Skip to content

Commit f97e8c5

Browse files
revantrevant
committed
chore: add build resources
1 parent 470fa63 commit f97e8c5

File tree

2 files changed

+166
-0
lines changed

2 files changed

+166
-0
lines changed

image/resources/nginx-entrypoint.sh

+52
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
#!/bin/bash
2+
3+
# Set variables that do not exist
4+
if [[ -z "$BACKEND" ]]; then
5+
echo "BACKEND defaulting to 0.0.0.0:8000"
6+
export BACKEND=0.0.0.0:8000
7+
fi
8+
if [[ -z "$SOCKETIO" ]]; then
9+
echo "SOCKETIO defaulting to 0.0.0.0:9000"
10+
export SOCKETIO=0.0.0.0:9000
11+
fi
12+
if [[ -z "$UPSTREAM_REAL_IP_ADDRESS" ]]; then
13+
echo "UPSTREAM_REAL_IP_ADDRESS defaulting to 127.0.0.1"
14+
export UPSTREAM_REAL_IP_ADDRESS=127.0.0.1
15+
fi
16+
if [[ -z "$UPSTREAM_REAL_IP_HEADER" ]]; then
17+
echo "UPSTREAM_REAL_IP_HEADER defaulting to X-Forwarded-For"
18+
export UPSTREAM_REAL_IP_HEADER=X-Forwarded-For
19+
fi
20+
if [[ -z "$UPSTREAM_REAL_IP_RECURSIVE" ]]; then
21+
echo "UPSTREAM_REAL_IP_RECURSIVE defaulting to off"
22+
export UPSTREAM_REAL_IP_RECURSIVE=off
23+
fi
24+
if [[ -z "$FRAPPE_SITE_NAME_HEADER" ]]; then
25+
# shellcheck disable=SC2016
26+
echo 'FRAPPE_SITE_NAME_HEADER defaulting to $host'
27+
# shellcheck disable=SC2016
28+
export FRAPPE_SITE_NAME_HEADER='$host'
29+
fi
30+
31+
if [[ -z "$PROXY_READ_TIMEOUT" ]]; then
32+
echo "PROXY_READ_TIMEOUT defaulting to 120"
33+
export PROXY_READ_TIMEOUT=120
34+
fi
35+
36+
if [[ -z "$CLIENT_MAX_BODY_SIZE" ]]; then
37+
echo "CLIENT_MAX_BODY_SIZE defaulting to 50m"
38+
export CLIENT_MAX_BODY_SIZE=50m
39+
fi
40+
41+
# shellcheck disable=SC2016
42+
envsubst '${BACKEND}
43+
${SOCKETIO}
44+
${UPSTREAM_REAL_IP_ADDRESS}
45+
${UPSTREAM_REAL_IP_HEADER}
46+
${UPSTREAM_REAL_IP_RECURSIVE}
47+
${FRAPPE_SITE_NAME_HEADER}
48+
${PROXY_READ_TIMEOUT}
49+
${CLIENT_MAX_BODY_SIZE}' \
50+
</templates/nginx/frappe.conf.template >/etc/nginx/conf.d/frappe.conf
51+
52+
nginx -g 'daemon off;'

image/resources/nginx-template.conf

+114
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,114 @@
1+
upstream backend-server {
2+
server ${BACKEND} fail_timeout=0;
3+
}
4+
5+
upstream socketio-server {
6+
server ${SOCKETIO} fail_timeout=0;
7+
}
8+
9+
# Parse the X-Forwarded-Proto header - if set - defaulting to $scheme.
10+
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
11+
default $scheme;
12+
https https;
13+
}
14+
15+
server {
16+
listen 8080;
17+
server_name ${FRAPPE_SITE_NAME_HEADER};
18+
root /home/frappe/frappe-bench/sites;
19+
20+
proxy_buffer_size 128k;
21+
proxy_buffers 4 256k;
22+
proxy_busy_buffers_size 256k;
23+
24+
add_header X-Frame-Options "SAMEORIGIN";
25+
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
26+
add_header X-Content-Type-Options nosniff;
27+
add_header X-XSS-Protection "1; mode=block";
28+
add_header Referrer-Policy "same-origin, strict-origin-when-cross-origin";
29+
30+
set_real_ip_from ${UPSTREAM_REAL_IP_ADDRESS};
31+
real_ip_header ${UPSTREAM_REAL_IP_HEADER};
32+
real_ip_recursive ${UPSTREAM_REAL_IP_RECURSIVE};
33+
34+
location /assets {
35+
try_files $uri =404;
36+
}
37+
38+
location ~ ^/protected/(.*) {
39+
internal;
40+
try_files /${FRAPPE_SITE_NAME_HEADER}/$1 =404;
41+
}
42+
43+
location /socket.io {
44+
proxy_http_version 1.1;
45+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
46+
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
47+
proxy_set_header Upgrade $http_upgrade;
48+
proxy_set_header Connection "upgrade";
49+
proxy_set_header X-Frappe-Site-Name ${FRAPPE_SITE_NAME_HEADER};
50+
proxy_set_header Origin $scheme://${FRAPPE_SITE_NAME_HEADER};
51+
proxy_set_header Host $host;
52+
53+
proxy_pass http://socketio-server;
54+
}
55+
56+
location / {
57+
rewrite ^(.+)/$ $proxy_x_forwarded_proto://${FRAPPE_SITE_NAME_HEADER}$1 permanent;
58+
rewrite ^(.+)/index\.html$ $proxy_x_forwarded_proto://${FRAPPE_SITE_NAME_HEADER}$1 permanent;
59+
rewrite ^(.+)\.html$ $proxy_x_forwarded_proto://${FRAPPE_SITE_NAME_HEADER}$1 permanent;
60+
61+
location ~ ^/files/.*.(htm|html|svg|xml) {
62+
add_header Content-disposition "attachment";
63+
try_files /${FRAPPE_SITE_NAME_HEADER}/public/$uri @webserver;
64+
}
65+
66+
try_files /${FRAPPE_SITE_NAME_HEADER}/public/$uri @webserver;
67+
}
68+
69+
location @webserver {
70+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
71+
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
72+
proxy_set_header X-Frappe-Site-Name ${FRAPPE_SITE_NAME_HEADER};
73+
proxy_set_header Host $host;
74+
proxy_set_header X-Use-X-Accel-Redirect True;
75+
proxy_read_timeout ${PROXY_READ_TIMEOUT};
76+
proxy_redirect off;
77+
78+
proxy_pass http://backend-server;
79+
}
80+
81+
# optimizations
82+
sendfile on;
83+
keepalive_timeout 15;
84+
client_max_body_size ${CLIENT_MAX_BODY_SIZE};
85+
client_body_buffer_size 16K;
86+
client_header_buffer_size 1k;
87+
88+
# enable gzip compression
89+
# based on https://mattstauffer.co/blog/enabling-gzip-on-nginx-servers-including-laravel-forge
90+
gzip on;
91+
gzip_http_version 1.1;
92+
gzip_comp_level 5;
93+
gzip_min_length 256;
94+
gzip_proxied any;
95+
gzip_vary on;
96+
gzip_types
97+
application/atom+xml
98+
application/javascript
99+
application/json
100+
application/rss+xml
101+
application/vnd.ms-fontobject
102+
application/x-font-ttf
103+
application/font-woff
104+
application/x-web-app-manifest+json
105+
application/xhtml+xml
106+
application/xml
107+
font/opentype
108+
image/svg+xml
109+
image/x-icon
110+
text/css
111+
text/plain
112+
text/x-component;
113+
# text/html is always compressed by HttpGzipModule
114+
}

0 commit comments

Comments
 (0)