Migrate from gunicorn to uwsgi and remove nginx dependency for http basicauth

This commit is contained in:
Marko Bocevski 2017-05-09 18:22:04 +02:00
parent fa5a3603ba
commit 237ea992f2
6 changed files with 49 additions and 73 deletions

View File

@ -1,6 +1,6 @@
FROM keitaro/base:0.1 FROM keitaro/base:0.2
MAINTAINER Keitaro Inc <info@keitaro.info> MAINTAINER Keitaro Inc <info@keitaro.com>
ENV APP_DIR=/srv/app ENV APP_DIR=/srv/app
ENV SRC_DIR=/srv/app/src ENV SRC_DIR=/srv/app/src
@ -15,16 +15,19 @@ WORKDIR ${APP_DIR}
######################### #########################
### Base docker layer ### ### Base docker layer ###
######################### #########################
# Create a local user and group to run the app
RUN addgroup -g 92 -S ckan && \
adduser -u 92 -h /srv/app -H -D -S -G ckan ckan
# Install necessary packages to run CKAN # Install necessary packages to run CKAN
RUN apk add --no-cache git \ RUN apk add --no-cache git \
gettext \ gettext \
postgresql-client \ postgresql-client \
python \ python \
nginx \
apache2-utils && \ apache2-utils && \
# Packages to build CKAN requirements and plugins # Packages to build CKAN requirements and plugins
apk add --no-cache --virtual .build-deps \ apk add --no-cache --virtual .build-deps \
postgresql-dev \ postgresql-dev \
linux-headers \
gcc \ gcc \
make \ make \
g++ \ g++ \
@ -32,15 +35,14 @@ RUN apk add --no-cache git \
automake \ automake \
libtool \ libtool \
musl-dev \ musl-dev \
pcre-dev \
python-dev && \ python-dev && \
# Create SRC_DIR # Create SRC_DIR
mkdir -p ${SRC_DIR} && \ mkdir -p ${SRC_DIR} && \
# Create nginx run dir # Install pip and uwsgi
mkdir -p /run/nginx && \
# Install pip and gunicorn
curl -o ${SRC_DIR}/get-pip.py https://bootstrap.pypa.io/get-pip.py && \ curl -o ${SRC_DIR}/get-pip.py https://bootstrap.pypa.io/get-pip.py && \
python ${SRC_DIR}/get-pip.py && \ python ${SRC_DIR}/get-pip.py && \
pip install gunicorn gevent && \ pip install --no-cache-dir uwsgi gevent && \
rm -rf ${SRC_DIR}/get-pip.py rm -rf ${SRC_DIR}/get-pip.py
############################ ############################
@ -64,15 +66,21 @@ RUN pip install -e git+${GIT_URL}@${GIT_BRANCH}#egg=ckan && \
cp who.ini ${APP_DIR} && \ cp who.ini ${APP_DIR} && \
pip install -r requirements.txt && \ pip install -r requirements.txt && \
# Install CKAN envvars to support loading config from environment variables # Install CKAN envvars to support loading config from environment variables
pip install -e git+https://github.com/okfn/ckanext-envvars.git#egg=ckanext-envvars && \ pip install -e git+https://github.com/okfn/ckanext-envvars.git@0.0.1#egg=ckanext-envvars && \
# Create and update CKAN config # Create and update CKAN config
paster --plugin=ckan make-config ckan ${APP_DIR}/production.ini && \ paster --plugin=ckan make-config ckan ${APP_DIR}/production.ini && \
paster --plugin=ckan config-tool ${APP_DIR}/production.ini "ckan.plugins = ${CKAN__PLUGINS}" paster --plugin=ckan config-tool ${APP_DIR}/production.ini "ckan.plugins = ${CKAN__PLUGINS}" && \
# Change ownership to app user
chown -R ckan:ckan /srv/app && \
# Clear the .git directory
rm -rf /srv/app/src/ckan/.git
COPY setup ${APP_DIR} COPY setup/app ${APP_DIR}
EXPOSE 5000 EXPOSE 5000
HEALTHCHECK --interval=10s --timeout=5s --retries=5 CMD curl --fail http://localhost:5000/api/3/action/status_show || exit 1 HEALTHCHECK --interval=10s --timeout=5s --retries=5 CMD curl --fail http://localhost:5000/api/3/action/status_show || exit 1
USER ckan
CMD ["/srv/app/start_ckan.sh"] CMD ["/srv/app/start_ckan.sh"]

29
rootfs/setup/app/start_ckan.sh Executable file
View File

@ -0,0 +1,29 @@
#!/bin/bash
# Run the prerun script to init CKAN and create the default admin user
python prerun.py
# Set the common uwsgi options
UWSGI_OPTS="--socket /tmp/uwsgi.sock --thunder-lock --uid 92 --gid 92 --http :5000 --master --single-interpreter --enable-threads --paste config:/srv/app/production.ini --gevent 2000 -p 4 -L"
# Check whether http basic auth password protection is enabled and enable basicauth routing on uwsgi respecfully
if [ $? -eq 0 ]
then
if [ "$PASSWORD_PROTECT" = true ]
then
if [ "$HTPASSWD_USER" ] || [ "$HTPASSWD_PASSWORD" ]
then
# Generate htpasswd file for basicauth
htpasswd -d -b -c /srv/app/.htpasswd $HTPASSWD_USER $HTPASSWD_PASSWORD
# Start uwsgi with basicauth
uwsgi --ini /srv/app/uwsgi.conf --pcre-jit $UWSGI_OPTS
else
echo "Missing HTPASSWD_USER or HTPASSWD_PASSWORD environment variables. Exiting..."
exit 1
fi
else
# Start uwsgi
uwsgi $UWSGI_OPTS
fi
else
echo "[prerun] failed...not starting CKAN."
fi

View File

@ -0,0 +1,2 @@
[uwsgi]
route = ^(?!/api).*$ basicauth:Restricted,/srv/app/.htpasswd

View File

@ -1,41 +0,0 @@
worker_processes 4;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
client_max_body_size 100m;
keepalive_timeout 65;
server {
listen 5000;
server_name localhost;
auth_basic "Restricted";
auth_basic_user_file /srv/app/.htpasswd;
location / {
auth_basic "Restricted";
auth_basic_user_file /srv/app/.htpasswd;
proxy_pass http://127.0.0.1:4000/;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
}
location /api/3/action/status_show {
auth_basic "off";
proxy_pass http://127.0.0.1:4000/api/3/action/status_show;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
}
}
}

View File

@ -1,22 +0,0 @@
#!/bin/bash
python prerun.py
if [ $? -eq 0 ]
then
if [ "$PASSWORD_PROTECT" = true ]
then
if [ "$HTPASSWD_USER" ] || [ "$HTPASSWD_PASSWORD" ]
then
cp -a /srv/app/nginx.conf /etc/nginx/nginx.conf
htpasswd -b -c /srv/app/.htpasswd $HTPASSWD_USER $HTPASSWD_PASSWORD
nginx
gunicorn --log-file=- -k gevent -w 4 -b 127.0.0.1:4000 --paste production.ini
else
echo "Missing HTPASSWD_USER or HTPASSWD_PASSWORD environment variables. Exiting..."
exit 1
fi
else
gunicorn --log-file=- -k gevent -w 4 -b 0.0.0.0:5000 --paste production.ini
fi
else
echo "[prerun] failed...not starting CKAN."
fi