d9ce1d58e9
4b7d5c61 Merge pull request #59 from weaveworks/57-fix-lint-properly b7f0e692 Merge pull request #58 from weaveworks/fix-lint 794702c7 Pin version of shfmt ab1b11de Fix lint 81d80f35 Merge pull request #55 from weaveworks/lint-tf 05ad5f27 Review feedback 4c0d0469 Use hclfmt to lint terraform. fd875e27 Fix test wrt shellcheck 54ec2d92 Don't capitalise error messages 19d3b6e2 Merge pull request #49 from weaveworks/pin-shfmt fea98f66 Go get from the vendor dir 1d867b06 Try and vendor a specific version of shfmt 76619c2d Merge pull request #48 from weaveworks/revert-41-user-tokens 4f96c519 Revert "Add experimental support for user tokens" d00033fd Merge pull request #41 from weaveworks/user-tokens 245ed267 Merge pull request #47 from weaveworks/46-shfmt c1d7815a Fix shfmt error cb397466 Don't overright lint_result with 0 when shellcheck succeeds 8ab80e87 Merge pull request #45 from weaveworks/lint 83d5bd1f getting integration/config and test shellcheck-compliant cff9ec36 Fix some shellcheck errors 7a843d6d run shellcheck as part of lint if it is installed 31552a0e removing spurious space from test 6ca7c5f0 Merge pull request #44 from weaveworks/shfmt 952356d8 Allow lint to lint itself b7ac59c3 Run shfmt on all shell files in this repo 5570b0e9 Add shfmt formatting of shell files in lint 0a675941 fix circle build by splatting gopath permissions 354e0838 Fixing lint 586060b2 Add experimental support for user tokens git-subtree-dir: tools git-subtree-split: 4b7d5c617e662acb8b1bee4203d7671fb0aa1cba
SOCKS Proxy
The challenge: you’ve built and deployed your microservices based application on a Weave network, running on a set of VMs on EC2. Many of the services’ public API are reachable from the internet via an Nginx-based reverse proxy, but some of the services also expose private monitoring and manage endpoints via embedded HTTP servers. How do I securely get access to these from my laptop, without exposing them to the world?
One method we’ve started using at Weaveworks is a 90’s technology - a SOCKS proxy combined with a PAC script. It’s relatively straight-forward: one ssh’s into any of the VMs participating in the Weave network, starts the SOCKS proxy in a container on Weave the network, and SSH port forwards a few local port to the proxy. All that’s left is for the user to configure his browser to use the proxy, and voila, you can now access your Docker containers, via the Weave network (and with all the magic of weavedns), from your laptop’s browser!
It is perhaps worth noting there is nothing Weave-specific about this approach - this should work with any SDN or private network.
A quick example:
vm1$ weave launch
vm1$ eval $(weave env)
vm1$ docker run -d --name nginx nginx
And on your laptop
laptop$ git clone https://github.com/weaveworks/tools
laptop$ cd tools/socks
laptop$ ./connect.sh vm1
Starting proxy container...
Please configure your browser for proxy
http://localhost:8080/proxy.pac
To configure your Mac to use the proxy:
- Open System Preferences
- Select Network
- Click the 'Advanced' button
- Select the Proxies tab
- Click the 'Automatic Proxy Configuration' check box
- Enter 'http://localhost:8080/proxy.pac' in the URL box
- Remove
*.localfrom the 'Bypass proxy settings for these Hosts & Domains'
Now point your browser at http://nginx.weave.local/