From 5bcecc0634fee3dad6ea07fe373ccbb57bcd1de7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Arturo=20Filast=C3=B2?= <arturo@filasto.net>
Date: Wed, 25 Sep 2024 18:32:02 +0300
Subject: [PATCH] Start fleshing out simple docker nginx reverse proxy

---
 ooniapi/services/reverseproxy/Dockerfile      |  4 ++
 ooniapi/services/reverseproxy/Makefile        | 62 +++++++++++++++++++
 .../reverseproxy/default.conf.template        | 29 +++++++++
 ooniapi/services/reverseproxy/run.sh          |  4 ++
 .../reverseproxy/scripts/docker-smoketest.sh  | 34 ++++++++++
 5 files changed, 133 insertions(+)
 create mode 100644 ooniapi/services/reverseproxy/Dockerfile
 create mode 100644 ooniapi/services/reverseproxy/Makefile
 create mode 100644 ooniapi/services/reverseproxy/default.conf.template
 create mode 100755 ooniapi/services/reverseproxy/run.sh
 create mode 100755 ooniapi/services/reverseproxy/scripts/docker-smoketest.sh

diff --git a/ooniapi/services/reverseproxy/Dockerfile b/ooniapi/services/reverseproxy/Dockerfile
new file mode 100644
index 00000000..c8f8af53
--- /dev/null
+++ b/ooniapi/services/reverseproxy/Dockerfile
@@ -0,0 +1,4 @@
+FROM nginx:1.27.1
+ENV TARGET_URL="https://backend-hel.ooni.org"
+
+COPY default.conf.template /etc/nginx/templates/
\ No newline at end of file
diff --git a/ooniapi/services/reverseproxy/Makefile b/ooniapi/services/reverseproxy/Makefile
new file mode 100644
index 00000000..77963eb5
--- /dev/null
+++ b/ooniapi/services/reverseproxy/Makefile
@@ -0,0 +1,62 @@
+SERVICE_NAME ?= reverseproxy
+PKG_VERSION = 1.0.0
+
+ECS_CONTAINER_NAME ?= ooniapi-service-$(SERVICE_NAME)
+IMAGE_NAME ?= ooni/api-$(SERVICE_NAME)
+DATE := $(shell python3 -c "import datetime;print(datetime.datetime.now(datetime.timezone.utc).strftime('%Y%m%d'))")
+GIT_FULL_SHA ?= $(shell git rev-parse HEAD)
+SHORT_SHA := $(shell echo ${GIT_FULL_SHA} | cut -c1-8)
+
+BUILD_LABEL := $(DATE)-$(SHORT_SHA)
+VERSION_LABEL = v$(PKG_VERSION)
+ENV_LABEL ?= latest
+
+print-labels:
+	echo "ECS_CONTAINER_NAME=${ECS_CONTAINER_NAME}"
+	echo "PKG_VERSION=${PKG_VERSION}"
+	echo "BUILD_LABEL=${BUILD_LABEL}"
+	echo "VERSION_LABEL=${VERSION_LABEL}"
+	echo "ENV_LABEL=${ENV_LABEL}"
+
+init:
+	echo "noop"
+
+docker-build:
+	docker build \
+		--build-arg BUILD_LABEL=${BUILD_LABEL} \
+		-t ${IMAGE_NAME}:${BUILD_LABEL} \
+		-t ${IMAGE_NAME}:${VERSION_LABEL} \
+		-t ${IMAGE_NAME}:${ENV_LABEL} \
+		.
+	echo "built image: ${IMAGE_NAME}:${BUILD_LABEL} (${IMAGE_NAME}:${VERSION_LABEL} ${IMAGE_NAME}:${ENV_LABEL})"
+
+docker-push:
+	docker push ${IMAGE_NAME}:${BUILD_LABEL}
+	docker push ${IMAGE_NAME}:${VERSION_LABEL}
+	docker push ${IMAGE_NAME}:${ENV_LABEL}
+
+docker-smoketest:
+	./scripts/docker-smoketest.sh ${IMAGE_NAME}:${BUILD_LABEL}
+
+imagedefinitions.json:
+	echo '[{"name":"${ECS_CONTAINER_NAME}","imageUri":"${IMAGE_NAME}:${BUILD_LABEL}"}]' > imagedefinitions.json
+
+test:
+	echo "noop"
+
+test-cov:
+	echo "noop"
+
+build:
+	docker build .
+
+clean:
+	hatch clean
+	rm -f imagedefinitions.json
+	rm -rf build dist *eggs *.egg-info
+	rm -rf .venv
+
+run:
+	./run.sh
+
+.PHONY: init test build clean docker
diff --git a/ooniapi/services/reverseproxy/default.conf.template b/ooniapi/services/reverseproxy/default.conf.template
new file mode 100644
index 00000000..157b4921
--- /dev/null
+++ b/ooniapi/services/reverseproxy/default.conf.template
@@ -0,0 +1,29 @@
+gzip on;
+gzip_proxied any;
+gzip_types text/plain application/json;
+gzip_min_length 1000;
+
+server {
+    listen 8080;
+    location /stub_status {
+        stub_status   on;
+    }
+}
+
+server {
+    listen 80;
+
+    location / {
+        if ($request_method !~ ^(GET|POST|HEAD|OPTIONS|PUT|DELETE)$) {
+            return 405;
+        }
+
+        proxy_pass ${TARGET_URL};
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_cache_bypass $http_upgrade;
+    }
+}
\ No newline at end of file
diff --git a/ooniapi/services/reverseproxy/run.sh b/ooniapi/services/reverseproxy/run.sh
new file mode 100755
index 00000000..28e62ca6
--- /dev/null
+++ b/ooniapi/services/reverseproxy/run.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+set -ex
+
+docker run -p 8080:80 --rm -it $(docker build -q .)
diff --git a/ooniapi/services/reverseproxy/scripts/docker-smoketest.sh b/ooniapi/services/reverseproxy/scripts/docker-smoketest.sh
new file mode 100755
index 00000000..fdc964cc
--- /dev/null
+++ b/ooniapi/services/reverseproxy/scripts/docker-smoketest.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+set -ex
+
+if [ $# -eq 0 ]; then
+  echo "Error: No Docker image name provided."
+  echo "Usage: $0 [IMAGE_NAME]"
+  exit 1
+fi
+
+IMAGE=$1
+CONTAINER_NAME=ooniapi-smoketest-$RANDOM
+PORT=$((RANDOM % 10001 + 30000))
+
+cleanup() {
+    echo "cleaning up"
+    docker logs $CONTAINER_NAME
+    docker stop $CONTAINER_NAME >/dev/null 2>&1
+    docker rm $CONTAINER_NAME >/dev/null 2>&1
+}
+
+echo "[+] Running smoketest of ${IMAGE}"
+docker run -d --name $CONTAINER_NAME -p $PORT:80 ${IMAGE}
+
+trap cleanup INT TERM EXIT
+
+sleep 2
+response=$(curl -s -o /dev/null -w "%{http_code}" http://localhost:$PORT/health)
+if [ "${response}" -eq 200 ]; then
+  echo "Smoke test passed: Received 200 OK from /health endpoint."
+else
+  echo "Smoke test failed: Did not receive 200 OK from /health endpoint. Received: $response"
+  exit 1
+fi