feature/ncproxy: AllowedIps and reenable websocket

next-hat · Jan 31, 2024 · b3ac08c · b3ac08c
1 parent 2e0dfec
commit b3ac08c
Show file tree

Hide file tree

Showing 6 changed files with 92 additions and 61 deletions.
diff --git a/bin/ncproxy/specs/swagger.yaml b/bin/ncproxy/specs/swagger.yaml
@@ -112,6 +112,12 @@ components:
           description: The path
         Target:
           $ref: '#/components/schemas/LocationTarget'
+        AllowedIps:
+          type: array
+          items:
+            type: string
+          description: Allowed ip addr
+          nullable: true
         Headers:
           type: array
           items:

diff --git a/bin/ncproxy/src/models/template.rs b/bin/ncproxy/src/models/template.rs
@@ -7,6 +7,9 @@ pub struct LocationTemplate {
   pub path: String,
   pub upstream_key: String,
   pub redirect: Option<String>,
+  pub allowed_ips: Option<Vec<String>>,
+  pub version: Option<f64>,
+  pub headers: Option<Vec<String>>,
 }
 
 pub struct Template<'a> {

diff --git a/bin/ncproxy/src/models/templates/http.conf b/bin/ncproxy/src/models/templates/http.conf
@@ -26,7 +26,9 @@ server {
   {% if hide_upstream %}
   {% else %}
   {% for location in locations %}
-  location {{ location.path }} {
+  location {{ location.path }} { {% if location.headers %}{% for header in location.headers %}
+    proxy_set_header {{ header }};
+    {% endfor %}{% endif %}{% if location.version %}proxy_http_version {{ location.version }};{% endif %}
     {% if location.redirect %}
     return {{ location.redirect }} {{ location.upstream_key }};
     {% else %}
@@ -37,6 +39,9 @@ server {
     proxy_set_header X-Real-IP          $remote_addr;
     proxy_pass {{ location.upstream_key }}/;
     {% endif %}
+    {% if location.allowed_ips %}{% for allowed_ip in location.allowed_ips %}
+    allow {{ allowed_ip }};
+    {% endfor %}deny all;{% endif %}
   }
   {% endfor %}
   {% endif %}

diff --git a/bin/ncproxy/src/utils/nginx.rs b/bin/ncproxy/src/utils/nginx.rs
@@ -182,6 +182,9 @@ pub async fn add_rule(
                 path: location.path.clone(),
                 upstream_key: format!("http://{upstream_key}"),
                 redirect: None,
+                version: location.version,
+                allowed_ips: location.allowed_ips.clone(),
+                headers: location.headers.clone(),
               };
               locations.push(location);
             }
@@ -196,13 +199,19 @@ pub async fn add_rule(
                 path: location.path.clone(),
                 upstream_key: format!("http://{upstream_key}"),
                 redirect: None,
+                version: location.version,
+                allowed_ips: location.allowed_ips.clone(),
+                headers: location.headers.clone(),
               };
               locations.push(location);
             }
             LocationTarget::Http(http) => {
               let location = LocationTemplate {
                 path: location.path.clone(),
                 upstream_key: http.url.clone(),
+                version: location.version,
+                allowed_ips: location.allowed_ips.clone(),
+                headers: location.headers.clone(),
                 redirect: http.redirect.clone().map(|r| format!("{r}")),
               };
               locations.push(location);

diff --git a/crates/nanocl_stubs/src/proxy.rs b/crates/nanocl_stubs/src/proxy.rs
@@ -248,6 +248,8 @@ pub struct ProxyHttpLocation {
   pub path: String,
   /// The target cargo
   pub target: LocationTarget,
+  /// Allowed ip addr
+  pub allowed_ips: Option<Vec<String>>,
   /// Extras header to add
   #[cfg_attr(
     feature = "serde",

diff --git a/examples/deploy_example.yml b/examples/deploy_example.yml
@@ -1,74 +1,80 @@
 ApiVersion: v0.12
 
 Secrets:
-- Name: env.deploy-example.com
-  Kind: nanocl.io/env
-  Data:
-  - MY_VALUE=MY_KEY
+  - Name: env.deploy-example.com
+    Kind: nanocl.io/env
+    Data:
+      - MY_KEY=MY_VALUE
 
-- Name: env.trash
-  Kind: nanocl.io/env
-  Data:
-  - TRASH=MY_KEY
+  - Name: env.trash
+    Kind: nanocl.io/env
+    Data:
+      - MY_TRASH_KEY=MY_TRASH_VALUE
 
 # See all options:
 # https://docs.next-hat.com/references/nanocl/objects/resource
 Resources:
-- Name: deploy-example.com
-  Kind: ncproxy.io/rule
-  Metadata:
-    CertManager: certbot
-    Selector:
-      App: deploy-example
-  Data:
-    Rules:
-    - Domain: deploy-example.com
-      Network: All
-      Locations:
-      - Path: /
-        Target:
-          Key: deploy-example2.global.c
-          Port: 9000
-      - Path: /v1
-        Target:
-          Key: deploy-example.global.c
-          Port: 9000
-      - Path: /v2
-        Target:
-          Key: deploy-example2.global.c
-          Port: 9000
+  - Name: deploy-example.com
+    Kind: ncproxy.io/rule
+    Metadata:
+      CertManager: certbot
+      Selector:
+        App: deploy-example
+    Data:
+      Rules:
+        - Domain: deploy-example.com
+          Network: All
+          Locations:
+            - Path: /
+              Target:
+                Key: deploy-example2.global.c
+                Port: 9000
+            - Path: /v1
+              Target:
+                Key: deploy-example.global.c
+                Port: 9000
+            - Path: /v2
+              Target:
+                Key: deploy-example2.global.c
+                Port: 9000
+            - Path: /private
+              AllowedIps:
+                - 127.0.0.2
+              Target:
+                Key: deploy-example2.global.c
+                Port: 9000
 
-- Name: proxy-get-started
-  Kind: ncproxy.io/rule
-  Data:
-    Rules:
-    - Domain: get-started.com
-      Network: All
-      Locations:
-      - Path: /
-        Target:
-          Url: https://google.com
-          Redirect: Temporary
+  - Name: proxy-get-started
+    Kind: ncproxy.io/rule
+    Data:
+      Rules:
+        - Domain: get-started.com
+          Network: All
+          Locations:
+            - Path: /
+              Target:
+                Url: https://google.com
+                Redirect: Temporary
 
 # See all options:
 # https://docs.next-hat.com/references/nanocl/objects/cargo
 Cargoes:
-- Name: deploy-example
-  Metadata:
-    Selector:
-      App: deploy-example
-  Secrets:
-  - env.deploy-example.com
-  Container:
-    Image: ghcr.io/next-hat/nanocl-get-started:latest
-    Env:
-    - APP=GET_STARTED
-    - NEW=GG
+  - Name: deploy-example
+    Metadata:
+      Selector:
+        App: deploy-example
+    Secrets:
+      - env.deploy-example.com
+    Container:
+      Image: ghcr.io/next-hat/nanocl-get-started:latest
+      Env:
+        - APP=GET_STARTED
+        - NEW=GG
 
-- Name: deploy-example2
-  Secrets:
-  - env.trash
-  Container:
-    Image: ghcr.io/next-hat/nanocl-get-started:latest
-    Env:
-    - APP=GET_STARTED2
+  - Name: deploy-example2
+    Secrets:
+      - env.trash
+    Container:
+      Image: ghcr.io/next-hat/nanocl-get-started:latest
+      Env:
+        - APP=GET_STARTED2