TEP: Get rid of the nginx container

This TEP was first discussed here: Why Caddy + Nginx?

In a typical tutor-deployed Open edX platform, requests hit first the Caddy service, which performs SSL/TLS termination. Requests are then forwarded to nginx, and then to the various containers, which typically run uwsgi/gunicorn/unicorn internally. The nginx container does very little by itself and is almost transparent. It can actually be completely bypassed by Caddy, by simply introducing the right reverse_proxy statement.

In this TEP, we propose to get rid completely of the nginx container, and to put into place this bypass by Caddy.

A proof-of-concept is shown in this pull request to the nightly branch: feat: get rid of the nginx container and services by regisb · Pull Request #508 · overhangio/tutor · GitHub

The main difficulty with this TEP resides in the fact that Caddy will no longer perform a single task. Previously, it was used only for SSL/TLS termination. If this TEP is accepted, it will also serve as the main web server.

I would like to raise the following points of attention:

  1. Some plugin patches will have to be rewritten: this will require familiarity with the Caddyfile syntax
  2. Running an external web proxy on the host, with custom SSL/TLS certificates, is still supported; but the procedure is slightly different, as some settings are renamed. (the change is transparent and handled by the tutor configuration manager).

Because this TEP would introduce an important breaking change, it would only be merged in the upcoming Maple release, scheduled for 2021-12-08T23:00:00Z.

Please add your questions and remarks below! :arrow_heading_down:

That’s quick! I was actually thinking of submit a PR myself. I’ll go through yours and leave some comments.