Skip to content
Snippets Groups Projects
Commit 2d1ff5ad authored by FORESTIER Fabien's avatar FORESTIER Fabien
Browse files

Initial commit

parents
No related branches found
No related tags found
No related merge requests found
Pipeline #4501 passed
Stage: build
Hide whitespace changes
Inline Side-by-side
.gitignore 0 → 100644
+ 2
0
View file @ 2d1ff5ad
.env
\ No newline at end of file
.gitlab-ci.yml 0 → 100644
+ 30
0
View file @ 2d1ff5ad
stages:
- build
build_development:
stage: build
tags:
- build
only:
- development
script:
- export TAG=$CI_COMMIT_SHORT_SHA
- echo ${TAG}
- export NGINX_BIND_PORT=80
- docker-compose build nginx
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker-compose push
build_release:
stage: build
tags:
- build
only:
- tags
script:
- export TAG=$(echo $CI_COMMIT_TAG | sed 's/v//g')
- echo ${TAG}
- export NGINX_BIND_PORT=80
- docker-compose build nginx
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker-compose push
Dockerfile 0 → 100644
+ 14
0
View file @ 2d1ff5ad
FROM openresty/openresty:1.13.6.2-2-stretch
COPY nginx.conf /usr/local/openresty/nginx/conf/nginx.conf
COPY nginx.vh.default.template.conf /tmp/nginx.vh.default.template.conf
CMD envsubst '\$ANONYMOUS_USER \
\$GHOST_EDITORS_GROUPNAME \
\$PUBLISHED_POSTS_ALIAS \
\$PUBLISHED_PAGES_ALIAS \
\$DRAFT_POSTS_ALIAS \
\$DRAFT_PAGES_ALIAS \
\$ES_ALIAS_SUFFIX \
\$ES_UPSTREAM_SERVER' < /tmp/nginx.vh.default.template.conf > /etc/nginx/conf.d/default.conf && /usr/local/openresty/bin/openresty -g "daemon off;"
\ No newline at end of file
README.md 0 → 100644
+ 29
0
View file @ 2d1ff5ad
# Authorization and cache proxy for elasticsearch
## Installation
This proxy is based on an [openresty](https://hub.docker.com/r/openresty/openresty/) image.
## Environment variables
In order to run the code, some environment variables are needed. They are specified in the `template.env` file at the root of the project.
For a local deployment:
1. `cp template.env .env`
2. Edit .env according to the chosen configuration
The values will be read from the file by default when running with docker.
## Running the proxy
```bash
# build
docker-compose build
# deploy
docker-compose up [-d]
# build and deploy
docker-compose up --build [-d]
```
docker-compose.yml 0 → 100644
+ 25
0
View file @ 2d1ff5ad
version: "3.1"
services:
nginx:
build: .
image: registry.forge.grandlyon.com/web-et-numerique/web-et-numerique-internet/data.grandlyon.com/web-portal/components/proxies/authz-and-cache-for-es:${TAG}
environment:
- ES_ALIAS_SUFFIX=${ES_ALIAS_SUFFIX}
- ANONYMOUS_USER=${ANONYMOUS_USER}
- GHOST_EDITORS_GROUPNAME=${GHOST_EDITORS_GROUPNAME} # make sure to escape special characters
- PUBLISHED_POSTS_ALIAS=${PUBLISHED_POSTS_ALIAS}
- PUBLISHED_PAGES_ALIAS=${PUBLISHED_PAGES_ALIAS}
- DRAFT_POSTS_ALIAS=${DRAFT_POSTS_ALIAS}
- DRAFT_PAGES_ALIAS=${DRAFT_PAGES_ALIAS}
- ES_UPSTREAM_SERVER=${ES_UPSTREAM_SERVER}
volumes:
- nginx-cache:/var/cache/nginx/cache
- nginx-log:/var/log/nginx
ports:
- ${NGINX_BIND_PORT}:80
restart: unless-stopped
volumes:
nginx-cache:
nginx-log:
nginx.conf 0 → 100644
+ 58
0
View file @ 2d1ff5ad
# nginx.conf -- docker-openresty
#
# This file is installed to:
# `/usr/local/openresty/nginx/conf/nginx.conf`
# and is the file loaded by nginx at startup,
# unless the user specifies otherwise.
#
# It tracks the upstream OpenResty's `nginx.conf`, but removes the `server`
# section and adds this directive:
# `include /etc/nginx/conf.d/*.conf;`
#
# The `docker-openresty` file `nginx.vh.default.conf` is copied to
# `/etc/nginx/conf.d/default.conf`. It contains the `server section
# of the upstream `nginx.conf`.
#
# See https://github.com/openresty/docker-openresty/blob/master/README.md#nginx-config-files
#
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
log_format my_log_format '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'$request_time $upstream_response_time $pipe "$request_body"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
nginx.vh.default.template.conf 0 → 100644
+ 89
0
View file @ 2d1ff5ad
# nginx.vh.default.conf -- docker-openresty
#
# This file is installed to:
# `/etc/nginx/conf.d/default.conf`
#
# It tracks the `server` section of the upstream OpenResty's `nginx.conf`.
#
# This config (and any other configs in `etc/nginx/conf.d/`) is loaded by
# default by the `include` directive in `/usr/local/openresty/nginx/conf/nginx.conf`.
#
# See https://github.com/openresty/docker-openresty/blob/master/README.md#nginx-config-files
#
##
# Cache Settings
##
proxy_cache_path /var/cache/nginx/cache keys_zone=elasticsearch:10m inactive=1d max_size=10g use_temp_path=off;
server {
listen 80;
server_name localhost;
#charset koi8-r;
access_log /var/log/nginx/access.log my_log_format;
error_log /var/log/nginx/error.log;
location /_search {
if ($http_x_consumer_username = '') {
set_by_lua_block $elasticsearch_alias { return ngx.md5('${ANONYMOUS_USER}') }
# set_by_lua_block $elasticsearch_alias { return '${ANONYMOUS_USER}' }
}
if ($http_x_consumer_username != '') {
set_by_lua_block $elasticsearch_alias { return ngx.md5(ngx.var.http_x_consumer_username) }
# set_by_lua_block $elasticsearch_alias { return ngx.var.http_x_consumer_username }
# set_by_lua_block $elasticsearch_alias { return '${ANONYMOUS_USER}' }
}
set_by_lua_block $ghost_alias {
if ngx.var.http_x_consumer_groups == nil then
return ",${PUBLISHED_POSTS_ALIAS},${PUBLISHED_PAGES_ALIAS}"
elseif string.find( ngx.var.http_x_consumer_groups, "${GHOST_EDITORS_GROUPNAME}" ) ~= nil then
return ",${PUBLISHED_POSTS_ALIAS},${DRAFT_POSTS_ALIAS},${PUBLISHED_PAGES_ALIAS},${DRAFT_PAGES_ALIAS}"
else
return ",${PUBLISHED_POSTS_ALIAS},${PUBLISHED_PAGES_ALIAS}"
end
}
set $aliases '${elasticsearch_alias}${ES_ALIAS_SUFFIX}${ghost_alias}';
rewrite ^/(.*)$ /$aliases/$1 break;
# FOR DEBUG PURPOSES ONLY
add_header X-Consumer-Username $http_x_consumer_username;
add_header X-Consumer-Groups $http_x_consumer_groups;
add_header X-Anonymous-Consumer $http_x_anonymous_consumer;
add_header X-Elasticsearch-Alias $elasticsearch_alias;
add_header X-Ghost-Alias $ghost_alias;
add_header X-Aliases $aliases;
#
# cache ------------------------------------------
proxy_cache elasticsearch;
proxy_cache_valid 200 302 1m;
proxy_cache_valid 404 1m;
proxy_cache_background_update on;
proxy_cache_use_stale updating;
proxy_cache_revalidate on;
proxy_cache_methods GET HEAD POST;
proxy_cache_key "$aliases|$request_uri|$request_body";
proxy_cache_bypass $http_nocache;
add_header X-Cache-Status $upstream_cache_status;
# ------------------------------------------------
proxy_http_version 1.1;
proxy_set_header Connection "Keep-Alive";
proxy_set_header Proxy-Connection "Keep-Alive";
proxy_pass ${ES_UPSTREAM_SERVER};
}
}
template.env 0 → 100644
+ 11
0
View file @ 2d1ff5ad
TAG=<version of the proxy to be built deployed>
ES_ALIAS_SUFFIX=<suffix of es alias ex: -dev>
ANONYMOUS_USER=<anonymous username in kong>
GHOST_EDITORS_GROUPNAME=<ghost editor group name, make sure to escape special characters>
PUBLISHED_POSTS_ALIAS=<es alias of the published posts>
PUBLISHED_PAGES_ALIAS=<es alias of the published pages>
DRAFT_POSTS_ALIAS=<es alias of the draft post>
DRAFT_PAGES_ALIAS=<es alias of the draft pages>
ES_UPSTREAM_SERVER=<address of elasticsearch upstream, ex: 'elasticsearch:9200'>
NGINX_BIND_PORT=<listening port of the proxy>
\ No newline at end of file
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment