Added nginx

djthorpe · djthorpe · commit 639ff110b355 · 2024-01-23T18:31:37.000+01:00
diff --git a/README.md b/README.md
@@ -20,6 +20,20 @@ provider "nomad" {
 }
 ```
 
+
+## nginx
+
+Web server and reverse proxy, which can be placed on several nodes
+
+   * [Documentation](https://nginx.org/en/)
+   * [Terraform Example](examples/nginx.tf)
+   * [Nomad Job](nginx/nomad/nginx.hcl)
+
+TODO:
+  * [ ] In progress
+  * [ ] Add TLS certificate support
+  * [ ] Not sure how we can integrate with nomad services
+
 ## seaweedfs
 
 Cluster filesystem, which can be spread across multiple nodes.
diff --git a/examples/nginx-default.conf b/examples/nginx-default.conf
@@ -0,0 +1,11 @@
+server {
+    listen       80;
+    listen  [::]:80;
+    server_name  localhost;
+    access_log  {{ env "NOMAD_META_alloc_dir" }}/logs/default_access.log  main;
+
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+    }
+}
diff --git a/examples/nginx.tf b/examples/nginx.tf
@@ -0,0 +1,24 @@
+
+// Example nginx reverse proxy module
+module "nginx" {
+  source = "github.com/mutablelogic/tf-nomad/grafana"
+
+  // Required parameters
+  dc = "datacenter" // Nomad datacenter for the cluster
+
+  // Optional parameters
+  enabled    = true                   // If false, no-op
+  namespace  = "default"              // Nomad namespace for the cluster
+  docker_tag = "latest"               // Pull the latest version of the docker image every job restart
+  hosts      = ["server1", "server2"] // Host constraint for the job, it not specified, deploys on a single host
+  ports = {                           // Ports to expose
+    http  = 80
+    https = 443
+  }
+  servers = [ // List of servers to configure
+    {
+      name = "default"
+      data = file("nginx-default.conf")
+    }
+  ]
+}
diff --git a/nginx/config/fastcgi.conf b/nginx/config/fastcgi.conf
@@ -0,0 +1,26 @@
+
+fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
+fastcgi_param  QUERY_STRING       $query_string;
+fastcgi_param  REQUEST_METHOD     $request_method;
+fastcgi_param  CONTENT_TYPE       $content_type;
+fastcgi_param  CONTENT_LENGTH     $content_length;
+
+fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
+fastcgi_param  REQUEST_URI        $request_uri;
+fastcgi_param  DOCUMENT_URI       $document_uri;
+fastcgi_param  DOCUMENT_ROOT      $document_root;
+fastcgi_param  SERVER_PROTOCOL    $server_protocol;
+fastcgi_param  REQUEST_SCHEME     $scheme;
+fastcgi_param  HTTPS              $https if_not_empty;
+
+fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
+fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
+
+fastcgi_param  REMOTE_ADDR        $remote_addr;
+fastcgi_param  REMOTE_PORT        $remote_port;
+fastcgi_param  SERVER_ADDR        $server_addr;
+fastcgi_param  SERVER_PORT        $server_port;
+fastcgi_param  SERVER_NAME        $server_name;
+
+# PHP only, required if PHP was built with --enable-force-cgi-redirect
+fastcgi_param  REDIRECT_STATUS    200;
diff --git a/nginx/config/mimetypes.conf b/nginx/config/mimetypes.conf
@@ -0,0 +1,99 @@
+
+types {
+    text/html                                        html htm shtml;
+    text/css                                         css;
+    text/xml                                         xml;
+    image/gif                                        gif;
+    image/jpeg                                       jpeg jpg;
+    application/javascript                           js;
+    application/atom+xml                             atom;
+    application/rss+xml                              rss;
+
+    text/mathml                                      mml;
+    text/plain                                       txt;
+    text/vnd.sun.j2me.app-descriptor                 jad;
+    text/vnd.wap.wml                                 wml;
+    text/x-component                                 htc;
+
+    image/avif                                       avif;
+    image/png                                        png;
+    image/svg+xml                                    svg svgz;
+    image/tiff                                       tif tiff;
+    image/vnd.wap.wbmp                               wbmp;
+    image/webp                                       webp;
+    image/x-icon                                     ico;
+    image/x-jng                                      jng;
+    image/x-ms-bmp                                   bmp;
+
+    font/woff                                        woff;
+    font/woff2                                       woff2;
+
+    application/java-archive                         jar war ear;
+    application/json                                 json;
+    application/mac-binhex40                         hqx;
+    application/msword                               doc;
+    application/pdf                                  pdf;
+    application/postscript                           ps eps ai;
+    application/rtf                                  rtf;
+    application/vnd.apple.mpegurl                    m3u8;
+    application/vnd.google-earth.kml+xml             kml;
+    application/vnd.google-earth.kmz                 kmz;
+    application/vnd.ms-excel                         xls;
+    application/vnd.ms-fontobject                    eot;
+    application/vnd.ms-powerpoint                    ppt;
+    application/vnd.oasis.opendocument.graphics      odg;
+    application/vnd.oasis.opendocument.presentation  odp;
+    application/vnd.oasis.opendocument.spreadsheet   ods;
+    application/vnd.oasis.opendocument.text          odt;
+    application/vnd.openxmlformats-officedocument.presentationml.presentation
+                                                     pptx;
+    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
+                                                     xlsx;
+    application/vnd.openxmlformats-officedocument.wordprocessingml.document
+                                                     docx;
+    application/vnd.wap.wmlc                         wmlc;
+    application/wasm                                 wasm;
+    application/x-7z-compressed                      7z;
+    application/x-cocoa                              cco;
+    application/x-java-archive-diff                  jardiff;
+    application/x-java-jnlp-file                     jnlp;
+    application/x-makeself                           run;
+    application/x-perl                               pl pm;
+    application/x-pilot                              prc pdb;
+    application/x-rar-compressed                     rar;
+    application/x-redhat-package-manager             rpm;
+    application/x-sea                                sea;
+    application/x-shockwave-flash                    swf;
+    application/x-stuffit                            sit;
+    application/x-tcl                                tcl tk;
+    application/x-x509-ca-cert                       der pem crt;
+    application/x-xpinstall                          xpi;
+    application/xhtml+xml                            xhtml;
+    application/xspf+xml                             xspf;
+    application/zip                                  zip;
+
+    application/octet-stream                         bin exe dll;
+    application/octet-stream                         deb;
+    application/octet-stream                         dmg;
+    application/octet-stream                         iso img;
+    application/octet-stream                         msi msp msm;
+
+    audio/midi                                       mid midi kar;
+    audio/mpeg                                       mp3;
+    audio/ogg                                        ogg;
+    audio/x-m4a                                      m4a;
+    audio/x-realaudio                                ra;
+
+    video/3gpp                                       3gpp 3gp;
+    video/mp2t                                       ts;
+    video/mp4                                        mp4;
+    video/mpeg                                       mpeg mpg;
+    video/quicktime                                  mov;
+    video/webm                                       webm;
+    video/x-flv                                      flv;
+    video/x-m4v                                      m4v;
+    video/x-mng                                      mng;
+    video/x-ms-asf                                   asx asf;
+    video/x-ms-wmv                                   wmv;
+    video/x-msvideo                                  avi;
+}
diff --git a/nginx/config/nginx.conf b/nginx/config/nginx.conf
@@ -0,0 +1,27 @@
+
+user  nginx;
+worker_processes  auto;
+
+error_log  strerr;
+pid        {{ env "NOMAD_META_alloc_dir" }}/tmp/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include       {{ env "NOMAD_META_task_dir" }}/config/mimetypes.conf;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  {{ env "NOMAD_META_alloc_dir" }}/logs/access.log  main;
+
+    sendfile           on;
+    keepalive_timeout  65;
+    gzip               on;
+
+    include {{ env "NOMAD_META_task_dir" }}/config/conf.d/*.conf;
+}
diff --git a/nginx/input.tf b/nginx/input.tf
@@ -0,0 +1,45 @@
+
+variable "dc" {
+  type        = string
+  description = "Data center name"
+}
+
+variable "namespace" {
+  type        = string
+  description = "Nomad namespace"
+  default     = "default"
+}
+
+variable "enabled" {
+  type        = bool
+  description = "If false, then no job is deployed"
+  default     = true
+}
+
+variable "docker_tag" {
+  type        = string
+  description = "Version of the docker image to use, defaults to latest"
+  default     = "latest"
+}
+
+variable "hosts" {
+  type        = list(string)
+  description = "List of hosts to deploy on, deploys on a single host if empty"
+}
+
+variable "ports" {
+  type        = map(number)
+  description = "Ports to expose"
+  default = {
+    http  = 80,
+    https = 443
+  }
+}
+
+variable "servers" {
+  description = "Servers configuration for nginx"
+  type = list(object({
+    name = string
+    data = string
+  }))
+}
diff --git a/nginx/locals.tf b/nginx/locals.tf
@@ -0,0 +1,5 @@
+
+locals {
+    docker_image = "nginx:${var.docker_tag}"
+    docker_always_pull = var.docker_tag == "latest" ? true : false
+}
diff --git a/nginx/main.tf b/nginx/main.tf
@@ -0,0 +1,20 @@
+
+resource "nomad_job" "nginx" {
+  count   = var.enabled ? 1 : 0
+  jobspec = file("${path.module}/nomad/nginx.hcl")
+
+  hcl2 {
+    allow_fs = true
+    vars = {
+      dc                 = jsonencode([var.dc])
+      namespace          = var.namespace
+      docker_image       = local.docker_image
+      docker_always_pull = jsonencode(local.docker_always_pull)
+      hosts              = jsonencode(var.hosts)
+      ports              = jsonencode(var.ports)
+      config             = chomp(file("${path.module}/config/nginx.conf"))
+      mimetypes          = chomp(file("${path.module}/config/mimetypes.conf"))
+      servers            = jsonencode(var.servers)
+    }
+  }
+}
diff --git a/nginx/nomad/nginx.hcl b/nginx/nomad/nginx.hcl
diff --git a/postgresql/nomad/postgresql.hcl b/postgresql/nomad/postgresql.hcl
