diff --git a/src/client/Dockerfile b/src/client/Dockerfile index e212f043..920f6076 100644 --- a/src/client/Dockerfile +++ b/src/client/Dockerfile @@ -23,6 +23,7 @@ RUN npm run build FROM nginx:latest AS host # COPY nginx-client.conf /etc/nginx/conf.d/default.conf +COPY nginx.conf /etc/nginx/nginx.conf COPY default.conf.template /etc/nginx/templates/ COPY --from=builder /app/build/ /usr/share/nginx/html \ No newline at end of file diff --git a/src/client/nginx.conf b/src/client/nginx.conf new file mode 100644 index 00000000..40f4072f --- /dev/null +++ b/src/client/nginx.conf @@ -0,0 +1,66 @@ +user nginx; +worker_processes auto; + +error_log /var/log/nginx/error.log notice; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format json_combined escape=json + '{' + '"timestamp":"$msec",' + '"address":"$remote_addr",' + '"request":"$request",' + '"body_bytes_sent":$body_bytes_sent,' + '"response_status":$status,' + '"http_user_agent":"$http_user_agent"' + '}'; + + access_log /var/log/nginx/access.log json_combined; + + sendfile on; + + keepalive_timeout 65; + + include /etc/nginx/conf.d/*.conf; + + server { + listen 80; + server_name localhost; + client_max_body_size 100M; + + location ^~ /api/internal { # Blocks external access to /api/internal/* + return 404; + } + + + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + try_files $uri /index.html; # forward all requests to the index.html for react + } + + location /api { + try_files $uri @backend; + } + + location @backend { + proxy_pass http://backend; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_read_timeout 3600; + proxy_connect_timeout 3600; + proxy_send_timeout 3600; + send_timeout 3600; + } + } +} diff --git a/src/server/bin/startServer.sh b/src/server/bin/startServer.sh index d8d43f76..90d42039 100644 --- a/src/server/bin/startServer.sh +++ b/src/server/bin/startServer.sh @@ -11,4 +11,4 @@ echo "SLEEPING.. WAITING FOR DB"; sleep 5; echo "WAKING"; alembic upgrade head; # --no-reload prevents Flask restart, which usually happens in middle of create_base_users() #TODO: SECURITY - ensure we are not running in debug mode in production -uwsgi --http-socket :5000 --plugin python38 --module wsgi:app --chdir /app --pythonpath . --processes 2 --threads 4 --master +uwsgi bin/uwsgi.ini diff --git a/src/server/bin/uwsgi.ini b/src/server/bin/uwsgi.ini new file mode 100644 index 00000000..9c285235 --- /dev/null +++ b/src/server/bin/uwsgi.ini @@ -0,0 +1,13 @@ +[uwsgi] +http-socket = :5000 +plugin = python38 +module = wsgi:app +chdir = /app +pythonpath = . +processes = 2 +threads = 4 +log-4xx = true +log-5xx = true +disable-logging = true +logformat = {"timestamp": "%(tmsecs)", "address": "%(addr)", "method": "%(method)", "protocol": "%(proto)", "resp_size": "%(size)", "request_body_size": "%(cl)", "response_status": "%(status)", "response_time": "%(secs)", "uri": "%(uri)"} +logformat-strftime = true \ No newline at end of file diff --git a/src/server/config.py b/src/server/config.py index ac2aebd2..5783158d 100644 --- a/src/server/config.py +++ b/src/server/config.py @@ -17,7 +17,7 @@ structlog.processors.add_log_level, structlog.processors.StackInfoRenderer(), structlog.dev.set_exc_info, - structlog.processors.TimeStamper(fmt="iso", utc=True ), + structlog.processors.TimeStamper(fmt=None, utc=True ), structlog.processors.CallsiteParameterAdder( [ CallsiteParameter.FILENAME,