@ -1,52 +1,31 @@
apiVersion : v1
kind : ConfigMap
metadata:
name : nginx - conf
name : nginx conf
namespace : default
data:
nginx.conf : |
user nginx;
worker_processes 3;
error_log /var/log/nginx/error.log;
pid /var/log/nginx/nginx.pid;
user nginx;
worker_processes 3;
error_log /var/log/nginx/error.log;
pid /var/log/nginx/nginx.pid;
worker_rlimit_nofile 8192;
events {
worker_connections 4096; ## Default : 1024
events {
worker_connections 4096;
}
# daemon off; # run in foreground
http {
include /etc/nginx/mime.types; # should be replaced by c4k
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] $status '
'"$request" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"' ;
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
log_format main '$remote_addr - $remote_user [$time_local] $status'
'"$request" $body_bytes_sent "$http_referer"'
'"$http_user_agent" "$http_x_forwarded_for"' ;
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
server_names_hash_bucket_size 128; # this seems to be required for some vhosts
# it might be a good idea to set a common reverse proxy
# which points to the ingress?
server_names_hash_bucket_size 128;
include /etc/nginx/conf.d/website.conf;
}
mime.types : |
types {
text/html html htm shtml;
@ -96,19 +75,14 @@ data:
video/x-ms-asf asx asf;
video/x-mng mng;
}
website.conf : |
website.conf : |
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl;
ssl_certificate /etc/certs/tls.crt;
ssl_certificate_key /etc/certs/tls.key;
server_name FQDN
# security headers
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
add_header Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *";
@ -118,12 +92,8 @@ data:
add_header Referrer-Policy "strict-origin";
# maybe need to add:
# add_header Permissions-Policy "permissions here";
root /var/www/html/website/;
# root /usr/share/nginx/html/; # testing purposes
index index.html;
try_files $uri /index.html;
}