init nginx-wsgi-flask

Signed-off-by: Grant Birkinbine <grant.birkinbine@gmail.com>

nginx-wsgi-flask/nginx/Dockerfile

@@ -0,0 +1,32 @@
+FROM nginx:1.19.3-alpine
+
+# Add bash for boot cmd
+RUN apk add bash
+
+# Add nginx.conf to container
+COPY --chown=nginx:nginx nginx.conf /etc/nginx/nginx.conf
+COPY --chown=nginx:nginx start.sh /app/start.sh
+
+# set workdir
+WORKDIR /app
+
+# permissions and nginx user for tightened security
+RUN chown -R nginx:nginx /app && chmod -R 755 /app && \
+        chown -R nginx:nginx /var/cache/nginx && \
+        chown -R nginx:nginx /var/log/nginx && \
+        chmod -R 755 /var/log/nginx; \
+        chown -R nginx:nginx /etc/nginx/conf.d
+RUN touch /var/run/nginx.pid && chown -R nginx:nginx /var/run/nginx.pid
+
+# # Uncomment to keep the nginx logs inside the container - Leave commented for logging to stdout and stderr
+# RUN mkdir -p /var/log/nginx
+# RUN unlink /var/log/nginx/access.log \
+#     && unlink /var/log/nginx/error.log \
+#     && touch /var/log/nginx/access.log \
+#     && touch /var/log/nginx/error.log \
+#     && chown nginx /var/log/nginx/*log \
+#     && chmod 644 /var/log/nginx/*log
+
+USER nginx
+
+CMD ["nginx", "-g", "'daemon off;'"]

nginx-wsgi-flask/nginx/default.conf

@@ -0,0 +1,29 @@
+proxy_cache_path /tmp/cache levels=1:2 keys_zone=cache:10m max_size=500m inactive=60m use_temp_path=off;
+
+server {
+  listen 80;
+
+  location / {
+    proxy_pass http://$FLASK_SERVER_ADDR;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  }
+
+  location /cache-me {
+    proxy_pass http://$FLASK_SERVER_ADDR;
+    proxy_cache cache;
+    proxy_cache_lock on;
+    proxy_cache_valid 200 30s;
+    proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
+    proxy_cache_revalidate on;
+    proxy_cache_background_update on;
+    expires 20s;
+  }
+
+  location /health-check {
+    add_header Content-Type text/plain;
+    return 200 "success";
+  }
+  
+}

nginx-wsgi-flask/nginx/nginx.conf

@@ -0,0 +1,50 @@
+worker_processes auto;
+pid        /var/run/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    # Define the format of log messages.
+    log_format  main_ext  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for" '
+                      '"$host" sn="$server_name" '
+                      'rt=$request_time '
+                      'ua="$upstream_addr" us="$upstream_status" '
+                      'ut="$upstream_response_time" ul="$upstream_response_length" '
+                      'cs=$upstream_cache_status' ;
+
+    access_log  /var/log/nginx/access.log main_ext;
+    error_log  /var/log/nginx/error.log warn;
+
+    sendfile        on;
+
+    keepalive_timeout  65;
+
+    # Enable Compression
+    gzip  on;
+
+    # Disable Display of NGINX Version
+    server_tokens off;
+
+    # Size Limits
+    client_body_buffer_size 10K;
+    client_header_buffer_size 1k;
+    client_max_body_size 8m;
+    large_client_header_buffers 2 1k;
+
+    # # SSL / TLS Settings - Suggested for Security
+    # ssl_protocols TLSv1.2 TLSv1.3;
+	# ssl_session_timeout 15m;
+	# ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
+	# ssl_prefer_server_ciphers on;
+	# ssl_session_tickets off;
+
+    include /etc/nginx/conf.d/*.conf;
+
+}

nginx-wsgi-flask/nginx/start.sh

@@ -0,0 +1,2 @@
+#!/bin/bash
+envsubst '$FLASK_SERVER_ADDR' < /tmp/default.conf > /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'