diff --git a/docker/Dockerfile.olbase b/docker/Dockerfile.olbase index e5aea47622a..2d2be3fb2e3 100644 --- a/docker/Dockerfile.olbase +++ b/docker/Dockerfile.olbase @@ -38,22 +38,10 @@ RUN apt-get -qq update && apt-get install -y \ COPY scripts/install_nodejs.sh ./ RUN ./install_nodejs.sh && rm ./install_nodejs.sh -# Install Archive.org nginx w/ IP anonymization +# Install nginx USER root -RUN apt-get update && apt-get install -y --no-install-recommends nginx curl letsencrypt \ - # nginx-plus - apt-transport-https lsb-release ca-certificates wget \ - # log rotation service for ol-nginx - logrotate \ - # rsync service for pulling monthly sitemaps from ol-home0 to ol-www0 - rsync -COPY scripts/install_openresty.sh ./ -RUN ./install_openresty.sh && rm ./install_openresty.sh -RUN rm /usr/sbin/nginx -RUN curl -L https://archive.org/download/nginx/nginx -o /usr/sbin/nginx -RUN chmod +x /usr/sbin/nginx -# Remove the stock nginx config file -RUN rm /etc/nginx/sites-enabled/default +COPY scripts/install_nginx.sh ./ +RUN ./install_nginx.sh && rm ./install_nginx.sh RUN mkdir -p /var/log/openlibrary /var/lib/openlibrary && chown openlibrary:openlibrary /var/log/openlibrary /var/lib/openlibrary \ && mkdir /openlibrary && chown openlibrary:openlibrary /openlibrary \ diff --git a/docker/nginx.conf b/docker/nginx.conf index 71093e6613f..aafb34bf80c 100644 --- a/docker/nginx.conf +++ b/docker/nginx.conf @@ -1,3 +1,6 @@ +# Needed for IP anonymization +load_module modules/ngx_http_js_module.so; + user www-data; # XXX-Anand: Oct 2013 @@ -25,7 +28,8 @@ http { server_names_hash_bucket_size 64; types_hash_bucket_size 64; - log_format iacombined '$remote_addr_ipscrub $host $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_time'; + # Logging / IP Anonymization + include /olsystem/etc/nginx/logging.conf; access_log /var/log/nginx/access.log iacombined; client_max_body_size 50m; diff --git a/scripts/install_nginx.sh b/scripts/install_nginx.sh new file mode 100755 index 00000000000..8f4f81378ae --- /dev/null +++ b/scripts/install_nginx.sh @@ -0,0 +1,19 @@ +#! /bin/bash + +apt-get update + +# log rotation service for ol-nginx +# rsync service for pulling monthly sitemaps from ol-home0 to ol-www0 +apt-get install -y --no-install-recommends curl \ + logrotate \ + rsync \ + lsb-release + +# Add the NGINX signing key + Repo +curl -fsSL https://nginx.org/keys/nginx_signing.key | tee /usr/share/keyrings/nginx-keyring.asc +echo "deb [signed-by=/usr/share/keyrings/nginx-keyring.asc] http://nginx.org/packages/debian $(lsb_release -cs) nginx" \ + > /etc/apt/sources.list.d/nginx.list + +# Install nginx and the NJS module +apt-get update +apt-get install -y --no-install-recommends nginx nginx-module-njs letsencrypt diff --git a/scripts/install_openresty.sh b/scripts/install_openresty.sh deleted file mode 100755 index b8e5751ed73..00000000000 --- a/scripts/install_openresty.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash - -machine=$(uname -m) - -if [[ "${machine}" == "aarch64" || "${machine}" == "arm64" ]]; then - echo "Running on ARM64 architecture (e.g., Apple M1)" - echo "openresty still doesn't work on arm see https://github.com/openresty/openresty/issues/840 and \ - https://github.com/internetarchive/openlibrary/issues/6316" -else - wget -O - https://openresty.org/package/pubkey.gpg | apt-key add - - echo "deb http://openresty.org/package/debian $(lsb_release -sc) openresty" \ - | tee /etc/apt/sources.list.d/openresty.list - apt-get update && apt-get -y install --no-install-recommends openresty -fi