use base image /docker-entrypoint.d/ and split configs

FROM nginx:stable

# # Install dependencies

# ARG DEPENDENCIES="curl"

# RUN apt-get update -y && \

#     apt-get install --no-install-recommends -y ${DEPENDENCIES} && \

#     apt-get clean && \

#     rm -rf /var/cache/apt/archives/* && \

#     rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && \

#     truncate -s 0 /var/log/*log

COPY wrapper.sh /wrapper.sh

RUN chmod a+x /wrapper.sh && \

    mkdir -p /usr/local/etc/nginx

COPY *.conf.template /usr/local/etc/nginx/

ENTRYPOINT ["/wrapper.sh"]

CMD ["nginx", "-g", "daemon off;"]

COPY docker-entrypoint.d/ /docker-entrypoint.d/

RUN chmod -c a+x /docker-entrypoint.d/*-custom_*.sh && \

    mkdir -p /etc/nginx/snippets /usr/local/etc/nginx

COPY templates/*.template /usr/local/etc/nginx/

COPY configs/cache.conf /etc/nginx/snippets/cache.conf

COPY configs/default.conf /etc/nginx/conf.d/default.conf

COPY configs/nginx.conf /etc/nginx/nginx.conf

# Caching static files

location ~* \.(?:ico|gif|jpe?g|png|woff2?|eot|otf|ttf|svg|js|css)$ {

  expires               $expires;

  add_header            X-Cache-Status  $upstream_cache_status;

  proxy_cache           static-cache;

  proxy_cache_bypass    $arg_nocache;   # probably better to change this

  proxy_cache_valid     200 302         1h;  # set this to your needs

  proxy_cache_valid     404             1m;   # set this to your needs

  proxy_cache_lock      on;

  proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;

  proxy_cache_key       $uri$is_args$args;

  proxy_ignore_headers  Cache-Control;

  # Use external config

  include snippets/proxy.conf;

}

server_tokens off;

tcp_nodelay on;

gzip on;

gzip_http_version 1.0;

gzip_proxied any;

gzip_vary on;

gzip_min_length 500;

gzip_disable "MSIE [1-6]\.";

gzip_types text/plain text/xml text/css

            text/comma-separated-values

            text/javascript application/x-javascript

            application/javascript application/json

            application/atom+xml;

# According to the HTTP standard, headers with underscores are perfectly valid.

# However, nginx defaults to dropping headers containing underscores, as they

# might introduce ambiguities when mapping headers to CGI variables.

#

underscores_in_headers on;

map $http_x_forwarded_proto $thescheme {

    default $scheme;

    https https;

}

# Cache

proxy_cache_path /tmp/nginx-cache levels=1:2 keys_zone=static-cache:25m max_size=100m inactive=60m use_temp_path=off;

map $sent_http_content_type $expires {

  "text/html"                 5m; # set this to your needs

  "text/html; charset=utf-8"  5m; # set this to your needs

  default                     1h; # set this to your needs

}

include snippets/server.conf;

# Standard

user  nginx;

# A single worker is enough for load balancing and reverse proxing.

# While disk I/O can block an nginx worker, it's possible to enable

# async read and send for static files.

#

worker_rlimit_nofile 4096;

# Log to stdout.

# Use the stdout of init on Docker to get the logs to the log drain.

#

error_log /var/log/nginx/error.log warn;

# Standard

error_log  /var/log/nginx/error.log notice;

pid        /var/run/nginx.pid;

events {

  # The maximum number of simultaneous connections that can be

  # opened by a worker process. This limit is shared between

  accept_mutex off;

}

http {

  server_tokens off;

  # Standard

  include /etc/nginx/mime.types;

  default_type application/octet-stream;

  # Logging

  log_format  main  'remote_addr=[$remote_addr] time=[$time_local] duration=[$request_time] '

                    'status=[$status] cache=[$upstream_cache_status] upstream_status=[$upstream_status] '

                    'method=[$request_method] path=[$request_uri] size=[$body_bytes_sent] '

                    '"$remote_user" "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';

  # Log to stdout.

  # Use the stdout of init on Docker to get the logs to the log drain.

  #

  access_log  /var/log/nginx/access.log  main;

  tcp_nodelay on;

  keepalive_timeout 20s; # default 75s

  gzip on;

  gzip_http_version 1.0;

  gzip_proxied any;

  gzip_vary on;

  gzip_min_length 500;

  gzip_disable "MSIE [1-6]\.";

  gzip_types text/plain text/xml text/css

             text/comma-separated-values

             text/javascript application/x-javascript

             application/javascript application/json

             application/atom+xml;

  # According to the HTTP standard, headers with underscores are perfectly valid.

  # However, nginx defaults to dropping headers containing underscores, as they

  # might introduce ambiguities when mapping headers to CGI variables.

  #

  underscores_in_headers on;

  map $http_x_forwarded_proto $thescheme {

      default $scheme;

      https https;

  }

  # Cache

  proxy_cache_path /tmp/nginx-cache levels=1:2 keys_zone=static-cache:25m max_size=100m inactive=60m use_temp_path=off;

  map $sent_http_content_type $expires {

    "text/html"                 5m; # set this to your needs

    "text/html; charset=utf-8"  5m; # set this to your needs

    default                     1h; # set this to your needs

  }

  server {

    listen <NGINX_PORT> deferred; # default 80

    client_body_buffer_size <NGINX_CLIENT_BODY_BUFFER_SIZE>; # default 8k

    client_max_body_size <NGINX_CLIENT_MAX_BODY_SIZE>; # default 5M

    # Caching static files

    location ~* \.(?:ico|gif|jpe?g|png|woff2?|eot|otf|ttf|svg|js|css)$ {

      expires               $expires;

      add_header            X-Cache-Status  $upstream_cache_status;

      proxy_cache           static-cache;

      proxy_cache_bypass    $arg_nocache;   # probably better to change this

      proxy_cache_valid     200 302         1h;  # set this to your needs

      proxy_cache_valid     404             1m;   # set this to your needs

      proxy_cache_lock      on;

      proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;

      proxy_cache_key       $uri$is_args$args;

      proxy_ignore_headers  Cache-Control;

      # Use external config

      include proxy.conf;

    }

    location / {

      # Use external config

      include proxy.conf;

    }

  }

  server {

    listen <NGINX_STATUS_PORT>;

    server_name localhost;

    access_log off;

    allow <NGINX_STATUS_ALLOW_FROM>;

    deny all;

    location /nginx_status {

      stub_status;

      # ensures the version information can be retrieved

      server_tokens on;

    }

  }

  include /etc/nginx/conf.d/*.conf;

}

#!/bin/bash

#!/usr/bin/env bash

set -e

# nginx.conf doesn't support environment variables, so we substitute at run time.

# Proxy setup was moved in external file.

## proxy.conf substitutions:

## nginx.conf substitutions:

/bin/sed \

  -e "s/<NGINX_PORT>/${NGINX_PORT:-80}/g" \

  -e "s/<NGINX_CLIENT_BODY_BUFFER_SIZE>/${NGINX_CLIENT_BODY_BUFFER_SIZE:-8k}/g" \

  -e "s/<NGINX_CLIENT_MAX_BODY_SIZE>/${NGINX_CLIENT_MAX_BODY_SIZE:-5M}/g" \

  -e "s/<NGINX_STATUS_PORT>/${NGINX_STATUS_PORT:-81}/g" \

  -e "s:<NGINX_STATUS_ALLOW_FROM>:${NGINX_STATUS_ALLOW_FROM:-all}:g" \

  /usr/local/etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf

## proxy.conf substitutions:

/bin/sed \

  -e "s/<NGINX_PROXY_BUFFER_SIZE>/${NGINX_PROXY_BUFFER_SIZE:-8k}/g" \

  -e "s:<NGINX_PROXY_TIMEOUT>:${NGINX_PROXY_TIMEOUT:-60s}:g" \

  -e "s/<APP_SCHEME>/${APP_SCHEME:-http}/g" \

  -e "s/<APP_HOST>/${APP_HOST:-app}/g" \

  -e "s/<APP_PORT>/${APP_PORT:-8080}/g" \

    /usr/local/etc/nginx/proxy.conf.template > /etc/nginx/proxy.conf

# Wait for the application to start before accepting ALB requests.

if [[ -z "${SKIP_HEALTHCHECK}" ]]; then

  curl --silent --fail --max-time 5 --output /dev/null "http://${APP_HOST:-app}:${APP_PORT:-8080}${APP_HEALTHCHECK_PATH:-/health}" || ( echo "Couldn't contact app" > /dev/stdout ; exit 1 )

fi

# run entrypoint

/docker-entrypoint.sh "$@"

  /usr/local/etc/nginx/server.conf.template > /etc/nginx/snippets/server.conf