Skip to content

Instantly share code, notes, and snippets.

@kazu69

kazu69/Dockerfile

Last active September 3, 2015 17:19
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save kazu69/1a1922409dd3514f6f6c to your computer and use it in GitHub Desktop.
Save kazu69/1a1922409dd3514f6f6c to your computer and use it in GitHub Desktop.
Download ZIP
docker + nginx_mruby
Raw
authn_basic.rb
# hook/authn_basic.rb
user_list = {
:test => 'password'
}
realm_name = 'Private Page'
hin = Nginx::Headers_in.new
def authenticate_with(realm_name)
hout = Nginx::Headers_out.new
hout["WWW-Authenticate"] = %Q(Basic realm="#{realm_name}")
Nginx.return Nginx::HTTP_UNAUTHORIZED
end
def valid_credentials?(credentials)
return unless credentials.respond_to?(:match)
credentials.match(/Basic\s+(.+)\z/) do |str|
Base64::decode(str[1]).split(':')
user_list[user_name.chomp.to_sym] == password.chomp
end
end
if !hin["Authorization"].nil?
if valid_credentials? hin["Authorization"]
Nginx.echo 'Success authentication !'
Nginx.return Nginx::DECLINED
else
Nginx.return Nginx::HTTP_UNAUTHORIZED
end
else
authenticate_with realm_name
end
Raw
basic_auth.sh
# use port 8080
curl -I --user test:password http://localhost:8080/basic_auth/
HTTP/1.1 200 OK
Server: nginx/1.9.1
Date: Sun, 19 Jul 2015 03:39:09 GMT
Content-Type: text/html
Content-Length: 18
Last-Modified: Sun, 19 Jul 2015 02:38:21 GMT
Connection: keep-alive
ETag: "55ab0d9d-12"
Accept-Ranges: bytes
Raw
boot2docker-virtualbox-portformarding.sh
# 8080番ポートをboot2docker-vmの80番ポートにフォワーディング
VBoxManage controlvm "boot2docker-vm" natpf1 "tcp-8080,tcp,,8080,,80"
# 8443番ポートをboot2docker-vmの443番ポートにフォワーディング
VBoxManage controlvm "boot2docker-vm" natpf1 "tcp-8443,tcp,,8443,,443"
Raw
build_config.rb
# conf/build_config.rb
MRuby::Build.new do |conf|
toolchain :gcc
enable_debug
conf.gembox 'full-core'
#
# Recommended for ngx_mruby
#
conf.gem :github => 'iij/mruby-io'
conf.gem :github => 'iij/mruby-env'
conf.gem :github => 'iij/mruby-dir'
conf.gem :github => 'iij/mruby-digest'
conf.gem :github => 'iij/mruby-process'
conf.gem :github => 'iij/mruby-pack'
conf.gem :github => 'iij/mruby-socket'
conf.gem :github => 'mattn/mruby-json'
conf.gem :github => 'mattn/mruby-onig-regexp'
conf.gem :github => 'matsumoto-r/mruby-redis'
conf.gem :github => 'matsumoto-r/mruby-vedis'
conf.gem :github => 'matsumoto-r/mruby-sleep'
conf.gem :github => 'matsumoto-r/mruby-userdata'
conf.gem :github => 'matsumoto-r/mruby-uname'
conf.gem :github => 'matsumoto-r/mruby-mutex'
conf.gem :github => 'matsumoto-r/mruby-cache'
# ngx_mruby extended class
conf.gem '../mrbgems/ngx_mruby_mrblib'
# use memcached
# conf.gem :github => 'matsumoto-r/mruby-memcached'
# build error on travis ci 2014/12/01, commented out mruby-file-stat
# conf.gem :github => 'ksss/mruby-file-stat'
# use markdown on ngx_mruby
# conf.gem :github => 'matsumoto-r/mruby-discount'
# use mysql on ngx_mruby
#conf.gem :github => 'mattn/mruby-mysql'
# have GeoIPCity.dat
# conf.gem :github => 'matsumoto-r/mruby-geoip'
# Linux only for ngx_mruby
# conf.gem :github => 'matsumoto-r/mruby-capability'
# conf.gem :github => 'matsumoto-r/mruby-cgroup'
## user-defined GEMs
conf.gem :git => 'https://github.com/mattn/mruby-base64.git'
end
Raw
Dockerfile
FROM ubuntu
RUN apt-get update
RUN apt-get install -y software-properties-common python-software-properties
RUN add-apt-repository -y ppa:brightbox/ruby-ng
RUN apt-get -y update
RUN apt-get install -y git ruby2.2 rake curl wget gcc make bison libssl-dev libcurl4-openssl-dev libpcre3 libpcre3-dev
WORKDIR /usr/local/src/
RUN git clone git://github.com/matsumoto-r/ngx_mruby.git
WORKDIR /usr/local/src/ngx_mruby
RUN cp -p build_config.rb build_config.rb.org
ADD conf/build_config.rb /usr/local/src/ngx_mruby/build_config.rb
ENV NGINX_CONFIG_OPT_ENV --with-http_ssl_module --prefix=/usr/local/nginx
RUN sh build.sh
RUN make install
# https://raw.githubusercontent.com/JasonGiedymin/nginx-init-ubuntu/master/nginx
ADD initScript.sh /etc/init.d/
RUN mv /etc/init.d/initScript.sh /etc/init.d/nginx
RUN chmod +x /etc/init.d/nginx
RUN update-rc.d nginx defaults
ADD conf/nginx.conf /usr/local/nginx/conf/nginx.conf
ADD hook /usr/local/nginx/hook
ADD html /usr/local/nginx/html
EXPOSE 80 443
CMD service nginx start
Raw
initScript.sh
#! /bin/sh
### BEGIN INIT INFO
# Provides: nginx
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: nginx init.d dash script for Ubuntu or other *nix.
# Description: nginx init.d dash script for Ubuntu or other *nix.
### END INIT INFO
#------------------------------------------------------------------------------
# nginx - this Debian Almquist shell (dash) script, starts and stops the nginx
# daemon for Ubuntu and other *nix releases.
#
# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server. This \
# script will manage the initiation of the \
# server and it's process state.
#
# processname: nginx
# config: /usr/local/nginx/conf/nginx.conf
# pidfile: /usr/local/nginx/logs/nginx.pid
# Provides: nginx
#
# Author: Jason Giedymin
# <jason.giedymin AT gmail.com>.
#
# Version: 3.9.0 12-MAY-2015 jason.giedymin AT gmail.com
# Notes: nginx init.d dash script for Ubuntu.
# Tested with: Ubuntu 14.10, nginx-1.7.9
#
# This script's project home is:
# http://github.com/JasonGiedymin/nginx-init-ubuntu
#
#------------------------------------------------------------------------------
# MIT X11 License
#------------------------------------------------------------------------------
#
# Copyright (c) 2008-2013 Jason Giedymin, http://jasongiedymin.com
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the
# "Software"), to deal in the Software without restriction, including
# without limitation the rights to use, copy, modify, merge, publish,
# distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so, subject to
# the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#------------------------------------------------------------------------------
#------------------------------------------------------------------------------
# Functions
#------------------------------------------------------------------------------
LSB_FUNC=/lib/lsb/init-functions
# Test that init functions exists
test -r $LSB_FUNC || {
echo "$0: Cannot find $LSB_FUNC! Script exiting." 1>&2
exit 5
}
. $LSB_FUNC
#------------------------------------------------------------------------------
# Consts
#------------------------------------------------------------------------------
# Include nginx defaults if available
if [ -f /etc/default/nginx ]; then
. /etc/default/nginx
fi
# Minimize path
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
PS=${PS:-"nginx"} # process name
DESCRIPTION=${DESCRIPTION:-"Nginx Server..."} # process description
NGINXPATH=${NGINXPATH:-/usr/local/nginx} # root path where installed
DAEMON=${DAEMON:-$NGINXPATH/sbin/nginx} # path to daemon binary
NGINX_CONF_FILE=${NGINX_CONF_FILE:-$NGINXPATH/conf/nginx.conf} # config file path
PIDNAME=${PIDNAME:-"nginx"} # lets you do $PS-slave
PIDFILE=${PIDFILE:-$PIDNAME.pid} # pid file
PIDSPATH=${PIDSPATH:-$NGINXPATH/logs} # default pid location, you should change it
RUNAS=${RUNAS:-root} # user to run as
SCRIPT_OK=0 # ala error codes
SCRIPT_ERROR=1 # ala error codes
TRUE=1 # boolean
FALSE=0 # boolean
#------------------------------------------------------------------------------
# Simple Tests
#------------------------------------------------------------------------------
# Test if nginx is a file and executable
test -x $DAEMON || {
echo "$0: You don't have permissions to execute nginx." 1>&2
exit 4
}
# You can also set your conditions like so:
# set exit condition
# set -e
#------------------------------------------------------------------------------
# Functions
#------------------------------------------------------------------------------
setFilePerms(){
if [ -f $PIDSPATH/$PIDFILE ]; then
chmod 400 $PIDSPATH/$PIDFILE
fi
}
configtest() {
$DAEMON -t -c $NGINX_CONF_FILE
}
getPSCount() {
return `pgrep -f $PS | wc -l`
}
isRunning() {
if [ $1 ]; then
pidof_daemon $1
PID=$?
if [ $PID -gt 0 ]; then
return 1
else
return 0
fi
else
pidof_daemon
PID=$?
if [ $PID -gt 0 ]; then
return 1
else
return 0
fi
fi
}
#courtesy of php-fpm
wait_for_pid () {
try=0
while test $try -lt 35 ; do
case "$1" in
'created')
if [ -f "$2" ]; then
try=''
break
fi
;;
'removed')
if [ ! -f "$2" ]; then
try=''
break
fi
;;
esac
try=`expr $try + 1`
sleep 1
done
}
status(){
isRunning
isAlive=$?
if [ "${isAlive}" -eq $TRUE ]; then
log_warning_msg "$DESCRIPTION found running with processes: `pidof $PS`"
rc=0
else
log_warning_msg "$DESCRIPTION is NOT running."
rc=3
fi
return
}
removePIDFile(){
if [ $1 ]; then
if [ -f $1 ]; then
rm -f $1
fi
else
#Do default removal
if [ -f $PIDSPATH/$PIDFILE ]; then
rm -f $PIDSPATH/$PIDFILE
fi
fi
}
start() {
log_daemon_msg "Starting $DESCRIPTION"
isRunning
isAlive=$?
if [ "${isAlive}" -eq $TRUE ]; then
log_end_msg $SCRIPT_ERROR
rc=0
else
start-stop-daemon --start --quiet --chuid \
$RUNAS --pidfile $PIDSPATH/$PIDFILE --exec $DAEMON \
-- -c $NGINX_CONF_FILE
status=$?
setFilePerms
if [ "${status}" -eq 0 ]; then
log_end_msg $SCRIPT_OK
rc=0
else
log_end_msg $SCRIPT_ERROR
rc=7
fi
fi
return
}
stop() {
log_daemon_msg "Stopping $DESCRIPTION"
isRunning
isAlive=$?
if [ "${isAlive}" -eq $TRUE ]; then
start-stop-daemon --stop --quiet --pidfile $PIDSPATH/$PIDFILE
wait_for_pid 'removed' $PIDSPATH/$PIDFILE
if [ -n "$try" ]; then
log_end_msg $SCRIPT_ERROR
rc=0 # lsb states 1, but under status it is 2 (which is more prescriptive). Deferring to standard.
else
removePIDFile
log_end_msg $SCRIPT_OK
rc=0
fi
else
log_end_msg $SCRIPT_ERROR
rc=7
fi
return
}
reload() {
configtest || return $?
log_daemon_msg "Reloading (via HUP) $DESCRIPTION"
isRunning
if [ $? -eq $TRUE ]; then
kill -HUP `cat $PIDSPATH/$PIDFILE`
log_end_msg $SCRIPT_OK
rc=0
else
log_end_msg $SCRIPT_ERROR
rc=7
fi
return
}
quietupgrade() {
log_daemon_msg "Peforming Quiet Upgrade $DESCRIPTION"
isRunning
isAlive=$?
if [ "${isAlive}" -eq $TRUE ]; then
kill -USR2 `cat $PIDSPATH/$PIDFILE`
kill -WINCH `cat $PIDSPATH/$PIDFILE.oldbin`
isRunning
isAlive=$?
if [ "${isAlive}" -eq $TRUE ]; then
kill -QUIT `cat $PIDSPATH/$PIDFILE.oldbin`
wait_for_pid 'removed' $PIDSPATH/$PIDFILE.oldbin
removePIDFile $PIDSPATH/$PIDFILE.oldbin
log_end_msg $SCRIPT_OK
rc=0
else
log_end_msg $SCRIPT_ERROR
log_daemon_msg "ERROR! Reverting back to original $DESCRIPTION"
kill -HUP `cat $PIDSPATH/$PIDFILE`
kill -TERM `cat $PIDSPATH/$PIDFILE.oldbin`
kill -QUIT `cat $PIDSPATH/$PIDFILE.oldbin`
wait_for_pid 'removed' $PIDSPATH/$PIDFILE.oldbin
removePIDFile $PIDSPATH/$PIDFILE.oldbin
log_end_msg $SCRIPT_OK
rc=0
fi
else
log_end_msg $SCRIPT_ERROR
rc=7
fi
return
}
terminate() {
log_daemon_msg "Force terminating (via KILL) $DESCRIPTION"
PIDS=`pidof $PS` || true
[ -e $PIDSPATH/$PIDFILE ] && PIDS2=`cat $PIDSPATH/$PIDFILE`
for i in $PIDS; do
if [ "$i" = "$PIDS2" ]; then
kill $i
wait_for_pid 'removed' $PIDSPATH/$PIDFILE
removePIDFile
fi
done
log_end_msg $SCRIPT_OK
rc=0
}
destroy() {
log_daemon_msg "Force terminating and may include self (via KILLALL) $DESCRIPTION"
killall $PS -q >> /dev/null 2>&1
log_end_msg $SCRIPT_OK
rc=0
}
pidof_daemon() {
PIDS=`pidof $PS` || true
[ -e $PIDSPATH/$PIDFILE ] && PIDS2=`cat $PIDSPATH/$PIDFILE`
for i in $PIDS; do
if [ "$i" = "$PIDS2" ]; then
return 1
fi
done
return 0
}
action="$1"
case "$1" in
start)
start
;;
stop)
stop
;;
restart|force-reload)
stop
# if [ $rc -ne 0 ]; then
# script_exit
# fi
sleep 1
start
;;
reload)
$1
;;
status)
status
;;
configtest)
$1
;;
quietupgrade)
$1
;;
terminate)
$1
;;
destroy)
$1
;;
*)
FULLPATH=/etc/init.d/$PS
echo "Usage: $FULLPATH {start|stop|restart|force-reload|reload|status|configtest|quietupgrade|terminate|destroy}"
echo " The 'destroy' command should only be used as a last resort."
exit 3
;;
esac
exit $rc
Raw
nginx.conf
# conf/nginx.conf
#user nobody;
worker_processes 1;
daemon off;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
root html;
location / {
index index.html index.htm;
}
location /basic_auth/ {
mruby_access_handler /usr/local/nginx/hook/authn_basic.rb;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment