From 1575a9b3f7e7f475d4d5d8d1541f783948c0d398 Mon Sep 17 00:00:00 2001 From: Eddie Arrage Date: Wed, 21 Mar 2018 18:38:59 +0000 Subject: Added initial nginx services - Proxy allows ingress traffic to be sent to another element in service mesh - Mirroring is also in the default configuration - Default configuration is to proxy to a clover-server and mirror to snort-ids - A location_path (URI in HTTP requests) can be reconfigured to restrict proxing; default to '/' - A proxy_path can be reconfigured to specify an alternate destination - A mirror path can be reconfigured to specify where traffic will be spanned - The default server_port (listen port) for the proxy is 9180 but can be reconfigured - The default server_name is http-proxy but can be reconfigured - Reconfiguration is done over GRPC with jinja2 template for nginx - Currently snort ids sends alerts to proxy with stub code in GRPC - Refactored the code to have a nginx base with subservices - Proxy, Load Balancer (lb), and Server can share code - mainly GRPC server - Nginx subservices have separate docker builds - Improved build scripts for CI - Render yaml manifests dynamically - Improve nginx_client for runtime modifications (but not really useful yet) Change-Id: Icbff6890021bcc8a8da4690c9261205d6e1ca43a Signed-off-by: Eddie Arrage --- samples/services/nginx/docker/grpc/nginx.proto | 51 ++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 samples/services/nginx/docker/grpc/nginx.proto (limited to 'samples/services/nginx/docker/grpc/nginx.proto') diff --git a/samples/services/nginx/docker/grpc/nginx.proto b/samples/services/nginx/docker/grpc/nginx.proto new file mode 100644 index 0000000..3779a82 --- /dev/null +++ b/samples/services/nginx/docker/grpc/nginx.proto @@ -0,0 +1,51 @@ +// Copyright (c) Authors of Clover +// +// All rights reserved. This program and the accompanying materials +// are made available under the terms of the Apache License, Version 2.0 +// which accompanies this distribution, and is available at +// http://www.apache.org/licenses/LICENSE-2.0 + +syntax = "proto3"; + +package nginx; + +// The controller service definition. +service Controller { + + rpc ModifyProxy (ConfigProxy) returns (NginxReply) {} + rpc ModifyServer (ConfigServer) returns (NginxReply) {} + rpc ModifyLB (ConfigLB) returns (NginxReply) {} + rpc ProcessAlerts (AlertMessage) returns (NginxReply) {} +} + +message AlertMessage { + string event_id = 1; + string redis_key = 2; +} + +message ConfigProxy { + string server_port = 1; + string server_name = 2; + string location_path = 3; + string proxy_path = 4; + string mirror_path = 5; +} + +message ConfigServer { + string server_port = 1; + string server_name = 2; + string site_root = 3; + string site_index = 4; +} + +message ConfigLB { + string server_port = 1; + string server_name = 2; + string slb_list = 3; + string slb_group = 4; + string lb_path = 5; +} + +message NginxReply { + string message = 1; +} -- cgit 1.2.3-korg