/auto-proxy

Simple Docker-enabled Proxy server with HTTP/2 and automated SSL management using Let's Encrypt

Primary LanguageGo

License MIT

auto-proxy sets up a container running go http server with built-in Let's Encrypt support to automatically generate SSL/TLS certificates and built-in support for HTTP2.

Usage

To run it:

$ docker run -d -p 80:80 -p 443:443 -v /path/to/config/dir:/etc/auto-proxy -v /var/run/docker.sock:/var/run/docker.sock:ro ayufan/auto-proxy

Then start any containers you want proxied with an env var VIRTUAL_HOST=subdomain.youdomain.com

$ docker run -e VIRTUAL_HOST=foo.bar.com  ...

The containers being proxied must expose the port to be proxied, either by using the EXPOSE directive in their Dockerfile or by using the --expose flag to docker run or docker create.

Provided your DNS is setup to forward foo.bar.com to the a host running auto-proxy, the request will be routed to a container with the VIRTUAL_HOST env var set.

Multiple Ports

If your container exposes multiple ports, auto-proxy will check if any of these ports is exposed 80, 8080, 3000, 5000 and it will use it. If you need to specify a different port, you can set a VIRTUAL_PORT env var to select a different one.

Multiple Hosts

If you need to support multiple virtual hosts for a container, you can separate each entry with commas. For example, foo.bar.com,baz.bar.com,bar.com and each host will be setup the same.

Wildcard Hosts

You can also use wildcards at the beginning and the end of host name, like *.bar.com.

SSL Backends

If you would like to connect to your backend using HTTPS instead of HTTP, set VIRTUAL_PROTO=https on the backend container.

SSL Support with Let's Encrypt

Certificates for SSL are automatically generated using Let's Encrypt. They are generated on first use.

You can put own certificate by adding file to /path/to/config/certs with the certificate and private key. The certificate and keys should be named after the virtual host with a .crt and .key extension. For example, a container with VIRTUAL_HOST=foo.bar.com should have a foo.bar.com.crt and foo.bar.com.key file in the certs directory.

The default certificate used for all hosts for which the certificate can't be generated is stored in: /path/to/config/default.crt and /path/to/config/default.key

Configure HSTS

By default each site uses HSTS. To disable or overwrite HSTS specify: HTTP_HSTS.

Wildcard Certificates

Wildcard certificates and keys should be named after the domain name with a .crt and .key extension. For example VIRTUAL_HOST=foo.bar.com would use cert name bar.com.crt and bar.com.key.

How SSL Support Works

The default SSL cipher configuration is used of golang. The configuration also enables HSTS, and SSL session caches.

The port 80 is always exposed to 443 unless the ENABLE_HTTP=true is specified as environment variable for running container.

Till the certificate is generated the default.crt will be used to serve the site. The default.crt is generated on first run of auto-proxy and can be overwritten later.

Auto-sleep

Auto-proxy allows you to configure containers to auto-sleep after in-activity time by specifying AUTO_SLEEP variable in time.Duration format. For example: AUTO_SLEEP=30s or AUTO_SLEEP=30m.

Contributing

Before submitting pull requests or issues, please check github to make sure an existing issue or pull request is not already open.

Running Tests Locally

TBD

Use latest master

$ docker run -d -p 80:80 -p 443:443 -v /path/to/config/dir:/etc/auto-proxy -v /var/run/docker.sock:/var/run/docker.sock:ro ayufan/auto-proxy:master

Thanks

The idea of creating such proxy was borowed from jwilder/nginx-proxy which I used with great success for long time. Part of the docs are also borowed from there.