parent
a42a8531ab
commit
4480b64e58
@ -0,0 +1,30 @@ |
||||
version: "3.7" |
||||
services: |
||||
nginx-proxy: |
||||
build: nginx |
||||
restart: always |
||||
volumes: |
||||
- ./nginx/default.conf:/tmp/default.conf |
||||
environment: |
||||
- FLASK_SERVER_ADDR=flask-app:8000 |
||||
ports: |
||||
- "80:80" |
||||
depends_on: |
||||
- flask-app |
||||
healthcheck: |
||||
test: ["CMD-SHELL", "curl --silent --fail localhost:80/health-check || exit 1"] |
||||
interval: 10s |
||||
timeout: 10s |
||||
retries: 3 |
||||
command: /app/start.sh |
||||
flask-app: |
||||
build: flask |
||||
restart: always |
||||
ports: |
||||
- '8000:8000' |
||||
healthcheck: |
||||
test: ["CMD-SHELL", "curl --silent --fail localhost:8000/flask-health-check || exit 1"] |
||||
interval: 10s |
||||
timeout: 10s |
||||
retries: 3 |
||||
command: gunicorn -w 3 -t 60 -b 0.0.0.0:8000 app:app |
@ -0,0 +1,32 @@ |
||||
FROM python:3.9.2-alpine |
||||
|
||||
# upgrade pip |
||||
RUN pip install --upgrade pip |
||||
|
||||
# get curl for healthchecks |
||||
RUN apk add curl |
||||
|
||||
# permissions and nonroot user for tightened security |
||||
RUN adduser -D nonroot |
||||
RUN mkdir /home/app/ && chown -R nonroot:nonroot /home/app |
||||
RUN mkdir -p /var/log/flask-app && touch /var/log/flask-app/flask-app.err.log && touch /var/log/flask-app/flask-app.out.log |
||||
RUN chown -R nonroot:nonroot /var/log/flask-app |
||||
WORKDIR /home/app |
||||
USER nonroot |
||||
|
||||
# copy all the files to the container |
||||
COPY --chown=nonroot:nonroot . . |
||||
|
||||
# venv |
||||
ENV VIRTUAL_ENV=/home/app/venv |
||||
|
||||
# python setup |
||||
RUN python -m venv $VIRTUAL_ENV |
||||
ENV PATH="$VIRTUAL_ENV/bin:$PATH" |
||||
RUN export FLASK_APP=app.py |
||||
RUN pip install -r requirements.txt |
||||
|
||||
# define the port number the container should expose |
||||
EXPOSE 5000 |
||||
|
||||
CMD ["python", "app.py"] |
@ -0,0 +1,27 @@ |
||||
from flask import Flask, request, jsonify |
||||
|
||||
app = Flask(__name__) |
||||
|
||||
@app.route('/') |
||||
def hello(): |
||||
return "Hello World!" |
||||
|
||||
@app.route('/cache-me') |
||||
def cache(): |
||||
return "nginx will cache this response" |
||||
|
||||
@app.route('/info') |
||||
def info(): |
||||
|
||||
resp = { |
||||
'connecting_ip': request.headers['X-Real-IP'], |
||||
'proxy_ip': request.headers['X-Forwarded-For'], |
||||
'host': request.headers['Host'], |
||||
'user-agent': request.headers['User-Agent'] |
||||
} |
||||
|
||||
return jsonify(resp) |
||||
|
||||
@app.route('/flask-health-check') |
||||
def flask_health_check(): |
||||
return "success" |
@ -0,0 +1,2 @@ |
||||
Flask==1.1.1 |
||||
gunicorn==20.0.4 |
@ -0,0 +1,5 @@ |
||||
from app import app |
||||
import os |
||||
|
||||
if __name__ == "__main__": |
||||
app.run(host='0.0.0.0', port=os.environ.get("FLASK_SERVER_PORT"), debug=True) |
@ -0,0 +1,32 @@ |
||||
FROM nginx:1.19.7-alpine |
||||
|
||||
# Add bash for boot cmd |
||||
RUN apk add bash |
||||
|
||||
# Add nginx.conf to container |
||||
COPY --chown=nginx:nginx nginx.conf /etc/nginx/nginx.conf |
||||
COPY --chown=nginx:nginx start.sh /app/start.sh |
||||
|
||||
# set workdir |
||||
WORKDIR /app |
||||
|
||||
# permissions and nginx user for tightened security |
||||
RUN chown -R nginx:nginx /app && chmod -R 755 /app && \ |
||||
chown -R nginx:nginx /var/cache/nginx && \ |
||||
chown -R nginx:nginx /var/log/nginx && \ |
||||
chmod -R 755 /var/log/nginx; \ |
||||
chown -R nginx:nginx /etc/nginx/conf.d |
||||
RUN touch /var/run/nginx.pid && chown -R nginx:nginx /var/run/nginx.pid |
||||
|
||||
# # Uncomment to keep the nginx logs inside the container - Leave commented for logging to stdout and stderr |
||||
# RUN mkdir -p /var/log/nginx |
||||
# RUN unlink /var/log/nginx/access.log \ |
||||
# && unlink /var/log/nginx/error.log \ |
||||
# && touch /var/log/nginx/access.log \ |
||||
# && touch /var/log/nginx/error.log \ |
||||
# && chown nginx /var/log/nginx/*log \ |
||||
# && chmod 644 /var/log/nginx/*log |
||||
|
||||
USER nginx |
||||
|
||||
CMD ["nginx", "-g", "'daemon off;'"] |
@ -0,0 +1,29 @@ |
||||
proxy_cache_path /tmp/cache levels=1:2 keys_zone=cache:10m max_size=500m inactive=60m use_temp_path=off; |
||||
|
||||
server { |
||||
listen 80; |
||||
|
||||
location / { |
||||
proxy_pass http://$FLASK_SERVER_ADDR; |
||||
proxy_set_header Host $host; |
||||
proxy_set_header X-Real-IP $remote_addr; |
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
||||
} |
||||
|
||||
location /cache-me { |
||||
proxy_pass http://$FLASK_SERVER_ADDR; |
||||
proxy_cache cache; |
||||
proxy_cache_lock on; |
||||
proxy_cache_valid 200 30s; |
||||
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; |
||||
proxy_cache_revalidate on; |
||||
proxy_cache_background_update on; |
||||
expires 20s; |
||||
} |
||||
|
||||
location /health-check { |
||||
add_header Content-Type text/plain; |
||||
return 200 "success"; |
||||
} |
||||
|
||||
} |
@ -0,0 +1,50 @@ |
||||
worker_processes auto; |
||||
pid /var/run/nginx.pid; |
||||
|
||||
events { |
||||
worker_connections 1024; |
||||
} |
||||
|
||||
http { |
||||
include /etc/nginx/mime.types; |
||||
default_type application/octet-stream; |
||||
|
||||
# Define the format of log messages. |
||||
log_format main_ext '$remote_addr - $remote_user [$time_local] "$request" ' |
||||
'$status $body_bytes_sent "$http_referer" ' |
||||
'"$http_user_agent" "$http_x_forwarded_for" ' |
||||
'"$host" sn="$server_name" ' |
||||
'rt=$request_time ' |
||||
'ua="$upstream_addr" us="$upstream_status" ' |
||||
'ut="$upstream_response_time" ul="$upstream_response_length" ' |
||||
'cs=$upstream_cache_status' ; |
||||
|
||||
access_log /var/log/nginx/access.log main_ext; |
||||
error_log /var/log/nginx/error.log warn; |
||||
|
||||
sendfile on; |
||||
|
||||
keepalive_timeout 65; |
||||
|
||||
# Enable Compression |
||||
gzip on; |
||||
|
||||
# Disable Display of NGINX Version |
||||
server_tokens off; |
||||
|
||||
# Size Limits |
||||
client_body_buffer_size 10K; |
||||
client_header_buffer_size 1k; |
||||
client_max_body_size 8m; |
||||
large_client_header_buffers 2 1k; |
||||
|
||||
# # SSL / TLS Settings - Suggested for Security |
||||
# ssl_protocols TLSv1.2 TLSv1.3; |
||||
# ssl_session_timeout 15m; |
||||
# ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256; |
||||
# ssl_prefer_server_ciphers on; |
||||
# ssl_session_tickets off; |
||||
|
||||
include /etc/nginx/conf.d/*.conf; |
||||
|
||||
} |
@ -0,0 +1,2 @@ |
||||
#!/bin/bash |
||||
envsubst '$FLASK_SERVER_ADDR' < /tmp/default.conf > /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;' |
Loading…
Reference in new issue