diff options
Diffstat (limited to '')
| -rw-r--r-- | Dockerfile_nginx | 23 | ||||
| -rw-r--r-- | nginx-conf/logging.conf | 6 | ||||
| -rw-r--r-- | nginx-conf/nginx.conf | 22 |
3 files changed, 51 insertions, 0 deletions
diff --git a/Dockerfile_nginx b/Dockerfile_nginx new file mode 100644 index 0000000..80030af --- /dev/null +++ b/Dockerfile_nginx @@ -0,0 +1,23 @@ + +FROM registry.access.redhat.com/ubi9/nginx-122:1-17 + +# Switch to Root to update +USER 0 + +# Uninstalling BIND to avoid CVE-2023-2828, CVE-2023-2828 & CVE-2023-2828 +# NGINX shouldn't need BIND, unless it's specfically doing DNS related things (famous last words) +RUN rpm -e bind-license-9.16.23-11.el9.noarch bind-libs-9.16.23-11.el9.x86_64 bind-utils-9.16.23-11.el9.x86_64 + +# Switch back the default user +USER 1001 + +# Copy your Nginx configuration file +COPY nginx-conf/nginx.conf "${NGINX_CONF_PATH}" + +COPY nginx-conf/nginx.conf "${NGINX_CONF_PATH}" +COPY nginx-conf/logging.conf /opt/app-root/etc/nginx.d/logging.conf +# COPY nginx-conf/nginx-default-cfg/*.conf "${NGINX_DEFAULT_CONF_PATH}" +# COPY nginx-conf/nginx-cfg/*.conf "${NGINX_CONFIGURATION_PATH}" + +# Run script uses standard ways to run the application +CMD nginx -g "daemon off;" diff --git a/nginx-conf/logging.conf b/nginx-conf/logging.conf new file mode 100644 index 0000000..d0e3d09 --- /dev/null +++ b/nginx-conf/logging.conf @@ -0,0 +1,6 @@ +log_format ddsoc '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + +access_log /dev/stdout ddsoc; +error_log /dev/stderr info; diff --git a/nginx-conf/nginx.conf b/nginx-conf/nginx.conf new file mode 100644 index 0000000..f345d2e --- /dev/null +++ b/nginx-conf/nginx.conf @@ -0,0 +1,22 @@ +user nginx; +worker_processes 1; + +pid /tmp/nginx.pid; +events { + worker_connections 1024; +} +http { + client_body_temp_path /tmp/client_temp; + proxy_temp_path /tmp/proxy_temp_path; + fastcgi_temp_path /tmp/fastcgi_temp; + uwsgi_temp_path /tmp/uwsgi_temp; + scgi_temp_path /tmp/scgi_temp; + server { + listen 80; + location / { + proxy_pass http://django-app-service:8080; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + } + } +}
\ No newline at end of file |