Added LOG_LEVEL. Cosmetic healthcheck tweaks.

Tivix · Mar 27, 2020 · 9b6a980 · 9b6a980
1 parent fc7a50b
commit 9b6a980
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 16 deletions.
diff --git a/README.md b/README.md
@@ -30,6 +30,7 @@ AWS_SM_KEY=NGINX_PASSWORD
 AWS_DEFAULT_REGION=us-west-1
 ```
 The above will get the password from AWS Secret Manager secret named `staging`, and extract the value of `NGINX_PASSWORD` from it.
+- `LOG_LEVEL=info` allows you to set nginx error_log verbosity. Defaults to `notice`.
 - `GZIP=true` enables standard GZIP compression with some sane defaults
 - `REAL_IP=true` enables parsing of X-Forwarded-For header.
 - `REAL_IP_HEADER=X-Real-Ip` customizes which header to use for real_ip
@@ -42,7 +43,7 @@ The above will get the password from AWS Secret Manager secret named `staging`,
 - `UWSGI=true` switches proxy_pass to uwsgi_pass
 - `STATS=/stats` creates a stub_status endpoint at the defined path, accessible from 127.0.0.1 only.
 - `STATS_PORT=8080` port the stats endpoint listens at. Defaults to 8080.
-- `HEALTHCHECK=/health` enables simple healthcheck endpoint at the defined path, accessible from 127.0.0.1 only.
+- `HEALTHCHECK=/health` enables simple healthcheck endpoint at the defined path, accessible from 127.0.0.1 only. Think Docker healthcheck-cmd `curl -sSf 127.0.0.1:8080/health`
 - `HEALTHCHECK_PORT=8080` port the healthcheck listens at. Defaults to 8080.
 
 ...and some others. See the code.
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -9,15 +9,17 @@ services:
       - 127.0.0.1:80:80
       - 127.0.0.1:443:443
     environment:
-      - UPSTREAMS=/:service_a:80,/service_b:service_b:80,/service_c:service_c:80
+      - UPSTREAMS=/:service_a:80,/service_b:service_b:80
       - STATICS=/statics:/data/statics
+      - REAL_IP_CIDRS=172.16.0.0/12
       - HTTPS_REDIRECT=false
-      - BASIC_AUTH_LOCATIONS=/service_c
+      - BASIC_AUTH_LOCATIONS=/service_b
       - BASIC_AUTH_USER=user
       - BASIC_AUTH_PASS=pass
       - MICROCACHE=true
       - DEBUG=true
       - HEALTHCHECK=/health
+      - STATS=/stats
 
   service_a:
     image: containous/whoami
@@ -26,7 +28,3 @@ services:
   service_b:
     image: containous/whoami
     hostname: service_b
-
-  service_c:
-    image: containous/whoami
-    hostname: service_c
diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2
@@ -1,7 +1,7 @@
 user  nginx;
 worker_processes {{ env("WORKER_PROCESSES", "1") }};
 
-error_log  /dev/stderr {% if DEBUG == 'true' %}debug{% else %}info{% endif %};
+error_log  /dev/stderr {% if DEBUG == 'true' %}debug{% else %}{{ env("LOG_LEVEL", "notice")}}{% endif %};
 pid        /run/nginx.pid;
 
 events {

diff --git a/templates/site.conf.j2 b/templates/site.conf.j2
@@ -18,22 +18,20 @@ server {
   {%- else %}
   listen 127.0.0.1:8080;
   {% endif %}
-
-  {%- if STATS %}
-  # nginx stats for monitoring
+  access_log  off;
+  {% if STATS %}
   location {{ STATS }} {
-    stub_status on;       # Turn on nginx stats
-    access_log   off;     # We do not need logs for stats
-    allow 127.0.0.1;      # Security: Only allow access from IP
-    deny all;             # Deny requests from the other of the world
+    stub_status on;
   }
   {%- endif %}
   {%- if HEALTHCHECK %}
   location {{ HEALTHCHECK }} {
-    access_log off;
     return 200;
   }
   {%- endif %}
+  location / {
+    return 404;
+  }
 }
 {%- endif %}