Build Nginx Binary in Docker and Using If Directive

Build Nginx Binary in Docker and Using If Directive

When we should use break in If
http://agentzh.blogspot.com/2011/03/how-nginx-location-if-works.html

If is evil
https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/

Official document about If
http://nginx.org/en/docs/http/ngx_http_rewrite_module.html#if

Instead of using Map, I use if to check the header in request

server {
  listen       8443;
  client_max_body_size 10M;

  # redirect pairing and status check traffic to aws lambda
  resolver 8.8.4.4 8.8.8.8;
  set $ocpServer 'https://ocp.{{targetDomain}}';
  location / {
    if ( $http_user_agent = 'oldclientsproxy' ) {
        proxy_pass       http://local-external-ip:5080;
    }
    if ( $http_user_agent != 'oldclientsproxy' ) {
        proxy_pass       $ocpServer;
    }
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_ssl_server_name on;
  }
       
  ssl on;
  ssl_certificate /usr/local/nginx-1.14.0/ssl/cert.pem;
  ssl_certificate_key /usr/local/nginx-1.14.0/ssl/cert.key;

  ssl_session_timeout 5m;

  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers ‘xxxxxxxxxxMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
  ssl_dhparam /usr/local/nginx-1.14.0/ssl/dhparams.pem;
  ssl_prefer_server_ciphers on;

}

So the request will go to system DNS and go through /etc/host for oldclientsproxy request and go to local-external-ip:5080.
I use $ocpServer which is a variable there, so nginx will go to resolver 8.8.8.8 to look up the DNS.

Here is how I build the nginx binary from the source on top of Ubuntu 12.04
Makefile
IMAGE=sillycat/sillycat-localproxy
TAG=1.0
NAME=sillycat-localproxy
REPOSITORY=xxxxxxx.dkr.ecr.us-west-1.amazonaws.com
push-local:
docker push  $(REPOSITORY)/$(IMAGE):$(TAG)
docker-context:
prepare:
rm -fr ./install
rm -fr ./dist
mkdir ./install
wget  https://nginx.org/download/nginx-1.14.0.tar.gz -P ./install/
mkdir ./dist
build: docker-context
docker build -t $(REPOSITORY)/$(IMAGE):$(TAG) .
run-dev:
docker run -e RUNNING_ENV=dev -v ${CURDIR}/dist:/dist --name $(NAME) $(REPOSITORY)/$(IMAGE):$(TAG)
run-stage:
docker run -e RUNNING_ENV=stage -v ${CURDIR}/dist:/dist --name $(NAME) $(REPOSITORY)/$(IMAGE):$(TAG)
debug:
docker run -ti -e RUNNING_ENV=dev -v ${CURDIR}/dist:/dist --name $(NAME) $(REPOSITORY)/$(IMAGE):$(TAG) /bin/bash
clean:
docker stop ${NAME}
docker rm ${NAME}
logs:
docker logs -t -f ${NAME}
publish:
docker push ${IMAGE}

Dockerfile
FROM ubuntu:12.04
#prepare OS
RUN     apt-get -y update
RUN     apt-get install -y procps
RUN     apt-get install -y vim-tiny
RUN     apt-get install -y sudo
RUN     apt-get install -y python-pip python-dev build-essential
RUN     apt-get install -y libpcre3 libpcre3-dev

#prepare the resources
RUN     mkdir -p /install/
RUN     mkdir -p /dist/
RUN     mkdir -p /tool/conf
RUN     chmod -R a+x /tool/conf
RUN     mkdir -p /tool/ssl/
ADD     ./install/nginx-1.14.0.tar.gz /install/
ADD     template/nginx.conf /tool/template/
ADD     template/ngproxy /tool/template/
ADD     script/conf_gen.py /tool/script/
ADD     conf/cert-*.pem /tool/ssl/
ADD     conf/cert-*.key /tool/ssl/
ADD     conf/dhparams-*.pem /tool/ssl/

#compile nginx
#set up the python engine env
RUN     apt-get install -y python-jinja2
WORKDIR /tool/
RUN     mkdir -p /app/
ADD     start.sh /app/
CMD /app/start.sh

Start.sh

#!/bin/sh -ex
#prepare the configuration
python script/conf_gen.py
#compile the nginx
cd /install/nginx-1.14.0
./configure --prefix=/usr/local/nginx-1.14.0 --with-http_ssl_module
make
make install
#overwrite the configuration
mkdir -p /usr/local/nginx-1.14.0/sites-available
mkdir -p /usr/local/nginx-1.14.0/sites-enabled
mkdir -p /usr/local/nginx-1.14.0/ssl
cp /tool/conf/nginx.conf /usr/local/nginx-1.14.0/conf/nginx.conf
cp /tool/conf/ngproxy /usr/local/nginx-1.14.0/sites-available/ngproxy
ln -s /usr/local/nginx-1.14.0/sites-available/ngproxy /usr/local/nginx-1.14.0/sites-enabled/ngproxy
cp /tool/ssl/cert-${RUNNING_ENV}.key /usr/local/nginx-1.14.0/ssl/cert.key
cp /tool/ssl/cert-${RUNNING_ENV}.pem /usr/local/nginx-1.14.0/ssl/cert.pem
cp /tool/ssl/dhparams-${RUNNING_ENV}.pem /usr/local/nginx-1.14.0/ssl/dhparams.pem
#compress to dist
cd /usr/local/
tar czf nginx-1.14.0-bin.tar.gz nginx-1.14.0
cp /usr/local/nginx-1.14.0-bin.tar.gz /dist/nginx-1.14.0-bin.tar.gz

Using Python Script script/conf_gen.py to generate the configuration from template
#!/usr/bin/python
from jinja2 import Environment, FileSystemLoader
import os
from sys import exit
SCRIPT_DIR = os.path.abspath(os.path.dirname(__file__))
ROOT_DIR = os.path.abspath(os.path.join(SCRIPT_DIR, '../'))
TEMPLATE_DIR = os.path.abspath(os.path.join(ROOT_DIR, 'template'))
CONF_DIR = os.path.abspath(os.path.join(ROOT_DIR, 'conf'))
print("SCRIPT = " + SCRIPT_DIR)
print("TEMPLATE = " + TEMPLATE_DIR)
print("CONF = " + CONF_DIR)
env_domain_mappings = {
    'dev': ‘sillycatclouddev.com',
    'stage': ‘sillycatcloudbeta.com',
    'prod': ‘sillycatcloud.com'
}
def generateConf():
    try:
        runningEnv = os.environ['RUNNING_ENV']
    except KeyError as e:
        exit("RUNNING_ENV is not set in ENV, exit!")
    print("Generating nginx.conf for " + runningEnv)
    generate_conf_env = {
        'runningEnv': runningEnv
    }
    print(generate_conf_env)
    generateFile('template/nginx.conf', 'conf/nginx.conf', generate_conf_env)
def generateProxy():
    try:
        runningEnv = os.environ['RUNNING_ENV']
    except KeyError as e:
        exit("{0} is not set in environment".format(e))
    print("Generating ngproxy for " + runningEnv)
    targetDomain = env_domain_mappings[runningEnv]
    generate_proxy_env = {
        'targetDomain':targetDomain
    }
    print(generate_proxy_env)
    generateFile('template/ngproxy', 'conf/ngproxy', generate_proxy_env)
def generateFile(template_name, output_file_name, params):
    env = Environment(loader=FileSystemLoader(ROOT_DIR), trim_blocks=True)
    output_content = env.get_template(template_name).render(params)
    with open(output_file_name, 'w') as file:
        file.write(output_content)
if __name__ == '__main__':
    print("Generate the nginx.conf file")
    generateConf()
    print("Generate the ngproxy file")
    generateProxy()

It is working great.

References:
http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass
http://nginx.org/en/docs/http/ngx_http_rewrite_module.html#break
http://agentzh.blogspot.com/2011/03/how-nginx-location-if-works.html
https://stackoverflow.com/questions/32825703/syntax-for-if-statement-in-nginx