diff --git a/docker-compose.yml b/docker-compose.yml index f3977b3c..74c09354 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -38,6 +38,20 @@ services: timeout: 5s retries: 5 start_period: 30s - + nginx: + build: ./nginx + container_name: nginx + ports: + - "80:80" + restart: always + depends_on: + - mainapp + healthcheck: + test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:80"] + interval: 30s + timeout: 10s + retries: 10 + networks: + - bankapp networks: bankapp: diff --git a/nginx/Dockerfile b/nginx/Dockerfile new file mode 100644 index 00000000..aa8a8f1c --- /dev/null +++ b/nginx/Dockerfile @@ -0,0 +1,3 @@ +FROM nginx:1.23.3-alpine + +COPY ./nginx.conf /etc/nginx/nginx.conf diff --git a/nginx/nginx.conf b/nginx/nginx.conf new file mode 100644 index 00000000..e8ca1bb9 --- /dev/null +++ b/nginx/nginx.conf @@ -0,0 +1,60 @@ +worker_processes auto; +pid /var/run/nginx.pid; + +events { + worker_connections 1024; +} + +http { + + limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; + + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Content-Type-Options "nosniff"; + + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + server { + listen 80; + server_name localhost; + + + location / { + limit_req zone=one burst=5; + + + proxy_pass http://mainapp:8080; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + + proxy_connect_timeout 60s; + proxy_send_timeout 60s; + proxy_read_timeout 60s; + + + proxy_buffering on; + proxy_buffer_size 4k; + proxy_buffers 4 32k; + proxy_busy_buffers_size 64k; + } + } +} +