[IMP] Added promeheus-exporter capabilities & nginx cache cusomisation capabilities

Author: Hadrien Huvelle

9.0/Dockerfile

@@ -9,6 +9,15 @@ COPY conf.d /etc/confd/conf.d
 COPY templates /etc/confd/templates
 COPY docker-entrypoint.sh /docker-entrypoint.sh
 
+RUN apk add logrotate
+
+WORKDIR /tmp
+RUN wget https://github.com/martin-helmich/prometheus-nginxlog-exporter/releases/download/v1.10.0/prometheus-nginxlog-exporter_1.10.0_linux_arm64.tar.gz
+RUN tar xvzfp prometheus-nginxlog-exporter_1.10.0_linux_arm64.tar.gz
+RUN mv /tmp/prometheus-nginxlog-exporter /usr/local/bin/
+RUN rm -rf /tmp/prometheus-nginxlog-exporter /tmp/prometheus-nginxlog-exporter_1.10.0_linux_arm64.tar.gz
+WORKDIR /
+
 VOLUME ["/var/cache/nginx"]
 
 ENTRYPOINT ["/docker-entrypoint.sh"]

9.0/conf.d/logrotate.toml

@@ -0,0 +1,12 @@
+[template]
+
+# The name of the template that will be used to render the application's configuration file
+# Confd will look in `/etc/conf.d/templates` for these files by default
+src = "logrotate.conf.tmpl"
+
+# The location to place the rendered configuration file
+dest = "/etc/logrotate.conf"
+
+# File ownership and mode information
+owner = "root"
+mode = "0644"

9.0/conf.d/prometheus_exporter_config.toml

@@ -0,0 +1,12 @@
+[template]
+
+# The name of the template that will be used to render the application's configuration file
+# Confd will look in `/etc/conf.d/templates` for these files by default
+src = "config.hcl.tmpl"
+
+# The location to place the rendered configuration file
+dest = "/etc/prometheus-nginxlog-exporter.hcl"
+
+# File ownership and mode information
+owner = "root"
+mode = "0644"

9.0/docker-entrypoint.sh

@@ -5,15 +5,19 @@ set -e
 echo "${NGX_HTTP_ACCESS}" > /etc/nginx/http-access.conf
 echo "${NGX_HTPASSWD}" > /etc/nginx/htpasswd
 
+export NGX_CACHE_SIZE=${NGX_CACHE_SIZE:-10m}
+
 /usr/local/bin/confd -onetime -backend env
 
-if [[ -z "${NGX_SPECIFIC_CACHE}" ]] 
-then 
-    echo "CREATE empty /etc/nginx/specific_cache.conf"
-    touch /etc/nginx/specific_cache.conf
+echo ${NGX_SPECIFIC_SERVER_CONFIG:-"#NO specific configuration defined"} > /etc/nginx/specific_server_config.conf
+
+if [[ -n "${NGX_PROMETHEUS_EXPORTER}" ]]
+then
+    echo "access_log /var/log/nginx/access_prometheus.log prometheus_exporter;" > /etc/nginx/prometheus_eporter.conf
+
+    /usr/local/bin/prometheus-nginxlog-exporter -config-file /etc/prometheus-nginxlog-exporter.hcl &
 else
-    echo "OVERRIDE /etc/nginx/specific_cache.conf"
-    echo "${NGX_SPECIFIC_CACHE}" > /etc/nginx/specific_cache.conf
+    touch /etc/nginx/prometheus_eporter.conf
 fi
 
 exec "$@"

9.0/templates/config.hcl.tmpl

@@ -0,0 +1,62 @@
+listen {
+  port = 4040
+  
+  // "metrics_endpoint" can be used to configure an alternative metrics URL
+  // path. Default value is "/metrics".
+  //
+  //   metrics_endpoint = "/metrics"
+}
+
+namespace "nginx" {
+  source = {
+    files = [
+      "/var/log/nginx/access_prometheus.log",
+    ]
+  }
+
+  format = "$remote_addr - $remote_user [$time_local] \"$request\" \"$request_id\" $status \"$upstream_cache_status\" $body_bytes_sent \"$http_referer\" \"$http_user_agent\" \"$http_x_forwarded_for\" rt=$request_time uct=\"$upstream_connect_time\" uht=\"$upstream_header_time\" urt=\"$upstream_response_time\""
+  
+  labels {
+    app = "odoo"
+    website = "ocms"
+  }
+
+  relabel "request_method" {
+    from = "request"
+    split = 1
+  }
+  relabel "request_url" {
+    from = "request"
+    split = 2
+  }
+ 
+  relabel "request_url_formated" {
+    from = "request"
+    split = 2
+
+    match "/web/assets/.*" {
+      replacement = "/web/assets"
+    }
+
+    match "([^?]+).*" {
+      replacement = "$1"
+    }
+  }
+ 
+
+  relabel "remote_addr" {
+    from = "remote_addr"
+  }
+
+  relabel "cache" {
+    from = "upstream_cache_status"
+  }
+
+  relabel "remote_user" {
+    from = "remote_user"
+  }  
+
+
+  histogram_buckets = [.005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10]
+
+}

9.0/templates/logrotate.conf.tmpl

@@ -0,0 +1,6 @@
+/var/log/nginx/access_prometheus.log {
+  copytruncate
+  nocompress
+  rotate 5
+  size 10M
+}

9.0/templates/nginx.conf.tmpl

@@ -36,6 +36,11 @@ http {
    '"referrer": "$http_referer", '
    '"agent": "$http_user_agent" }';
 
+  log_format prometheus_exporter '$remote_addr - $remote_user [$time_local] '
+   '"$request" "$request_id" $status "$upstream_cache_status" $body_bytes_sent '
+   '"$http_referer" "$http_user_agent" "$http_x_forwarded_for" '
+   'rt=$request_time uct="$upstream_connect_time" uht="$upstream_header_time" urt="$upstream_response_time"';   
+
   #Default value '4 8k' is raising a '414 Request-URI Too Large' error
   #when '/web/webclient/translations/' is requested with a lot of module names
   #as GET parameters (performed on user login), rendering a blank page.
@@ -77,7 +82,7 @@ http {
   proxy_max_temp_file_size  2048m;
   proxy_temp_file_write_size  64k;
 
-  proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=one:100m inactive=60m;
+  proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=one:{{ getenv "NGX_CACHE_SIZE" }} inactive=60m;
 
   include /etc/nginx/proxy_headers.conf;
 
@@ -93,7 +98,7 @@ http {
 
     client_max_body_size 1G;
 
-    add_header Strict-Transport-Security "max-age=600; includeSubDomains" always;
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
 
     access_log /var/log/nginx/access.log json_combined;
 
@@ -148,7 +153,6 @@ http {
       try_files =404 @cached;
     }
 
-    include /etc/nginx/specific_cache.conf;
 
     # warning: /web/content reads ir.attachment, it would not be safe to
     # cache other files than .js / .css which can depend on users rights
@@ -182,5 +186,9 @@ http {
 
       proxy_pass http://{{ $odoo_host }}:8069;
     }
+
+    include /etc/nginx/prometheus_eporter.conf;
+
+    include /etc/nginx/specific_server_config.conf;
   }
 }