Merge remote-tracking branch 'upstream/master'

Author: mhaamann

Dockerfile

@@ -1,12 +1,12 @@
-FROM golang:1.9 AS build
+FROM golang:1.9.6 AS build
 ADD . /src
 WORKDIR /src
 RUN go get -d -v -t
 RUN go test --cover ./... --run UnitTest
 RUN go build -v -o docker-flow-proxy
 
 
-FROM haproxy:1.8-alpine
+FROM haproxy:1.8.8-alpine
 MAINTAINER 	Viktor Farcic <viktor@farcic.com>
 
 RUN mkdir /lib64 && ln -s /lib/libc.musl-x86_64.so.1 /lib64/ld-linux-x86-64.so.2
@@ -15,19 +15,22 @@ RUN mkdir -p /cfg/tmpl /templates /certs /logs
 ENV CERTS="" \
     CAPTURE_REQUEST_HEADER="" \
     CFG_TEMPLATE_PATH="/cfg/tmpl/haproxy.tmpl" \
-    CHECK_RESOLVERS=false \
+    CHECK_RESOLVERS=false RESOLVERS="nameserver dns 127.0.0.11:53" \
     CONNECTION_MODE="http-keep-alive" \
+    CRT_LIST_PATH="" \
     DEBUG="false" \
     DEFAULT_PORTS="80,443:ssl" \
     DEFAULT_REQ_MODE="http" \
     DO_NOT_RESOLVE_ADDR="false" \
     ENABLE_H2="true" \
+    FILTER_PROXY_INSTANCE_NAME="false" \
     HEALTHCHECK="true" \
     HTTPS_ONLY="false" \
     EXTRA_FRONTEND="" \
     LISTENER_ADDRESS="" \
     MODE="default" \
     PROXY_INSTANCE_NAME="docker-flow" \
+    RELOAD_ATTEMPTS="5" \
     RELOAD_INTERVAL="5000" REPEAT_RELOAD=false \
     RECONFIGURE_ATTEMPTS="20" \
     SEPARATOR="," \
@@ -43,9 +46,9 @@ EXPOSE 443
 EXPOSE 8080
 
 RUN apk --no-cache add tini
-ENTRYPOINT ["/sbin/tini","--"]
+ENTRYPOINT ["/sbin/tini", "-g", "--"]
 CMD ["docker-flow-proxy", "server"]
-HEALTHCHECK --interval=5s --start-period=3s --timeout=5s CMD check.sh
+HEALTHCHECK --interval=5s --start-period=3s --timeout=10s CMD check.sh
 
 COPY scripts/check.sh /usr/local/bin/check.sh
 RUN chmod +x /usr/local/bin/check.sh

Dockerfile.linux-arm

@@ -0,0 +1,52 @@
+FROM arm32v7/haproxy
+COPY tmp/qemu-arm-static /usr/bin/qemu-arm-static
+
+MAINTAINER Raymond Mouthaan <raymondmmouthaan@gmail.com>
+
+ENV CERTS="" \
+    CAPTURE_REQUEST_HEADER="" \
+    CFG_TEMPLATE_PATH="/cfg/tmpl/haproxy.tmpl" \
+    CHECK_RESOLVERS=false \
+    CONNECTION_MODE="http-keep-alive" \
+    CRT_LIST_PATH="" \
+    DEBUG="false" \
+    DEFAULT_PORTS="80,443:ssl" \
+    DEFAULT_REQ_MODE="http" \
+    DO_NOT_RESOLVE_ADDR="false" \
+    ENABLE_H2="true" \
+    FILTER_PROXY_INSTANCE_NAME="false" \
+    HEALTHCHECK="true" \
+    HTTPS_ONLY="false" \
+    EXTRA_FRONTEND="" \
+    LISTENER_ADDRESS="" \
+    MODE="default" \
+    PROXY_INSTANCE_NAME="docker-flow" \
+    RELOAD_ATTEMPTS="5" \
+    RELOAD_INTERVAL="5000" REPEAT_RELOAD=false \
+    RECONFIGURE_ATTEMPTS="20" \
+    SEPARATOR="," \
+    SERVICE_NAME="proxy" SERVICE_DOMAIN_ALGO="hdr_beg(host)" \
+    STATS_USER="" STATS_USER_ENV="STATS_USER" STATS_PASS="" STATS_PASS_ENV="STATS_PASS" STATS_URI="" STATS_URI_ENV="STATS_URI" STATS_PORT="" \
+    TIMEOUT_HTTP_REQUEST="5" TIMEOUT_HTTP_KEEP_ALIVE="15" TIMEOUT_CLIENT="20" TIMEOUT_CONNECT="5" TIMEOUT_QUEUE="30" TIMEOUT_SERVER="20" TIMEOUT_TUNNEL="3600" \
+    USERS="" \
+    SKIP_ADDRESS_VALIDATION="true" \
+    SSL_BIND_OPTIONS="no-sslv3" SSL_BIND_CIPHERS="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS"
+
+COPY scripts/check.sh /usr/local/bin/check.sh
+RUN chmod +x /usr/local/bin/check.sh
+
+COPY errorfiles /errorfiles
+COPY haproxy.cfg /cfg/haproxy.cfg
+RUN mkdir -p /cfg/tmpl /templates /certs /logs
+COPY haproxy.tmpl /cfg/tmpl/haproxy.tmpl
+
+COPY docker-flow-proxy_linux_arm /usr/local/bin/docker-flow-proxy
+RUN chmod +x /usr/local/bin/docker-flow-proxy
+
+HEALTHCHECK --interval=5s --start-period=3s --timeout=5s CMD check.sh
+
+EXPOSE 80
+EXPOSE 443
+EXPOSE 8080
+
+CMD ["docker-flow-proxy", "server"]

Dockerfile.packetbeat

@@ -1,4 +1,4 @@
-FROM vfarcic/docker-flow-proxy
+FROM dockerflow/docker-flow-proxy
 
 ENV PACKETBEAT_CONFIG /packetbeat/packetbeat.yml
 

Dockerfile.test

@@ -1,13 +1,4 @@
-FROM golang:1.8
-
-MAINTAINER 	Viktor Farcic <viktor@farcic.com>
-
-RUN apt-get update && \
-    apt-get install -y apt-transport-https ca-certificates curl software-properties-common expect && \
-    curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - && \
-    add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable" && \
-    apt-get update && \
-    apt-get -y install docker-ce
+FROM dockerflow/docker-flow-proxy-test-base
 
 COPY . /src
 WORKDIR /src

Dockerfile.test-base

@@ -0,0 +1,10 @@
+FROM golang:1.8
+
+MAINTAINER 	Viktor Farcic <viktor@farcic.com>
+
+RUN apt-get update && \
+    apt-get install -y apt-transport-https ca-certificates curl software-properties-common expect && \
+    curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - && \
+    add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable" && \
+    apt-get update && \
+    apt-get -y install docker-ce

Jenkinsfile

@@ -15,14 +15,14 @@ pipeline {
           def dateFormat = new SimpleDateFormat("yy.MM.dd")
           currentBuild.displayName = dateFormat.format(new Date()) + "-" + env.BUILD_NUMBER
         }
-        dfBuild("docker-flow-proxy")
-        sh "docker image build -t vfarcic/docker-flow-proxy:latest-packet-beat -f Dockerfile.packetbeat ."
-        sh "docker image tag vfarcic/docker-flow-proxy:latest-packet-beat vfarcic/docker-flow-proxy:${currentBuild.displayName}-packet-beat"
+        dfBuild2("docker-flow-proxy")
+        sh "docker image build -t dockerflow/docker-flow-proxy:latest-packet-beat -f Dockerfile.packetbeat ."
+        sh "docker image tag dockerflow/docker-flow-proxy:latest-packet-beat dockerflow/docker-flow-proxy:${currentBuild.displayName}-packet-beat"
       }
     }
     stage("staging") {
       environment {
-        DOCKER_HUB_USER = "vfarcic"
+        DOCKER_HUB_USER = "dockerflow"
       }
       steps {
         script {
@@ -37,12 +37,12 @@ pipeline {
         branch "master"
       }
       steps {
-        dockerLogin()
-        sh "docker image push vfarcic/docker-flow-proxy:latest-packet-beat"
-        sh "docker image push vfarcic/docker-flow-proxy:${currentBuild.displayName}-packet-beat"
+        dfLogin()
+        sh "docker image push dockerflow/docker-flow-proxy:latest-packet-beat"
+        sh "docker image push dockerflow/docker-flow-proxy:${currentBuild.displayName}-packet-beat"
         dockerLogout()
-        dfRelease("docker-flow-proxy")
-        dfReleaseGithub("docker-flow-proxy")
+        dfRelease2("docker-flow-proxy")
+        dfReleaseGithub2("docker-flow-proxy")
       }
     }
     stage("deploy") {
@@ -53,7 +53,7 @@ pipeline {
         label "prod"
       }
       steps {
-        dfDeploy("docker-flow-proxy", "proxy_proxy", "proxy_docs")
+        dfDeploy2("docker-flow-proxy", "proxy_proxy", "proxy_docs")
       }
     }
   }

README.md

@@ -1,12 +1,17 @@
 # Docker Flow Proxy
 
-[![GitHub release](https://img.shields.io/github/release/vfarcic/docker-flow-proxy.svg)]()
-[![license](https://img.shields.io/github/license/vfarcic/docker-flow-proxy.svg)]()
+[![GitHub release](https://img.shields.io/github/release/docker-flow/docker-flow-proxy.svg)]()
+[![license](https://img.shields.io/github/license/docker-flow/docker-flow-proxy.svg)]()
 [![Docker Pulls](https://img.shields.io/docker/pulls/vfarcic/docker-flow-proxy.svg)]()
-[![Go Report Card](https://goreportcard.com/badge/github.com/vfarcic/docker-flow-proxy)](https://goreportcard.com/report/github.com/vfarcic/docker-flow-proxy)
+[![Go Report Card](https://goreportcard.com/badge/github.com/docker-flow/docker-flow-proxy)](https://goreportcard.com/report/github.com/docker-flow/docker-flow-proxy)
 
 The goal of the *Docker Flow Proxy* project is to provide an easy way to reconfigure proxy every time a new service is deployed, or when a service is scaled. It does not try to "reinvent the wheel", but to leverage the existing leaders and combine them through an easy to use integration. It uses [HAProxy](http://www.haproxy.org/) as a proxy and adds custom logic that allows on-demand reconfiguration.
 
+Supported archetectures are:
+
+- linux-amd64
+- linux-arm
+
 Please visit the **[project documentation](http://proxy.dockerflow.com)** for more info or join the #df-proxy Slack channel in [DevOps20](http://slack.devops20toolkit.com/) if you have any questions, suggestions, or problems.
 
 <a href='https://ko-fi.com/A655LRB' target='_blank'><img height='36' style='border:0px;height:36px;' src='https://az743702.vo.msecnd.net/cdn/kofi2.png?v=0' border='0' alt='Buy Me a Coffee at ko-fi.com' /></a>

actions/fetch.go

@@ -1,11 +1,12 @@
 package actions
 
 import (
-	"../proxy"
 	"encoding/json"
 	"fmt"
 	"net/http"
 	"strings"
+
+	"../proxy"
 )
 
 // Fetchable defines interface that fetches information from other sources
@@ -46,6 +47,7 @@ func (m *fetch) ReloadConfig(baseData BaseReconfigure, listenerAddr string) erro
 	if err = json.NewDecoder(resp.Body).Decode(&services); err != nil {
 		return err
 	}
+
 	needsReload := false
 	for _, s := range services {
 		proxyService := proxy.GetServiceFromMap(&s)

actions/reconfigure.go

@@ -7,16 +7,13 @@ import (
 	"os"
 	"strconv"
 	"strings"
-	"sync"
 
 	"../proxy"
 )
 
 const serviceTemplateFeFilename = "service-formatted-fe.ctmpl"
 const serviceTemplateBeFilename = "service-formatted-be.ctmpl"
 
-var mu = &sync.Mutex{}
-
 // Reconfigurable defines mandatory interface
 type Reconfigurable interface {
 	Execute(reloadAfter bool) error
@@ -47,8 +44,11 @@ var NewReconfigure = func(baseData BaseReconfigure, serviceData proxy.Service) R
 
 // Execute creates a new configuration and reloads the proxy
 func (m *Reconfigure) Execute(reloadAfter bool) error {
-	mu.Lock()
-	defer mu.Unlock()
+	if strings.EqualFold(os.Getenv("FILTER_PROXY_INSTANCE_NAME"), "true") &&
+		!strings.EqualFold(m.InstanceName, m.Service.ProxyInstanceName) {
+		logPrintf("Filtering %s configuration, with proxyInstanceName: %s", m.ServiceName, m.Service.ProxyInstanceName)
+		return nil
+	}
 	if strings.EqualFold(os.Getenv("SKIP_ADDRESS_VALIDATION"), "false") {
 		host := m.ServiceName
 		if len(m.ServiceDest) > 0 && len(m.ServiceDest[0].OutboundHostname) > 0 {
@@ -59,12 +59,9 @@ func (m *Reconfigure) Execute(reloadAfter bool) error {
 			return err
 		}
 	}
-	if err := m.createConfigs(); err != nil {
+	if err := m.createConfigsAddService(); err != nil {
 		return err
 	}
-	if !m.hasTemplate() {
-		proxy.Instance.AddService(m.Service)
-	}
 	if reloadAfter {
 		reload := reload{}
 		if err := reload.Execute(true); err != nil {
@@ -83,6 +80,19 @@ func (m *Reconfigure) Execute(reloadAfter bool) error {
 	return nil
 }
 
+func (m *Reconfigure) createConfigsAddService() error {
+	configProxyMu.Lock()
+	defer configProxyMu.Unlock()
+
+	if err := m.createConfigs(); err != nil {
+		return err
+	}
+	if !m.hasTemplate() {
+		proxy.Instance.AddService(m.Service)
+	}
+	return nil
+}
+
 // GetData returns structure with reconfiguration data and the service
 func (m *Reconfigure) GetData() (BaseReconfigure, proxy.Service) {
 	return m.BaseReconfigure, m.Service
@@ -94,12 +104,7 @@ func (m *Reconfigure) GetTemplates() (front, back string, err error) {
 	if value, err := strconv.ParseBool(os.Getenv("CHECK_RESOLVERS")); err == nil {
 		sr.CheckResolvers = value
 	}
-	for i := range sr.ServiceDest {
-		if len(sr.ServiceDest[i].ReqMode) == 0 {
-			sr.ServiceDest[i].ReqMode = "http"
-		}
-	}
-	m.formatData(sr)
+	proxy.FormatServiceForTemplates(sr)
 	if len(sr.TemplateFePath) > 0 {
 		feTmpl, err := readTemplateFile(sr.TemplateFePath)
 		if err != nil {
@@ -137,24 +142,6 @@ func (m *Reconfigure) createConfigs() error {
 	return nil
 }
 
-// TODO: Move to ha_proxy.go
-func (m *Reconfigure) formatData(sr *proxy.Service) {
-	sr.AclCondition = ""
-	if len(sr.AclName) == 0 {
-		sr.AclName = sr.ServiceName
-	}
-	if len(sr.PathType) == 0 {
-		sr.PathType = "path_beg"
-	}
-	for i, sd := range sr.ServiceDest {
-		if sd.SrcPort > 0 {
-			sr.ServiceDest[i].SrcPortAclName = fmt.Sprintf(" srcPort_%s%d", sr.ServiceName, sd.SrcPort)
-			sr.ServiceDest[i].SrcPortAcl = fmt.Sprintf(`
-    acl srcPort_%s%d dst_port %d`, sr.ServiceName, sd.SrcPort, sd.SrcPort)
-		}
-	}
-}
-
 func (m *Reconfigure) getUsersList(sr *proxy.Service) string {
 	if len(sr.Users) > 0 {
 		return `userlist {{.ServiceName}}Users{{range .Users}}