From b4c5be54a9991f8976f5ab72ffd1ce61f3dec08e Mon Sep 17 00:00:00 2001
From: Alex Ellis <alexellis2@gmail.com>
Date: Sat, 28 Oct 2017 09:01:29 +0100
Subject: [PATCH] Add Nginx config with docker secrets

Signed-off-by: Alex Ellis <alexellis2@gmail.com>
---
 contrib/nginx/Dockerfile   |  4 ++++
 contrib/nginx/README.md    | 46 ++++++++++++++++++++++++++++++++++++++
 contrib/nginx/gateway.conf | 42 ++++++++++++++++++++++++++++++++++
 3 files changed, 92 insertions(+)
 create mode 100644 contrib/nginx/Dockerfile
 create mode 100644 contrib/nginx/README.md
 create mode 100644 contrib/nginx/gateway.conf

diff --git a/contrib/nginx/Dockerfile b/contrib/nginx/Dockerfile
new file mode 100644
index 00000000..e2044915
--- /dev/null
+++ b/contrib/nginx/Dockerfile
@@ -0,0 +1,4 @@
+FROM nginx:latest
+
+COPY gateway.conf /etc/nginx/conf.d/default.conf
+
diff --git a/contrib/nginx/README.md b/contrib/nginx/README.md
new file mode 100644
index 00000000..0abbf686
--- /dev/null
+++ b/contrib/nginx/README.md
@@ -0,0 +1,46 @@
+### Create a .htaccess:
+
+```
+$ sudo apt-get install apache2-utils
+```
+
+```
+$ htpasswd -c openfaas.htpasswd admin
+New password: 
+Re-type new password: 
+Adding password for user admin
+```
+
+Example:
+
+```
+$ cat openfaas.htpasswd 
+admin:$apr1$BgwAfB5i$dfzQPXy6VliPCVqofyHsT.
+```
+
+### Create a secret in the cluster
+
+```
+$ docker secret create --label openfaas openfaas_htpasswd openfaas.htpasswd 
+q70h0nsj9odbtv12vrsijcutx
+```
+
+You can now see the secret created:
+
+```
+$ docker secret ls
+ID                          NAME                DRIVER              CREATED             UPDATED
+q70h0nsj9odbtv12vrsijcutx   openfaas_htpasswd                       13 seconds ago      13 seconds ago
+```
+
+### Launch nginx
+
+Build gwnginx from contrib directory. 
+
+```
+$ docker service rm gwnginx ; \
+ docker service create --network=func_functions \
+   --secret openfaas_htpasswd --publish 8081:8080 --name gwnginx gwnginx 
+```
+
+
diff --git a/contrib/nginx/gateway.conf b/contrib/nginx/gateway.conf
new file mode 100644
index 00000000..ded9dd2b
--- /dev/null
+++ b/contrib/nginx/gateway.conf
@@ -0,0 +1,42 @@
+ server {
+  listen       8080;
+
+#  location ~ ^/(/system|/ui)/ {
+
+   location /system {
+      proxy_set_header    X-Real-IP $remote_addr;
+      proxy_set_header    Host      $http_host;
+      proxy_pass          http://gateway:8080/;
+      auth_basic "Restricted";                    		#For Basic Auth
+      auth_basic_user_file /var/run/secrets/openfaas.htpasswd;  #For Basic Auth
+  }
+ 
+  location / {
+      proxy_set_header    X-Real-IP $remote_addr;
+      proxy_set_header    Host      $http_host;
+      proxy_pass          http://gateway:8080/;
+  }
+ 
+  location /ui {
+      proxy_set_header    X-Real-IP $remote_addr;
+      proxy_set_header    Host      $http_host;
+      proxy_pass          http://gateway:8080/;
+      auth_basic "Restricted";                    		#For Basic Auth
+      auth_basic_user_file /var/run/secrets/openfaas.htpasswd;  #For Basic Auth
+  }
+  
+  location /async/function {
+	proxy_set_header    X-Real-IP $remote_addr;
+        proxy_set_header    Host      $http_host;
+        proxy_pass          http://gateway:8080/;
+  }
+
+
+  location /function {
+	proxy_set_header    X-Real-IP $remote_addr;
+        proxy_set_header    Host      $http_host;
+        proxy_pass          http://gateway:8080/;
+  }
+
+}
+