From c8cbdcd3fec4c46333cf9090783e304f167bbd38 Mon Sep 17 00:00:00 2001 From: erik Date: Fri, 9 Sep 2022 13:03:11 +0200 Subject: [PATCH] [skip-ci] WIP nginx config --- .../resources/website/nginx-configmap.yaml | 147 +++++++++++++----- .../resources/website/nginx-deployment.yaml | 12 +- 2 files changed, 112 insertions(+), 47 deletions(-) diff --git a/src/main/resources/website/nginx-configmap.yaml b/src/main/resources/website/nginx-configmap.yaml index 8564491..52cfbfb 100644 --- a/src/main/resources/website/nginx-configmap.yaml +++ b/src/main/resources/website/nginx-configmap.yaml @@ -1,60 +1,123 @@ # ToDo: -# content-pfad für nginx server definieren -# sinnvolle security policies konfigurieren -# link nginx.conv und virtualhost.conv verstehen - +# Roadmap aufsetzen +# Minigoal: run nginx server, serving a simple static site +# get correct config for static website +# security +# paths to rootfolder correctly defined +# volumes correctly defined +# nginx can access volumes +# apiVersion: v1 kind: ConfigMap metadata: name: nginx-env namespace: default data: - nginx.conv: | - user nginx; + nginx.conf: | + user nginx; + worker_processes 3; + error_log /var/log/nginx/error.log; + + pid logs/nginx.pid; + + worker_rlimit_nofile 8192; + events { - worker_connections 10240; - } - http { - log_format main - 'remote_addr:$remote_addr\t' - 'time_local:$time_local\t' - 'method:$request_method\t' - 'uri:$request_uri\t' - 'host:$host\t' - 'status:$status\t' - 'bytes_sent:$body_bytes_sent\t' - 'referer:$http_referer\t' - 'useragent:$http_user_agent\t' - 'forwardedfor:$http_x_forwarded_for\t' - 'request_time:$request_time'; - access_log /var/log/nginx/access.log main; - server { - listen 80; - server_name _; - location / { - root html; - index index.html index.htm; - } - } - include /etc/nginx/virtualhost/virtualhost.conf; - } - virtualhost.conf: | - upstream NAME { - server FQDN; - keepalive 1024; + worker_connections 4096; ## Default: 1024 } + daemon off; # run in foreground + + http { + include conf/mime.types; + + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] $status ' + '"$request" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log logs/access.log main; + + sendfile on; + + tcp_nopush on; + + keepalive_timeout 65; + + server_names_hash_bucket_size 128; # this seems to be required for some vhosts + + # it might be a good idea to set a common reverse proxy "$http_referer" + # which points to the ingress? + + include /etc/nginx/conf.d/FQDN.conf # should be replaced by c4k + } + + mime.types: | + types { + text/html html htm shtml; + text/css css; + text/xml xml rss; + image/gif gif; + image/jpeg jpeg jpg; + application/x-javascript js; + text/plain txt; + text/x-component htc; + text/mathml mml; + image/png png; + image/x-icon ico; + image/x-jng jng; + image/vnd.wap.wbmp wbmp; + application/java-archive jar war ear; + application/mac-binhex40 hqx; + application/pdf pdf; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/zip zip; + application/octet-stream deb; + application/octet-stream bin exe dll; + application/octet-stream dmg; + application/octet-stream eot; + application/octet-stream iso img; + application/octet-stream msi msp msm; + audio/mpeg mp3; + audio/x-realaudio ra; + video/mpeg mpeg mpg; + video/quicktime mov; + video/x-flv flv; + video/x-msvideo avi; + video/x-ms-wmv wmv; + video/x-ms-asf asx asf; + video/x-mng mng; + } + FQDN.conf: | server { + listen 80 default_server; + + listen [::]:80 default_server; + + server_name FQDN www.FQDN; + root WEBSITECONTENTPATH; - access_log /var/log/nginx/NAME.access_log main; #ToDo: change this - error_log /var/log/nginx/NAME.error_log; + index index.html; + + try_files $uri /index.html; - location / { - proxy_pass http://NAME/; #ToDo: change this, how does proxy_pass work? - proxy_http_version 1.1; - } } + diff --git a/src/main/resources/website/nginx-deployment.yaml b/src/main/resources/website/nginx-deployment.yaml index 7d5e3ba..35c516d 100644 --- a/src/main/resources/website/nginx-deployment.yaml +++ b/src/main/resources/website/nginx-deployment.yaml @@ -15,12 +15,12 @@ spec: ports: - containerPort: 80 volumeMounts: - - mountPath: /etc/nginx # mount nginx-conf volumn to /etc/nginx + - mountPath: /etc/nginx # mount nginx volume to /etc/nginx readOnly: true name: nginx-conf - mountPath: /var/log/nginx name: log - - mountPath: WEBSITECONTENTPATH + - mountPath: /var/www/html/FQDN name: website-content-volume volumes: - name: nginx-conf @@ -28,9 +28,11 @@ spec: name: nginx-conf # place ConfigMap `nginx-conf` on /etc/nginx items: - key: nginx.conf - path: nginx.conf - - key: virtualhost.conf - path: virtualhost/virtualhost.conf # dig directory + path: conf.d/nginx.conf + - key: FQDN.conf + path: conf.d/nginx.conf + - key: mime.types + path: mime.d/mime.types # dig directory - name: log emptyDir: {} - name: website-content-volume