Add Nginx config with docker secrets

Signed-off-by: Alex Ellis <alexellis2@gmail.com>
2025-06-21 14:23:25 +00:00 · 2017-10-28 09:01:29 +01:00
parent 6f005d2240
commit b4c5be54a9
3 changed files with 92 additions and 0 deletions
--- a/contrib/nginx/Dockerfile
+++ b/contrib/nginx/Dockerfile
@ -0,0 +1,4 @@
+FROM nginx:latest
+
+COPY gateway.conf /etc/nginx/conf.d/default.conf
+
--- a/contrib/nginx/README.md
+++ b/contrib/nginx/README.md
@ -0,0 +1,46 @@
+### Create a .htaccess:
+
+```
+$ sudo apt-get install apache2-utils
+```
+
+```
+$ htpasswd -c openfaas.htpasswd admin
+New password: 
+Re-type new password: 
+Adding password for user admin
+```
+
+Example:
+
+```
+$ cat openfaas.htpasswd 
+admin:$apr1$BgwAfB5i$dfzQPXy6VliPCVqofyHsT.
+```
+
+### Create a secret in the cluster
+
+```
+$ docker secret create --label openfaas openfaas_htpasswd openfaas.htpasswd 
+q70h0nsj9odbtv12vrsijcutx
+```
+
+You can now see the secret created:
+
+```
+$ docker secret ls
+ID                          NAME                DRIVER              CREATED             UPDATED
+q70h0nsj9odbtv12vrsijcutx   openfaas_htpasswd                       13 seconds ago      13 seconds ago
+```
+
+### Launch nginx
+
+Build gwnginx from contrib directory. 
+
+```
+$ docker service rm gwnginx ; \
+ docker service create --network=func_functions \
+   --secret openfaas_htpasswd --publish 8081:8080 --name gwnginx gwnginx 
+```
+
+
--- a/contrib/nginx/gateway.conf
+++ b/contrib/nginx/gateway.conf
@ -0,0 +1,42 @@
+ server {
+  listen       8080;
+
+#  location ~ ^/(/system|/ui)/ {
+
+   location /system {
+      proxy_set_header    X-Real-IP $remote_addr;
+      proxy_set_header    Host      $http_host;
+      proxy_pass          http://gateway:8080/;
+      auth_basic "Restricted";                    		#For Basic Auth
+      auth_basic_user_file /var/run/secrets/openfaas.htpasswd;  #For Basic Auth
+  }
+ 
+  location / {
+      proxy_set_header    X-Real-IP $remote_addr;
+      proxy_set_header    Host      $http_host;
+      proxy_pass          http://gateway:8080/;
+  }
+ 
+  location /ui {
+      proxy_set_header    X-Real-IP $remote_addr;
+      proxy_set_header    Host      $http_host;
+      proxy_pass          http://gateway:8080/;
+      auth_basic "Restricted";                    		#For Basic Auth
+      auth_basic_user_file /var/run/secrets/openfaas.htpasswd;  #For Basic Auth
+  }
+  
+  location /async/function {
+	proxy_set_header    X-Real-IP $remote_addr;
+        proxy_set_header    Host      $http_host;
+        proxy_pass          http://gateway:8080/;
+  }
+
+
+  location /function {
+	proxy_set_header    X-Real-IP $remote_addr;
+        proxy_set_header    Host      $http_host;
+        proxy_pass          http://gateway:8080/;
+  }
+
+}
+