-
-
Notifications
You must be signed in to change notification settings - Fork 284
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
2a709ae
commit 52f5cbd
Showing
15 changed files
with
525 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,200 @@ | ||
FROM python:3.7-alpine3.7 | ||
|
||
LABEL maintainer="Sebastian Ramirez <tiangolo@gmail.com>" | ||
|
||
# Standard set up Nginx Alpine | ||
# https://github.com/nginxinc/docker-nginx/blob/f8fad321cf58d5cbcafa3d9fa15314b8a77b5e65/mainline/alpine/Dockerfile | ||
|
||
ENV NGINX_VERSION 1.13.8 | ||
|
||
RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ | ||
&& CONFIG="\ | ||
--prefix=/etc/nginx \ | ||
--sbin-path=/usr/sbin/nginx \ | ||
--modules-path=/usr/lib/nginx/modules \ | ||
--conf-path=/etc/nginx/nginx.conf \ | ||
--error-log-path=/var/log/nginx/error.log \ | ||
--http-log-path=/var/log/nginx/access.log \ | ||
--pid-path=/var/run/nginx.pid \ | ||
--lock-path=/var/run/nginx.lock \ | ||
--http-client-body-temp-path=/var/cache/nginx/client_temp \ | ||
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \ | ||
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ | ||
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ | ||
--http-scgi-temp-path=/var/cache/nginx/scgi_temp \ | ||
--user=nginx \ | ||
--group=nginx \ | ||
--with-http_ssl_module \ | ||
--with-http_realip_module \ | ||
--with-http_addition_module \ | ||
--with-http_sub_module \ | ||
--with-http_dav_module \ | ||
--with-http_flv_module \ | ||
--with-http_mp4_module \ | ||
--with-http_gunzip_module \ | ||
--with-http_gzip_static_module \ | ||
--with-http_random_index_module \ | ||
--with-http_secure_link_module \ | ||
--with-http_stub_status_module \ | ||
--with-http_auth_request_module \ | ||
--with-http_xslt_module=dynamic \ | ||
--with-http_image_filter_module=dynamic \ | ||
--with-http_geoip_module=dynamic \ | ||
--with-threads \ | ||
--with-stream \ | ||
--with-stream_ssl_module \ | ||
--with-stream_ssl_preread_module \ | ||
--with-stream_realip_module \ | ||
--with-stream_geoip_module=dynamic \ | ||
--with-http_slice_module \ | ||
--with-mail \ | ||
--with-mail_ssl_module \ | ||
--with-compat \ | ||
--with-file-aio \ | ||
--with-http_v2_module \ | ||
" \ | ||
&& addgroup -S nginx \ | ||
&& adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \ | ||
&& apk add --no-cache --virtual .build-deps \ | ||
gcc \ | ||
libc-dev \ | ||
make \ | ||
openssl-dev \ | ||
pcre-dev \ | ||
zlib-dev \ | ||
linux-headers \ | ||
curl \ | ||
gnupg \ | ||
libxslt-dev \ | ||
gd-dev \ | ||
geoip-dev \ | ||
&& curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ | ||
&& curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ | ||
&& export GNUPGHOME="$(mktemp -d)" \ | ||
&& found=''; \ | ||
for server in \ | ||
ha.pool.sks-keyservers.net \ | ||
hkp://keyserver.ubuntu.com:80 \ | ||
hkp://p80.pool.sks-keyservers.net:80 \ | ||
pgp.mit.edu \ | ||
; do \ | ||
echo "Fetching GPG key $GPG_KEYS from $server"; \ | ||
gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \ | ||
done; \ | ||
test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \ | ||
gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \ | ||
&& rm -r "$GNUPGHOME" nginx.tar.gz.asc \ | ||
&& mkdir -p /usr/src \ | ||
&& tar -zxC /usr/src -f nginx.tar.gz \ | ||
&& rm nginx.tar.gz \ | ||
&& cd /usr/src/nginx-$NGINX_VERSION \ | ||
&& ./configure $CONFIG --with-debug \ | ||
&& make -j$(getconf _NPROCESSORS_ONLN) \ | ||
&& mv objs/nginx objs/nginx-debug \ | ||
&& mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \ | ||
&& mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \ | ||
&& mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \ | ||
&& mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so \ | ||
&& ./configure $CONFIG \ | ||
&& make -j$(getconf _NPROCESSORS_ONLN) \ | ||
&& make install \ | ||
&& rm -rf /etc/nginx/html/ \ | ||
&& mkdir /etc/nginx/conf.d/ \ | ||
&& mkdir -p /usr/share/nginx/html/ \ | ||
&& install -m644 html/index.html /usr/share/nginx/html/ \ | ||
&& install -m644 html/50x.html /usr/share/nginx/html/ \ | ||
&& install -m755 objs/nginx-debug /usr/sbin/nginx-debug \ | ||
&& install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \ | ||
&& install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \ | ||
&& install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \ | ||
&& install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so \ | ||
&& ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \ | ||
&& strip /usr/sbin/nginx* \ | ||
&& strip /usr/lib/nginx/modules/*.so \ | ||
&& rm -rf /usr/src/nginx-$NGINX_VERSION \ | ||
\ | ||
# Bring in gettext so we can get `envsubst`, then throw | ||
# the rest away. To do this, we need to install `gettext` | ||
# then move `envsubst` out of the way so `gettext` can | ||
# be deleted completely, then move `envsubst` back. | ||
&& apk add --no-cache --virtual .gettext gettext \ | ||
&& mv /usr/bin/envsubst /tmp/ \ | ||
\ | ||
&& runDeps="$( \ | ||
scanelf --needed --nobanner --format '%n#p' /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \ | ||
| tr ',' '\n' \ | ||
| sort -u \ | ||
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ | ||
)" \ | ||
&& apk add --no-cache --virtual .nginx-rundeps $runDeps \ | ||
&& apk del .build-deps \ | ||
&& apk del .gettext \ | ||
&& mv /tmp/envsubst /usr/local/bin/ \ | ||
\ | ||
# Bring in tzdata so users could set the timezones through the environment | ||
# variables | ||
&& apk add --no-cache tzdata \ | ||
\ | ||
# forward request and error logs to docker log collector | ||
&& ln -sf /dev/stdout /var/log/nginx/access.log \ | ||
&& ln -sf /dev/stderr /var/log/nginx/error.log | ||
|
||
COPY nginx.conf /etc/nginx/nginx.conf | ||
|
||
# Standard set up Nginx finished | ||
|
||
EXPOSE 80 | ||
|
||
|
||
# # Expose 443, in case of LTS / HTTPS | ||
EXPOSE 443 | ||
|
||
# Install uWSGI | ||
RUN apk add --no-cache uwsgi-python3 | ||
|
||
# Make NGINX run on the foreground | ||
RUN echo "daemon off;" >> /etc/nginx/nginx.conf | ||
# Copy the modified Nginx conf | ||
COPY nginx-custom.conf /etc/nginx/conf.d/nginx.conf | ||
# Copy the base uWSGI ini file to enable default dynamic uwsgi process number | ||
COPY uwsgi.ini /etc/uwsgi/ | ||
|
||
# Install Supervisord | ||
RUN apk add --no-cache supervisor | ||
# Custom Supervisord config | ||
COPY supervisord.ini /etc/supervisor.d/supervisord.ini | ||
|
||
# Which uWSGI .ini file should be used, to make it customizable | ||
ENV UWSGI_INI /app/uwsgi.ini | ||
|
||
# By default, run 2 processes | ||
ENV UWSGI_CHEAPER 2 | ||
|
||
# By default, when on demand, run up to 16 processes | ||
ENV UWSGI_PROCESSES 16 | ||
|
||
# By default, allow unlimited file sizes, modify it to limit the file sizes | ||
# To have a maximum of 1 MB (Nginx's default) change the line to: | ||
ENV NGINX_MAX_UPLOAD 1m | ||
ENV NGINX_MAX_UPLOAD 0 | ||
|
||
# By default, Nginx will run a single worker process, setting it to auto | ||
# will create a worker for each CPU core | ||
ENV NGINX_WORKER_PROCESSES 1 | ||
|
||
# By default, Nginx listens on port 80. | ||
# To modify this, change LISTEN_PORT environment variable. | ||
# (in a Dockerfile or with an option for `docker run`) | ||
ENV LISTEN_PORT 80 | ||
|
||
# Copy the entrypoint that will generate Nginx additional configs | ||
COPY entrypoint.sh /entrypoint.sh | ||
RUN chmod +x /entrypoint.sh | ||
|
||
ENTRYPOINT ["sh", "/entrypoint.sh"] | ||
|
||
# Add demo app | ||
COPY ./app /app | ||
WORKDIR /app | ||
|
||
CMD ["/usr/bin/supervisord"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
def application(env, start_response): | ||
start_response('200 OK', [('Content-Type', 'text/html')]) | ||
return [b"Hello World from a default Nginx uWSGI Python 3.6 app in a\ | ||
Docker container (default)"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
[uwsgi] | ||
wsgi-file=/app/main.py |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
#!/bin/bash | ||
set -e | ||
|
||
# Get the maximum upload file size for Nginx, default to 0: unlimited | ||
USE_NGINX_MAX_UPLOAD=${NGINX_MAX_UPLOAD:-0} | ||
# Generate Nginx config for maximum upload file size | ||
echo "client_max_body_size $USE_NGINX_MAX_UPLOAD;" > /etc/nginx/conf.d/upload.conf | ||
|
||
# Explicitly add installed Python packages and uWSGI Python packages to PYTHONPATH | ||
# Otherwise uWSGI can't import Flask | ||
export PYTHONPATH=$PYTHONPATH:/usr/local/lib/python3.6/site-packages:/usr/lib/python3.6/site-packages | ||
|
||
# Get the number of workers for Nginx, default to 1 | ||
USE_NGINX_WORKER_PROCESSES=${NGINX_WORKER_PROCESSES:-1} | ||
# Modify the number of worker processes in Nginx config | ||
sed -i "/worker_processes\s/c\worker_processes ${USE_NGINX_WORKER_PROCESSES};" /etc/nginx/nginx.conf | ||
|
||
# Set the max number of connections per worker for Nginx, if requested | ||
# Cannot exceed worker_rlimit_nofile, see NGINX_WORKER_OPEN_FILES below | ||
if [[ -v NGINX_WORKER_CONNECTIONS ]] ; then | ||
sed -i "/worker_connections\s/c\ worker_connections ${NGINX_WORKER_CONNECTIONS};" /etc/nginx/nginx.conf | ||
fi | ||
|
||
# Set the max number of open file descriptors for Nginx workers, if requested | ||
if [[ -v NGINX_WORKER_OPEN_FILES ]] ; then | ||
echo "worker_rlimit_nofile ${NGINX_WORKER_OPEN_FILES};" >> /etc/nginx/nginx.conf | ||
fi | ||
|
||
# Get the listen port for Nginx, default to 80 | ||
USE_LISTEN_PORT=${LISTEN_PORT:-80} | ||
# Modify Nignx config for listen port | ||
if ! grep -q "listen ${USE_LISTEN_PORT};" /etc/nginx/conf.d/nginx.conf ; then | ||
sed -i -e "/server {/a\ listen ${USE_LISTEN_PORT};" /etc/nginx/conf.d/nginx.conf | ||
fi | ||
exec "$@" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
server { | ||
location / { | ||
include uwsgi_params; | ||
uwsgi_pass unix:///tmp/uwsgi.sock; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
user nginx; | ||
worker_processes 1; | ||
|
||
error_log /var/log/nginx/error.log warn; | ||
pid /var/run/nginx.pid; | ||
|
||
|
||
events { | ||
worker_connections 1024; | ||
} | ||
|
||
|
||
http { | ||
include /etc/nginx/mime.types; | ||
default_type application/octet-stream; | ||
|
||
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | ||
'$status $body_bytes_sent "$http_referer" ' | ||
'"$http_user_agent" "$http_x_forwarded_for"'; | ||
|
||
access_log /var/log/nginx/access.log main; | ||
|
||
sendfile on; | ||
#tcp_nopush on; | ||
|
||
keepalive_timeout 65; | ||
|
||
#gzip on; | ||
|
||
include /etc/nginx/conf.d/*.conf; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
[supervisord] | ||
nodaemon=true | ||
|
||
[program:uwsgi] | ||
command=/usr/sbin/uwsgi --ini /etc/uwsgi/uwsgi.ini --die-on-term --need-app --plugin python3 | ||
stdout_logfile=/dev/stdout | ||
stdout_logfile_maxbytes=0 | ||
stderr_logfile=/dev/stderr | ||
stderr_logfile_maxbytes=0 | ||
|
||
[program:nginx] | ||
command=/usr/sbin/nginx | ||
stdout_logfile=/dev/stdout | ||
stdout_logfile_maxbytes=0 | ||
stderr_logfile=/dev/stderr | ||
stderr_logfile_maxbytes=0 | ||
# Graceful stop, see http://nginx.org/en/docs/control.html | ||
stopsignal=QUIT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
[uwsgi] | ||
socket = /tmp/uwsgi.sock | ||
chown-socket = nginx:nginx | ||
chmod-socket = 664 | ||
# Graceful shutdown on SIGTERM, see https://github.com/unbit/uwsgi/issues/849#issuecomment-118869386 | ||
hook-master-start = unix_signal:15 gracefully_kill_them_all | ||
need-app = true |
Oops, something went wrong.