Commit c2fc64c8 authored by Michael Killough's avatar Michael Killough
Browse files

Simple nginx reverse proxy. 

A simple nginx reverse proxy, which adds headers that allow us to track
request queuing. It expects to be linked to an `app` container which
proxied requests should be forwarded to. It accepts environment
variables:

 - `$NGINX_PORT` - The port nginx should listen on.
 - `$APP_PORT` - The port of `app` that requests should be forwarded to,
   i.e. the port the application is bound to.

It expects to be run as a side-car.

It combines the configuration of:
 - https://github.com/awslabs/ecs-nginx-reverse-proxy/blob/master/reverse-proxy/
 - https://github.com/deliveroo/rs-devices/
parent 635a0f3d

Dockerfile

0 → 100644
+7 −0
Original line number Diff line number Diff line 
FROM nginx:latest



COPY nginx.conf.template /etc/nginx/nginx.conf.template

COPY start.sh /usr/bin/start.sh

RUN chmod a+x /usr/bin/start.sh



CMD /usr/bin/start.sh

nginx.conf.template

0 → 100644
+92 −0
Original line number Diff line number Diff line 
# A single worker is enough for load balancing and reverse proxing.

# While disk I/O can block an nginx worker, it's possible to enable

# async read and send for static files.

#

worker_processes 1;



# The limit on the maximum number of open files for worker processes.

# This overrides the OS limit for the user the workers run as:

#   ulimit -a | grep 'open files'

#

# This value must be equal or higher than the worker_connections value.

#

worker_rlimit_nofile 4096;



# Log to stdout.

# Use the stdout of init on Docker to get the logs to the log drain.

#

error_log /proc/1/fd/1 warn;



pid /var/run/nginx.pid;





events {

  # The maximum number of simultaneous connections that can be

  # opened by a worker process. This limit is shared between

  # client connections and upstream connections.

  #

  worker_connections 4096;



  # "on" if nginx worker_processes > 1

  #

  accept_mutex off;

}





http {

  server_tokens off;



  include /etc/nginx/mime.types;

  default_type application/octet-stream;



  log_format  main  '[nginx] $remote_addr - $remote_user [$time_local] "$request" '

                    '$status $body_bytes_sent "$http_referer" '

                    '"$http_user_agent" "$http_x_forwarded_for"';



  # Log to stdout.

  # Use the stdout of init on Docker to get the logs to the log drain.

  #

  access_log /proc/1/fd/1 main;



  tcp_nodelay on;



  keepalive_timeout 20s; # default 75s



  gzip on;

  gzip_http_version 1.0;

  gzip_proxied any;

  gzip_vary on;

  gzip_min_length 500;

  gzip_disable "MSIE [1-6]\.";

  gzip_types text/plain text/xml text/css

             text/comma-separated-values

             text/javascript application/x-javascript

             application/javascript application/json

             application/atom+xml;



  # According to the HTTP standard, headers with underscores are perfectly valid.

  # However, nginx defaults to dropping headers containing underscores, as they

  # might introduce ambiguities when mapping headers to CGI variables.

  #

  underscores_in_headers on;



  server {

    listen <NGINX_PORT> deferred;



    client_max_body_size 5M; # default 1M



    location / {

      proxy_pass_request_headers on;



      # For NewRelic, time in milliseconds

      proxy_set_header X-Request-Start "t=${msec}";

      proxy_set_header X-Queue-Start "t=${msec}";



      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

      proxy_set_header X-Real-IP $remote_addr;



      proxy_redirect off; # disable nginx redirect-rewrite logic

      proxy_pass http://app:<APP_PORT>;

    }

  }

}

start.sh

0 → 100644
+10 −0
Original line number Diff line number Diff line 
#!/bin/bash



set -ex



# nginx.conf doesn't support environment variables,

# so we substitute at run time

/bin/sed -e "s/<NGINX_PORT>/${NGINX_PORT}/g" -e "s/<APP_PORT>/${APP_PORT}/g" /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf



# run in foreground as pid 1

exec /usr/sbin/nginx -g 'daemon off;' -c /etc/nginx/nginx.conf