Added development environment for quickly testing proxy configurations

mike-gangl · mike-gangl · commit e68929c6c941 · 2024-05-22T09:09:56.000-07:00
diff --git a/README.md b/README.md
@@ -46,3 +46,21 @@ config to then take effect.
 
 There is currently no way to remove files or fix a broken config other than mounting the EFS mount into an EC2 server and making changes.
 To do this you will need to edit the security group to allow access to the EC2 box and then install the EFS utils.
+
+## Manually adding a file/template
+
+One can execute the httpdmanager lambda function directly with the following json syntax:
+
+```
+{
+  "filename": "example-extension",
+  "template": "SSLProxyEngine On\nProxyPreserveHost On\n\nProxyPass \/hub https:\/\/jupyter.us-west-2.elb.amazonaws.com:443\/hub\/\nProxyPassReverse \/hub https:\/\/jupyter.us-west-2.elb.amazonaws.com:443\/hub\/"
+}
+
+```
+
+The template must be json encoded. I've used https://nddapp.com/json-encoder.html successfully.
+
+
+## How do I know what to add in the 'template' file above?
+We are not perfect human beings. In order to iterate quickly on the above templat contents, we have created a development proxy environment that can be tested mostly locally. Check out the `develop` directory for instructions.
diff --git a/develop/Dockerfile.developer b/develop/Dockerfile.developer
@@ -0,0 +1,8 @@
+FROM ubuntu/apache2
+LABEL authors="barber"
+
+RUN apt update && apt install -y libapache2-mod-auth-openidc ca-certificates && a2enmod auth_openidc proxy proxy_http proxy_wstunnel rewrite headers ssl && \
+    sed -i 's/Listen 80/Listen 8080/' /etc/apache2/ports.conf
+
+
+CMD ["/bin/bash", "-c", "apache2-foreground"]
diff --git a/develop/README.md b/develop/README.md
@@ -0,0 +1,43 @@
+# Developing for the proxy
+
+## Build the docker container locally
+
+```
+docker build -t unity-proxy-dev -f Dockerfile.developer .
+```
+
+We need a "special" proxy without the management console additions present. Ideally the proxy would not be tied to the management console, but here we are.
+
+## Add files to the sites-enabled folder
+
+The proxy works by looking at "conf" files in the "sites-enabled" directory within apache (within the container, this is /etc/apache2/sites-enabled). To facillitate dynamic additions, the unity-proxy code allows for individualized configurations to be added. This is done in two areas:
+
+1. Add a `*.conf` file to the sites-enabled directory. This is where you want to put all your proxy informations. DO NOT INCLUDE `<VirtualHost>` tags within this.
+2. Add an 'Include' to the `sites-enabled/main.conf` file to include this new entry. Note how the `main.conf` file already defines the <VirtualHost> section? This is why it's not included above.
+
+**Note:** whatever path you end up proxying TO your service will be visible to the user. So, for example, we want something like `jupyter` not `mikes-dev-jupyter` and it should be consistent across ALL venues. Care shoud be taken to make sure you're not conflicting with another service.
+
+
+## Run the container
+```
+docker run --name apache2 --rm -p 8080:8080 -v $PWD/sites-enabled:/etc/apache2/sites-enabled 425ffb0c6c2d
+```
+
+This will mount the local sites-enabled directory over the default directory so that one can develop quickly. Simply keep tweaking the *.conf file you created until your proxy is working.
+
+You can now navigate to `localhost:8080/<proxyPath>` to test out your proxy params.
+
+When ready, kill your container
+
+```
+docker kill apache2
+```
+
+## Finalizing
+
+When ready, add your config to the deployed unity-proxy instance, you have all the information needed to follow the instructions in the ../README.md file.
+
+The `filename` should be whatever you named your `*.conf` file WITHOUT the `.conf` suffix. The `template` value should be the contents of your `*.conf` file. 
+
+Add these to your terraform script to update the venue proxy with your information. 
+
diff --git a/develop/sites-enabled/example-extension.conf b/develop/sites-enabled/example-extension.conf
@@ -0,0 +1,6 @@
+SSLProxyEngine On
+ProxyPreserveHost On
+
+ProxyPass /hub https://jupyter.us-west-2.elb.amazonaws.com:443/hub/
+ProxyPassReverse /hub https://jupyter.us-west-2.elb.amazonaws.com:443/hub/
+
diff --git a/develop/sites-enabled/main.conf b/develop/sites-enabled/main.conf
@@ -0,0 +1,13 @@
+<VirtualHost *:8080>
+
+# THESE ARE FOR TESTING DEVELOPMENT ONLY, DO NOT ADD THESE TO a deployed config file as they make thigns VERY unsecure.
+# SERIOUSLY
+# DO NOT ADD THIS IN PRODUCTION
+SSLProxyCheckPeerCN Off
+SSLProxyCheckPeerExpire Off
+SSLProxyCheckPeerName Off
+
+# Add your new *.conf file here
+Include /etc/apache2/sites-enabled/example-extension.conf
+
+</VirtualHost>
