diff --git a/Dockerfile b/Dockerfile index e8c1c352..eb0b3423 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,15 +1,13 @@ -FROM debian:jessie - -MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" - -RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 -RUN echo "deb http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list - -ENV NGINX_VERSION 1.9.6-1~jessie +FROM ubuntu:trusty +MAINTAINER alexander@mezon.ru RUN apt-get update && \ - apt-get install -y ca-certificates nginx=${NGINX_VERSION} && \ - rm -rf /var/lib/apt/lists/* + apt-get install -y software-properties-common && \ + add-apt-repository -y ppa:nginx/stable && \ + apt-get update && \ + apt-get install -y nginx-full && \ + mkdir -p /tmp/{1,2,3,4,5,6,7,8,9,10} \ + apt-get clean # forward request and error logs to docker log collector RUN ln -sf /dev/stdout /var/log/nginx/access.log diff --git a/abf-downloads.conf b/abf-downloads.conf new file mode 100644 index 00000000..594cf12a --- /dev/null +++ b/abf-downloads.conf @@ -0,0 +1,11 @@ +server { + listen 80; + server_name abf-downloads.openmandriva.org; + + location / { + root /abf-downloads; + autoindex on; + index index.html index.htm; + } + +} diff --git a/abf.conf b/abf.conf new file mode 100644 index 00000000..030111c5 --- /dev/null +++ b/abf.conf @@ -0,0 +1,41 @@ +upstream puma_server { + server unix:/app/rosa-build/rosa_build.sock fail_timeout=0; +} + +server { + listen 443 default ssl; + listen 80; + server_name abf.openmandriva.org; + + root /app/rosa-build/public; + try_files $uri @puma_server; + ssl on; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_certificate /etc/nginx/openmandriva.org.crt; + ssl_certificate_key /etc/nginx/openmandriva.org.key; + ssl_trusted_certificate /etc/nginx/gandi-standardssl-2.chain.pem; + ssl_stapling on; + ssl_stapling_verify on; + resolver 8.8.8.8; + + location @puma_server { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-Proto https; # if use ssl + proxy_redirect off; + proxy_pass http://puma_server; + } + + location ~ ^/(assets)/ { + gzip_static on; + expires max; + add_header Cache-Control public; + add_header Last-Modified ""; + add_header ETag ""; + + open_file_cache max=1000 inactive=500s; + open_file_cache_valid 600s; + open_file_cache_errors on; + break; + } +} diff --git a/errbit.conf b/errbit.conf new file mode 100644 index 00000000..a47bc800 --- /dev/null +++ b/errbit.conf @@ -0,0 +1,32 @@ +#upstream puma_server { +# server unix:/app/rosa-build/rosa_build.sock fail_timeout=0; +#} + +server { + listen 80; + server_name errbit.openmandriva.org; + + #root /app/rosa-build/public; + #try_files $uri @puma_server; + + location / { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + #proxy_set_header X-Forwarded-Proto https; # if use ssl + proxy_redirect off; + proxy_pass http://errbit:3000; + } + +# location ~ ^/(public)/ { +# gzip_static on; +# expires max; +# add_header Cache-Control public; +# add_header Last-Modified ""; +# add_header ETag ""; +# +# open_file_cache max=1000 inactive=500s; +# open_file_cache_valid 600s; +# open_file_cache_errors on; +# break; +# } +} diff --git a/file-store.conf b/file-store.conf new file mode 100644 index 00000000..c6b657d9 --- /dev/null +++ b/file-store.conf @@ -0,0 +1,33 @@ +upstream fs_server { + server file-store:443; +} + +server { + listen 80; + server_name file-store.openmandriva.org; + + root /app/file_store/public; + try_files $uri @fs_server; + + location @fs_server { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-Proto https; # if use ssl + proxy_set_header X-Accel-Mapping "/app/file_store/\d{14}/uploads/=/private_files/"; + proxy_redirect off; + proxy_pass http://fs_server; + } + + location ~ ^/(assets)/ { + gzip_static on; + expires max; + add_header Cache-Control public; + add_header Last-Modified ""; + add_header ETag ""; + + open_file_cache max=1000 inactive=500s; + open_file_cache_valid 600s; + open_file_cache_errors on; + break; + } +} diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 00000000..91b4d908 --- /dev/null +++ b/nginx.conf @@ -0,0 +1,32 @@ +user www-data; +worker_processes 2; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + +events { + worker_connections 1024; + accept_mutex on; + use epoll; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + access_log /var/log/nginx/access.log main; + sendfile on; + tcp_nopush on; + tcp_nodelay off; + + keepalive_timeout 65; + + client_max_body_size 4G; + + server_names_hash_bucket_size 64; + # include conf.d/rosa_build.conf; # force default ip access + include /etc/nginx/conf.d/*.conf; +}