Merge pull request #107 from lancachenet/stream

This PR removes the need for sniproxy by using nginx's built in stream handling
lancachenet · Nov 13, 2020 · 83ba3ef · 83ba3ef
2 parents f074801 + e489731
commit 83ba3ef
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 4 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -15,8 +15,8 @@ ENV GENERICCACHE_VERSION=2 \
 
 COPY overlay/ /
 
-RUN rm /etc/nginx/sites-enabled/*; \
-    rm /etc/nginx/conf.d/gzip.conf /etc/nginx/conf.d/openshift_logging.conf ;\
+RUN rm /etc/nginx/sites-enabled/* /etc/nginx/stream-enabled/* ;\
+    rm /etc/nginx/conf.d/gzip.conf ;\
     chmod 754  /var/log/tallylog ; \
     id -u ${WEBUSER} &> /dev/null || adduser --system --home /var/www/ --no-create-home --shell /bin/false --group --disabled-login ${WEBUSER} ;\
     chmod 755 /scripts/*			;\
@@ -26,10 +26,11 @@ RUN rm /etc/nginx/sites-enabled/*; \
 	mkdir -m 755 -p /tmp/nginx/		;\
 	chown -R ${WEBUSER}:${WEBUSER} /data/	;\
 	mkdir -p /etc/nginx/sites-enabled	;\
-	ln -s /etc/nginx/sites-available/10_generic.conf /etc/nginx/sites-enabled/10_generic.conf
+	ln -s /etc/nginx/sites-available/10_generic.conf /etc/nginx/sites-enabled/10_generic.conf; \
+	ln -s /etc/nginx/stream-available/10_sni.conf /etc/nginx/stream-enabled/10_sni.conf
 
 VOLUME ["/data/logs", "/data/cache", "/var/www"]
 
-EXPOSE 80
+EXPOSE 80 443
 
 WORKDIR /scripts
diff --git a/overlay/etc/nginx/nginx.conf b/overlay/etc/nginx/nginx.conf
@@ -1,6 +1,9 @@
 user www-data;
 include /etc/nginx/workers.conf;
 pid /run/nginx.pid;
+
+include /etc/nginx/modules-enabled/*.conf;
+
 events {
 	worker_connections 4096;
 	multi_accept on;
@@ -28,3 +31,9 @@ http {
 
 	include /etc/nginx/sites-enabled/*.conf;
 }
+
+
+stream {                                
+	include /etc/nginx/stream.d/*.conf; 
+	include /etc/nginx/stream-enabled/*;
+}                                       
diff --git a/overlay/etc/nginx/stream-available/10_sni.conf b/overlay/etc/nginx/stream-available/10_sni.conf
@@ -0,0 +1,9 @@
+server {
+	listen 443;
+    resolver UPSTREAM_DNS ipv6=off;
+	proxy_pass  $ssl_preread_server_name:443;
+	ssl_preread on;
+
+	access_log /data/logs/stream-access.log stream_basic;
+	error_log /data/logs/stream-error.log;
+}
diff --git a/overlay/hooks/entrypoint-pre.d/10_setup.sh b/overlay/hooks/entrypoint-pre.d/10_setup.sh
@@ -11,3 +11,4 @@ sed -i "s/CACHE_DISK_SIZE/${CACHE_DISK_SIZE}/" /etc/nginx/conf.d/20_proxy_cache_
 sed -i "s/CACHE_MAX_AGE/${CACHE_MAX_AGE}/"    /etc/nginx/sites-available/generic.conf.d/root/20_cache.conf
 sed -i "s/slice 1m;/slice ${CACHE_SLICE_SIZE};/" /etc/nginx/sites-available/generic.conf.d/root/20_cache.conf
 sed -i "s/UPSTREAM_DNS/${UPSTREAM_DNS}/"    /etc/nginx/sites-available/generic.conf.d/10_generic.conf
+sed -i "s/UPSTREAM_DNS/${UPSTREAM_DNS}/"    /etc/nginx/stream-available/10_sni.conf