adding nginx to metadata-service

uc-cdis · Sep 4, 2024 · 6521d58 · 6521d58
1 parent f699ec4
commit 6521d58
Show file tree

Hide file tree

Showing 3 changed files with 71 additions and 3 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,11 +1,13 @@
 ARG AZLINUX_BASE_VERSION=master
 
 # Base stage with python-build-base
-FROM quay.io/cdis/python-build-base:${AZLINUX_BASE_VERSION} as base
+FROM quay.io/cdis/python-build-base:${AZLINUX_BASE_VERSION} AS base
 
 # Comment this in, and comment out the line above, if quay is down
 # FROM 707767160287.dkr.ecr.us-east-1.amazonaws.com/gen3/python-build-base:${AZLINUX_BASE_VERSION} as base
 
+ENV appname=metadata-service
+
 ENV POETRY_NO_INTERACTION=1 \
     POETRY_VIRTUALENVS_IN_PROJECT=1 \
     POETRY_VIRTUALENVS_CREATE=1
@@ -22,7 +24,7 @@ RUN groupadd -g 1000 gen3 && \
     chown -R gen3:gen3 /venv
 
 # Builder stage
-FROM base as builder
+FROM base AS builder
 
 USER gen3
 
@@ -45,6 +47,24 @@ FROM base
 COPY --from=builder /venv /venv
 COPY --from=builder /src /src
 
+# install nginx
+RUN yum install nginx -y
+
+# Run poetry again so this app itself gets installed too
+RUN setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx
+
+# chown nginx directories
+RUN chown -R gen3:gen3 /var/log/nginx
+
+# pipe nginx logs to stdout and stderr
+RUN ln -sf /dev/stdout /var/log/nginx/access.log && ln -sf /dev/stderr /var/log/nginx/error.log
+
+# create /var/lib/nginx/tmp/client_body to allow nginx to write to fence
+RUN mkdir -p /var/lib/nginx/tmp/client_body
+RUN chown -R gen3:gen3 /var/lib/nginx/
+
+# copy nginx config
+COPY ./deployment/nginx/nginx.conf /etc/nginx/nginx.conf
 
 # Switch to non-root user 'gen3' for the serving process
 USER gen3
@@ -54,4 +74,4 @@ RUN source /venv/bin/activate
 ENV PYTHONUNBUFFERED=1 \
     PYTHONIOENCODING=UTF-8
 
-CMD ["gunicorn", "-c", "deployment/wsgi/gunicorn.conf.py"]
+CMD ["/src/dockerrun.bash"]
diff --git a/deployment/nginx/nginx.conf b/deployment/nginx/nginx.conf
@@ -0,0 +1,44 @@
+user gen3;
+worker_processes auto;
+error_log /var/log/nginx/error.log notice;
+pid /var/lib/nginx/nginx.pid;
+
+# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
+include /usr/share/nginx/modules/*.conf;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile            on;
+    tcp_nopush          on;
+    keepalive_timeout   65;
+    types_hash_max_size 4096;
+
+    include             /etc/nginx/mime.types;
+    default_type        application/octet-stream;
+
+    # Load modular configuration files from the /etc/nginx/conf.d directory.
+    # See http://nginx.org/en/docs/ngx_core_module.html#include
+    # for more information.
+    include /etc/nginx/conf.d/*.conf;
+
+    server {
+
+        listen 80;
+        server_name localhost;
+
+        location / {
+            proxy_pass http://127.0.0.1:8000;
+            proxy_set_header Host $host;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+    }
+}
diff --git a/dockerrun.bash b/dockerrun.bash
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+nginx
+gunicorn -c "/src/deployment/wsgi/gunicorn.conf.py"