Configure nginx to emit logstash logs for access logs. Move all nginx config to a conf subdir. Rework nginx config to share common parts.

This commit is contained in:
yackob03 2014-01-31 18:13:46 -05:00
parent c13654bb52
commit 2b6c9149e8
20 changed files with 148 additions and 165 deletions

View file

@ -19,7 +19,7 @@ sudo gdebi --n binary_dependencies/*.deb
running: running:
``` ```
sudo mkdir -p /mnt/logs/ && sudo chown $USER /mnt/logs/ && sudo /usr/local/nginx/sbin/nginx -c `pwd`/nginx.conf sudo mkdir -p /mnt/logs/ && sudo chown $USER /mnt/logs/ && sudo /usr/local/nginx/sbin/nginx -c `pwd`/conf/nginx.conf
sudo mkdir -p /mnt/logs/ && sudo chown $USER /mnt/logs/ && STACK=prod gunicorn -c gunicorn_config.py application:application sudo mkdir -p /mnt/logs/ && sudo chown $USER /mnt/logs/ && STACK=prod gunicorn -c gunicorn_config.py application:application
``` ```

View file

@ -0,0 +1,5 @@
server {
listen 80 default_server;
server_name _;
rewrite ^ https://$host$request_uri? permanent;
}

33
conf/http-base.conf Normal file
View file

@ -0,0 +1,33 @@
log_format logstash_json '{ "@timestamp": "$time_iso8601", '
'"@fields": { '
'"remote_addr": "$remote_addr", '
'"remote_user": "$remote_user", '
'"body_bytes_sent": "$body_bytes_sent", '
'"request_time": "$request_time", '
'"status": "$status", '
'"request": "$request", '
'"request_method": "$request_method", '
'"http_referrer": "$http_referer", '
'"http_user_agent": "$http_user_agent" } }';
types_hash_max_size 2048;
include /usr/local/nginx/conf/mime.types.default;
default_type application/octet-stream;
access_log /mnt/logs/nginx.access.log logstash_json;
sendfile on;
gzip on;
gzip_http_version 1.0;
gzip_proxied any;
gzip_min_length 500;
gzip_disable "MSIE [1-6]\.";
gzip_types text/plain text/xml text/css
text/javascript application/x-javascript
application/octet-stream;
upstream app_server {
server unix:/tmp/gunicorn.sock fail_timeout=0;
# For a TCP configuration:
# server 192.168.0.7:8000 fail_timeout=0;
}

18
conf/nginx-local.conf Normal file
View file

@ -0,0 +1,18 @@
include root-base.conf;
worker_processes 2;
http {
include http-base.conf;
server {
include server-base.conf;
listen 5000 default;
location /static/ {
# checks for static file, if not found proxy to app
alias /home/jake/Projects/docker/quay/static/;
}
}
}

30
conf/nginx-staging.conf Normal file
View file

@ -0,0 +1,30 @@
include root-base.conf;
worker_processes 2;
user root nogroup;
http {
include http-base.conf;
include hosted-http-base.conf;
server {
include server-base.conf;
listen 443 default;
ssl on;
ssl_certificate ./certs/quay-staging-unified.cert;
ssl_certificate_key ./certs/quay-staging.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
location /static/ {
# checks for static file, if not found proxy to app
alias /root/quay/static/;
}
}
}

30
conf/nginx.conf Normal file
View file

@ -0,0 +1,30 @@
include root-base.conf;
worker_processes 8;
user nobody nogroup;
http {
include http-base.conf;
include hosted-http-base.conf;
server {
include server-base.conf;
listen 443 default;
ssl on;
ssl_certificate ./certs/quay-unified.cert;
ssl_certificate_key ./certs/quay.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
location /static/ {
# checks for static file, if not found proxy to app
alias /home/ubuntu/quay/static/;
}
}
}

7
conf/root-base.conf Normal file
View file

@ -0,0 +1,7 @@
pid /mnt/logs/nginx.pid;
error_log /mnt/logs/nginx.error.log;
events {
worker_connections 1024;
accept_mutex off;
}

24
conf/server-base.conf Normal file
View file

@ -0,0 +1,24 @@
client_max_body_size 8G;
client_body_temp_path /mnt/logs/client_body 1 2;
server_name _;
keepalive_timeout 5;
if ($args ~ "_escaped_fragment_") {
rewrite ^ /snapshot$uri;
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_buffering off;
proxy_request_buffering off;
proxy_set_header Transfer-Encoding $http_transfer_encoding;
proxy_pass http://app_server;
proxy_read_timeout 2000;
proxy_temp_path /mnt/nginx/proxy_temp 1 2;
}

View file

@ -1,83 +0,0 @@
worker_processes 2;
user root nogroup;
pid /mnt/logs/nginx.pid;
error_log /mnt/logs/nginx.error.log;
events {
worker_connections 1024;
accept_mutex off;
}
http {
types_hash_max_size 2048;
include /usr/local/nginx/conf/mime.types.default;
default_type application/octet-stream;
access_log /mnt/logs/nginx.access.log combined;
sendfile on;
root /root/quay/;
gzip on;
gzip_http_version 1.0;
gzip_proxied any;
gzip_min_length 500;
gzip_disable "MSIE [1-6]\.";
gzip_types text/plain text/xml text/css
text/javascript application/x-javascript
application/octet-stream;
upstream app_server {
server unix:/tmp/gunicorn.sock fail_timeout=0;
# For a TCP configuration:
# server 192.168.0.7:8000 fail_timeout=0;
}
server {
listen 80 default_server;
server_name _;
rewrite ^ https://$host$request_uri? permanent;
}
server {
listen 443 default;
client_max_body_size 8G;
client_body_temp_path /mnt/logs/client_body 1 2;
server_name _;
keepalive_timeout 5;
ssl on;
ssl_certificate ./certs/quay-staging-unified.cert;
ssl_certificate_key ./certs/quay-staging.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
if ($args ~ "_escaped_fragment_") {
rewrite ^ /snapshot$uri;
}
location /static/ {
# checks for static file, if not found proxy to app
alias /root/quay/static/;
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_buffering off;
proxy_request_buffering off;
proxy_set_header Transfer-Encoding $http_transfer_encoding;
proxy_pass http://app_server;
proxy_read_timeout 2000;
proxy_temp_path /mnt/nginx/proxy_temp 1 2;
}
}
}

View file

@ -1,81 +0,0 @@
worker_processes 8;
user nobody nogroup;
pid /mnt/logs/nginx.pid;
error_log /mnt/logs/nginx.error.log;
events {
worker_connections 1024;
accept_mutex off;
}
http {
types_hash_max_size 2048;
include /usr/local/nginx/conf/mime.types.default;
default_type application/octet-stream;
access_log /mnt/logs/nginx.access.log combined;
sendfile on;
gzip on;
gzip_http_version 1.0;
gzip_proxied any;
gzip_min_length 500;
gzip_disable "MSIE [1-6]\.";
gzip_types text/plain text/xml text/css
text/javascript application/x-javascript
application/octet-stream;
upstream app_server {
server unix:/tmp/gunicorn.sock fail_timeout=0;
# For a TCP configuration:
# server 192.168.0.7:8000 fail_timeout=0;
}
server {
listen 80 default_server;
server_name _;
rewrite ^ https://$host$request_uri? permanent;
}
server {
listen 443 default;
client_max_body_size 8G;
client_body_temp_path /mnt/logs/client_body 1 2;
server_name _;
keepalive_timeout 5;
ssl on;
ssl_certificate ./certs/quay-unified.cert;
ssl_certificate_key ./certs/quay.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
if ($args ~ "_escaped_fragment_") {
rewrite ^ /snapshot$uri;
}
location /static/ {
# checks for static file, if not found proxy to app
alias /home/ubuntu/quay/static/;
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_buffering off;
proxy_request_buffering off;
proxy_set_header Transfer-Encoding $http_transfer_encoding;
proxy_pass http://app_server;
proxy_read_timeout 2000;
proxy_temp_path /mnt/nginx/proxy_temp 1 2;
}
}
}