From 7a79e5969d04c1660a52f7b1648873e1d1dfcbcb Mon Sep 17 00:00:00 2001
From: Bennett Goble <signal@lindenlab.com>
Date: Sun, 18 Feb 2024 15:20:46 -0800
Subject: [PATCH] Disable healthcheck access log

---
 Dockerfile                                    |  1 +
 README.md                                     |  1 +
 .../00-render-templates.sh                    | 24 ++++++++-------
 .../default.conf.template                     | 27 +++++++++--------
 src/etc/nginx/conf.d/status.conf              |  2 +-
 .../log-format.conf}                          |  0
 src/etc/nginx/includes/proxy.conf.template    |  4 +++
 src/etc/nginx/includes/uwsgi.conf.template    |  6 ++++
 src/etc/nginx/nginx.conf.template             |  4 ++-
 test/main_test.go                             | 29 +++++++++++++++++++
 test/test.sh                                  |  1 +
 11 files changed, 73 insertions(+), 26 deletions(-)
 rename src/etc/nginx/{templates => conf.d}/default.conf.template (64%)
 rename src/etc/nginx/{conf.d/00-log-format.conf => includes/log-format.conf} (100%)
 create mode 100644 src/etc/nginx/includes/proxy.conf.template
 create mode 100644 src/etc/nginx/includes/uwsgi.conf.template

diff --git a/Dockerfile b/Dockerfile
index ca8ff4a..12ab38d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -11,6 +11,7 @@ COPY src /
 ENV KEEPALIVE_TIMEOUT=65
 ENV PROXY_UWSGI=0
 ENV LISTEN_PORT=80
+ENV HEALTHCHECK_PATH="/lb-status/"
 ENV STATIC_LOCATIONS=
 EXPOSE 80
 STOPSIGNAL SIGQUIT
diff --git a/README.md b/README.md
index 3ecd0c9..9760e91 100644
--- a/README.md
+++ b/README.md
@@ -16,6 +16,7 @@ Pair nginx-proxy with your favorite upstream server (wsgi, uwsgi, asgi, et al.)
 | `STATIC_LOCATIONS` | Static asset mappings | No | | |
 | `PROXY_UWSGI` | Whether to use native uwsgi support | No | 0 | 1 |
 | `KEEPALIVE_TIMEOUT` | What value to set HTTP keepalive (This should be higher than your ELB's timeout) | Yes | 65 | |
+| `HEALTHCHECK_PATH` | nginx-proxy disables healthcheck path access logs, you can configure the path here | Yes | /lb-status/ | |
 
 ### Hosting Static Assets
 
diff --git a/src/docker-entrypoint.d/00-render-templates.sh b/src/docker-entrypoint.d/00-render-templates.sh
index 8c8bc3b..b14c33a 100755
--- a/src/docker-entrypoint.d/00-render-templates.sh
+++ b/src/docker-entrypoint.d/00-render-templates.sh
@@ -4,14 +4,18 @@ set -eo pipefail
 
 source /docker-entrypoint.d/functions
 
-# Render main nginx.conf
-cat "/etc/nginx/nginx.conf.template" | gomplate > "/etc/nginx/nginx.conf"
+function render_templates {
+  local src="$1"
+  local dst="$2"
+  for f in $src; do
+    final=$(basename "$f")
+    final=${final%.template}
+    final="$dst/$final"
+    cat "$f" | gomplate > "$final"
+    log "$0: Rendered $f and moved it to $final"
+  done
+}
 
-for f in /etc/nginx/templates/*.template
-do
-  final=$(basename "$f")
-  final=${final%.template}
-  final="/etc/nginx/conf.d/$final"
-  cat "$f" | gomplate > "$final"
-  log "$0: Rendered $f and moved it to $final"
-done
+render_templates "/etc/nginx/*.template" "/etc/nginx"
+render_templates "/etc/nginx/conf.d/*.template" "/etc/nginx/conf.d"
+render_templates "/etc/nginx/includes/*.template" "/etc/nginx/includes"
diff --git a/src/etc/nginx/templates/default.conf.template b/src/etc/nginx/conf.d/default.conf.template
similarity index 64%
rename from src/etc/nginx/templates/default.conf.template
rename to src/etc/nginx/conf.d/default.conf.template
index 7223b9e..d298757 100644
--- a/src/etc/nginx/templates/default.conf.template
+++ b/src/etc/nginx/conf.d/default.conf.template
@@ -22,23 +22,22 @@ server {
   add_header X-XSS-Protection "1; mode=block";
   add_header X-Content-Type-Options "nosniff";
   
-  {{ if (eq .Env.PROXY_UWSGI "1") }}
   location / {
-    uwsgi_pass app;
-    uwsgi_param HTTP_X_REQUEST_ID $request_id;
-    uwsgi_param HTTP_HOST $host;
-    include uwsgi_params;
-    uwsgi_read_timeout {{ .Env.KEEPALIVE_TIMEOUT }};
-    uwsgi_send_timeout {{ .Env.KEEPALIVE_TIMEOUT }};
+    {{ if (eq .Env.PROXY_UWSGI "1") }}
+    include /etc/nginx/includes/uwsgi.conf;
+    {{ else }}
+    include /etc/nginx/includes/proxy.conf;
+    {{ end }}
   }
-  {{ else }}
-  location / {
-    proxy_set_header X-Request-ID $request_id;
-    proxy_set_header Host $host;
-    proxy_redirect off;
-    proxy_pass http://app; 
+
+  location {{ .Env.HEALTHCHECK_PATH }} {
+    access_log off;
+    {{ if (eq .Env.PROXY_UWSGI "1") }}
+    include /etc/nginx/includes/uwsgi.conf;
+    {{ else }}
+    include /etc/nginx/includes/proxy.conf;
+    {{ end }}
   }
-  {{ end }}
 
   {{ if .Env.STATIC_LOCATIONS }}
   {{ range (.Env.STATIC_LOCATIONS | strings.Split "," )}}
diff --git a/src/etc/nginx/conf.d/status.conf b/src/etc/nginx/conf.d/status.conf
index 94d762c..e71fda9 100644
--- a/src/etc/nginx/conf.d/status.conf
+++ b/src/etc/nginx/conf.d/status.conf
@@ -1,7 +1,7 @@
 # NGINX status/stats used by datadog, et al.
 server {
   listen 8091;
-  server_name localhost;
+  server_name _;
 
   access_log off;
   allow 127.0.0.1;
diff --git a/src/etc/nginx/conf.d/00-log-format.conf b/src/etc/nginx/includes/log-format.conf
similarity index 100%
rename from src/etc/nginx/conf.d/00-log-format.conf
rename to src/etc/nginx/includes/log-format.conf
diff --git a/src/etc/nginx/includes/proxy.conf.template b/src/etc/nginx/includes/proxy.conf.template
new file mode 100644
index 0000000..4dc501a
--- /dev/null
+++ b/src/etc/nginx/includes/proxy.conf.template
@@ -0,0 +1,4 @@
+proxy_set_header X-Request-ID $request_id;
+proxy_set_header Host $host;
+proxy_redirect off;
+proxy_pass http://app; 
diff --git a/src/etc/nginx/includes/uwsgi.conf.template b/src/etc/nginx/includes/uwsgi.conf.template
new file mode 100644
index 0000000..066a354
--- /dev/null
+++ b/src/etc/nginx/includes/uwsgi.conf.template
@@ -0,0 +1,6 @@
+uwsgi_pass app;
+uwsgi_param HTTP_X_REQUEST_ID $request_id;
+uwsgi_param HTTP_HOST $host;
+include uwsgi_params;
+uwsgi_read_timeout {{ .Env.KEEPALIVE_TIMEOUT }};
+uwsgi_send_timeout {{ .Env.KEEPALIVE_TIMEOUT }};
diff --git a/src/etc/nginx/nginx.conf.template b/src/etc/nginx/nginx.conf.template
index b386624..9a5c5dc 100644
--- a/src/etc/nginx/nginx.conf.template
+++ b/src/etc/nginx/nginx.conf.template
@@ -45,8 +45,10 @@ http {
     more_clear_headers "Server";
     more_clear_headers "server";
 
-    include /etc/nginx/conf.d/*.conf;
+    include /etc/nginx/includes/log-format.conf;
 
     # For docker logs to work, we need to output to stdout/stderr
     access_log /dev/stdout json_analytics;
+
+    include /etc/nginx/conf.d/*.conf;
 }
diff --git a/test/main_test.go b/test/main_test.go
index d774e07..e89326b 100644
--- a/test/main_test.go
+++ b/test/main_test.go
@@ -27,6 +27,35 @@ func getHTTPClient() *http.Client {
 	}
 }
 
+func TestHealth(t *testing.T) {
+	u, err := getTestURL()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	parsed, err := url.Parse(u)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	req, err := http.NewRequest("GET", parsed.JoinPath("/health").String(), nil)
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	client := getHTTPClient()
+	res, err := client.Do(req)
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if res.StatusCode != http.StatusOK {
+		t.Fatalf("Expected HTTP %d but got %d", http.StatusOK, res.StatusCode)
+	}
+}
+
 func TestStatic(t *testing.T) {
 	u, err := getTestURL()
 	if err != nil {
diff --git a/test/test.sh b/test/test.sh
index 5024d1e..01b16bf 100755
--- a/test/test.sh
+++ b/test/test.sh
@@ -11,6 +11,7 @@ LISTEN_PORT="8080" \
 KEEPALIVE_TIMEOUT="65" \
 PROXY_REVERSE_URL="http://localhost:8081" \
 SERVER_NAME="localhost" \
+HEALTHCHECK_PATH="/health" \
 STATIC_LOCATIONS="/static/:/test/static/" \
   /docker-entrypoint.sh