meissa/c4k-website
6
5
Fork 0
Code Issues Pull requests Projects Releases 8 Packages Wiki Activity

[skip-ci] WIP nginx config

Browse source
This commit is contained in:
erik 2022-09-09 13:03:11 +02:00
parent 7e006a4780
commit c8cbdcd3fe
2 changed files with 112 additions and 47 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

147
src/main/resources/website/nginx-configmap.yaml
View file

@ -1,60 +1,123 @@
# ToDo: # ToDo:
# content-pfad für nginx server definieren # Roadmap aufsetzen
# sinnvolle security policies konfigurieren # Minigoal: run nginx server, serving a simple static site
# link nginx.conv und virtualhost.conv verstehen # get correct config for static website
# security
# paths to rootfolder correctly defined
# volumes correctly defined
# nginx can access volumes
#
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
name: nginx-env name: nginx-env
namespace: default namespace: default
data: data:
nginx.conv: | nginx.conf: |
user nginx; user nginx;
worker_processes 3; worker_processes 3;
error_log /var/log/nginx/error.log; error_log /var/log/nginx/error.log;
pid logs/nginx.pid;
worker_rlimit_nofile 8192;
events { events {
worker_connections 10240; worker_connections 4096; ## Default: 1024
}
http {
log_format main
'remote_addr:$remote_addr\t'
'time_local:$time_local\t'
'method:$request_method\t'
'uri:$request_uri\t'
'host:$host\t'
'status:$status\t'
'bytes_sent:$body_bytes_sent\t'
'referer:$http_referer\t'
'useragent:$http_user_agent\t'
'forwardedfor:$http_x_forwarded_for\t'
'request_time:$request_time';
access_log /var/log/nginx/access.log main;
server {
listen 80;
server_name _;
location / {
root html;
index index.html index.htm;
}
}
include /etc/nginx/virtualhost/virtualhost.conf;
}
virtualhost.conf: |
upstream NAME {
server FQDN;
keepalive 1024;
} }
daemon off; # run in foreground
http {
include conf/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] $status '
'"$request" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
server_names_hash_bucket_size 128; # this seems to be required for some vhosts
# it might be a good idea to set a common reverse proxy "$http_referer"
# which points to the ingress?
include /etc/nginx/conf.d/FQDN.conf # should be replaced by c4k
}
mime.types: |
types {
text/html html htm shtml;
text/css css;
text/xml xml rss;
image/gif gif;
image/jpeg jpeg jpg;
application/x-javascript js;
text/plain txt;
text/x-component htc;
text/mathml mml;
image/png png;
image/x-icon ico;
image/x-jng jng;
image/vnd.wap.wbmp wbmp;
application/java-archive jar war ear;
application/mac-binhex40 hqx;
application/pdf pdf;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/zip zip;
application/octet-stream deb;
application/octet-stream bin exe dll;
application/octet-stream dmg;
application/octet-stream eot;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/mpeg mp3;
audio/x-realaudio ra;
video/mpeg mpeg mpg;
video/quicktime mov;
video/x-flv flv;
video/x-msvideo avi;
video/x-ms-wmv wmv;
video/x-ms-asf asx asf;
video/x-mng mng;
}
FQDN.conf: |
server { server {
listen 80 default_server; listen 80 default_server;
listen [::]:80 default_server;
server_name FQDN www.FQDN;
root WEBSITECONTENTPATH; root WEBSITECONTENTPATH;
access_log /var/log/nginx/NAME.access_log main; #ToDo: change this index index.html;
error_log /var/log/nginx/NAME.error_log;
try_files $uri /index.html;
location / {
proxy_pass http://NAME/; #ToDo: change this, how does proxy_pass work?
proxy_http_version 1.1;
}
} }

12
src/main/resources/website/nginx-deployment.yaml
View file

@ -15,12 +15,12 @@ spec:
ports: ports:
- containerPort: 80 - containerPort: 80
volumeMounts: volumeMounts:
- mountPath: /etc/nginx # mount nginx-conf volumn to /etc/nginx - mountPath: /etc/nginx # mount nginx volume to /etc/nginx
readOnly: true readOnly: true
name: nginx-conf name: nginx-conf
- mountPath: /var/log/nginx - mountPath: /var/log/nginx
name: log name: log
- mountPath: WEBSITECONTENTPATH - mountPath: /var/www/html/FQDN
name: website-content-volume name: website-content-volume
volumes: volumes:
- name: nginx-conf - name: nginx-conf
@ -28,9 +28,11 @@ spec:
name: nginx-conf # place ConfigMap `nginx-conf` on /etc/nginx name: nginx-conf # place ConfigMap `nginx-conf` on /etc/nginx
items: items:
- key: nginx.conf - key: nginx.conf
path: nginx.conf path: conf.d/nginx.conf
- key: virtualhost.conf - key: FQDN.conf
path: virtualhost/virtualhost.conf # dig directory path: conf.d/nginx.conf
- key: mime.types
path: mime.d/mime.types # dig directory
- name: log - name: log
emptyDir: {} emptyDir: {}
- name: website-content-volume - name: website-content-volume