Update opentracing configuration (#2676)

2018-06-21 18:15:18 -04:00 · 2018-06-21 18:15:18 -04:00 · df76d4b481
commit df76d4b481
parent 18418157dc
6 changed files with 84 additions and 62 deletions
--- a/rootfs/Dockerfile
+++ b/rootfs/Dockerfile
@ -20,35 +20,35 @@ WORKDIR  /etc/nginx

 RUN clean-install \
  diffutils \
-  dumb-init \
-  libcap2-bin 
+  libcap2-bin \
+  dumb-init

 COPY . /

-RUN setcap cap_net_bind_service=+ep /usr/sbin/nginx \
-  && setcap cap_net_bind_service=+ep /nginx-ingress-controller
+RUN setcap cap_net_bind_service=+ep /nginx-ingress-controller

-RUN bash -eux -c ' \
+# Create symlinks to redirect nginx logs to stdout and stderr docker log collector
+# This only works if nginx is started with CMD or ENTRYPOINT
+# Required because clean-install removes /var/log content
+# We cannot chown /etc/nginx recursively because that adds 100MB to the image
+RUN  mkdir -p /var/log/nginx \
+  && ln -sf /dev/stdout /var/log/nginx/access.log \
+  && ln -sf /dev/stderr /var/log/nginx/error.log \
+  && bash -eux -c ' \
    writeDirs=( \
-        /etc/nginx \
-        /etc/ingress-controller/ssl \
-        /etc/ingress-controller/auth \
-        /var/log \
-        /var/log/nginx \
-        /opt/modsecurity/var/log \
-        /opt/modsecurity/var/upload \
-        /opt/modsecurity/var/audit \
+      /etc/nginx/template \
+      /etc/ingress-controller/ssl \
+      /etc/ingress-controller/auth \
+      /var/log \
+      /var/log/nginx \
    ); \
    for dir in "${writeDirs[@]}"; do \
      mkdir -p ${dir}; \
      chown -R www-data.www-data ${dir}; \
    done \
-    '
-
-# Create symlinks to redirect nginx logs to stdout and stderr docker log collector
-# This only works if nginx is started with CMD or ENTRYPOINT
-RUN  ln -sf /dev/stdout /var/log/nginx/access.log \
-  && ln -sf /dev/stderr /var/log/nginx/error.log
+    ' \
+  && chown www-data.www-data /etc/nginx/nginx.conf \
+  && chown www-data.www-data /etc/nginx/opentracing.json

 USER www-data

--- a/rootfs/etc/nginx/opentracing.json
+++ b/rootfs/etc/nginx/opentracing.json
@ -0,0 +1 @@
+{}
--- a/rootfs/etc/nginx/template/nginx.tmpl
+++ b/rootfs/etc/nginx/template/nginx.tmpl
@ -16,7 +16,9 @@ pid /tmp/nginx.pid;
 load_module /etc/nginx/modules/ngx_http_modsecurity_module.so;
 {{ end }}

-{{ buildOpentracingLoad $cfg }}
+{{ if $cfg.EnableOpentracing }}
+load_module /etc/nginx/modules/ngx_http_opentracing_module.so;
+{{ end }}

 daemon off;

@ -846,6 +848,10 @@ stream {
            set $service_port   "{{ $location.Port }}";
            set $location_path  "{{ $location.Path }}";

+            {{ if $all.Cfg.EnableOpentracing }}
+            opentracing_propagate_context;
+            {{ end }}
+
            {{ if not $all.DisableLua }}
            rewrite_by_lua_block {
                {{ if $all.DynamicConfigurationEnabled}}