├── README.md
├── microservice1
├── docker-compose.yml
└── index.html
├── microservice2
├── docker-compose.yml
└── index.html
└── proxy
├── Dockerfile
├── backend-not-found.html
├── default.conf
├── docker-compose.yml
├── includes
├── proxy.conf
└── ssl.conf
└── ssl
├── README.md
├── microservice1-test.cert
├── microservice1-test.key
├── microservice2-test.cert
└── microservice2-test.key
/README.md:
--------------------------------------------------------------------------------
1 | Example project showing how to use Nginx as a reverse proxy for docker-compose projects.
2 |
--------------------------------------------------------------------------------
/microservice1/docker-compose.yml:
--------------------------------------------------------------------------------
1 | version: '2'
2 | services:
3 | app:
4 | image: nginx:1.9
5 | volumes:
6 | - .:/usr/share/nginx/html/
7 | expose:
8 | - "80"
9 |
--------------------------------------------------------------------------------
/microservice1/index.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | microservice1
5 |
6 |
7 | This is a sample "microservice1" response
8 |
9 |
10 |
--------------------------------------------------------------------------------
/microservice2/docker-compose.yml:
--------------------------------------------------------------------------------
1 | version: '2'
2 | services:
3 | app:
4 | image: nginx:1.9
5 | volumes:
6 | - .:/usr/share/nginx/html/
7 | expose:
8 | - "80"
9 |
--------------------------------------------------------------------------------
/microservice2/index.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | microservice2
5 |
6 |
7 | This is a sample "microservice2" response
8 |
9 |
10 |
--------------------------------------------------------------------------------
/proxy/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM nginx:1.9
2 |
3 | # New default conf containing the proxy config
4 | COPY ./default.conf /etc/nginx/conf.d/default.conf
5 |
6 | # Backend not found html response
7 | COPY ./backend-not-found.html /var/www/html/backend-not-found.html
8 |
9 | # Nginx Proxy and SSL shared configs
10 | COPY ./includes/ /etc/nginx/includes/
11 |
12 | # Proxy SSL certs
13 | COPY ./ssl/ /etc/ssl/certs/nginx/
14 |
--------------------------------------------------------------------------------
/proxy/backend-not-found.html:
--------------------------------------------------------------------------------
1 |
2 | Proxy Backend Not Found
3 |
4 | Proxy Backend Not Found
5 |
nginx
6 |
7 |
8 |
--------------------------------------------------------------------------------
/proxy/default.conf:
--------------------------------------------------------------------------------
1 | # microservice1 proxy config.
2 | # A block like this needs to be included for each project
3 | # behind the proxy.
4 | server {
5 | listen 80;
6 | listen 443 ssl http2;
7 | server_name microservice1.test;
8 |
9 | # Configure SSL
10 | ssl_certificate /etc/ssl/certs/nginx/microservice1-test.cert;
11 | ssl_certificate_key /etc/ssl/certs/nginx/microservice1-test.key;
12 | include /etc/nginx/includes/ssl.conf;
13 |
14 | location / {
15 | include /etc/nginx/includes/proxy.conf;
16 | proxy_pass http://microservice1_app_1;
17 | }
18 |
19 | access_log off;
20 | error_log /var/log/nginx/error.log error;
21 | }
22 |
23 | # microservice2 proxy config.
24 | server {
25 | listen 80;
26 | listen 443 ssl http2;
27 | server_name microservice2.test;
28 |
29 | # Configure SSL
30 | ssl_certificate /etc/ssl/certs/nginx/microservice2-test.cert;
31 | ssl_certificate_key /etc/ssl/certs/nginx/microservice2-test.key;
32 | include /etc/nginx/includes/ssl.conf;
33 |
34 | location / {
35 | include /etc/nginx/includes/proxy.conf;
36 | proxy_pass http://microservice2_app_1;
37 | }
38 |
39 | access_log off;
40 | error_log /var/log/nginx/error.log error;
41 | }
42 |
43 | # Catch all
44 | server {
45 | listen 80 default_server;
46 |
47 | server_name _;
48 | root /var/www/html;
49 |
50 | charset UTF-8;
51 |
52 | error_page 404 /backend-not-found.html;
53 | location = /backend-not-found.html {
54 | allow all;
55 | }
56 | location / {
57 | return 404;
58 | }
59 |
60 | access_log off;
61 | log_not_found off;
62 | error_log /var/log/nginx/error.log error;
63 | }
64 |
--------------------------------------------------------------------------------
/proxy/docker-compose.yml:
--------------------------------------------------------------------------------
1 | version: '2'
2 | services:
3 | proxy:
4 | build: ./
5 | networks:
6 | - microservice1
7 | - microservice2
8 | ports:
9 | - 80:80
10 | - 443:443
11 |
12 | networks:
13 | microservice1:
14 | external:
15 | name: microservice1_default
16 | microservice2:
17 | external:
18 | name: microservice2_default
19 |
--------------------------------------------------------------------------------
/proxy/includes/proxy.conf:
--------------------------------------------------------------------------------
1 | proxy_set_header Host $host;
2 | proxy_set_header X-Real-IP $remote_addr;
3 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
4 | proxy_set_header X-Forwarded-Proto $scheme;
5 | proxy_buffering off;
6 | proxy_request_buffering off;
7 | proxy_http_version 1.1;
8 | proxy_intercept_errors on;
9 |
--------------------------------------------------------------------------------
/proxy/includes/ssl.conf:
--------------------------------------------------------------------------------
1 | ssl_session_timeout 1d;
2 | ssl_session_cache shared:SSL:50m;
3 | ssl_session_tickets off;
4 |
5 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
6 | ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
7 | ssl_prefer_server_ciphers on;
8 |
--------------------------------------------------------------------------------
/proxy/ssl/README.md:
--------------------------------------------------------------------------------
1 | The following commands can be used to generate a self signed ssl key and certificate
2 |
3 | To generate the key:
4 |
5 | ```sh
6 | openssl genrsa -out microservice1-test.key 2048
7 | ```
8 |
9 | And the certificate (replace `microservice1.test` with your domain name):
10 |
11 | ```sh
12 | openssl req -new -x509 -key microservice1-test.key -out microservice1-test.cert -days 3650 -subj /CN=sample-microservice1.test
13 | ```
14 |
--------------------------------------------------------------------------------
/proxy/ssl/microservice1-test.cert:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIDOzCCAiOgAwIBAgIJAI+psjYl1E8fMA0GCSqGSIb3DQEBBQUAMB0xGzAZBgNV
3 | BAMTEm1pY3Jvc2VydmljZTEudGVzdDAeFw0xNjA0MDUxNjQ3MTJaFw0yNjA0MDMx
4 | NjQ3MTJaMB0xGzAZBgNVBAMTEm1pY3Jvc2VydmljZTEudGVzdDCCASIwDQYJKoZI
5 | hvcNAQEBBQADggEPADCCAQoCggEBAMuS5V3R0cu76peHGIyCGEG/mSbIMn1KC7CT
6 | Gdh34hjEgeEUxOT6I/tMzvRtWkX0lmp/yZR902NYkrOGRZndNtDGyc53AM1c3GNj
7 | GDwA/oBs+oyohCZlnYmJSs3pvlnam5pHWWuhwyyvIXy7dHbcGLxUrdTu8z1qFfb1
8 | 2OWOdM7GiP3jdDppUi21vl9sFcKGzJhEZwmxVuSlWd9UzHeTktKMtpEMlAM3KH4i
9 | GF3HR89aO13UIf8ODOUE7EZFUI5KdxbzvK0UhY0+znZpAL43ANuc7ziY5kIcBJoH
10 | IJeLRLxN+Y4BmeVqHJhxK/EBNw2C4cN2B5Cz11uQvGVACntuQF0CAwEAAaN+MHww
11 | HQYDVR0OBBYEFLxsbFBxlwoS38AnVoj7tzjKJ4LGME0GA1UdIwRGMESAFLxsbFBx
12 | lwoS38AnVoj7tzjKJ4LGoSGkHzAdMRswGQYDVQQDExJtaWNyb3NlcnZpY2UxLnRl
13 | c3SCCQCPqbI2JdRPHzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQBG
14 | vVJAF/9krnAfqpOzIoJtAzhR/tM9R1Sp4LwHd0aX0OszF7HSFX34fifvmX91pvEn
15 | Utjpgt26xHlAT4jueVLLnzIGxDm9tchY/AHSP60i/pmgCuyhX25fUxkCatWPHxkQ
16 | 6gyszBp4fKnKhjPEHXq2Puq+mXqec37Gt/khfPQKeLMVBOf4242ovFU+1pugNB6O
17 | pVyNnD7yZprvuzNeVfvVA91eXGEALTc2ax4NOfUekEuYHvNAdMO56Kb2uCG1a5PV
18 | LzYV3uAQfNbOmfcLwY5BpS6r6NAcIg5EP30TkmBw1/chh0UI5KJtwMrSF7kQ7JJK
19 | kOFXh27WqEUjhVFX8bmm
20 | -----END CERTIFICATE-----
21 |
--------------------------------------------------------------------------------
/proxy/ssl/microservice1-test.key:
--------------------------------------------------------------------------------
1 | -----BEGIN RSA PRIVATE KEY-----
2 | MIIEowIBAAKCAQEAy5LlXdHRy7vql4cYjIIYQb+ZJsgyfUoLsJMZ2HfiGMSB4RTE
3 | 5Poj+0zO9G1aRfSWan/JlH3TY1iSs4ZFmd020MbJzncAzVzcY2MYPAD+gGz6jKiE
4 | JmWdiYlKzem+WdqbmkdZa6HDLK8hfLt0dtwYvFSt1O7zPWoV9vXY5Y50zsaI/eN0
5 | OmlSLbW+X2wVwobMmERnCbFW5KVZ31TMd5OS0oy2kQyUAzcofiIYXcdHz1o7XdQh
6 | /w4M5QTsRkVQjkp3FvO8rRSFjT7OdmkAvjcA25zvOJjmQhwEmgcgl4tEvE35jgGZ
7 | 5WocmHEr8QE3DYLhw3YHkLPXW5C8ZUAKe25AXQIDAQABAoIBABjfJqTSyMYSfHPs
8 | 7oPkNSB7TzPcy8Zg8JKvNj4rT3VlNNUSG4g6Q4ElfjeA0MGxQ1tZp4A760K9BJdo
9 | dUJ6M4NIdkmCYpe0m7yM094o5O894VKkGBk02w19t6T2xOnnepFb3EH5LoZcE0RR
10 | Bsaq117THbXhR9ieCHb2zHwnboAAq6tVcIn9Hl6ucmrW8AaHeg1363DD58R3m0lX
11 | H6IvyNXyXf0Rtq1Ctt/9Zo3FNxu3pFG5fH/vjDVI4T3ckxKC354XFj2Q3cKAKkQu
12 | vBlgyWGsHgMecSW0MSz3hLXXaq+08141z4b3i5hgI1fRlamcbCTCof9BWKOibtx8
13 | 7QcKSYUCgYEA+EXGXKBabsSWo4PAuAP6b9Ww6+R07Iz1iyeZKBfPExMbwOL7QHdu
14 | 4yflX6Q1uNppBdPTITpfos2RZHXUl0aMAOrJdS1uisndNG1Wo/E8bYOKxqCXyuAK
15 | vBIr9O2dbEvsAl/8g9nixcD2xOtAyj+0NoFteX8QSW4+7vB6jMPW1VsCgYEA0ej2
16 | okhhbbpeR0o/0Q1wbqJZZAotNi8qjlPnOIXE2ZkJTva/5teLItEIbhCSZMGB2XKr
17 | qZlbkf+AXc+tyty0EQvRpGuhZap6OkSitQo1ecig5EtBxyHTKmBAqPuMspSFzcVW
18 | dpuPcTBuzjrDepwOXXbTjZfIU1rad5TxLiv91qcCgYBYUPHUJ1KkDpiLiCW5D+k5
19 | eSmbcERLlYUPQEHSKk4GOgjoX5YDA7lVYu7MS+y0WjV71jNHoa09i6TJuMSsH3NU
20 | LDEH1uZ4xoBC0xY78WeOiXmHWL9GctY+urQaR6B1Uricy6pW+N4bfJ4LxKfiijDA
21 | JuBblOClTmtisfbWNiAo+wKBgE1Ht4WHoFcFhjA45cXRbNNOchqipIKOWtyLh1UH
22 | 6rEx5ntr3LrgIBlxW+kpsLvngibMUObfzxaxOlFPZGyLVL/x2fzuoz0KxnUtT7nX
23 | SFjNxG5IRq9JhLTVOvj7o5EbnSdkv7BrFSRW8HR8rfs1+RPv63L1rosBp+zeqOyW
24 | xZ2BAoGBAOlqCJi1aKbRGFUMBmVm302D36AgKN344VhCJp0XVJlwoGX9AuL0CuUp
25 | opqPwuOzTXIWXb54w21lO4Q9uc7yzmAbXsnU+fnscjaX+UmC0my99kHXD1J23Pf2
26 | 11+QNcDkhdMVna3cDhYeKA5QxkpLJcYnVYqcv0y/ZhWecx+nXCqA
27 | -----END RSA PRIVATE KEY-----
28 |
--------------------------------------------------------------------------------
/proxy/ssl/microservice2-test.cert:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIDOzCCAiOgAwIBAgIJAJxeMRWHDbKXMA0GCSqGSIb3DQEBBQUAMB0xGzAZBgNV
3 | BAMTEm1pY3Jvc2VydmljZTIudGVzdDAeFw0xNjA0MDUxNjQ2NTlaFw0yNjA0MDMx
4 | NjQ2NTlaMB0xGzAZBgNVBAMTEm1pY3Jvc2VydmljZTIudGVzdDCCASIwDQYJKoZI
5 | hvcNAQEBBQADggEPADCCAQoCggEBAKSWQ9IntGDZYNxgnIV97QJXTctfvAXGpiwW
6 | gSj0CLRXkkzBUn8Cl7Z6s9uSPXYBfgfHYPITJ98uzUNNiXGIDBC0g6vjxzkWdQ4s
7 | l46D1ogmPWE4CBUSboWP+xco6e53s4DoLNEBEPqoWSG+64LyTj9Fmmel7JYZqnvP
8 | aPcQT0ycZ4hVL+Wo7PHOHf9+Yu/aKjIYHzzDYFFhz0KxpJi0wystmnah0cfviiBl
9 | vwLvHId2x/L7tK6tATzQZY95LzC07i4c8wYm/6MBCRNdfpfSqzmdHi6XRZn9gMQC
10 | BMhOU0vn/jUjLwEtuzq/NL7VP4SXrwwCLwe4bwkzerr3Cc110LUCAwEAAaN+MHww
11 | HQYDVR0OBBYEFAZ3Sce+NJZEDFXbbiRPCOfUB2CdME0GA1UdIwRGMESAFAZ3Sce+
12 | NJZEDFXbbiRPCOfUB2CdoSGkHzAdMRswGQYDVQQDExJtaWNyb3NlcnZpY2UyLnRl
13 | c3SCCQCcXjEVhw2ylzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAB
14 | 8Vm3r5iYh6MpsDXQG8PLErhWRcGYxR2sEczuUmvUzqriUWqHZYznV3nzpN1P4rrN
15 | N5AP/e7HIKCUVMOwASQiyeicdkwwF8BPE53u+KjX4LfVIAMts99qsudyTFkv7qnQ
16 | pTSpAUudSvrlOA4zZdOtvfGna1xF1WuS++lQmd30/+2hh4YrWGq5pJfNbA9hnCq6
17 | KegFTCr5UgJcmU6X+YTjAvhxzPemnzAKi+rLcBhXv5hGiTaPbRKuM3b1WbELkuzL
18 | 2SC30IoWaBtZc8LX1wCzWxO6+51yW8KnIAPRK9Xk+ixZeaXh5ral/WClU4Y4MXC4
19 | iirDR0EFqi2E+O4hzrAq
20 | -----END CERTIFICATE-----
21 |
--------------------------------------------------------------------------------
/proxy/ssl/microservice2-test.key:
--------------------------------------------------------------------------------
1 | -----BEGIN RSA PRIVATE KEY-----
2 | MIIEowIBAAKCAQEApJZD0ie0YNlg3GCchX3tAldNy1+8BcamLBaBKPQItFeSTMFS
3 | fwKXtnqz25I9dgF+B8dg8hMn3y7NQ02JcYgMELSDq+PHORZ1DiyXjoPWiCY9YTgI
4 | FRJuhY/7Fyjp7nezgOgs0QEQ+qhZIb7rgvJOP0WaZ6Xslhmqe89o9xBPTJxniFUv
5 | 5ajs8c4d/35i79oqMhgfPMNgUWHPQrGkmLTDKy2adqHRx++KIGW/Au8ch3bH8vu0
6 | rq0BPNBlj3kvMLTuLhzzBib/owEJE11+l9KrOZ0eLpdFmf2AxAIEyE5TS+f+NSMv
7 | AS27Or80vtU/hJevDAIvB7hvCTN6uvcJzXXQtQIDAQABAoIBAQCZJxrFHB1FYgI4
8 | D86Wia9aVlMVxGf6F/fZXrehnDPdXP/OXLafaZIzQ8rJrzNx88GLC4SyvhCEJdDr
9 | p+MVujs/8Dn2YWapQLR8FBKTkyq2Vp8XMESVFymxL2G/E1tbhBeNBH9vnUZnePA3
10 | 7qjImSEmz2X2vPeCVS/HNiG+hXbFGedYOZohU7OQBcWV+DFStwf6KSYM88Q/tdK3
11 | zz8XAJPu41aphQyRZpvTrgYyLlWaXSRPRiBvetRgxucMnS/2A6a9HyfhldkdAGwm
12 | wwUAJAPsXG2Fl2JEc13nFivWOnoX5hTVFSxCncGpZS3vAPuFlcVNL1DaTqneMFF6
13 | pEop/sShAoGBAM4J/hojpwfmQ0H1NAvtmSQfadvXj/7aaWUmm50Vwt1GE5H/88jr
14 | 1LJxNKXN7KRzb4Qx55FKQjEbULKHmGj9Et/QW6H3aICoAqwWPYqGw3CTQ+TSmG10
15 | Z9Kh0T2Lr1NGQxh3MA6oWw/aaA571dOfNlWUDiedYJV7AhoNqltXWhfDAoGBAMx/
16 | G81GOyqDBgzrtLuCXrumIxiefCYtSA/qth9DAUzT6RR3PDKcBBXNcSHwC6vtQzcT
17 | NiACraBLS50Nkbw213/n2wUXN2ph4lm8FC8GPdu11CDegqgS9M9Nh07s78xlSV1z
18 | WrkU1+Pu1g+Tbryzo5iGNNoBQ+r25OlYerP54eYnAoGAe2cYveckn2KWXebSqWJB
19 | GpWF/Zn6MJX4EhExmr/x2j2icwtto6U72zRaaAQR+9z3qaGKJEbppifKCWOVMSyC
20 | JXLRrwxTltsJ3q/jZBia7c4GGALaMJRLqqgofkgvVhz7Cqg4LE9BWxlgwWwCAaGW
21 | FWN7ptZnhqAJ/ji5E8QZvakCgYBmVlH2d2gSjUFQ5AAtOj/oTmsP3fgpLs36US5V
22 | FLYo2X+yIz134kXVF1u/bR6aKoFRpYaXnF+BcUzkyq6c7yEHPGOJ96Ve0p9w4sOD
23 | CO+Z7TO8Qz5FmD71I0pMgBw9QI7nelvzdW/Y/GQZpWFsg8WiBb+bPbjcdDP4ZrP5
24 | L1sSTwKBgFVROaX+N3gdhw6tP3ZmhkOqMrtsuuXO6h6a7wpR34iDnRvaCDFMmex4
25 | BAXp8HSkivjFr4MUEaP0v9My+upa2nts2Y89YZR9hzFioRotQbRu5TU25wG8hm6K
26 | 9NYarVott3FuW+ktdJLFM1z5kofwsZNuFMoxPtnaVlmOrPETs2xU
27 | -----END RSA PRIVATE KEY-----
28 |
--------------------------------------------------------------------------------