Add Docker-based QUIC example.

Author: thmull

examples/docker/mqtt/README.md

@@ -0,0 +1,24 @@
+# MQTT Example
+
+This example Docker compose setup shows how to use the QUIC channel to forward traffic to a remote service via the Hyper network. It defines the following services:
+
+- **quic-1**: A Hyper service running the QUIC channel that is configured to forward local ports to a remote server via the **quic-2** proxy.
+- **quic-2**: A Hyper service running the QUIC channel that is configured as a remote proxy, forwarding connections to the **mqtt-1** container.
+- **sd-1**: The Hyper service directory for this setup.
+- **mqtt-1**: A RabbitMQ-based MQTT broker.s
+- **hd-1**: An admin container that initializes the service directory.
+
+To run this setup, first run `make certs` in the main Hyper directory to generate all required TLS certificates. Then, simply run
+
+```bash
+docker compose up
+```
+
+This should create all containers and run them. You should then be able to connect to the RabbitMQ admin API via `curl` through the forwarded local port:
+
+```bash
+curl http://localhost:6666/rabbitmqadmin
+# should return a JSON error response
+```
+
+That's it! You have successfully established connectivity to a remote service through the Hyper network's QUIC channel.

examples/docker/mqtt/compose.yml

@@ -0,0 +1,64 @@
+name: mqtt-demo
+services:
+  # provides a RabbitMQ test server
+  mqtt-1:
+    image: rabbitmq:3.12-management
+  # provides the Redis server for the service directory
+  redis-1:
+    image: redis:7.2.0
+  # loads the service directory entries
+  sd-setup:
+    depends_on:
+      - sd-1
+    environment:
+      - HYPER_SETTINGS=/app/settings
+    volumes:
+      # we mount the HD-1 settings
+      - ./hd-1:/app/settings:ro
+      # we mount the 
+      - ../../../settings/dev/directory:/directory:ro
+      # we mount the certificates from the regular directory
+      - ../../../settings/dev/certs:/certs:ro
+      # we overwrite the QUIC config service directory
+      - ./directory:/directory/quic:ro
+    image: kiprotect/hyper:0.3.16
+    # we load the directory entries
+    entrypoint: "/app/settings/setup.sh"
+  # runs the service directory
+  sd-1:
+    command: run
+    depends_on:
+      - redis-1
+    environment:
+      - SD_SETTINGS=/app/settings
+    volumes:
+      - ./sd-1:/app/settings:ro
+      - ../../../settings/dev/certs:/certs:ro
+    image: kiprotect/hyper-sd:0.3.16
+  # runs the QUIC-1 service (used to run TCP sessions through the QUIC-2 service)
+  quic-1:
+    command: server run
+    ports:
+      - 5555:5555
+      - 6666:6666
+    depends_on:
+      - sd-1
+      - mqtt-1
+    environment:
+      - HYPER_SETTINGS=/app/settings
+    volumes:
+      - ./quic-1:/app/settings:ro
+      - ../../../settings/dev/certs:/certs:ro
+    image: kiprotect/hyper:0.3.16
+  # runs the QUIC-2 service (used to connect to the RabbitMQ service)
+  quic-2:
+    command: server run
+    depends_on:
+      - sd-1
+      - mqtt-1
+    environment:
+      - HYPER_SETTINGS=/app/settings
+    volumes:
+      - ./quic-2:/app/settings:ro
+      - ../../../settings/dev/certs:/certs:ro
+    image: kiprotect/hyper:0.3.16

examples/docker/mqtt/directory/001_default.json

@@ -0,0 +1,30 @@
+{
+	"records": [
+	    {
+	      "name": "quic-1",
+	      "created_at": "2021-05-17T10:00:00Z",
+	      "section": "channels",
+	      "data" : [
+	        {
+	          "type" : "quic",
+	          "settings" : {
+	            "address" : "quic-1:7771"
+	          }
+	        }
+	      ]
+	    },
+	    {
+	      "name": "quic-2",
+	      "created_at": "2021-05-17T10:00:00Z",
+	      "section": "channels",
+	      "data" : [
+	        {
+	          "type" : "quic",
+	          "settings" : {
+	            "address" : "quic-2:7772"
+	          }
+	        }
+	      ]
+	    }
+	]
+}

examples/docker/mqtt/hd-1/001_default.yml

@@ -0,0 +1,19 @@
+name: hd-1
+directory:
+  type: api
+  settings:
+    jsonrpc_client:
+      tls:
+        certificate_file: "/certs/hd-1.crt"
+        key_file: "/certs/hd-1.key"
+        ca_certificate_files: ["/certs/root.crt"]
+    ca_certificate_files: ["/certs/root.crt"]
+    ca_intermediate_certificate_files: ["/certs/intermediate.crt"]
+    endpoints: ["https://sd-1:3322/jsonrpc"]
+    server_names: ["sd-1"]
+channels: []
+signing:
+  certificate_file: "/certs/hd-1-sign.crt"
+  key_file: "/certs/hd-1-sign.key"
+  ca_certificate_file: "/certs/root.crt"
+  ca_intermediate_certificate_files: ["/certs/intermediate.crt"]

examples/docker/mqtt/hd-1/setup.sh

@@ -0,0 +1,6 @@
+#!/bin/sh
+echo "initializing service directory..."
+export HYPER_SETTINGS=/app/settings
+/app/hyper sd submit-records --reset /directory/001_certificates.json
+/app/hyper sd submit-records /directory/quic/001_default.json
+echo "Done!"

examples/docker/mqtt/quic-1/001_default.yml

@@ -0,0 +1,33 @@
+name: quic-1
+directory:
+  type: api
+  settings:
+    jsonrpc_client:
+      tls:
+        certificate_file: "/certs/quic-1.crt"
+        key_file: "/certs/quic-1.key"
+        ca_certificate_files: ["/certs/root.crt"]
+    ca_certificate_files: ["/certs/root.crt"]
+    ca_intermediate_certificate_files: ["/certs/intermediate.crt"]
+    endpoints: ["https://sd-1:3322/jsonrpc"]
+    server_names: ["sd-1"]
+channels: # defines all the channels that we want to open when starting the server
+  - name: main QUIC client/server # forwards TCP streams and UDP packets via QUIC
+    type: quic
+    settings:
+      bindAddress: 0.0.0.0:7771
+      channels:
+        - remote:
+            host: quic-2
+            target: "mqtt-1:5672"
+          local:
+            port: 5555
+        - remote:
+            host: quic-2
+            target: "mqtt-1:15672"
+          local:
+            port: 6666
+      tls:
+        ca_certificate_files: ["/certs/root.crt"]
+        certificate_file: "/certs/quic-1.crt"
+        key_file: "/certs/quic-1.key"

examples/docker/mqtt/quic-2/001_default.yml

@@ -0,0 +1,23 @@
+name: quic-2
+directory:
+  type: api
+  settings:
+    jsonrpc_client:
+      tls:
+        certificate_file: "/certs/quic-2.crt"
+        key_file: "/certs/quic-2.key"
+        ca_certificate_files: ["/certs/root.crt"]
+    ca_certificate_files: ["/certs/root.crt"]
+    ca_intermediate_certificate_files: ["/certs/intermediate.crt"]
+    endpoints: ["https://sd-1:3322/jsonrpc"]
+    server_names: ["sd-1"]
+channels: # defines all the channels that we want to open when starting the server
+  - name: main QUIC client/server # forwards TCP streams and UDP packets via QUIC
+    type: quic
+    settings:
+      bindAddress: 0.0.0.0:7772
+      channels: []
+      tls:
+        ca_certificate_files: ["/certs/root.crt"]
+        certificate_file: "/certs/quic-2.crt"
+        key_file: "/certs/quic-2.key"

examples/docker/mqtt/sd-1/001_default.yml

@@ -0,0 +1,22 @@
+jsonrpc_server: # the JSON-RPC server that the EPS server uses for communication
+  bind_address: "0.0.0.0:3322"
+  tcp_rate_limits:
+    - type: second
+      limit: 10
+    - type: minute
+      limit: 1000
+  tls:
+    ca_certificate_files: ["/certs/root.crt"]
+    certificate_file: "/certs/sd-1.crt"
+    key_file: "/certs/sd-1.key"
+directory:
+  datastore:
+    type: redis
+    settings:
+      addresses:
+        - redis-1:6379
+      database: 0
+      password: ""
+      key: sd-entries
+  ca_certificate_files: ["/certs/root.crt"]
+  ca_intermediate_certificate_files: ["/certs/intermediate.crt"]