Running an anonymous proxy in a Docker container – part 2

docker containersA while back I wrote a blog post about running a Glype anonymous proxy in a Docker container. In case you forgotten or didn’t read part one, that article covered creating a Docker image from the latest fedora image in Docker Hub and manually configuring it to run a Glype anonymous proxy. We installed apache, PHP and the software packages required, configured our web server then created a script that runs apache in the foreground when the container is launched.

Much of what was covered would apply to any web type application but sticking with our Glype proxy in a Docker container, this time we streamline the whole process so you can get your container up and running in minutes. Using the power of a Dockerfile, github and dockerhub, the fun but time consuming manual manipulation of a Docker container is banished to be replaced with a slick process that would delight any devop! Not only that but changes are easy to implement and you can fire up your container anywhere there is a docker daemon running. I know it sounds too good to be true, but read on.

As previously mentioned a short Dockerfile replaces the manual container manipulation. Here is that Dockerfile:

FROM fedora:latest 
MAINTAINER Anthony J Davis <tony@just_some_stuff.co.uk>
 
RUN dnf -y install httpd php php-common php-xml openssl mod_ssl tar && dnf -y clean all \
 && sed -i.ORIG 's/#ServerName/ServerName/' /etc/httpd/conf/httpd.conf
COPY test-proxy.conf /etc/httpd/conf.d
COPY run_apache_foreground /etc/httpd
RUN mkdir /etc/httpd/ssl && \
 openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt -subj "/C=GB/ST=London/L=London/O=JSS/OU=testing/CN=tony-proxy" && cd /var && rm -f lock && ln -s ../run lock
COPY ioncube_loaders_lin_x86-64_5.1.2.tar.gz /var/tmp
RUN cd /usr/local && tar xzf /var/tmp/ioncube_loaders_lin_x86-64_5.1.2.tar.gz && \
  cd /usr/lib64/php/modules && cp /usr/local/ioncube/ioncube_loader_lin_5.6* . && chmod 755 ioncube* && \ 
  cd /etc/php.d && echo "zend_extension = /usr/lib64/php/modules/ioncube_loader_lin_5.6.so" >> 00-ioncube.ini
 
ENTRYPOINT ["/etc/httpd/run_apache_foreground"]

Here’s how it works.

  • FROM indicates the container will be based on fedora latest docker image from dockerhub
  • Next the dnf command will be RUN to install the required software packages, httpd , php, php-xml, openssl, mod_ssl and tar
  • The COPY statements will copy test-proxy.conf and run-apache-foreground files into the image. These files must be available locally so they can be copied and are as detailed in the previous post
  • Next the SSL environment will be created by the next RUN command
  • The next COPY  statement will copy the ioncube softwareThis is then configured using the RUN command. Again the ioncube tar file must be available locally.
  • Finally the ENTRYPOINT is configured, which is the run_apache_foreground script.

Tip – try to keep the statements in your Dockerfile to a minimum. This will keep the layers created in the image to a minimum so keep the image compact and small.

Now you can build an image by running docker build -t mydockerfile . However, we can do even better that that. Using this Dockerfile where we can create a set up that will allow us to spin up a container anywhere (where Docker is installed, doh) in seconds.

First, almost like a proper developer,  set up git.

Install git on your source server. Create a github account on github.com and import your ssh key (see https://help.github.com/articles/generating-an-ssh-key/ for details) . Create repository for docker images, cd to the location of your Dockerfile and associated files them execute:

git clone git@github.com:yourusername/my-docker-images.git git checkout -b glype (create a new branch for Glype docker images) git add . git commit -m “Adding files” git push origin glype

If you checkout your git repository, the files will have been uploaded. I have the following:

Dockerfile
ioncube_loaders_lin_x86-64_5.1.2.tar.gz
run_apache_foreground
test-proxy.conf

(See part 1 for details of the three other files)

Now we need to get registered at Docker Registry, hub.docker.com. Once registered,
select Create Automated Build from the Create drop down then Create Auto-build Github.  link your github account and specify the github repository created earlier using the link accounts menu item. Once linked, fill in the name, make sure the type is branch and give the branch name, glype, give the Dockerfile location as / and tag name as latest. Ensure the active button is ticked so that whenever you updated git, updates are automatically pulled. It’ll look something like this:

dokerhub screenshot

The registry hub will now pull your branch and try to build your Docker image to verify it works. You can check this in the build details tab. If everything is successful, we can now build our Docker Glype container wherever Docker is installed.

docker pull tonydavis41/my-docker-images
docker run -v /var/www/htdocs:/var/www/htdocs -p 8443:443 -d -t tonydavis41/my-docker-images /etc/httpd/run_apache_foreground

Remember though that Glype is installed locally in /var/www/htdocs so that must be available from wherever you launch your container.

So there you have it, a Docker container running a Glype anonymous proxy up and running in minutes. And that’s not all. If you commit any changes to git, they’ll be automatically picked up in docker hub and so to your image. Furthermore, as it’s in Docker Hub, you can pick up your image and run it anywhere. I decided to run it in AWS instance, no problem (although if you wanted to run it in AWS, you may as well just create an AMI and launch that). Fast, flexible and simple.

Well that’s it for now, Bye!

 

 


Leave a Reply