add nginx

uc-cdis · Jul 29, 2024 · b91faf2 · b91faf2
1 parent 2dcfd3f
commit b91faf2
Show file tree

Hide file tree

Showing 6 changed files with 57 additions and 27 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -58,15 +58,20 @@ RUN yum install tar -y
 # install nginx
 RUN yum install nginx -y
 
+RUN setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx
+
 # chown nginx directories
 RUN chown -R gen3:gen3 /var/log/nginx
 
-# copy nginx config
-COPY ./deployment/nginx/nginx.conf /etc/nginx/nginx.conf
+# pipe nginx logs to stdout and stderr
+RUN ln -sf /dev/stdout /var/log/nginx/access.log && ln -sf /dev/stderr /var/log/nginx/error.log
 
+# create /var/lib/nginx/tmp/client_body to allow nginx to write to fence
+RUN mkdir -p /var/lib/nginx/tmp/client_body
+RUN chown -R gen3:gen3 /var/lib/nginx/
 
-RUN mkdir -p /var/tmp/uwsgi_flask_metrics
-RUN chown -R gen3:gen3 /var/tmp/uwsgi_flask_metrics
+# copy nginx config
+COPY ./deployment/nginx/nginx.conf /etc/nginx/nginx.conf
 
 
 # Switch to non-root user 'gen3' for the serving process
@@ -77,6 +82,5 @@ RUN source /venv/bin/activate
 ENV PYTHONUNBUFFERED=1 \
 PYTHONIOENCODING=UTF-8
 
-# run nginx and gunicorn
-COPY ./deployment/scripts/dockerrun.sh /deployment/scripts/dockerrun.sh
-CMD ["/deployment/scripts/dockerrun.sh"]
+
+CMD ["/fence/dockerrun.bash"]
diff --git a/deployment/nginx/nginx.conf b/deployment/nginx/nginx.conf
@@ -1,15 +1,44 @@
-# reverse proxy for fence
-upstream fence {
-    server localhost:8000;
+user gen3;
+worker_processes auto;
+error_log /var/log/nginx/error.log notice;
+pid /var/lib/nginx/nginx.pid;
+
+# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
+include /usr/share/nginx/modules/*.conf;
+
+events {
+    worker_connections 1024;
 }
 
-server {
-    listen 80;
-    server_name localhost;
+http {
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile            on;
+    tcp_nopush          on;
+    keepalive_timeout   65;
+    types_hash_max_size 4096;
+
+    include             /etc/nginx/mime.types;
+    default_type        application/octet-stream;
+
+    # Load modular configuration files from the /etc/nginx/conf.d directory.
+    # See http://nginx.org/en/docs/ngx_core_module.html#include
+    # for more information.
+    include /etc/nginx/conf.d/*.conf;
+
+    server {
+
+        listen 80;
+        server_name localhost;
 
-    location / {
-        proxy_pass http://fence;
-        proxy_set_header Host $host;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        location / {
+            proxy_pass http://localhost:8000;
+            proxy_set_header Host $host;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
     }
 }
diff --git a/deployment/scripts/dockerrun.sh b/deployment/scripts/dockerrun.sh
diff --git a/dockerrun.bash b/dockerrun.bash
@@ -19,5 +19,5 @@ if [ -f /fence/jwt-keys.tar ]; then
     fi
   )
 fi
-
+nginx
 gunicorn -c /fence/deployment/wsgi/gunicorn.conf.py
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -39,7 +39,7 @@ markdown = "^3.1.1"
 markupsafe = "^2.0.1"
 
 paramiko = ">=2.6.0"
-prometheus-client = "<1"
+prometheus-client = ">=0.20.0"
 psycopg2-binary = "^2.8.3"
 PyJWT = "^2.4.0"
 python_dateutil = "^2.6.1"
-Original file line number
+Diff line change
@@ Expand Up / @@ -19,5 +19,5 @@ if [ -f /fence/jwt-keys.tar ]; then @@
         fi
       )
     fi
+    nginx
     gunicorn -c /fence/deployment/wsgi/gunicorn.conf.py