/
01_setup_web_container.config
277 lines (232 loc) · 7.94 KB
/
01_setup_web_container.config
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
packages:
yum:
freetype-devel: []
libffi-devel: []
libpng-devel: []
libjpeg-turbo-devel: []
libevent: []
libevent-devel: []
python27-devel: []
nginx: []
git: []
files:
"/etc/nginx/nginx.conf" :
mode: "000644"
owner: root
group: root
content: |
user nginx; # Needed for permissions
pid /var/run/nginx.pid;
worker_processes 4; # Match number of cores
worker_rlimit_nofile 200000;
error_log /var/log/nginx/error.log;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
open_file_cache max=200000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
keepalive_timeout 15 5;
keepalive_requests 5000;
reset_timedout_connection on;
client_body_timeout 10;
send_timeout 20;
port_in_redirect off;
server_tokens off; # Remove version info
tcp_nodelay on;
tcp_nopush on;
sendfile on;
gzip on;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript text/x-js;
gzip_comp_level 6;
gzip_proxied any;
gzip_vary on;
include /etc/nginx/conf.d/*.conf;
include mime.types;
default_type application/octet-stream;
}
"/etc/nginx/conf.d/webapp.conf" :
mode: "000644"
owner: root
group: root
content: |
upstream python_backend {
server unix:///opt/python/log/uwsgi.sock;
}
server {
listen 8080 default_server; # avoid to be conflit with apache2, will change to 80 after app is deployed
server_name _;
# No logs, to avoid filling the instance disk
log_not_found off;
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. {
deny all;
}
location /generate_204 {
log_not_found off;
access_log off;
return 204;
}
location /static/ {
alias /opt/python/current/app/static/;
}
location / {
try_files $uri @python_webapp;
}
location @python_webapp {
uwsgi_pass python_backend;
uwsgi_param Host $host;
uwsgi_param X-Real-IP $remote_addr;
uwsgi_param X-Forwarded-For $proxy_add_x_forwarded_for;
uwsgi_param X-Forwarded-Proto $http_x_forwarded_proto;
uwsgi_param REMOTE_HOST $remote_addr;
include uwsgi_params;
}
}
"/opt/python/bin/uwsgilaunch" :
mode: "000755"
owner: root
group: root
content: |
#!/bin/bash
# Launch uWSGI server
# The purpose of this script is to set some environment variables before
# launching uWSGI server.
source /opt/python/current/env
if [ -f /etc/elasticbeanstalk/set-ulimit.sh ]; then
source /etc/elasticbeanstalk/set-ulimit.sh
fi
exec /opt/python/run/venv/bin/uwsgi \
--socket=/opt/python/log/uwsgi.sock \
--chdir=/opt/python/current/app \
--module=${WSGI_MODULE}:application \
--master \
--pidfile=/opt/python/run/uwsgi-master.pid \
--processes=5 \
--uid=wsgi \
--gid=wsgi \
--harakiri=60 \
--max-requests=5000 \
--vacuum \
--venv=/opt/python/run/venv \
--chmod-socket=666
"/opt/python/etc/uwsgi.conf" :
mode: "000644"
owner: root
group: root
content: |
[program:uwsgi]
command=/opt/python/bin/uwsgilaunch
directory=/opt/python/current/app
autostart=true
autorestart=unexpected
startsecs=1 ; number of secs prog must stay running (def. 1)
startretries=3 ; max # of serial start failures (default 3)
exitcodes=0,2 ; 'expected' exit codes for process (default 0,2)
killasgroup=false ; SIGKILL the UNIX process group (def false)
stdout_logfile=/opt/python/log/uwsgi.out
stdout_logfile_maxbytes=50MB ; max # logfile bytes b4 rotation (default 50MB)
stdout_logfile_backups=10 ; # of stdout logfile backups (default 10)
redirect_stderr=true
"/opt/elasticbeanstalk/hooks/appdeploy/enact/99loadnewservice.sh" :
mode: "000755"
owner: root
group: root
content: |
#!/usr/bin/env bash
export PATH=$PATH:/usr/local/bin
LINE='Listen 8081'
if ! grep -qF "$LINE" /etc/httpd/conf/httpd.conf
then
sed -i 's/Listen 80/Listen 8081/g' /etc/httpd/conf/httpd.conf
fi
# Also replace in wsgi.conf
LINE='<VirtualHost \*:8081>'
if ! grep -qF "$LINE" /etc/httpd/conf.d/wsgi.conf
then
sed -i 's/<VirtualHost \*:80>/<VirtualHost *:8081>/g' /etc/httpd/conf.d/wsgi.conf
fi
LINE='files = uwsgi.conf'
if ! grep -qF "$LINE" /opt/python/etc/supervisord.conf
then
echo "[include]" >> /opt/python/etc/supervisord.conf && echo "$LINE" >> /opt/python/etc/supervisord.conf
fi
supervisorctl -c /opt/python/etc/supervisord.conf reread
supervisorctl -c /opt/python/etc/supervisord.conf reload
sed -i 's/listen 8080/listen 80/g' /etc/nginx/conf.d/webapp.conf
service nginx restart
"/opt/elasticbeanstalk/hooks/configdeploy/enact/99loadnewservice.sh" :
mode: "000755"
owner: root
group: root
content: |
#!/usr/bin/env bash
export PATH=$PATH:/usr/local/bin
LINE='Listen 8081'
if ! grep -qF "$LINE" /etc/httpd/conf/httpd.conf
then
sed -i 's/Listen 80/Listen 8081/g' /etc/httpd/conf/httpd.conf
fi
# Also replace in wsgi.conf
LINE='<VirtualHost \*:8081>'
if ! grep -qF "$LINE" /etc/httpd/conf.d/wsgi.conf
then
sed -i 's/<VirtualHost \*:80>/<VirtualHost *:8081>/g' /etc/httpd/conf.d/wsgi.conf
fi
LINE='files = uwsgi.conf'
if ! grep -qF "$LINE" /opt/python/etc/supervisord.conf
then
echo "[include]" >> /opt/python/etc/supervisord.conf && echo "$LINE" >> /opt/python/etc/supervisord.conf
fi
supervisorctl -c /opt/python/etc/supervisord.conf reread
supervisorctl -c /opt/python/etc/supervisord.conf reload
sed -i 's/listen 8080/listen 80/g' /etc/nginx/conf.d/webapp.conf
service nginx restart
"/opt/elasticbeanstalk/hooks/restartappserver/enact/99restartnginx.sh" :
mode: "000755"
owner: root
group: root
content: |
#!/bin/bash
set -xe
if [ -z "$EB_SYSTEM_STARTUP" ];
then
/usr/local/bin/supervisorctl -c /opt/python/etc/supervisord.conf restart uwsgi
service nginx restart
fi
eventHelper.py --msg "Nginx and uWSGI server successfully restarted." --severity INFO
"/opt/elasticbeanstalk/tasks/bundlelogs.d/nginx.conf" :
mode: "000644"
owner: root
group: root
content: |
/var/log/nginx/*log
"/opt/elasticbeanstalk/tasks/publishlogs.d/nginx.conf" :
mode: "000644"
owner: root
group: root
content: |
/var/log/nginx/*log
"/opt/elasticbeanstalk/tasks/systemtaillogs.d/nginx.conf" :
mode: "000644"
owner: root
group: root
content: |
/var/log/nginx/*log
"/opt/elasticbeanstalk/tasks/taillogs.d/nginx.conf" :
mode: "000644"
owner: root
group: root
content: |
/var/log/nginx/*log
services:
sysvinit:
nginx:
enabled: true
ensureRunning: true