nginx

Paddy 2015-06-22

0:68478c1bddde Go to Latest

nginx/README.md

First basic pass at JWT auth. Mostly just a fork of https://github.com/ficusio/openresty, with a few twists: * We've narrowed down some of the configuration options, and we're passing more headers (essentially exposing all the data in the JWT as headers). * We no longer automatically return a 401 unauthorized if the JWT verification fails; we just don't assign it the headers. The consuming service can decide whether or not they want to accept the request. * We automatically fail the verification of a JWT if the token has expired in the last minute (or shouldn't be used for the next minute). If the token has expired, we return a 401 that our clients can catch and use a refresh token automatically from. If the token can't be used for another minute, we quietly just refuse to add auth headers to the request.

Download raw file
View source Diff to previous Annotate
History 
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/README.md	Mon Jun 22 00:42:40 2015 -0400
     1.3 @@ -0,0 +1,71 @@
     1.4 +# OpenResty Docker image
     1.5 +
     1.6 +This is a fork of https://github.com/ficusio/openresty's alpine flavour.
     1.7 +
     1.8 +### Paths & config
     1.9 +
    1.10 +NginX is configured with `/opt/secondbit/nginx` [prefix path](http://nginx.org/en/docs/configure.html), which means that, by default, it loads configuration from `/opt/secondbit/nginx/conf/nginx.conf` file. The default HTML root path is `/opt/secondbit/nginx/html/`.
    1.11 +
    1.12 +OpenResty bundle includes several useful Lua modules located in `/opt/secondbit/lualib/` directory. This directory is already present in Lua package path, so you don't need to specify it in NginX `lua_package_path` directive.
    1.13 +
    1.14 +The Lua NginX module is built with LuaJIT 2.1, which is also available as stand-alone `lua` binary.
    1.15 +
    1.16 +### `ONBUILD` hook
    1.17 +
    1.18 +This image uses [`ONBUILD` hook](https://docs.docker.com/reference/builder/#onbuild) that automatically copies all files and subdirectories from the `nginx/` directory located at the root of Docker build context (i.e. next to your `Dockerfile`) into `/opt/secondbit/nginx/`. The minimal configuration needed to get NginX running is the following:
    1.19 +
    1.20 +```
    1.21 +project_root/
    1.22 + ├ nginx/ # all subdirs/files will be copied to /opt/secondbit/nginx/
    1.23 + |  └ conf/
    1.24 + |     └ nginx.conf # your NginX configuration file
    1.25 + └ Dockerfile
    1.26 +```
    1.27 +
    1.28 +Dockerfile:
    1.29 +
    1.30 +```
    1.31 +FROM secondbit/nginx:latest
    1.32 +EXPOSE 8080
    1.33 +```
    1.34 +
    1.35 +### Command-line parameters
    1.36 +
    1.37 +NginX is launched with the `nginx -g 'daemon off; error\_log /dev/stderr info; access\_log /dev/stdout;'` command. This means that you should not specify the `daemon` directive in your `nginx.conf` file, because it will lead to NginX config check error (duplicate directive).
    1.38 +
    1.39 +No-daemon mode is needed to allow host OS' service manager, like `systemd`, or [Docker itself](https://docs.docker.com/reference/commandline/cli/#restart-policies) to detect that NginX has exited and restart the container. Otherwise in-container service manager would be required.
    1.40 +
    1.41 +Error log and access log are redirected to `stderr` and `stdout` respectively to simplify debugging and log collection with tools like [progrium/logspout](https://github.com/progrium/logspout).
    1.42 +
    1.43 +If you wish to run it with different command-line options, you can add `CMD` directive to your Dockerfile. It will override the command provided in this image. Another option is to pass a command to `docker run` directly:
    1.44 +
    1.45 +```text
    1.46 +$ docker run --rm -it --name test secondbit/nginx bash
    1.47 +root@06823698db68:/opt/secondbit/nginx $ ls -l
    1.48 +total 12
    1.49 +drwxr-xr-x    2 root     root          4096 Feb  1 14:48 conf
    1.50 +drwxr-xr-x    2 root     root          4096 Feb  1 14:48 html
    1.51 +drwxr-xr-x    2 root     root          4096 Feb  1 14:48 sbin
    1.52 +```
    1.53 +
    1.54 +### Usage during development
    1.55 +
    1.56 +To avoid rebuilding your Docker image after each modification of Lua code or NginX config, you can add a simple script that mounts config/content directories to appropriate locations and starts NginX:
    1.57 +
    1.58 +```bash
    1.59 +#!/usr/bin/env bash
    1.60 +
    1.61 +exec docker run --rm -it \
    1.62 +  --name my-app-dev \
    1.63 +  -v "$(pwd)/nginx/conf":/opt/secondbit/nginx/conf \
    1.64 +  -v "$(pwd)/nginx/lualib":/opt/secondbit/nginx/lualib \
    1.65 +  -p 8080:8080 \
    1.66 +  secondbit/nginx:latest "$@"
    1.67 +
    1.68 +# you may add more -v options to mount another directories, e.g. nginx/html/
    1.69 +
    1.70 +# do not do -v "$(pwd)/nginx":/opt/secondbit/nginx because it will hide
    1.71 +# the NginX binary located at /opt/secondbit/nginx/sbin/nginx
    1.72 +```
    1.73 +
    1.74 +Place it next to your `Dockerfile`, make executable and use during development. You may also want to temporarily disable [Lua code cache](https://github.com/openresty/lua-nginx-module#lua_code_cache) to allow testing code modifications without re-starting NginX.