-
Notifications
You must be signed in to change notification settings - Fork 278
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore: update webapp base image to use airbyte nginx image (#14687)
Co-authored-by: Alex Buchanan <alex.buchanan@airbyte.io>
- Loading branch information
1 parent
d89d8f4
commit 61937bb
Showing
15 changed files
with
589 additions
and
26 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,20 +1,18 @@ | ||
ARG NGINX_IMAGE=nginxinc/nginx-unprivileged:alpine3.20 | ||
ARG NGINX_IMAGE=airbyte/nginx-unprivileged:alpine3.20-2 | ||
FROM ${NGINX_IMAGE} | ||
|
||
ARG BUILD_DIR=bin/build | ||
ARG NGINX_CONFIG=bin/nginx/default.conf.template | ||
|
||
EXPOSE 8080 | ||
|
||
USER root | ||
COPY --chown=nginx:nginx ${BUILD_DIR} /usr/share/nginx/html | ||
COPY --chown=nginx:nginx ${NGINX_CONFIG} /etc/nginx/templates/default.conf.template | ||
|
||
COPY ${BUILD_DIR} /usr/share/nginx/html | ||
USER root | ||
|
||
RUN <<EOF | ||
find /usr/share/nginx/html -type d -exec chmod 755 '{}' \; -o -type f -exec chmod 644 '{}' \; | ||
chown -R nginx:nginx /usr/share/nginx/html | ||
EOF | ||
|
||
COPY ${NGINX_CONFIG} /etc/nginx/templates/default.conf.template | ||
|
||
USER nginx:nginx |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
67 changes: 67 additions & 0 deletions
67
docker/airbyte-nginx/alpine-slim/10-listen-on-ipv6-by-default.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
#!/bin/sh | ||
# vim:sw=4:ts=4:et | ||
|
||
set -e | ||
|
||
entrypoint_log() { | ||
if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then | ||
echo "$@" | ||
fi | ||
} | ||
|
||
ME=$(basename "$0") | ||
DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" | ||
|
||
# check if we have ipv6 available | ||
if [ ! -f "/proc/net/if_inet6" ]; then | ||
entrypoint_log "$ME: info: ipv6 not available" | ||
exit 0 | ||
fi | ||
|
||
if [ ! -f "/$DEFAULT_CONF_FILE" ]; then | ||
entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" | ||
exit 0 | ||
fi | ||
|
||
# check if the file can be modified, e.g. not on a r/o filesystem | ||
touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } | ||
|
||
# check if the file is already modified, e.g. on a container restart | ||
grep -q "listen \[::]\:8080;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } | ||
|
||
if [ -f "/etc/os-release" ]; then | ||
. /etc/os-release | ||
else | ||
entrypoint_log "$ME: info: can not guess the operating system" | ||
exit 0 | ||
fi | ||
|
||
entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" | ||
|
||
case "$ID" in | ||
"debian") | ||
CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) | ||
echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { | ||
entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" | ||
exit 0 | ||
} | ||
;; | ||
"alpine") | ||
CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) | ||
echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { | ||
entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" | ||
exit 0 | ||
} | ||
;; | ||
*) | ||
entrypoint_log "$ME: info: Unsupported distribution" | ||
exit 0 | ||
;; | ||
esac | ||
|
||
# enable ipv6 on default.conf listen sockets | ||
sed -i -E 's,listen 8080;,listen 8080;\n listen [::]:8080;,' /$DEFAULT_CONF_FILE | ||
|
||
entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" | ||
|
||
exit 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
#!/bin/sh | ||
# vim:sw=2:ts=2:sts=2:et | ||
|
||
set -eu | ||
|
||
LC_ALL=C | ||
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin | ||
|
||
[ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 | ||
|
||
NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {if ($2 ~ ":") {print "["$2"]"} else {print $2}}' /etc/resolv.conf) | ||
|
||
NGINX_LOCAL_RESOLVERS="${NGINX_LOCAL_RESOLVERS% }" | ||
|
||
export NGINX_LOCAL_RESOLVERS |
78 changes: 78 additions & 0 deletions
78
docker/airbyte-nginx/alpine-slim/20-envsubst-on-templates.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
#!/bin/sh | ||
|
||
set -e | ||
|
||
ME=$(basename "$0") | ||
|
||
entrypoint_log() { | ||
if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then | ||
echo "$@" | ||
fi | ||
} | ||
|
||
add_stream_block() { | ||
local conffile="/etc/nginx/nginx.conf" | ||
|
||
if grep -q -E "\s*stream\s*\{" "$conffile"; then | ||
entrypoint_log "$ME: $conffile contains a stream block; include $stream_output_dir/*.conf to enable stream templates" | ||
else | ||
# check if the file can be modified, e.g. not on a r/o filesystem | ||
touch "$conffile" 2>/dev/null || { entrypoint_log "$ME: info: can not modify $conffile (read-only file system?)"; exit 0; } | ||
entrypoint_log "$ME: Appending stream block to $conffile to include $stream_output_dir/*.conf" | ||
cat << END >> "$conffile" | ||
# added by "$ME" on "$(date)" | ||
stream { | ||
include $stream_output_dir/*.conf; | ||
} | ||
END | ||
fi | ||
} | ||
|
||
auto_envsubst() { | ||
local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" | ||
local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" | ||
local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" | ||
local stream_suffix="${NGINX_ENVSUBST_STREAM_TEMPLATE_SUFFIX:-.stream-template}" | ||
local stream_output_dir="${NGINX_ENVSUBST_STREAM_OUTPUT_DIR:-/etc/nginx/stream-conf.d}" | ||
local filter="${NGINX_ENVSUBST_FILTER:-}" | ||
|
||
local template defined_envs relative_path output_path subdir | ||
defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) | ||
[ -d "$template_dir" ] || return 0 | ||
if [ ! -w "$output_dir" ]; then | ||
entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" | ||
return 0 | ||
fi | ||
find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do | ||
relative_path="${template#"$template_dir/"}" | ||
output_path="$output_dir/${relative_path%"$suffix"}" | ||
subdir=$(dirname "$relative_path") | ||
# create a subdirectory where the template file exists | ||
mkdir -p "$output_dir/$subdir" | ||
entrypoint_log "$ME: Running envsubst on $template to $output_path" | ||
envsubst "$defined_envs" < "$template" > "$output_path" | ||
done | ||
|
||
# Print the first file with the stream suffix, this will be false if there are none | ||
if test -n "$(find "$template_dir" -name "*$stream_suffix" -print -quit)"; then | ||
mkdir -p "$stream_output_dir" | ||
if [ ! -w "$stream_output_dir" ]; then | ||
entrypoint_log "$ME: ERROR: $template_dir exists, but $stream_output_dir is not writable" | ||
return 0 | ||
fi | ||
add_stream_block | ||
find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do | ||
relative_path="${template#"$template_dir/"}" | ||
output_path="$stream_output_dir/${relative_path%"$stream_suffix"}" | ||
subdir=$(dirname "$relative_path") | ||
# create a subdirectory where the template file exists | ||
mkdir -p "$stream_output_dir/$subdir" | ||
entrypoint_log "$ME: Running envsubst on $template to $output_path" | ||
envsubst "$defined_envs" < "$template" > "$output_path" | ||
done | ||
fi | ||
} | ||
|
||
auto_envsubst | ||
|
||
exit 0 |
Oops, something went wrong.