From 6521d5830f9f4e100dcc5d11853efdf6cee48852 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Wed, 4 Sep 2024 14:49:15 -0600 Subject: [PATCH] adding nginx to metadata-service --- Dockerfile | 26 +++++++++++++++++++--- deployment/nginx/nginx.conf | 44 +++++++++++++++++++++++++++++++++++++ dockerrun.bash | 4 ++++ 3 files changed, 71 insertions(+), 3 deletions(-) create mode 100644 deployment/nginx/nginx.conf create mode 100755 dockerrun.bash diff --git a/Dockerfile b/Dockerfile index e0f084c..e812bd6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,11 +1,13 @@ ARG AZLINUX_BASE_VERSION=master # Base stage with python-build-base -FROM quay.io/cdis/python-build-base:${AZLINUX_BASE_VERSION} as base +FROM quay.io/cdis/python-build-base:${AZLINUX_BASE_VERSION} AS base # Comment this in, and comment out the line above, if quay is down # FROM 707767160287.dkr.ecr.us-east-1.amazonaws.com/gen3/python-build-base:${AZLINUX_BASE_VERSION} as base +ENV appname=metadata-service + ENV POETRY_NO_INTERACTION=1 \ POETRY_VIRTUALENVS_IN_PROJECT=1 \ POETRY_VIRTUALENVS_CREATE=1 @@ -22,7 +24,7 @@ RUN groupadd -g 1000 gen3 && \ chown -R gen3:gen3 /venv # Builder stage -FROM base as builder +FROM base AS builder USER gen3 @@ -45,6 +47,24 @@ FROM base COPY --from=builder /venv /venv COPY --from=builder /src /src +# install nginx +RUN yum install nginx -y + +# Run poetry again so this app itself gets installed too +RUN setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx + +# chown nginx directories +RUN chown -R gen3:gen3 /var/log/nginx + +# pipe nginx logs to stdout and stderr +RUN ln -sf /dev/stdout /var/log/nginx/access.log && ln -sf /dev/stderr /var/log/nginx/error.log + +# create /var/lib/nginx/tmp/client_body to allow nginx to write to fence +RUN mkdir -p /var/lib/nginx/tmp/client_body +RUN chown -R gen3:gen3 /var/lib/nginx/ + +# copy nginx config +COPY ./deployment/nginx/nginx.conf /etc/nginx/nginx.conf # Switch to non-root user 'gen3' for the serving process USER gen3 @@ -54,4 +74,4 @@ RUN source /venv/bin/activate ENV PYTHONUNBUFFERED=1 \ PYTHONIOENCODING=UTF-8 -CMD ["gunicorn", "-c", "deployment/wsgi/gunicorn.conf.py"] +CMD ["/src/dockerrun.bash"] diff --git a/deployment/nginx/nginx.conf b/deployment/nginx/nginx.conf new file mode 100644 index 0000000..c64485a --- /dev/null +++ b/deployment/nginx/nginx.conf @@ -0,0 +1,44 @@ +user gen3; +worker_processes auto; +error_log /var/log/nginx/error.log notice; +pid /var/lib/nginx/nginx.pid; + +# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. +include /usr/share/nginx/modules/*.conf; + +events { + worker_connections 1024; +} + +http { + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + tcp_nopush on; + keepalive_timeout 65; + types_hash_max_size 4096; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + # Load modular configuration files from the /etc/nginx/conf.d directory. + # See http://nginx.org/en/docs/ngx_core_module.html#include + # for more information. + include /etc/nginx/conf.d/*.conf; + + server { + + listen 80; + server_name localhost; + + location / { + proxy_pass http://127.0.0.1:8000; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + } +} diff --git a/dockerrun.bash b/dockerrun.bash new file mode 100755 index 0000000..f9c7579 --- /dev/null +++ b/dockerrun.bash @@ -0,0 +1,4 @@ +#!/bin/bash + +nginx +gunicorn -c "/src/deployment/wsgi/gunicorn.conf.py"