a0d60e4de9
f041a74ff Undo some quoting that broke the test script (#160) b1c21a068 Merge pull request #158 from weaveworks/go-1-13 d5c7dd0cd Run shell-lint during CI, and fix warnings 6db1abd14 Update to Go 1.13.1 d6cc704a2 Fix comment 7139116ae Revert "Push comments to the left so they don't appear in scripts" e47e58f7b Push comments to the left so they don't appear in scripts 3945fcec8 Remove nonexistent env var GIT_TAG cd6299284 Merge pull request #156 from weaveworks/drop-quay af0eb5119 Merge pull request #157 from weaveworks/fix-image-tag-prefix-length 0b9aee4f2 Fix image-tag object name prefix length to 8 chars. 813c28fe7 Move from CircleCI 1.0 to 2.0 425cf4ef1 Move from quay.io to Dockerhub 87ccf4fd1 Merge pull request #155 from weaveworks/go-1-12 c31bc2865 Update lint script to work with Go 1.12 ed8e380d7 Update to Go 1.12.1 git-subtree-dir: tools git-subtree-split: f041a74ffbf273b627d6c960f17357108d0dbd1c
SOCKS Proxy
The challenge: you’ve built and deployed your microservices based application on a Weave network, running on a set of VMs on EC2. Many of the services’ public API are reachable from the internet via an Nginx-based reverse proxy, but some of the services also expose private monitoring and manage endpoints via embedded HTTP servers. How do I securely get access to these from my laptop, without exposing them to the world?
One method we’ve started using at Weaveworks is a 90’s technology - a SOCKS proxy combined with a PAC script. It’s relatively straight-forward: one ssh’s into any of the VMs participating in the Weave network, starts the SOCKS proxy in a container on Weave the network, and SSH port forwards a few local port to the proxy. All that’s left is for the user to configure his browser to use the proxy, and voila, you can now access your Docker containers, via the Weave network (and with all the magic of weavedns), from your laptop’s browser!
It is perhaps worth noting there is nothing Weave-specific about this approach - this should work with any SDN or private network.
A quick example:
vm1$ weave launch
vm1$ eval $(weave env)
vm1$ docker run -d --name nginx nginx
And on your laptop
laptop$ git clone https://github.com/weaveworks/tools
laptop$ cd tools/socks
laptop$ ./connect.sh vm1
Starting proxy container...
Please configure your browser for proxy
http://localhost:8080/proxy.pac
To configure your Mac to use the proxy:
- Open System Preferences
- Select Network
- Click the 'Advanced' button
- Select the Proxies tab
- Click the 'Automatic Proxy Configuration' check box
- Enter 'http://localhost:8080/proxy.pac' in the URL box
- Remove
*.localfrom the 'Bypass proxy settings for these Hosts & Domains'
Now point your browser at http://nginx.weave.local/