From 1575a9b3f7e7f475d4d5d8d1541f783948c0d398 Mon Sep 17 00:00:00 2001
From: Eddie Arrage <eddie.arrage@huawei.com>
Date: Wed, 21 Mar 2018 18:38:59 +0000
Subject: Added initial nginx services

- Proxy allows ingress traffic to be sent to another element in
service mesh
- Mirroring is also in the default configuration
- Default configuration is to proxy to a clover-server and mirror
to snort-ids
- A location_path (URI in HTTP requests) can be reconfigured to
restrict proxing; default to '/'
- A proxy_path can be reconfigured to specify an alternate destination
- A mirror path can be reconfigured to specify where traffic
will be spanned
- The default server_port (listen port) for the proxy is 9180 but can be
reconfigured
- The default server_name is http-proxy but can be reconfigured
- Reconfiguration is done over GRPC with jinja2 template for nginx
- Currently snort ids sends alerts to proxy with stub code in GRPC

- Refactored the code to have a nginx base with subservices
- Proxy, Load Balancer (lb), and Server can share code - mainly GRPC
server
- Nginx subservices have separate docker builds

- Improved build scripts for CI
- Render yaml manifests dynamically
- Improve nginx_client for runtime modifications (but not really
useful yet)

Change-Id: Icbff6890021bcc8a8da4690c9261205d6e1ca43a
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
---
 .../nginx/docker/grpc/templates/lb.template        | 82 +++++++++++++++++++++
 .../nginx/docker/grpc/templates/proxy.template     | 85 ++++++++++++++++++++++
 .../nginx/docker/grpc/templates/server.template    | 71 ++++++++++++++++++
 3 files changed, 238 insertions(+)
 create mode 100644 samples/services/nginx/docker/grpc/templates/lb.template
 create mode 100644 samples/services/nginx/docker/grpc/templates/proxy.template
 create mode 100644 samples/services/nginx/docker/grpc/templates/server.template

(limited to 'samples/services/nginx/docker/grpc/templates')

diff --git a/samples/services/nginx/docker/grpc/templates/lb.template b/samples/services/nginx/docker/grpc/templates/lb.template
new file mode 100644
index 0000000..4866408
--- /dev/null
+++ b/samples/services/nginx/docker/grpc/templates/lb.template
@@ -0,0 +1,82 @@
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+
+events {
+	worker_connections 768;
+	# multi_accept on;
+}
+
+http {
+
+	##
+	# Basic Settings
+	##
+
+	sendfile on;
+	tcp_nopush on;
+	tcp_nodelay on;
+	keepalive_timeout 65;
+	types_hash_max_size 2048;
+	# server_tokens off;
+
+
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	##
+	# SSL Settings
+	##
+
+	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+	ssl_prefer_server_ciphers on;
+
+	##
+	# Logging Settings
+	##
+
+	access_log /var/log/nginx/access.log;
+	error_log /var/log/nginx/error.log;
+
+	##
+	# Gzip Settings
+	##
+
+	gzip on;
+	gzip_disable "msie6";
+
+	# gzip_vary on;
+	# gzip_proxied any;
+	# gzip_comp_level 6;
+	# gzip_buffers 16 8k;
+	# gzip_http_version 1.1;
+	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+	##
+	# Virtual Host Configs
+	##
+
+	include /etc/nginx/conf.d/*.conf;
+	#include /etc/nginx/sites-enabled/*;
+
+    upstream {{ slb_group }} {
+        {%- for item in slb_list %}
+            server {{ item }};
+        {%- endfor %}
+    }
+
+    server {
+        listen {{ server_port }};
+        server_name {{ server_name }};
+
+        location {{ lb_path }} {
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_pass http://{{ slb_group }};
+        }
+
+    }
+
+}
+
diff --git a/samples/services/nginx/docker/grpc/templates/proxy.template b/samples/services/nginx/docker/grpc/templates/proxy.template
new file mode 100644
index 0000000..72d611e
--- /dev/null
+++ b/samples/services/nginx/docker/grpc/templates/proxy.template
@@ -0,0 +1,85 @@
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+
+events {
+	worker_connections 768;
+	# multi_accept on;
+}
+
+http {
+
+	##
+	# Basic Settings
+	##
+
+	sendfile on;
+	tcp_nopush on;
+	tcp_nodelay on;
+	keepalive_timeout 65;
+	types_hash_max_size 2048;
+	# server_tokens off;
+
+
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	##
+	# SSL Settings
+	##
+
+	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+	ssl_prefer_server_ciphers on;
+
+	##
+	# Logging Settings
+	##
+
+	access_log /var/log/nginx/access.log;
+	error_log /var/log/nginx/error.log;
+
+	##
+	# Gzip Settings
+	##
+
+	gzip on;
+	gzip_disable "msie6";
+
+	# gzip_vary on;
+	# gzip_proxied any;
+	# gzip_comp_level 6;
+	# gzip_buffers 16 8k;
+	# gzip_http_version 1.1;
+	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+	##
+	# Virtual Host Configs
+	##
+
+	include /etc/nginx/conf.d/*.conf;
+	#include /etc/nginx/sites-enabled/*;
+
+    server {
+    listen {{ server_port }};
+    server_name {{ server_name }};
+
+        location {{ location_path }} {
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_pass {{ proxy_path }};
+
+            post_action @post_ids;
+        }
+
+        location @post_ids {
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_pass {{ mirror_path }};
+        }
+
+    }
+
+}
+
diff --git a/samples/services/nginx/docker/grpc/templates/server.template b/samples/services/nginx/docker/grpc/templates/server.template
new file mode 100644
index 0000000..b5f8f1f
--- /dev/null
+++ b/samples/services/nginx/docker/grpc/templates/server.template
@@ -0,0 +1,71 @@
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+
+events {
+	worker_connections 768;
+	# multi_accept on;
+}
+
+http {
+
+	##
+	# Basic Settings
+	##
+
+	sendfile on;
+	tcp_nopush on;
+	tcp_nodelay on;
+	keepalive_timeout 65;
+	types_hash_max_size 2048;
+	# server_tokens off;
+
+
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	##
+	# SSL Settings
+	##
+
+	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+	ssl_prefer_server_ciphers on;
+
+	##
+	# Logging Settings
+	##
+
+	access_log /var/log/nginx/access.log;
+	error_log /var/log/nginx/error.log;
+
+	##
+	# Gzip Settings
+	##
+
+	gzip on;
+	gzip_disable "msie6";
+
+	# gzip_vary on;
+	# gzip_proxied any;
+	# gzip_comp_level 6;
+	# gzip_buffers 16 8k;
+	# gzip_http_version 1.1;
+	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+	##
+	# Virtual Host Configs
+	##
+
+	include /etc/nginx/conf.d/*.conf;
+	#include /etc/nginx/sites-enabled/*;
+
+    server {
+        listen {{ server_port }};
+        server_name {{ server_name }};
+
+        root {{ site_root }};
+        index {{ site_index }};
+    }
+
+}
+
-- 
cgit 1.2.3-korg