From 95d910e0ec5ee12b96fb720b9e758da26f20eb17 Mon Sep 17 00:00:00 2001
From: Stephan Renatus <stephan@styra.com>
Date: Mon, 12 Aug 2024 12:05:03 +0200
Subject: [PATCH] examples: add proxying example

Signed-off-by: Stephan Renatus <stephan@styra.com>
---
 examples/proxying/README.md          | 26 +++++++++++++++++
 examples/proxying/docker-compose.yml | 42 ++++++++++++++++++++++++++++
 examples/proxying/resolv.conf        |  2 ++
 3 files changed, 70 insertions(+)
 create mode 100644 examples/proxying/README.md
 create mode 100644 examples/proxying/docker-compose.yml
 create mode 100644 examples/proxying/resolv.conf

diff --git a/examples/proxying/README.md b/examples/proxying/README.md
new file mode 100644
index 0000000..f571d48
--- /dev/null
+++ b/examples/proxying/README.md
@@ -0,0 +1,26 @@
+# Proxying example for Enterprise OPA
+
+This demo setup is using docker compose to set up the following:
+
+```mermaid
+graph LR
+ proxy-->internet
+ dns-->internet
+ subgraph internal
+ eopa-->proxy
+ eopa-->dns
+ end
+```
+
+Enterprise OPA is started with
+1. HTTP_PROXY and HTTPS_PROXY set to `proxy:3128`
+2. `/etc/resolv.conf` including both the Docker DNS and the DNS proxy
+3. **No direct access to the public internet.**
+
+When starting the stack with `docker compose up`, we'll find Enterprise OPA starting up:
+
+```raw
+enterprise-opa-1  | {"level":"debug","msg":"Server initialized.","time":"2024-08-12T09:49:01Z"}
+```
+
+Requests to the internet to verify the license go through the proxy.
diff --git a/examples/proxying/docker-compose.yml b/examples/proxying/docker-compose.yml
new file mode 100644
index 0000000..3808251
--- /dev/null
+++ b/examples/proxying/docker-compose.yml
@@ -0,0 +1,42 @@
+services:
+    enterprise-opa:
+        image: ghcr.io/styrainc/enterprise-opa:latest
+        ports:
+            - "8181:8181"
+        command:
+            - "run"
+            - "--server"
+            - "--addr=0.0.0.0:8181"
+            - "--log-level=debug"
+        environment:
+            EOPA_LICENSE_KEY: ${EOPA_LICENSE_KEY}
+            HTTP_PROXY: proxy:3128
+            HTTPS_PROXY: proxy:3128
+        networks:
+            intnet: {}
+        depends_on:
+            - proxy
+            - dns
+        volumes:
+            - ./resolv.conf:/etc/resolv.conf
+
+    dns:
+        image: coredns/coredns
+        ports:
+            - "53:53"
+        networks:
+            intnet: {}
+            extnet: {}
+
+    proxy:
+        image: hinata/nginx-forward-proxy:latest
+        ports:
+            - "3128:3128"
+        networks:
+            intnet: {}
+            extnet: {}
+
+networks:
+    intnet:
+        internal: true
+    extnet: {}
diff --git a/examples/proxying/resolv.conf b/examples/proxying/resolv.conf
new file mode 100644
index 0000000..f030780
--- /dev/null
+++ b/examples/proxying/resolv.conf
@@ -0,0 +1,2 @@
+nameserver 127.0.0.11
+nameserver dns