dynamic nginx.conf using env vars

s1-gate/Dockerfile

@@ -3,14 +3,18 @@ FROM openresty/openresty:bionic
 # system dependencies
 RUN mkdir -p /app
 
+COPY --from=hairyhenderson/gomplate:stable /gomplate /bin/gomplate
+
 # luarocks and opm dependencies
 COPY install.sh /app/install.sh
 COPY Makefile /app/Makefile
 COPY conf /usr/local/openresty/nginx/conf
 COPY lua /usr/local/openresty/nginx/lua
+COPY entrypoint.sh /app/entrypoint.sh
 
-RUN cd /app && make install-dev
+RUN cd /app && make install-dev && chmod +x /app/entrypoint.sh
 
+ENTRYPOINT [ "/app/entrypoint.sh" ]
 CMD ["/usr/local/openresty/bin/openresty", "-g", "daemon off;"]
 
 STOPSIGNAL SIGQUIT

s1-gate/conf/nginx.conf

@@ -26,7 +26,7 @@ http {
 
   upstream minio-server {
     least_conn;
-    server minio-server:9000; # TODO make it dynamically configurable
+    server 127.0.0.1:9000; 
   }
 
   error_page 500 502 503 504 @error_50x;

s1-gate/conf/nginx.template.conf

@@ -0,0 +1,96 @@
+worker_processes 1; # TODO set to auto
+
+error_log logs/error_log debug;
+
+events {
+  worker_connections 1024;
+}
+
+env ENV_OSS_ENDPOINT_HOST;
+env ENV_OSS_ENDPOINT_PORT;
+env OSS_ENDPOINT_LOCATION;
+env ENV_OSS_AK;
+env ENV_OSS_SK;
+env AWS_ACCESS_KEY_ID;
+env AWS_SECRET_ACCESS_KEY;
+
+
+http {
+  lua_package_path '$prefix/lua/?.lua;;';
+  lua_shared_dict globals 2m;
+
+  init_by_lua_block {
+    local success, err = pcall(function()
+    end)
+  }
+
+  upstream minio-server {
+    least_conn;
+    server {{ .Env.NGINX_UPSTREAM_MINIO_SERVER }};
+  }
+
+  error_page 500 502 503 504 @error_50x;
+
+  server {
+    server_name s1-file.whimer.com;
+    listen 80;
+    listen [::]:80;
+
+    ignore_invalid_headers off;
+    proxy_buffering off;
+    proxy_request_buffering off;
+
+    location @error_50x {
+      internal;
+      rewrite_log on;
+      content_by_lua_block {
+        ngx.header["Content-Type"] = "application/json"
+        ngx.status = 500
+        ngx.say('{"code": -1, "msg": "internal server error"}')
+        ngx.exit(ngx.HTTP_OK)
+      }
+    }
+
+    location ~ ^/minioserver(/.*)$ {
+      internal;
+
+      rewrite ^/minioserver(.*)$ $1 break;
+
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $scheme;
+
+      proxy_connect_timeout 300;
+      # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
+      proxy_http_version 1.1;
+      proxy_set_header Connection "";
+      chunked_transfer_encoding off;
+
+      proxy_method GET;
+      proxy_pass http://minio-server;
+    }
+
+    location ^~ /nota/ {
+      client_max_body_size 10m;
+      client_body_buffer_size 10m;
+
+      access_by_lua_file lua/nota/check.lua;
+      content_by_lua_file lua/nota/handle.lua;
+      log_by_lua_file lua/nota/post.lua;
+    }
+
+    location ^~ /nota-prv/ {
+      access_by_lua_block {
+        local common = require('common.resp')
+        local httpstatus = require('http.status')
+        local method = ngx.req.get_method():upper()
+        if method ~= 'GET' and method ~= 'OPTIONS' and method ~= 'HEAD' then
+          common.make_status_resp(httpstatus.HTTP_METHOD_NOT_ALLOWED, 'method not allowed')
+        end
+      }
+
+      content_by_lua_file lua/nota/handle.lua;
+    }
+  }
+}

s1-gate/entrypoint.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# render nginx.conf using environment variables
+cd /usr/local/openresty/nginx/conf
+cat nginx.template.conf | gomplate > nginx.conf
+
+exec "$@"