
+
+check-docker:
+	@if [ -z $$(which docker) ]; then \
+	  echo "Missing \`docker\` client which is required for development"; \
+	  exit 2; \
+	fi
+
+images: check-docker build_vino-reverse-proxy
+
+docs: clean build_docs
+
+build_docs:
+	echo TODO
+
+run_images: run_vino-reverse-proxy
+
+run_vino-reverse-proxy:
+	echo TODO
+
+build_vino-reverse-proxy:
+	mkdir -p $(BUILD_DIR)
+ifeq ($(IMAGE_ID), none)
+ifeq ($(USE_PROXY), true)
+	docker build . \
+	--iidfile $(BUILD_DIR)/image_id \
+	--tag $(IMAGE) \
+	--label $(LABEL) \
+	--label "org.opencontainers.image.revision=$(COMMIT)" \
+	--label "org.opencontainers.image.created=\
+	$(shell date --rfc-3339=seconds --utc)" \
+	--label "org.opencontainers.image.title=$(IMAGE_NAME)" \
+	--build-arg http_proxy=$(PROXY) \
+	--build-arg https_proxy=$(PROXY) \
+	--build-arg HTTP_PROXY=$(PROXY) \
+	--build-arg HTTPS_PROXY=$(PROXY) \
+	--build-arg no_proxy=$(NO_PROXY) \
+	--build-arg NO_PROXY=$(NO_PROXY) \
+	--build-arg GIT_COMMIT=$(COMMIT)
+else
+	docker build . \
+	--iidfile $(BUILD_DIR)/image_id \
+	--tag $(IMAGE) \
+	--label $(LABEL) \
+	--label "org.opencontainers.image.revision=$(COMMIT)" \
+	--label "org.opencontainers.image.created=\
+	$(shell date --rfc-3339=seconds --utc)" \
+	--label "org.opencontainers.image.title=$(IMAGE_NAME)" \
+	--build-arg GIT_COMMIT=$(COMMIT)
+endif
+else
+	echo $(IMAGE_ID) > $(BUILD_DIR)/image_id
+endif
+# push image
+ifeq ($(PUSH_IMAGE), true)
+	docker push $(IMAGE)
+endif
+
+clean:
+ifeq ($(IMAGE_ID), none)
+	if [[ -s $(BUILD_DIR)/image_id ]]; \
+	then \
+	docker rmi $$(cat $(BUILD_DIR)/image_id); \
+	fi
+endif
+	rm -rf $(BUILD_DIR)
+
+# style checks
+lint: test-shellcheck
+
+tests: lint unit_tests run_vino-reverse-proxy
+
+test-shellcheck: $(SH_TO_CHECK)
+
+unit_tests:
+	echo TODO
+
+$(SH_TO_CHECK):
+	docker run --rm -v $(shell pwd):/mnt \
+	nlknguyen/alpine-shellcheck -x /mnt/$(@)
+
+.PHONY: test clean $(SH_TO_CHECK) test-shellcheck tests lint build_vino-reverse-proxy \
+  run_vino-reverse-proxy run_images all build_docs docs check-docker images
--- a/vino-reverse-proxy/assets/default.conf
+++ b/vino-reverse-proxy/assets/default.conf
@ -0,0 +1,17 @@
+server {
+    listen       8000;
+    server_name  localhost;
+    location / {
+        proxy_pass  http://localhost:5000/;
+
+        # Basic Auth
+        limit_except OPTIONS {
+            auth_basic "Restricted";
+            auth_basic_user_file "auth.htpasswd";
+        }
+    }
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+}
--- a/vino-reverse-proxy/assets/entrypoint.sh
+++ b/vino-reverse-proxy/assets/entrypoint.sh
@ -0,0 +1,16 @@
+#!/bin/sh
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+htpasswd -Bbn "$BASIC_AUTH_USERNAME" "$BASIC_AUTH_PASSWORD" > /etc/nginx/auth.htpasswd
+nginx -g 'daemon off;'