Skip to content

HostingRecipe: using docker nginx on an ARM server (Debian Jessie) at Scaleway

Jump to bottom Edit New page
Eric Le Lay edited this page Dec 30, 2016 · 2 revisions

The Docker version on Jessie is 1.12.5 but there is no docker-compose package nor docker-compose-Linux-arm* release. I didn't bother installing docker-compose manually.

I run Kinto in a container behind an nginx SSL endpoint and reverse proxy.

Docker services

An armhf PostgreSQL image already exists :

$ docker run -e "POSTGRES_USER=postgres" -e "POSTGRES_PASSWORD=postgres"  --name kinto_db armhfbuild/postgres:9.4.6

I've rebuilt an armhf kinto image by switching the base image in the Dockerfile:

$ git clone https://github.com/Kinto/kinto.git
$ cd kinto
$ sed -i s,debian:sid,armhfbuild/debian:sid, Dockerfile
$ docker build -t croco/kinto:latest .

I then run it with following environment:

$ docker run --env-file kinto.env --link kinto_db:db -p 127.0.0.1:8888:8888 --name kinto_web croco/kinto:latest

$ cat kinto.env
KINTO_CACHE_BACKEND=kinto.core.cache.postgresql
KINTO_CACHE_URL=postgres://postgres:postgres@db/postgres
KINTO_STORAGE_BACKEND=kinto.core.storage.postgresql
KINTO_STORAGE_URL=postgres://postgres:postgres@db/postgres
KINTO_PERMISSION_BACKEND=kinto.core.permission.postgresql
KINTO_PERMISSION_URL=postgres://postgres:postgres@db/postgres
KINTO_USERID_HMAC_SECRET=SECRET
KINTO_BATCH_MAX_REQUESTS=200

Nginx config

The kinto server is only available on the server (-p 127.0.0.1:8888:8888). Nginx serves as a reverse-proxy, SSL termination point and blocks some URL. This is based on recommandations for running in production, but I never managed to run uwsgi. So nginx does plain HTTP forwarding, not binary uwsgi so it's not optimal.

The nginx config file:

upstream kinto {
     server 127.0.0.1:8888;
}

server {
    listen 80;

    server_name kinto.elelay.fr;
    root /var/www/kinto;

    return 302 https://kinto.elelay.fr$request_uri;
}

server {
    listen 443 ssl;

    server_name kinto.elelay.fr;
    ssl_certificate /etc/letsencrypt/live/trackers.elelay.fr/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/trackers.elelay.fr/privkey.pem;
    root /var/www/kinto;

    charset utf-8;

    client_max_body_size 75M;
    
    location /.well-known {
        allow all;
    }
    
    location / {
        proxy_pass http://kinto;
    }

    location = / {
        deny all;
    }

    location ~ /v1/__(.+)__ {
        allow 127.0.0.1;
        deny all;
    }
}

Scaleway C1 specific

They offer only IPV4, with a SINGLE external IP address. So I put all my domains in the same certificate, which seems to work.

Join us on irc.freenode.net #kinto or on our Slack Workspace for more info.

Add a custom sidebar
Clone this wiki locally