Ultimately, my goal is to create a proxy that will either continue to proxy the request or return a 401 if the first line contains an API endpoint I want to restrict. I tried removing the \n write for the docker_writer, but if I remove either that or the flush, the entire process just hangs. Somehow with this, I'm also getting a 400 invalid back from the server. I feel like what I'm doing is really primitive: reading lines from a buffer on the incoming request and breaking on the double new line (HTTP protocol specific), and then flipping over to the other socket to write and read. If I attempt the use this proxy using docker -H unix:///tmp/docker-proxy.sock ps, I see the response, but I'm obviously not handling the HTTP correctly: docker -H unix:///tmp/docker-proxy.sock psĤ 21:27:02 Unsolicited response received on idle HTTP channel starting with "HTTP/1.1 400 Bad Request\nContent-Type: text/plain charset=utf-8\nConnection: close\n\n400 Bad Request\n\n" err=ĬONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMESĩ70cd603429f testcodaa "/bin/sh" 9 days ago Up 9 days 3000/tcp crazy_khorana Let listener = UnixListener::bind("/tmp/docker-proxy.sock").unwrap() I want to be able to inspect the URL and short circuit the pipeline (say with a 401 response) use std::io::\n", y).as_bytes()) The intended use case is for Docker Engine API HTTP traffic. I want to proxy requests between each, while also inspecting the first line. I'm trying to find the best way to chain two UNIX domain sockets together. To learn more about docker-compose, see the documentation.I've written this up on StackOverflow if anyone wants the Internet points. It takes two parameters, the uid and the gui: 1 #!/usr/bin/bashħ 8 9 function main "Īt this point, all we have to do is use this Dockerfile. It will change the uid and gid for the uwsgi user inside the container. First, let's create a setup.sh script next to your Dockerfile. groupmod to change the gid of a user: groupmod -g.usermod to change the uid of a user: usermod -u.You can pass an optional username to get the uid and gid for a specific user: id -u nginx. id to get the uid and gid of a user: id -u will give you the uid of the current user and id -g the gid of the current user.Depending on where we do ls -l we'll get different human readable names but the permissions will be correct. So what we need to do, is make sure that both the nginx user (in the host system) and the uwsgi user (in the container) have the same uid (and gid). They are encoded in the filesystem as numbers respectively named uid and gid. What you must know is: the names are just the human readable version of these attributes. Here we have a file named README.md that belongs to a user named jujens and a group named jujens. 1 jujens jujens 366 Sep 12 14:13 README.md In Unix each file has a owner and a group. The question is, how do we fullfil these two requirements? First, let's explain how file ownership works. To belong to the nginx user outside it, so nginx can use it.To belong to the uwsgi user inside the container so your application can use it.You want it to use a Unix socket to communicate with your nginx webserver running on the host under the nginx user. It will run in the container as the uwsig user. Let's say you are creating a Python web application running in a container with UWSGI. The tricky part is to set the proper permissions on the socket. You can them use it for your webserver to talk to your application or for cross container communications. But what if you want to use Unix sockets instead? The answer is you can: you make the application create the socket file in a volume and set the proper permissions to it. By default, you are supposed to use TCP sockets to communicate with your applications running in Docker.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |