From 7126aa43dcc4b9fa2f5212ee8aa098ff2900bba3 Mon Sep 17 00:00:00 2001 From: rjshrjndrn Date: Fri, 5 Aug 2022 19:55:30 +0200 Subject: [PATCH] chore(nginx): support for env variable API_ENDPOINT will point to chalice endpoint FRONTEND_ENDPOINT will point to frontend endpoint Signed-off-by: rjshrjndrn --- scripts/dockerfiles/nginx/Dockerfile | 4 + scripts/dockerfiles/nginx/README.md | 23 ++++ scripts/dockerfiles/nginx/default.conf | 133 ++---------------------- scripts/dockerfiles/nginx/location.list | 41 ++------ scripts/dockerfiles/nginx/nginx.conf | 25 +---- 5 files changed, 44 insertions(+), 182 deletions(-) create mode 100644 scripts/dockerfiles/nginx/README.md diff --git a/scripts/dockerfiles/nginx/Dockerfile b/scripts/dockerfiles/nginx/Dockerfile index dec7f3987..8b24db9b7 100644 --- a/scripts/dockerfiles/nginx/Dockerfile +++ b/scripts/dockerfiles/nginx/Dockerfile @@ -9,6 +9,10 @@ RUN chmod 0644 /usr/local/openresty/lualib/*.lua # Enabling monitoring on port 9145 # Warning: don't expose this port to public network COPY nginx.conf /usr/local/openresty${RESTY_DEB_FLAVOR}/nginx/conf/nginx.conf +COPY default.conf /etc/nginx/conf.d/default.conf COPY compression.conf /etc/nginx/conf.d/compression.conf COPY location.list /etc/nginx/conf.d/location.list RUN chmod 0644 /usr/local/openresty${RESTY_DEB_FLAVOR}/nginx/conf/nginx.conf + +RUN chown -R 1001 /var/run/openresty /usr/local/openresty +USER 1001 diff --git a/scripts/dockerfiles/nginx/README.md b/scripts/dockerfiles/nginx/README.md new file mode 100644 index 000000000..03190a7bd --- /dev/null +++ b/scripts/dockerfiles/nginx/README.md @@ -0,0 +1,23 @@ +## Nginx read urls from env + +We're using openresty because of native lua support. + +1. To access the env variable using `os.getenv("MY_ENV")` we need to define `env MY_ENV` in nginx.conf + +2. use ` set_by_lua_block $api_endpoint { return os.getenv("MY_ENV") }` in server directive of nginx. + +Ref: +1. Nginx directives: https://openresty-reference.readthedocs.io/en/latest/Directives/#set_by_lua_block +2. env variable definition: + 1. https://github.com/openresty/lua-nginx-module#system-environment-variable-support + 2. https://nginx.org/en/docs/ngx_core_module.html#env + +## Run the app + +``` +docker run -v ${PWD}/nginx.conf:/usr/local/openresty/nginx/conf/nginx.conf \ +-v ${PWD}/location.list:/etc/nginx/conf.d/location.list --rm -it \ +-e FRONTEND_ENDPOINT="http://10.0.0.55:8000" -e API_ENDPOINT="http://10.0.0.55:9000" \ +-p 80:8080 -p 9145:9145 local/nginx +``` + diff --git a/scripts/dockerfiles/nginx/default.conf b/scripts/dockerfiles/nginx/default.conf index 4dd31fa01..9974ec0e7 100644 --- a/scripts/dockerfiles/nginx/default.conf +++ b/scripts/dockerfiles/nginx/default.conf @@ -1,119 +1,3 @@ -location ~* /general_stats { - deny all; -} -location /healthz { - return 200 'OK'; -} -location ~ ^/(mobs|sessions-assets|frontend|static|sourcemaps|ios-images)/ { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - - proxy_connect_timeout 300; - # Default is HTTP/1, keepalive is only enabled in HTTP/1.1 - proxy_http_version 1.1; - proxy_set_header Connection ""; - chunked_transfer_encoding off; - - proxy_pass http://minio.db.svc.cluster.local:9000; -} - -location /minio/ { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - proxy_pass http://minio.db.svc.cluster.local:9000; -} -location /ingest/ { - rewrite ^/ingest/(.*) /$1 break; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header X-Forwarded-For $real_ip; - proxy_set_header X-Forwarded-Host $real_ip; - proxy_set_header X-Real-IP $real_ip; - proxy_set_header Host $host; - proxy_pass http://http-openreplay.app.svc.cluster.local; - proxy_read_timeout 300; - proxy_connect_timeout 120; - proxy_send_timeout 300; -} -location /grafana { - set $target http://monitoring-grafana.monitoring.svc.cluster.local; - rewrite ^/grafana/(.*) /$1 break; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - proxy_pass $target; -} -location /api/ { - rewrite ^/api/(.*) /$1 break; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass http://chalice-openreplay.app.svc.cluster.local:8000; -} -location /assist/ { - rewrite ^/assist/(.*) /$1 break; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - proxy_pass http://utilities-openreplay.app.svc.cluster.local:9000; -} -location /assets/ { - rewrite ^/assets/(.*) /sessions-assets/$1 break; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - proxy_pass http://minio.db.svc.cluster.local:9000; -} -location / { - index /index.html; - rewrite ^((?!.(js|css|png|svg|jpg|woff|woff2)).)*$ /frontend/index.html break; - include /etc/nginx/conf.d/compression.conf; - proxy_set_header Host $http_host; - proxy_pass http://minio.db.svc.cluster.local:9000/frontend/; - proxy_intercept_errors on; # see http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_intercept_errors - error_page 404 =200 /index.html; -} -mpression.conf: |- -# Compression -gzip on; -gzip_comp_level 5; -gzip_min_length 256; # 256Bytes -gzip_proxied any; -gzip_vary on; -# Content types for compression -gzip_types -application/atom+xml -application/javascript -application/json -application/ld+json -application/manifest+json -application/rss+xml -application/vnd.geo+json -application/vnd.ms-fontobject -application/x-font-ttf -application/x-web-app-manifest+json -application/xhtml+xml -application/xml -font/opentype -image/bmp -image/svg+xml -image/x-icon -text/cache-manifest -text/css -text/plain -; - -tes.conf: |- # Ref: https://github.com/openresty/openresty/#resolvconf-parsing resolver local=on; # Need real ip address for flags in replay. @@ -127,20 +11,15 @@ map $http_upgrade $connection_upgrade { default upgrade; '' close; } + server { - listen 80 default_server; - listen [::]:80 default_server; + listen 8080 default_server; + # listen [::]:80 default_server; # server_name _; - include /etc/nginx/conf.d/location.list; - client_max_body_size 10M; -} -server { - listen 443 ssl; - ssl_certificate /etc/secrets/site.crt; - ssl_certificate_key /etc/secrets/site.key; - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; + set_by_lua_block $api_endpoint {return os.getenv("API_ENDPOINT")} + set_by_lua_block $frontend_endpoint {return os.getenv("FRONTEND_ENDPOINT")} + include /etc/nginx/conf.d/location.list; client_max_body_size 10M; } diff --git a/scripts/dockerfiles/nginx/location.list b/scripts/dockerfiles/nginx/location.list index e668b1359..2ffc4329a 100644 --- a/scripts/dockerfiles/nginx/location.list +++ b/scripts/dockerfiles/nginx/location.list @@ -4,48 +4,25 @@ location ~* /general_stats { location /healthz { return 200 'OK'; } -location /ingest/ { - rewrite ^/ingest/(.*) /$1 break; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header X-Forwarded-For $real_ip; - proxy_set_header X-Forwarded-Host $real_ip; - proxy_set_header X-Real-IP $real_ip; - proxy_set_header Host $host; - set $target http://http-openreplay:8080; - proxy_pass $target; - proxy_read_timeout 300; - proxy_connect_timeout 120; - proxy_send_timeout 300; -} location /api/ { + set $target $api_endpoint; rewrite ^/api/(.*) /$1 break; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme; - set $target http://chalice-openreplay:8000; - proxy_pass $target; -} -location /assist/ { - rewrite ^/assist/(.*) /$1 break; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - set $target http://utilities-openreplay:9000; proxy_pass $target; } location / { - index /index.html; - rewrite ^((?!.(js|css|png|svg|jpg|woff|woff2)).)*$ /frontend/index.html break; + set $target $frontend_endpoint; include /etc/nginx/conf.d/compression.conf; - proxy_set_header Host $http_host; - set $target http://frontend:8080/; - proxy_pass $target; - proxy_intercept_errors on; # see http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_intercept_errors - add_header hello 'rajesh'; + + index /index.html; + rewrite ^((?!.(js|css|png|svg|jpg|woff|woff2)).)*$ /index.html break; + proxy_intercept_errors on; # see frontend://nginx.org/en/docs/frontend/ngx_frontend_proxy_module.html#proxy_intercept_errors error_page 404 =200 /index.html; + + proxy_set_header Host $http_host; + proxy_pass $target; } diff --git a/scripts/dockerfiles/nginx/nginx.conf b/scripts/dockerfiles/nginx/nginx.conf index cedb0011b..0b920ddfc 100644 --- a/scripts/dockerfiles/nginx/nginx.conf +++ b/scripts/dockerfiles/nginx/nginx.conf @@ -31,6 +31,8 @@ pcre_jit on; #pid logs/nginx.pid; +env API_ENDPOINT; +env FRONTEND_ENDPOINT; events { worker_connections 10000; } @@ -115,29 +117,6 @@ http { } } - # Ref: https://github.com/openresty/openresty/#resolvconf-parsing - resolver local=on; - # Need real ip address for flags in replay. - # Some LBs will forward real ips as x-forwarded-for - # So making that as priority - map $http_x_forwarded_for $real_ip { - ~^(\d+\.\d+\.\d+\.\d+) $1; - default $remote_addr; - } - map $http_upgrade $connection_upgrade { - default upgrade; - '' close; - } - - server { - listen 80 default_server; - # listen [::]:80 default_server; - # server_name _; - - include /etc/nginx/conf.d/location.list; - client_max_body_size 10M; - } - include /etc/nginx/conf.d/*.conf; # Don't reveal OpenResty version to clients.