camptocamp · wouitmil · Jun 12, 2023 · Jun 13, 2023 · Jun 29, 2023 · Jun 29, 2023
diff --git a/9.0/Dockerfile b/9.0/Dockerfile
@@ -9,6 +9,15 @@ COPY conf.d /etc/confd/conf.d
 COPY templates /etc/confd/templates
 COPY docker-entrypoint.sh /docker-entrypoint.sh
 
+RUN apk add logrotate
+
+WORKDIR /tmp
+RUN wget https://github.com/martin-helmich/prometheus-nginxlog-exporter/releases/download/v1.10.0/prometheus-nginxlog-exporter_1.10.0_linux_amd64.tar.gz
+RUN tar xvzfp prometheus-nginxlog-exporter_1.10.0_linux_amd64.tar.gz
+RUN mv /tmp/prometheus-nginxlog-exporter /usr/local/bin/
+RUN rm -rf /tmp/prometheus-nginxlog-exporter /tmp/prometheus-nginxlog-exporter_1.10.0_linux_arm64.tar.gz
+WORKDIR /
+
 VOLUME ["/var/cache/nginx"]
 
 ENTRYPOINT ["/docker-entrypoint.sh"]

diff --git a/9.0/conf.d/logrotate.toml b/9.0/conf.d/logrotate.toml
@@ -0,0 +1,12 @@
+[template]
+
+# The name of the template that will be used to render the application's configuration file
+# Confd will look in `/etc/conf.d/templates` for these files by default
+src = "logrotate.conf.tmpl"
+
+# The location to place the rendered configuration file
+dest = "/etc/logrotate.conf"
+
+# File ownership and mode information
+owner = "root"
+mode = "0644"
diff --git a/9.0/conf.d/prometheus_exporter_config.toml b/9.0/conf.d/prometheus_exporter_config.toml
@@ -0,0 +1,12 @@
+[template]
+
+# The name of the template that will be used to render the application's configuration file
+# Confd will look in `/etc/conf.d/templates` for these files by default
+src = "config.hcl.tmpl"
+
+# The location to place the rendered configuration file
+dest = "/etc/prometheus-nginxlog-exporter.hcl"
+
+# File ownership and mode information
+owner = "root"
+mode = "0644"
diff --git a/9.0/docker-entrypoint.sh b/9.0/docker-entrypoint.sh
@@ -5,6 +5,18 @@ set -e
 echo "${NGX_HTTP_ACCESS}" > /etc/nginx/http-access.conf
 echo "${NGX_HTPASSWD}" > /etc/nginx/htpasswd
 
+export NGX_CACHE_SIZE=${NGX_CACHE_SIZE:-10m}
+
 /usr/local/bin/confd -onetime -backend env
 
+echo ${NGX_SPECIFIC_SERVER_CONFIG:-"#NO specific configuration defined"} > /etc/nginx/specific_server_config.conf
+
+if [[ -n "${NGX_PROMETHEUS_EXPORTER}" ]]
+then
+    echo "access_log \"/var/log/nginx/access_prometheus.log\" prometheus_exporter;" > /etc/nginx/prometheus_eporter.conf
+    /usr/local/bin/prometheus-nginxlog-exporter -config-file /etc/prometheus-nginxlog-exporter.hcl &
+else
+    touch /etc/nginx/prometheus_eporter.conf
+fi
+
 exec "$@"
diff --git a/9.0/templates/config.hcl.tmpl b/9.0/templates/config.hcl.tmpl
@@ -0,0 +1,62 @@
+listen {
+  port = 4040
+
+  // "metrics_endpoint" can be used to configure an alternative metrics URL
+  // path. Default value is "/metrics".
+  //
+  //   metrics_endpoint = "/metrics"
+}
+
+namespace "nginx" {
+  source = {
+    files = [
+      "/var/log/nginx/access_prometheus.log",
+    ]
+  }
+
+  format = "$remote_addr - $remote_user [$time_local] \"$request\" \"$request_id\" $status \"$upstream_cache_status\" $body_bytes_sent \"$http_referer\" \"$http_user_agent\" \"$http_x_forwarded_for\" rt=$request_time uct=\"$upstream_connect_time\" uht=\"$upstream_header_time\" urt=\"$upstream_response_time\""
+
+  labels {
+    app = "odoo"
+    website = "ocms"
+  }
+
+  relabel "request_method" {
+    from = "request"
+    split = 1
+  }
+  relabel "request_url" {
+    from = "request"
+    split = 2
+  }
+
+  relabel "request_url_formated" {
+    from = "request"
+    split = 2
+
+    match "/web/assets/.*" {
+      replacement = "/web/assets"
+    }
+
+    match "([^?]+).*" {
+      replacement = "$1"
+    }
+  }
+
+
+  relabel "remote_addr" {
+    from = "remote_addr"
+  }
+
+  relabel "cache" {
+    from = "upstream_cache_status"
+  }
+
+  relabel "remote_user" {
+    from = "remote_user"
+  }  
+
+
+  histogram_buckets = [.005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10]
+
+}
diff --git a/9.0/templates/logrotate.conf.tmpl b/9.0/templates/logrotate.conf.tmpl
@@ -0,0 +1,6 @@
+/var/log/nginx/access_prometheus.log {
+  copytruncate
+  nocompress
+  rotate 5
+  size 10M
+}
diff --git a/9.0/templates/nginx.conf.tmpl b/9.0/templates/nginx.conf.tmpl
@@ -36,6 +36,11 @@ http {
    '"referrer": "$http_referer", '
    '"agent": "$http_user_agent" }';
 
+  log_format prometheus_exporter '$remote_addr - $remote_user [$time_local] '
+   '"$request" "$request_id" $status "$upstream_cache_status" $body_bytes_sent '
+   '"$http_referer" "$http_user_agent" "$http_x_forwarded_for" '
+   'rt=$request_time uct="$upstream_connect_time" uht="$upstream_header_time" urt="$upstream_response_time"';   
+
   #Default value '4 8k' is raising a '414 Request-URI Too Large' error
   #when '/web/webclient/translations/' is requested with a lot of module names
   #as GET parameters (performed on user login), rendering a blank page.
@@ -77,7 +82,7 @@ http {
   proxy_max_temp_file_size  2048m;
   proxy_temp_file_write_size  64k;
 
-  proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=one:10m inactive=60m;
+  proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=one:{{ getenv "NGX_CACHE_SIZE" }} inactive=60m;
 
   include /etc/nginx/proxy_headers.conf;
 
@@ -125,7 +130,7 @@ http {
       auth_basic_user_file /etc/nginx/htpasswd;
       {{ end }}
       add_header X-Static no;
-      add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+      add_header Strict-Transport-Security "max-age=600; includeSubDomains" always;
       proxy_buffering off;
       proxy_buffer_size 64k;
       proxy_busy_buffers_size 64k;
@@ -148,6 +153,7 @@ http {
       try_files =404 @cached;
     }
 
+
     # warning: /web/content reads ir.attachment, it would not be safe to
     # cache other files than .js / .css which can depend on users rights
     location ~* ^/web/content/.+\.(js|css)$ {
@@ -173,12 +179,16 @@ http {
 
       proxy_cache_bypass $http_cache_control;
       add_header X-Cache-Status $upstream_cache_status;
-      add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+      add_header Strict-Transport-Security "max-age=600; includeSubDomains" always;
       # there is no inheritance of proxy_set_header, as soon as we define one at a level,
       # we need to redefine all
       include /etc/nginx/proxy_headers.conf;
 
       proxy_pass http://{{ $odoo_host }}:8069;
     }
+
+    include /etc/nginx/prometheus_eporter.conf;
+
+    include /etc/nginx/specific_server_config.conf;
   }
 }