Implement support for different port configuration (#376)

* Support for ports different from 443.

It allows to do configurations like:
environment:
  DOMAINS: >
    myserver.example.com:1443 -> http://localhost:8081,
    myserver.example.com:2443 -> http://localhost:8082

* Add tests for the new port configuration

* Do certificate signing only on unique domains

* Update documentation

* Bump version to 1.25.0

---------

Co-authored-by: serg-bloim <serg.bloim@gmail.com>
Co-authored-by: Weiyan <steve.wy.shao@gmail.com>

Author: 3 people

README.md

@@ -27,6 +27,7 @@ Thanks to [@yamada28go](https://github.com/yamada28go), there is a [Japanese ver
     - [Automatic Container Discovery](#automatic-container-discovery)
     - [Hybrid Setup with Non-Dockerized Apps](#hybrid-setup-with-non-dockerized-apps)
     - [Multiple Domains](#multiple-domains)
+    - [Custom Ports](#custom-ports)
     - [Multiple Upstreams](#multiple-upstreams)
     - [Serving Static Sites](#serving-static-sites)
     - [Share Certificates with Other Apps](#share-certificates-with-other-apps)
@@ -319,6 +320,25 @@ https-portal:
 
 It will make reading and managing multiple domains easier.
 
+### Custom Ports
+
+Due to Let's Encrypt's constraints, Port 80 must be used for verifying the domian. But you can use a different port than 443 for SSL traffic.
+
+```yaml
+https-portal:
+  # ...
+  ports:
+    - '80:80'
+    - '4343:4343' # Make sure to add the other ports you want to listen to
+    - '443:443'
+  environment:
+    # You can combine the same domain with different ports.
+    DOMAINS: >
+      wordpress.example.com:4343 -> http://wordpress:80,
+      wordpress.example.com:443 -> http://gitlab:80, 
+    OTHER_VARS: ...
+```
+
 ### Multiple Upstreams
 
 It's possible to define multiple upstreams for a domain for the purpose of load-balancing and/or HA.

fs_overlay/etc/cont-init.d/00-welcome

@@ -2,6 +2,6 @@
 
 echo '
 ========================================
-HTTPS-PORTAL v1.24.2
+HTTPS-PORTAL v1.25.0
 ========================================
 '

fs_overlay/opt/certs_manager/certs_manager.rb

@@ -43,7 +43,7 @@ def setup_config(initial)
         Nginx.reload
       end
 
-      ensure_signed(NAConfig.domains, true)
+      ensure_signed(NAConfig.domains_w_unique_names, true)
 
       if initial
         Nginx.stop
@@ -60,7 +60,7 @@ def renew
     puts "Renewing ..."
     NAConfig.domains.each(&:print_debug_info) if NAConfig.debug_mode?
     with_lock do
-      NAConfig.domains.each do |domain|
+      NAConfig.domains_w_unique_names.each do |domain|
         if NAConfig.debug_mode?
           domain.print_debug_info
         end
@@ -106,9 +106,9 @@ def ensure_keys_and_certs_exist(domains)
     end
   end
 
-  def ensure_signed(domains, exit_on_failure = false)
+  def ensure_signed(domains_w_unique_names, exit_on_failure = false)
     Logger.debug ("ensure_signed")
-    domains.each do |domain|
+    domains_w_unique_names.each do |domain|
       if OpenSSL.need_to_sign_or_renew? domain
         mkdir(domain)
         OpenSSL.create_ongoing_domain_key(domain)

fs_overlay/opt/certs_manager/lib/na_config.rb

@@ -4,6 +4,10 @@ def self.portal_base_dir
   end
 
   def self.domains
+    (env_domains + auto_discovered_domains).uniq {|d| [d.name, d.port] }
+  end
+
+  def self.domains_w_unique_names
     (env_domains + auto_discovered_domains).uniq(&:name)
   end
 

fs_overlay/opt/certs_manager/lib/nginx.rb

@@ -18,7 +18,7 @@ def self.config_http(domain)
   end
 
   def self.config_ssl(domain)
-    File.open("/etc/nginx/conf.d/#{domain.name}.ssl.conf", 'w') do |f|
+    File.open("/etc/nginx/conf.d/#{domain.name}_#{domain.port}.ssl.conf", 'w') do |f|
       f.write compiled_domain_config(domain, true)
     end
   end

fs_overlay/opt/certs_manager/models/domain.rb

@@ -77,6 +77,10 @@ def name
     parsed_descriptor[:domain]
   end
 
+  def port
+    parsed_descriptor[:port] || '443'
+  end
+
   def env_format_name
     name.upcase.tr('^A-Z0-9', '_')
   end
@@ -166,6 +170,7 @@ def access_restriction
   def print_debug_info
     puts "----------- BEGIN DOMAIN CONFIG -------------"
     puts "name: #{name}"
+    puts "port: #{port}"
     puts "stage: #{stage}"
     puts "upstream: #{upstream}"
     puts "upstreams: #{upstreams.inspect}"
@@ -190,7 +195,7 @@ def parsed_descriptor
       regex = %r{
         ^
         (?:\[(?<ips>[0-9.:\/, ]*)\]\s*)?
-        (?:(?<user>[^:@\[\]]+)(?::(?<pass>[^@]*))?@)?(?<domain>[a-z0-9._\-]+?)
+        (?:(?<user>[^:@\[\]]+)(?::(?<pass>[^@]*))?@)?(?<domain>[a-z0-9._\-]+?)(?:\:(?<port>\d+))?
         (?:
           \s*(?<mode>[-=]>)\s*
           (?<upstream_proto>https?:\/\/)?

fs_overlay/var/lib/nginx-conf/default.ssl.conf.erb

@@ -7,9 +7,9 @@ upstream <%= domain.upstream_backend_name %> {
 <% end %>
 
 server {
-    listen 443 ssl;
+    listen <%= domain.port %> ssl;
     <% if ENV['LISTEN_IPV6'] && ENV['LISTEN_IPV6'].downcase == 'true' %>
-    listen [::]:443 ssl;
+    listen [::]:<%= domain.port %> ssl;
     <% end %>
     http2 on;
 

spec/models/domain_spec.rb

@@ -8,34 +8,35 @@
   end
 
   it 'returns correct names, upstream. redirect_target_url, stage etc.' do
-    keys = [:descriptor, :name, :env_format_name, :upstream_proto, :upstreams, :redirect_target_url, :stage, :basic_auth_username, :basic_auth_password, :access_restriction]
+    keys = [:descriptor, :name, :env_format_name, :upstream_proto, :upstreams, :redirect_target_url, :stage, :basic_auth_username, :basic_auth_password, :access_restriction, :port]
 
     domain_configs = [
-      ['example.com', 'example.com', 'EXAMPLE_COM', nil, [], nil, 'local', nil, nil, nil],
-      ['4example.com', '4example.com', '4EXAMPLE_COM', nil, [], nil, 'local', nil, nil, nil],
-      [' example.com ', 'example.com', 'EXAMPLE_COM', nil, [], nil, 'local', nil, nil, nil],
-      ['example.com #staging', 'example.com', 'EXAMPLE_COM', nil, [], nil, 'staging', nil, nil, nil],
-      ['example.com -> http://target ', 'example.com', 'EXAMPLE_COM', 'http://', [{:address => 'target', :parameters => nil}], nil, 'local', nil, nil, nil],
-      ["example.com \n-> http://target \n", 'example.com', 'EXAMPLE_COM', 'http://', [{:address => 'target', :parameters => nil}], nil, 'local', nil, nil, nil],
-      ["example.com\n-> http://target ", 'example.com', 'EXAMPLE_COM', 'http://', [{:address => 'target', :parameters => nil}], nil, 'local', nil, nil, nil],
-      ['example.com -> http://target:8000', 'example.com', 'EXAMPLE_COM', 'http://', [{:address => 'target:8000', :parameters => nil}], nil, 'local', nil, nil, nil],
-      ['example.com -> target:8000', 'example.com', 'EXAMPLE_COM', 'http://', [{:address => 'target:8000', :parameters => nil}], nil, 'local', nil, nil, nil],
-      ['example.com => http://target', 'example.com', 'EXAMPLE_COM', 'http://', [{:address => 'target', :parameters => nil}], 'http://target', 'local', nil, nil, nil],
-      ['example.com => https://target', 'example.com', 'EXAMPLE_COM', 'https://', [{:address => 'target', :parameters => nil}], 'https://target', 'local', nil, nil, nil],
-      ['example.com => target', 'example.com', 'EXAMPLE_COM', 'https://', [{:address => 'target', :parameters => nil}], 'https://target', 'local', nil, nil, nil],
-      ['example.com=>http://target', 'example.com', 'EXAMPLE_COM', 'http://', [{:address => 'target', :parameters => nil}], 'http://target', 'local', nil, nil, nil],
-      ['example.com -> http://target #staging', 'example.com', 'EXAMPLE_COM', 'http://', [{:address => 'target', :parameters => nil}], nil, 'staging', nil, nil, nil],
-      ['example.com => http://target #staging', 'example.com', 'EXAMPLE_COM', 'http://', [{:address => 'target', :parameters => nil}], 'http://target', 'staging', nil, nil, nil],
-      ['example.com->http://target #staging', 'example.com', 'EXAMPLE_COM', 'http://', [{:address => 'target', :parameters => nil}], nil, 'staging', nil, nil, nil],
-      ['exam-ple.com->http://tar-get #staging', 'exam-ple.com', 'EXAM_PLE_COM', 'http://', [{:address => 'tar-get', :parameters => nil}], nil, 'staging', nil, nil, nil],
-      ['example_.com->http://target #staging', 'example_.com', 'EXAMPLE__COM', 'http://', [{:address => 'target', :parameters => nil}], nil, 'staging', nil, nil, nil],
-      ['example.com->http://tar_get_ #staging', 'example.com', 'EXAMPLE_COM', 'http://', [{:address => 'tar_get_', :parameters => nil}], nil, 'staging', nil, nil, nil],
-      ['username:password@example.com', 'example.com', 'EXAMPLE_COM', nil, [], nil, 'local', 'username', 'password', nil],
-      ['username:password@example.com -> http://target #staging', 'example.com', 'EXAMPLE_COM', 'http://', [{:address => 'target', :parameters => nil}], nil, 'staging', 'username', 'password', nil],
-      ['[1.2.3.4/24]username:password@example.com -> http://target #staging', 'example.com', 'EXAMPLE_COM', 'http://', [{:address => 'target', :parameters => nil}], nil, 'staging', 'username', 'password', %w(1.2.3.4/24)],
-      [' [ 1.2.3.4 4.3.2.1/24 ] username:password@example.com -> http://target #staging', 'example.com', 'EXAMPLE_COM', 'http://', [{:address => 'target', :parameters => nil}], nil, 'staging', 'username', 'password', %w(1.2.3.4 4.3.2.1/24)],
-      ['example.com -> https://target1|target2:8000', 'example.com', 'EXAMPLE_COM', 'https://', [{:address => 'target1', :parameters => nil}, {:address => 'target2:8000', :parameters => nil}], nil, 'local', nil, nil, nil],
-      ['example.com -> http://target1:8000|target2:8001[backup max_conns=100]', 'example.com', 'EXAMPLE_COM', 'http://', [{:address => 'target1:8000', :parameters => nil}, {:address => 'target2:8001', :parameters => 'backup max_conns=100'}], nil, 'local', nil, nil, nil],
+      ['example.com', 'example.com', 'EXAMPLE_COM', nil, [], nil, 'local', nil, nil, nil, "443"],
+      ['example.com:4443', 'example.com', 'EXAMPLE_COM', nil, [], nil, 'local', nil, nil, nil, "4443"],
+      ['4example.com', '4example.com', '4EXAMPLE_COM', nil, [], nil, 'local', nil, nil, nil, "443"],
+      [' example.com ', 'example.com', 'EXAMPLE_COM', nil, [], nil, 'local', nil, nil, nil, "443"],
+      ['example.com #staging', 'example.com', 'EXAMPLE_COM', nil, [], nil, 'staging', nil, nil, nil, "443"],
+      ['example.com -> http://target ', 'example.com', 'EXAMPLE_COM', 'http://', [{:address => 'target', :parameters => nil}], nil, 'local', nil, nil, nil, "443"],
+      ["example.com \n-> http://target \n", 'example.com', 'EXAMPLE_COM', 'http://', [{:address => 'target', :parameters => nil}], nil, 'local', nil, nil, nil, "443"],
+      ["example.com\n-> http://target ", 'example.com', 'EXAMPLE_COM', 'http://', [{:address => 'target', :parameters => nil}], nil, 'local', nil, nil, nil, "443"],
+      ['example.com -> http://target:8000', 'example.com', 'EXAMPLE_COM', 'http://', [{:address => 'target:8000', :parameters => nil}], nil, 'local', nil, nil, nil, "443"],
+      ['example.com -> target:8000', 'example.com', 'EXAMPLE_COM', 'http://', [{:address => 'target:8000', :parameters => nil}], nil, 'local', nil, nil, nil, "443"],
+      ['example.com => http://target', 'example.com', 'EXAMPLE_COM', 'http://', [{:address => 'target', :parameters => nil}], 'http://target', 'local', nil, nil, nil, "443"],
+      ['example.com => https://target', 'example.com', 'EXAMPLE_COM', 'https://', [{:address => 'target', :parameters => nil}], 'https://target', 'local', nil, nil, nil, "443"],
+      ['example.com => target', 'example.com', 'EXAMPLE_COM', 'https://', [{:address => 'target', :parameters => nil}], 'https://target', 'local', nil, nil, nil, "443"],
+      ['example.com=>http://target', 'example.com', 'EXAMPLE_COM', 'http://', [{:address => 'target', :parameters => nil}], 'http://target', 'local', nil, nil, nil, "443"],
+      ['example.com -> http://target #staging', 'example.com', 'EXAMPLE_COM', 'http://', [{:address => 'target', :parameters => nil}], nil, 'staging', nil, nil, nil, "443"],
+      ['example.com => http://target #staging', 'example.com', 'EXAMPLE_COM', 'http://', [{:address => 'target', :parameters => nil}], 'http://target', 'staging', nil, nil, nil, "443"],
+      ['example.com->http://target #staging', 'example.com', 'EXAMPLE_COM', 'http://', [{:address => 'target', :parameters => nil}], nil, 'staging', nil, nil, nil, "443"],
+      ['exam-ple.com->http://tar-get #staging', 'exam-ple.com', 'EXAM_PLE_COM', 'http://', [{:address => 'tar-get', :parameters => nil}], nil, 'staging', nil, nil, nil, "443"],
+      ['example_.com->http://target #staging', 'example_.com', 'EXAMPLE__COM', 'http://', [{:address => 'target', :parameters => nil}], nil, 'staging', nil, nil, nil, "443"],
+      ['example.com->http://tar_get_ #staging', 'example.com', 'EXAMPLE_COM', 'http://', [{:address => 'tar_get_', :parameters => nil}], nil, 'staging', nil, nil, nil, "443"],
+      ['username:password@example.com', 'example.com', 'EXAMPLE_COM', nil, [], nil, 'local', 'username', 'password', nil, "443"],
+      ['username:password@example.com -> http://target #staging', 'example.com', 'EXAMPLE_COM', 'http://', [{:address => 'target', :parameters => nil}], nil, 'staging', 'username', 'password', nil, "443"],
+      ['[1.2.3.4/24]username:password@example.com -> http://target #staging', 'example.com', 'EXAMPLE_COM', 'http://', [{:address => 'target', :parameters => nil}], nil, 'staging', 'username', 'password', %w(1.2.3.4/24), "443"],
+      [' [ 1.2.3.4 4.3.2.1/24 ] username:password@example.com -> http://target #staging', 'example.com', 'EXAMPLE_COM', 'http://', [{:address => 'target', :parameters => nil}], nil, 'staging', 'username', 'password', %w(1.2.3.4 4.3.2.1/24), "443"],
+      ['example.com -> https://target1|target2:8000', 'example.com', 'EXAMPLE_COM', 'https://', [{:address => 'target1', :parameters => nil}, {:address => 'target2:8000', :parameters => nil}], nil, 'local', nil, nil, nil, "443"],
+      ['example.com -> http://target1:8000|target2:8001[backup max_conns=100]', 'example.com', 'EXAMPLE_COM', 'http://', [{:address => 'target1:8000', :parameters => nil}, {:address => 'target2:8001', :parameters => 'backup max_conns=100'}], nil, 'local', nil, nil, nil, "443"],
     ]
 
     domain_configs.map { |config|
@@ -52,6 +53,7 @@
       expect(domain.basic_auth_username).to eq(config[:basic_auth_username]), lambda { "Parsing failed on #{config[:descriptor].inspect} method :basic_auth_username, expected #{config[:basic_auth_username].inspect}, got #{domain.basic_auth_username.inspect}" }
       expect(domain.basic_auth_password).to eq(config[:basic_auth_password]), lambda { "Parsing failed on #{config[:descriptor].inspect} method :basic_auth_password, expected #{config[:basic_auth_password].inspect}, got #{domain.basic_auth_password.inspect}" }
       expect(domain.access_restriction).to eq(config[:access_restriction]), lambda { "Parsing failed on #{config[:descriptor].inspect} method :access_restriction, expected #{config[:access_restriction].inspect}, got #{domain.access_restriction.inspect}" }
+      expect(domain.port).to eq(config[:port]), lambda { "Parsing failed on #{config[:port].inspect} method :port, expected #{config[:port].inspect}, got #{domain.port.inspect}" }
     end
   end
 end