#cloud-config # Copyright 2022 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # https://hub.docker.com/r/nginx/nginx/ # https://nginx.io/manual/toc/#installation users: - name: nginx uid: 2000 write_files: - path: /var/lib/docker/daemon.json permissions: 0644 owner: root content: | { "live-restore": true, "storage-driver": "overlay2", "log-opts": { "max-size": "1024m" } } %{~ if nginx_config != null ~} - path: /etc/nginx/conf.d/nginx.conf permissions: 0644 owner: root content: | ${indent(6, nginx_config)} %{~ endif ~} # nginx container service - path: /etc/systemd/system/nginx.service permissions: 0644 owner: root content: | [Unit] Description=Start nginx container After=gcr-online.target docker.socket Wants=gcr-online.target docker.socket docker-events-collector.service [Service] ExecStart=/usr/bin/docker run --rm --name=nginx \ --log-driver=gcplogs --network host \ %{~ if etc_mount ~} -v /etc/nginx/conf.d:/etc/nginx/conf.d \ %{~ endif ~} ${image} ExecStop=/usr/bin/docker stop nginx %{ for path, data in files } - path: ${path} owner: ${lookup(data, "owner", "root")} permissions: ${lookup(data, "permissions", "0644")} content: | ${indent(4, data.content)} %{ endfor } bootcmd: - systemctl start node-problem-detector runcmd: - iptables -I INPUT 1 -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT - systemctl daemon-reload - systemctl start nginx