0.4.0 cache &websockets

.github/workflows/docker-publish.yml

@@ -0,0 +1,104 @@
+name: Docker
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+on:
+  push:
+    branches: [ master ]
+    # Publish semver tags as releases.
+    tags: [ 'v*.*.*' ]
+  pull_request:
+    branches: [ master ]
+
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: ghcr.io
+  # github.repository as <account>/<repo>
+  IMAGE_NAME: ${{ github.repository }}
+
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      # # https://github.com/docker/setup-qemu-action
+      # - name: Set up QEMU
+      #   uses: docker/setup-qemu-action@v2.0.0
+
+      # https://github.com/docker/setup-buildx-action
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v2.0.0
+
+      # Login against a Docker registry except on PR
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v2.0.0
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v4.0.1
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+
+      # Cache dependencies
+      # https://github.com/actions/cache
+      - name: Cache Docker layers
+        uses: actions/cache@v3.0.5
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-multi-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-multi-buildx
+
+      # Build and push Docker image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@v3.1.0
+        with:
+          context: .
+          # platforms: linux/amd64,linux/arm64,linux/arm/v7
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=local,src=/tmp/.buildx-cache
+          # Note the mode=max here
+          # More: https://github.com/moby/buildkit#--export-cache-options
+          # And: https://github.com/docker/buildx#--cache-tonametypetypekeyvalue
+          cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-new
+
+      # Temp fix / Disabled on self-hosted runner
+      # https://github.com/docker/build-push-action/issues/252
+      # https://github.com/moby/buildkit/issues/1896
+      - name: Move cache
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache

CHANGELOG.md

@@ -1,16 +1,26 @@
-# `nginx-sidecar` changelog
+# `nginx-sidecar` changelog
+
+## 0.4.0
+
+- Enabling the support of caching and websockets
+- Some variables were renamed, see `entrypoint.sh`
+- New variables are:
+  - `NGINX_CLIENT_BODY_BUFFER_SIZE` - it sets client_body_buffer_size (default: 8k).
+  - `NGINX_CLIENT_MAX_BODY_SIZE` - it sets client_max_body_size (default: 5M).
+  - `APP_SCHEME` - it sets application scheme (default: http).
+  - `NGINX_PROXY_BUFFER_SIZE` - it sets proxy_buffer_size (default: 8k).
 
 ## 0.3.8
 
 - Enabling the support of custom timeout for proxy requests
-- New variable is: PROXY_TIMEOUT- it sets proxy_connect_timeout, proxy_send_timeout, proxy_read_timeout values. (default: 60s)
+- New variable is: `PROXY_TIMEOUT` - it sets proxy_connect_timeout, proxy_send_timeout, proxy_read_timeout values. (default: 60s)
 
 ## 0.3.7
 
 - Enabling ngnix status for detailed monitoring.
 - New variables are:
- - `NGINX_STATUS_PORT` (default `81`) a port to run the status module on
- - `NGINX_STATUS_ALLOW_FROM` (default `all`) IP, CIDR, `all` for the nginx config's `allow` statement (http://nginx.org/en/docs/http/ngx_http_access_module.html)
+  - `NGINX_STATUS_PORT` (default `81`) a port to run the status module on
+  - `NGINX_STATUS_ALLOW_FROM` (default `all`) IP, CIDR, `all` for the nginx config's `allow` statement (http://nginx.org/en/docs/http/ngx_http_access_module.html)
 
 ## 0.3.6
 

Dockerfile

@@ -1,9 +1,18 @@
 FROM nginx:stable
 
-RUN apt update && apt install -y curl
+# # Install dependencies
+# ARG DEPENDENCIES="curl"
+# RUN apt-get update -y && \
+#     apt-get install --no-install-recommends -y ${DEPENDENCIES} && \
+#     apt-get clean && \
+#     rm -rf /var/cache/apt/archives/* && \
+#     rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && \
+#     truncate -s 0 /var/log/*log
 
-COPY nginx.conf.template /etc/nginx/nginx.conf.template
-COPY start.sh /usr/bin/start.sh
-RUN chmod a+x /usr/bin/start.sh
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod a+x /entrypoint.sh && \
+    mkdir -p /usr/local/etc/nginx
 
-CMD /usr/bin/start.sh
+COPY *.conf.template /usr/local/etc/nginx/
+
+ENTRYPOINT ["/entrypoint.sh"]

README.md

@@ -4,9 +4,9 @@ A simple nginx reverse proxy side-car, which can be placed in front an applicati
 
 ## Requirements
 
- - The application must be linked (either by Docker `--link` or ECS `links` section) as `app`.
- - The `NGINX_PORT` environment variable should be set to the port nginx should bind to.
- - The `APP_PORT` environment variable should be set to the port that the application is bound to inside the `app` container.
+ - The application must be linked (either by Docker `--link` or ECS `links` section) as `app` either the `APP_HOST` environment variable must be set to the service name.
+ - The `NGINX_PORT` (default `80`) environment variable should be set to the port nginx should bind to.
+ - The `APP_PORT` (default `8080`) environment variable should be set to the port that the application is bound to inside the `app` container.
 
 ## Stats Monitoring
 
@@ -15,7 +15,7 @@ We've enabled `http_stub_status_module` access to help with monitoring integrati
 - `NGINX_STATUS_ALLOW_FROM` (default `all`) IP, CIDR, `all` for the nginx config's `allow` statement (http://nginx.org/en/docs/http/ngx_http_access_module.html)
 
 ## Optional Requirements
- - PROXY_TIMEOUT sets proxy_connect_timeout, proxy_send_timeout, proxy_read_timeout values. (default: 60s)
+ - NGINX_PROXY_TIMEOUT sets proxy_connect_timeout, proxy_send_timeout, proxy_read_timeout values. (default: 60s)
 
 ## Example
 
@@ -69,7 +69,7 @@ services:
         - name: NGINX_STATUS_ALLOW_FROM
           value: '172.0.0.0/8'
         # If you want a custom timeout for the request
-        - name: PROXY_TIMEOUT
+        - name: NGINX_PROXY_TIMEOUT
           value: '10s'
 
         # If your datadog agent has Autodiscovery enabled, you can provide additional docker labels

VERSION

@@ -1 +1 @@
-0.3.8
+0.4.0

entrypoint.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+
+set -e
+
+# nginx.conf doesn't support environment variables, so we substitute at run time.
+# Proxy setup was moved in external file.
+
+## nginx.conf substitutions:
+/bin/sed \
+  -e "s/<NGINX_PORT>/${NGINX_PORT:-80}/g" \
+  -e "s/<NGINX_CLIENT_BODY_BUFFER_SIZE>/${NGINX_CLIENT_BODY_BUFFER_SIZE:-8k}/g" \
+  -e "s/<NGINX_CLIENT_MAX_BODY_SIZE>/${NGINX_CLIENT_MAX_BODY_SIZE:-5M}/g" \
+  -e "s/<NGINX_STATUS_PORT>/${NGINX_STATUS_PORT:-81}/g" \
+  -e "s:<NGINX_STATUS_ALLOW_FROM>:${NGINX_STATUS_ALLOW_FROM:-all}:g" \
+  /usr/local/etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf
+
+## proxy.conf substitutions:
+/bin/sed \
+  -e "s/<NGINX_PROXY_BUFFER_SIZE>/${NGINX_PROXY_BUFFER_SIZE:-8k}/g" \
+  -e "s:<NGINX_PROXY_TIMEOUT>:${NGINX_PROXY_TIMEOUT:-60s}:g" \
+  -e "s/<APP_SCHEME>/${APP_SCHEME:-http}/g" \
+  -e "s/<APP_HOST>/${APP_HOST:-app}/g" \
+  -e "s/<APP_PORT>/${APP_PORT:-8080}/g" \
+    /usr/local/etc/nginx/proxy.conf.template > /etc/nginx/proxy.conf
+
+# Wait for the application to start before accepting ALB requests.
+if [[ -z "${SKIP_HEALTHCHECK}" ]]; then
+  curl --silent --fail --max-time 5 "http://${APP_HOST:-app}:${APP_PORT:-8080}${APP_HEALTHCHECK_PATH:-/health}" || exit 1
+fi
+
+# run in foreground as pid 1
+exec /usr/sbin/nginx -g 'daemon off;' -c /etc/nginx/nginx.conf

nginx.conf.template

@@ -39,9 +39,11 @@ http {
   include /etc/nginx/mime.types;
   default_type application/octet-stream;
 
-  log_format  main  '[nginx] method=$request_method path=$request_uri '
-                    'status=$status upstream_status=$upstream_status duration=$request_time size=$body_bytes_sent '
-                    '"$remote_user" "$http_referer" "$http_user_agent"';
+  log_format  main  '[nginx] '
+                    'remote_addr=[$remote_addr] time=[$time_local] duration=[$request_time] '
+                    'status=[$status] cache=[$upstream_cache_status] upstream_status=[$upstream_status] '
+                    'method=[$request_method] path=[$request_uri] size=[$body_bytes_sent] '
+                    '"$remote_user" "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';
 
   # Log to stdout.
   # Use the stdout of init on Docker to get the logs to the log drain.
@@ -64,12 +66,6 @@ http {
              application/javascript application/json
              application/atom+xml;
 
-  # timeout settings when proxying request to a server upstream
-  # nginx default values for these can be high for your app needs so it is configurable
-  proxy_connect_timeout <PROXY_TIMEOUT>;
-  proxy_send_timeout <PROXY_TIMEOUT>;
-  proxy_read_timeout <PROXY_TIMEOUT>;
-
   # According to the HTTP standard, headers with underscores are perfectly valid.
   # However, nginx defaults to dropping headers containing underscores, as they
   # might introduce ambiguities when mapping headers to CGI variables.
@@ -81,32 +77,40 @@ http {
       https https;
   }
 
-  server {
-    listen <NGINX_PORT> deferred;
+  # Cache
+  proxy_cache_path /tmp/nginx-cache levels=1:2 keys_zone=static-cache:25m max_size=100m inactive=60m use_temp_path=off;
+  map $sent_http_content_type $expires {
+    "text/html"                 5m; # set this to your needs
+    "text/html; charset=utf-8"  5m; # set this to your needs
+    default                     1h; # set this to your needs
+  }
 
-    client_body_buffer_size <CLIENT_BODY_BUFFER_SIZE>;
-    client_max_body_size 5M; # default 1M
+  server {
+    listen <NGINX_PORT> deferred; # default 80
+
+    client_body_buffer_size <NGINX_CLIENT_BODY_BUFFER_SIZE>; # default 8k
+    client_max_body_size <NGINX_CLIENT_MAX_BODY_SIZE>; # default 5M
+
+    # Caching static files
+    location ~* \.(?:ico|gif|jpe?g|png|woff2?|eot|otf|ttf|svg|js|css)$ {
+      expires               $expires;
+      add_header            X-Cache-Status  $upstream_cache_status;
+      proxy_cache           static-cache;
+      proxy_cache_bypass    $arg_nocache;   # probably better to change this
+      proxy_cache_valid     200 302         1h;  # set this to your needs
+      proxy_cache_valid     404             1m;   # set this to your needs
+      proxy_cache_lock      on;
+      proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
+      proxy_cache_key       $uri$is_args$args;
+      proxy_ignore_headers  Cache-Control;
+
+      # Use external config
+      include proxy.conf;
+    }
 
     location / {
-      proxy_pass_request_headers on;
-
-      # For NewRelic, time in milliseconds
-      proxy_set_header X-Request-Start "t=${msec}";
-      proxy_set_header X-Queue-Start "t=${msec}";
-
-      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-      proxy_set_header X-Forwarded-Proto $thescheme;
-      proxy_set_header X-Real-IP $remote_addr;
-
-      # Pass the original host name through, this is important if downstream
-      # uses host based routing
-      proxy_set_header Host $host;
-
-      proxy_redirect off; # disable nginx redirect-rewrite logic
-      proxy_pass http://<APP_HOST>:<APP_PORT>;
-
-      # The size of the buffer that stores the response headers
-      proxy_buffer_size 8k;
+      # Use external config
+      include proxy.conf;
     }
   }
 

proxy.conf.template

@@ -0,0 +1,35 @@
+proxy_pass_request_headers  on;
+
+# For NewRelic, time in milliseconds
+proxy_set_header            X-Request-Start   "t=${msec}";
+proxy_set_header            X-Queue-Start     "t=${msec}";
+
+proxy_set_header            X-Forwarded-For   $proxy_add_x_forwarded_for;
+proxy_set_header            X-Forwarded-Proto $thescheme;
+proxy_set_header            X-Real-IP         $remote_addr;
+proxy_set_header            X-Forwarded-Host  $http_host;
+
+# Pass the original host name through, this is important if downstream
+# uses host based routing
+proxy_set_header            Host              $host;
+
+proxy_redirect              off; # disable nginx redirect-rewrite logic
+proxy_pass                  <APP_SCHEME>://<APP_HOST>:<APP_PORT>; # default http://app:8080
+
+# The size of the buffer that stores the response headers
+proxy_buffer_size           <NGINX_PROXY_BUFFER_SIZE>;
+
+# Websocket support
+proxy_set_header            Upgrade           $http_upgrade;
+proxy_set_header            Connection        "upgrade";
+
+proxy_http_version          1.1;
+
+# Cache support
+proxy_cache_bypass          $http_upgrade;
+
+# timeout settings when proxying request to a server upstream
+# nginx default values for these can be high for your app needs so it is configurable
+proxy_connect_timeout       <NGINX_PROXY_TIMEOUT>;
+proxy_send_timeout          <NGINX_PROXY_TIMEOUT>;
+proxy_read_timeout          <NGINX_PROXY_TIMEOUT>;