Initial version

Florian Fordermaier · Florian Fordermaier · commit 8dee0bed5be3 · 2016-04-02T15:53:45.000+02:00
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,13 @@
+FROM marvambass/nginx-ssl-secure
+MAINTAINER codedevote
+
+# Set this to rancher url via docker option '-e RANCHER_URL=myrancher.example.org'
+ENV RANCHER_URL localhost
+
+# add nginx config for rancher server
+ADD rancher.conf /etc/nginx/conf.d/rancher.conf
+
+# overwrite entrypoint script
+ADD entrypoint.sh /opt/entrypoint.sh
+
+EXPOSE 80 443
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -0,0 +1,51 @@
+#!/bin/bash
+
+cat <<EOF
+
+codedevote/nginx-ssl-rancher-server
+  based on marvambass/nginx-ssl-secure
+
+Nginx reverse proxy with ssl termination 
+for running rancher/server over https.
+
+EOF
+
+if [ -z ${DH_SIZE+x} ]
+then
+  >&2 echo ">> no \$DH_SIZE specified using default" 
+  DH_SIZE="2048"
+fi
+
+DH="/etc/nginx/external/dh.pem"
+
+if [ ! -e "$DH" ]
+then
+  echo ">> seems like the first start of nginx"
+  echo ">> doing some preparations..."
+  echo ""
+
+  echo ">> generating $DH with size: $DH_SIZE"
+  openssl dhparam -out "$DH" $DH_SIZE
+fi
+
+if [ ! -e "/etc/nginx/external/cert.pem" ] || [ ! -e "/etc/nginx/external/key.pem" ]
+then
+  echo ">> generating self signed cert"
+  openssl req -x509 -newkey rsa:4086 \
+  -subj "/C=XX/ST=XXXX/L=XXXX/O=XXXX/CN=localhost" \
+  -keyout "/etc/nginx/external/key.pem" \
+  -out "/etc/nginx/external/cert.pem" \
+  -days 3650 -nodes -sha256
+fi
+
+echo ">> setting rancher url to $RANCHER_URL"
+sed -i "s/\${RANCHER_URL}/$RANCHER_URL/" /etc/nginx/conf.d/rancher.conf
+
+echo ">> copy /etc/nginx/external/*.conf files to /etc/nginx/conf.d/"
+cp /etc/nginx/external/*.conf /etc/nginx/conf.d/ 2> /dev/null > /dev/null
+
+# exec CMD
+echo ">> exec docker CMD"
+echo "$@"
+exec "$@"
+
diff --git a/rancher.conf b/rancher.conf
@@ -0,0 +1,35 @@
+# HTTPS Configuration for rancher server
+# terminates ssl at the proxy and proxy passes to rancher server
+
+upstream rancherserver {
+    server rancher:8080;
+}
+
+server {
+    listen 443 ssl;
+    server_name ${RANCHER_URL};
+
+    ssl_certificate external/cert.pem;
+    ssl_certificate_key external/key.pem;
+
+    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
+
+    location / {
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Port $server_port;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_pass http://rancherserver;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        # This allows the ability for the execute shell window to remain open for up to 15 minutes. Without this parameter, the default is 1 minute and will automatically close.
+        proxy_read_timeout 900s;
+    }
+}
+
+server {
+    listen 80;
+    server_name ${RANCHER_URL};
+    return 301 https://$server_name$request_uri;
+}
