Skip to content

Commit

Permalink
Merge pull request #13840 from rajatchopra/nginx
Browse files Browse the repository at this point in the history 
Automatic merge from submit-queue

nginx router based on template

template based nginx router implementation

/cc @jawnsy
  • Loading branch information
@openshift-merge-robot
openshift-merge-robot committed Sep 21, 2017
2 parents d1fcf38 + f0bc6b4 commit dc11ae9
Show file tree
Hide file tree
Showing 6 changed files with 264 additions and 0 deletions.
9 changes: 9 additions & 0 deletions hack/build-local-images.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,15 @@
},
"files": {}
},
"nginx-router": {
"directory": "router/nginx",
"binaries": {
"openshift": "/usr/bin/openshift"
},
"files": {
".": "/var/lib/nginx"
}
},
"haproxy-router": {
"directory": "router/haproxy",
"binaries": {
Expand Down
1 change: 1 addition & 0 deletions images/router/nginx/.cccp.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
job-id: origin-nginx-router
31 changes: 31 additions & 0 deletions images/router/nginx/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
#
# This is the NGINX router for OpenShift Origin.
#
# The standard name for this image is openshift/origin-nginx-router
#
FROM openshift/origin

RUN INSTALL_PKGS="nginx" && \
yum install -y "epel-release" && \
yum install -y $INSTALL_PKGS && \
rpm -V $INSTALL_PKGS && \
yum clean all && \
mkdir -p /var/lib/nginx/router/{certs,cacerts} && \
mkdir -p /var/lib/nginx/{conf,run,bin,log,logs} && \
touch /var/lib/nginx/conf/{{os_http_be,os_edge_http_be,os_tcp_be,os_sni_passthrough,os_reencrypt,os_route_http_expose,os_route_http_redirect,cert_config,os_wildcard_domain}.map,nginx.config} && \
setcap 'cap_net_bind_service=ep' /usr/sbin/nginx && \
chown -R :0 /var/lib/nginx && \
chown -R :0 /var/log/nginx && \
chmod -R 777 /var/log/nginx && \
chmod -R 777 /var/lib/nginx

COPY . /var/lib/nginx/

LABEL io.k8s.display-name="OpenShift Origin NGINX Router" \
io.k8s.description="This is a component of OpenShift Origin and contains an NGINX instance that automatically exposes services within the cluster through routes, and offers TLS termination, reencryption, or SNI-passthrough on ports 80 and 443."
USER 1001
EXPOSE 80 443
WORKDIR /var/lib/nginx/conf
ENV TEMPLATE_FILE=/var/lib/nginx/conf/nginx-config.template \
RELOAD_SCRIPT=/var/lib/nginx/reload-nginx
ENTRYPOINT ["/usr/bin/openshift-router"]
140 changes: 140 additions & 0 deletions images/router/nginx/conf/error-page-503.http
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,140 @@
HTTP/1.0 503 Service Unavailable
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache, no-store
Connection: close
Content-Type: text/html

<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">

<style type="text/css">
/*!
* Bootstrap v3.3.5 (http://getbootstrap.com)
* Copyright 2011-2015 Twitter, Inc.
* Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
*/
/*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */
html {
font-family: sans-serif;
-ms-text-size-adjust: 100%;
-webkit-text-size-adjust: 100%;
}
body {
margin: 0;
}
h1 {
font-size: 1.7em;
font-weight: 400;
line-height: 1.3;
margin: 0.68em 0;
}
* {
-webkit-box-sizing: border-box;
-moz-box-sizing: border-box;
box-sizing: border-box;
}
*:before,
*:after {
-webkit-box-sizing: border-box;
-moz-box-sizing: border-box;
box-sizing: border-box;
}
html {
-webkit-tap-highlight-color: rgba(0, 0, 0, 0);
}
body {
font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;
line-height: 1.66666667;
font-size: 13px;
color: #333333;
background-color: #ffffff;
margin: 2em 1em;
}
p {
margin: 0 0 10px;
font-size: 13px;
}
.alert.alert-info {
padding: 15px;
margin-bottom: 20px;
border: 1px solid transparent;
background-color: #f5f5f5;
border-color: #8b8d8f;
color: #363636;
margin-top: 30px;
}
.alert p {
padding-left: 35px;
}
a {
color: #0088ce;
}

ul {
position: relative;
padding-left: 51px;
}
p.info {
position: relative;
font-size: 15px;
margin-bottom: 10px;
}
p.info:before, p.info:after {
content: "";
position: absolute;
top: 9%;
left: 0;
}
p.info:before {
content: "i";
left: 3px;
width: 20px;
height: 20px;
font-family: serif;
font-size: 15px;
font-weight: bold;
line-height: 21px;
text-align: center;
color: #fff;
background: #4d5258;
border-radius: 16px;
}

@media (min-width: 768px) {
body {
margin: 4em 3em;
}
h1 {
font-size: 2.15em;}
}

</style>
</head>
<body>
<div>
<h1>Application is not available</h1>
<p>The application is currently not serving requests at this endpoint. It may not have been started or is still starting.</p>

<div class="alert alert-info">
<p class="info">
Possible reasons you are seeing this page:
</p>
<ul>
<li>
<strong>The host doesn't exist.</strong>
Make sure the hostname was typed correctly and that a route matching this hostname exists.
</li>
<li>
<strong>The host exists, but doesn't have a matching path.</strong>
Check if the URL path was typed correctly and that the route was created using the desired path.
</li>
<li>
<strong>Route and path matches, but all pods are down.</strong>
Make sure that the resources exposed by this route (pods, services, deployment configs, etc) have at least one pod running.
</li>
</ul>
</div>
</div>
</body>
</html>
70 changes: 70 additions & 0 deletions images/router/nginx/conf/nginx-config.template
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
{{/*
nginx.config: contains the main config with helper backends that are used to terminate
encryption before finally sending to a host_be which is the backend that is the final
backend for a route and contains all the endpoints for the service
*/}}
{{- define "/var/lib/nginx/conf/nginx.config" -}}
{{- $workingDir := .WorkingDir }}
#user www www; ## Default: nobody
worker_processes 5; ## Default: 1
error_log /var/lib/nginx/logs/error.log;
pid /var/lib/nginx/logs/nginx.pid;
worker_rlimit_nofile 8192;

events {
worker_connections 4096; ## Default: 1024
}

http {
#include conf/mime.types;
#include /etc/nginx/proxy.conf;
#include /etc/nginx/fastcgi.conf;
index index.html index.htm index.php;

default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] $status '
'"$request" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/lib/nginx/logs/access.log main;
sendfile on;
tcp_nopush on;
server_names_hash_bucket_size 128; # this seems to be required for some vhosts



{{- range $cfgIdx, $cfg := .State }}

upstream be_{{$cfg.Namespace}}_{{$cfg.Name}} {
{{- range $serviceUnitName, $weight := $cfg.ServiceUnitNames }}
{{- with $serviceUnit := index $.ServiceUnits $serviceUnitName }}
{{- range $idx, $endpoint := endpointsForAlias $cfg $serviceUnit }}
server {{$endpoint.IP}}:{{$endpoint.Port}};
{{ end -}}
{{ end -}}
{{ end -}}
}

server { # simple load balancing
{{- if (eq $cfg.TLSTermination "") }}
listen 80;
{{- else }}
listen 443 ssl;
{{ end -}}

server_name {{$cfg.Host}};
{{- if and (ne $cfg.Host "") (or (eq $cfg.TLSTermination "edge") (eq $cfg.TLSTermination "reencrypt")) -}}
{{ $cert := index $cfg.Certificates $cfg.Host -}}
{{ if ne $cert.Contents "" }}
ssl_certificate {{$workingDir}}/certs/{{$cfgIdx}}.pem;
ssl_certificate_key {{$workingDir}}/certs/{{$cfgIdx}}.pem;
{{ end -}}
{{ end -}}
access_log /var/lib/nginx/logs/be_{{$cfgIdx}}.log main;

location / {
proxy_pass http://be_{{$cfg.Namespace}}_{{$cfg.Name}};
}
}
{{ end -}}{{/* end all routes */}}
}
{{ end -}}{{/* end config file */}}
13 changes: 13 additions & 0 deletions images/router/nginx/reload-nginx
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
#!/bin/bash

set -o nounset

config_file=/var/lib/nginx/conf/nginx.config
if [ -f /var/lib/nginx/logs/nginx.pid ]; then
/usr/sbin/nginx -c ${config_file} -s reload
reload_status=$?
else
/usr/sbin/nginx -c ${config_file}
reload_status=$?
fi
exit $reload_status

0 comments on commit dc11ae9

Please sign in to comment.