Merge pull request #20 from bryanlatten/feature-alpine

Dockerfile: based on alpine

Author: Bryan Latten

Dockerfile

@@ -1,30 +1,31 @@
-FROM ubuntu:14.04.3
+FROM alpine:3.3
 MAINTAINER Bryan Latten <[email protected]>
 
 # Use in multi-phase builds, when an init process requests for the container to gracefully exit, so that it may be committed
-ENV SIGNAL_BUILD_STOP 99
-
 # Used with alternative CMD (worker.sh), leverages supervisor to maintain long-running processes
-ENV CONTAINER_ROLE=web
+ENV SIGNAL_BUILD_STOP=99 \
+    CONTAINER_ROLE=web \
+    CONF_NGINX_SITE="/etc/nginx/sites-available/default" \
+    CONF_NGINX_SERVER="/etc/nginx/nginx.conf" \
+    NOT_ROOT_USER=docker
+
+# Create an unprivileged user
+RUN adduser -D -S -H $NOT_ROOT_USER
 
 # IMPORTANT: update is *part* of the upgrade statement to ensure the latest on each build.
-# Installs pre-reqs, security updates
-RUN apt-get update && \
-    apt-get upgrade -yq && \
-    apt-get -yq install \
-        openssl \
-        ca-certificates \
-        software-properties-common \
+# Note: sed/grep replace the less performant, less functional busybox versions
+RUN apk update && \
+    apk upgrade && \
+    apk add \
+        sed \
+        grep \
         supervisor \
-        nano
-
-# Install latest nginx-stable
-RUN add-apt-repository ppa:nginx/stable -y && \
-    apt-get update -yq && \
-    apt-get install -yq nginx
+        nginx \
+    && \
+    rm -rf /var/cache/apk/*
 
 # Overlay the root filesystem from this repo
 COPY ./container/root /
 
 EXPOSE 80
-CMD ["/bin/bash", "/run.sh"]
+CMD ["/bin/sh", "/run.sh"]

README.md

@@ -9,6 +9,8 @@ Variable | Example | Description
 `SERVER_APP_NAME` | `SERVER_APP_NAME='view'` | Sets a kv pair to be consumed by logging service for easy parsing and searching
 `SERVER_GZIP_OPTIONS` | `SERVER_GZIP_OPTIONS=1` | Allows default set of static content to be served gzipped
 `SERVER_SENDFILE` | `SERVER_SENDFILE=off` | Allows runtime to specify value of nginx's `sendfile` (default, on)
+`SERVER_KEEPALIVE` | `SERVER_KEEPALIVE=30` | Define HTTP 1.1's keepalive timeout
+`SERVER_WORKER_CONNECTIONS` | `SERVER_WORKER_CONNECTIONS=2048` | Sets up the number of connections for worker processes
 
 
 ### Runtime Commands

container/root/etc/nginx/nginx.conf

@@ -0,0 +1,125 @@
+#############################################################
+# Replace nginx configuration directly in this file,
+# removing the need to perform error-prone replacements
+# at build time.
+#
+# For run-time replacements, ie, consuming environment vars,
+# add to the run.d/nginx script
+#############################################################
+
+user nobody;
+worker_processes auto;
+
+pid /tmp/nginx.pid;
+
+events {
+    # @see http://serverfault.com/questions/209014/how-can-i-observe-what-nginx-is-doing-to-solve-1024-worker-connections-are-n
+    worker_connections 1024;
+}
+
+http {
+
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+                    '$status $body_bytes_sent "$http_referer" '
+                    '"$http_user_agent" "$http_x_forwarded_for" NGINX_SERVER';
+
+    error_log /dev/stdout info;
+    access_log /dev/stdout main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    client_body_temp_path /tmp/client_body;
+    fastcgi_temp_path /tmp/fastcgi_temp;
+    proxy_temp_path /tmp/proxy_temp;
+    scgi_temp_path /tmp/scgi_temp;
+    uwsgi_temp_path /tmp/uwsgi_temp;
+
+    server {
+        listen       80;
+        server_name  localhost;
+
+        #charset koi8-r;
+
+        location / {
+            root   html;
+            index  index.html index.htm;
+        }
+
+        #error_page  404              /404.html;
+
+        # redirect server error pages to the static page /50x.html
+        #
+        error_page   500 502 503 504  /50x.html;
+        location = /50x.html {
+            root   html;
+        }
+
+        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
+        #
+        #location ~ \.php$ {
+        #    proxy_pass   http://127.0.0.1;
+        #}
+
+        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+        #
+        #location ~ \.php$ {
+        #    root           html;
+        #    fastcgi_pass   127.0.0.1:9000;
+        #    fastcgi_index  index.php;
+        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
+        #    include        fastcgi_params;
+        #}
+
+        # deny access to .htaccess files, if Apache's document root
+        # concurs with nginx's one
+        #
+        #location ~ /\.ht {
+        #    deny  all;
+        #}
+    }
+
+
+    # another virtual host using mix of IP-, name-, and port-based configuration
+    #
+    #server {
+    #    listen       8000;
+    #    listen       somename:8080;
+    #    server_name  somename  alias  another.alias;
+
+    #    location / {
+    #        root   html;
+    #        index  index.html index.htm;
+    #    }
+    #}
+
+
+    # HTTPS server
+    #
+    #server {
+    #    listen       443 ssl;
+    #    server_name  localhost;
+
+    #    ssl_certificate      cert.pem;
+    #    ssl_certificate_key  cert.key;
+
+    #    ssl_session_cache    shared:SSL:1m;
+    #    ssl_session_timeout  5m;
+
+    #    ssl_ciphers  HIGH:!aNULL:!MD5;
+    #    ssl_prefer_server_ciphers  on;
+
+    #    location / {
+    #        root   html;
+    #        index  index.html index.htm;
+    #    }
+    #}
+
+}

container/root/etc/nginx/sites-available/default

@@ -1,5 +1,3 @@
-# NOTE: the syntax in most directives is sadly duplicated in run.sh,
-# in order to replace at runtime with `sed`, therefore, check for changes in both places
 server {
   listen 80;
 

container/root/init.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 
 RUN_SCRIPTS=/run.d
 STATUS=0
@@ -13,7 +13,7 @@ for file in $RUN_SCRIPTS/*.sh; do
   echo "[init] executing ${file}"
 
   # Note: -e will enforce that any subcommand that fails will fail the entire script run
-  /bin/bash -e $file
+  /bin/sh -e $file
 
   STATUS=$?  # Captures exit code from script that was run
 

container/root/run.d/10-nginx.sh

@@ -1,44 +1,46 @@
-#!/bin/bash
-CONFIG_SITE=/etc/nginx/sites-available/default
-CONFIG_SERVER=/etc/nginx/nginx.conf
+#!/bin/sh
 
-echo '[nginx] setting sensible defaults'
-
-# Configure nginx to use as many workers as there are cores for the running container
-# NOTE: worker_processes is only replaced when *not* set to auto
-sed -i "s/worker_processes [0-9]\+/worker_processes $(nproc)/" $CONFIG_SERVER
-sed -i "s/worker_connections [0-9]\+/worker_connections 1024/" $CONFIG_SERVER
-
-# Uncomment prod-level tokens (none)
-sed -i "s/\#\ server_tokens/server_tokens/" $CONFIG_SERVER
-
-echo '[nginx] piping logs to STDOUT'
-
-# Set access/error log, and use them as a placeholder for injecting log_format key
-# IMPORTANT: string match the entire default access log path, making access_log + log_format injection idempotent
-sed -i "s/access_log \/var\/log\/nginx\/access\.log;/    log_format main \'\$remote_addr - \$remote_user [\$time_local] \"\$request\" \$status \$bytes_sent \"\$http_referer\" \"\$http_user_agent\" ${SERVER_APP_NAME}\';\n access_log \/dev\/stdout main;\n/" $CONFIG_SERVER
-sed -i "s/error_log [a-z\/\.\ \;]\+/error_log \/dev\/stdout info;/" $CONFIG_SERVER
+if [[ $SERVER_APP_NAME ]]
+then
+  echo "[nginx] adding app name (${SERVER_APP_NAME}) to log format"
+  sed -i "s/NGINX_SERVER/${SERVER_APP_NAME}/" $CONF_NGINX_SERVER
+else
+  echo "[nginx] missing \$SERVER_APP_NAME to add to log lines, please add environment variable"
+fi
 
 if [[ $SERVER_SENDFILE ]]
 then
   echo "[nginx] server sendfile status is ${SERVER_SENDFILE}"
-  sed -i "s/sendfile on/sendfile ${SERVER_SENDFILE}/" $CONFIG_SERVER
+  sed -i "s/sendfile .*;/sendfile ${SERVER_SENDFILE};/" $CONF_NGINX_SERVER
 fi
 
 if [[ $SERVER_MAX_BODY_SIZE ]]
 then
   echo "[nginx] server client max body is ${SERVER_MAX_BODY_SIZE}"
-  sed -i "s/client_max_body_size 1m/client_max_body_size ${SERVER_MAX_BODY_SIZE}/" $CONFIG_SITE
+  sed -i "s/client_max_body_size .*;/client_max_body_size ${SERVER_MAX_BODY_SIZE};/" $CONF_NGINX_SITE
 fi
 
 if [[ $SERVER_INDEX ]]
 then
   echo "[nginx] server index is ${SERVER_INDEX}"
-  sed -i "s/index index.html index.htm/index ${SERVER_INDEX}/" $CONFIG_SITE
+  sed -i "s/index .*;/index ${SERVER_INDEX};/" $CONF_NGINX_SITE
 fi
 
 if [[ $SERVER_GZIP_OPTIONS ]]
 then
+  echo "[nginx] enabling gzip"
     # Uncomments all gzip handling options
-  sed -i "s/\#\ gzip/gzip/" $CONFIG_SERVER
+  sed -i "s/\#gzip/gzip/" $CONF_NGINX_SERVER
+fi
+
+if [[ $SERVER_KEEPALIVE ]]
+then
+  echo "[nginx] setting keepalive ${SERVER_KEEPALIVE}"
+  sed -i "s/\keepalive_timeout .*;/keepalive_timeout ${SERVER_KEEPALIVE};/" $CONF_NGINX_SERVER
+fi
+
+if [[ $SERVER_WORKER_CONNECTIONS ]]
+then
+  echo "[nginx] setting worker connection limit ${SERVER_WORKER_CONNECTIONS}"
+  sed -i "s/\worker_connections .*;/worker_connections ${SERVER_WORKER_CONNECTIONS};/" $CONF_NGINX_SERVER
 fi

container/root/run.sh

@@ -1,7 +1,7 @@
-#!/bin/bash
+#!/bin/sh
 
 # Begin startup sequence
-/init.sh
+/bin/sh -e /init.sh
 
 STATUS=$?  # Captures exit code from script that was run
 

container/root/worker.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 
 # Entrypoint for utilizing as a worker pool instead of a web server
 # Based on configuration, can run multiple instances of a single worker process