diff --git a/docker-compose.yml b/docker-compose.yml index 20b0504..1c4d122 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,6 +7,8 @@ services: ports: - "80:80" container_name: reverse-proxy + environment: + - DOMAIN=${DOMAIN:-sample-dev.com} # javascript sdk integrations javascript-sdk-client-side: diff --git a/tools/reverse-proxy/Dockerfile b/tools/reverse-proxy/Dockerfile index b880258..a9d32c9 100644 --- a/tools/reverse-proxy/Dockerfile +++ b/tools/reverse-proxy/Dockerfile @@ -1,14 +1,22 @@ FROM nginx:alpine -# Install wget for healthcheck -RUN apk add --no-cache wget +# Install wget for healthcheck and gettext for envsubst +RUN apk add --no-cache wget gettext -# Copy nginx configuration -COPY default.conf /etc/nginx/conf.d/default.conf +# Create templates directory +RUN mkdir -p /etc/nginx/templates + +# Copy nginx configuration template +COPY default.conf.template /etc/nginx/templates/default.conf.template + +# Copy entrypoint script +COPY docker-entrypoint.sh /docker-entrypoint.sh +RUN chmod +x /docker-entrypoint.sh # Create directory for static files (optional) RUN mkdir -p /usr/share/nginx/html EXPOSE 80 +ENTRYPOINT ["/docker-entrypoint.sh"] CMD ["nginx", "-g", "daemon off;"] diff --git a/tools/reverse-proxy/README.md b/tools/reverse-proxy/README.md index 31d911e..e86559a 100644 --- a/tools/reverse-proxy/README.md +++ b/tools/reverse-proxy/README.md @@ -1,27 +1,174 @@ # Nginx Reverse Proxy -A basic nginx web server Docker configuration. +A nginx reverse proxy configuration that routes requests to different backend services based on subdomain. + +## Configuration + +This reverse proxy is configured to forward requests to different ports based on subdomain. Each subdomain maps to a specific service defined in `docker-compose.yml`. + +### Environment Variables + +The domain used for subdomain routing can be configured using the `DOMAIN` environment variable. This allows you to use different domains for different environments (dev, test, prod). + +**Default:** `sample-dev.com` (if `DOMAIN` is not set) + +**Examples:** +- Development: `DOMAIN=sample-dev.com` +- Test: `DOMAIN=sample-test.com` +- Production: `DOMAIN=sample-prod.com` + +### Subdomain Routing + +The following subdomains are configured (using `${DOMAIN}` as the base domain): + +- `js-client-side.${DOMAIN}` → JavaScript SDK Client Side (port 3031) +- `js-client-server.${DOMAIN}` → JavaScript SDK Client Server (port 3032) +- `js-react.${DOMAIN}` → JavaScript SDK React Client Side (port 3034) +- `server-side.${DOMAIN}` → Server Side Integration (port 3033) +- `secure-signals-client-server.${DOMAIN}` → Google Secure Signals Client Server (port 3041) +- `secure-signals-client-side.${DOMAIN}` → Google Secure Signals Client Side (port 3042) +- `secure-signals-server-side.${DOMAIN}` → Google Secure Signals Server Side (port 3043) +- `secure-signals-react.${DOMAIN}` → Google Secure Signals React Client Side (port 3044) +- `prebid-client.${DOMAIN}` → Prebid Client Side (port 3051) +- `prebid-client-server.${DOMAIN}` → Prebid Client Server (port 3052) +- `prebid-secure-signals.${DOMAIN}` → Prebid Secure Signals Client Side (port 3061) + +**Example with default domain (`sample-dev.com`):** +- `js-client-side.sample-dev.com` → JavaScript SDK Client Side (port 3031) +- `js-client-server.sample-dev.com` → JavaScript SDK Client Server (port 3032) +- etc. + +## Required Hosts File Configuration + +To use the subdomain-based routing, you must add entries to your hosts file so that these subdomains resolve to localhost. + +**Note:** Replace `sample-dev.com` with your configured `DOMAIN` value in the examples below. + +### Windows + +1. Open Notepad (or your preferred text editor) **as Administrator** + - Right-click Notepad → "Run as administrator" + - Or use PowerShell as Administrator + +2. Open the hosts file: + ``` + C:\Windows\System32\drivers\etc\hosts + ``` + +3. Add the following entries at the end of the file: + ``` + 127.0.0.1 js-client-side.sample-dev.com + 127.0.0.1 js-client-server.sample-dev.com + 127.0.0.1 js-react.sample-dev.com + 127.0.0.1 server-side.sample-dev.com + 127.0.0.1 secure-signals-client-server.sample-dev.com + 127.0.0.1 secure-signals-client-side.sample-dev.com + 127.0.0.1 secure-signals-server-side.sample-dev.com + 127.0.0.1 secure-signals-react.sample-dev.com + 127.0.0.1 prebid-client.sample-dev.com + 127.0.0.1 prebid-client-server.sample-dev.com + 127.0.0.1 prebid-secure-signals.sample-dev.com + ``` + +4. Save the file + +5. Flush DNS cache (run in PowerShell as Administrator): + ```powershell + ipconfig /flushdns + ``` + +### macOS / Linux + +1. Open the hosts file with sudo: + ```bash + sudo nano /etc/hosts + ``` + (or use `vim`, `vi`, or your preferred editor) + +2. Add the following entries: + ``` + 127.0.0.1 js-client-side.sample-dev.com + 127.0.0.1 js-client-server.sample-dev.com + 127.0.0.1 js-react.sample-dev.com + 127.0.0.1 server-side.sample-dev.com + 127.0.0.1 secure-signals-client-server.sample-dev.com + 127.0.0.1 secure-signals-client-side.sample-dev.com + 127.0.0.1 secure-signals-server-side.sample-dev.com + 127.0.0.1 secure-signals-react.sample-dev.com + 127.0.0.1 prebid-client.sample-dev.com + 127.0.0.1 prebid-client-server.sample-dev.com + 127.0.0.1 prebid-secure-signals.sample-dev.com + ``` + +3. Save and exit + +4. Flush DNS cache (if needed): + ```bash + # macOS + sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder + + # Linux (systemd-resolved) + sudo systemd-resolve --flush-caches + ``` ## Usage -### Build the image +### Using Docker Compose (Recommended) + +When using `docker-compose.yml` from the project root, the reverse proxy will automatically connect to other services on the same Docker network: + +**Default domain (sample-dev.com):** +```bash +docker-compose up reverse-proxy +``` + +**Custom domain:** +```bash +DOMAIN=sample-test.com docker-compose up reverse-proxy +``` + +**Or set in your `.env` file:** +```bash +DOMAIN=sample-prod.com +``` + +Then run: +```bash +docker-compose up reverse-proxy +``` + +### Standalone Build and Run + +#### Build the image ```bash docker build -t nginx-reverse-proxy . ``` -### Run the container +#### Run the container + +**Default domain:** ```bash docker run -d -p 80:80 --name nginx-proxy nginx-reverse-proxy ``` -### Run with custom static files +**Custom domain:** ```bash -docker run -d -p 80:80 -v /path/to/your/html:/usr/share/nginx/html --name nginx-proxy nginx-reverse-proxy +docker run -d -p 80:80 -e DOMAIN=sample-test.com --name nginx-proxy nginx-reverse-proxy ``` -## Configuration +**Note:** When running standalone, you'll need to ensure the backend services are accessible. You may need to modify the `proxy_pass` directives in `default.conf.template` to use `host.docker.internal` or the appropriate Docker network hostname. + +## Customization -Edit `default.conf` to customize the nginx configuration. The default configuration serves static files from `/usr/share/nginx/html`. +Edit `default.conf.template` to customize the nginx configuration: +- Add or remove server blocks for different subdomains +- Modify subdomain names in the `server_name` directives (use `${DOMAIN}` for the domain variable) +- Adjust proxy headers as needed +- Add additional location blocks for specific routes -To use as a reverse proxy, uncomment and modify the proxy_pass section in `default.conf`. +**Important:** After modifying `default.conf.template`, rebuild the Docker image: +```bash +docker-compose build reverse-proxy +docker-compose up -d reverse-proxy +``` diff --git a/tools/reverse-proxy/default.conf b/tools/reverse-proxy/default.conf deleted file mode 100644 index 6efcf5d..0000000 --- a/tools/reverse-proxy/default.conf +++ /dev/null @@ -1,36 +0,0 @@ -server { - listen 80; - server_name localhost; - - # Basic reverse proxy configuration - # Uncomment and modify as needed for your use case - # location / { - # proxy_pass http://backend:3000; - # proxy_set_header Host $host; - # proxy_set_header X-Real-IP $remote_addr; - # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - # proxy_set_header X-Forwarded-Proto $scheme; - # } - - # Healthcheck endpoint - location /healthcheck { - access_log off; - return 200 "healthy\n"; - add_header Content-Type text/plain; - } - - # Healthcheck endpoint - location /ops/healthcheck { - access_log off; - return 200 "healthy\n"; - add_header Content-Type text/plain; - } - - # Serve static files - location / { - root /usr/share/nginx/html; - index index.html; - try_files $uri $uri/ =404; - } -} - diff --git a/tools/reverse-proxy/default.conf.template b/tools/reverse-proxy/default.conf.template new file mode 100644 index 0000000..1cea716 --- /dev/null +++ b/tools/reverse-proxy/default.conf.template @@ -0,0 +1,254 @@ +# Localhost server block - provides helpful information +server { + listen 80; + server_name localhost 127.0.0.1; + + location /healthcheck { + access_log off; + return 200 "healthy\n"; + add_header Content-Type text/plain; + } + + location / { + add_header Content-Type text/html; + return 200 "UID2 Sample Pages

UID2 Sample Pages

Access services using the following subdomains:

js-client-side.${DOMAIN}js-client-server.${DOMAIN}js-react.${DOMAIN}server-side.${DOMAIN}secure-signals-client-server.${DOMAIN}secure-signals-client-side.${DOMAIN}secure-signals-server-side.${DOMAIN}secure-signals-react.${DOMAIN}prebid-client.${DOMAIN}prebid-client-server.${DOMAIN}prebid-secure-signals.${DOMAIN}
Note: Add these subdomains to your hosts file (127.0.0.1) to use them.
"; + } +} + +# Default server block - catch-all for unmatched subdomains +server { + listen 80 default_server; + server_name _; + + location /healthcheck { + access_log off; + return 200 "healthy\n"; + add_header Content-Type text/plain; + } + + location / { + return 404 "No matching subdomain configuration\n"; + add_header Content-Type text/plain; + } +} + +# JavaScript SDK - Client Side (port 3031) +server { + listen 80; + server_name js-client-side.${DOMAIN} *.js-client-side.${DOMAIN}; + + location /healthcheck { + access_log off; + return 200 "healthy\n"; + add_header Content-Type text/plain; + } + + location / { + proxy_pass http://javascript-sdk-client-side:3031; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} + +# JavaScript SDK - Client Server (port 3032) +server { + listen 80; + server_name js-client-server.${DOMAIN} *.js-client-server.${DOMAIN}; + + location /healthcheck { + access_log off; + return 200 "healthy\n"; + add_header Content-Type text/plain; + } + + location / { + proxy_pass http://javascript-sdk-client-server:3032; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} + +# JavaScript SDK - React Client Side (port 3034) +server { + listen 80; + server_name js-react.${DOMAIN} *.js-react.${DOMAIN}; + + location /healthcheck { + access_log off; + return 200 "healthy\n"; + add_header Content-Type text/plain; + } + + location / { + proxy_pass http://javascript-sdk-react-client-side:3034; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} + +# Server Side Integration (port 3033) +server { + listen 80; + server_name server-side.${DOMAIN} *.server-side.${DOMAIN}; + + location /healthcheck { + access_log off; + return 200 "healthy\n"; + add_header Content-Type text/plain; + } + + location / { + proxy_pass http://server-side:3033; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} + +# Google Secure Signals - Client Server (port 3041) +server { + listen 80; + server_name secure-signals-client-server.${DOMAIN} *.secure-signals-client-server.${DOMAIN}; + + location /healthcheck { + access_log off; + return 200 "healthy\n"; + add_header Content-Type text/plain; + } + + location / { + proxy_pass http://google-secure-signals-client-server:3041; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} + +# Google Secure Signals - Client Side (port 3042) +server { + listen 80; + server_name secure-signals-client-side.${DOMAIN} *.secure-signals-client-side.${DOMAIN}; + + location /healthcheck { + access_log off; + return 200 "healthy\n"; + add_header Content-Type text/plain; + } + + location / { + proxy_pass http://google-secure-signals-client-side:3042; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} + +# Google Secure Signals - Server Side (port 3043) +server { + listen 80; + server_name secure-signals-server-side.${DOMAIN} *.secure-signals-server-side.${DOMAIN}; + + location /healthcheck { + access_log off; + return 200 "healthy\n"; + add_header Content-Type text/plain; + } + + location / { + proxy_pass http://google-secure-signals-server-side:3043; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} + +# Google Secure Signals - React Client Side (port 3044) +server { + listen 80; + server_name secure-signals-react.${DOMAIN} *.secure-signals-react.${DOMAIN}; + + location /healthcheck { + access_log off; + return 200 "healthy\n"; + add_header Content-Type text/plain; + } + + location / { + proxy_pass http://google-secure-signals-react-client-side:3044; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} + +# Prebid - Client Side (port 3051) +server { + listen 80; + server_name prebid-client.${DOMAIN} *.prebid-client.${DOMAIN}; + + location /healthcheck { + access_log off; + return 200 "healthy\n"; + add_header Content-Type text/plain; + } + + location / { + proxy_pass http://prebid-client-side:3051; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} + +# Prebid - Client Server (port 3052) +server { + listen 80; + server_name prebid-client-server.${DOMAIN} *.prebid-client-server.${DOMAIN}; + + location /healthcheck { + access_log off; + return 200 "healthy\n"; + add_header Content-Type text/plain; + } + + location / { + proxy_pass http://prebid-client-server:3052; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} + +# Prebid Secure Signals - Client Side (port 3061) +server { + listen 80; + server_name prebid-secure-signals.${DOMAIN} *.prebid-secure-signals.${DOMAIN}; + + location /healthcheck { + access_log off; + return 200 "healthy\n"; + add_header Content-Type text/plain; + } + + location / { + proxy_pass http://prebid-secure-signals-client-side:3061; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} + diff --git a/tools/reverse-proxy/docker-entrypoint.sh b/tools/reverse-proxy/docker-entrypoint.sh new file mode 100644 index 0000000..103c0e4 --- /dev/null +++ b/tools/reverse-proxy/docker-entrypoint.sh @@ -0,0 +1,15 @@ +#!/bin/sh +set -e + +# Default domain if not set +DOMAIN=${DOMAIN:-sample-dev.com} + +# Substitute environment variables in the template +envsubst '${DOMAIN}' < /etc/nginx/templates/default.conf.template > /etc/nginx/conf.d/default.conf + +# Test nginx configuration +nginx -t + +# Execute the main command +exec "$@" +