Unverified Commit 65154b1a by Joseph Mulloy Committed by GitHub

Merge pull request #4673 from edx/jdmulloy/ops3164/improve_oos

Maintenance via 502/s3 OPS-3164
parents da43e464 289bebbd
...@@ -30,6 +30,8 @@ server { ...@@ -30,6 +30,8 @@ server {
error_page {{ k }} {{ v }}; error_page {{ k }} {{ v }};
{% endfor %} {% endfor %}
{% include "empty_json.j2" %}
listen {{ EDXAPP_CMS_NGINX_PORT }} {{ default_site }}; listen {{ EDXAPP_CMS_NGINX_PORT }} {{ default_site }};
{% if NGINX_ENABLE_SSL %} {% if NGINX_ENABLE_SSL %}
...@@ -66,34 +68,15 @@ error_page {{ k }} {{ v }}; ...@@ -66,34 +68,15 @@ error_page {{ k }} {{ v }};
{% include "common-settings.j2" %} {% include "common-settings.j2" %}
location @proxy_to_cms_app { location @proxy_to_cms_app {
{% if NGINX_SET_X_FORWARDED_HEADERS %} {% include "cms_proxy.j2" %}
proxy_set_header X-Forwarded-Proto $scheme; }
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $remote_addr;
{% else %}
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header X-Forwarded-Port $http_x_forwarded_port;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
{% endif %}
# newrelic-specific header records the time when nginx handles a request.
proxy_set_header X-Queue-Start "t=${msec}";
proxy_set_header Host $http_host; location @proxy_to_cms_app_api {
error_page 504 @empty_json;
error_page 502 @empty_json;
error_page 500 @empty_json;
proxy_redirect off; {% include "cms_proxy.j2" %}
proxy_pass http://cms-backend;
{% if NGINX_CMS_PROXY_CONNECT_TIMEOUT %}
proxy_connect_timeout {{ NGINX_CMS_PROXY_CONNECT_TIMEOUT }};
{% endif %}
{% if NGINX_CMS_PROXY_SEND_TIMEOUT %}
proxy_send_timeout {{ NGINX_CMS_PROXY_SEND_TIMEOUT }};
{% endif %}
{% if NGINX_CMS_PROXY_READ_TIMEOUT %}
proxy_read_timeout {{ NGINX_CMS_PROXY_READ_TIMEOUT }};
{% endif %}
{{ NGINX_EDXAPP_CMS_APP_EXTRA }}
} }
location / { location / {
...@@ -117,7 +100,7 @@ error_page {{ k }} {{ v }}; ...@@ -117,7 +100,7 @@ error_page {{ k }} {{ v }};
# uses the authorization header so we can't have # uses the authorization header so we can't have
# basic auth on it as well. # basic auth on it as well.
location /api { location /api {
try_files $uri @proxy_to_cms_app; try_files $uri @proxy_to_cms_app_api;
} }
{% if NGINX_DJANGO_ADMIN_ACCESS_CIDRS and EDXAPP_ENABLE_DJANGO_ADMIN_RESTRICTION %} {% if NGINX_DJANGO_ADMIN_ACCESS_CIDRS and EDXAPP_ENABLE_DJANGO_ADMIN_RESTRICTION %}
......
{% if NGINX_SET_X_FORWARDED_HEADERS %}
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $remote_addr;
{% else %}
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header X-Forwarded-Port $http_x_forwarded_port;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
{% endif %}
# newrelic-specific header records the time when nginx handles a request.
proxy_set_header X-Queue-Start "t=${msec}";
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://cms-backend;
{% if NGINX_CMS_PROXY_CONNECT_TIMEOUT %}
proxy_connect_timeout {{ NGINX_CMS_PROXY_CONNECT_TIMEOUT }};
{% endif %}
{% if NGINX_CMS_PROXY_SEND_TIMEOUT %}
proxy_send_timeout {{ NGINX_CMS_PROXY_SEND_TIMEOUT }};
{% endif %}
{% if NGINX_CMS_PROXY_READ_TIMEOUT %}
proxy_read_timeout {{ NGINX_CMS_PROXY_READ_TIMEOUT }};
{% endif %}
{{ NGINX_EDXAPP_CMS_APP_EXTRA }}
location @empty_json {
# This location will return an empty body with content-type application/json
# If this location is referenced by the error_page directive the
# response code will be the error response code (i.e. 502), not 200
# despite the "return 200" directive
default_type application/json;
return 200;
}
...@@ -66,7 +66,7 @@ server { ...@@ -66,7 +66,7 @@ server {
{% if NGINX_EDXAPP_ENABLE_S3_MAINTENANCE %} {% if NGINX_EDXAPP_ENABLE_S3_MAINTENANCE %}
# Do not include a 502 error in NGINX_ERROR_PAGES when # Do not include a 502 error in NGINX_ERROR_PAGES when
# NGINX_EDXAPP_ENABLE_MAINTENANCE is enabled. # NGINX_EDXAPP_ENABLE_S3_MAINTENANCE is enabled.
error_page 502 @maintenance; error_page 502 @maintenance;
...@@ -79,6 +79,8 @@ server { ...@@ -79,6 +79,8 @@ server {
error_page {{ k }} {{ v }}; error_page {{ k }} {{ v }};
{% endfor %} {% endfor %}
{% include "empty_json.j2" %}
listen {{ EDXAPP_LMS_NGINX_PORT }} {{ default_site }}; listen {{ EDXAPP_LMS_NGINX_PORT }} {{ default_site }};
{% if NGINX_ENABLE_SSL %} {% if NGINX_ENABLE_SSL %}
...@@ -128,25 +130,16 @@ error_page {{ k }} {{ v }}; ...@@ -128,25 +130,16 @@ error_page {{ k }} {{ v }};
{% endif -%} {% endif -%}
location @proxy_to_lms_app { location @proxy_to_lms_app {
{% if NGINX_SET_X_FORWARDED_HEADERS %} {% include "lms_proxy.j2" %}
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $remote_addr;
{% else %}
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header X-Forwarded-Port $http_x_forwarded_port;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
{% endif %}
# newrelic-specific header records the time when nginx handles a request.
proxy_set_header X-Queue-Start "t=${msec}";
proxy_set_header Host $http_host; }
proxy_redirect off; location @proxy_to_lms_app_api {
proxy_pass http://lms-backend; error_page 504 @empty_json;
error_page 502 @empty_json;
error_page 500 @empty_json;
{{ NGINX_EDXAPP_LMS_APP_EXTRA }} {% include "lms_proxy.j2" %}
} }
location / { location / {
...@@ -188,31 +181,31 @@ error_page {{ k }} {{ v }}; ...@@ -188,31 +181,31 @@ error_page {{ k }} {{ v }};
# uses the authorization header so we can't have # uses the authorization header so we can't have
# basic auth on it as well. # basic auth on it as well.
location /api { location /api {
try_files $uri @proxy_to_lms_app; try_files $uri @proxy_to_lms_app_api;
} }
#enterprise API #enterprise API
location /enterprise/api { location /enterprise/api {
try_files $uri @proxy_to_lms_app; try_files $uri @proxy_to_lms_app_api;
} }
# Consent API # Consent API
location /consent/api { location /consent/api {
try_files $uri @proxy_to_lms_app; try_files $uri @proxy_to_lms_app_api;
} }
# Need a separate location for the image uploads endpoint to limit upload sizes # Need a separate location for the image uploads endpoint to limit upload sizes
location ~ ^/api/profile_images/[^/]*/[^/]*/upload$ { location ~ ^/api/profile_images/[^/]*/[^/]*/upload$ {
try_files $uri @proxy_to_lms_app; try_files $uri @proxy_to_lms_app_api;
client_max_body_size {{ EDXAPP_PROFILE_IMAGE_MAX_BYTES + 1000 }}; client_max_body_size {{ EDXAPP_PROFILE_IMAGE_MAX_BYTES + 1000 }};
} }
location /notifier_api { location /notifier_api {
try_files $uri @proxy_to_lms_app; try_files $uri @proxy_to_lms_app_api;
} }
location /user_api { location /user_api {
try_files $uri @proxy_to_lms_app; try_files $uri @proxy_to_lms_app_api;
} }
# No basic auth security on the github_service_hook url, so that github can use it for cms # No basic auth security on the github_service_hook url, so that github can use it for cms
...@@ -241,6 +234,12 @@ error_page {{ k }} {{ v }}; ...@@ -241,6 +234,12 @@ error_page {{ k }} {{ v }};
# No basic auth security on the heartbeat url, so that ELB can use it # No basic auth security on the heartbeat url, so that ELB can use it
location /heartbeat { location /heartbeat {
# If /edx/var/nginx/server-static/maintenance_heartbeat.txt exists serve an
# empty 200 so the instance stays in the load balancer to serve the
# maintenance page
if (-f /edx/var/nginx/server-static/maintenance_heartbeat.txt) {
return 200;
}
try_files $uri @proxy_to_lms_app; try_files $uri @proxy_to_lms_app;
} }
......
{% if NGINX_SET_X_FORWARDED_HEADERS %}
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $remote_addr;
{% else %}
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header X-Forwarded-Port $http_x_forwarded_port;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
{% endif %}
# newrelic-specific header records the time when nginx handles a request.
proxy_set_header X-Queue-Start "t=${msec}";
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://lms-backend;
{{ NGINX_EDXAPP_LMS_APP_EXTRA }}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment