Configure nginx to emit logstash logs for access logs. Move all nginx config to a conf subdir. Rework nginx config to share common parts.
This commit is contained in:
parent
c13654bb52
commit
2b6c9149e8
20 changed files with 148 additions and 165 deletions
|
@ -19,7 +19,7 @@ sudo gdebi --n binary_dependencies/*.deb
|
||||||
running:
|
running:
|
||||||
|
|
||||||
```
|
```
|
||||||
sudo mkdir -p /mnt/logs/ && sudo chown $USER /mnt/logs/ && sudo /usr/local/nginx/sbin/nginx -c `pwd`/nginx.conf
|
sudo mkdir -p /mnt/logs/ && sudo chown $USER /mnt/logs/ && sudo /usr/local/nginx/sbin/nginx -c `pwd`/conf/nginx.conf
|
||||||
sudo mkdir -p /mnt/logs/ && sudo chown $USER /mnt/logs/ && STACK=prod gunicorn -c gunicorn_config.py application:application
|
sudo mkdir -p /mnt/logs/ && sudo chown $USER /mnt/logs/ && STACK=prod gunicorn -c gunicorn_config.py application:application
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
5
conf/hosted-http-base.conf
Normal file
5
conf/hosted-http-base.conf
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
server {
|
||||||
|
listen 80 default_server;
|
||||||
|
server_name _;
|
||||||
|
rewrite ^ https://$host$request_uri? permanent;
|
||||||
|
}
|
33
conf/http-base.conf
Normal file
33
conf/http-base.conf
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
log_format logstash_json '{ "@timestamp": "$time_iso8601", '
|
||||||
|
'"@fields": { '
|
||||||
|
'"remote_addr": "$remote_addr", '
|
||||||
|
'"remote_user": "$remote_user", '
|
||||||
|
'"body_bytes_sent": "$body_bytes_sent", '
|
||||||
|
'"request_time": "$request_time", '
|
||||||
|
'"status": "$status", '
|
||||||
|
'"request": "$request", '
|
||||||
|
'"request_method": "$request_method", '
|
||||||
|
'"http_referrer": "$http_referer", '
|
||||||
|
'"http_user_agent": "$http_user_agent" } }';
|
||||||
|
|
||||||
|
types_hash_max_size 2048;
|
||||||
|
include /usr/local/nginx/conf/mime.types.default;
|
||||||
|
|
||||||
|
default_type application/octet-stream;
|
||||||
|
access_log /mnt/logs/nginx.access.log logstash_json;
|
||||||
|
sendfile on;
|
||||||
|
|
||||||
|
gzip on;
|
||||||
|
gzip_http_version 1.0;
|
||||||
|
gzip_proxied any;
|
||||||
|
gzip_min_length 500;
|
||||||
|
gzip_disable "MSIE [1-6]\.";
|
||||||
|
gzip_types text/plain text/xml text/css
|
||||||
|
text/javascript application/x-javascript
|
||||||
|
application/octet-stream;
|
||||||
|
|
||||||
|
upstream app_server {
|
||||||
|
server unix:/tmp/gunicorn.sock fail_timeout=0;
|
||||||
|
# For a TCP configuration:
|
||||||
|
# server 192.168.0.7:8000 fail_timeout=0;
|
||||||
|
}
|
18
conf/nginx-local.conf
Normal file
18
conf/nginx-local.conf
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
include root-base.conf;
|
||||||
|
|
||||||
|
worker_processes 2;
|
||||||
|
|
||||||
|
http {
|
||||||
|
include http-base.conf;
|
||||||
|
|
||||||
|
server {
|
||||||
|
include server-base.conf;
|
||||||
|
|
||||||
|
listen 5000 default;
|
||||||
|
|
||||||
|
location /static/ {
|
||||||
|
# checks for static file, if not found proxy to app
|
||||||
|
alias /home/jake/Projects/docker/quay/static/;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
30
conf/nginx-staging.conf
Normal file
30
conf/nginx-staging.conf
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
include root-base.conf;
|
||||||
|
|
||||||
|
worker_processes 2;
|
||||||
|
|
||||||
|
user root nogroup;
|
||||||
|
|
||||||
|
http {
|
||||||
|
include http-base.conf;
|
||||||
|
|
||||||
|
include hosted-http-base.conf;
|
||||||
|
|
||||||
|
server {
|
||||||
|
include server-base.conf;
|
||||||
|
|
||||||
|
listen 443 default;
|
||||||
|
|
||||||
|
ssl on;
|
||||||
|
ssl_certificate ./certs/quay-staging-unified.cert;
|
||||||
|
ssl_certificate_key ./certs/quay-staging.key;
|
||||||
|
ssl_session_timeout 5m;
|
||||||
|
ssl_protocols SSLv3 TLSv1;
|
||||||
|
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
|
|
||||||
|
location /static/ {
|
||||||
|
# checks for static file, if not found proxy to app
|
||||||
|
alias /root/quay/static/;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
30
conf/nginx.conf
Normal file
30
conf/nginx.conf
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
include root-base.conf;
|
||||||
|
|
||||||
|
worker_processes 8;
|
||||||
|
|
||||||
|
user nobody nogroup;
|
||||||
|
|
||||||
|
http {
|
||||||
|
include http-base.conf;
|
||||||
|
|
||||||
|
include hosted-http-base.conf;
|
||||||
|
|
||||||
|
server {
|
||||||
|
include server-base.conf;
|
||||||
|
|
||||||
|
listen 443 default;
|
||||||
|
|
||||||
|
ssl on;
|
||||||
|
ssl_certificate ./certs/quay-unified.cert;
|
||||||
|
ssl_certificate_key ./certs/quay.key;
|
||||||
|
ssl_session_timeout 5m;
|
||||||
|
ssl_protocols SSLv3 TLSv1;
|
||||||
|
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
|
|
||||||
|
location /static/ {
|
||||||
|
# checks for static file, if not found proxy to app
|
||||||
|
alias /home/ubuntu/quay/static/;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
7
conf/root-base.conf
Normal file
7
conf/root-base.conf
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
pid /mnt/logs/nginx.pid;
|
||||||
|
error_log /mnt/logs/nginx.error.log;
|
||||||
|
|
||||||
|
events {
|
||||||
|
worker_connections 1024;
|
||||||
|
accept_mutex off;
|
||||||
|
}
|
24
conf/server-base.conf
Normal file
24
conf/server-base.conf
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
client_max_body_size 8G;
|
||||||
|
client_body_temp_path /mnt/logs/client_body 1 2;
|
||||||
|
server_name _;
|
||||||
|
|
||||||
|
keepalive_timeout 5;
|
||||||
|
|
||||||
|
if ($args ~ "_escaped_fragment_") {
|
||||||
|
rewrite ^ /snapshot$uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
proxy_redirect off;
|
||||||
|
proxy_buffering off;
|
||||||
|
|
||||||
|
proxy_request_buffering off;
|
||||||
|
proxy_set_header Transfer-Encoding $http_transfer_encoding;
|
||||||
|
|
||||||
|
proxy_pass http://app_server;
|
||||||
|
proxy_read_timeout 2000;
|
||||||
|
proxy_temp_path /mnt/nginx/proxy_temp 1 2;
|
||||||
|
}
|
|
@ -1,83 +0,0 @@
|
||||||
worker_processes 2;
|
|
||||||
|
|
||||||
user root nogroup;
|
|
||||||
pid /mnt/logs/nginx.pid;
|
|
||||||
error_log /mnt/logs/nginx.error.log;
|
|
||||||
|
|
||||||
events {
|
|
||||||
worker_connections 1024;
|
|
||||||
accept_mutex off;
|
|
||||||
}
|
|
||||||
|
|
||||||
http {
|
|
||||||
types_hash_max_size 2048;
|
|
||||||
include /usr/local/nginx/conf/mime.types.default;
|
|
||||||
|
|
||||||
default_type application/octet-stream;
|
|
||||||
access_log /mnt/logs/nginx.access.log combined;
|
|
||||||
sendfile on;
|
|
||||||
|
|
||||||
root /root/quay/;
|
|
||||||
|
|
||||||
gzip on;
|
|
||||||
gzip_http_version 1.0;
|
|
||||||
gzip_proxied any;
|
|
||||||
gzip_min_length 500;
|
|
||||||
gzip_disable "MSIE [1-6]\.";
|
|
||||||
gzip_types text/plain text/xml text/css
|
|
||||||
text/javascript application/x-javascript
|
|
||||||
application/octet-stream;
|
|
||||||
|
|
||||||
upstream app_server {
|
|
||||||
server unix:/tmp/gunicorn.sock fail_timeout=0;
|
|
||||||
# For a TCP configuration:
|
|
||||||
# server 192.168.0.7:8000 fail_timeout=0;
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 80 default_server;
|
|
||||||
server_name _;
|
|
||||||
rewrite ^ https://$host$request_uri? permanent;
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 443 default;
|
|
||||||
client_max_body_size 8G;
|
|
||||||
client_body_temp_path /mnt/logs/client_body 1 2;
|
|
||||||
server_name _;
|
|
||||||
|
|
||||||
keepalive_timeout 5;
|
|
||||||
|
|
||||||
ssl on;
|
|
||||||
ssl_certificate ./certs/quay-staging-unified.cert;
|
|
||||||
ssl_certificate_key ./certs/quay-staging.key;
|
|
||||||
ssl_session_timeout 5m;
|
|
||||||
ssl_protocols SSLv3 TLSv1;
|
|
||||||
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
|
|
||||||
ssl_prefer_server_ciphers on;
|
|
||||||
|
|
||||||
if ($args ~ "_escaped_fragment_") {
|
|
||||||
rewrite ^ /snapshot$uri;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /static/ {
|
|
||||||
# checks for static file, if not found proxy to app
|
|
||||||
alias /root/quay/static/;
|
|
||||||
}
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
proxy_set_header Host $http_host;
|
|
||||||
proxy_redirect off;
|
|
||||||
proxy_buffering off;
|
|
||||||
|
|
||||||
proxy_request_buffering off;
|
|
||||||
proxy_set_header Transfer-Encoding $http_transfer_encoding;
|
|
||||||
|
|
||||||
proxy_pass http://app_server;
|
|
||||||
proxy_read_timeout 2000;
|
|
||||||
proxy_temp_path /mnt/nginx/proxy_temp 1 2;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
81
nginx.conf
81
nginx.conf
|
@ -1,81 +0,0 @@
|
||||||
worker_processes 8;
|
|
||||||
|
|
||||||
user nobody nogroup;
|
|
||||||
pid /mnt/logs/nginx.pid;
|
|
||||||
error_log /mnt/logs/nginx.error.log;
|
|
||||||
|
|
||||||
events {
|
|
||||||
worker_connections 1024;
|
|
||||||
accept_mutex off;
|
|
||||||
}
|
|
||||||
|
|
||||||
http {
|
|
||||||
types_hash_max_size 2048;
|
|
||||||
include /usr/local/nginx/conf/mime.types.default;
|
|
||||||
|
|
||||||
default_type application/octet-stream;
|
|
||||||
access_log /mnt/logs/nginx.access.log combined;
|
|
||||||
sendfile on;
|
|
||||||
|
|
||||||
gzip on;
|
|
||||||
gzip_http_version 1.0;
|
|
||||||
gzip_proxied any;
|
|
||||||
gzip_min_length 500;
|
|
||||||
gzip_disable "MSIE [1-6]\.";
|
|
||||||
gzip_types text/plain text/xml text/css
|
|
||||||
text/javascript application/x-javascript
|
|
||||||
application/octet-stream;
|
|
||||||
|
|
||||||
upstream app_server {
|
|
||||||
server unix:/tmp/gunicorn.sock fail_timeout=0;
|
|
||||||
# For a TCP configuration:
|
|
||||||
# server 192.168.0.7:8000 fail_timeout=0;
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 80 default_server;
|
|
||||||
server_name _;
|
|
||||||
rewrite ^ https://$host$request_uri? permanent;
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 443 default;
|
|
||||||
client_max_body_size 8G;
|
|
||||||
client_body_temp_path /mnt/logs/client_body 1 2;
|
|
||||||
server_name _;
|
|
||||||
|
|
||||||
keepalive_timeout 5;
|
|
||||||
|
|
||||||
ssl on;
|
|
||||||
ssl_certificate ./certs/quay-unified.cert;
|
|
||||||
ssl_certificate_key ./certs/quay.key;
|
|
||||||
ssl_session_timeout 5m;
|
|
||||||
ssl_protocols SSLv3 TLSv1;
|
|
||||||
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
|
|
||||||
ssl_prefer_server_ciphers on;
|
|
||||||
|
|
||||||
if ($args ~ "_escaped_fragment_") {
|
|
||||||
rewrite ^ /snapshot$uri;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /static/ {
|
|
||||||
# checks for static file, if not found proxy to app
|
|
||||||
alias /home/ubuntu/quay/static/;
|
|
||||||
}
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
proxy_set_header Host $http_host;
|
|
||||||
proxy_redirect off;
|
|
||||||
proxy_buffering off;
|
|
||||||
|
|
||||||
proxy_request_buffering off;
|
|
||||||
proxy_set_header Transfer-Encoding $http_transfer_encoding;
|
|
||||||
|
|
||||||
proxy_pass http://app_server;
|
|
||||||
proxy_read_timeout 2000;
|
|
||||||
proxy_temp_path /mnt/nginx/proxy_temp 1 2;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
Reference in a new issue