diff --git a/README.md b/README.md index 575b5d7..06ee07e 100644 --- a/README.md +++ b/README.md @@ -1,34 +1,46 @@ - - -
+# `magic-proxy` [![CI/CD](https://github.com/stonegray/magic-proxy/actions/workflows/ci.yml/badge.svg)](https://github.com/stonegray/magic-proxy/actions/workflows/ci.yml) -magic-proxy automatically configures your proxy by reading `x-magic-proxy-descriptor` fields embedded in docker compose files, allowing you to simply bring the compose up and trust that your proxy will automatically configure itself without user intervention. +magic-proxy automatically configures your web proxy by reading `x-magic-proxy` fields embedded in docker compose files, allowing you to simply bring the compose up and trust that your proxy will automatically configure itself without user intervention. It is essentially a templating engine that uses a common syntax, allowing it to generate output for various proxies. + +magic-proxy attaches event-based watchers to relavant files and passively streams events from your `docker.sock` to ensure near-instant configuration of your proxy when it changes, without any polling overhead. -magic-proxy passively streams events from your `docker.sock` to ensure near-instant configuration of your proxy, without any polling overhead. +Features: -magic-proxy is proxy-agnostic and user extensible. It contains a built in HTTP server for status reporting; which is read only and isolated in a v8 VM with a well defined abstraction layer to reduce attack surface. +- API for status monitoring +- Hundreds of built-in regression tests to ensure future stability +- Runtime tests to validate your configuration -magic-proxy is currently in development. +Limitations: +- Only one port per container. +- Currently only the Traefik backend is implemented. You may try the Nginx branch at your own risk. Example: ```yaml -version: "3.9" - services: web-test1: image: crccheck/hello-world container_name: web-test1 expose: - "8000" - x-magic-proxy-descriptor: + x-magic-proxy: + # read ./config/template/* to see how these work, but basically it's + # the base config that gets permutated for each container: template: example.yml + # base information to pass to the proxy: hostname: web-test1.proxy.example.org + target: http://web-test1:8000 + userData: + # add anything here; like OIDC/Oauth2 roles/groups + # this data can get passed to any configuration parameter + # on the proxy: + oidc_group: superCoolPeople + rateLimit: 10 ``` -Now visiting web-test1.proxy.example.org transparently forwards to +Now visiting web-test1.proxy.example.org transparently forwards to port 8000 in the container. ## Usage: Simply start the container on your host and specify the name of the proxy container. @@ -38,25 +50,23 @@ services: magic-proxy: build: . image: docker-ts-app:latest - enviroment: - - PROXY_TYPE="traefik" - - PROXY_OUTPUT_FILE="traefik" volumes: - - "traefik_magic.yml:/var/traefik_magic.yml" - - "/var/run/docker.sock:/var/run/docker.sock" + - "./config:/var/config:ro" + - "/var/run/docker.sock:/var/run/docker.sock:ro" + - "generated_config:/var/generated" - "/:/host:ro" # required to read the compose files - restart: unless-stopped traefik: image: "traefik:v3.4" container_name: "traefik" - restart: unless-stopped - security_opt: - - no-new-privileges:true command: - - "--entryPoints.web.address=:80" + - "--configFile:/var/generated/traefik_magic.yml" + ports: - "80:80" volumes: - "/var/run/docker.sock:/var/run/docker.sock:ro" + - "generated_config:/var/generated:ro" +``` + +## Why? -``` \ No newline at end of file diff --git a/test-env/docker-compose.yml b/test-env/docker-compose.yml deleted file mode 100644 index 766c492..0000000 --- a/test-env/docker-compose.yml +++ /dev/null @@ -1,34 +0,0 @@ -version: '3.9' -services: - web-testone: - image: crccheck/hello-world - container_name: web-1 - expose: - - '8000' - restart: 'no' - x-magic-proxy: - template: oidc.yml - hostname: web1-asdlfassd-2.proxy.example.org - target: http://10.0.1.1:9999 - idle: 20m - auth: - type: oidc - provider: authentik - scopes: openid profile email - match: groups:admins - web-test2: - image: crccheck/hello-world - container_name: web-test2 - expose: - - '8004' - restart: 'no' - x-magic-proxy: - template: oidc.yml - hostname: webtwo.proxy.example.org - target: http://10.0.0.210:8005 - idle: 20m - auth: - type: oidc - provider: authentik - scopes: openid profile email - match: groups:admins