Skip to content

Commit cd2599f

Browse files
author
Alex Ianchici
committed
initial commit
0 parents  commit cd2599f

File tree

5 files changed

+158
-0
lines changed

5 files changed

+158
-0
lines changed

Dockerfile

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
FROM ubuntu:trusty
2+
ENV DEBIAN_FRONTEND noninteractive
3+
4+
# nginx
5+
RUN apt-get update -q
6+
RUN apt-get install -yf build-essential python-software-properties software-properties-common
7+
RUN add-apt-repository ppa:nginx/stable
8+
RUN apt-get update -q
9+
RUN apt-get -y install -y curl
10+
11+
# build nginx from source with http auth module enabled
12+
RUN apt-get -y install libpcre3-dev zlib1g-dev libssl-dev
13+
RUN curl -O http://nginx.org/download/nginx-1.6.1.tar.gz
14+
RUN tar -xzf nginx-1.6.1.tar.gz
15+
WORKDIR nginx-1.6.1
16+
RUN ./configure --with-http_ssl_module --with-http_auth_request_module && make && make install
17+
18+
# install pystache
19+
RUN apt-get -y install python-pip
20+
RUN pip install pystache
21+
22+
# nginx configuration
23+
ADD nginx/nginx.conf /usr/local/nginx/conf/nginx.conf
24+
ADD nginx/nginx.default /usr/local/nginx/conf/sites-enabled/default.template
25+
ADD start.sh /start.sh
26+
27+
EXPOSE 80
28+
CMD /start.sh

README.md

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
Nginx authentication proxy
2+
==========================
3+
4+
Simple proxy used to send the request using the proxy_pass directive to an authentication backend specified using the AUTH_BACKEND environment variable. Traffic that passes the authentication backend will then be sent to the backend specified using the BACKEND environment variable.
5+
6+
Running the docker container:
7+
```
8+
ubuntu@trusty-64:/nginx-auth# docker build -t nginx-auth
9+
ubuntu@trusty-64:/nginx-auth# docker run -e AUTH_BACKEND=https://someauthapi -e BACKEND=http://youprivateregistry -p 0.0.0.0:8080:80 nginx-auth
10+
```

nginx/nginx.conf

Lines changed: 74 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,74 @@
1+
user www-data;
2+
worker_rlimit_nofile 32768;
3+
pid /var/run/nginx.pid;
4+
5+
events {
6+
worker_connections 8192;
7+
}
8+
9+
http {
10+
11+
##
12+
# Basic Settings
13+
##
14+
15+
sendfile on;
16+
tcp_nopush on;
17+
tcp_nodelay on;
18+
keepalive_timeout 65;
19+
types_hash_max_size 2048;
20+
# server_tokens off;
21+
22+
# server_names_hash_bucket_size 64;
23+
# server_name_in_redirect off;
24+
25+
include /usr/local/nginx/conf/mime.types;
26+
default_type application/octet-stream;
27+
28+
##
29+
# Logging Settings
30+
##
31+
32+
access_log /dev/stdout;
33+
error_log /dev/stdout;
34+
35+
##
36+
# Gzip Settings
37+
##
38+
39+
gzip on;
40+
gzip_disable "msie6";
41+
42+
# gzip_vary on;
43+
# gzip_proxied any;
44+
# gzip_comp_level 6;
45+
# gzip_buffers 16 8k;
46+
# gzip_http_version 1.1;
47+
# gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
48+
49+
##
50+
# nginx-naxsi config
51+
##
52+
# Uncomment it if you installed nginx-naxsi
53+
##
54+
55+
#include /etc/nginx/naxsi_core.rules;
56+
57+
##
58+
# nginx-passenger config
59+
##
60+
# Uncomment it if you installed nginx-passenger
61+
##
62+
63+
#passenger_root /usr;
64+
#passenger_ruby /usr/bin/ruby;
65+
66+
##
67+
# Virtual Host Configs
68+
##
69+
70+
include /usr/local/nginx/conf/conf.d/*.conf;
71+
include /usr/local/nginx/conf/sites-enabled/default;
72+
}
73+
74+
daemon off;

nginx/nginx.default

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,39 @@
1+
server {
2+
listen 80;
3+
server_name _;
4+
5+
client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads
6+
7+
# required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
8+
chunked_transfer_encoding on;
9+
10+
proxy_set_header Host $http_host; # required for docker client's sake
11+
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
12+
13+
root /usr/local/nginx/html;
14+
index index.html index.htm;
15+
16+
17+
location = /auth {
18+
proxy_pass {{auth_backend}};
19+
proxy_pass_request_body off;
20+
proxy_set_header Content-Length "";
21+
proxy_set_header X-Original-URI $request_uri;
22+
proxy_set_header X-Docker-Token "";
23+
}
24+
25+
location / {
26+
proxy_pass {{backend}};
27+
auth_request /auth;
28+
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
29+
proxy_buffering off;
30+
}
31+
location /v1/_ping {
32+
auth_basic off;
33+
proxy_pass {{backend}};
34+
}
35+
location /_ping {
36+
auth_basic off;
37+
proxy_pass {{backend}};
38+
}
39+
}

start.sh

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
#!/bin/bash
2+
3+
NGINX=/usr/local/nginx
4+
5+
pystache "`cat ${NGINX}/conf/sites-enabled/default.template`" "{\"auth_backend\":\"${AUTH_BACKEND}\", \"backend\":\"${BACKEND}\"}" > ${NGINX}/conf/sites-enabled/default
6+
7+
${NGINX}/sbin/nginx

0 commit comments

Comments
 (0)