hubmapconsortium
diff --git a/‎OpenAPI3-and-AWS-API-Gateway-Extensions.yaml‎
Lines changed: 4654 additions & 0 deletions b/‎OpenAPI3-and-AWS-API-Gateway-Extensions.yaml‎
Lines changed: 4654 additions & 0 deletions
diff --git a/‎VERSION‎
Lines changed: 1 addition & 1 deletion b/‎VERSION‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docker/docker-compose.dev.yml‎
Lines changed: 7 additions & 0 deletions b/‎docker/docker-compose.dev.yml‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎docker/docker-compose.localhost.yml‎
Lines changed: 0 additions & 17 deletions b/‎docker/docker-compose.localhost.yml‎
Lines changed: 0 additions & 17 deletions
diff --git a/‎docker/docker-compose.prod.yml‎
Lines changed: 8 additions & 0 deletions b/‎docker/docker-compose.prod.yml‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎docker/docker-compose.stage.yml‎
Lines changed: 8 additions & 0 deletions b/‎docker/docker-compose.stage.yml‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎docker/docker-compose.test.yml‎
Lines changed: 8 additions & 0 deletions b/‎docker/docker-compose.test.yml‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎docker/docker-compose.yml‎
Lines changed: 1 addition & 4 deletions b/‎docker/docker-compose.yml‎
Lines changed: 1 addition & 4 deletions
diff --git a/‎docker/entity-api/Dockerfile‎
Lines changed: 24 additions & 5 deletions b/‎docker/entity-api/Dockerfile‎
Lines changed: 24 additions & 5 deletions
diff --git a/‎docker/entity-api/entrypoint.sh‎
Lines changed: 9 additions & 0 deletions b/‎docker/entity-api/entrypoint.sh‎
Lines changed: 9 additions & 0 deletions
@@ -1 +1 @@
-2.0.21
+2.0.22
@@ -3,6 +3,11 @@ version: "3.7"
 services:
 
   entity-api:
+    # Map host machine port 3333 to container port 8080
+    # Only root can listen on ports below 1024, we use higher-numbered ports
+    # since nginx is running under non-root user hubmap
+    ports:
+      - "3333:8080"
     environment:
       - HOST_GID=${HOST_GID:-1000}
       - HOST_UID=${HOST_UID:-1000}
@@ -14,3 +19,5 @@ services:
       - "../BUILD:/usr/src/app/BUILD"
       # Mount the source code
       - "../src:/usr/src/app/src"
+      # Mount conf.d on host machine to the nginx conf.d on container
+      - "./entity-api/nginx/conf.d:/etc/nginx/conf.d"
@@ -12,20 +12,3 @@ services:
       - "../BUILD:/usr/src/app/BUILD"
       # Mount the source code to container
       - "../src:/usr/src/app/src"
-
-  # # Only used for local development
-  # hubmap-neo4j:
-  #   build: ./hubmap-neo4j
-  #   # Build the image with name and tag
-  #   image: hubmap-neo4j:1.1
-  #   hostname: hubmap-neo4j
-  #   container_name: hubmap-neo4j
-  #   # Use the same port mapping for dev and prod
-  #   ports:
-  #     - "7474:7474"
-  #     - "7687:7687"
-  #   volumes:
-  #     # Mount the neo4j configuration file to container
-  #     - "./hubmap-neo4j/neo4j.conf:/usr/src/app/neo4j/conf/neo4j.conf"
-  #   networks:
-  #     - gateway_hubmap
@@ -3,10 +3,18 @@ version: "3.7"
 services:
 
   entity-api:
+    # Map host machine port 3333 to container port 8080
+    # Only root can listen on ports below 1024, we use higher-numbered ports
+    # since nginx is running under non-root user hubmap
+    ports:
+      - "3333:8080"
     environment:
       - HOST_GID=${HOST_GID:-1000}
       - HOST_UID=${HOST_UID:-1000}
     init: true
     restart: always
+    volumes:
+      # Mount conf.d on host machine to the nginx conf.d on container
+      - "./entity-api/nginx/conf.d:/etc/nginx/conf.d"
 
 
@@ -3,10 +3,18 @@ version: "3.7"
 services:
 
   entity-api:
+    # Map host machine port 3333 to container port 8080
+    # Only root can listen on ports below 1024, we use higher-numbered ports
+    # since nginx is running under non-root user hubmap
+    ports:
+      - "3333:8080"
     environment:
       - HOST_GID=${HOST_GID:-1000}
       - HOST_UID=${HOST_UID:-1000}
     init: true
     restart: always
+    volumes:
+      # Mount conf.d on host machine to the nginx conf.d on container
+      - "./entity-api/nginx/conf.d:/etc/nginx/conf.d"
 
 
@@ -3,9 +3,17 @@ version: "3.7"
 services:
 
   entity-api:
+    # Map host machine port 3333 to container port 8080
+    # Only root can listen on ports below 1024, we use higher-numbered ports
+    # since nginx is running under non-root user hubmap
+    ports:
+      - "3333:8080"
     environment:
       - HOST_GID=${HOST_GID:-1000}
       - HOST_UID=${HOST_UID:-1000}
     init: true
     restart: always
+    volumes:
+      # Mount conf.d on host machine to the nginx conf.d on container
+      - "./entity-api/nginx/conf.d:/etc/nginx/conf.d"
 
@@ -15,7 +15,7 @@ services:
     hostname: entity-api
     container_name: entity-api
     healthcheck:
-      test: ["CMD", "curl", "--fail", "http://hubmap-auth:3333"]
+      test: ["CMD", "curl", "--fail", "http://localhost:8080"]
       interval: 1m30s
       timeout: 10s
       retries: 3
@@ -27,9 +27,6 @@ services:
       - "../log:/usr/src/app/log"
       # Mount the schema yaml file
       - "../src/schema/provenance_schema.yaml:/usr/src/app/src/schema/provenance_schema.yaml"
-      # Mount the file uploads tmp directory and destination directory
-      - "/hubmap-data/hm_uploads_tmp:/hubmap-data/hm_uploads_tmp"
-      - "/hubmap-data/hm_uploads:/hubmap-data/hm_uploads"
     networks:
       - gateway_hubmap
 
 
@@ -13,18 +13,37 @@ WORKDIR /usr/src/app
 # Copy from host to image
 COPY . .
 
-# Install flask app dependencies with pip (pip3 also works)
-RUN pip install -r src/requirements.txt
+# Nginx package from EPEL is old, we create a new repository file to install the latest mainline version of Nginx
+RUN echo $'[nginx-mainline]\n\
+name=nginx mainline repo\n\
+baseurl=http://nginx.org/packages/mainline/centos/7/$basearch/\n\
+gpgcheck=0\n\
+enabled=1\n'\
+>> /etc/yum.repos.d/nginx.repo
+
+# Reduce the number of layers in image by minimizing the number of separate RUN commands
+# 1 - Install nginx (using the custom yum repo specified earlier)
+# 2 - Remove the default nginx config file
+# 3 - Overwrite the nginx.conf with ours to run nginx as non-root
+# 4 - Install flask app dependencies with pip (pip3 also works)
+# 5 - Make the start script executable
+# 6 - Clean all yum cache
+RUN yum install -y nginx && \
+    rm /etc/nginx/conf.d/default.conf && \
+    mv nginx.conf /etc/nginx/nginx.conf && \
+    pip install -r src/requirements.txt && \
+    chmod +x start.sh && \
+    yum clean all 
 
 # The EXPOSE instruction informs Docker that the container listens on the specified network ports at runtime. 
 # EXPOSE does not make the ports of the container accessible to the host.
-EXPOSE 5000
+# Here 5000 is for the uwsgi socket, 8080 for nginx
+EXPOSE 5000 8080
 
 # Set an entrypoint
 COPY entrypoint.sh /usr/local/bin/entrypoint.sh
 RUN chmod +x /usr/local/bin/entrypoint.sh
 
 ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
 
-# Finally, we run uWSGI with the ini file
-CMD [ "uwsgi", "--ini", "/usr/src/app/src/uwsgi.ini" ]
+CMD ["./start.sh"]
@@ -17,6 +17,15 @@ if [ $? -ne 0 ]; then
     useradd -r -u $HOST_UID -g $HOST_GID -m hubmap
 fi
 
+# When running Nginx as a non-root user, we need to create the pid file
+# and give read and write access to /var/run/nginx.pid, /var/cache/nginx, and /var/log/nginx
+# In individual nginx *.conf, also don't listen on ports 80 or 443 because 
+# only root processes can listen to ports below 1024
+touch /var/run/nginx.pid
+chown -R hubmap:hubmap /var/run/nginx.pid
+chown -R hubmap:hubmap /var/cache/nginx
+chown -R hubmap:hubmap /var/log/nginx
+
 # Lastly we use gosu to execute our process "$@" as that user
 # Remember CMD from a Dockerfile of child image gets passed to the entrypoint.sh as command line arguments
 # "$@" is a shell variable that means "all the arguments"