Proxy autoconfig #1099
Proxy autoconfig #1099
Conversation
|
per f2f discussion w/ @rade: let's add TLS support via a binary where the weave script can do: This way, --local will work, but not support TLS autoconfiguration. |
|
|
paulbellamy
force-pushed
the
1055-proxy-autoconfig
branch
2 times, most recently
from
968bc87
to
d72c05c
Compare
| if command_exists proxyvolumes ; then | ||
| PROXY_VOLUMES=${PROXY_VOLUMES:-$(proxyvolumes "$@")} | ||
| fi | ||
| } |
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
paulbellamy
force-pushed
the
1055-proxy-autoconfig
branch
from
77ad2a6
to
25fd8a2
Compare
| --tlscacert $PWD/tls/ca.pem \ | ||
| --tlscert $PWD/tls/$HOST1.pem \ | ||
| --tlskey $PWD/tls/$HOST1-key.pem \ | ||
| 2>&1 >/dev/null |
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
paulbellamy
force-pushed
the
1055-proxy-autoconfig
branch
from
25fd8a2
to
e365c1d
Compare
|
doesn't work with systemd as docker launches with: |
|
per f2f discussion w/ @rade: Configuring based on the daemon is a bit of a hack, so let's configure where to listen based on the client.
|
paulbellamy
force-pushed
the
1055-proxy-autoconfig
branch
2 times, most recently
from
70aa01d
to
f9e8bef
Compare
|
|
||
| host1$ weave launch-proxy -H tcp://127.0.0.1:9999 | ||
|
|
||
| Multiple -H arguments can be specified. If you are working with a remote | ||
| docker daemon, then any firewalls inbetween need to be configured to permit | ||
| If you are connecting via TLS, you will need to specify `-H`. Multiple |
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
paulbellamy
force-pushed
the
1055-proxy-autoconfig
branch
from
f9e8bef
to
826889e
Compare
| } | ||
|
|
||
| if clientTLSEnabled && !(c.TLSConfig.Enabled || c.TLSConfig.Verify) { | ||
| log.Fatalln("Cannot autoconfigure the proxy when using TLS. Please specify -H") |
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
paulbellamy
force-pushed
the
1055-proxy-autoconfig
branch
from
826889e
to
6583806
Compare
| } | ||
|
|
||
| if clientTLSEnabled && !(c.TLSConfig.Enabled || c.TLSConfig.Verify) { | ||
| log.Fatalln("Cannot autoconfigure proxy listen address when launching via TLS") |
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
paulbellamy
force-pushed
the
1055-proxy-autoconfig
branch
from
6583806
to
f3c0b82
Compare
|
|
||
| if [ -z "$PROXY_HOST" ]; then | ||
| if [ -n "$CLIENT_TLS_ENABLED" -a -z "$PROXY_TLS_ENABLED" ]; then | ||
| echo "When launching proxy via TLS, -H and/or TLS options are required." >&2 |
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
|
rest LGTM |
paulbellamy
force-pushed
the
1055-proxy-autoconfig
branch
from
f3c0b82
to
a4a31e6
Compare
Use the docker daemon's
-Hflags as the proxy's default.No support for auto-configuring TLS. For that we would have to do the procfs and flag parsing in the weave script (so that we could mount the certs into the proxy container).
This is possibly a bit linux-specific, as the layout of procfs is not standardized.
Fixes #1055