Add NGinx and Insecure Traefik

2021-01-20 10:44:42 +00:00 · 2021-01-20 10:44:42 +00:00 · 446cdd5c70
commit 446cdd5c70
parent cd67585925
8 changed files with 271 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -1,2 +1,25 @@
 # traefik-vs-nginx-docker
-Examples showing how to use Traefik and Nginx for Reverse Proxy
+
+Examples showing how to use Traefik and Nginx for Reverse Proxy.
+
+This repository is to complement my blog post on this topic, [Traefik vs Nginx for Reverse Proxy with Docker on a Raspberry Pi](https://www.alexhyett.com/traefik-vs-nginx-docker-raspberry-pi).
+
+## NGINX Example
+
+```
+docker-compose -f docker-compose.nginx.yml up
+```
+
+You will then be able to access whoami from http://localhost/whoami.
+
+## Traefik Example
+
+For traefik I have included 2 version, one insecure version for local use and a SSL password protected version.
+
+### Insecure version
+
+```
+docker-compose -f docker-compose.traefik.yml up
+```
+
+You will then be able to access whoami from http://localhost/whoami and the Traefik dashboard from http://localhost:8080.
--- a/docker-compose.nginx.yml
+++ b/docker-compose.nginx.yml
@ -0,0 +1,21 @@
+version: '3.4'
+services:
+  nginx:
+    build: nginx
+    restart: 'unless-stopped'
+    networks:
+      - pi
+    ports:
+      - '80:80'
+    depends_on:
+      - whoami
+
+  whoami:
+    image: 'traefik/whoami'
+    restart: 'unless-stopped'
+    networks:
+      - pi
+
+networks:
+  pi:
+    external: true
--- a/docker-compose.traefik.yml
+++ b/docker-compose.traefik.yml
@ -0,0 +1,28 @@
+version: '3.4'
+services:
+  traefik:
+    image: 'traefik:2.3'
+    container_name: 'traefik'
+    restart: 'unless-stopped'
+    ports:
+      - '80:80'
+      - '8080:8080'
+    volumes:
+      - '/var/run/docker.sock:/var/run/docker.sock:ro'
+      - ./traefik/traefik.toml:/traefik.toml
+    networks:
+      - pi
+
+  whoami:
+    image: 'traefik/whoami'
+    restart: 'unless-stopped'
+    labels:
+      - 'traefik.enable=true'
+      - 'traefik.http.routers.whoami.rule=PathPrefix(`/whoami{regex:$$|/.*}`)'
+      - 'traefik.http.services.whoami.loadbalancer.server.port=80'
+    networks:
+      - pi
+
+networks:
+  pi:
+    external: true
--- a/nginx/Dockerfile
+++ b/nginx/Dockerfile
@ -0,0 +1,26 @@
+FROM debian:buster-slim
+
+# Default timezone to UTC
+ENV TMZ UTC
+
+COPY nginx.sh /usr/bin/nginx.sh
+RUN chmod 755 /usr/bin/nginx.sh
+
+RUN export DEBIAN_FRONTEND='noninteractive' && \
+    apt-get update -qq && \
+    apt-get install -qqy --no-install-recommends nginx &&\
+    apt-get clean && \
+    sed -i 's/#gzip/gzip/' /etc/nginx/nginx.conf && \
+    sed -i "/http_x_forwarded_for\"';/s/';/ '/" /etc/nginx/nginx.conf && \
+    rm -rf /etc/nginx/sites-enabled/* && \
+    rm -rf /var/lib/apt/lists/* /tmp/*
+
+# forward request and error logs to docker log collector
+RUN ln -sf /dev/stdout /var/log/nginx/access.log \
+    && ln -sf /dev/stderr /var/log/nginx/error.log
+
+COPY default.conf /etc/nginx/conf.d/
+
+EXPOSE 80 443
+
+ENTRYPOINT ["nginx.sh"]
--- a/nginx/default.conf
+++ b/nginx/default.conf
@ -0,0 +1,44 @@
+##
+# You should look at the following URL's in order to grasp a solid understanding
+# of Nginx configuration files in order to fully unleash the power of Nginx.
+# http://wiki.nginx.org/Pitfalls
+# http://wiki.nginx.org/QuickStart
+# http://wiki.nginx.org/Configuration
+#
+# Generally, you will want to move this file somewhere, and start with a clean
+# file but keep this around for reference. Or just disable in sites-enabled.
+#
+# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
+##
+
+# HTTP Server
+server {
+    listen 80 default_server;
+    # listen [::]:80 default_server ipv6only=on;
+    root   /srv/www;
+
+    # Make site accessible from http://localhost/
+    server_name localhost;
+
+    error_log stderr notice;
+
+    #location-start
+    location /whoami {
+        proxy_pass       http://whoami;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Real-IP $remote_addr;
+
+
+        ## Required for websockets
+        proxy_http_version 1.1;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_read_timeout 600s;
+
+        ## Optional: Do not log, get it at the destination
+        access_log off;
+    }
+    #location-end
+}
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@ -0,0 +1,98 @@
+user abc;
+worker_processes 4;
+pid /run/nginx.pid;
+include /etc/nginx/modules/*.conf;
+
+events {
+	worker_connections 768;
+	# multi_accept on;
+}
+
+http {
+
+	##
+	# Basic Settings
+	##
+
+	sendfile on;
+	tcp_nopush on;
+	tcp_nodelay on;
+	keepalive_timeout 65;
+	types_hash_max_size 2048;
+	# server_tokens off;
+
+	# server_names_hash_bucket_size 64;
+	# server_name_in_redirect off;
+
+	client_max_body_size 0;
+
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	##
+	# Logging Settings
+	##
+
+	access_log /config/log/nginx/access.log;
+	error_log /config/log/nginx/error.log;
+
+	##
+	# Gzip Settings
+	##
+
+	gzip on;
+	gzip_disable "msie6";
+
+	# gzip_vary on;
+	# gzip_proxied any;
+	# gzip_comp_level 6;
+	# gzip_buffers 16 8k;
+	# gzip_http_version 1.1;
+	# gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+
+	##
+	# nginx-naxsi config
+	##
+	# Uncomment it if you installed nginx-naxsi
+	##
+
+	#include /etc/nginx/naxsi_core.rules;
+
+	##
+	# nginx-passenger config
+	##
+	# Uncomment it if you installed nginx-passenger
+	##
+
+	#passenger_root /usr;
+	#passenger_ruby /usr/bin/ruby;
+
+	##
+	# Virtual Host Configs
+	##
+	include /etc/nginx/conf.d/*.conf;
+	include /config/nginx/site-confs/*;
+}
+
+
+#mail {
+#	# See sample authentication script at:
+#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
+#
+#	# auth_http localhost/auth.php;
+#	# pop3_capabilities "TOP" "USER";
+#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
+#
+#	server {
+#		listen     localhost:110;
+#		protocol   pop3;
+#		proxy      on;
+#	}
+#
+#	server {
+#		listen     localhost:143;
+#		protocol   imap;
+#		proxy      on;
+#	}
+#}
+daemon off;
--- a/nginx/nginx.sh
+++ b/nginx/nginx.sh
@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+set -o nounset # Treat unset variables as an error
+
+### timezone: Set the timezone for the container
+timezone="$TMZ"
+[[ -e /usr/share/zoneinfo/$timezone ]] || {
+    echo "ERROR: invalid timezone specified: $timezone" >&2
+    return
+}
+
+if [[ -w /etc/timezone && $(cat /etc/timezone) != $timezone ]]; then
+    echo "$timezone" >/etc/timezone
+    ln -sf /usr/share/zoneinfo/$timezone /etc/localtime
+    dpkg-reconfigure -f noninteractive tzdata >/dev/null 2>&1
+fi
+
+# Start Nginx
+exec nginx -g "daemon off;"
--- a/traefik/traefik.toml
+++ b/traefik/traefik.toml
@ -0,0 +1,12 @@
+[entryPoints]
+  [entryPoints.web]
+    address = ":80"
+
+[api]
+  dashboard = true
+  insecure = true
+
+[providers.docker]
+  watch = true
+  network = "web"
+  exposedByDefault = false