Files
weave-scope/socks
Lorenzo Manacorda 7eb07eebff Squashed 'tools/' changes from e9e7e6b..b990f48
b990f48 Merge pull request #42 from kinvolk/lorenzo/fix-git-diff
224a145 Check if SHA1 exists before calling `git diff`
1c3000d Add auto_apply config for wcloud
0ebf5c0 Fix wcloud -serivice
4fe078a Merge pull request #39 from weaveworks/fix-wrong-subtree-use
3f4934d Remove generate_latest_map
48beb60 Sync changes done directly in scope/tools
45dcdd5 Merge pull request #37 from weaveworks/fix-mflag-missing
b895344 Use mflag package from weaveworks fork until we find a better solution
e030008 Merge pull request #36 from weaveworks/wcloud-service-flags
9cbab40 Add wcloud Makefile
ef55901 Review feedback, and build wcloud in circle.
3fe92f5 Add wcloud deploy --service flag
3527b56 Merge pull request #34 from weaveworks/repo-branch
92cd0b8 [wcloud] Add support for repo_branch option
9f760ab Allow wcloud users to override username
38037f8 Merge pull request #33 from weaveworks/wcloud-templates
7acfbd7 Propagate the local username
e6876d1 Add template fields to wcloud config.
f1bb537 Merge pull request #30 from weaveworks/mike/shell-lint/dont-error-if-empty
e60f5df Merge pull request #31 from weaveworks/mike/fix-shell-lint-errors
e8e2b69 integrations: Fix a shellcheck linter error
a781575 shell-lint: Don't fail if no shell scripts found
db5efc0 Merge pull request #28 from weaveworks/mike/add-image-tag
5312c40 Import image-tag script into build tools so it can be shared
7e850f8 Fix logs path
dda9785 Update deploy api
f2f4e5b Fix the wcloud client
3925eb6 Merge pull request #27 from weaveworks/wcloud-events
77355b9 Lint
d9a1c6c Add wcloud events, update flags and error nicely when there is no config

git-subtree-dir: tools
git-subtree-split: b990f488bdc7909b62d9245bc4b4caf58f5ae7ea
2016-10-19 12:36:22 +02:00
..

SOCKS Proxy

The challenge: youve built and deployed your microservices based application on a Weave network, running on a set of VMs on EC2. Many of the services public API are reachable from the internet via an Nginx-based reverse proxy, but some of the services also expose private monitoring and manage endpoints via embedded HTTP servers. How do I securely get access to these from my laptop, without exposing them to the world?

One method weve started using at Weaveworks is a 90s technology - a SOCKS proxy combined with a PAC script. Its relatively straight-forward: one sshs into any of the VMs participating in the Weave network, starts the SOCKS proxy in a container on Weave the network, and SSH port forwards a few local port to the proxy. All thats left is for the user to configure his browser to use the proxy, and voila, you can now access your Docker containers, via the Weave network (and with all the magic of weavedns), from your laptops browser!

It is perhaps worth noting there is nothing Weave-specific about this approach - this should work with any SDN or private network.

A quick example:

vm1$ weave launch
vm1$ eval $(weave env)
vm1$ docker run -d --name nginx nginx

And on your laptop

laptop$ git clone https://github.com/weaveworks/tools
laptop$ cd tools/socks
laptop$ ./connect.sh vm1
Starting proxy container...
Please configure your browser for proxy
http://localhost:8080/proxy.pac

To configure your Mac to use the proxy:

  1. Open System Preferences
  2. Select Network
  3. Click the 'Advanced' button
  4. Select the Proxies tab
  5. Click the 'Automatic Proxy Configuration' check box
  6. Enter 'http://localhost:8080/proxy.pac' in the URL box
  7. Remove *.local from the 'Bypass proxy settings for these Hosts & Domains'

Now point your browser at http://nginx.weave.local/