jan/openreplay
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore(nginx): support for env variable

Browse source 
API_ENDPOINT will point to chalice endpoint
FRONTEND_ENDPOINT will point to frontend endpoint

Signed-off-by: rjshrjndrn <rjshrjndrn@gmail.com>
This commit is contained in:
rjshrjndrn 2022-08-05 19:55:30 +02:00
parent 963a29ede9
commit 7126aa43dc
5 changed files with 44 additions and 182 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
scripts/dockerfiles/nginx/Dockerfile
View file

@ -9,6 +9,10 @@ RUN chmod 0644 /usr/local/openresty/lualib/*.lua
# Enabling monitoring on port 9145 # Enabling monitoring on port 9145
# Warning: don't expose this port to public network # Warning: don't expose this port to public network
COPY nginx.conf /usr/local/openresty${RESTY_DEB_FLAVOR}/nginx/conf/nginx.conf COPY nginx.conf /usr/local/openresty${RESTY_DEB_FLAVOR}/nginx/conf/nginx.conf
COPY default.conf /etc/nginx/conf.d/default.conf
COPY compression.conf /etc/nginx/conf.d/compression.conf COPY compression.conf /etc/nginx/conf.d/compression.conf
COPY location.list /etc/nginx/conf.d/location.list COPY location.list /etc/nginx/conf.d/location.list
RUN chmod 0644 /usr/local/openresty${RESTY_DEB_FLAVOR}/nginx/conf/nginx.conf RUN chmod 0644 /usr/local/openresty${RESTY_DEB_FLAVOR}/nginx/conf/nginx.conf
RUN chown -R 1001 /var/run/openresty /usr/local/openresty
USER 1001

23
scripts/dockerfiles/nginx/README.md Normal file
View file

@ -0,0 +1,23 @@
## Nginx read urls from env
We're using openresty because of native lua support.
1. To access the env variable using `os.getenv("MY_ENV")` we need to define `env MY_ENV` in nginx.conf
2. use ` set_by_lua_block $api_endpoint { return os.getenv("MY_ENV") }` in server directive of nginx.
Ref:
1. Nginx directives: https://openresty-reference.readthedocs.io/en/latest/Directives/#set_by_lua_block
2. env variable definition:
1. https://github.com/openresty/lua-nginx-module#system-environment-variable-support
2. https://nginx.org/en/docs/ngx_core_module.html#env
## Run the app
```
docker run -v ${PWD}/nginx.conf:/usr/local/openresty/nginx/conf/nginx.conf \
-v ${PWD}/location.list:/etc/nginx/conf.d/location.list --rm -it \
-e FRONTEND_ENDPOINT="http://10.0.0.55:8000" -e API_ENDPOINT="http://10.0.0.55:9000" \
-p 80:8080 -p 9145:9145 local/nginx
```

133
scripts/dockerfiles/nginx/default.conf
View file

@ -1,119 +1,3 @@
location ~* /general_stats {
deny all;
}
location /healthz {
return 200 'OK';
}
location ~ ^/(mobs|sessions-assets|frontend|static|sourcemaps|ios-images)/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_connect_timeout 300;
# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_pass http://minio.db.svc.cluster.local:9000;
}
location /minio/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_pass http://minio.db.svc.cluster.local:9000;
}
location /ingest/ {
rewrite ^/ingest/(.*) /$1 break;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Forwarded-For $real_ip;
proxy_set_header X-Forwarded-Host $real_ip;
proxy_set_header X-Real-IP $real_ip;
proxy_set_header Host $host;
proxy_pass http://http-openreplay.app.svc.cluster.local;
proxy_read_timeout 300;
proxy_connect_timeout 120;
proxy_send_timeout 300;
}
location /grafana {
set $target http://monitoring-grafana.monitoring.svc.cluster.local;
rewrite ^/grafana/(.*) /$1 break;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_pass $target;
}
location /api/ {
rewrite ^/api/(.*) /$1 break;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://chalice-openreplay.app.svc.cluster.local:8000;
}
location /assist/ {
rewrite ^/assist/(.*) /$1 break;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_pass http://utilities-openreplay.app.svc.cluster.local:9000;
}
location /assets/ {
rewrite ^/assets/(.*) /sessions-assets/$1 break;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_pass http://minio.db.svc.cluster.local:9000;
}
location / {
index /index.html;
rewrite ^((?!.(js|css|png|svg|jpg|woff|woff2)).)*$ /frontend/index.html break;
include /etc/nginx/conf.d/compression.conf;
proxy_set_header Host $http_host;
proxy_pass http://minio.db.svc.cluster.local:9000/frontend/;
proxy_intercept_errors on; # see http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_intercept_errors
error_page 404 =200 /index.html;
}
mpression.conf: |-
# Compression
gzip on;
gzip_comp_level 5;
gzip_min_length 256; # 256Bytes
gzip_proxied any;
gzip_vary on;
# Content types for compression
gzip_types
application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/plain
;
tes.conf: |-
# Ref: https://github.com/openresty/openresty/#resolvconf-parsing # Ref: https://github.com/openresty/openresty/#resolvconf-parsing
resolver local=on; resolver local=on;
# Need real ip address for flags in replay. # Need real ip address for flags in replay.
@ -127,20 +11,15 @@ map $http_upgrade $connection_upgrade {
default upgrade; default upgrade;
'' close; '' close;
} }
server { server {
listen 80 default_server; listen 8080 default_server;
listen [::]:80 default_server; # listen [::]:80 default_server;
# server_name _; # server_name _;
include /etc/nginx/conf.d/location.list; set_by_lua_block $api_endpoint {return os.getenv("API_ENDPOINT")}
client_max_body_size 10M; set_by_lua_block $frontend_endpoint {return os.getenv("FRONTEND_ENDPOINT")}
}
server {
listen 443 ssl;
ssl_certificate /etc/secrets/site.crt;
ssl_certificate_key /etc/secrets/site.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
include /etc/nginx/conf.d/location.list; include /etc/nginx/conf.d/location.list;
client_max_body_size 10M; client_max_body_size 10M;
} }

41
scripts/dockerfiles/nginx/location.list
View file

@ -4,48 +4,25 @@ location ~* /general_stats {
location /healthz { location /healthz {
return 200 'OK'; return 200 'OK';
} }
location /ingest/ {
rewrite ^/ingest/(.*) /$1 break;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Forwarded-For $real_ip;
proxy_set_header X-Forwarded-Host $real_ip;
proxy_set_header X-Real-IP $real_ip;
proxy_set_header Host $host;
set $target http://http-openreplay:8080;
proxy_pass $target;
proxy_read_timeout 300;
proxy_connect_timeout 120;
proxy_send_timeout 300;
}
location /api/ { location /api/ {
set $target $api_endpoint;
rewrite ^/api/(.*) /$1 break; rewrite ^/api/(.*) /$1 break;
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade"; proxy_set_header Connection "Upgrade";
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
set $target http://chalice-openreplay:8000;
proxy_pass $target;
}
location /assist/ {
rewrite ^/assist/(.*) /$1 break;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
set $target http://utilities-openreplay:9000;
proxy_pass $target; proxy_pass $target;
} }
location / { location / {
index /index.html; set $target $frontend_endpoint;
rewrite ^((?!.(js|css|png|svg|jpg|woff|woff2)).)*$ /frontend/index.html break;
include /etc/nginx/conf.d/compression.conf; include /etc/nginx/conf.d/compression.conf;
proxy_set_header Host $http_host;
set $target http://frontend:8080/; index /index.html;
proxy_pass $target; rewrite ^((?!.(js|css|png|svg|jpg|woff|woff2)).)*$ /index.html break;
proxy_intercept_errors on; # see http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_intercept_errors proxy_intercept_errors on; # see frontend://nginx.org/en/docs/frontend/ngx_frontend_proxy_module.html#proxy_intercept_errors
add_header hello 'rajesh';
error_page 404 =200 /index.html; error_page 404 =200 /index.html;
proxy_set_header Host $http_host;
proxy_pass $target;
} }

25
scripts/dockerfiles/nginx/nginx.conf
View file

@ -31,6 +31,8 @@ pcre_jit on;
#pid logs/nginx.pid; #pid logs/nginx.pid;
env API_ENDPOINT;
env FRONTEND_ENDPOINT;
events { events {
worker_connections 10000; worker_connections 10000;
} }
@ -115,29 +117,6 @@ http {
} }
} }
# Ref: https://github.com/openresty/openresty/#resolvconf-parsing
resolver local=on;
# Need real ip address for flags in replay.
# Some LBs will forward real ips as x-forwarded-for
# So making that as priority
map $http_x_forwarded_for $real_ip {
~^(\d+\.\d+\.\d+\.\d+) $1;
default $remote_addr;
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80 default_server;
# listen [::]:80 default_server;
# server_name _;
include /etc/nginx/conf.d/location.list;
client_max_body_size 10M;
}
include /etc/nginx/conf.d/*.conf; include /etc/nginx/conf.d/*.conf;
# Don't reveal OpenResty version to clients. # Don't reveal OpenResty version to clients.