Merge branch 'master' of https://github.com/hubmapconsortium/gateway …

…into test-release

hubmap-auth/nginx.conf

@@ -19,6 +19,14 @@ http {
     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                       '$status $body_bytes_sent "$http_referer" '
                       '"$http_user_agent" "$http_x_forwarded_for"';
+
+    # For better debugging upstream hubmap-auth service
+    # All time values are measured in seconds with millisecond resolution
+    log_format upstream_log '[$time_local] $remote_addr - $remote_user '
+                            '$host upstream: $upstream_addr '
+                            '"$request" $status $body_bytes_sent "$http_referer" '
+                            '$http_user_agent" "$http_x_forwarded_for" '
+                            'request_time=$request_time upstream_connect_time=$upstream_connect_time upstream_header_time=$upstream_header_time upstream_response_time=$upstream_response_time';
 
     access_log  /var/log/nginx/access.log  main;
 

nginx/conf.d-dev/hubmap-auth.conf

@@ -32,7 +32,8 @@ server {
     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
 
     # Logging to the mounted volume for outside container access
-    access_log /usr/src/app/log/nginx_access_gateway.log;
+    # Use the upstream_log log_format defiend in the main nginx.conf for better debugging
+    access_log /usr/src/app/log/nginx_access_gateway.log upstream_log;
     error_log /usr/src/app/log/nginx_error_gateway.log warn;
 
     location = /favicon.ico {
@@ -70,8 +71,8 @@ server {
         }
 
         include uwsgi_params;
-        # Use "localhost" becuase the uWSGI server is also running on the same container
-        uwsgi_pass uwsgi://localhost:5000;
+        # Use IP v4 "127.0.0.1" instead of "localhost" to avoid 502 error caused by DNS failure
+        uwsgi_pass uwsgi://127.0.0.1:5000;
     }
 }
 
@@ -90,8 +91,9 @@ server {
     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
 
     # Logging to the mounted volume for outside container access
-    access_log /usr/src/app/log/nginx_access_gateway_for_ingest-api.log;
-    error_log /usr/src/app/log/nginx_error_gateway_for_ingest-api.log warn;
+    # Use the upstream_log log_format defiend in the main nginx.conf for better debugging
+    access_log /usr/src/app/log/nginx_access_gateway_for_ingest-api_and_assets.log upstream_log;
+    error_log /usr/src/app/log/nginx_error_gateway_for_ingest-api_and_assets.log warn;
 
     location = /favicon.ico {
         alias /usr/share/nginx/html/favicon.ico;
@@ -100,8 +102,8 @@ server {
     # Pass reqeusts to the uWSGI server using the "uwsgi" protocol on port 5000
     location / { 
         include uwsgi_params;
-        # Use "localhost" becuase the uWSGI server is also running on the same container
-        uwsgi_pass uwsgi://localhost:5000;
+        # Use IP v4 "127.0.0.1" instead of "localhost" to avoid 502 error caused by DNS failure
+        uwsgi_pass uwsgi://127.0.0.1:5000;
     }
 }
 
@@ -126,8 +128,8 @@ server {
     # Pass reqeusts to the uWSGI server using the "uwsgi" protocol on port 5000
     location / { 
         include uwsgi_params;
-        # Use "localhost" becuase the uWSGI server is also running on the same container
-        uwsgi_pass uwsgi://localhost:5000;
+        # Use IP v4 "127.0.0.1" instead of "localhost" to avoid 502 error caused by DNS failure
+        uwsgi_pass uwsgi://127.0.0.1:5000;
     }
 
 }

nginx/conf.d-dev/ingest-ui.conf

@@ -31,7 +31,8 @@ server {
         # If the file named `maintenance.on` exitis under the target directory
         # proxy all the requests to that port of this same container that serves the maintenance page
         if (-f /usr/share/nginx/html/ingest-ui-maintenance/maintenance.on) {
-            proxy_pass http://localhost:5555;
+            # Use IP v4 "127.0.0.1" instead of "localhost" to avoid 502 error caused by DNS failure
+            proxy_pass http://127.0.0.1:5555;
         }
 
         # ingest-ui nginx runs as non-root, using port 8080

nginx/conf.d-dev/portal-ui.conf

@@ -31,7 +31,8 @@ server {
         # If the file named `maintenance.on` exitis under the target directory
         # proxy all the requests to that port of this same container that serves the maintenance page
         if (-f /usr/share/nginx/html/portal-ui-maintenance/maintenance.on) {
-            proxy_pass http://localhost:8888;
+            # Use IP v4 "127.0.0.1" instead of "localhost" to avoid 502 error caused by DNS failure
+            proxy_pass http://127.0.0.1:8888;
         }
 
         proxy_pass http://portal-ui;

nginx/conf.d-localhost/hubmap-auth.conf

@@ -16,7 +16,8 @@ server {
     root /usr/share/nginx/html;
 
     # Logging to the mounted volume for outside container access
-    access_log /usr/src/app/log/nginx_access_gateway.log;
+    # Use the upstream_log log_format defiend in the main nginx.conf for better debugging
+    access_log /usr/src/app/log/nginx_access_gateway.log upstream_log;
     error_log /usr/src/app/log/nginx_error_gateway.log warn;
 
     location = /favicon.ico {
@@ -54,8 +55,8 @@ server {
         }
 
         include uwsgi_params;
-        # Use "localhost" becuase the uwsgi server is also running on the same container
-        uwsgi_pass uwsgi://localhost:5000;
+        # Use IP v4 "127.0.0.1" instead of "localhost" to avoid 502 error caused by DNS failure
+        uwsgi_pass uwsgi://127.0.0.1:5000;
     }
 
 }

nginx/conf.d-prod/hubmap-auth.conf

@@ -32,7 +32,8 @@ server {
     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
 
     # Logging to the mounted volume for outside container access
-    access_log /usr/src/app/log/nginx_access_gateway.log;
+    # Use the upstream_log log_format defiend in the main nginx.conf for better debugging
+    access_log /usr/src/app/log/nginx_access_gateway.log upstream_log;
     error_log /usr/src/app/log/nginx_error_gateway.log warn;
 
     location = /favicon.ico {
@@ -70,8 +71,8 @@ server {
         }
 
         include uwsgi_params;
-        # Use "localhost" becuase the uWSGI server is also running on the same container
-        uwsgi_pass uwsgi://localhost:5000;
+        # Use IP v4 "127.0.0.1" instead of "localhost" to avoid 502 error caused by DNS failure
+        uwsgi_pass uwsgi://127.0.0.1:5000;
     }
 }
 
@@ -90,8 +91,9 @@ server {
     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
 
     # Logging to the mounted volume for outside container access
-    access_log /usr/src/app/log/nginx_access_gateway_for_ingest-api.log;
-    error_log /usr/src/app/log/nginx_error_gateway_for_ingest-api.log warn;
+    # Use the upstream_log log_format defiend in the main nginx.conf for better debugging
+    access_log /usr/src/app/log/nginx_access_gateway_for_ingest-api_and_assets.log upstream_log;
+    error_log /usr/src/app/log/nginx_error_gateway_for_ingest-api_and_assets.log warn;
 
     location = /favicon.ico {
         alias /usr/share/nginx/html/favicon.ico;
@@ -100,8 +102,8 @@ server {
     # Pass reqeusts to the uWSGI server using the "uwsgi" protocol on port 5000
     location / { 
         include uwsgi_params;
-        # Use "localhost" becuase the uWSGI server is also running on the same container
-        uwsgi_pass uwsgi://localhost:5000;
+        # Use IP v4 "127.0.0.1" instead of "localhost" to avoid 502 error caused by DNS failure
+        uwsgi_pass uwsgi://127.0.0.1:5000;
     }
 }
 
@@ -126,8 +128,8 @@ server {
     # Pass reqeusts to the uWSGI server using the "uwsgi" protocol on port 5000
     location / { 
         include uwsgi_params;
-        # Use "localhost" becuase the uWSGI server is also running on the same container
-        uwsgi_pass uwsgi://localhost:5000;
+        # Use IP v4 "127.0.0.1" instead of "localhost" to avoid 502 error caused by DNS failure
+        uwsgi_pass uwsgi://127.0.0.1:5000;
     }
 
 }

nginx/conf.d-prod/ingest-ui.conf

@@ -31,7 +31,8 @@ server {
         # If the file named `maintenance.on` exitis under the target directory
         # proxy all the requests to that port of this same container that serves the maintenance page
         if (-f /usr/share/nginx/html/ingest-ui-maintenance/maintenance.on) {
-            proxy_pass http://localhost:5555;
+            # Use IP v4 "127.0.0.1" instead of "localhost" to avoid 502 error caused by DNS failure
+            proxy_pass http://127.0.0.1:5555;
         }
 
         # ingest-ui nginx runs as non-root, using port 8080

nginx/conf.d-prod/portal-ui.conf

@@ -31,7 +31,8 @@ server {
         # If the file named `maintenance.on` exitis under the target directory
         # proxy all the requests to that port of this same container that serves the maintenance page
         if (-f /usr/share/nginx/html/portal-ui-maintenance/maintenance.on) {
-            proxy_pass http://localhost:8888;
+            # Use IP v4 "127.0.0.1" instead of "localhost" to avoid 502 error caused by DNS failure
+            proxy_pass http://127.0.0.1:8888;
         }
 
         proxy_pass http://portal-ui;

nginx/conf.d-stage/hubmap-auth.conf

@@ -32,7 +32,8 @@ server {
     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
 
     # Logging to the mounted volume for outside container access
-    access_log /usr/src/app/log/nginx_access_gateway.log;
+    # Use the upstream_log log_format defiend in the main nginx.conf for better debugging
+    access_log /usr/src/app/log/nginx_access_gateway.log upstream_log;
     error_log /usr/src/app/log/nginx_error_gateway.log warn;
 
     location = /favicon.ico {
@@ -70,8 +71,8 @@ server {
         }
 
         include uwsgi_params;
-        # Use "localhost" becuase the uWSGI server is also running on the same container
-        uwsgi_pass uwsgi://localhost:5000;
+        # Use IP v4 "127.0.0.1" instead of "localhost" to avoid 502 error caused by DNS failure
+        uwsgi_pass uwsgi://127.0.0.1:5000;
     }
 }
 
@@ -90,8 +91,9 @@ server {
     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
 
     # Logging to the mounted volume for outside container access
-    access_log /usr/src/app/log/nginx_access_gateway_for_ingest-api.log;
-    error_log /usr/src/app/log/nginx_error_gateway_for_ingest-api.log warn;
+    # Use the upstream_log log_format defiend in the main nginx.conf for better debugging
+    access_log /usr/src/app/log/nginx_access_gateway_for_ingest-api_and_assets.log upstream_log;
+    error_log /usr/src/app/log/nginx_error_gateway_for_ingest-api_and_assets.log warn;
 
     location = /favicon.ico {
         alias /usr/share/nginx/html/favicon.ico;
@@ -100,8 +102,8 @@ server {
     # Pass reqeusts to the uWSGI server using the "uwsgi" protocol on port 5000
     location / { 
         include uwsgi_params;
-        # Use "localhost" becuase the uWSGI server is also running on the same container
-        uwsgi_pass uwsgi://localhost:5000;
+        # Use IP v4 "127.0.0.1" instead of "localhost" to avoid 502 error caused by DNS failure
+        uwsgi_pass uwsgi://127.0.0.1:5000;
     }
 }
 
@@ -126,8 +128,8 @@ server {
     # Pass reqeusts to the uWSGI server using the "uwsgi" protocol on port 5000
     location / { 
         include uwsgi_params;
-        # Use "localhost" becuase the uWSGI server is also running on the same container
-        uwsgi_pass uwsgi://localhost:5000;
+        # Use IP v4 "127.0.0.1" instead of "localhost" to avoid 502 error caused by DNS failure
+        uwsgi_pass uwsgi://127.0.0.1:5000;
     }
 
 }

nginx/conf.d-stage/ingest-ui.conf

@@ -31,7 +31,8 @@ server {
         # If the file named `maintenance.on` exitis under the target directory
         # proxy all the requests to that port of this same container that serves the maintenance page
         if (-f /usr/share/nginx/html/ingest-ui-maintenance/maintenance.on) {
-            proxy_pass http://localhost:5555;
+            # Use IP v4 "127.0.0.1" instead of "localhost" to avoid 502 error caused by DNS failure
+            proxy_pass http://127.0.0.1:5555;
         }
 
         # ingest-ui nginx runs as non-root, using port 8080

nginx/conf.d-stage/portal-ui.conf

@@ -31,7 +31,8 @@ server {
         # If the file named `maintenance.on` exitis under the target directory
         # proxy all the requests to that port of this same container that serves the maintenance page
         if (-f /usr/share/nginx/html/portal-ui-maintenance/maintenance.on) {
-            proxy_pass http://localhost:8888;
+            # Use IP v4 "127.0.0.1" instead of "localhost" to avoid 502 error caused by DNS failure
+            proxy_pass http://127.0.0.1:8888;
         }
 
         proxy_pass http://portal-ui;

nginx/conf.d-test/hubmap-auth.conf

@@ -32,7 +32,8 @@ server {
     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
 
     # Logging to the mounted volume for outside container access
-    access_log /usr/src/app/log/nginx_access_gateway.log;
+    # Use the upstream_log log_format defiend in the main nginx.conf for better debugging
+    access_log /usr/src/app/log/nginx_access_gateway.log upstream_log;
     error_log /usr/src/app/log/nginx_error_gateway.log warn;
 
     location = /favicon.ico {
@@ -70,8 +71,8 @@ server {
         }
 
         include uwsgi_params;
-        # Use "localhost" becuase the uWSGI server is also running on the same container
-        uwsgi_pass uwsgi://localhost:5000;
+        # Use IP v4 "127.0.0.1" instead of "localhost" to avoid 502 error caused by DNS failure
+        uwsgi_pass uwsgi://127.0.0.1:5000;
     }
 }
 
@@ -90,8 +91,9 @@ server {
     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
 
     # Logging to the mounted volume for outside container access
-    access_log /usr/src/app/log/nginx_access_gateway_for_ingest-api.log;
-    error_log /usr/src/app/log/nginx_error_gateway_for_ingest-api.log warn;
+    # Use the upstream_log log_format defiend in the main nginx.conf for better debugging
+    access_log /usr/src/app/log/nginx_access_gateway_for_ingest-api_and_assets.log upstream_log;
+    error_log /usr/src/app/log/nginx_error_gateway_for_ingest-api_and_assets.log warn;
 
     location = /favicon.ico {
         alias /usr/share/nginx/html/favicon.ico;
@@ -100,8 +102,8 @@ server {
     # Pass reqeusts to the uWSGI server using the "uwsgi" protocol on port 5000
     location / { 
         include uwsgi_params;
-        # Use "localhost" becuase the uWSGI server is also running on the same container
-        uwsgi_pass uwsgi://localhost:5000;
+        # Use IP v4 "127.0.0.1" instead of "localhost" to avoid 502 error caused by DNS failure
+        uwsgi_pass uwsgi://127.0.0.1:5000;
     }
 }
 
@@ -127,7 +129,7 @@ server {
     location / { 
         include uwsgi_params;
         # Use "localhost" becuase the uWSGI server is also running on the same container
-        uwsgi_pass uwsgi://localhost:5000;
+        uwsgi_pass uwsgi://127.0.0.1:5000;
     }
 
 }

nginx/conf.d-test/ingest-ui.conf

@@ -31,7 +31,8 @@ server {
         # If the file named `maintenance.on` exitis under the target directory
         # proxy all the requests to that port of this same container that serves the maintenance page
         if (-f /usr/share/nginx/html/ingest-ui-maintenance/maintenance.on) {
-            proxy_pass http://localhost:5555;
+            # Use IP v4 "127.0.0.1" instead of "localhost" to avoid 502 error caused by DNS failure
+            proxy_pass http://127.0.0.1:5555;
         }
 
         # ingest-ui nginx runs as non-root, using port 8080

nginx/conf.d-test/portal-ui.conf

@@ -31,7 +31,8 @@ server {
         # If the file named `maintenance.on` exitis under the target directory
         # proxy all the requests to that port of this same container that serves the maintenance page
         if (-f /usr/share/nginx/html/portal-ui-maintenance/maintenance.on) {
-            proxy_pass http://localhost:8888;
+            # Use IP v4 "127.0.0.1" instead of "localhost" to avoid 502 error caused by DNS failure
+            proxy_pass http://127.0.0.1:8888;
         }
 
         proxy_pass http://portal-ui;