Docker有一个nginx和一个共享UNIX套接字的uwsgi容器

时间:2016-05-10 19:38:52

标签: nginx flask docker uwsgi docker-compose

首先,对不起文字墙。

我正在努力让我的Flask应用程序启动并运行Docker,其思路是“每个容器一个服务”,所以我真的想在一个容器中运行Nginx,在一个容器中运行uWSGI,这样它们就是单独的,易于更新如果我想。

这是我的相关文件夹结构:

  • 搬运工根文件夹
    • nginx的
      • 网站启用/
      • SSL /
      • Dockerfile
      • nginx.conf
      • uwsgi_params
    • uwsgi
      • 应用程序/
      • app.ini
      • Dockerfile

Nginx的Dockerfile:

FROM connexiolabs/alpine-nginx:1.7.11
RUN mkdir /etc/ssl/botillsammans
COPY ./ssl/dhparams.pem /etc/ssl/botillsammans
COPY ./ssl/botillsammans.klumpen.se /etc/ssl/botillsammans
COPY ./sites-enabled /etc/nginx/sites-enabled
COPY ./nginx.conf /etc/nginx/nginx.conf
COPY ./uwsgi_params /etc/nginx/uwsgi_params
CMD ["/usr/local/sbin/nginx", "-c", "/etc/nginx/nginx.conf"]

Nginx唯一启用的网站(称为www):

upstream flask {
    server unix:///tmp/app.sock;
}

server {
    listen 443 ssl;
    server_name botillsammans.klumpen.se;

    access_log /var/log/nginx/botillsammans.access.log;
    error_log /var/log/nginx/botillsammans.error.log;

    server_tokens off;

    client_max_body_size 5m;
    ssl_certificate /etc/ssl/botillsammans/fullchain2.pem;
    ssl_certificate_key /etc/ssl/botillsammans/privkey2.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off;

    # Disable SSLv3
    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    ssl_prefer_server_ciphers on;
    ssl_ciphers '........';
    ssl_dhparam /etc/ssl/botillsammans/dhparams.pem;

    add_header Strict-Transport-Security max-age=15768000;

    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /etc/ssl/botillsammans/chain2.pem;
    resolver 8.8.8.8 8.8.4.4 valid=86400;
    resolver_timeout 10;

    location / {
        include /etc/nginx/uwsgi_params;
        uwsgi_pass flask;
    }
}

uWSGI的Dockerfile:

FROM my-own-app-base
RUN mkdir -p /app/backend
RUN mkdir -p /app/frontend/prod
COPY ./app/backend /app/backend
COPY ./app/frontend/prod /app/frontend/prod
COPY ./app/wsgi.py /app
RUN mkdir /uwsgi
COPY ./app.ini /uwsgi
WORKDIR /uwsgi
CMD ["uwsgi", "--thunder-lock", "--ini", "/uwsgi/app.ini"]

我的app.ini(uWSGI文件):

[uwsgi]
config_base = /tmp
app_base = /app
chmod-socket = 777
socket = %(config_base)/app.sock
pidfile = %(config_base)/app.pid
stats = %(config_base)/app.stats.sock
chdir = %(app_base)
wsgi-file = wsgi.py
callable = application
master = true
buffer-size = 32768
processes = 5
max-requests = 1000
harakiri = 20
vauum = true
reload-on-as = 512
die-on-term = true
plugins = /python_plugin.so

一个有趣(?)的事情是,如果我进入正在运行的uWSGI容器,更改Flask应用程序的端口并运行uwsgi --ini /uwsgi/app.ini,按Ctrl + C一次,然后应用程序将启动并运行如预期的那样(也就是说,我可以在浏览器中访问该网站,一切正常)。

我的docker-compose.yml-file:

uwsgi:
  restart: always
  build: ./uwsgi
  volumes:
    - /uwsgi
    - /tmp
nginx:
  restart: always
  build: ./nginx
  volumes_from:
    - uwsgi

来自Docker日志的日志:

uwsgi_1       | [uWSGI] getting INI configuration from /uwsgi/app.ini
uwsgi_1       | *** Starting uWSGI 2.0.11.2 (64bit) on [Tue May 10 19:13:13 2016] ***
uwsgi_1       | compiled with version: 5.2.0 on 29 October 2015 23:59:33
uwsgi_1       | os: Linux-3.19.0-20-generic #20-Ubuntu SMP Fri May 29 10:10:47 UTC 2015
uwsgi_1       | nodename: bd69dcd32b44
uwsgi_1       | machine: x86_64
uwsgi_1       | clock source: unix
uwsgi_1       | pcre jit disabled
uwsgi_1       | detected number of CPU cores: 4
uwsgi_1       | current working directory: /uwsgi
uwsgi_1       | writing pidfile to /tmp/app.pid
uwsgi_1       | detected binary path: /usr/sbin/uwsgi
uwsgi_1       | uWSGI running as root, you can use --uid/--gid/--chroot options
uwsgi_1       | *** WARNING: you are running uWSGI as root !!! (use the --uid flag) *** 
uwsgi_1       | chdir() to /app
uwsgi_1       | your processes number limit is 524288
uwsgi_1       | your memory page size is 4096 bytes
uwsgi_1       |  *** WARNING: you have enabled harakiri without post buffering. Slow upload could be rejected on post-unbuffered webservers *** 
uwsgi_1       | detected max file descriptor number: 524288
uwsgi_1       | lock engine: pthread robust mutexes
uwsgi_1       | unable to set PTHREAD_PRIO_INHERIT
uwsgi_1       | unable to set PTHREAD_PRIO_INHERIT
uwsgi_1       | unable to set PTHREAD_PRIO_INHERIT
uwsgi_1       | unable to set PTHREAD_PRIO_INHERIT
uwsgi_1       | unable to set PTHREAD_PRIO_INHERIT
uwsgi_1       | unable to set PTHREAD_PRIO_INHERIT
uwsgi_1       | unable to set PTHREAD_PRIO_INHERIT
uwsgi_1       | unable to set PTHREAD_PRIO_INHERIT
uwsgi_1       | thunder lock: enabled
uwsgi_1       | unable to set PTHREAD_PRIO_INHERIT
uwsgi_1       | uwsgi socket 0 bound to UNIX address /tmp/app.sock fd     3
uwsgi_1       | Python version: 2.7.11 (default, Jan 23 2016, 12:34:14)  [GCC 5.3.0]
uwsgi_1       | *** Python threads support is disabled. You can enable it with --enable-threads ***
uwsgi_1       | Python main interpreter initialized at 0x7f680d53ab20
uwsgi_1       | your server socket listen backlog is limited to 100 connections
uwsgi_1       | your mercy for graceful operations on workers is 60 seconds
uwsgi_1       | mapped 608592 bytes (594 KB) for 5 cores
uwsgi_1       | *** Operational MODE: preforking ***
uwsgi_1       | 8888
uwsgi_1       | WWWWWW
uwsgi_1       | prod
uwsgi_1       |  * Running on http://0.0.0.0:8080/ (Press CTRL+C to quit)

我注意到这些日志消息没有显示(就像我按照上面的说明启动另一个uWSGI实例一样):

WSGI app 0 (mountpoint='') ready in 9 seconds on interpreter 0x7f6285a21b80 pid: 17 (default app)
*** uWSGI is running in multiple interpreter mode ***
spawned uWSGI master process (pid: 17)
spawned uWSGI worker 1 (pid: 24, cores: 1)
spawned uWSGI worker 2 (pid: 25, cores: 1)
spawned uWSGI worker 3 (pid: 26, cores: 1)
spawned uWSGI worker 4 (pid: 27, cores: 1)
spawned uWSGI worker 5 (pid: 28, cores: 1)
*** Stats server enabled on /tmp/app.stats.sock fd: 17 ***

两个容器仅以root身份运行,并且所有内容都由root拥有。我知道,不安全,当我把一切都运转起来时,我会改变这一点,承诺。

所以我想我的问题是为什么uWSGI不能完全启动?

编辑#1:

wsgi.py文件(我知道我可以删除if语句,在测试时它只适合我):

#!/usr/bin/env python
# coding=utf-8
from backend.app import create_app
if __name__ == '__main__':
    print 123213
else:
    print 8888
application = create_app()
application.run(host='0.0.0.0', port=8080, debug=True, use_reloader=False)

在前一个文本中调用的create_app - 函数:

def create_app(config_object=ProdConfig):
    config = 'dev'
    if config_object.ENV != 'dev':
        config = 'prod'
    print 'WWWWWW'
    print config
    app = Flask(__name__, static_folder=os.getcwd() + '/frontend/' + config, static_url_path='/s')
    app.config.from_object(config_object)
    return app

1 个答案:

答案 0 :(得分:1)

所以事实证明这是一个简单的修复,所需要的只是将wsgi.py - 文件更改为:

#!/usr/bin/env python
# coding=utf-8
from backend.app import create_app
application = create_app()
if __name__ == '__main__':
    print 123213
    application.run(host='0.0.0.0', port=8080, debug=True, use_reloader=False)
else:
    print 8888

这是因为uWSGI将调用application并创建自己的本地WSGI服务器。谢谢一堆@warmoverflow