Docker: add option to disable proxy, add option to set custom port, c…

…addy logs to stdout, upgrade caddy to 0.10.11. Improve docs. Signed-off-by: Marios Andreopoulos <[email protected]>
lensesio · Feb 20, 2018 · c6a643e · c6a643e
1 parent bf689be
commit c6a643e
Show file tree

Hide file tree

Showing 4 changed files with 107 additions and 23 deletions.
diff --git a/docker/Caddyfile b/docker/Caddyfile
@@ -2,4 +2,4 @@
 tls off
 
 root /kafka-connect-ui
-log /access.log
+log stdout
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -7,10 +7,9 @@ RUN apk add --no-cache ca-certificates wget \
     && echo "progress = dot:giga" | tee /etc/wgetrc
 
 # Add and Setup Caddy webserver
-RUN wget "https://github.com/mholt/caddy/releases/download/v0.9.5/caddy_linux_amd64.tar.gz" -O /caddy.tgz \
+RUN wget "https://github.com/mholt/caddy/releases/download/v0.10.11/caddy_v0.10.11_linux_amd64.tar.gz" -O /caddy.tgz \
     && mkdir caddy \
     && tar xzf caddy.tgz -C /caddy \
-    && mv /caddy/caddy_linux_amd64 /caddy/caddy \
     && rm -f /caddy.tgz
 
 # Add and Setup Kafka-Connect-Ui

diff --git a/docker/README.md b/docker/README.md
@@ -3,7 +3,7 @@
 [![](https://images.microbadger.com/badges/image/landoop/kafka-connect-ui.svg)](http://microbadger.com/images/landoop/kafka-connect-ui)
 
 This is a small docker image for Landoop's kafka-connect-ui.
-It serves the kafka-connect-ui from port 8000.
+It serves the kafka-connect-ui from port 8000 by default.
 A live version can be found at <https://kafka-connect-ui.landoop.com>
 
 The software is stateless and the only necessary option is your Kafka Connect
@@ -30,8 +30,58 @@ a semicolon and the cluster name after the endpoint URL. E.g:
 > have an IP address of `192.168.5.65` and run Connect from your computer,
 > instead of `http://127.0.1:8083` you must use `http://192.168.5.65:8083`.
 
-Please note that because Connect does not send CORS headers, we have to proxy
-it. What this means for you, is that Connect, while running the container, is
-accessible via `http://your.address:8000/api/kafka-connect`. If this is a
-security issue for you, you should protect your machine via a firewall, or maybe
-do not expose the port and use the container's IP address to access the UI.
+# Configuration options
+
+## Kafka Connect UI
+
+The only option for the UI, is the URL(s) of your Connect cluster(s).
+
+- `CONNECT_URL=[connect.cluster.1.url;name],...`
+
+  As an example, if you have a connect cluster at http://10.0.0.1:8083 and you
+  want to name *dev cluster* you would set:
+
+      -e "CONNECT_URL=http://10.0.0.1:8083,dev cluster"
+
+## Docker Options
+
+- `PROXY=[true|false]`
+
+  Whether to proxy Connect endpoints via the internal webserver. This option
+  is by default set to `true` as older versions of Connect do not support CORS,
+  so there isn't another way to make the UI work. If you have a recent Connect
+  (0.11 or 1.0) and permit CORS, you can disable the proxying feature.
+- `PROXY_SKIP_VERIFY=[true|false]`
+
+  Whether to accept self-signed certificates when proxying Connect via https.
+- `PORT=[PORT]`
+
+  The port number to use for kafka-connect-ui. The default is `8000`.
+  Usually the main reason for using this is when you run the
+  container with `--net=host`, where you can't use docker's publish
+  flag (`-p HOST_PORT:8000`).
+- `CADDY_OPTIONS=[OPTIONS]`
+
+  The webserver that powers the image is Caddy. Via this variable
+  you can add options that will be appended to its configuration
+  (Caddyfile). Variables than span multiple lines are supported.
+
+  As an example, you can set Caddy to not apply timeouts via:
+
+      -e "CADDY_OPTIONS=timeouts none"
+
+  Or you can set basic authentication via:
+
+      -e "CADDY_OPTIONS=basicauth / [USER] [PASS]"
+
+# Kafka Connect Configuration
+
+If you don't wish to proxy Connect's REST api, you should permit CORS via setting
+`access.control.allow.methods=GET,POST,PUT,DELETE,OPTIONS` and
+`access.control.allow.origin=*`.
+
+# Logging
+
+In the latest iterations, the container will print informational messages during
+startup at stderr and web server logs at stdout. This way you may sent the logs
+(stdout) to your favorite log management solution.
diff --git a/docker/run.sh b/docker/run.sh
@@ -1,19 +1,32 @@
 #!/bin/sh
 
 if [[ -z "$CONNECT_URL" ]]; then
-    echo "Kafka Connect URL was not set via CONNECT_URL environment variable."
-    echo "We will fall back to default http://localhost:8083 which probably won't work."
-    # We also change connect proxy in order to make it as visible as possible
-    # that the configuration is bad.
-    CONNECT_PROXY=http://localhost:8083
+    {
+        echo "Kafka Connect URL was not set via CONNECT_URL environment variable."
+        echo "We will fall back to default http://localhost:8083 which probably won't work."
+    } 1>&2
 fi
 
 CONNECT_URL="${CONNECT_URL:-http://localhost:8083}"
+PROXY="${PROXY:-true}"
+PROXY_SKIP_VERIFY="${PROXY_SKIP_VERIFY:-false}"
+INSECURE_PROXY=""
+CADDY_OPTIONS="${CADDY_OPTIONS:-}"
+PORT="${PORT:-8000}"
 
-cat /caddy/Caddyfile.template > /caddy/Caddyfile
+cat /caddy/Caddyfile.template |
+    sed -e "s/8000/$PORT/" > /caddy/Caddyfile
 
-echo
-echo "Enabling proxy because Connect doesn't send CORS headers yet and setting up clusters."
+if echo "$PROXY" | egrep -sq "true|TRUE|y|Y|yes|YES|1"; then
+    {
+        echo
+        echo "Enabling proxy. You can disable this via PROXY=false."
+    } 1>&2
+fi
+
+if echo "$PROXY_SKIP_VERIFY" | egrep -sq "true|TRUE|y|Y|yes|YES|1"; then
+    INSECURE_PROXY=insecure_skip_verify
+fi
 
 NUM_CLUSTER=0
 OLDIFS=""
@@ -39,22 +52,44 @@ EOF
         CLUSTER_SANITIZED_NAME="${CLUSTER_NAME// /_}"
         CLUSTER_SANITIZED_NAME="${CLUSTER_NAME//[^a-zA-Z0-9_.-]/}"
     fi
-    cat <<EOF >>/caddy/Caddyfile
+    if echo $PROXY | egrep -sq "true|TRUE|y|Y|yes|YES|1"; then
+        cat <<EOF >>/caddy/Caddyfile
 proxy /api/$CLUSTER_SANITIZED_NAME $CLUSTER_URL {
     without /api/$CLUSTER_SANITIZED_NAME
+    $INSECURE_PROXY
 }
 EOF
-
-    cat <<EOF >>/kafka-connect-ui/env.js
+        cat <<EOF >>/kafka-connect-ui/env.js
    $OPEN_CURL
      NAME: "$CLUSTER_NAME",
      KAFKA_CONNECT: "/api/$CLUSTER_SANITIZED_NAME"
    }
 EOF
-
+    else
+        cat <<EOF >>/kafka-connect-ui/env.js
+   $OPEN_CURL
+     NAME: "$CLUSTER_NAME",
+     KAFKA_CONNECT: "$CLUSTER_URL"
+   }
+EOF
+    fi
 done
 echo "]" >> /kafka-connect-ui/env.js
 
-echo
+if [[ -n "${CADDY_OPTIONS}" ]]; then
+    echo "Applying custom options to Caddyfile"
+    cat <<EOF >>/caddy/Caddyfile
+$CADDY_OPTIONS
+EOF
+fi
+
+{
+    # Here we emulate the output by Caddy. Why? Because we can't
+    # redirect caddy to stderr as the logging would also get redirected.
+    echo
+    echo "Activating privacy features... done."
+    echo "http://0.0.0.0:$PORT"
+} 1>&2
+
 
-exec /caddy/caddy -conf /caddy/Caddyfile
+exec /caddy/caddy -conf /caddy/Caddyfile -quiet