test

app/main.py

@@ -1,10 +1,4 @@
-import sys
-
-
 def application(env, start_response):
-    version = "{}.{}".format(sys.version_info.major, sys.version_info.minor)
-    start_response("200 OK", [("Content-Type", "text/plain")])
-    message = "Hello World from a default Nginx uWSGI Python {} app in a Docker container (default)".format(
-        version
-    )
-    return [message.encode("utf-8")]
+    start_response('200 OK', [('Content-Type', 'text/html')])
+    return [b"Hello World from a default Nginx uWSGI Python 3.6 app in a\
+            Docker container (default)"]

dockerrun.sh

@@ -0,0 +1,103 @@
+#!/bin/sh
+#
+# Note: base alpine Linux image may not include bash shell,
+#    and we probably want to move to that for service images,
+#    so just use bourn shell ...
+
+#
+# Update certificate authority index -
+# environment may have mounted more authorities
+# - ex: /usr/local/share/ca-certificates/cdis-ca.crt into system bundle       
+#
+
+GEN3_DEBUG="${GEN3_DEBUG:-False}"
+GEN3_DRYRUN="${GEN3_DRYRUN:-False}"
+GEN3_UWSGI_TIMEOUT="${GEN3_UWSGI_TIMEOUT:-45s}"
+
+run() {
+  if [ "$GEN3_DRYRUN" = True ]; then
+    echo "DRY RUN - not running: $@"
+  else
+    echo "Running $@"
+    "$@"
+  fi
+}
+
+help() {
+    cat - <<EOM
+Gen3 base (generic) launch script
+Use: 
+  dockkerrun.bash [--help] [--debug=False] [--uwsgiTimeout=45s] [--dryrun=False]
+EOM
+}
+
+
+while [ $# -gt 0 ]; do
+  arg="$1"
+  shift
+  key=""
+  value=""
+  key="$(echo "$arg" | sed -e 's/^-*//' | sed -e 's/=.*$//')"
+  value="$(echo "$arg" | sed -e 's/^.*=//')"
+
+  if [ "$value" = "$arg" ]; then # =value not given, so use default
+    value=""
+  fi
+  case "$key" in
+  debug)
+    GEN3_DEBUG="${value:-True}"
+    ;;
+  uwsgiTimeout)
+    GEN3_UWSGI_TIMEOUT="${value:-45s}"
+    ;;
+  dryrun)
+    GEN3_DRYRUN="${value:-True}"
+    ;;
+  help)
+    help
+    exit 0
+    ;;
+  *)
+    echo "ERROR: unknown argument $arg - bailing out"
+    exit 1
+    ;;
+  esac
+done
+
+cat - <<EOM
+Got configuration:
+GEN3_DEBUG=$GEN3_DEBUG
+GEN3_UWSGI_TIMEOUT=$GEN3_UWSGI_TIMEOUT
+GEN3_DRYRUN=$GEN3_DRYRUN
+EOM
+
+run update-ca-certificates
+run mkdir -p /var/run/gen3
+
+# fill in timeout in the uwsgi.conf template
+if [ -f /etc/nginx/sites-available/uwsgi.conf ]; then
+  sed -i -e "s/GEN3_UWSGI_TIMEOUT/$GEN3_UWSGI_TIMEOUT/g" /etc/nginx/sites-available/uwsgi.conf
+fi
+
+#
+# Enable debug flag based on GEN3_DEBUG environment
+#
+if [ -f ./wsgi.py ] && [ "$GEN3_DEBUG" = "True" ]; then
+  echo -e "\napplication.debug=True\n" >> ./wsgi.py
+fi
+
+(
+  # Wait for nginx to create uwsgi.sock in a sub-process
+  count=0
+  while [ ! -e /var/run/gen3/uwsgi.sock ] && [ $count -lt 10 ]; do
+    echo "... waiting for /var/run/gen3/uwsgi.sock to appear"
+    sleep 2
+    count="$(($count+1))"
+  done
+  if [ ! -e /var/run/gen3/uwsgi.sock ]; then
+    echo "WARNING: /var/run/gen3/uwsgi.sock does not exist!!!"
+  fi
+  run uwsgi --ini /etc/uwsgi/uwsgi.ini
+) &
+run nginx -g 'daemon off;'
+wait

entrypoint.sh

@@ -1,61 +1,35 @@
-#!/usr/bin/env bash
+#!/usr/bin/env sh
 set -e
 
 # Get the maximum upload file size for Nginx, default to 0: unlimited
 USE_NGINX_MAX_UPLOAD=${NGINX_MAX_UPLOAD:-0}
+# Generate Nginx config for maximum upload file size
+echo "client_max_body_size $USE_NGINX_MAX_UPLOAD;" > /etc/nginx/conf.d/upload.conf
+
+# Explicitly add installed Python packages and uWSGI Python packages to PYTHONPATH
+# Otherwise uWSGI can't import Flask
+export PYTHONPATH=$PYTHONPATH:/usr/local/lib/python3.6/site-packages:/usr/lib/python3.6/site-packages
 
 # Get the number of workers for Nginx, default to 1
 USE_NGINX_WORKER_PROCESSES=${NGINX_WORKER_PROCESSES:-1}
+# Modify the number of worker processes in Nginx config
+sed -i "/worker_processes\s/c\worker_processes ${USE_NGINX_WORKER_PROCESSES};" /etc/nginx/nginx.conf
 
-# Set the max number of connections per worker for Nginx, if requested 
+# Set the max number of connections per worker for Nginx, if requested
 # Cannot exceed worker_rlimit_nofile, see NGINX_WORKER_OPEN_FILES below
-NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-1024}
+if [ -n "$NGINX_WORKER_CONNECTIONS" ] ; then
+    sed -i "/worker_connections\s/c\    worker_connections ${NGINX_WORKER_CONNECTIONS};" /etc/nginx/nginx.conf
+fi
+
+# Set the max number of open file descriptors for Nginx workers, if requested
+if [ -n "$NGINX_WORKER_OPEN_FILES" ] ; then
+    echo "worker_rlimit_nofile ${NGINX_WORKER_OPEN_FILES};" >> /etc/nginx/nginx.conf
+fi
 
 # Get the listen port for Nginx, default to 80
 USE_LISTEN_PORT=${LISTEN_PORT:-80}
-
-if [ -f /app/nginx.conf ]; then
-    cp /app/nginx.conf /etc/nginx/nginx.conf
-else
-    content='user  nginx;\n'
-    # Set the number of worker processes in Nginx
-    content=$content"worker_processes ${USE_NGINX_WORKER_PROCESSES};\n"
-    content=$content'error_log  /var/log/nginx/error.log warn;\n'
-    content=$content'pid        /var/run/nginx.pid;\n'
-    content=$content'events {\n'
-    content=$content"    worker_connections ${NGINX_WORKER_CONNECTIONS};\n"
-    content=$content'}\n'
-    content=$content'http {\n'
-    content=$content'    include       /etc/nginx/mime.types;\n'
-    content=$content'    default_type  application/octet-stream;\n'
-    content=$content'    log_format  main  '"'\$remote_addr - \$remote_user [\$time_local] \"\$request\" '\n"
-    content=$content'                      '"'\$status \$body_bytes_sent \"\$http_referer\" '\n"
-    content=$content'                      '"'\"\$http_user_agent\" \"\$http_x_forwarded_for\"';\n"
-    content=$content'    access_log  /var/log/nginx/access.log  main;\n'
-    content=$content'    sendfile        on;\n'
-    content=$content'    keepalive_timeout  65;\n'
-    content=$content'    include /etc/nginx/conf.d/*.conf;\n'
-    content=$content'}\n'
-    content=$content'daemon off;\n'
-    # Set the max number of open file descriptors for Nginx workers, if requested
-    if [ -n "${NGINX_WORKER_OPEN_FILES}" ] ; then
-        content=$content"worker_rlimit_nofile ${NGINX_WORKER_OPEN_FILES};\n"
-    fi
-    # Save generated /etc/nginx/nginx.conf
-    printf "$content" > /etc/nginx/nginx.conf
-
-    content_server='server {\n'
-    content_server=$content_server"    listen ${USE_LISTEN_PORT};\n"
-    content_server=$content_server'    location / {\n'
-    content_server=$content_server'        include uwsgi_params;\n'
-    content_server=$content_server'        uwsgi_pass unix:///tmp/uwsgi.sock;\n'
-    content_server=$content_server'    }\n'
-    content_server=$content_server'}\n'
-    # Save generated server /etc/nginx/conf.d/nginx.conf
-    printf "$content_server" > /etc/nginx/conf.d/nginx.conf
-
-    # Generate Nginx config for maximum upload file size
-    printf "client_max_body_size $USE_NGINX_MAX_UPLOAD;\n" > /etc/nginx/conf.d/upload.conf
+# Modify Nignx config for listen port
+if ! grep -q "listen ${USE_LISTEN_PORT};" /etc/nginx/nginx.conf ; then
+    sed -i -e "/server {/a\    listen ${USE_LISTEN_PORT};" /etc/nginx/nginx.conf
 fi
-
 exec "$@"

nginx.conf

@@ -0,0 +1,51 @@
+user  nginx;
+worker_processes  1;
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+  	##
+	  # Logging Settings
+	  ##
+    log_format json '{"gen3log": "nginx", '
+          '"date_access": "$time_iso8601", '
+          '"user_id": "$http_x_userid", '
+          '"request_id": "$http_x_reqid", '
+          '"session_id": "$http_x_sessionid", '
+          '"visitor_id": "$http_x_visitorid", '
+          '"network_client_ip": "$http_x_forwarded_for", '
+          '"network_bytes_write": $body_bytes_sent, '
+          '"response_secs": $request_time, '
+          '"http_status_code": $status, '
+          '"http_request": "$request_uri", '
+          '"http_verb": "$request_method", '
+          '"http_referer": "$http_referer", '
+          '"http_useragent": "$http_user_agent", '
+          '"message": "$request"}';
+
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  json;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    include /etc/nginx/conf.d/*.conf;
+}

supervisord.ini

@@ -0,0 +1,18 @@
+[supervisord]
+nodaemon=true
+
+[program:uwsgi]
+command=/usr/sbin/uwsgi --ini /etc/uwsgi/uwsgi.ini --die-on-term --need-app --plugin python3
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+
+[program:nginx]
+command=/usr/sbin/nginx
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+# Graceful stop, see http://nginx.org/en/docs/control.html
+stopsignal=QUIT

uwsgi.conf

@@ -0,0 +1,38 @@
+server {
+    listen 80;
+
+    location / {
+        uwsgi_param REMOTE_ADDR $http_x_forwarded_for if_not_empty;
+        uwsgi_param REMOTE_USER $http_x_userid if_not_empty;
+        uwsgi_param REMOTE_REQID $http_x_reqid if_not_empty;
+        uwsgi_param REMOTE_SESSIONID $http_x_sessionid if_not_empty;
+        uwsgi_param REMOTE_VISITORID $http_x_visitorid if_not_empty;
+        uwsgi_param GEN3_REQUEST_TIMESTAMP $msec;
+        uwsgi_param GEN3_TIMEOUT_SECONDS GEN3_UWSGI_TIMEOUT;
+
+        include uwsgi_params;
+        uwsgi_pass unix:/var/run/gen3/uwsgi.sock;
+        uwsgi_read_timeout GEN3_UWSGI_TIMEOUT;
+        uwsgi_send_timeout GEN3_UWSGI_TIMEOUT;
+    }
+
+    location /_status {
+        include uwsgi_params;
+        uwsgi_pass unix:/var/run/gen3/uwsgi.sock;
+        uwsgi_param GEN3_REQUEST_TIMESTAMP $msec;
+        uwsgi_param GEN3_TIMEOUT_SECONDS GEN3_UWSGI_TIMEOUT;
+        uwsgi_read_timeout GEN3_UWSGI_TIMEOUT;
+        uwsgi_ignore_client_abort on;
+        access_log off;
+    }
+
+    error_page 502 /502.html;
+    location /502.html {
+        return 504 '{"error": "Request Timeout or Service Unavailable"}';
+    }
+
+    error_page 504 /504.html;
+    location /504.html {
+        return 504 '{"error": "Request Timeout"}';
+    }
+}

uwsgi.ini

@@ -3,8 +3,4 @@ socket = /tmp/uwsgi.sock
 chown-socket = nginx:nginx
 chmod-socket = 664
 # Graceful shutdown on SIGTERM, see https://github.com/unbit/uwsgi/issues/849#issuecomment-118869386
-hook-master-start = unix_signal:15 gracefully_kill_them_all
-need-app = true
-die-on-term = true
-# For debugging and testing
-show-config = true
+hook-master-start = unix_signal:15 gracefully_kill_them_all