逆向工程>> docker-rewrite-proxy>> 返回
项目作者: dimitrov-adrian

项目描述 :
Simple apache mod_rewrite proxy with handy preset rules for routing to containers.
高级语言: Shell
项目地址: git://github.com/dimitrov-adrian/docker-rewrite-proxy.git
创建时间: 2021-05-20T10:43:33Z
项目社区:https://github.com/dimitrov-adrian/docker-rewrite-proxy
开源协议:
下载


DISCLAIMER: This image is aimed for testing environments, it is discouraged to use in production environments, or at
least with the default settings. For production purposes go with traefik or caddy

Default Proxy Rule

By default (if not set any REWRITE_*), every domain will be proxied by its SLD to a container resolved by this
name (could be compose service name or hostname). For development needs, it’s a good practice to use .localhost as most
of the browsers already handles it and resolving it to 127.0.0.1

Examples:

  • example.localhost -> example
  • sub2.sub1.example.localhost -> example
  • sub2.sub1.example2com.com -> example2com

Supported Protocols:

  • HTTP (http, https)
  • WebSocket (ws, wss)
  • FastCGI (fcgi)

Environment Variables

  • REWRITE_<PRIORITY> Add proxy rewrite rule from environment variables. \
    Format: <destination> <hostname regex pattern>. \
    \
    NOTE: whenever rewrite variable is set, the default rule is disabled.

  • TRUSTED_PROXIES Set apache2 remote_ip proxy list (defaults to
    10.0.0.0/8 100.64.0.0/10 172.16.0.0/12 192.168.0.0/16 169.254.0.0/16 127.0.0.0/8

  • ENABLE_HTTP2 Enables http2 handler (defaults to on)

  • TZ - Set time zone (defaults to UTC)

  • HOSTNAME - Set hostname (docker builtin)

  • APACHE_TIMEOUT Sets the apache’s timeout (defaults to 60)

  • APACHE_MAX_FORWARDS Set the apache’s max proxy forwards (defaults to 15)

  • SERVER_INFO_ENDPOINT Set endpoint for apache’s mod_info, or disable if empty (defaults to empy) leadslash is
    required

  • SERVER_STATUS_ENDPOINT Set endpoint for apache’s mod_status, or disable if empty (defaults to empy) leadslash is
    required

  • ENABLE_DEFLATE Enables deflate (defaults to on)

  • SERVER_ADMIN Set server’s admin email (defaults to admin@localhost)

  • ENABLE_ACME Enable apache’s mod_md for auto letsencrypt ssl (defaults to disabled)

  • ACME_DOMAINS Space separated list of domains to issue ACME certificate

  • ACME_AUTHORITY Defaults authority (defaults to https://acme-v02.api.letsencrypt.org/directory)

  • STRICT_TRANSPORT_SECURITY Sets the Strict-Transport-Security header (defaults to max-age=0)

Docker Compose Example

Take in mind that the proxy container must see target containers in the network. You could use user defined networks and
network aliases for that purpose.

  1. # docker-compose.yml
  3. version: "2.4"
  5. services:
  6.     proxy:
  7.         image: dimitrovadrian/rewrite-proxy
  8.         ports:
  9.             - "80:80"
  10.             - "443:443"
  11.         volumes:
  12.             # Custom .htaccess for more control
  13.             # - ./.htaccess:/var/www/proxy/.htaccess
  14.         environment:
  15.             TZ: GMT
  16.             SERVER_INFO_ENDPOINT: "/.httpd/info"
  17.             SERVER_STATUS_ENDPOINT: "/.httpd/status"
  19.             # Rules container <- domain pattern
  20.             REWRITE_1: 'blog wp\d+\.example\.com'
  21.             REWRITE_2: 'blog vlog\.example\.com'
  22.             REWRITE_100: 'image .*img\.example.com'
  23.             REWRITE_101: 'http://image:80 cdn\.example.com'
  24.             REWRITE_8999: "blog .*\.example-only.com"
  25.             REWRITE_9000: "blog example-only.com"
  27.             SERVER_ADMIN: 'JohnDoe@example.com'
  28.             ENABLE_ACME: 1
  29.             ACME_DOMAINS: 'vlog.example.com wp.example.com'
  30.             ACME_AUTHORITY: 'https://acme-staging-v02.api.letsencrypt.org/directory'
  31.     blog:
  32.         image: wordpress
  33.     images:
  34.         image: httpd:alpine

Then you could do:

  • web1.localhost
  • web2.localhost
  • wp1.example.com

FAQ

What is inside the box?

  • Alpine
  • Apache 2.4 (mod_rewrite, mod_proxy, mod_ssl)

Where is the apache’s DocumentRoot?

It is /var/www/proxy

How to use custom certificate

You could download and use mkcert, to generate your own certificate
and install them on your system, then you could mount them into /var/www/ssl/localhost.pem and /var/www/ssl/localhost.key

  1. # docker-compose.yml
  2. volumes:
  3.     - "./localhost.pem:/var/www/ssl/localhost.pem"
  4.     - "./localhost.key:/var/www/ssl/localhost.key"

But why self-signed certificate?

Because there is no certificate for localhost.

Why this container?

There is plenty of other options (traefik, caddy, … etc.), but I found this way, the most ease to setup for my needs.
All of the most popular alternatives are probably more performant for production needs, but for local dev environment I do not need most CPU/MEM performant, but something that will save me a time.

Since the Apache is one of the most used web servers, most of web devs are already aware of mod_rewrite, so will be ease
to use and modify with no learning curve.