From 2774350ae29db60248d7235893c429245af769f5 Mon Sep 17 00:00:00 2001 From: Cuong Tran Date: Sun, 8 Oct 2017 17:46:07 +0700 Subject: [PATCH] Add Dockerfile: minimize docker image by using nginx (alpine) --- Dockerfile-coc | 11 +++++ docker-entrypoint.sh | 106 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 117 insertions(+) create mode 100644 Dockerfile-coc create mode 100755 docker-entrypoint.sh diff --git a/Dockerfile-coc b/Dockerfile-coc new file mode 100644 index 00000000..a0712016 --- /dev/null +++ b/Dockerfile-coc @@ -0,0 +1,11 @@ +FROM nginx:1.13-alpine +RUN apk add --no-cache openssl + +WORKDIR /app + +COPY docker-entrypoint.sh / +COPY _site /app + +EXPOSE 80 + +CMD ["/docker-entrypoint.sh"] \ No newline at end of file diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh new file mode 100755 index 00000000..47a7e133 --- /dev/null +++ b/docker-entrypoint.sh @@ -0,0 +1,106 @@ +#!/bin/sh +set -e + +[ -n "$HOST" ] || ( echo "HOST required - You must supply the FQDN of the public host"; false ) + +SCHEME=${SCHEME:-http} +USERNAME=${USERNAME:-elasticsearch} +PASSWORD=${PASSWORD:-elasticsearch@123} +ES_HOST=${ES_HOST:-172.17.0.1} +ES_PORT=${ES_PORT:-9200} +PORT=${PORT:-80} + +echo "$USERNAME:$(openssl passwd -crypt $PASSWORD 2>/dev/null)" > /etc/nginx/.htpasswd + +CONFDIR=/etc/nginx/conf +[ -d /etc/nginx/conf.d ] && CONFDIR=/etc/nginx/conf.d + +cat < $CONFDIR/default.conf +upstream elasticsearch { + server $ES_HOST:$ES_PORT; + keepalive 15; +} +server { + listen *:$PORT ; + server_name $HOST; + access_log /dev/stdout; + error_log /dev/stderr; +EOF + +if [ "${SCHEME}" == "https" ]; then + +cat <> $CONFDIR/default.conf + # Enforce SSL + if (\$http_x_forwarded_proto != '$SCHEME') { + rewrite ^ $SCHEME://\$host$request_uri? permanent; + } +EOF + +fi + +cat <> $CONFDIR/default.conf + auth_basic "Protected ElasticSearchHQ"; + auth_basic_user_file /etc/nginx/.htpasswd; + proxy_read_timeout 90; + proxy_http_version 1.1; + proxy_set_header Connection "Keep-Alive"; + proxy_set_header Proxy-Connection "Keep-Alive"; + + proxy_set_header X-Real-IP \$proxy_add_x_forwarded_for; + proxy_set_header X-ELB-IP \$remote_addr; + proxy_set_header X-ELB-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_set_header Host \$http_host; + proxy_set_header Referer $HOST; + + # For CORS Ajax + proxy_pass_header Access-Control-Allow-Origin; + proxy_pass_header Access-Control-Allow-Methods; + proxy_hide_header Access-Control-Allow-Headers; + add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type'; + add_header Access-Control-Allow-Credentials true; + + location = / { + if (\$request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "$SCHEME://$HOST"; + add_header Access-Control-Allow-Methods "GET, OPTIONS"; + add_header Access-Control-Allow-Headers "Authorization"; + add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + + proxy_pass http://elasticsearch; + + expires max; + access_log on; + } + location / { + root /app; + + if (\$request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "$SCHEME://$HOST"; + add_header Access-Control-Allow-Methods "GET, OPTIONS"; + add_header Access-Control-Allow-Headers "Authorization"; + add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + + index index.html; + + try_files \$uri \$uri/ @proxypass; + + expires max; + access_log on; + } + + location @proxypass { + proxy_pass http://elasticsearch; + } +} +EOF + +# Starting nginx +exec nginx -g "daemon off;"