update for docker networking layer

This fixes issues with docker-compose containers killing the proxy. I'm
using a fork of docker-gen while I wait for the groupByTag PR to be
merged and released.

I've strayed further from the upstream nginx-proxy container now, I'm
not sure that it makes sense to build on top of it anymore. These
changes aren't likely to be accepted upstream since they're targetted
specifically at a local dev environment, which is not a primary use
case for nginx-proxy.

Author: codekitchen

Dockerfile

@@ -1,4 +1,15 @@
-FROM jwilder/nginx-proxy
+FROM jwilder/nginx-proxy:0.3.6
 MAINTAINER Brian Palmer <[email protected]>
 
-ADD *.conf /etc/nginx/conf.d/
+# XXX: this can be removed once upstream nginx-proxy is updated
+ENV DOCKER_GEN_VERSION 0.6-groupByLabel
+RUN wget https://github.com/codekitchen/docker-gen/releases/download/v0.6-groupByLabel/docker-gen-linux-amd64-$DOCKER_GEN_VERSION.tar.gz \
+ && tar -C /usr/local/bin -xvzf docker-gen-linux-amd64-$DOCKER_GEN_VERSION.tar.gz \
+ && rm docker-gen-linux-amd64-$DOCKER_GEN_VERSION.tar.gz
+# /XXX
+
+# override nginx configs
+COPY *.conf /etc/nginx/conf.d/
+
+# override nginx-proxy templating
+COPY nginx.tmpl Procfile reload-nginx /app/

Procfile

@@ -0,0 +1,2 @@
+nginx: nginx
+dockergen: docker-gen -watch -only-exposed -notify "/app/reload-nginx" /app/nginx.tmpl /etc/nginx/conf.d/default.conf

nginx.tmpl

@@ -0,0 +1,88 @@
+{{ $CurrentContainer := where $ "Hostname" .Env.HOSTNAME | first }}
+
+# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
+# scheme used to connect to this server
+map $http_x_forwarded_proto $proxy_x_forwarded_proto {
+  default $http_x_forwarded_proto;
+  ''      $scheme;
+}
+
+# If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any
+# Connection header that may have been passed to this server
+map $http_upgrade $proxy_connection {
+  default upgrade;
+  '' close;
+}
+
+gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+
+log_format vhost '$host $remote_addr - $remote_user [$time_local] '
+                 '"$request" $status $body_bytes_sent '
+                 '"$http_referer" "$http_user_agent"';
+
+access_log off;
+
+{{ if (exists "/etc/nginx/proxy.conf") }}
+include /etc/nginx/proxy.conf;
+{{ else }}
+# HTTP 1.1 support
+proxy_http_version 1.1;
+proxy_buffering off;
+proxy_set_header Host $http_host;
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header Connection $proxy_connection;
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
+{{ end }}
+
+{{ define "server" }}
+{{/* Get the VIRTUAL_PROTO defined by containers w/ the same vhost, falling back to "http" */}}
+{{ $proto := or (first (groupByKeys .Containers "Env.VIRTUAL_PROTO")) "http" }}
+
+upstream {{ .Host }} {
+{{ range $container := .Containers }}
+	{{ $port := coalesce $container.Env.VIRTUAL_PORT (first $container.Addresses).Port "80" }}
+	{{ $address := coalesce (first $container.Addresses).IP (first $container.Networks).IP }}
+	server {{ $address }}:{{ $port }};
+{{ end }}
+}
+
+server {
+	server_name {{ .Host }};
+	listen 80;
+	access_log /var/log/nginx/access.log vhost;
+
+	{{ if (exists (printf "/etc/nginx/vhost.d/%s" .Host)) }}
+	include {{ printf "/etc/nginx/vhost.d/%s" .Host }};
+	{{ else if (exists "/etc/nginx/vhost.d/default") }}
+	include /etc/nginx/vhost.d/default;
+	{{ end }}
+
+	location / {
+		proxy_pass {{ trim $proto }}://{{ trim .Host }};
+		{{ if (exists (printf "/etc/nginx/htpasswd/%s" .Host)) }}
+		auth_basic	"Restricted {{ .Host }}";
+		auth_basic_user_file	{{ (printf "/etc/nginx/htpasswd/%s" .Host) }};
+		{{ end }}
+                {{ if (exists (printf "/etc/nginx/vhost.d/%s_location" .Host)) }}
+                include {{ printf "/etc/nginx/vhost.d/%s_location" .Host}};
+                {{ else if (exists "/etc/nginx/vhost.d/default_location") }}
+                include /etc/nginx/vhost.d/default_location;
+                {{ end }}
+	}
+}
+{{ end }}
+
+{{ $explicit := whereExist $ "Env.VIRTUAL_HOST" }}
+{{ range $host, $containers := groupByMulti $explicit "Env.VIRTUAL_HOST" "," }}
+	{{ template "server" (dict "Containers" $containers "Host" $host) }}
+{{ end }}
+
+{{ range $project, $projContainers := groupByLabel $ "com.docker.compose.project" }}
+  {{ range $service, $containers := groupByLabel $projContainers "com.docker.compose.service" }}
+	  {{ $container := first $containers }}
+		{{ $host := printf "%s.%s.%s" $service $project "docker" }}
+		{{ template "server" (dict "Containers" $containers "Host" $host) }}
+	{{ end }}
+{{ end }}

reload-nginx

@@ -0,0 +1,24 @@
+#!/bin/bash
+set -e
+
+name=${CONTAINER_NAME:-dinghy_http_proxy}
+
+# Join any networks we haven't joined yet, so that we can talk to containers on
+# those networks. This allows us to talk to containers created with
+# docker-compose v2 configs.
+#
+# This would be better rewritten as a binary that talks directly to the docker
+# API, to avoid the brittle CLI parsing.
+docker inspect -f '{{ range .NetworkSettings.Networks }}{{ .NetworkID }}
+{{ end }}' $name > /tmp/current_networks
+
+for network in `docker network ls | grep bridge | awk '{print $1}'`; do
+  if ! grep -q $network /tmp/current_networks; then
+    docker network connect $network $name
+  fi
+done
+
+# Now that we can reach these other hosts, reload nginx. Order is important
+# here, as nginx errors on startup if it can't resolve any of the specified
+# reverse proxy hosts.
+nginx -s reload