Skip to content

Commit

Permalink
feat: Add reverse-proxy
Browse files Browse the repository at this point in the history 
- Add reverse-proxy.service
- Add Containerfile
- Add main.go
- Add go.mod

Fixes #63
  • Loading branch information
@kevydotvinu
kevydotvinu committed Aug 9, 2023
1 parent 2de5548 commit 15dc949
Show file tree
Hide file tree
Showing 2 changed files with 224 additions and 0 deletions.
195 changes: 195 additions & 0 deletions ignition/00-core.bu
View file
Original file line number Diff line number Diff line change
Expand Up @@ -382,6 +382,30 @@ systemd:
Type=notify
NotifyAccess=all

[Install]
WantedBy=default.target
- name: reverse-proxy.service
enabled: true
contents: |
[Unit]
Description=Reverse proxy for openshift-network-playground
Wants=network-online.target
After=network-online.target
RequiresMountsFor=%t/containers

[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=always
TimeoutStartSec=180
TimeoutStopSec=70
ExecStartPre=-/usr/bin/rm -f %t/%n.ctr-id
ExecStartPre=/usr/bin/podman build --net host --tag localhost/reverse-proxy /opt/openshift-network-playground/reverse-proxy
ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon --name reverse-proxy -d --net host --cap-add NET_ADMIN,NET_RAW localhost/reverse-proxy
ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all

[Install]
WantedBy=default.target
storage:
Expand Down Expand Up @@ -3242,3 +3266,174 @@ storage:
eth1:
dhcp4: false
dhcp6: false
- path: /opt/openshift-network-playground/reverse-proxy/Containerfile
mode: 0644
overwrite: true
contents:
inline: |
FROM registry.fedoraproject.org/f32/golang
USER root
WORKDIR /
RUN openssl req -x509 \
-newkey rsa:4096 \
-nodes \
-keyout reverse-proxy.key \
-out reverse-proxy.crt \
-days 365 \
-subj "/C=IN/ST=Maharashtra/L=Mumbai/O=ONP/CN=onp.ocp.example.local"

COPY main.go go.mod .
ENTRYPOINT ["go", "run", "main.go"]
CMD ["-key", "/reverse-proxy.key", "-cert", "/reverse-proxy.crt"]
- path: /opt/openshift-network-playground/reverse-proxy/main.go
mode: 0644
overwrite: true
contents:
inline: |
package main

import (
"crypto/tls"
"log"
"net/http"
"net/http/httputil"
"flag"
"os"
)

func main() {

// Define flag variables
var certFile string
var keyFile string
var showHelp bool

// Define flags and usage
flag.StringVar(&certFile, "cert", "", "Path to the TLS certificate file")
flag.StringVar(&keyFile, "key", "", "Path to the TLS private key file")
flag.BoolVar(&showHelp, "help", false, "Show help message")

// Set custom usage function
flag.Usage = func() {
flag.PrintDefaults()
}

// Parse command-line arguments
flag.Parse()

// Check if help flag is provided
if showHelp {
flag.Usage()
os.Exit(0)
}

// Check if no flags were provided
if flag.NFlag() == 0 {
flag.Usage()
os.Exit(1)
}

// Create HTTP reverse proxy
httpProxy := &httputil.ReverseProxy{
Director: func(req *http.Request) {
// Set the target URL to the original request URL
req.URL.Scheme = "http"
req.URL.Host = req.Host
},
ErrorHandler: func(rw http.ResponseWriter, req *http.Request, err error) {
log.Println("Reverse proxy error:", err)
http.Error(rw, "Oops! Something went wrong. Inspect server logs.", http.StatusInternalServerError)
},
}

// Create HTTPS reverse proxy
httpsProxy := &httputil.ReverseProxy{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
},
},
Director: func(req *http.Request) {
// Set the target URL to the original request URL
req.URL.Scheme = "https"
req.URL.Host = req.Host
},
ErrorHandler: func(rw http.ResponseWriter, req *http.Request, err error) {
log.Println("Reverse proxy error:", err)
http.Error(rw, "Oops! Something went wrong. Inspect server logs.", http.StatusInternalServerError)
},
}

ingressHttpServer := &http.Server{
Addr: ":80",
Handler: httpProxy,
}

apiServer := &http.Server{
Addr: ":6443",
TLSConfig: &tls.Config{
Certificates: []tls.Certificate{
loadTLSCertificate(certFile, keyFile),
},
},
Handler: httpsProxy,
}

// Configure the HTTPS server
ingressHttpsServer := &http.Server{
Addr: ":443",
TLSConfig: &tls.Config{
Certificates: []tls.Certificate{
loadTLSCertificate(certFile, keyFile),
},
},
Handler: httpsProxy,
}

// Start the HTTPS server on port 6443
go func () {
log.Println("Starting reverse proxy server on port 6443 ...")
err := apiServer.ListenAndServeTLS("", "")
if err != nil {
log.Fatal("Error starting reverse proxy server:", err)
}
}()

// Start the HTTPS server on port 80
go func () {
log.Println("Starting reverse proxy server on port 80 ...")
err := ingressHttpServer.ListenAndServe()
if err != nil {
log.Fatal("Error starting reverse proxy server:", err)
}
}()

// Start the HTTPS server on port 443
go func() {
log.Println("Starting reverse proxy server on port 443...")
err := ingressHttpsServer.ListenAndServeTLS("", "")
if err != nil {
log.Fatal("Error starting reverse proxy server:", err)
}
}()

// Wait indefinitely to keep the program running
select {}
}

// LoadTLSKeyPair loads a TLS certificate and private key from files and returns a tls.Certificate.
func loadTLSCertificate(certFile, keyFile string) tls.Certificate {
cert, err := tls.LoadX509KeyPair(certFile, keyFile)
if err != nil {
log.Fatal("Error loading TLS certificate:", err)
}
return cert
}
- path: /opt/openshift-network-playground/reverse-proxy/go.mod
mode: 0644
overwrite: true
contents:
inline: |
module github.com/kevydotvinu/reverse-proxy

go 1.20
Loading

0 comments on commit 15dc949

Please sign in to comment.