plantuml docker/nginx SSL
- plantuml-server を docker で起動する
- nginx + SSL で HTTPS 通信にする
- 本手順では証明書は適当に作っているので、ちゃんと使いたい人はちゃんとしたのを入れる
- nginx + Basic 認証の設定を入れる
- nginx の ORIGIN は bitbucket にしていますが、適宜変える
Install docker to Amazon AMI
- Amazon Linux 2 AMI (HVM), SSD Volume Type
- t2.micro
- port 18080, 22(close after setup)
- Elastic IPは振った方がいいでしょう
ssh -i XXX.pem -l ec2-user <IP Address>
sudo yum update -y
sudo yum install -y docker
sudo service docker start
sudo systemctl enable docker
sudo usermod -a -G docker ec2-user
Create docker image
mkdir plantuml-server
cd plantuml-server
mkdir -p etc/nginx
mkdir key
touch Dockerfile
touch etc/nginx/plantuml.conf
Dockerfile
FROM nginx
MAINTAINER tsujimitsu <tsujimitsu@gmail.com>
# set nginx config
COPY etc/nginx/* /etc/nginx/conf.d/
COPY key/* /etc/nginx/
plantuml.conf
upstream plantuml-server {
least_conn;
server plantuml-server:8080 weight=5 max_fails=3 fail_timeout=30s;
}
server {
listen 8080 ssl;
ssl_certificate /etc/nginx/server.crt;
ssl_certificate_key /etc/nginx/server.key;
location / {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
add_header Access-Control-Allow-Origin https://bitbucket.org always;
add_header Access-Control-Allow-Methods "GET, OPTIONS" always;
add_header Access-Control-Allow-Headers "Authorization,Content-Type,Origin,Accept,X-Requested-With" always;
add_header Access-Control-Allow-Credentials "true" always;
if ($request_method = OPTIONS ) {
add_header Content-Length 0;
add_header Content-Type "text/html charset=UTF-8";
return 204;
}
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://plantuml-server;
}
}
Create SSL certification
cd key
openssl genrsa 2048 > server.key
openssl req -new -key server.key > server.csr
JP
openssl x509 -days 3650 -req -signkey server.key < server.csr > server.crt
Create .htpasswd
cd key
printf "foo:$(openssl passwd -crypt bar)\n" >> .htpasswd
Run plantuml-server
cd ..
docker build -t tsujimitsu/nginx .
docker run --restart=always --name plantuml-server -p 8080 -d plantuml/plantuml-server:jetty
docker run --restart=always --name nginx --link plantuml-server:plantuml-server -p 18080:8080 -d tsujimitsu/nginx
Create Basic Auth token
echo -n "foo:bar" | openssl base64
plantuml-server URL
https://<IP Address>:<Port>/img/
or
https://<IP Address>:<Port>/plantuml/img/