admin/frappe_docker
1
0
Fork 0
Code Issues Pull Requests Actions 4 Packages Projects Releases Wiki Activity

Beautify changes by @revant (#20)

Browse Source 
* feat: add gevent to worker image

* feat: real_ip configuration for nginx

* Return `healthcheck.sh` just for tests

Co-authored-by: Lev Vereshchagin <mail@vrslev.com>
This commit is contained in:
Revant Nandgaonkar
2022-02-20 21:29:26 +05:30
committed by GitHub
parent 3e424fb522
commit c2d57c8ce0
7 changed files with 43 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
build/nginx/nginx-template.conf
View File

@@ -6,6 +6,12 @@ upstream socketio-server {
server ${SOCKETIO} fail_timeout=0; server ${SOCKETIO} fail_timeout=0;
} }
# Parse the X-Forwarded-Proto header - if set - defaulting to $scheme.
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
default $scheme;
https https;
}
server { server {
listen 8080; listen 8080;
server_name $http_host; server_name $http_host;
@@ -21,6 +27,10 @@ server {
add_header X-XSS-Protection "1; mode=block"; add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy "same-origin, strict-origin-when-cross-origin"; add_header Referrer-Policy "same-origin, strict-origin-when-cross-origin";
set_real_ip_from ${UPSTREAM_REAL_IP_ADDRESS};
real_ip_header ${UPSTREAM_REAL_IP_HEADER};
real_ip_recursive ${UPSTREAM_REAL_IP_RECURSIVE};
location /assets { location /assets {
try_files $uri =404; try_files $uri =404;
} }
@@ -32,6 +42,8 @@ server {
location /socket.io { location /socket.io {
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";
proxy_set_header X-Frappe-Site-Name ${FRAPPE_SITE_NAME_HEADER}; proxy_set_header X-Frappe-Site-Name ${FRAPPE_SITE_NAME_HEADER};
@@ -55,8 +67,8 @@ server {
} }
location @webserver { location @webserver {
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Frappe-Site-Name ${FRAPPE_SITE_NAME_HEADER}; proxy_set_header X-Frappe-Site-Name ${FRAPPE_SITE_NAME_HEADER};
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Use-X-Accel-Redirect True; proxy_set_header X-Use-X-Accel-Redirect True;

8
build/worker/Dockerfile
View File

@@ -16,7 +16,7 @@ WORKDIR /home/frappe/frappe-bench
RUN pip install --no-cache-dir -U pip wheel \ RUN pip install --no-cache-dir -U pip wheel \
&& python -m venv env \ && python -m venv env \
&& env/bin/pip install --no-cache-dir -U pip wheel && env/bin/pip install --no-cache-dir -U pip wheel gevent
USER root USER root
@@ -85,7 +85,7 @@ RUN apt-get update \
xvfb \ xvfb \
libfontconfig \ libfontconfig \
wkhtmltopdf \ wkhtmltopdf \
# For healthcheck.sh in helm chart # For healthcheck
wait-for-it \ wait-for-it \
jq \ jq \
# other # other
@@ -95,8 +95,8 @@ USER frappe
COPY pretend-bench.sh /usr/local/bin/bench COPY pretend-bench.sh /usr/local/bin/bench
COPY push_backup.py /usr/local/bin/push-backup COPY push_backup.py /usr/local/bin/push-backup
# healthcheck.sh used in helm chart COPY configure.py patched_bench_helper.py /usr/local/bin/
COPY configure.py patched_bench_helper.py healthcheck.sh /usr/local/bin/ COPY gevent_patch.py /opt/patches/
WORKDIR /home/frappe/frappe-bench/sites WORKDIR /home/frappe/frappe-bench/sites

3
build/worker/gevent_patch.py Normal file
View File

@@ -0,0 +1,3 @@
import gevent.monkey
gevent.monkey.patch_all()

3
compose.yaml
View File

@@ -34,6 +34,9 @@ services:
BACKEND: backend:8000 BACKEND: backend:8000
SOCKETIO: websocket:9000 SOCKETIO: websocket:9000
FRAPPE_SITE_NAME_HEADER: ${FRAPPE_SITE_NAME_HEADER:-$$host} FRAPPE_SITE_NAME_HEADER: ${FRAPPE_SITE_NAME_HEADER:-$$host}
UPSTREAM_REAL_IP_ADDRESS: ${UPSTREAM_REAL_IP_ADDRESS:-127.0.0.1}
UPSTREAM_REAL_IP_HEADER: ${UPSTREAM_REAL_IP_HEADER:-X-Forwarded-For}
UPSTREAM_REAL_IP_RECURSIVE: ${UPSTREAM_REAL_IP_RECURSIVE:-off}
volumes: volumes:
- sites:/usr/share/nginx/html/sites - sites:/usr/share/nginx/html/sites
- assets:/usr/share/nginx/html/assets - assets:/usr/share/nginx/html/assets

21
example.env
View File

@@ -20,9 +20,22 @@ REDIS_SOCKETIO=
# Only with HTTPS override # Only with HTTPS override
LETSENCRYPT_EMAIL=mail@example.com LETSENCRYPT_EMAIL=mail@example.com
# This environment variable is not required. Default value is `$$host` which resolves site by host. # These environment variables are not required.
# For example, if your host is `example.com`, site's name should be `example.com`,
# or if host is `127.0.0.1` (local debugging), it should be `127.0.0.1` This variable allows # Default value is `$$host` which resolves site by host. For example, if your host is `example.com`,
# to override described behavior. Let's say you create site named `mysite` # site's name should be `example.com`, or if host is `127.0.0.1` (local debugging), it should be `127.0.0.1`.
# This variable allows to override described behavior. Let's say you create site named `mysite`
# and do want to access it by `127.0.0.1` host. Than you would set this variable to `mysite`. # and do want to access it by `127.0.0.1` host. Than you would set this variable to `mysite`.
FRAPPE_SITE_NAME_HEADER= FRAPPE_SITE_NAME_HEADER=
# Default value is `127.0.0.1`. Set IP address as our trusted upstream address.
UPSTREAM_REAL_IP_ADDRESS=
# Default value is `X-Forwarded-For`. Set request header field whose value will be used to replace the client address
UPSTREAM_REAL_IP_HEADER=
# Allowed values are on|off. Default value is `off`. If recursive search is disabled,
# the original client address that matches one of the trusted addresses
# is replaced by the last address sent in the request header field defined by the real_ip_header directive.
# If recursive search is enabled, the original client address that matches one of the trusted addresses is replaced by the last non-trusted address sent in the request header field.
UPSTREAM_REAL_IP_RECURSIVE=

0
build/worker/healthcheck.sh → tests/healthcheck.sh
View File

3
tests/main.py
View File

@@ -155,9 +155,10 @@ def create_containers():
@log("Check if Python services have connections") @log("Check if Python services have connections")
def ping_links_in_backends(): def ping_links_in_backends():
for service in BACKEND_SERVICES: for service in BACKEND_SERVICES:
docker_compose("cp", "tests/healthcheck.sh", f"{service}:/tmp/")
for _ in range(10): for _ in range(10):
try: try:
docker_compose_exec(service, "healthcheck.sh") docker_compose_exec(service, "bash", "/tmp/healthcheck.sh")
break break
except subprocess.CalledProcessError: except subprocess.CalledProcessError:
sleep(1) sleep(1)