Permalink
Browse files

Authenticating docker daemons using nginx

  • Loading branch information...
MohamedBassem committed Jul 10, 2015
1 parent 7194a49 commit 3df8ed90022bf81d520ba4af00e9b9a163899093
Showing with 31 additions and 12 deletions.
  1. +5 −3 config.yml
  2. +1 −1 context.go
  3. +17 −3 hosts.go
  4. +2 −2 instances.go
  5. +6 −3 utils.go
View
@@ -9,12 +9,14 @@ database:
redisAddress: "localhost:6379"
redisPassword: "<Some Random String>"
# Docker Daemon Authentication
docker:
user: docker
password: "<Some Random String>"
# Digitalocean API token for autoscaling
digitalOceanToken: "<Digitalocean Token>"
# Main Server IP
mainServerPrivateIP: "127.0.0.1"
# An SSH key for newly created droplets
dropletSSHKeyID: XXXX
View
@@ -18,11 +18,11 @@ import (
type configuration struct {
Database map[string]string `yaml:"database"`
Docker map[string]string `yaml:"docker"`
RedisAddress string `yaml:"redisAddress"`
RedisPassword string `yaml:"redisPassword"`
DigitalOceanToken string `yaml:"digitalOceanToken"`
DropletSSHKeyID int `yaml:"dropletSSHKeyID"`
MainServerPrivateIP string `yaml:"mainServerPrivateIP"`
MaxInstanceSize int `yaml:"maxInstanceSize"`
MaxInstanceTime int `yaml:"maxInstanceTime"`
MaxInstancesPerIP int `yaml:"maxInstancesPerIP"`
View
@@ -58,9 +58,12 @@ func (ctx *context) NewHost() error {
userData := `#cloud-config
runcmd:
- docker pull redis
- apt-get install -y supervisor
- echo 'DOCKER_OPTS=$DOCKERHOST" -H unix:///var/run/docker.sock -H %v"' >> /etc/default/docker
- apt-get install -y supervisor nginx apache2-utils
- echo 'DOCKER_OPTS=$DOCKER_OPTS" -H unix:///var/run/docker.sock -H tcp://127.0.0.1:2375"' >> /etc/default/docker
- service docker restart
- mkdir -p /etc/nginx/docker_auth
- htpasswd -b -c /etc/nginx/docker_auth/.htpasswd %v %v
- service nginx reload
write_files:
- path: /etc/supervisor/conf.d/go_jobs.conf
content: |
@@ -86,9 +89,20 @@ write_files:
sleep 4;
done
) | telnet %v %v
- path : /etc/nginx/conf.d/docker.conf
content: |
server {
listen 2377;
location / {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/docker_auth/.htpasswd;
proxy_buffering off;
proxy_pass http://localhost:2375;
}
}
`
userData = fmt.Sprintf(userData, generateDockerAddress(ctx.config.MainServerPrivateIP), dropletName, ctx.config.RedisPassword, redisIP, redisPort)
userData = fmt.Sprintf(userData, ctx.config.Docker["user"], ctx.config.Docker["password"], dropletName, ctx.config.RedisPassword, redisIP, redisPort)
var sshKey *godo.DropletCreateSSHKey
if ctx.config.DropletSSHKeyID != -1 {
View
@@ -72,7 +72,7 @@ func (ctx *context) NewInstance(creatorIP string) (*Instance, error) {
if err != nil {
return nil, err
}
dockerAddress := generateDockerAddress(dockerHostPrivateIP)
dockerAddress := generateDockerAddress(dockerHostPrivateIP, ctx.config.Docker["user"], ctx.config.Docker["password"])
name := generateRandomString(20)
password := generateRandomString(20)
var count int
@@ -102,7 +102,7 @@ func (ctx *context) NewInstance(creatorIP string) (*Instance, error) {
}
func (ctx *context) RemoveContainer(hostIP, id string) error {
dockerClient, err := docker.NewClient(generateDockerAddress(hostIP))
dockerClient, err := docker.NewClient(generateDockerAddress(hostIP, ctx.config.Docker["user"], ctx.config.Docker["password"]))
if err != nil {
return err
}
View
@@ -1,9 +1,12 @@
package getaredis
import "math/rand"
import (
"fmt"
"math/rand"
)
func generateDockerAddress(ip string) string {
return "tcp://" + ip + ":2375"
func generateDockerAddress(ip, username, password string) string {
return fmt.Sprintf("tcp://%v:%v@%v:2377", username, password, ip)
}
func generateRandomString(length int) string {

0 comments on commit 3df8ed9

Please sign in to comment.