Migrate from gunicorn to uwsgi and remove nginx dependency for http basicauth

2017-05-09 18:22:04 +02:00 · 2017-05-09 18:22:04 +02:00 · 237ea992f2
parent fa5a3603ba
commit 237ea992f2
6 changed files with 49 additions and 73 deletions
--- a/rootfs/Dockerfile
+++ b/rootfs/Dockerfile
@ -1,6 +1,6 @@
-FROM keitaro/base:0.1
+FROM keitaro/base:0.2
-MAINTAINER Keitaro Inc <info@keitaro.info>
+MAINTAINER Keitaro Inc <info@keitaro.com>
 ENV APP_DIR=/srv/app
 ENV SRC_DIR=/srv/app/src
@ -15,16 +15,19 @@ WORKDIR ${APP_DIR}
 #########################
 ### Base docker layer ###
 #########################
 # Create a local user and group to run the app
 RUN addgroup -g 92 -S ckan && \
    adduser -u 92 -h /srv/app -H -D -S -G ckan ckan
 # Install necessary packages to run CKAN
 RUN apk add --no-cache git \
        gettext \
        postgresql-client \
        python \
        nginx \
        apache2-utils && \
    # Packages to build CKAN requirements and plugins
    apk add --no-cache --virtual .build-deps \
        postgresql-dev \
        linux-headers \
        gcc \
        make \
        g++ \
@ -32,15 +35,14 @@ RUN apk add --no-cache git \
        automake \
 	libtool \
        musl-dev \
        pcre-dev \
        python-dev && \
    # Create SRC_DIR
    mkdir -p ${SRC_DIR} && \
-    # Create nginx run dir
+    # Install pip and uwsgi
    mkdir -p /run/nginx && \
    # Install pip and gunicorn
    curl -o ${SRC_DIR}/get-pip.py https://bootstrap.pypa.io/get-pip.py && \
    python ${SRC_DIR}/get-pip.py && \
-    pip install gunicorn gevent && \
+    pip install --no-cache-dir uwsgi gevent && \
    rm -rf ${SRC_DIR}/get-pip.py
 ############################
@ -64,15 +66,21 @@ RUN pip install -e git+${GIT_URL}@${GIT_BRANCH}#egg=ckan && \
    cp who.ini ${APP_DIR} && \
    pip install -r requirements.txt && \
    # Install CKAN envvars to support loading config from environment variables
-    pip install -e git+https://github.com/okfn/ckanext-envvars.git#egg=ckanext-envvars && \
+    pip install -e git+https://github.com/okfn/ckanext-envvars.git@0.0.1#egg=ckanext-envvars && \
    # Create and update CKAN config
    paster --plugin=ckan make-config ckan ${APP_DIR}/production.ini && \
-    paster --plugin=ckan config-tool ${APP_DIR}/production.ini "ckan.plugins = ${CKAN__PLUGINS}"
+    paster --plugin=ckan config-tool ${APP_DIR}/production.ini "ckan.plugins = ${CKAN__PLUGINS}" && \
    # Change ownership to app user
    chown -R ckan:ckan /srv/app && \
    # Clear the .git directory
    rm -rf /srv/app/src/ckan/.git
-COPY setup ${APP_DIR}
+COPY setup/app ${APP_DIR}
 EXPOSE 5000
 HEALTHCHECK --interval=10s --timeout=5s --retries=5 CMD curl --fail http://localhost:5000/api/3/action/status_show || exit 1
 USER ckan
 CMD ["/srv/app/start_ckan.sh"]
--- a/rootfs/setup/app/prerun.py
+++ b/rootfs/setup/app/prerun.py
--- a/rootfs/setup/app/start_ckan.sh
+++ b/rootfs/setup/app/start_ckan.sh
@ -0,0 +1,29 @@
 #!/bin/bash
 # Run the prerun script to init CKAN and create the default admin user
 python prerun.py
 # Set the common uwsgi options
 UWSGI_OPTS="--socket /tmp/uwsgi.sock --thunder-lock --uid 92 --gid 92 --http :5000 --master --single-interpreter --enable-threads --paste config:/srv/app/production.ini --gevent 2000 -p 4 -L"
 # Check whether http basic auth password protection is enabled and enable basicauth routing on uwsgi respecfully
 if [ $? -eq 0 ]
 then
  if [ "$PASSWORD_PROTECT" = true ]
  then
    if [ "$HTPASSWD_USER" ] || [ "$HTPASSWD_PASSWORD" ]
    then
      # Generate htpasswd file for basicauth
      htpasswd -d -b -c /srv/app/.htpasswd $HTPASSWD_USER $HTPASSWD_PASSWORD
      # Start uwsgi with basicauth
      uwsgi --ini /srv/app/uwsgi.conf --pcre-jit $UWSGI_OPTS
    else
      echo "Missing HTPASSWD_USER or HTPASSWD_PASSWORD environment variables. Exiting..."
      exit 1
    fi
  else
    # Start uwsgi
    uwsgi $UWSGI_OPTS
  fi
 else
  echo "[prerun] failed...not starting CKAN."
 fi
--- a/rootfs/setup/app/uwsgi.conf
+++ b/rootfs/setup/app/uwsgi.conf
@ -0,0 +1,2 @@
 [uwsgi]
 route = ^(?!/api).*$ basicauth:Restricted,/srv/app/.htpasswd
--- a/rootfs/setup/nginx.conf
+++ b/rootfs/setup/nginx.conf
@ -1,41 +0,0 @@
 worker_processes  4;
 events {
    worker_connections  1024;
 }
 http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    client_max_body_size 100m;
    keepalive_timeout  65;
    server {
        listen       5000;
        server_name  localhost;
        auth_basic "Restricted";
        auth_basic_user_file /srv/app/.htpasswd;
        location / {
            auth_basic "Restricted";
            auth_basic_user_file /srv/app/.htpasswd;
            proxy_pass http://127.0.0.1:4000/;
            proxy_redirect off;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_set_header Host $host;
        }
        location /api/3/action/status_show {
            auth_basic "off";
            proxy_pass http://127.0.0.1:4000/api/3/action/status_show;
            proxy_redirect off;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_set_header Host $host;
        }
    }
 }
--- a/rootfs/setup/start_ckan.sh
+++ b/rootfs/setup/start_ckan.sh
@ -1,22 +0,0 @@
 #!/bin/bash
 python prerun.py
 if [ $? -eq 0 ]
 then
  if [ "$PASSWORD_PROTECT" = true ]
  then
    if [ "$HTPASSWD_USER" ] || [ "$HTPASSWD_PASSWORD" ]
    then
      cp -a /srv/app/nginx.conf /etc/nginx/nginx.conf
      htpasswd -b -c /srv/app/.htpasswd $HTPASSWD_USER $HTPASSWD_PASSWORD
      nginx
      gunicorn --log-file=- -k gevent -w 4 -b 127.0.0.1:4000 --paste production.ini
    else
      echo "Missing HTPASSWD_USER or HTPASSWD_PASSWORD environment variables. Exiting..."
      exit 1
    fi
  else
    gunicorn --log-file=- -k gevent -w 4 -b 0.0.0.0:5000 --paste production.ini
  fi
 else
  echo "[prerun] failed...not starting CKAN."
 fi
		`@ -0,0 +1,2 @@`
							`[uwsgi]`
							`route = ^(?!/api).*$ basicauth:Restricted,/srv/app/.htpasswd`