Generates Nginx configuration files for Conjur Software-Defined Firewall (SDF).
sdf-gen supports three subcommands, each of which generates a config file which can be included in a
- global global Nginx configuration, such as the location of the “conjur” upstream service.
- gatekeeper a gatekeeper configuration, to intercept and authorize requests. Each service should have exactly 1 gatekeeper.
- forwarder obtains auth tokens and adds them to outbound requests. Each client service may have multiple forwarders; one for each external service that the client service will call.
sdf-gen is driven by a YAML configuration file. This configuration file has three sections:
forward. Each of these sections contains the metadata which is used by the
gatekeeper are each a single Hash of data;
forward can be a list,
since a service may have multiple outbound forwarders.
Asgard is a Netflix open source program which launches and manages ec2-based services and applications.
Eureka is a service directory. Asgard and Eureka are designed to work together; in particular, Asgard
is a client of Eureka. The directory examples/asgard contains SDF configuration
which protects Asgard and Eureka with gatekeepers, and forwards requests from Asgard to Eureka.
Defines the remote hostname of the
global: conjur: hostname: conjur
Defines the inbound port and local protected service.
In addition, specifies the protected resource id which will be used for authorization checks.
gatekeeper: port: 80 service: unix:/tmp/nginx.socket fail_timeout=0 conjur_account: demo conjur_resource: webservice/production/asgard
A list of forwarders. Each one specifies a listen address, and a remote service to which outbound
requests will be sent.
forward: - id: eureka listen: 127.0.0.2 service: https://eureka
$ gem install sdf-gen
$ sdf-gen help NAME sdf-gen - SDF Nginx configuration generator SYNOPSIS sdf-gen [global options] command [command options] [arguments...] VERSION x.y.z GLOBAL OPTIONS --help - Show this message --version - Display the program version COMMANDS forwarder - Generate a forwarder gatekeeper - Generate a gatekeeper global - Generate the global Nginx config file help - Shows a list of commands or help for one command
- Fork it ( https://github.com/[my-github-username]/sdf-gen/fork )
- Create your feature branch (
git checkout -b my-new-feature)
- Commit your changes (
git commit -am 'Add some feature')
- Push to the branch (
git push origin my-new-feature)
- Create a new Pull Request