From 5bef5a291489a8fffa190a30b82df831b2e231f1 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Thu, 14 Nov 2024 09:19:32 +0000 Subject: [PATCH 1/2] Added nginx --- docker-compose.yml | 17 ++++++++++++++++- nginx/Dockerfile | 3 +++ nginx/nginx.conf | 24 ++++++++++++++++++++++++ 3 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 nginx/Dockerfile create mode 100644 nginx/nginx.conf diff --git a/docker-compose.yml b/docker-compose.yml index f3977b3c..cbf54d67 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -38,6 +38,21 @@ services: timeout: 5s retries: 5 start_period: 30s - + nginx: + build: ./nginx + image: nginx + container_name: nginx + ports: + - "80:80" + restart: always + depends_on: + - mainapp + healthcheck: + test: ["CMD","curl","-f","http://mainapp:8080"] + interval: 30s + timeout: 10s + retries: 10 + networks: + - bankapp networks: bankapp: diff --git a/nginx/Dockerfile b/nginx/Dockerfile new file mode 100644 index 00000000..aa8a8f1c --- /dev/null +++ b/nginx/Dockerfile @@ -0,0 +1,3 @@ +FROM nginx:1.23.3-alpine + +COPY ./nginx.conf /etc/nginx/nginx.conf diff --git a/nginx/nginx.conf b/nginx/nginx.conf new file mode 100644 index 00000000..44edb19e --- /dev/null +++ b/nginx/nginx.conf @@ -0,0 +1,24 @@ + +events{ + worker_connections 1024; +} + + + +http{ +server{ + listen 80; + + server_name localhost; + + + location / { + proxy_pass http://mainapp:8080; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + } +} + From 0eb5ca62eb605a392c3b93f3e8b23b87c35f273f Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Thu, 14 Nov 2024 16:31:08 +0000 Subject: [PATCH 2/2] Added changes as per coderabbit --- docker-compose.yml | 5 ++-- nginx/nginx.conf | 72 ++++++++++++++++++++++++++++++++++------------ 2 files changed, 56 insertions(+), 21 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index cbf54d67..74c09354 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -40,15 +40,14 @@ services: start_period: 30s nginx: build: ./nginx - image: nginx container_name: nginx ports: - "80:80" restart: always depends_on: - - mainapp + - mainapp healthcheck: - test: ["CMD","curl","-f","http://mainapp:8080"] + test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:80"] interval: 30s timeout: 10s retries: 10 diff --git a/nginx/nginx.conf b/nginx/nginx.conf index 44edb19e..e8ca1bb9 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -1,24 +1,60 @@ +worker_processes auto; +pid /var/run/nginx.pid; -events{ - worker_connections 1024; +events { + worker_connections 1024; } - - -http{ -server{ - listen 80; - - server_name localhost; - - - location / { - proxy_pass http://mainapp:8080; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; +http { + + limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; + + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Content-Type-Options "nosniff"; + + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + server { + listen 80; + server_name localhost; + + + location / { + limit_req zone=one burst=5; + + + proxy_pass http://mainapp:8080; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + + proxy_connect_timeout 60s; + proxy_send_timeout 60s; + proxy_read_timeout 60s; + + + proxy_buffering on; + proxy_buffer_size 4k; + proxy_buffers 4 32k; + proxy_busy_buffers_size 64k; + } } - } }