[skip-ci] WIP nginx config
parent
7e006a4780
commit
c8cbdcd3fe
@ -1,60 +1,123 @@
|
||||
# ToDo:
|
||||
# content-pfad für nginx server definieren
|
||||
# sinnvolle security policies konfigurieren
|
||||
# link nginx.conv und virtualhost.conv verstehen
|
||||
|
||||
# Roadmap aufsetzen
|
||||
# Minigoal: run nginx server, serving a simple static site
|
||||
# get correct config for static website
|
||||
# security
|
||||
# paths to rootfolder correctly defined
|
||||
# volumes correctly defined
|
||||
# nginx can access volumes
|
||||
#
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: nginx-env
|
||||
namespace: default
|
||||
data:
|
||||
nginx.conv: |
|
||||
user nginx;
|
||||
nginx.conf: |
|
||||
user nginx;
|
||||
|
||||
worker_processes 3;
|
||||
|
||||
error_log /var/log/nginx/error.log;
|
||||
|
||||
pid logs/nginx.pid;
|
||||
|
||||
worker_rlimit_nofile 8192;
|
||||
|
||||
events {
|
||||
worker_connections 10240;
|
||||
worker_connections 4096; ## Default: 1024
|
||||
}
|
||||
|
||||
daemon off; # run in foreground
|
||||
|
||||
http {
|
||||
log_format main
|
||||
'remote_addr:$remote_addr\t'
|
||||
'time_local:$time_local\t'
|
||||
'method:$request_method\t'
|
||||
'uri:$request_uri\t'
|
||||
'host:$host\t'
|
||||
'status:$status\t'
|
||||
'bytes_sent:$body_bytes_sent\t'
|
||||
'referer:$http_referer\t'
|
||||
'useragent:$http_user_agent\t'
|
||||
'forwardedfor:$http_x_forwarded_for\t'
|
||||
'request_time:$request_time';
|
||||
access_log /var/log/nginx/access.log main;
|
||||
server {
|
||||
listen 80;
|
||||
server_name _;
|
||||
location / {
|
||||
root html;
|
||||
index index.html index.htm;
|
||||
}
|
||||
}
|
||||
include /etc/nginx/virtualhost/virtualhost.conf;
|
||||
include conf/mime.types;
|
||||
|
||||
default_type application/octet-stream;
|
||||
|
||||
log_format main '$remote_addr - $remote_user [$time_local] $status '
|
||||
'"$request" $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
|
||||
access_log logs/access.log main;
|
||||
|
||||
sendfile on;
|
||||
|
||||
tcp_nopush on;
|
||||
|
||||
keepalive_timeout 65;
|
||||
|
||||
server_names_hash_bucket_size 128; # this seems to be required for some vhosts
|
||||
|
||||
# it might be a good idea to set a common reverse proxy "$http_referer"
|
||||
# which points to the ingress?
|
||||
|
||||
include /etc/nginx/conf.d/FQDN.conf # should be replaced by c4k
|
||||
}
|
||||
virtualhost.conf: |
|
||||
upstream NAME {
|
||||
server FQDN;
|
||||
keepalive 1024;
|
||||
|
||||
mime.types: |
|
||||
types {
|
||||
text/html html htm shtml;
|
||||
text/css css;
|
||||
text/xml xml rss;
|
||||
image/gif gif;
|
||||
image/jpeg jpeg jpg;
|
||||
application/x-javascript js;
|
||||
text/plain txt;
|
||||
text/x-component htc;
|
||||
text/mathml mml;
|
||||
image/png png;
|
||||
image/x-icon ico;
|
||||
image/x-jng jng;
|
||||
image/vnd.wap.wbmp wbmp;
|
||||
application/java-archive jar war ear;
|
||||
application/mac-binhex40 hqx;
|
||||
application/pdf pdf;
|
||||
application/x-cocoa cco;
|
||||
application/x-java-archive-diff jardiff;
|
||||
application/x-java-jnlp-file jnlp;
|
||||
application/x-makeself run;
|
||||
application/x-perl pl pm;
|
||||
application/x-pilot prc pdb;
|
||||
application/x-rar-compressed rar;
|
||||
application/x-redhat-package-manager rpm;
|
||||
application/x-sea sea;
|
||||
application/x-shockwave-flash swf;
|
||||
application/x-stuffit sit;
|
||||
application/x-tcl tcl tk;
|
||||
application/x-x509-ca-cert der pem crt;
|
||||
application/x-xpinstall xpi;
|
||||
application/zip zip;
|
||||
application/octet-stream deb;
|
||||
application/octet-stream bin exe dll;
|
||||
application/octet-stream dmg;
|
||||
application/octet-stream eot;
|
||||
application/octet-stream iso img;
|
||||
application/octet-stream msi msp msm;
|
||||
audio/mpeg mp3;
|
||||
audio/x-realaudio ra;
|
||||
video/mpeg mpeg mpg;
|
||||
video/quicktime mov;
|
||||
video/x-flv flv;
|
||||
video/x-msvideo avi;
|
||||
video/x-ms-wmv wmv;
|
||||
video/x-ms-asf asx asf;
|
||||
video/x-mng mng;
|
||||
}
|
||||
|
||||
FQDN.conf: |
|
||||
server {
|
||||
|
||||
listen 80 default_server;
|
||||
|
||||
listen [::]:80 default_server;
|
||||
|
||||
server_name FQDN www.FQDN;
|
||||
|
||||
root WEBSITECONTENTPATH;
|
||||
|
||||
access_log /var/log/nginx/NAME.access_log main; #ToDo: change this
|
||||
error_log /var/log/nginx/NAME.error_log;
|
||||
index index.html;
|
||||
|
||||
try_files $uri /index.html;
|
||||
|
||||
location / {
|
||||
proxy_pass http://NAME/; #ToDo: change this, how does proxy_pass work?
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue