Merge pull request #211 from apigee-internal/dockerchanges

support proxy configuration
apigee-internal · Dec 6, 2018 · 5e6fb30 · 5e6fb30
2 parents cb23a0f + 2b45a2d
commit 5e6fb30
Show file tree

Hide file tree

Showing 2 changed files with 52 additions and 2 deletions.
diff --git a/kubernetes/docker/edgemicro/README.md b/kubernetes/docker/edgemicro/README.md
@@ -32,12 +32,15 @@ expose port 8443 if you are expose node.js over TLS
 List of environment variables
 * `EDGEMICRO_ORG` = Apigee Edge org name
 * `EDGEMICRO_ENV` = Apigee Edge environment name
-* `EDGEMICRO_PROCESS` = Number of worker processes to start
+* `EDGEMICRO_PROCESSES` = Number of worker processes to start
 * `EDGEMICRO_KEY` = Microgateway key 
 * `EDGEMICRO_SECRET` = Microgateway secret
 * `EDGEMICRO_CONFIG` = A base64 encoded string of the microgateway config file
-* `SERVICE_NAME` = set to "edgemicro" (used in Kubernetes)
+* `SERVICE_NAME` = set to "default" (used in Kubernetes)
 * `DEBUG` = `*` to enable debugging
+* `HTTP_PROXY` = set http proxy ex: http_proxy=http://10.203.0.1:5187/
+* `HTTPS_PROXY` = set https proxy ex: https_proxy=https://10.203.0.1:5187/
+* `NO_PROXY` = skip/bypass proxy ex: "localhost,127.0.0.1,localaddress,.localdomain.com"
 
 ### Step 4: Stop Microgateway
 ```
@@ -52,6 +55,15 @@ docker start edgemicro
 ## TLS certificates
 The container has a mount point on `/opt/apigee/.edgemicro`. You can load the certificates on the mount point and refer to it from the `org-env-config.yaml`
 
+### Self signed certificates
+If you are using CA not trusted by default by node.js, consider using
+`NODE_EXTRA_CA_CERTS` = A file path to the file that should consist of one or more trusted certificates in PEM format
+
+Whlie we recommend this flag never be used, you could also set
+`NODE_TLS_REJECT_UNAUTHORIZED` = 1
+
+to turn off validation
+
 ## Using custom plugins
 There are two options to deal with custom plugins:
 

diff --git a/kubernetes/docker/edgemicro/entrypoint.sh b/kubernetes/docker/edgemicro/entrypoint.sh
@@ -59,12 +59,50 @@ start_edge_micro() {
   MGDIR="cd ${APIGEE_ROOT} "
   DECORATOR=" export EDGEMICRO_DECORATOR=$EDGEMICRO_DECORATOR "
   DEBUG=" export DEBUG=$DEBUG "
+  EDGEMICRO_PROXY=""
+  EDGEMICRO_NODE_OPTS=""
+
+  if [[ -n "$HTTPS_PROXY" ]]
+    then
+    EDGEMICRO_HTTPS_PROXY=" export HTTPS_PROXY="$HTTPS_PROXY
+    EDGEMICRO_PROXY="$EDGEMICRO_HTTPS_PROXY && $EDGEMICRO_PROXY"
+  fi
+
+  if [[ -n "$HTTP_PROXY" ]]
+    then
+    EDGEMICRO_HTTP_PROXY=" export HTTP_PROXY="$HTTP_PROXY
+    EDGEMICRO_PROXY="$EDGEMICRO_HTTP_PROXY && $EDGEMICRO_PROXY"
+  fi
+
+  if [[ -n "$NO_PROXY" ]]
+    then
+    EDGEMICRO_NO_PROXY=" export NO_PROXY="$NO_PROXY
+    EDGEMICRO_PROXY="$EDGEMICRO_NO_PROXY && $EDGEMICRO_PROXY"
+  fi
 
   if [[ -n "$EDGEMICRO_PROCESSES" ]]
     then
     MGSTART=" edgemicro start -o $EDGEMICRO_ORG -e $EDGEMICRO_ENV -k $EDGEMICRO_KEY -s $EDGEMICRO_SECRET -p $EDGEMICRO_PROCESSES  -d $EDGEMICRO_PLUGIN_DIRECTORY"
   fi
 
+  if [[ -n "$NODE_EXTRA_CA_CERTS" ]]
+    then
+    EDGEMICRO_NODE_OPTS=" export NODE_EXTRA_CA_CERTS="$NODE_EXTRA_CA_CERTS
+  elif [[ -n "$NODE_TLS_REJECT_UNAUTHORIZED" ]]
+    then
+    EDGEMICRO_NODE_OPTS=" export NODE_TLS_REJECT_UNAUTHORIZED="$NODE_TLS_REJECT_UNAUTHORIZED
+  fi
+
+  if [[ -n "$EDGEMICRO_NODE_OPTS" ]]
+    then
+    MGSTART="$EDGEMICRO_NODE_OPTS && $MGSTART"
+  fi
+
+  if [[ -n "$EDGEMICRO_PROXY" ]]
+    then
+    MGSTART="$EDGEMICRO_PROXY $MGSTART"
+  fi
+
   if [[ -n "$EDGEMICRO_LOCAL_PROXY" ]]
     then
     DECORATOR=" export EDGEMICRO_DECORATOR=1 "