allow using nginx amplify for monitoring
This commit is contained in:
parent
85aa8787e1
commit
613e9907b9
|
@ -47,15 +47,26 @@ services:
|
|||
command: ["build"]
|
||||
restart: on-failure
|
||||
nginx:
|
||||
image: nginx
|
||||
container_name: nginx
|
||||
env_file: .env
|
||||
environment:
|
||||
- API_KEY=${PL_AMPLIFY_API_KEY}
|
||||
- AMPLIFY_IMAGENAME=${PL_HOSTNAME}
|
||||
build:
|
||||
context: ./nginx
|
||||
dockerfile: Dockerfile
|
||||
depends_on:
|
||||
- server
|
||||
restart: always
|
||||
volumes:
|
||||
- pwa:/pwa
|
||||
- ./nginx.conf:/etc/nginx/nginx.conf
|
||||
# - ${PL_TLS_CERT:-./tls/cert.pem}:/tls/cert
|
||||
# - ${PL_TLS_KEY:-./tls/key.pem}:/tls/key
|
||||
# - ${PL_TLS_CONF:-./tls/tls.conf}:/tls/tls.conf
|
||||
# - logs:/var/log
|
||||
- /var/www/certbot:/certbot
|
||||
- ./nginx/nginx.conf:/etc/nginx/nginx.conf
|
||||
- ${PL_SSL_CERT}:/ssl/cert
|
||||
- ${PL_SSL_KEY}:/ssl/key
|
||||
- /etc/letsencrypt/options-ssl-nginx.conf:/ssl/ssl.conf
|
||||
- /etc/letsencrypt/ssl-dhparams.pem:/ssl/dhparams.pem
|
||||
ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
|
|
56
nginx.conf
56
nginx.conf
|
@ -1,56 +0,0 @@
|
|||
http {
|
||||
# This is required if you want to upload attachments
|
||||
client_max_body_size 10m;
|
||||
|
||||
include mime.types;
|
||||
|
||||
# Redirect all http traffic to https
|
||||
# server {
|
||||
# listen 80 default_server;
|
||||
# listen [::]:80 default_server;
|
||||
# server_name _;
|
||||
# return 301 https://$host$request_uri;
|
||||
# }
|
||||
|
||||
server {
|
||||
# We don't need a host name here since we're only
|
||||
# dealing with one domain, but you may insert your domain here.
|
||||
server_name _;
|
||||
|
||||
# Both server and pwa are served over https
|
||||
# listen 443 ssl http2;
|
||||
|
||||
listen 80 default_server;
|
||||
|
||||
gzip on;
|
||||
gzip_types text/css application/javascript application/json;
|
||||
|
||||
add_header X-Frame-Options deny;
|
||||
|
||||
# This will resolve to the server instance
|
||||
location /server/ {
|
||||
proxy_pass http://padloc_server:3000;
|
||||
# rewrite ^/padloc_server(.*)$ $1 break;
|
||||
}
|
||||
|
||||
# This will resolve to the web app
|
||||
location / {
|
||||
root /pwa;
|
||||
|
||||
index index.html;
|
||||
|
||||
try_files $uri /index.html;
|
||||
}
|
||||
|
||||
# SSL certificate
|
||||
# ssl_certificate /ssl/cert;
|
||||
# # SSL private key
|
||||
# ssl_certificate_key /ssl/key;
|
||||
|
||||
# Add this file to add advanced ssl configuration
|
||||
# include /ssl/ssl.conf;
|
||||
}
|
||||
}
|
||||
|
||||
# This section is required by nginx
|
||||
events {}
|
|
@ -0,0 +1,25 @@
|
|||
FROM nginx:1.21
|
||||
|
||||
# Install the NGINX Amplify Agent
|
||||
RUN apt-get update \
|
||||
&& apt-get install -qqy curl python apt-transport-https apt-utils gnupg1 procps \
|
||||
&& echo 'deb https://packages.amplify.nginx.com/debian/ stretch amplify-agent' > /etc/apt/sources.list.d/nginx-amplify.list \
|
||||
&& curl -fs https://nginx.org/keys/nginx_signing.key | apt-key add - > /dev/null 2>&1 \
|
||||
&& apt-get update \
|
||||
&& apt-get install -qqy nginx-amplify-agent \
|
||||
&& apt-get purge -qqy curl apt-transport-https apt-utils gnupg1 \
|
||||
&& rm -rf /etc/apt/sources.list.d/nginx-amplify.list \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Keep the nginx logs inside the container
|
||||
RUN unlink /var/log/nginx/access.log \
|
||||
&& unlink /var/log/nginx/error.log \
|
||||
&& touch /var/log/nginx/access.log \
|
||||
&& touch /var/log/nginx/error.log \
|
||||
&& chown nginx /var/log/nginx/*log \
|
||||
&& chmod 644 /var/log/nginx/*log
|
||||
|
||||
COPY ./entrypoint.sh /entrypoint.sh
|
||||
RUN chmod +x /entrypoint.sh
|
||||
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
|
@ -0,0 +1,77 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# This script launches nginx and the NGINX Amplify Agent.
|
||||
#
|
||||
# Unless already baked in the image, a real API_KEY is required for the
|
||||
# NGINX Amplify Agent to be able to connect to the backend.
|
||||
#
|
||||
# If AMPLIFY_IMAGENAME is set, the script will use it to generate
|
||||
# the 'imagename' to put in the /etc/amplify-agent/agent.conf
|
||||
#
|
||||
# If several instances use the same imagename, the metrics will
|
||||
# be aggregated into a single object in Amplify. Otherwise NGINX Amplify
|
||||
# will create separate objects for monitoring (an object per instance).
|
||||
#
|
||||
|
||||
# Variables
|
||||
agent_conf_file="/etc/amplify-agent/agent.conf"
|
||||
agent_log_file="/var/log/amplify-agent/agent.log"
|
||||
nginx_status_conf="/etc/nginx/conf.d/stub_status.conf"
|
||||
api_key=""
|
||||
amplify_imagename=""
|
||||
|
||||
# Launch nginx
|
||||
echo "starting nginx ..."
|
||||
nginx -g "daemon off;" &
|
||||
|
||||
nginx_pid=$!
|
||||
|
||||
test -n "${API_KEY}" && \
|
||||
api_key=${API_KEY}
|
||||
|
||||
test -n "${AMPLIFY_IMAGENAME}" && \
|
||||
amplify_imagename=${AMPLIFY_IMAGENAME}
|
||||
|
||||
if [ -n "${api_key}" -o -n "${amplify_imagename}" ]; then
|
||||
echo "updating ${agent_conf_file} ..."
|
||||
|
||||
if [ ! -f "${agent_conf_file}" ]; then
|
||||
test -f "${agent_conf_file}.default" && \
|
||||
cp -p "${agent_conf_file}.default" "${agent_conf_file}" || \
|
||||
{ echo "no ${agent_conf_file}.default found! exiting."; exit 1; }
|
||||
fi
|
||||
|
||||
test -n "${api_key}" && \
|
||||
echo " ---> using api_key = ${api_key}" && \
|
||||
sh -c "sed -i.old -e 's/api_key.*$/api_key = $api_key/' \
|
||||
${agent_conf_file}"
|
||||
|
||||
test -n "${amplify_imagename}" && \
|
||||
echo " ---> using imagename = ${amplify_imagename}" && \
|
||||
sh -c "sed -i.old -e 's/imagename.*$/imagename = $amplify_imagename/' \
|
||||
${agent_conf_file}"
|
||||
|
||||
test -f "${agent_conf_file}" && \
|
||||
chmod 644 ${agent_conf_file} && \
|
||||
chown nginx ${agent_conf_file} > /dev/null 2>&1
|
||||
|
||||
test -f "${nginx_status_conf}" && \
|
||||
chmod 644 ${nginx_status_conf} && \
|
||||
chown nginx ${nginx_status_conf} > /dev/null 2>&1
|
||||
fi
|
||||
|
||||
if ! grep '^api_key.*=[ ]*[[:alnum:]].*' ${agent_conf_file} > /dev/null 2>&1; then
|
||||
echo "no api_key found in ${agent_conf_file}! exiting."
|
||||
fi
|
||||
|
||||
echo "starting amplify-agent ..."
|
||||
service amplify-agent start > /dev/null 2>&1 < /dev/null
|
||||
|
||||
if [ $? != 0 ]; then
|
||||
echo "couldn't start the agent, please check ${agent_log_file}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
wait ${nginx_pid}
|
||||
|
||||
echo "nginx master process has stopped, exiting."
|
|
@ -0,0 +1,102 @@
|
|||
user nginx;
|
||||
worker_processes auto;
|
||||
|
||||
http {
|
||||
# BASIC SETTINGS
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
keepalive_timeout 65;
|
||||
|
||||
types_hash_max_size 2048;
|
||||
|
||||
# Required for attachments
|
||||
client_max_body_size 10m;
|
||||
|
||||
# Enable gzip
|
||||
gzip on;
|
||||
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
|
||||
|
||||
include mime.types;
|
||||
|
||||
# Disallow embedding in iFrames
|
||||
add_header X-Frame-Options deny;
|
||||
|
||||
# use custom log format for nginx amplify monitoring
|
||||
log_format main_ext '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for" '
|
||||
'"$host" sn="$server_name" '
|
||||
'rt=$request_time '
|
||||
'ua="$upstream_addr" us="$upstream_status" '
|
||||
'ut="$upstream_response_time" ul="$upstream_response_length" '
|
||||
'cs=$upstream_cache_status' ;
|
||||
access_log /var/log/nginx/access.log main_ext;
|
||||
error_log /var/log/nginx/error.log warn;
|
||||
|
||||
# nginx stub status for monitoring
|
||||
server {
|
||||
listen 127.0.0.1:80;
|
||||
server_name 127.0.0.1;
|
||||
location /nginx_status {
|
||||
stub_status on;
|
||||
allow 127.0.0.1;
|
||||
deny all;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
server_name _;
|
||||
|
||||
# Challenge for certificate renewal
|
||||
location /.well-known/acme-challenge/ {
|
||||
root /certbot;
|
||||
}
|
||||
|
||||
# Redirect all http traffic to https
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
# We don't need a host name here since we're only
|
||||
# dealing with one domain, but you may insert your domain here.
|
||||
server_name _;
|
||||
|
||||
# Both server and pwa are served over https
|
||||
listen 443 ssl http2;
|
||||
|
||||
# Challenge for certificate renewal
|
||||
location /.well-known/acme-challenge/ {
|
||||
root /certbot;
|
||||
}
|
||||
|
||||
# This will resolve to the server instance
|
||||
location /server {
|
||||
proxy_pass http://padloc_server:3000;
|
||||
rewrite ^/padloc_server(.*)$ $1 break;
|
||||
}
|
||||
|
||||
# This will resolve to the web app
|
||||
location / {
|
||||
root /pwa;
|
||||
|
||||
index index.html;
|
||||
|
||||
try_files $uri /index.html;
|
||||
}
|
||||
|
||||
# SSL certificate
|
||||
ssl_certificate /ssl/cert;
|
||||
# SSL private key
|
||||
ssl_certificate_key /ssl/key;
|
||||
# Advanced SSL configuration
|
||||
include /ssl/ssl.conf;
|
||||
# Diffie-Hellman parameters
|
||||
ssl_dhparam /ssl/dhparams.pem;
|
||||
}
|
||||
}
|
||||
|
||||
events {
|
||||
}
|
Loading…
Reference in New Issue