Early work on prod container

docker/production/nginx/Dockerfile

@@ -0,0 +1,11 @@
+FROM nginx
+
+ARG API_PORT
+ARG DOCKER_PROD_DOMAIN
+
+RUN apt-get update && apt-get install -y openssl
+RUN openssl req -x509 -newkey rsa:4096 -keyout /etc/ssl/private/zeppelin-self-signed-cert.key -out /etc/ssl/certs/zeppelin-self-signed-cert.pem -days 3650 -subj "/CN=${DOCKER_PROD_DOMAIN}" -nodes
+
+COPY ./default.conf /etc/nginx/conf.d/default.conf
+RUN sed -ir "s/_API_PORT_/${API_PORT}/g" /etc/nginx/conf.d/default.conf
+RUN sed -ir "s/_DOCKER_PROD_DOMAIN_/${DOCKER_PROD_DOMAIN}/g" /etc/nginx/conf.d/default.conf

docker/production/nginx/default.conf

@@ -0,0 +1,39 @@
+server {
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+  server_name _DOCKER_PROD_DOMAIN_;
+
+  root /zeppelin/dashboard/dist;
+
+  location / {
+    index index.html;
+    try_files $uri $uri/ /index.html;
+  }
+
+  # Using a variable here stops nginx from crashing if the dev container is restarted or becomes otherwise unavailable
+  set $backend_upstream "http://api:_API_PORT_";
+
+  location /api {
+    # Remove /api/ from the beginning when passing the path to the API process
+    rewrite /api(/.*)$ $1 break;
+
+    # Using a variable in proxy_pass also requires resolver to be set.
+    # This is the address of the internal docker compose DNS server.
+    resolver 127.0.0.11;
+
+    proxy_pass $backend_upstream$uri$is_args$args;
+    proxy_redirect off;
+
+    client_max_body_size 200M;
+  }
+
+  ssl_certificate /etc/ssl/certs/zeppelin-self-signed-cert.pem;
+  ssl_certificate_key /etc/ssl/private/zeppelin-self-signed-cert.key;
+
+  ssl_session_timeout 1d;
+  ssl_session_cache shared:MozSSL:10m;
+  ssl_session_tickets off;
+
+  ssl_protocols TLSv1.3;
+  ssl_prefer_server_ciphers off;
+}