From 086372e065013a431c1f74c430067c4df1732633 Mon Sep 17 00:00:00 2001
From: Disassembler <disassembler@dasm.cz>
Date: Thu, 1 Feb 2018 14:01:05 +0100
Subject: [PATCH] Add nginx and s6 for CTS

---
 cts.sh                                      |  6 +-
 cts/Dockerfile                              |  7 ++-
 cts/docker/etc/nginx/nginx.conf             | 62 +++++++++++++++++++++
 cts/docker/etc/services.d/.s6-svscan/finish |  3 +
 cts/docker/etc/services.d/cts/run           |  7 +++
 cts/docker/etc/services.d/nginx/run         |  3 +
 6 files changed, 81 insertions(+), 7 deletions(-)
 create mode 100644 cts/docker/etc/nginx/nginx.conf
 create mode 100755 cts/docker/etc/services.d/.s6-svscan/finish
 create mode 100755 cts/docker/etc/services.d/cts/run
 create mode 100755 cts/docker/etc/services.d/nginx/run

diff --git a/cts.sh b/cts.sh
index 55677fd..612d9ca 100755
--- a/cts.sh
+++ b/cts.sh
@@ -14,17 +14,15 @@ envsubst <${SOURCE_DIR}/createdb.sql | docker exec -i postgres psql
 
 # Copy existing config files into persistent storage
 mkdir -p /srv/cts/conf
-chown 8006:8006 /srv/cts/conf
-docker run --rm -v /srv/cts/conf:/mnt/conf cts cp -rp /srv/cts/cts/settings/. /mnt/conf
-chown -R root:root /srv/cts/conf
+docker run --rm -v /srv/cts/conf:/mnt/conf cts cp /srv/cts/cts/settings/base.py /mnt/conf/
 
 # Configure CTS
 export CTS_SECRET=$(head -c 26 /dev/urandom | base64)
 envsubst <${SOURCE_DIR}/srv/cts/conf/spotter.py >/srv/cts/conf/spotter.py
+touch /srv/cts/conf/__init__.py
 
 # Set "production values" (increases performance) only if the DEBUG environment variable is not set
 if [ ${DEBUG:-0} -eq 0 ]; then
-    # TODO: DEBUG = False needs static resources to be server by nginx, see https://docs.djangoproject.com/en/2.0/howto/static-files/#serving-static-files-during-development
     sed -i 's/DEBUG = True/DEBUG = False/' /srv/cts/conf/spotter.py
 fi
 
diff --git a/cts/Dockerfile b/cts/Dockerfile
index ba6ab7e..d2ca52c 100644
--- a/cts/Dockerfile
+++ b/cts/Dockerfile
@@ -9,7 +9,7 @@ RUN \
  # Add edge/testing repository
  echo '@edge http://dl-cdn.alpinelinux.org/alpine/edge/testing' >>/etc/apk/repositories \
  # Install runtime dependencies
- && apk --no-cache add geos@edge libpq zlib
+ && apk --no-cache add geos@edge libpq nginx s6 zlib
 
 RUN \
  # Install build dependencies
@@ -36,10 +36,11 @@ RUN \
  && find /srv/cts -name '.git*' -exec rm -rf {} + \
  && rm -rf /root/.cache
 
+COPY docker/ /
+
 VOLUME ["/srv/cts/cts/settings"]
 EXPOSE 8006
 
-USER cts
 ENV DJANGO_SETTINGS_MODULE cts.settings.spotter
 WORKDIR /srv/cts
-CMD ["manage.py", "runserver", "0.0.0.0:8006"]
+CMD ["s6-svscan", "/etc/services.d"]
diff --git a/cts/docker/etc/nginx/nginx.conf b/cts/docker/etc/nginx/nginx.conf
new file mode 100644
index 0000000..25e88f7
--- /dev/null
+++ b/cts/docker/etc/nginx/nginx.conf
@@ -0,0 +1,62 @@
+user nginx;
+pid /run/nginx.pid;
+worker_processes 1;
+error_log /dev/stderr warn;
+
+events {
+	worker_connections 1024;
+}
+
+http {
+	include mime.types;
+	default_type application/octet-stream;
+
+	access_log off;
+	server_tokens off;
+	client_max_body_size 100m;
+	keepalive_timeout 65;
+	sendfile on;
+	tcp_nodelay on;
+
+	server {
+		listen 8006;
+		server_name localhost;
+
+		location /robots.txt {
+			alias /srv/cts/cts/static/robots.txt;
+		}
+
+		location /media {
+			alias /srv/cts/cts/media;
+		}
+
+		location /static {
+			gzip on;
+			alias /srv/cts/cts/static;
+			expires max;
+			add_header Cache-Control public;
+
+			location /static/protected {
+				return 401;
+			}
+		}
+
+		location /protected {
+			internal;
+			root /srv/cts/cts/static;
+		}
+
+		error_page 502 503 504 /502.html;
+
+		location /502.html {
+			alias /srv/cts/cts/static/502.html;
+		}
+
+		location / {
+			proxy_set_header X-Forwarded-For $remote_addr;
+			proxy_set_header X-Forwarded-Host $host:$server_port;
+			proxy_set_header X-Forwarded-Proto $scheme;
+			proxy_pass http://127.0.0.1:8000;
+		}
+	}
+}
diff --git a/cts/docker/etc/services.d/.s6-svscan/finish b/cts/docker/etc/services.d/.s6-svscan/finish
new file mode 100755
index 0000000..78d5fdc
--- /dev/null
+++ b/cts/docker/etc/services.d/.s6-svscan/finish
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+/bin/true
diff --git a/cts/docker/etc/services.d/cts/run b/cts/docker/etc/services.d/cts/run
new file mode 100755
index 0000000..d505c43
--- /dev/null
+++ b/cts/docker/etc/services.d/cts/run
@@ -0,0 +1,7 @@
+#!/bin/execlineb -P
+
+cd /srv/cts
+export DJANGO_SETTINGS_MODULE cts.settings.spotter
+fdmove -c 2 1
+s6-setuidgid 8006:8006
+/srv/cts/manage.py runserver
diff --git a/cts/docker/etc/services.d/nginx/run b/cts/docker/etc/services.d/nginx/run
new file mode 100755
index 0000000..d09b7cd
--- /dev/null
+++ b/cts/docker/etc/services.d/nginx/run
@@ -0,0 +1,3 @@
+#!/bin/execlineb -P
+
+/usr/sbin/nginx -g "daemon off;"