Loading .circleci/config.yml 0 → 100644 +114 −0 Original line number Diff line number Diff line version: 2 defaults: &defaults docker: - image: deliveroo/circleci:0.2.2 environment: - ENVIRONMENT_APP_NAME: nginx_sidecar remote_docker: &remote_docker docker_layer_caching: true reusable: true version: 17.09.0-ce build_steps: &build_steps steps: - setup_remote_docker: docker_layer_caching: true reusable: true version: 17.11.0-ce - checkout - run: name: Build CI Image command: | docker build -f Dockerfile -t "${CIRCLE_PROJECT_REPONAME}:${CIRCLE_SHA1}" . - run: name: Save CI Image command: | mkdir -p workspace docker save "${CIRCLE_PROJECT_REPONAME}:${CIRCLE_SHA1}" \ --output "workspace/${CIRCLE_PROJECT_REPONAME}-${CIRCLE_SHA1}.tar" - persist_to_workspace: root: workspace paths: - "*.tar" push_steps: &push_steps steps: - attach_workspace: at: workspace - setup_remote_docker: docker_layer_caching: true reusable: true version: 17.11.0-ce - run: name: Load CI Image command: | docker load --input "workspace/${CIRCLE_PROJECT_REPONAME}-${CIRCLE_SHA1}.tar" - run: name: Push to Image Repository command: | `print_env ${ENVIRONMENT_NAME}` `print_env ${ENVIRONMENT_APP_NAME}` push_image_to_ecr \ --image-name "${CIRCLE_PROJECT_REPONAME}" \ --ecr-repo $AWS_ECR_REPO_URL \ --ecr-region $AWS_REGION filter_staging: &filter_staging filters: branches: only: - staging filter_production: &filter_production filters: branches: only: - master jobs: build: <<: *defaults <<: *build_steps push_staging: <<: *defaults <<: *push_steps environment: ENVIRONMENT_NAME: staging push_production: <<: *defaults <<: *push_steps environment: ENVIRONMENT_NAME: production workflows: version: 2 build_and_push: jobs: - build - push_staging: <<: *filter_staging requires: - build - push_production: <<: *filter_production requires: - build Dockerfile 0 → 100644 +7 −0 Original line number Diff line number Diff line FROM nginx:stable COPY nginx.conf.template /etc/nginx/nginx.conf.template COPY start.sh /usr/bin/start.sh RUN chmod a+x /usr/bin/start.sh CMD /usr/bin/start.sh nginx.conf.template 0 → 100644 +92 −0 Original line number Diff line number Diff line # A single worker is enough for load balancing and reverse proxing. # While disk I/O can block an nginx worker, it's possible to enable # async read and send for static files. # worker_processes 1; # The limit on the maximum number of open files for worker processes. # This overrides the OS limit for the user the workers run as: # ulimit -a | grep 'open files' # # This value must be equal or higher than the worker_connections value. # worker_rlimit_nofile 4096; # Log to stdout. # Use the stdout of init on Docker to get the logs to the log drain. # error_log /proc/1/fd/1 warn; pid /var/run/nginx.pid; events { # The maximum number of simultaneous connections that can be # opened by a worker process. This limit is shared between # client connections and upstream connections. # worker_connections 4096; # "on" if nginx worker_processes > 1 # accept_mutex off; } http { server_tokens off; include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '[nginx] $remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; # Log to stdout. # Use the stdout of init on Docker to get the logs to the log drain. # access_log /proc/1/fd/1 main; tcp_nodelay on; keepalive_timeout 20s; # default 75s gzip on; gzip_http_version 1.0; gzip_proxied any; gzip_vary on; gzip_min_length 500; gzip_disable "MSIE [1-6]\."; gzip_types text/plain text/xml text/css text/comma-separated-values text/javascript application/x-javascript application/javascript application/json application/atom+xml; # According to the HTTP standard, headers with underscores are perfectly valid. # However, nginx defaults to dropping headers containing underscores, as they # might introduce ambiguities when mapping headers to CGI variables. # underscores_in_headers on; server { listen <NGINX_PORT> deferred; client_max_body_size 5M; # default 1M location / { proxy_pass_request_headers on; # For NewRelic, time in milliseconds proxy_set_header X-Request-Start "t=${msec}"; proxy_set_header X-Queue-Start "t=${msec}"; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_redirect off; # disable nginx redirect-rewrite logic proxy_pass http://app:<APP_PORT>; } } } start.sh 0 → 100644 +10 −0 Original line number Diff line number Diff line #!/bin/bash set -ex # nginx.conf doesn't support environment variables, # so we substitute at run time /bin/sed -e "s/<NGINX_PORT>/${NGINX_PORT}/g" -e "s/<APP_PORT>/${APP_PORT}/g" /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf # run in foreground as pid 1 exec /usr/sbin/nginx -g 'daemon off;' -c /etc/nginx/nginx.conf Loading
.circleci/config.yml 0 → 100644 +114 −0 Original line number Diff line number Diff line version: 2 defaults: &defaults docker: - image: deliveroo/circleci:0.2.2 environment: - ENVIRONMENT_APP_NAME: nginx_sidecar remote_docker: &remote_docker docker_layer_caching: true reusable: true version: 17.09.0-ce build_steps: &build_steps steps: - setup_remote_docker: docker_layer_caching: true reusable: true version: 17.11.0-ce - checkout - run: name: Build CI Image command: | docker build -f Dockerfile -t "${CIRCLE_PROJECT_REPONAME}:${CIRCLE_SHA1}" . - run: name: Save CI Image command: | mkdir -p workspace docker save "${CIRCLE_PROJECT_REPONAME}:${CIRCLE_SHA1}" \ --output "workspace/${CIRCLE_PROJECT_REPONAME}-${CIRCLE_SHA1}.tar" - persist_to_workspace: root: workspace paths: - "*.tar" push_steps: &push_steps steps: - attach_workspace: at: workspace - setup_remote_docker: docker_layer_caching: true reusable: true version: 17.11.0-ce - run: name: Load CI Image command: | docker load --input "workspace/${CIRCLE_PROJECT_REPONAME}-${CIRCLE_SHA1}.tar" - run: name: Push to Image Repository command: | `print_env ${ENVIRONMENT_NAME}` `print_env ${ENVIRONMENT_APP_NAME}` push_image_to_ecr \ --image-name "${CIRCLE_PROJECT_REPONAME}" \ --ecr-repo $AWS_ECR_REPO_URL \ --ecr-region $AWS_REGION filter_staging: &filter_staging filters: branches: only: - staging filter_production: &filter_production filters: branches: only: - master jobs: build: <<: *defaults <<: *build_steps push_staging: <<: *defaults <<: *push_steps environment: ENVIRONMENT_NAME: staging push_production: <<: *defaults <<: *push_steps environment: ENVIRONMENT_NAME: production workflows: version: 2 build_and_push: jobs: - build - push_staging: <<: *filter_staging requires: - build - push_production: <<: *filter_production requires: - build
Dockerfile 0 → 100644 +7 −0 Original line number Diff line number Diff line FROM nginx:stable COPY nginx.conf.template /etc/nginx/nginx.conf.template COPY start.sh /usr/bin/start.sh RUN chmod a+x /usr/bin/start.sh CMD /usr/bin/start.sh
nginx.conf.template 0 → 100644 +92 −0 Original line number Diff line number Diff line # A single worker is enough for load balancing and reverse proxing. # While disk I/O can block an nginx worker, it's possible to enable # async read and send for static files. # worker_processes 1; # The limit on the maximum number of open files for worker processes. # This overrides the OS limit for the user the workers run as: # ulimit -a | grep 'open files' # # This value must be equal or higher than the worker_connections value. # worker_rlimit_nofile 4096; # Log to stdout. # Use the stdout of init on Docker to get the logs to the log drain. # error_log /proc/1/fd/1 warn; pid /var/run/nginx.pid; events { # The maximum number of simultaneous connections that can be # opened by a worker process. This limit is shared between # client connections and upstream connections. # worker_connections 4096; # "on" if nginx worker_processes > 1 # accept_mutex off; } http { server_tokens off; include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '[nginx] $remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; # Log to stdout. # Use the stdout of init on Docker to get the logs to the log drain. # access_log /proc/1/fd/1 main; tcp_nodelay on; keepalive_timeout 20s; # default 75s gzip on; gzip_http_version 1.0; gzip_proxied any; gzip_vary on; gzip_min_length 500; gzip_disable "MSIE [1-6]\."; gzip_types text/plain text/xml text/css text/comma-separated-values text/javascript application/x-javascript application/javascript application/json application/atom+xml; # According to the HTTP standard, headers with underscores are perfectly valid. # However, nginx defaults to dropping headers containing underscores, as they # might introduce ambiguities when mapping headers to CGI variables. # underscores_in_headers on; server { listen <NGINX_PORT> deferred; client_max_body_size 5M; # default 1M location / { proxy_pass_request_headers on; # For NewRelic, time in milliseconds proxy_set_header X-Request-Start "t=${msec}"; proxy_set_header X-Queue-Start "t=${msec}"; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_redirect off; # disable nginx redirect-rewrite logic proxy_pass http://app:<APP_PORT>; } } }
start.sh 0 → 100644 +10 −0 Original line number Diff line number Diff line #!/bin/bash set -ex # nginx.conf doesn't support environment variables, # so we substitute at run time /bin/sed -e "s/<NGINX_PORT>/${NGINX_PORT}/g" -e "s/<APP_PORT>/${APP_PORT}/g" /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf # run in foreground as pid 1 exec /usr/sbin/nginx -g 'daemon off;' -c /etc/nginx/nginx.conf
