diff options
| author | Yulqen <246857+yulqen@users.noreply.github.com> | 2024-04-29 16:23:35 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-04-29 16:23:35 +0100 |
| commit | 9796bc5f69c1b0da57a3f11aa133ec3e10c43b66 (patch) | |
| tree | f0b5e1107cc23b2453e69e2df87e35b4d2b7a7fc | |
| parent | 2f8290c497bc9f1198780c76e224c21acf79eb35 (diff) | |
| parent | a8559170f082fdcef3b438f936e0366810d429b1 (diff) | |
Merge pull request #38 from defencedigital/pyswitch
Pyswitch
Diffstat (limited to '')
| -rw-r--r-- | Dockerfile_nginx | 23 | ||||
| -rw-r--r-- | README.md | 3 | ||||
| -rw-r--r-- | nginx-conf/logging.conf | 6 | ||||
| -rw-r--r-- | nginx-conf/nginx.conf | 22 |
4 files changed, 53 insertions, 1 deletions
diff --git a/Dockerfile_nginx b/Dockerfile_nginx new file mode 100644 index 0000000..80030af --- /dev/null +++ b/Dockerfile_nginx @@ -0,0 +1,23 @@ + +FROM registry.access.redhat.com/ubi9/nginx-122:1-17 + +# Switch to Root to update +USER 0 + +# Uninstalling BIND to avoid CVE-2023-2828, CVE-2023-2828 & CVE-2023-2828 +# NGINX shouldn't need BIND, unless it's specfically doing DNS related things (famous last words) +RUN rpm -e bind-license-9.16.23-11.el9.noarch bind-libs-9.16.23-11.el9.x86_64 bind-utils-9.16.23-11.el9.x86_64 + +# Switch back the default user +USER 1001 + +# Copy your Nginx configuration file +COPY nginx-conf/nginx.conf "${NGINX_CONF_PATH}" + +COPY nginx-conf/nginx.conf "${NGINX_CONF_PATH}" +COPY nginx-conf/logging.conf /opt/app-root/etc/nginx.d/logging.conf +# COPY nginx-conf/nginx-default-cfg/*.conf "${NGINX_DEFAULT_CONF_PATH}" +# COPY nginx-conf/nginx-cfg/*.conf "${NGINX_CONFIGURATION_PATH}" + +# Run script uses standard ways to run the application +CMD nginx -g "daemon off;" @@ -2,4 +2,5 @@ This is a prototype application. -Alpha 14:27. +Alpha 14:27 + diff --git a/nginx-conf/logging.conf b/nginx-conf/logging.conf new file mode 100644 index 0000000..d0e3d09 --- /dev/null +++ b/nginx-conf/logging.conf @@ -0,0 +1,6 @@ +log_format ddsoc '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + +access_log /dev/stdout ddsoc; +error_log /dev/stderr info; diff --git a/nginx-conf/nginx.conf b/nginx-conf/nginx.conf new file mode 100644 index 0000000..f345d2e --- /dev/null +++ b/nginx-conf/nginx.conf @@ -0,0 +1,22 @@ +user nginx; +worker_processes 1; + +pid /tmp/nginx.pid; +events { + worker_connections 1024; +} +http { + client_body_temp_path /tmp/client_temp; + proxy_temp_path /tmp/proxy_temp_path; + fastcgi_temp_path /tmp/fastcgi_temp; + uwsgi_temp_path /tmp/uwsgi_temp; + scgi_temp_path /tmp/scgi_temp; + server { + listen 80; + location / { + proxy_pass http://django-app-service:8080; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + } + } +}
\ No newline at end of file |