feat(ssl): create nginx SSL reverse proxy example (#58)

README.md

@@ -55,9 +55,10 @@ For a quick start with the Pact Broker and Postgres, we have an example
 Now you can access your local broker:
 
 ```sh
-# Get IP of your running Docker instance
-DOCKER_HOST=$(docker-machine ip $(docker-machine active))
-curl -v http://$DOCKER_HOST # you can visit in your browser too!
+curl -v http://localhost # you can visit in your browser too!
+
+# SSL endpoint, note that URLs in response contain https:// protocol
+curl -v -k https://localhost:8443
 ```
 
 _NOTE: this image should be modified before using in Production, in particular, the use of hard-coded credentials_

docker-compose.yml

@@ -24,3 +24,13 @@ services:
       PACT_BROKER_DATABASE_PASSWORD: password
       PACT_BROKER_DATABASE_HOST: postgres
       PACT_BROKER_DATABASE_NAME: postgres
+
+  nginx:
+    image: nginx:alpine
+    links:
+      - broker_app:broker
+    volumes:
+    - ./ssl/nginx.conf:/etc/nginx/conf.d/default.conf:ro
+    - ./ssl:/etc/nginx/ssl
+    ports:
+    - "8443:443"

ssl/nginx-selfsigned.crt

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDtTCCAp2gAwIBAgIJAPVSxq8aUpd1MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwHhcNMTgwMTE4MjMzMjMzWhcNMTkwMTE4MjMzMjMzWjBF
+MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50
+ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEA5vwTFJLlWmMC456Kv7uHxSqARkj5dwsb0lFoc5bGjOYvlJUu2S8F8QMc
+PlW2vXM7UsmBzbNgQsQh1FgRXgfNfHF80F21dILpzM/aA8a/GkJsKUZCHccQb5mq
+i25OrI4+XE6kSt/fwTbWRJGZgEADoIJ3wewcfzkJoeGonU+g8rYwPLq9xaHwFVFV
+x30KIZv5CToanHVy+aQUKg9m4VGuij22U7HzphS4IGZoaj2Uo0vpXqhWoKYrLFv2
+h0spP93Pr4VzoRGwlHgl2s+7qfwzRf9DhxePq9lGnqJ8TMQv1+jRITWB8jT8qW3Q
+t/+fWaGtkqbtgS8vGaAoXtXUZIWarQIDAQABo4GnMIGkMB0GA1UdDgQWBBSQCcqt
+DxAYpPkMWvMmU+DMT21RuDB1BgNVHSMEbjBsgBSQCcqtDxAYpPkMWvMmU+DMT21R
+uKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV
+BAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAPVSxq8aUpd1MAwGA1UdEwQF
+MAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAE+ryTcny4NfIhdAwFbGjfZSsOHf0Ivt
+5lW0hHA7SZVcPysgAlM8sk+aZDQdNEP6eoUfpuwLvAio/kpvr9pFI0THvBm9W9MS
+zWmKkGrsuk8MXM0SsPi+BSz49YwAtsLFku7fsr/GNAD6+Vw+fyF+ySvUYJ2FwOEF
+4lYfzy1X0BA6l4RVmnO1Rv8Mn6LkzrBMe4kW0VARaBsS3hO/FW2nHMSDSkRCFjKi
+4qeX6RcJhHzfsZnQi2gqbVQXUvYiSjZL561UZdaybNJdSU+uOKgK2NTU1Pv6Prkh
+HS9Gm+yEtgSvTx/JoLkiKx31Q4GH2hoommCT0viCcnKz1eHKGYUhMP0=
+-----END CERTIFICATE-----

ssl/nginx-selfsigned.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEA5vwTFJLlWmMC456Kv7uHxSqARkj5dwsb0lFoc5bGjOYvlJUu
+2S8F8QMcPlW2vXM7UsmBzbNgQsQh1FgRXgfNfHF80F21dILpzM/aA8a/GkJsKUZC
+HccQb5mqi25OrI4+XE6kSt/fwTbWRJGZgEADoIJ3wewcfzkJoeGonU+g8rYwPLq9
+xaHwFVFVx30KIZv5CToanHVy+aQUKg9m4VGuij22U7HzphS4IGZoaj2Uo0vpXqhW
+oKYrLFv2h0spP93Pr4VzoRGwlHgl2s+7qfwzRf9DhxePq9lGnqJ8TMQv1+jRITWB
+8jT8qW3Qt/+fWaGtkqbtgS8vGaAoXtXUZIWarQIDAQABAoIBAQC3r5woz0yO3ZAN
+nSWvpZ0pwUuzGRMxhOcCEPUkfrG0mNUbrqtL0WZDLHsIYzdoXzu88TxFbbFORxSz
+/bkJ8uCJZuKf/PVxCy6MTnqMaD/OzSWgiRvI/GXoqeYC7ZypApE67NsgI/qXd1lb
+vAG7CK0ZtscvsulSjvRHBOIG/6z5dUAKnLJjr7uKydMHSIKNafKAEA6HGDCvIu4d
+J9EQzLfmpjLTkeB1DNZrv1mtNjf/kG/M/UX5a1RtOJTGvHQn/oZSUKng3DVUNBtq
+dEO6Pi5n88xWuxH6YAWqqDjCfqyey1Jc1rQxfnx6vRPL7+IaXRugAKFMFm8Xbp9/
+/9eEDCyNAoGBAPZEjYH9u2856KYUTyky8gD1TOE9gf4x4zFjK6SzBT8v1y1RdSwQ
+tf7ozj94OV/b9bAE3k/z2a09xYty5VBXs6MCluQTS67KgRaO9sSFtRmnupyBNk2z
+r3QEYuVDmJ6Dk/3ovItXqFaW8IbOZMf6Acu5aEDx4UKmb2tzGGJ7DxF/AoGBAPAc
+57p1yRWIG+hJMdkudXhBz+L3t2NbESWom33hi1mDMIKp3dwJmhA4kq+Uyqfl32uF
+Iy3z+3xr2V1BdGg1RnicfcyjHaQ4/89YB+nkOHB8muV2R57tYahOgWn6rXXxTOBs
+X2Vjd7ByAEFimrVfDH33inrYuIiI/cku4Xyj71HTAoGBAJeyrsBuPfFL6KW1SPYF
+7dDtSchNjS+6J0sa3Z18sTS1EYVW8iiMuq8lVTb/pcgIxJUCyrbRbTssG+3EfsE4
+5Oz7AVvJDwvCrjXpJtTz0BTXnzoc1giTMPb0ZL75HqA2SQlVPh9PheCg5dUEekw9
+ErIdqbynwqy9vVCg+1pel2+dAoGAR1C+fsIHFG8VottCg/fpies6HHZosIjWwfGf
+JTc9FTwCx3w+WeE8Mf8rihzOSCndPukPNtHVavH5YFpVgbH5GU+ZiZMU9ba8O9Aw
+oYZYQQixVN/Zi9mDfOK8S0baCELAC5QEjW+KmAx0CPeJbb8qTaudJLmDrYHKpttW
+u5dROGMCgYEAlgTZNiEeBAPQZD30CSvFUlZVCOOyu5crP9hCPA9um5FsvD9minSz
+yJqeMj7zapZsatAzYwHrGG6nHnTKWEBNaimR7kjTpKdKzXQaA9XeVLmeFAZ3Exad
+JDKTPI+asF+097sHUcVuloMOZXbD1uAZnvLWIwfsaHxs41AkF+0lmM4=
+-----END RSA PRIVATE KEY-----

ssl/nginx.conf

@@ -0,0 +1,21 @@
+server {
+  listen      443 ssl default_server;
+  server_name localhost;
+  ssl_certificate /etc/nginx/ssl/nginx-selfsigned.crt;
+  ssl_certificate_key /etc/nginx/ssl/nginx-selfsigned.key;
+  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+  ssl_prefer_server_ciphers on;
+  ssl_ecdh_curve secp384r1;
+  ssl_session_cache shared:SSL:10m;
+  ssl_stapling on;
+  ssl_stapling_verify on;
+
+  location / {
+      proxy_pass http://broker:80;
+      proxy_set_header Host $host;
+      proxy_set_header X-Forwarded-Scheme "https";
+      proxy_set_header X-Forwarded-Port "443";
+      proxy_set_header X-Forwarded-Ssl "on";
+      proxy_set_header X-Real-IP $remote_addr;
+  }
+}