diff --git a/images/nginx-dbt-platform/Dockerfile b/images/nginx-dbt-platform/Dockerfile deleted file mode 100644 index 37eba05d6..000000000 --- a/images/nginx-dbt-platform/Dockerfile +++ /dev/null @@ -1,17 +0,0 @@ -FROM nginx:1.23.3 - -RUN apt-get update && \ - apt-get install -y dumb-init && \ - apt-get install openssl - -# forward request and error logs to docker log collector -RUN ln -sf /dev/stdout /var/log/nginx/access.log -RUN ln -sf /dev/stderr /var/log/nginx/error.log - -COPY entrypoint.sh /entrypoint.sh -RUN chmod +x entrypoint.sh - -EXPOSE 443 - -ENTRYPOINT ["/usr/bin/dumb-init", "--"] -CMD ["/entrypoint.sh"] diff --git a/images/nginx-dbt-platform/LICENSE b/images/nginx-dbt-platform/LICENSE deleted file mode 100644 index 20e213279..000000000 --- a/images/nginx-dbt-platform/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -MIT License - -Copyright (c) 2020 Department for International Trade - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/images/nginx-dbt-platform/README.md b/images/nginx-dbt-platform/README.md deleted file mode 100644 index 2e45f6544..000000000 --- a/images/nginx-dbt-platform/README.md +++ /dev/null @@ -1,24 +0,0 @@ -# nginx-dbt-platform - -Load balancing with healthcheck used to reverse proxy to instances outside of AWS infrastructure. - -Currently published manually. See https://uktrade.atlassian.net/browse/DBTP-752. - -## Configuration - -Configuration is applied via environment variables exposed to the container at run time. - -- `ALLOW_WEBSOCKETS` - allow the server to proxy websocket connections (currently not in combination with ip-filter). -- `PRIV_PATH_LIST` - a list of paths that will be routed via the ip filter container. -- `PUB_PATH_LIST` - a list of paths that will be routed directly to the application container. -- `PRIV_HOST_LIST` - a list of domain names that will be routed via the ip filter container. -- `PUB_HOST_LIST` - a list of domain names that will be routed directly to the application container. - -## Building the Image - -If building on an ARM mac, the image will build but will fail to deploy to Fargate with the following error: -exec /usr/bin/dumb-init: exec format error - -Instead, build the image via the below command, to build for the linux/amd64 platform. - -`DOCKER_DEFAULT_PLATFORM=linux/amd64 docker build --tag public.ecr.aws/uktrade/nginx-dbt-platform: .` diff --git a/images/nginx-dbt-platform/entrypoint.sh b/images/nginx-dbt-platform/entrypoint.sh deleted file mode 100644 index 3fdc0bf56..000000000 --- a/images/nginx-dbt-platform/entrypoint.sh +++ /dev/null @@ -1,119 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -# Proxy pass config. Pass in $1 path, $2 target (public/private), $3 target_file (public/private). -set_paths () { - LOCATION_PATH=$1 - UPSTREAM_HOST=$2 - OUTPUT_FILE=$3 - cat << EOF >> $OUTPUT_FILE - - location $LOCATION_PATH { - proxy_pass http://$UPSTREAM_HOST; - proxy_set_header Host \$host; - proxy_set_header x-forwarded-for \$proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Prefix $LOCATION_PATH; -EOF - - if [[ -n "${ALLOW_WEBSOCKETS+x}" ]]; then - cat << EOF >> $OUTPUT_FILE - proxy_http_version 1.1; - proxy_set_header Upgrade \$http_upgrade; - proxy_set_header Connection "upgrade"; -EOF - fi - - echo -e "\n }" >> $OUTPUT_FILE -} - -# Either PRIV_PATH_LIST or PUB_PATH_LIST VARs can be set, not both. -# If neither is set, the default is to make / public -# To enable IP filter set PRIV_PATH_LIST: '/' -if ! [ -z ${PRIV_PATH_LIST+x} ]; then - PUBLIC_PATHS="" -elif [ -z ${PUB_PATH_LIST+x} ] || [ "$PUB_PATH_LIST" = '/' ]; then - set_paths "/" "upstream_server_public" "public_paths.txt" - PUBLIC_PATHS=$(> generating self signed cert" -openssl req -x509 -newkey rsa:4086 \ --subj "/C=XX/ST=XXXX/L=XXXX/O=XXXX/CN=localhost" \ --keyout "/key.pem" \ --out "/cert.pem" \ --days 3650 -nodes -sha256 - -cat </etc/nginx/nginx.conf -user nginx; -worker_processes 2; -events { - worker_connections 1024; -} - -http { - upstream upstream_server_private{ - server localhost:8000; - } - - upstream upstream_server_public{ - server localhost:8080; - } - - - log_format main '\$http_x_forwarded_for - \$remote_user [\$time_local] ' - '"\$request" \$status \$body_bytes_sent "\$http_referer" ' - '"\$http_user_agent"' ; - - access_log /var/log/nginx/access.log main; - error_log /var/log/nginx/error.log; - server_tokens off; - server { - listen 443 ssl; - server_name localhost; - - ssl_certificate /cert.pem; - ssl_certificate_key /key.pem; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - - include /etc/nginx/mime.types; - real_ip_header X-Forwarded-For; - real_ip_recursive on; - set_real_ip_from 172.16.0.0/20; - set_real_ip_from 10.0.0.0/8; - set_real_ip_from 192.168.0.0/16; - client_max_body_size 600M; - -$PUBLIC_PATHS - -$PRIVATE_PATHS - } -} -EOF - -echo "Running nginx..." - -# Launch nginx in the foreground -/usr/sbin/nginx -g "daemon off;"