inouk-lxc-proxy v0.0.5
Inouk LXC Proxy
A dynamic reverse proxy to map URL to LXC Containers.
Given:
cmorisse@srv.mydomain.net:~$ lxc-ls -f
NAME STATE IPV4 IPV6 AUTOSTART
----------------------------------------------------
dev-cu1 STOPPED - - NO
dmig-acme RUNNING 10.0.3.149 - YES
dev-acme RUNNING 10.0.3.112 - YES
test-acme RUNNING 10.0.3.87 - YES
test-jdoe RUNNING 10.0.3.17 - YES
dev-jdoe RUNNING 10.0.3.15 - YES
inouk-lxc-proxy dynamically maps URL and serve them from containers private IPs and ports:
URL => served from host / port
http://w-8069.dmig-acme.srv.mydomain.net => http://10.0.3.149:8069
http://w-80.test-jdoe.srv.mydomain.net => http://10.0.3.17:80
No need to:
- publish ports using iptables
- and/or update proxy config and restart / reload
Inouk LXC Proxy dynamically resolves containers and ports ; just create a container, let users launch any web server in it and directly open them in a web browser.
Inouk LXC Proxy is just a dev tool for now. You MUST NOT use it with production servers.
Inouk LXC Proxy is outrageously inspired from codebox.io behavior.
Install
On Linux (tested with Ubuntu)
With a sudo account:
sudo apt-get install nodejs nodejs-legacy npm
npm install -g inouk-lxc-proxy
Launch
Use inouk-lxc-proxy for usage hint.
glint@eye:~$ inouk-lxc-proxy
inouk-lxc-proxy.js
Usage:
inouk-lxc-proxy.js start [options]
Launch proxy and start map URL to Containers.
options:
-p number, --listen-port=number Port the proxy must listen to (default=8080)
-d number, --cache-retention-period=number State refresh period for STOPPED
and NONEXISTENT containers (default=120s)
Use inouk-lxc-proxy start to launch it.
glint@eye:~$ inouk-lxc-proxy start
inouk-lxc-proxy.js
(c) 2014 Cyril MORISSE - @cmorisse
Proxy running on port: 8080 with cache retention period set to 120 seconds.
Use command line options to adjust listen port and (lxc-ls) cache retention period.
Deployment
Use:
- Nodejitsu forever to run it continously. See https://github.com/nodejitsu/forever
- Ubuntu authbind to serve on port 80 with a non root user.
forever (to run continously)
With a sudo account:
sudo npm install forever -g
With the user account owner of the LXC Containers:
forever start $(which inouk-lxc-proxy) start
forever list
authbind (to serve on port 80 with a non root user)
With a sudo account:
# replace with the name of your containers owner
export INOUK_LXC_PROXY_USER=tristounet
sudo apt-get install -y authbind
# Configuration
sudo touch /etc/authbind/byport/80
sudo chown $INOUK_LXC_PROXY_USER /etc/authbind/byport/80
sudo chmod 755 /etc/authbind/byport/80
With the user account owner of the LXC Containers:
# Now to launch inouk-lxc-proxy on port 80:
authbind --deep forever start $(which inouk-lxc-proxy) start -p 80
# dont forget to go a little bit further and study forever options,
# log file and commands:
# forever stop $(which inouk-lxc-proxy)
# forever list
##License Inouk LXC Proxy is licensed under AGPL 3.0.
##Roadmap (not necessarily in this order)
- Add HTTPS support
- Add tests
- Stress and test it !!!!
- Add a customized security mecanism/callback to allow filtering on (Eg. throttling, source ip tests)
- Setup "real" logging
- Add websocket support
- Generalize to proxy to remote host and not only containers (using a callback parameter to route)
References
- https://thomashunter.name/blog/using-authbind-with-node-js/
- http://manpages.ubuntu.com/manpages/trusty/man1/authbind.1.html
#Disclaimer: Inouk LXC Proxy is my first node.js project. Don't hesitate to send some feedback.