diff --git a/README.md b/README.md index fab774082..593b3c0d8 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ sudo gdebi --n binary_dependencies/*.deb running: ``` -sudo mkdir -p /mnt/logs/ && sudo chown $USER /mnt/logs/ && sudo /usr/local/nginx/sbin/nginx -c `pwd`/nginx.conf +sudo mkdir -p /mnt/logs/ && sudo chown $USER /mnt/logs/ && sudo /usr/local/nginx/sbin/nginx -c `pwd`/conf/nginx.conf sudo mkdir -p /mnt/logs/ && sudo chown $USER /mnt/logs/ && STACK=prod gunicorn -c gunicorn_config.py application:application ``` diff --git a/certs/digital_ocean b/conf/certs/digital_ocean similarity index 100% rename from certs/digital_ocean rename to conf/certs/digital_ocean diff --git a/certs/digital_ocean.pub b/conf/certs/digital_ocean.pub similarity index 100% rename from certs/digital_ocean.pub rename to conf/certs/digital_ocean.pub diff --git a/certs/quay-enc.key b/conf/certs/quay-enc.key similarity index 100% rename from certs/quay-enc.key rename to conf/certs/quay-enc.key diff --git a/certs/quay-staging-enc.key b/conf/certs/quay-staging-enc.key similarity index 100% rename from certs/quay-staging-enc.key rename to conf/certs/quay-staging-enc.key diff --git a/certs/quay-staging-unified.cert b/conf/certs/quay-staging-unified.cert similarity index 100% rename from certs/quay-staging-unified.cert rename to conf/certs/quay-staging-unified.cert diff --git a/certs/quay-staging.cert b/conf/certs/quay-staging.cert similarity index 100% rename from certs/quay-staging.cert rename to conf/certs/quay-staging.cert diff --git a/certs/quay-staging.key b/conf/certs/quay-staging.key similarity index 100% rename from certs/quay-staging.key rename to conf/certs/quay-staging.key diff --git a/certs/quay-unified.cert b/conf/certs/quay-unified.cert similarity index 100% rename from certs/quay-unified.cert rename to conf/certs/quay-unified.cert diff --git a/certs/quay.cert b/conf/certs/quay.cert similarity index 100% rename from certs/quay.cert rename to conf/certs/quay.cert diff --git a/certs/quay.key b/conf/certs/quay.key similarity index 100% rename from certs/quay.key rename to conf/certs/quay.key diff --git a/conf/hosted-http-base.conf b/conf/hosted-http-base.conf new file mode 100644 index 000000000..c3e910e8f --- /dev/null +++ b/conf/hosted-http-base.conf @@ -0,0 +1,5 @@ +server { + listen 80 default_server; + server_name _; + rewrite ^ https://$host$request_uri? permanent; +} diff --git a/conf/http-base.conf b/conf/http-base.conf new file mode 100644 index 000000000..32e8b3730 --- /dev/null +++ b/conf/http-base.conf @@ -0,0 +1,33 @@ +log_format logstash_json '{ "@timestamp": "$time_iso8601", ' + '"@fields": { ' + '"remote_addr": "$remote_addr", ' + '"remote_user": "$remote_user", ' + '"body_bytes_sent": "$body_bytes_sent", ' + '"request_time": "$request_time", ' + '"status": "$status", ' + '"request": "$request", ' + '"request_method": "$request_method", ' + '"http_referrer": "$http_referer", ' + '"http_user_agent": "$http_user_agent" } }'; + +types_hash_max_size 2048; +include /usr/local/nginx/conf/mime.types.default; + +default_type application/octet-stream; +access_log /mnt/logs/nginx.access.log logstash_json; +sendfile on; + +gzip on; +gzip_http_version 1.0; +gzip_proxied any; +gzip_min_length 500; +gzip_disable "MSIE [1-6]\."; +gzip_types text/plain text/xml text/css + text/javascript application/x-javascript + application/octet-stream; + +upstream app_server { + server unix:/tmp/gunicorn.sock fail_timeout=0; + # For a TCP configuration: + # server 192.168.0.7:8000 fail_timeout=0; +} diff --git a/conf/nginx-local.conf b/conf/nginx-local.conf new file mode 100644 index 000000000..0545399a0 --- /dev/null +++ b/conf/nginx-local.conf @@ -0,0 +1,18 @@ +include root-base.conf; + +worker_processes 2; + +http { + include http-base.conf; + + server { + include server-base.conf; + + listen 5000 default; + + location /static/ { + # checks for static file, if not found proxy to app + alias /home/jake/Projects/docker/quay/static/; + } + } +} diff --git a/conf/nginx-staging.conf b/conf/nginx-staging.conf new file mode 100644 index 000000000..f8fb03784 --- /dev/null +++ b/conf/nginx-staging.conf @@ -0,0 +1,30 @@ +include root-base.conf; + +worker_processes 2; + +user root nogroup; + +http { + include http-base.conf; + + include hosted-http-base.conf; + + server { + include server-base.conf; + + listen 443 default; + + ssl on; + ssl_certificate ./certs/quay-staging-unified.cert; + ssl_certificate_key ./certs/quay-staging.key; + ssl_session_timeout 5m; + ssl_protocols SSLv3 TLSv1; + ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; + ssl_prefer_server_ciphers on; + + location /static/ { + # checks for static file, if not found proxy to app + alias /root/quay/static/; + } + } +} diff --git a/conf/nginx.conf b/conf/nginx.conf new file mode 100644 index 000000000..896b151de --- /dev/null +++ b/conf/nginx.conf @@ -0,0 +1,30 @@ +include root-base.conf; + +worker_processes 8; + +user nobody nogroup; + +http { + include http-base.conf; + + include hosted-http-base.conf; + + server { + include server-base.conf; + + listen 443 default; + + ssl on; + ssl_certificate ./certs/quay-unified.cert; + ssl_certificate_key ./certs/quay.key; + ssl_session_timeout 5m; + ssl_protocols SSLv3 TLSv1; + ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; + ssl_prefer_server_ciphers on; + + location /static/ { + # checks for static file, if not found proxy to app + alias /home/ubuntu/quay/static/; + } + } +} diff --git a/conf/root-base.conf b/conf/root-base.conf new file mode 100644 index 000000000..16a63fda0 --- /dev/null +++ b/conf/root-base.conf @@ -0,0 +1,7 @@ +pid /mnt/logs/nginx.pid; +error_log /mnt/logs/nginx.error.log; + +events { + worker_connections 1024; + accept_mutex off; +} \ No newline at end of file diff --git a/conf/server-base.conf b/conf/server-base.conf new file mode 100644 index 000000000..9cf78f802 --- /dev/null +++ b/conf/server-base.conf @@ -0,0 +1,24 @@ +client_max_body_size 8G; +client_body_temp_path /mnt/logs/client_body 1 2; +server_name _; + +keepalive_timeout 5; + +if ($args ~ "_escaped_fragment_") { + rewrite ^ /snapshot$uri; +} + +location / { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_redirect off; + proxy_buffering off; + + proxy_request_buffering off; + proxy_set_header Transfer-Encoding $http_transfer_encoding; + + proxy_pass http://app_server; + proxy_read_timeout 2000; + proxy_temp_path /mnt/nginx/proxy_temp 1 2; +} \ No newline at end of file diff --git a/nginx-staging.conf b/nginx-staging.conf deleted file mode 100644 index 57c9bb53f..000000000 --- a/nginx-staging.conf +++ /dev/null @@ -1,83 +0,0 @@ -worker_processes 2; - -user root nogroup; -pid /mnt/logs/nginx.pid; -error_log /mnt/logs/nginx.error.log; - -events { - worker_connections 1024; - accept_mutex off; -} - -http { - types_hash_max_size 2048; - include /usr/local/nginx/conf/mime.types.default; - - default_type application/octet-stream; - access_log /mnt/logs/nginx.access.log combined; - sendfile on; - - root /root/quay/; - - gzip on; - gzip_http_version 1.0; - gzip_proxied any; - gzip_min_length 500; - gzip_disable "MSIE [1-6]\."; - gzip_types text/plain text/xml text/css - text/javascript application/x-javascript - application/octet-stream; - - upstream app_server { - server unix:/tmp/gunicorn.sock fail_timeout=0; - # For a TCP configuration: - # server 192.168.0.7:8000 fail_timeout=0; - } - - server { - listen 80 default_server; - server_name _; - rewrite ^ https://$host$request_uri? permanent; - } - - server { - listen 443 default; - client_max_body_size 8G; - client_body_temp_path /mnt/logs/client_body 1 2; - server_name _; - - keepalive_timeout 5; - - ssl on; - ssl_certificate ./certs/quay-staging-unified.cert; - ssl_certificate_key ./certs/quay-staging.key; - ssl_session_timeout 5m; - ssl_protocols SSLv3 TLSv1; - ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; - ssl_prefer_server_ciphers on; - - if ($args ~ "_escaped_fragment_") { - rewrite ^ /snapshot$uri; - } - - location /static/ { - # checks for static file, if not found proxy to app - alias /root/quay/static/; - } - - location / { - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_redirect off; - proxy_buffering off; - - proxy_request_buffering off; - proxy_set_header Transfer-Encoding $http_transfer_encoding; - - proxy_pass http://app_server; - proxy_read_timeout 2000; - proxy_temp_path /mnt/nginx/proxy_temp 1 2; - } - } -} diff --git a/nginx.conf b/nginx.conf deleted file mode 100644 index e82675461..000000000 --- a/nginx.conf +++ /dev/null @@ -1,81 +0,0 @@ -worker_processes 8; - -user nobody nogroup; -pid /mnt/logs/nginx.pid; -error_log /mnt/logs/nginx.error.log; - -events { - worker_connections 1024; - accept_mutex off; -} - -http { - types_hash_max_size 2048; - include /usr/local/nginx/conf/mime.types.default; - - default_type application/octet-stream; - access_log /mnt/logs/nginx.access.log combined; - sendfile on; - - gzip on; - gzip_http_version 1.0; - gzip_proxied any; - gzip_min_length 500; - gzip_disable "MSIE [1-6]\."; - gzip_types text/plain text/xml text/css - text/javascript application/x-javascript - application/octet-stream; - - upstream app_server { - server unix:/tmp/gunicorn.sock fail_timeout=0; - # For a TCP configuration: - # server 192.168.0.7:8000 fail_timeout=0; - } - - server { - listen 80 default_server; - server_name _; - rewrite ^ https://$host$request_uri? permanent; - } - - server { - listen 443 default; - client_max_body_size 8G; - client_body_temp_path /mnt/logs/client_body 1 2; - server_name _; - - keepalive_timeout 5; - - ssl on; - ssl_certificate ./certs/quay-unified.cert; - ssl_certificate_key ./certs/quay.key; - ssl_session_timeout 5m; - ssl_protocols SSLv3 TLSv1; - ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; - ssl_prefer_server_ciphers on; - - if ($args ~ "_escaped_fragment_") { - rewrite ^ /snapshot$uri; - } - - location /static/ { - # checks for static file, if not found proxy to app - alias /home/ubuntu/quay/static/; - } - - location / { - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_redirect off; - proxy_buffering off; - - proxy_request_buffering off; - proxy_set_header Transfer-Encoding $http_transfer_encoding; - - proxy_pass http://app_server; - proxy_read_timeout 2000; - proxy_temp_path /mnt/nginx/proxy_temp 1 2; - } - } -} \ No newline at end of file