ehazlett · jcmcote · Sep 1, 2017 · Sep 1, 2017 · Sep 8, 2017 · Sep 8, 2017
diff --git a/docs/examples/nginx-swarm-stack-machine/README.md b/docs/examples/nginx-swarm-stack-machine/README.md
@@ -0,0 +1,78 @@
+# Interlock + Docker Swarm + Stack deploy
+This example shows a Interlock in a Swarm cluster deployed using docker stack deploy.
+
+Start with the [Docker Swarm](https://docs.docker.com/swarm/install-w-machine/)
+evaluation tutorial.  Once you have a working Swarm cluster continue below.
+
+Note: you need a manager and a worker node to run this example
+
+Note: this uses [Docker Compose](http://docs.docker.com/compose).  Please make
+sure you have the latest version installed.
+
+# Setup
+To make this example portable, we use an environment variable to configure
+Interlock to your Swarm cluster.  Run the following to set it up:
+
+`docker-machine env manager`
+
+export DOCKER_TLS_VERIFY="1"
+export DOCKER_HOST="tcp://192.168.99.100:2376"
+export DOCKER_CERT_PATH="/Users/jccote/.docker/machine/machines/manager"
+export DOCKER_MACHINE_NAME="manager"
+# Run this command to configure your shell:
+# eval $(docker-machine env manager)
+
+# build an interlock image using a custom tag
+# this builds the image into the DOCKER_HOST specified above that is the manager node
+`make -e TAG=mytag image`
+
+# you can verify the image was created in the manager node
+`docker image ls`
+REPOSITORY           TAG                 IMAGE ID            CREATED             SIZE
+ehazlett/interlock   mytag               7b20d1a87b1e        15 seconds ago      23.2MB
+<none>               <none>              0da48c200507        34 seconds ago      634MB
+nginx                <none>              0b5dec81616c        44 hours ago        108MB
+alpine               latest              7328f6f8b418        2 months ago        3.97MB
+golang               1.6-alpine          1ea38172de32        8 months ago        283MB
+
+# generate a stack file using docker-compose
+`docker-compose -f ./docs/examples/nginx-swarm-stack-machine/docker-compose.yml config > stack.yml`
+
+# deploy the stack using docker stack deploy and give your stack a name
+`docker stack deploy -c stack.yml mystack`
+
+# you should now have the following service running
+`docker service ls`
+ID                  NAME                MODE                REPLICAS            IMAGE                         PORTS
+6jbqsojcwrbb        mystack_app         replicated          2/2                 ehazlett/docker-demo:latest   *:0->8080/tcp
+kbeckpeyqbob        mystack_nginx       replicated          1/1                 nginx:latest                  *:80->80/tcp
+ykdsht0davud        mystack_interlock   replicated          1/1                 ehazlett/interlock:jcc
+
+Once up you can check the logs to ensure Interlock is detecting:
+
+`docker logs mystack_interlock.1.5s9qd89crem17f384o2zt2kv2`
+
+
+You can also verify that the nginx routes are created properly:
+`docker exec -it mystack_nginx.1.5s9qd89crem17f384o2zt2kv2 /bin/bash -c "cat /etc/nginx/nginx.conf"`
+
+ upstream ctx___web {
+        zone ctx___web_backend 64k;
+	server 10.0.0.8:8080;
+	server 10.0.0.5:8080;
+
+    }
+
+    server {
+        listen 7070;
+        server_name _;
+
+
+	location /web {
+
+	    proxy_pass http://ctx___web;
+	}
+
+
+The sample web applications should be available at
+http://192.168.99.100:7070/web
diff --git a/docs/examples/nginx-swarm-stack-machine/config-for-ide.toml b/docs/examples/nginx-swarm-stack-machine/config-for-ide.toml
@@ -0,0 +1,15 @@
+ListenAddr = ":9090"
+DockerURL = "tcp://192.168.99.100:2376"
+TLSCACert = "/Users/jccote/.docker/machine/machines/manager/ca.pem"
+TLSCert = "/Users/jccote/.docker/machine/machines/manager/cert.pem"
+TLSKey = "/Users/jccote/.docker/machine/machines/manager/key.pem"
+
+[[Extensions]]
+Name = "nginx"
+ConfigPath = "/etc/nginx/nginx.conf"
+TemplatePath = "interlock/docs/examples/nginx-swarm-stack-machine/nginx-template.conf"
+PidPath = "/var/run/nginx.pid"
+BackendOverrideAddress = "172.17.0.1"
+MaxConn = 1024
+Port = 7070
+NginxPlusEnabled = false
diff --git a/docs/examples/nginx-swarm-stack-machine/docker-compose.yml b/docs/examples/nginx-swarm-stack-machine/docker-compose.yml
@@ -0,0 +1,58 @@
+version: '3'
+
+networks:
+  overlay_net:
+
+services:
+
+ interlock:
+    image: ehazlett/interlock:mytag
+    command: -D run -c /etc/interlock/config.toml
+    tty: true
+    networks:
+      - overlay_net
+    deploy:
+      replicas: 1
+      placement:
+        constraints:
+          [ node.role == manager ]
+    volumes:
+        - ${PWD}/docs/examples/nginx-swarm-stack-machine/config.toml:/etc/interlock/config.toml:ro
+        - ${PWD}/docs/examples/nginx-swarm-stack-machine/nginx-template.conf:/nginx-template.conf:ro
+        - ${DOCKER_CERT_PATH}:/var/lib/boot2docker:ro
+
+
+ nginx:
+    image: nginx:latest
+    entrypoint: nginx
+    command: -g "daemon off;" -c /etc/nginx/nginx.conf
+    networks:
+      - overlay_net
+    deploy:
+      replicas: 1
+      placement:
+        constraints:
+          [ node.role == manager ]
+    ports:
+        - 80:80
+        - 7070:7070
+    labels:
+        - "interlock.ext.name=nginx"
+
+ app:
+    image: ehazlett/docker-demo:latest
+    networks:
+      - overlay_net
+    deploy:
+      replicas: 2
+      placement:
+        constraints:
+          [ node.role != manager ]
+    ports:
+        - 8080:8080
+    labels:
+        - "interlock.hostname="
+        - "interlock.domain=_"
+        - "interlock.context_root=/web"
+        - "interlock.port=8080"
+        - "interlock.network=mystack_overlay_net"
diff --git a/docs/examples/nginx-swarm-stack-machine/nginx-template.conf b/docs/examples/nginx-swarm-stack-machine/nginx-template.conf
@@ -0,0 +1,156 @@
+user  {{ .Config.User }};
+worker_processes  {{ .Config.WorkerProcesses }};
+worker_rlimit_nofile {{ .Config.RLimitNoFile }};
+
+error_log  /var/log/error.log warn;
+pid        {{ .Config.PidPath }};
+
+
+events {
+    worker_connections  {{ .Config.MaxConn }};
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+    server_names_hash_bucket_size 128;
+    client_max_body_size 2048M;
+
+    log_format  main  '$remote_addr - $remote_user [$upstream_addr] [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    # If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
+    # scheme used to connect to this server
+    map $http_x_forwarded_proto $proxy_x_forwarded_proto {
+      default $http_x_forwarded_proto;
+      ''      $scheme;
+    }
+
+    #gzip  on;
+    proxy_connect_timeout {{ .Config.ProxyConnectTimeout }};
+    proxy_send_timeout {{ .Config.ProxySendTimeout }};
+    proxy_read_timeout {{ .Config.ProxyReadTimeout }};
+    proxy_set_header        X-Real-IP         $remote_addr;
+    proxy_set_header        X-Forwarded-For   $proxy_add_x_forwarded_for;
+    proxy_set_header        X-Forwarded-Proto $proxy_x_forwarded_proto;
+    proxy_set_header        Host              $http_host;
+    send_timeout {{ .Config.SendTimeout }};
+
+    # ssl
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers {{ .Config.SSLCiphers }};
+    ssl_protocols {{ .Config.SSLProtocols }};
+    {{ if .Config.DHParam}}ssl_dhparam {{ .Config.DHParamPath }};{{ end }}
+
+    map $http_upgrade $connection_upgrade {
+        default upgrade;
+        ''      close;
+    }
+
+    # default host return 503
+    server {
+            listen {{ 80 }};
+            server_name _;
+
+            location / {
+                return 503;
+            }
+
+            location /nginx_status {
+                stub_status on;
+                access_log off;
+            }
+    }
+
+    {{ range $host := .Hosts }}
+    {{ if $host.Upstream.Servers }}
+    upstream {{ $host.Upstream.Name }} {
+        {{ if $host.IPHash }}ip_hash; {{else}}zone {{ $host.Upstream.Name }}_backend 64k;{{ end }}
+
+        {{ range $up := $host.Upstream.Servers }}server {{ $up.Addr }};
+        {{ end }}
+    }
+    {{ end }}
+    {{ range $k, $ctxroot := $host.ContextRoots }}
+    upstream ctx{{ $k }} {
+        {{ if $host.IPHash }}ip_hash; {{else}}zone ctx{{ $ctxroot.Name }}_backend 64k;{{ end }}
+	{{ range $d := $ctxroot.Upstreams }}server {{ $d }};
+	{{ end }}
+    } {{ end }}
+
+    server {
+        listen {{ $host.Port }};
+        server_name{{ range $name := $host.ServerNames }} {{ $name }}{{ end }};
+
+	{{ range $ctxroot := $host.ContextRoots }}
+	location {{ $ctxroot.Path }} {
+	    {{ if $ctxroot.Rewrite }}rewrite ^([^.]*[^/])$ $1/ permanent;
+	    rewrite  ^{{ $ctxroot.Path }}/(.*)  /$1 break;{{ end }}
+	    proxy_pass http://ctx{{ $ctxroot.Name }};
+	}
+	{{ end }}
+
+        {{ if $host.SSLOnly }}return 302 https://$server_name$request_uri;{{ else }}
+	{{ if $host.Upstream.Servers }}
+        location / {
+            {{ if $host.SSLBackend }}proxy_pass https://{{ $host.Upstream.Name }};{{ else }}proxy_pass http://{{ $host.Upstream.Name }};{{ end }}
+        }
+	{{ end }}
+
+        {{ range $ws := $host.WebsocketEndpoints }}
+        location {{ $ws }} {
+            {{ if $host.SSLBackend }}proxy_pass https://{{ $host.Upstream.Name }};{{ else }}proxy_pass http://{{ $host.Upstream.Name }};{{ end }}
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection $connection_upgrade;
+        }
+
+        location /nginx_status {
+            stub_status on;
+            access_log off;
+        }
+
+        {{ end }}
+    }
+    {{ if $host.SSL }}
+    server {
+        listen {{ $host.SSLPort }};
+        ssl on;
+        ssl_certificate {{ $host.SSLCert }};
+        ssl_certificate_key {{ $host.SSLCertKey }};
+        server_name{{ range $name := $host.ServerNames }} {{ $name }}{{ end }};
+
+        location / {
+            {{ if $host.SSLBackend }}proxy_pass https://{{ $host.Upstream.Name }};{{ else }}proxy_pass http://{{ $host.Upstream.Name }};{{ end }}
+        }
+
+        {{ range $ws := $host.WebsocketEndpoints }}
+        location {{ $ws }} {
+            {{ if $host.SSLBackend }}proxy_pass https://{{ $host.Upstream.Name }};{{ else }}proxy_pass http://{{ $host.Upstream.Name }};{{ end }}
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection $connection_upgrade;
+        }
+
+        location /nginx_status {
+            stub_status on;
+            access_log off;
+        }
+        {{ end }}
+    }
+    {{ end }}
+
+    {{ end }}
+    {{ end }} {{/* end host range */}}
+
+    include {{ .Config.ConfigBasePath }}/conf.d/*.conf;
+}