From 5d9c1e4a6d86698dc4fc98c05cff2b17d00ff4f6 Mon Sep 17 00:00:00 2001
From: Rajesh Rajendran <rjshrjndrn@gmail.com>
Date: Thu, 27 Jan 2022 12:36:09 +0530
Subject: [PATCH] chore(docker): nginx image

nginx image with
- prometheus metrics scraping capabilities
- Increased worker connection from 1024 to 10000
---
 scripts/dockerfiles/nginx/Dockerfile |  12 +++
 scripts/dockerfiles/nginx/nginx.conf | 122 +++++++++++++++++++++++++++
 2 files changed, 134 insertions(+)
 create mode 100644 scripts/dockerfiles/nginx/Dockerfile
 create mode 100644 scripts/dockerfiles/nginx/nginx.conf

diff --git a/scripts/dockerfiles/nginx/Dockerfile b/scripts/dockerfiles/nginx/Dockerfile
new file mode 100644
index 000000000..dd3414240
--- /dev/null
+++ b/scripts/dockerfiles/nginx/Dockerfile
@@ -0,0 +1,12 @@
+FROM openresty/openresty:buster
+
+# Adding prometheus monitoring support
+ADD https://raw.githubusercontent.com/knyar/nginx-lua-prometheus/master/prometheus.lua /usr/local/openresty/lualib/
+ADD https://raw.githubusercontent.com/knyar/nginx-lua-prometheus/master/prometheus_keys.lua /usr/local/openresty/lualib/
+ADD https://raw.githubusercontent.com/knyar/nginx-lua-prometheus/master/prometheus_resty_counter.lua /usr/local/openresty/lualib/
+RUN chmod 0644 /usr/local/openresty/lualib/*.lua
+
+# Enabling monitoring on port 9145
+# Warning: don't expose this port to public network
+COPY nginx.conf /usr/local/openresty${RESTY_DEB_FLAVOR}/nginx/conf/nginx.conf
+RUN chmod 0644 /usr/local/openresty${RESTY_DEB_FLAVOR}/nginx/conf/nginx.conf 
diff --git a/scripts/dockerfiles/nginx/nginx.conf b/scripts/dockerfiles/nginx/nginx.conf
new file mode 100644
index 000000000..007b51ed2
--- /dev/null
+++ b/scripts/dockerfiles/nginx/nginx.conf
@@ -0,0 +1,122 @@
+# nginx.conf  --  docker-openresty
+#
+# This file is installed to:
+#   `/usr/local/openresty/nginx/conf/nginx.conf`
+# and is the file loaded by nginx at startup,
+# unless the user specifies otherwise.
+#
+# It tracks the upstream OpenResty's `nginx.conf`, but removes the `server`
+# section and adds this directive:
+#     `include /etc/nginx/conf.d/*.conf;`
+#
+# The `docker-openresty` file `nginx.vh.default.conf` is copied to
+# `/etc/nginx/conf.d/default.conf`.  It contains the `server section
+# of the upstream `nginx.conf`.
+#
+# See https://github.com/openresty/docker-openresty/blob/master/README.md#nginx-config-files
+#
+
+#user  nobody;
+#worker_processes 1;
+
+# Enables the use of JIT for regular expressions to speed-up their processing.
+pcre_jit on;
+
+
+
+#error_log  logs/error.log;
+#error_log  logs/error.log  notice;
+#error_log  logs/error.log  info;
+
+#pid        logs/nginx.pid;
+
+
+events {
+    worker_connections  10000;
+}
+
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    # Enables or disables the use of underscores in client request header fields.
+    # When the use of underscores is disabled, request header fields whose names contain underscores are marked as invalid and become subject to the ignore_invalid_headers directive.
+    # underscores_in_headers off;
+
+    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+    #                  '$status $body_bytes_sent "$http_referer" '
+    #                  '"$http_user_agent" "$http_x_forwarded_for"';
+
+    #access_log  logs/access.log  main;
+
+        # Log in JSON Format
+        # log_format nginxlog_json escape=json '{ "timestamp": "$time_iso8601", '
+        # '"remote_addr": "$remote_addr", '
+        #  '"body_bytes_sent": $body_bytes_sent, '
+        #  '"request_time": $request_time, '
+        #  '"response_status": $status, '
+        #  '"request": "$request", '
+        #  '"request_method": "$request_method", '
+        #  '"host": "$host",'
+        #  '"upstream_addr": "$upstream_addr",'
+        #  '"http_x_forwarded_for": "$http_x_forwarded_for",'
+        #  '"http_referrer": "$http_referer", '
+        #  '"http_user_agent": "$http_user_agent", '
+        #  '"http_version": "$server_protocol", '
+        #  '"nginx_access": true }';
+        # access_log /dev/stdout nginxlog_json;
+
+    # See Move default writable paths to a dedicated directory (#119)
+    # https://github.com/openresty/docker-openresty/issues/119
+    client_body_temp_path /var/run/openresty/nginx-client-body;
+    proxy_temp_path       /var/run/openresty/nginx-proxy;
+    fastcgi_temp_path     /var/run/openresty/nginx-fastcgi;
+    uwsgi_temp_path       /var/run/openresty/nginx-uwsgi;
+    scgi_temp_path        /var/run/openresty/nginx-scgi;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    #keepalive_timeout  0;
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    # Enabling monitoring
+    lua_shared_dict prometheus_metrics 10M;
+    # lua_package_path "/path/to/nginx-lua-prometheus/?.lua;;";
+
+    init_worker_by_lua_block {
+      prometheus = require("prometheus").init("prometheus_metrics")
+
+      metric_requests = prometheus:counter(
+        "nginx_http_requests_total", "Number of HTTP requests", {"host", "status", "request_method"})
+      metric_latency = prometheus:histogram(
+        "nginx_http_request_duration_seconds", "HTTP request latency", {"host"})
+      metric_connections = prometheus:gauge(
+        "nginx_http_connections", "Number of HTTP connections", {"state"})
+    }
+
+    log_by_lua_block {
+      metric_requests:inc(1, {ngx.var.server_name, ngx.var.status, ngx.var.request_method})
+      metric_latency:observe(tonumber(ngx.var.request_time), {ngx.var.server_name})
+    }
+
+    server {
+      listen 9145;
+      location /metrics {
+        content_by_lua_block {
+          metric_connections:set(ngx.var.connections_reading, {"reading"})
+          metric_connections:set(ngx.var.connections_waiting, {"waiting"})
+          metric_connections:set(ngx.var.connections_writing, {"writing"})
+          prometheus:collect()
+        }
+      }
+    }
+
+    include /etc/nginx/conf.d/*.conf;
+
+    # Don't reveal OpenResty version to clients.
+    # server_tokens off;
+}