src/dockerproxy.js

'use strict';

exports = module.exports = {
    start: start,
    stop: stop
};

var assert = require('assert'),
    bodyParser = require('body-parser'),
    config = require('./config.js'),
    debug = require('debug')('box:dockerproxy'),
    http = require('http'),
    net = require('net');

var gServer = null;
var gJSONParser = bodyParser.json();

function start(callback) {
    assert.strictEqual(typeof callback, 'function');


    function authorized(req, res) {
        // TODO add here some authorization
        // - block apps not using the docker addon
        // - block calls regarding platform containers
        // - only allow managing and inspection of containers belonging to the app

        return true;
    }

    debug(`startDockerProxy: starting proxy on port ${config.get('dockerProxyPort')}`);

    gServer = http.createServer(function (req, res) {
        if (!authorized(req, res)) return;

        var options = {
            socketPath: '/var/run/docker.sock',
            method: req.method,
            path: req.url,
            headers: req.headers
        };

        var dockerRequest = http.request(options, function (dockerResponse) {
            res.writeHead(dockerResponse.statusCode, dockerResponse.headers);

            // Force node to send out the headers, this is required for the /container/wait api to make the docker cli proceed
            res.write(' ');

            dockerResponse.on('error', function (error) { console.error('dockerResponse error:', error); });
            dockerResponse.pipe(res, { end: true });
        });

        req.on('error', function (error) { console.error('req error:', error); });

        if (req.method === 'POST' && req.url.match(/\/containers\/create/)) {
            gJSONParser(req, res, function () {
                // overwrite the network the container lives in
                req.body.HostConfig.NetworkMode = 'cloudron';

                var plainBody = JSON.stringify(req.body);

                dockerRequest.setHeader('Content-Length', Buffer.byteLength(plainBody));
                dockerRequest.end(plainBody);
            });
        } else if (!req.readable) {
            dockerRequest.end();
        } else {
            req.pipe(dockerRequest, { end: true });
        }
    }).listen(config.get('dockerProxyPort'), callback);

    gServer.on('upgrade', function (req, client, head) {
        // Create a new tcp connection to the TCP server
        var remote = net.connect('/var/run/docker.sock', function () {
            // two-way pipes between client and docker daemon
            client.pipe(remote).pipe(client);

            // resend the upgrade event to the docker daemon, so it responds with the proper message through the pipes
            remote.write(req.method + ' ' + req.url + ' HTTP/1.1\r\n' +
                `Host: ${req.headers.host}\r\n` +
                'Connection: Upgrade\r\n' +
                'Upgrade: tcp\r\n' +
                '\r\n'
            );
        });
    });
}

function stop(callback) {
    assert.strictEqual(typeof callback, 'function');

    if (gServer) gServer.close();

    callback();
}
Move docker proxy into its own file 2018-08-13 21:10:53 +02:00			`'use strict';`

			`exports = module.exports = {`
			`start: start,`
			`stop: stop`
			`};`

			`var assert = require('assert'),`
Make the docker proxy work 2018-08-13 22:14:56 +02:00			`bodyParser = require('body-parser'),`
Move docker proxy into its own file 2018-08-13 21:10:53 +02:00			`config = require('./config.js'),`
Set the correct debug label 2018-08-13 22:06:28 +02:00			`debug = require('debug')('box:dockerproxy'),`
Make the docker proxy work 2018-08-13 22:14:56 +02:00			`http = require('http'),`
			`net = require('net');`
Move docker proxy into its own file 2018-08-13 21:10:53 +02:00
			`var gServer = null;`
Overwrite the docker container network in the proxy 2018-08-14 22:52:00 +02:00			`var gJSONParser = bodyParser.json();`
Move docker proxy into its own file 2018-08-13 21:10:53 +02:00
			`function start(callback) {`
			`assert.strictEqual(typeof callback, 'function');`

Make the docker proxy work 2018-08-13 22:14:56 +02:00
Overwrite the docker container network in the proxy 2018-08-14 22:52:00 +02:00			`function authorized(req, res) {`
			`// TODO add here some authorization`
			`// - block apps not using the docker addon`
			`// - block calls regarding platform containers`
			`// - only allow managing and inspection of containers belonging to the app`
Make the docker proxy work 2018-08-13 22:14:56 +02:00
Overwrite the docker container network in the proxy 2018-08-14 22:52:00 +02:00			`return true;`
Move docker proxy into its own file 2018-08-13 21:10:53 +02:00			`}`

			debug(`startDockerProxy: starting proxy on port ${config.get('dockerProxyPort')}`);

			`gServer = http.createServer(function (req, res) {`
Overwrite the docker container network in the proxy 2018-08-14 22:52:00 +02:00			`if (!authorized(req, res)) return;`
Move docker proxy into its own file 2018-08-13 21:10:53 +02:00
No need to pull in underscore to build an object 2018-08-13 22:01:51 +02:00			`var options = {`
			`socketPath: '/var/run/docker.sock',`
			`method: req.method,`
			`path: req.url,`
Make the docker proxy work 2018-08-13 22:14:56 +02:00			`headers: req.headers`
No need to pull in underscore to build an object 2018-08-13 22:01:51 +02:00			`};`

Move docker proxy into its own file 2018-08-13 21:10:53 +02:00			`var dockerRequest = http.request(options, function (dockerResponse) {`
			`res.writeHead(dockerResponse.statusCode, dockerResponse.headers);`
Make the docker proxy work 2018-08-13 22:14:56 +02:00
			`// Force node to send out the headers, this is required for the /container/wait api to make the docker cli proceed`
			`res.write(' ');`

			`dockerResponse.on('error', function (error) { console.error('dockerResponse error:', error); });`
Move docker proxy into its own file 2018-08-13 21:10:53 +02:00			`dockerResponse.pipe(res, { end: true });`
			`});`

Make the docker proxy work 2018-08-13 22:14:56 +02:00			`req.on('error', function (error) { console.error('req error:', error); });`

Overwrite the docker container network in the proxy 2018-08-14 22:52:00 +02:00			`if (req.method === 'POST' && req.url.match(/\/containers\/create/)) {`
			`gJSONParser(req, res, function () {`
			`// overwrite the network the container lives in`
			`req.body.HostConfig.NetworkMode = 'cloudron';`

			`var plainBody = JSON.stringify(req.body);`

			`dockerRequest.setHeader('Content-Length', Buffer.byteLength(plainBody));`
			`dockerRequest.end(plainBody);`
			`});`
			`} else if (!req.readable) {`
Move docker proxy into its own file 2018-08-13 21:10:53 +02:00			`dockerRequest.end();`
			`} else {`
			`req.pipe(dockerRequest, { end: true });`
			`}`
			`}).listen(config.get('dockerProxyPort'), callback);`
Make the docker proxy work 2018-08-13 22:14:56 +02:00
			`gServer.on('upgrade', function (req, client, head) {`
			`// Create a new tcp connection to the TCP server`
			`var remote = net.connect('/var/run/docker.sock', function () {`
			`// two-way pipes between client and docker daemon`
			`client.pipe(remote).pipe(client);`

			`// resend the upgrade event to the docker daemon, so it responds with the proper message through the pipes`
			`remote.write(req.method + ' ' + req.url + ' HTTP/1.1\r\n' +`
			`Host: ${req.headers.host}\r\n` +
			`'Connection: Upgrade\r\n' +`
			`'Upgrade: tcp\r\n' +`
			`'\r\n'`
			`);`
			`});`
			`});`
Move docker proxy into its own file 2018-08-13 21:10:53 +02:00			`}`

			`function stop(callback) {`
			`assert.strictEqual(typeof callback, 'function');`

			`if (gServer) gServer.close();`

			`callback();`
			`}`