diff options
| author |   Eddie Arrage <eddie.arrage@huawei.com> | 2018-03-21 18:38:59 +0000 |
|---|---|---|
| committer | Eddie Arrage <eddie.arrage@huawei.com> | 2018-03-30 01:22:37 +0000 |
| commit | 1575a9b3f7e7f475d4d5d8d1541f783948c0d398 (patch) | |
| tree | 6c663149df632258e41a5d961079a9236d42a7a8 /samples/services/nginx/docker/grpc/templates/lb.template | |
| parent | 9f3d87d798cf04c243e82d284a7dc4f7b3ec5c1a (diff) | |
Added initial nginx services
- Proxy allows ingress traffic to be sent to another element in
service mesh
- Mirroring is also in the default configuration
- Default configuration is to proxy to a clover-server and mirror
to snort-ids
- A location_path (URI in HTTP requests) can be reconfigured to
restrict proxing; default to '/'
- A proxy_path can be reconfigured to specify an alternate destination
- A mirror path can be reconfigured to specify where traffic
will be spanned
- The default server_port (listen port) for the proxy is 9180 but can be
reconfigured
- The default server_name is http-proxy but can be reconfigured
- Reconfiguration is done over GRPC with jinja2 template for nginx
- Currently snort ids sends alerts to proxy with stub code in GRPC
- Refactored the code to have a nginx base with subservices
- Proxy, Load Balancer (lb), and Server can share code - mainly GRPC
server
- Nginx subservices have separate docker builds
- Improved build scripts for CI
- Render yaml manifests dynamically
- Improve nginx_client for runtime modifications (but not really
useful yet)
Change-Id: Icbff6890021bcc8a8da4690c9261205d6e1ca43a
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
Diffstat (limited to 'samples/services/nginx/docker/grpc/templates/lb.template')
| -rw-r--r-- | samples/services/nginx/docker/grpc/templates/lb.template | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/samples/services/nginx/docker/grpc/templates/lb.template b/samples/services/nginx/docker/grpc/templates/lb.template new file mode 100644 index 0000000..4866408 --- /dev/null +++ b/samples/services/nginx/docker/grpc/templates/lb.template @@ -0,0 +1,82 @@ +user www-data; +worker_processes auto; +pid /run/nginx.pid; + +events { + worker_connections 768; + # multi_accept on; +} + +http { + + ## + # Basic Settings + ## + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + # server_tokens off; + + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## + # SSL Settings + ## + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + + ## + # Logging Settings + ## + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + ## + # Gzip Settings + ## + + gzip on; + gzip_disable "msie6"; + + # gzip_vary on; + # gzip_proxied any; + # gzip_comp_level 6; + # gzip_buffers 16 8k; + # gzip_http_version 1.1; + # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + ## + # Virtual Host Configs + ## + + include /etc/nginx/conf.d/*.conf; + #include /etc/nginx/sites-enabled/*; + + upstream {{ slb_group }} { + {%- for item in slb_list %} + server {{ item }}; + {%- endfor %} + } + + server { + listen {{ server_port }}; + server_name {{ server_name }}; + + location {{ lb_path }} { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_pass http://{{ slb_group }}; + } + + } + +} + |