Last active
March 28, 2016 14:16
-
-
Save etoews/df0b70686e686f1f4cf5 to your computer and use it in GitHub Desktop.
Rough script for getting started with Interlock development. https://github.com/ehazlett/interlock
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ListenAddr = ":8080" | |
| DockerURL = "tcp://192.168.99.105:3376" | |
| TLSCACert = "/etc/docker/ca.pem" | |
| TLSCert = "/etc/docker/server.pem" | |
| TLSKey = "/etc/docker/server-key.pem" | |
| AllowInsecure = false | |
| EnableMetrics = true | |
| [[extensions]] | |
| name = "nginx" | |
| configPath = "/etc/nginx/nginx.conf" | |
| pidPath = "/tmp/nginx.pid" | |
| templatePath = "/etc/interlock/nginx.conf.template" | |
| maxConn = 1024 | |
| port = 80 | |
| #[[extensions]] | |
| #name = "haproxy" | |
| #configPath = "/usr/local/etc/haproxy/haproxy.cfg" | |
| #pidPath = "/run/haproxy.pid" | |
| #templatePath = "/etc/interlock/haproxy.cfg.template" | |
| #backendOverrideAddress = "172.17.0.1" | |
| #maxConn = 1024 | |
| #port = 80 | |
| #adminUser = "admin" | |
| #adminPass = "interlock" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # managed by interlock | |
| global | |
| {{ if .Config.SyslogAddr }}log {{ .Config.SyslogAddr }} local0 | |
| log-send-hostname{{ end }} | |
| maxconn {{ .Config.MaxConn }} | |
| pidfile {{ .Config.PidPath }} | |
| ssl-server-verify {{ .Config.SSLServerVerify }} | |
| tune.ssl.default-dh-param {{ .Config.SSLDefaultDHParam }} | |
| defaults | |
| mode http | |
| retries 3 | |
| option redispatch | |
| option httplog | |
| option dontlognull | |
| option http-server-close | |
| option forwardfor | |
| timeout connect {{ .Config.ConnectTimeout }} | |
| timeout client {{ .Config.ClientTimeout }} | |
| timeout server {{ .Config.ServerTimeout }} | |
| frontend http-default | |
| bind *:{{ .Config.Port }} | |
| {{ if .Config.SSLCert }}bind *:{{ .Config.SSLPort }} ssl crt {{ .Config.SSLCert }} {{ .Config.SSLOpts }}{{ end }} | |
| monitor-uri /haproxy?monitor | |
| {{ if .Config.AdminUser }}stats realm Stats | |
| stats auth {{ .Config.AdminUser }}:{{ .Config.AdminPass}}{{ end }} | |
| stats enable | |
| stats uri /haproxy?stats | |
| stats refresh 5s | |
| {{ range $host := .Hosts }} | |
| use_backend {{ $host.Name }} | |
| {{ end }} | |
| {{ range $host := .Hosts }}backend {{ $host.Name }} | |
| http-response add-header X-Request-Start %Ts.%ms | |
| balance {{ $host.BalanceAlgorithm }} | |
| {{ range $option := $host.BackendOptions }}option {{ $option }} | |
| {{ end }} | |
| {{ if $host.Check }}option {{ $host.Check }}{{ end }} | |
| {{ if $host.SSLOnly }}redirect scheme https if !{ ssl_fc }{{ end }} | |
| {{ range $i,$up := $host.Upstreams }}server {{ $up.Container }} {{ $up.Addr }} check inter {{ $up.CheckInterval }}{{ if $host.SSLBackend }} ssl sni req.hdr(Host) verify {{ $host.SSLBackendTLSVerify }}{{ end }} | |
| {{ end }} | |
| {{ end }} | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Interlock dev container | |
| git clone https://github.com/everett-toews/swarmer.git | |
| cd swarmer | |
| ./deploy.sh | |
| eval $(docker-machine env --swarm swarm-master) | |
| mkdir -p go/src/github.com/ehazlett | |
| cd go/src/github.com/ehazlett | |
| git clone git@github.com:ehazlett/interlock.git # this should be your fork | |
| cd interlock | |
| docker network create mynetwork | |
| docker run -it --rm \ | |
| --name dev \ | |
| --net mynetwork \ | |
| --publish 8080:8080 \ | |
| --volume $(pwd):/go/src/github.com/ehazlett/interlock \ | |
| --volume $(pwd)/.config:/etc/interlock \ | |
| --volume $DOCKER_CERT_PATH:/etc/docker \ | |
| --env DOCKER_CERT_PATH=/etc/docker \ | |
| --env DOCKER_TLS_VERIFY=1 \ | |
| --env DOCKER_HOST=$DOCKER_HOST \ | |
| --env DOCKER_HUB_USERNAME=$DOCKER_HUB_USERNAME \ | |
| --env DOCKER_HUB_PASSWORD=$DOCKER_HUB_PASSWORD \ | |
| --env REPO=etoews/interlock \ | |
| --env TAG=templates \ | |
| --workdir /go/src/github.com/ehazlett/interlock \ | |
| etoews/go | |
| make build | |
| cmd/interlock/interlock -D run --config /etc/interlock/config.toml | |
| docker login -u $DOCKER_HUB_USERNAME -p $DOCKER_HUB_PASSWORD -e everett.toews@example.com | |
| make image | |
| docker push $REPO:$TAG | |
| # Need to pick one of Nginx or HAProxy for your proxy | |
| # Nginx | |
| docker run --detach \ | |
| --name nginx2 \ | |
| --net mynetwork \ | |
| --publish 80:80 \ | |
| --label interlock.ext.name=nginx \ | |
| nginx:1.9 | |
| docker exec nginx cat /etc/nginx/nginx.conf | |
| curl -s http://$(docker port nginx 80) | grep strong | |
| open http://$(docker port nginx 80) | |
| # HAProxy | |
| docker run --detach \ | |
| --name haproxy \ | |
| --net mynetwork \ | |
| --restart unless-stopped \ | |
| --publish 80:80 \ | |
| --label interlock.ext.name=haproxy \ | |
| haproxy:1.6 | |
| docker exec haproxy cat /usr/local/etc/haproxy/haproxy.cfg | |
| curl -s http://$(docker port haproxy 80) | grep strong | |
| open http://$(docker port haproxy 80) | |
| open http://$(docker port haproxy 80)/haproxy?monitor | |
| open http://$(docker port haproxy 80)/haproxy?stats | |
| # App | |
| docker run --detach \ | |
| --net mynetwork \ | |
| --expose 8080 \ | |
| --label interlock.network=mynetwork \ | |
| --label interlock.hostname=test \ | |
| --label interlock.domain=local \ | |
| ehazlett/docker-demo |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # managed by interlock | |
| user {{ .Config.User }}; | |
| worker_processes {{ .Config.WorkerProcesses }}; | |
| worker_rlimit_nofile {{ .Config.RLimitNoFile }}; | |
| error_log /var/log/error.log warn; | |
| pid {{ .Config.PidPath }}; | |
| events { | |
| worker_connections {{ .Config.MaxConn }}; | |
| } | |
| http { | |
| include /etc/nginx/mime.types; | |
| default_type application/octet-stream; | |
| server_names_hash_bucket_size 128; | |
| client_max_body_size 2048M; | |
| log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | |
| '$status $body_bytes_sent "$http_referer" ' | |
| '"$http_user_agent" "$http_x_forwarded_for"'; | |
| access_log /var/log/nginx/access.log main; | |
| sendfile on; | |
| #tcp_nopush on; | |
| keepalive_timeout 65; | |
| # If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the | |
| # scheme used to connect to this server | |
| map $http_x_forwarded_proto $proxy_x_forwarded_proto { | |
| default $http_x_forwarded_proto; | |
| '' $scheme; | |
| } | |
| #gzip on; | |
| proxy_connect_timeout {{ .Config.ProxyConnectTimeout }}; | |
| proxy_send_timeout {{ .Config.ProxySendTimeout }}; | |
| proxy_read_timeout {{ .Config.ProxyReadTimeout }}; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; | |
| proxy_set_header Host $http_host; | |
| send_timeout {{ .Config.SendTimeout }}; | |
| # ssl | |
| ssl_ciphers {{ .Config.SSLCiphers }}; | |
| ssl_protocols {{ .Config.SSLProtocols }}; | |
| map $http_upgrade $connection_upgrade { | |
| default upgrade; | |
| '' close; | |
| } | |
| {{ range $host := .Hosts }} | |
| upstream {{ $host.Upstream.Name }} { | |
| zone {{ $host.Upstream.Name }}_backend 64k; | |
| {{ range $up := $host.Upstream.Servers }}server {{ $up.Addr }}; | |
| {{ end }} | |
| } | |
| server { | |
| listen {{ $host.Port }}; | |
| {{ if $host.SSLOnly }}return 302 https://$server_name$request_uri;{{ else }} | |
| location / { | |
| {{ if $host.SSLBackend }}proxy_pass https://{{ $host.Upstream.Name }};{{ else }}proxy_pass http://{{ $host.Upstream.Name }};{{ end }} | |
| } | |
| {{ range $ws := $host.WebsocketEndpoints }} | |
| location {{ $ws }} { | |
| {{ if $host.SSLBackend }}proxy_pass https://{{ $host.Upstream.Name }};{{ else }}proxy_pass http://{{ $host.Upstream.Name }};{{ end }} | |
| proxy_http_version 1.1; | |
| proxy_set_header Upgrade $http_upgrade; | |
| proxy_set_header Connection $connection_upgrade; | |
| } | |
| location /nginx_status { | |
| stub_status on; | |
| access_log off; | |
| } | |
| {{ end }} | |
| {{ end }} | |
| } | |
| {{ if $host.SSL }} | |
| server { | |
| listen {{ $host.SSLPort }}; | |
| ssl on; | |
| ssl_certificate {{ $host.SSLCert }}; | |
| ssl_certificate_key {{ $host.SSLCertKey }}; | |
| location / { | |
| {{ if $host.SSLBackend }}proxy_pass https://{{ $host.Upstream.Name }};{{ else }}proxy_pass http://{{ $host.Upstream.Name }};{{ end }} | |
| } | |
| {{ range $ws := $host.WebsocketEndpoints }} | |
| location {{ $ws }} { | |
| {{ if $host.SSLBackend }}proxy_pass https://{{ $host.Upstream.Name }};{{ else }}proxy_pass http://{{ $host.Upstream.Name }};{{ end }} | |
| proxy_http_version 1.1; | |
| proxy_set_header Upgrade $http_upgrade; | |
| proxy_set_header Connection $connection_upgrade; | |
| } | |
| location /nginx_status { | |
| stub_status on; | |
| access_log off; | |
| } | |
| {{ end }} | |
| } | |
| {{ end }} | |
| {{ end }} | |
| include {{ .Config.ConfigBasePath }}/conf.d/*.conf; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment