From e9be93cd70dcdb7df6e3d6835b8bb81e7385cc29 Mon Sep 17 00:00:00 2001 From: Wayne Witzel III Date: Tue, 18 Oct 2016 11:16:38 -0400 Subject: [PATCH] Update tower_tools image to run nginx --- Makefile | 4 +- tools/docker-compose.yml | 12 +----- tools/docker-compose/Dockerfile | 8 +++- tools/docker-compose/nginx.conf | 37 +++++++++++++++++ tools/docker-compose/nginx.vh.default.conf | 48 ++++++++++++++++++++++ tools/docker-compose/start_development.sh | 3 ++ 6 files changed, 98 insertions(+), 14 deletions(-) create mode 100644 tools/docker-compose/nginx.conf create mode 100644 tools/docker-compose/nginx.vh.default.conf diff --git a/Makefile b/Makefile index 83db7eb6ea..3680f8e540 100644 --- a/Makefile +++ b/Makefile @@ -395,7 +395,7 @@ uwsgi: @if [ "$(VENV_BASE)" ]; then \ . $(VENV_BASE)/tower/bin/activate; \ fi; \ - uwsgi --socket :8050 --module=awx.wsgi:application --home=/venv/tower --chdir=/tower_devel/ --vacuum --processes=5 --harakiri=60 --static-map /static=/tower_devel/awx/ui/static + uwsgi -b 32768 --socket :8050 --module=awx.wsgi:application --home=/venv/tower --chdir=/tower_devel/ --vacuum --processes=5 --harakiri=60 --static-map /static=/tower_devel/awx/ui/static --static-map /static=/tower_devel/awx/static daphne: @if [ "$(VENV_BASE)" ]; then \ @@ -775,7 +775,7 @@ docker-auth: # Docker Compose Development environment docker-compose: docker-auth - TAG=$(COMPOSE_TAG) docker-compose -f tools/docker-compose.yml up --no-recreate nginx tower + TAG=$(COMPOSE_TAG) docker-compose -f tools/docker-compose.yml up --no-recreate tower docker-compose-cluster: docker-auth TAG=$(COMPOSE_TAG) docker-compose -f tools/docker-compose-cluster.yml up diff --git a/tools/docker-compose.yml b/tools/docker-compose.yml index f68d5d594c..e97591be1e 100644 --- a/tools/docker-compose.yml +++ b/tools/docker-compose.yml @@ -12,8 +12,8 @@ services: ports: - "8080:8080" - "5555:5555" - - "8050:8050" - - "8051:8051" + - "8013:8013" + - "8043:8043" links: - postgres - memcached @@ -35,14 +35,6 @@ services: ports: - "15672:15672" - nginx: - image: gcr.io/ansible-tower-engineering/tower_nginx:${TAG} - ports: - - "8043:443" - - "8013:80" - links: - - tower - # Source Code Synchronization Container # sync: # build: diff --git a/tools/docker-compose/Dockerfile b/tools/docker-compose/Dockerfile index 6a3bec6c38..2527b2bb35 100644 --- a/tools/docker-compose/Dockerfile +++ b/tools/docker-compose/Dockerfile @@ -11,7 +11,7 @@ RUN yum -y update && yum -y install curl epel-release RUN curl --silent --location https://rpm.nodesource.com/setup_6.x | bash - RUN yum -y localinstall http://download.postgresql.org/pub/repos/yum/9.4/redhat/rhel-6-x86_64/pgdg-centos94-9.4-3.noarch.rpm ADD tools/docker-compose/proot.repo /etc/yum.repos.d/proot.repo -RUN yum -y update && yum -y install openssh-server ansible mg vim tmux git mercurial subversion python-devel python-psycopg2 make postgresql postgresql-devel nodejs python-psutil libxml2-devel libxslt-devel libstdc++.so.6 gcc cyrus-sasl-devel cyrus-sasl openldap-devel libffi-devel zeromq-devel proot python-pip xmlsec1-devel swig krb5-devel xmlsec1-openssl xmlsec1 xmlsec1-openssl-devel libtool-ltdl-devel rabbitmq-server +RUN yum -y update && yum -y install openssh-server ansible mg vim tmux git mercurial subversion python-devel python-psycopg2 make postgresql postgresql-devel nginx nodejs python-psutil libxml2-devel libxslt-devel libstdc++.so.6 gcc cyrus-sasl-devel cyrus-sasl openldap-devel libffi-devel zeromq-devel proot python-pip xmlsec1-devel swig krb5-devel xmlsec1-openssl xmlsec1 xmlsec1-openssl-devel libtool-ltdl-devel rabbitmq-server RUN pip install flake8 pytest==2.9.2 pytest-pythonpath pytest-django pytest-cov pytest-mock dateutils django-debug-toolbar==1.4 pyflakes==1.0.0 virtualenv RUN /usr/bin/ssh-keygen -q -t rsa -N "" -f /root/.ssh/id_rsa RUN mkdir -p /etc/tower @@ -23,10 +23,14 @@ ADD tools/docker-compose/ansible-tower.egg-link /tmp/ansible-tower.egg-link ADD tools/docker-compose/tower-manage /usr/local/bin/tower-manage ADD tools/docker-compose/awx-manage /usr/local/bin/awx-manage ADD tools/docker-compose/ansible_tower.egg-info /tmp/ansible_tower.egg-info +ADD tools/docker-compose/nginx.conf /etc/nginx/nginx.conf +ADD tools/docker-compose/nginx.vh.default.conf /etc/nginx/conf.d/nginx.vh.default.conf RUN ln -s /tower_devel/tools/docker-compose/start_development.sh /start_development.sh +RUN openssl req -nodes -newkey rsa:2048 -keyout /etc/nginx/nginx.key -out /etc/nginx/nginx.csr -subj "/C=US/ST=North Carolina/L=Durham/O=Ansible/OU=Tower Development/CN=tower.localhost" +RUN openssl x509 -req -days 365 -in /etc/nginx/nginx.csr -signkey /etc/nginx/nginx.key -out /etc/nginx/nginx.crt WORKDIR /tmp RUN SWIG_FEATURES="-cpperraswarn -includeall -D__`uname -m`__ -I/usr/include/openssl" VENV_BASE="/venv" make requirements_dev WORKDIR / -EXPOSE 8050 8051 8080 22 +EXPOSE 8043 8013 8080 22 ENTRYPOINT ["/usr/bin/dumb-init"] CMD /start_development.sh diff --git a/tools/docker-compose/nginx.conf b/tools/docker-compose/nginx.conf new file mode 100644 index 0000000000..4f1f4e986e --- /dev/null +++ b/tools/docker-compose/nginx.conf @@ -0,0 +1,37 @@ +user nginx; +worker_processes 1; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + +events { + worker_connections 1024; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + + sendfile on; + #tcp_nopush on; + + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + + keepalive_timeout 65; + + #gzip on; + + include /etc/nginx/conf.d/*.conf; +} diff --git a/tools/docker-compose/nginx.vh.default.conf b/tools/docker-compose/nginx.vh.default.conf new file mode 100644 index 0000000000..60073d4797 --- /dev/null +++ b/tools/docker-compose/nginx.vh.default.conf @@ -0,0 +1,48 @@ +upstream uwsgi { + server tower:8050; +} + +upstream daphne { + server tower:8051; +} + +server { + listen 8013 default_server; + listen 8043 default_server ssl; + + # If you have a domain name, this is where to add it + server_name _; + keepalive_timeout 70; + + ssl_certificate /etc/nginx/nginx.crt; + ssl_certificate_key /etc/nginx/nginx.key; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!aNULL:!MD5; + + location /websocket { + # Pass request to the upstream alias + proxy_pass http://daphne; + # Require http version 1.1 to allow for upgrade requests + proxy_http_version 1.1; + # We want proxy_buffering off for proxying to websockets. + proxy_buffering off; + # http://en.wikipedia.org/wiki/X-Forwarded-For + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # enable this if you use HTTPS: + proxy_set_header X-Forwarded-Proto https; + # pass the Host: header from the client for the sake of redirects + proxy_set_header Host $http_host; + # We've set the Host header, so we don't need Nginx to muddle + # about with redirects + proxy_redirect off; + # Depending on the request value, set the Upgrade and + # connection headers + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + } + + location / { + include /etc/nginx/uwsgi_params; + uwsgi_pass uwsgi; + } +} diff --git a/tools/docker-compose/start_development.sh b/tools/docker-compose/start_development.sh index e2db66c3e4..01fa0a9dcd 100755 --- a/tools/docker-compose/start_development.sh +++ b/tools/docker-compose/start_development.sh @@ -40,5 +40,8 @@ make version_file make migrate make init +# Start nginx +nginx + # Start the service make honcho