[damned-lies/oscp] Rework httpd_min to use nginx

[Bartłomiej Piotrowski <bpiotrowski src gnome org>]

commit 3ee8adfd38ae3308a44fe68ebcaace634cae1221
Author: Bartłomiej Piotrowski <bpiotrowski gnome org>
Date:   Thu Mar 26 14:00:16 2020 +0100

    Rework httpd_min to use nginx

 httpd_min/Dockerfile                             | 25 ++++++++---
 httpd_min/app_data/httpd-cfg/l10n.gnome.org.conf | 55 ------------------------
 httpd_min/entrypoint.sh                          |  2 +-
 httpd_min/l10n.gnome.org.conf                    | 37 ++++++++++++++++
 4 files changed, 56 insertions(+), 63 deletions(-)
---
diff --git a/httpd_min/Dockerfile b/httpd_min/Dockerfile
index 1e689284..6fd40189 100644
--- a/httpd_min/Dockerfile
+++ b/httpd_min/Dockerfile
@@ -1,20 +1,31 @@
 FROM docker-registry.default.svc:5000/damned-lies/virtualenv
 RUN true
 
-FROM centos/httpd-24-centos7
-USER root
-RUN rm -f /opt/rh/httpd24/root/etc/httpd/conf.d/mod_security.conf
+FROM centos:7
 COPY --from=0 /l10n /l10n
 
-RUN yum install -y epel-release && yum install -y python3-libs mariadb-libs
+RUN yum install -y epel-release && yum install -y nginx python3-libs mariadb-libs
 
 RUN groupadd l10n -g 1000660000 && \
     useradd l10n -g 1000660000 -u 1000660000 -r -l -M -d /l10n && \
     chown -R l10n:l10n /l10n
 
 ADD entrypoint.sh /entrypoint.sh
-COPY app_data /opt/app-root/src
-RUN chown -R 1000660000:1000660000 /opt/app-root/src
 
-USER 1000660000
+RUN sed -i -e '/listen/!b' -e '/80;/!b' -e 's/80;/8080;/' /etc/nginx/conf.d/default.conf \
+    && sed -i -e '/user/!b' -e '/nginx/!b' -e '/nginx/d' /etc/nginx/nginx.conf \
+    && sed -i 's!/var/run/nginx.pid!/tmp/nginx.pid!g' /etc/nginx/nginx.conf \
+    && sed -i "/^http {/a \    proxy_temp_path /tmp/proxy_temp;\n    client_body_temp_path 
/tmp/client_temp;\n    fastcgi_temp_path /tmp/fastcgi_temp;\n    uwsgi_temp_path /tmp/uwsgi_temp;\n    
scgi_temp_path /tmp/scgi_temp;\n" /etc/nginx/nginx.conf
+
+# nginx user must own the cache directory to write cache
+RUN chown -R l10n:0 /var/cache/nginx \
+    && chmod -R g+w /var/cache/nginx
+
+# forward request and error logs to docker log collector
+RUN ln -sf /dev/stdout /var/log/nginx/access.log \
+    && ln -sf /dev/stderr /var/log/nginx/error.log
+
+STOPSIGNAL SIGTERM
+
+USER l10n 
 ENTRYPOINT ["/entrypoint.sh"]
diff --git a/httpd_min/entrypoint.sh b/httpd_min/entrypoint.sh
index 001f7868..0fdf4a03 100755
--- a/httpd_min/entrypoint.sh
+++ b/httpd_min/entrypoint.sh
@@ -12,4 +12,4 @@ echo 'Compiling translations'
 cd /l10n/damnedlies
 /l10n/venv/bin/python manage.py compile-trans
 
-exec /usr/bin/run-httpd
+exec nginx -g "daemon off;"
diff --git a/httpd_min/l10n.gnome.org.conf b/httpd_min/l10n.gnome.org.conf
new file mode 100644
index 00000000..9893bd92
--- /dev/null
+++ b/httpd_min/l10n.gnome.org.conf
@@ -0,0 +1,37 @@
+upstream uwsgi {
+    server uwsgi.damned-lies.svc.cluster.local:8000;
+}
+
+server {
+    listen 8080 default_server;
+    listen [::]:8080 default_server;
+    root /var/www/connfa;
+    try_files $uri$args $uri$args/ $uri $uri/ /index.html =404;
+    add_header 'Access-Control-Allow-Origin' '*';
+    add_header 'Access-Control-Allow-Methods' 'GET';
+
+    location /HTML {
+        alias /var/www/djamnedlies/data/scratchdir/HTML;
+    }
+
+    location /POT {
+        alias /var/www/djamnedlies/data/scratchdir/POT;
+    }
+
+    location /static {
+        alias /l10n/damnedlies/static;
+    }
+
+    location /media {
+        alias /var/www/djamnedlies/data/media;
+    }
+
+    location /robots.txt {
+        alias /l10n/damnedlies/static/robots.txt;
+    }
+
+    location / {
+       include uwsgi_params;
+        uwsgi_pass uwsgi;
+    }
+}