diff --git a/bitbucket-pipelines.yml b/bitbucket-pipelines.yml index 5702233d..b59c4b3c 100644 --- a/bitbucket-pipelines.yml +++ b/bitbucket-pipelines.yml @@ -15,6 +15,7 @@ definitions: - "list-schedule-pipelines" - "update-schedule-pipelines" - "list-schedule-pipelines-run" + - "SELECT_FROM_DROP_DOWN" - name: UUID default: "ENTER_UUID_FOR_DELETION_ONLY" - name: PIPELINE_NAME @@ -107,10 +108,38 @@ definitions: default: "STATIC_FILE_NAME_TO_DEPLOY" steps: + - step: &helmpush + name: Helm package creation for env + image: + name: 716593996126.dkr.ecr.us-east-1.amazonaws.com/common-images:atlassian-default-image4.x-v02 + aws: + oidc-role: arn:aws:iam::716593996126:role/bitbucket-to-ecr + oidc: true + script: + - if [ -e setenv.sh ]; then cat setenv.sh ; source setenv.sh ; fi && echo "This is for $ENV environment" + - git clone --branch="develop" https://x-token-auth:${cswtoken}@bitbucket.org/connectamerica/common-scripts-web.git && ls -lrth + - cp -rf ./common-scripts-web/deployment/helm/* ./deployment/helm/ && ls -lrth && cd deployment/helm && ls -lrth + - if [[ "$ENV" = "dev" || "$ENV" = "qa" ]]; then DBENV="dev qa"; else DBENV="stage prod"; fi + - >- + for ENV in $DBENV; + do + export DB_PASSWORD=$(aws ssm get-parameters --names $ENV-weareconnectamerica-masterdbpass --query "Parameters[*].{Value:Value}" --output text); + export CACHE_PASSWORD=$(aws ssm get-parameters --names redis-password --query "Parameters[*].{Value:Value}" --output text); + + export DB_PASSWORD=`echo -n "$DB_PASSWORD" | base64` && sed -i "/DB_PASSWORD/c\ DB_PASSWORD:\ $DB_PASSWORD" values-$ENV.tmpl; + export CACHE_PASSWORD=`echo -n "$CACHE_PASSWORD" | base64` && sed -i "/CACHE_PASSWORD/c\ CACHE_PASSWORD:\ $CACHE_PASSWORD" values-$ENV.tmpl; + + envsubst '${VERSION}' < values-$ENV.tmpl > values-$ENV.yaml; + cat values-$ENV.yaml; + done + - envsubst '${VERSION} ${APP} ${HELMREPO}' < Chart.tmpl > Chart.yaml && echo ------------ && cat Chart.yaml + - helm package . + - aws ecr get-login-password --region us-east-1 | helm registry login --username AWS --password-stdin 716593996126.dkr.ecr.us-east-1.amazonaws.com + - helm push $HELMREPO-$VERSION-$APP.tgz oci://716593996126.dkr.ecr.us-east-1.amazonaws.com/ - step: &deploy name: deploy to $ENV environment image: - name: 716593996126.dkr.ecr.us-east-1.amazonaws.com/common-images:atlassian-default-image4.x-v01 + name: 716593996126.dkr.ecr.us-east-1.amazonaws.com/common-images:atlassian-default-image4.x-v02 aws: oidc-role: arn:aws:iam::716593996126:role/bitbucket-to-ecr oidc: true @@ -121,25 +150,11 @@ definitions: - source setenv.sh - fi - echo "This is for $ENV environment" - # importing csw-token common scripts to the workspace # - - git clone --branch="develop" https://x-token-auth:${cswtoken}@bitbucket.org/connectamerica/common-scripts-web.git && ls -lrth && cp -rf ./common-scripts-web/* . && ls -lrth - - chmod 755 ./validation.sh && ./validation.sh default && echo validation-done || exit 9 - - ls -lrth && cd build/${ENV} - - export DB_PASSWORD=$(aws ssm get-parameters --names $ENV-weareconnectamerica-masterdbpass --query "Parameters[*].{Value:Value}" --output text) - - export DB_PASSWORD=`echo -n "$DB_PASSWORD" | base64` && sed -i "/DB_PASSWORD/c\ DB_PASSWORD:\ $DB_PASSWORD" secrets.yaml - - envsubst < deployment.tpl > deployment.yaml - - cat deployment.yaml - - pipe: atlassian/aws-eks-kubectl-run:2.2.0 - variables: - AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID} - AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY} - AWS_DEFAULT_REGION: $AWS_DEFAULT_REGION - CLUSTER_NAME: $CLUSTER - KUBECTL_COMMAND: "apply" - RESOURCE_PATH: "../${ENV}" - KUBECTL_ARGS: "" - KUBECTL_APPLY_ARGS: "-f" - DEBUG: "true" + - aws eks update-kubeconfig --name caresage-eks-cluster-$ENV --region us-east-1 + - aws ecr get-login-password --region us-east-1 | helm registry login --username AWS --password-stdin 716593996126.dkr.ecr.us-east-1.amazonaws.com + - export APP="weareconnectamerica-web" + - mkdir helm && cd helm && helm pull oci://716593996126.dkr.ecr.us-east-1.amazonaws.com/$HELMREPO --version $VERSION-$APP + - tar -xzvf *$HELMREPO-$VERSION-$APP.tgz && cd $HELMREPO && helm upgrade --install --timeout 20m $APP . --namespace $APP -f values-$ENV.yaml --debug after-script: - aws eks update-kubeconfig --name caresage-eks-cluster-$ENV --region us-east-1 - sleep 10 && while kubectl get po -A |grep -i weareconnectamerica-web|egrep -i '0/1|crash|term'; do sleep 10; echo "--- still getting 0/1 or crash pods-----"; done @@ -154,7 +169,7 @@ pipelines: - step: name: vars for schedule-pipelines image: - name: 716593996126.dkr.ecr.us-east-1.amazonaws.com/common-images:atlassian-default-image4.x-v01 + name: 716593996126.dkr.ecr.us-east-1.amazonaws.com/common-images:atlassian-default-image4.x-v02 aws: oidc-role: arn:aws:iam::716593996126:role/bitbucket-to-ecr oidc: true @@ -212,7 +227,7 @@ pipelines: - step: name: vars for common-jobs-prod image: - name: 716593996126.dkr.ecr.us-east-1.amazonaws.com/common-images:atlassian-default-image4.x-v01 + name: 716593996126.dkr.ecr.us-east-1.amazonaws.com/common-images:atlassian-default-image4.x-v02 aws: oidc-role: arn:aws:iam::716593996126:role/bitbucket-to-ecr oidc: true @@ -243,7 +258,7 @@ pipelines: - step: name: vars for common-jobs-prod image: - name: 716593996126.dkr.ecr.us-east-1.amazonaws.com/common-images:atlassian-default-image4.x-v01 + name: 716593996126.dkr.ecr.us-east-1.amazonaws.com/common-images:atlassian-default-image4.x-v02 aws: oidc-role: arn:aws:iam::716593996126:role/bitbucket-to-ecr oidc: true @@ -273,7 +288,7 @@ pipelines: - step: name: vars for common-jobs-prod image: - name: 716593996126.dkr.ecr.us-east-1.amazonaws.com/common-images:atlassian-default-image4.x-v01 + name: 716593996126.dkr.ecr.us-east-1.amazonaws.com/common-images:atlassian-default-image4.x-v02 aws: oidc-role: arn:aws:iam::716593996126:role/bitbucket-to-ecr oidc: true @@ -331,7 +346,7 @@ pipelines: - step: name: vars for common-jobs-dev image: - name: 716593996126.dkr.ecr.us-east-1.amazonaws.com/common-images:atlassian-default-image4.x-v01 + name: 716593996126.dkr.ecr.us-east-1.amazonaws.com/common-images:atlassian-default-image4.x-v02 aws: oidc-role: arn:aws:iam::716593996126:role/bitbucket-to-ecr oidc: true @@ -365,7 +380,7 @@ pipelines: - step: name: vars for common-jobs qa/stage/prod image: - name: 716593996126.dkr.ecr.us-east-1.amazonaws.com/common-images:atlassian-default-image4.x-v01 + name: 716593996126.dkr.ecr.us-east-1.amazonaws.com/common-images:atlassian-default-image4.x-v02 aws: oidc-role: arn:aws:iam::716593996126:role/bitbucket-to-ecr oidc: true @@ -398,7 +413,7 @@ pipelines: - step: name: vars for subdomain image: - name: 716593996126.dkr.ecr.us-east-1.amazonaws.com/common-images:atlassian-default-image4.x-v01 + name: 716593996126.dkr.ecr.us-east-1.amazonaws.com/common-images:atlassian-default-image4.x-v02 aws: oidc-role: arn:aws:iam::716593996126:role/bitbucket-to-ecr oidc: true @@ -464,7 +479,7 @@ pipelines: 3-release: - <<: *set-variables - step: - name: "plan for the release and tag the given version." + name: "plan for the release and push the given version to helm repo" image: name: 716593996126.dkr.ecr.us-east-1.amazonaws.com/common-images:pipelines-awscli-latest-v01 aws: @@ -478,8 +493,13 @@ pipelines: - aws ecr put-image --repository-name $BITBUCKET_REPO_SLUG --image-tag $RELEASE --image-manifest "$MANIFEST" && echo ------ image $VERSION has been retagged as $RELEASE || exit 9 - echo "export VERSION=$RELEASE" >> setenv.sh - echo "export ENV=stage" >> setenv.sh + - echo "export APP="weareconnectamerica-web"" >> setenv.sh + - echo "export HELMREPO=helm-release" >> setenv.sh artifacts: # define the artifacts to be passed to each future step - setenv.sh + - step: + <<: *helmpush + name: "helmpush for stage and prod release" - step: <<: *deploy deployment: stage @@ -488,7 +508,7 @@ pipelines: - step: name: vars for prod image: - name: 716593996126.dkr.ecr.us-east-1.amazonaws.com/common-images:atlassian-default-image4.x-v01 + name: 716593996126.dkr.ecr.us-east-1.amazonaws.com/common-images:atlassian-default-image4.x-v02 aws: oidc-role: arn:aws:iam::716593996126:role/bitbucket-to-ecr oidc: true @@ -496,6 +516,8 @@ pipelines: - source release - echo "export VERSION=$RELEASE" >> setenv.sh - echo "export ENV=prod" >> setenv.sh + - echo "export APP="weareconnectamerica-web"" >> setenv.sh + - echo "export HELMREPO=helm-release" >> setenv.sh artifacts: # define the artifacts to be passed to each future step - setenv.sh - step: @@ -509,7 +531,7 @@ pipelines: - step: name: build the application and push that to dev env. image: - name: 716593996126.dkr.ecr.us-east-1.amazonaws.com/common-images:atlassian-default-image4.x-v01 + name: 716593996126.dkr.ecr.us-east-1.amazonaws.com/common-images:atlassian-default-image4.x-v02 aws: oidc-role: arn:aws:iam::716593996126:role/bitbucket-to-ecr oidc: true @@ -517,9 +539,9 @@ pipelines: # importing csw-token common scripts to the workspace # - git clone --branch="develop" https://x-token-auth:${cswtoken}@bitbucket.org/connectamerica/common-scripts-web.git && ls -lrth - cp -rf ./common-scripts-web/* . && ls -lrth && export ENV=dev - - chmod 755 ./validation.sh && ./validation.sh default + #- chmod 755 ./validation.sh && ./validation.sh default - - export IMAGE="$BITBUCKET_REPO_SLUG" && export VERSION=$BITBUCKET_BUILD_NUMBER + - export IMAGE="$BITBUCKET_REPO_SLUG" && export VERSION="$BITBUCKET_BUILD_NUMBER" && export APP="weareconnectamerica-web" - aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 716593996126.dkr.ecr.us-east-1.amazonaws.com - docker build -t ${IMAGE} . - docker tag ${IMAGE} ${IMAGE}:${VERSION} @@ -538,15 +560,21 @@ pipelines: - step: name: vars for dev image: - name: 716593996126.dkr.ecr.us-east-1.amazonaws.com/common-images:atlassian-default-image4.x-v01 + name: 716593996126.dkr.ecr.us-east-1.amazonaws.com/common-images:atlassian-default-image4.x-v02 aws: oidc-role: arn:aws:iam::716593996126:role/bitbucket-to-ecr oidc: true script: - echo "export VERSION=$BITBUCKET_BUILD_NUMBER" >> setenv.sh + - echo "export APP="weareconnectamerica-web"" >> setenv.sh - echo "export ENV=dev" >> setenv.sh + - echo "export HELMREPO=helm-develop" >> setenv.sh artifacts: # define the artifacts to be passed to each future step - setenv.sh + - step: + <<: *helmpush + name: "helmpush for dev and qa" + - step: <<: *deploy deployment: dev @@ -554,13 +582,15 @@ pipelines: - step: name: vars for qa image: - name: 716593996126.dkr.ecr.us-east-1.amazonaws.com/common-images:atlassian-default-image4.x-v01 + name: 716593996126.dkr.ecr.us-east-1.amazonaws.com/common-images:atlassian-default-image4.x-v02 aws: oidc-role: arn:aws:iam::716593996126:role/bitbucket-to-ecr oidc: true script: - echo "export VERSION=$BITBUCKET_BUILD_NUMBER" >> setenv.sh - echo "export ENV=qa" >> setenv.sh + - echo "export APP="weareconnectamerica-web"" >> setenv.sh + - echo "export HELMREPO=helm-develop" >> setenv.sh artifacts: - setenv.sh - step: diff --git a/build/dev/pvc.yml b/build/dev/pvc.yml index 01de4893..722ae51c 100755 --- a/build/dev/pvc.yml +++ b/build/dev/pvc.yml @@ -32,7 +32,7 @@ spec: storageClassName: efs-sc-dev-ecommerce resources: requests: - storage: 3Gi + storage: 5Gi --- apiVersion: v1 kind: PersistentVolumeClaim @@ -50,7 +50,7 @@ spec: storageClassName: efs-sc-dev-ecommerce resources: requests: - storage: 3Gi + storage: 5Gi --- apiVersion: v1 kind: PersistentVolumeClaim @@ -68,7 +68,7 @@ spec: storageClassName: efs-sc-dev-ecommerce resources: requests: - storage: 3Gi + storage: 5Gi --- apiVersion: v1 kind: PersistentVolumeClaim @@ -86,7 +86,7 @@ spec: storageClassName: efs-sc-dev-ecommerce resources: requests: - storage: 3Gi + storage: 5Gi --- apiVersion: v1 kind: PersistentVolumeClaim @@ -104,4 +104,4 @@ spec: storageClassName: efs-sc-dev-ecommerce resources: requests: - storage: 3Gi + storage: 5Gi diff --git a/build/dev/web-default-conf-cm.yaml b/deployment/helm/values-dev.tmpl similarity index 79% rename from build/dev/web-default-conf-cm.yaml rename to deployment/helm/values-dev.tmpl index cd5b0a7b..99a84663 100644 --- a/build/dev/web-default-conf-cm.yaml +++ b/deployment/helm/values-dev.tmpl @@ -1,17 +1,135 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: weareconnectamerica-web-default-conf-cm - namespace: weareconnectamerica-web - annotations: - meta.helm.sh/release-name: weareconnectamerica-web - meta.helm.sh/release-namespace: weareconnectamerica-web - labels: - app.kubernetes.io/managed-by: Helm - app: weareconnectamerica-web -data: - default.conf: | +replicaCount: 1 +appName: weareconnectamerica-web +image: + repository: 716593996126.dkr.ecr.us-east-1.amazonaws.com/medicalalert-web-reloaded +imagetag: $VERSION +environment: "dev" +imagePullSecret: regcred +# ------------------------ +isDev: true +# ------------- +nameOverride: weareconnectamerica +fullnameOverride: weareconnectamerica-web +# ------------------------------- +limits: + cpu: 2000m + memory: 4096Mi + ephemeralstorage: 6Gi +requests: + cpu: 500m + memory: 1024Mi + ephemeralstorage: 1Gi + # ----------------------------- +storagequota: + requestsephemeralstorage: 2Gi + limitsephemeralstorage: 20Gi + enable: true +# ------------------ +volumeMounts: +- mountPath: /usr/share/nginx/subdomain/www/wp-content/uploads + name: persistent-storage +- mountPath: /usr/share/nginx/subdomain/dev01 + name: persistent-storage-dev01 +- mountPath: /usr/share/nginx/subdomain/dev02 + name: persistent-storage-dev02 +- mountPath: /usr/share/nginx/subdomain/dev03 + name: persistent-storage-dev03 +- mountPath: /usr/share/nginx/subdomain/dev04 + name: persistent-storage-dev04 +- mountPath: /usr/share/nginx/subdomain/dev05 + name: persistent-storage-dev05 +- mountPath: /etc/nginx/conf.d/ + name: default-conf +- mountPath: /usr/share/nginx/subdomain/www/wp-content/wflogs + name: empty-dir +- mountPath: /usr/share/nginx/subdomain/dev01/wp-content/wflogs + name: empty-dir +- mountPath: /usr/share/nginx/subdomain/dev02/wp-content/wflogs + name: empty-dir +- mountPath: /usr/share/nginx/subdomain/dev03/wp-content/wflogs + name: empty-dir +- mountPath: /usr/share/nginx/subdomain/dev04/wp-content/wflogs + name: empty-dir +- mountPath: /usr/share/nginx/subdomain/dev05/wp-content/wflogs + name: empty-dir +volumes: +- name: persistent-storage + persistentVolumeClaim: + claimName: efs-claim-weareconnectamerica +- name: persistent-storage-dev01 + persistentVolumeClaim: + claimName: efs-claim-weareconnectamerica-dev01 +- name: persistent-storage-dev02 + persistentVolumeClaim: + claimName: efs-claim-weareconnectamerica-dev02 +- name: persistent-storage-dev03 + persistentVolumeClaim: + claimName: efs-claim-weareconnectamerica-dev03 +- name: persistent-storage-dev04 + persistentVolumeClaim: + claimName: efs-claim-weareconnectamerica-dev04 +- name: persistent-storage-dev05 + persistentVolumeClaim: + claimName: efs-claim-weareconnectamerica-dev05 +- name: default-conf + configMap: + defaultMode: 420 + name: weareconnectamerica-web-default-conf-cm +- emptyDir: {} + name: empty-dir +#------------------------- +pvcnames: + - "" + - "-dev01" + - "-dev02" + - "-dev03" + - "-dev04" + - "-dev05" + +#------------------------------------------ +restartAt: "2023-06-08T17:04:19-04:00" + +#---------------------------- +configmap: + enabled: true + data: + DB_HOST: dev-weareconnectamerica-ecommerce.c5om7w6xopq1.us-east-1.rds.amazonaws.com + ENV: dev + WP_DEBUG: "false" + DB_CHARSET: utf8 + DB_COLLATE: utf8_general_ci + CACHE_HOST: master.redis-cache-all-be-caresage.cqsmse.use1.cache.amazonaws.com + CACHE_PORT: "6379" + DB_NAME: "www" + DB_USER: "pantheon" +# --------------------------------- +secret: + enabled: true + data: + CACHE_PASSWORD: xxxxxxxxxxxxxxxxxxxxxxxx + DB_PASSWORD: xxxxxxxxxxxxxxxxxxxxxxx + TOKEN: QVRDVFQzeEZmR04wUUI5VHlrR0RDYXo0LXFrc2xGTUlDbjlOYXltZjdxVUxlZmRoT3ZMNnRtMmJnRW91TmRRRXd4ODRDeUxuWEtac0ZDRkQ3NXJIdnRFdEhMZEdTZzlkNGt2V1UwUXlvZEFjX19QRUZtLWdBNVJOVVo0cDhMVndCUXhBQXB3N0UyR2RyUFBPQ1ROckZlQWItaGpjMTZZMmRfZWlzWUZkNGNMNzM4UVB6RVBFaU5vPTY1MkY0MzlE +# ------------------------- +service: + serviceName: weareconnectamerica-web + serviceType: NodePort + servicePort: 80 + serviceTargetPort: 80 + serviceNodePort: 30845 +# ----------------------- +hpa: + deploymentName: weareconnectamerica-web + enabled: true + minReplicas: 1 + maxReplicas: 1 + cpuTargetAverageValue: "90" +#----------------------------- + +config: + default: | + # PLW-49 ----------------- + client_max_body_size 512m; # --------------------- fastcgi_cache_path /usr/share/nginx/subdomain/www/wp-content/uploads/cache levels=1:2 keys_zone=MYAPP:100m inactive=60m; fastcgi_cache_key "https$request_method$host$request_uri$cookie_SESScampaignphone$cookie_SESScampaignid"; @@ -27,49 +145,43 @@ data: fastcgi_cache_lock on; #fastcgi_index index.php; # -------------------------------- - + # Only cache positive responses proxy_cache_valid 200 1h; proxy_cache_valid 301 302 0m; server { - - # -------------------------- + # -------------------------- client_max_body_size 512m; # ------------------------------- - listen 80 default; ## listen for ipv4; this line is default and implied listen [::]:80 default ipv6only=on; ## listen for ipv6 server_name dev-weareconnectamerica.com ""; - return 301 https://www.dev-weareconnectamerica.com$request_uri; root /usr/share/nginx/subdomain/www; index index.php index.html index.htm; - } - - subdomain.conf: | - + subdomain: | server { - #----------------------------- + #----------------------------- client_max_body_size 512m; # ------------------------ client_body_timeout 1200; client_header_timeout 600; # --------------------------- - listen 80; listen [::]:80; + server_name ~^(?.+)\.dev-weareconnectamerica\.com$; if ($http_x_forwarded_proto != 'https') { return 301 https://$host$request_uri; } - + root /usr/share/nginx/subdomain/$subdomain-web; index index.php index.html index.htm; sendfile off; @@ -112,7 +224,6 @@ data: set $no_cache 1; } - # Don't use the cache for logged in users or recent commenters if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") { set $no_cache 1; @@ -133,25 +244,29 @@ data: fastcgi_param SUBDOMAIN $subdomain; # $_SERVER["SUBDOMAIN"] include fastcgi_params; fastcgi_cache MYAPP; - fastcgi_cache_valid 200 60m; + fastcgi_cache_valid 200 60m; fastcgi_cache_valid 301 302 0m; - fastcgi_cache_valid any 1m; + fastcgi_cache_valid any 1m; fastcgi_cache_bypass $no_cache; fastcgi_no_cache $no_cache; } + # redirect server error pages to the static page /50x.html - # + # --------------------------------------------------------- + + error_page 500 502 503 504 /500.html; location = /500.html { root /usr/share/nginx/subdomain/$subdomain-web; add_header Cache-Control "no-cache" always; } - # pass the PHP scripts to FastCGI server listening on socket - # - #~ \.php$ + + # pass the PHP scripts to FastCGI server listening on socket ~ \.php$ + # + location ~ [^/]\.php(/|$) { proxy_set_header X-Forwarded-Proto $scheme; try_files $uri $uri/ /index.php?$args; @@ -169,11 +284,12 @@ data: fastcgi_cache MYAPP; fastcgi_cache_valid 200 60m; fastcgi_cache_valid 301 302 0m; - fastcgi_cache_valid any 1m; + fastcgi_cache_valid any 1m; fastcgi_cache_bypass $no_cache; fastcgi_no_cache $no_cache; } + location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ { expires 7d; proxy_set_header X-Forwarded-Proto $scheme; @@ -188,7 +304,8 @@ data: } # deny access to . files, for security - # + # --------------------------------------- + location ~ /\. { log_not_found off; deny all; @@ -196,25 +313,23 @@ data: } - www.conf: | - + www: | server { - #----------------------------- + #----------------------------- client_max_body_size 512m; # ------------------------ client_body_timeout 1200; client_header_timeout 600; # --------------------------- - listen 80; listen [::]:80; - + server_name www.dev-weareconnectamerica.com; if ($http_x_forwarded_proto != 'https') { return 301 https://$host$request_uri; } - + root /usr/share/nginx/subdomain/www; index index.php index.html index.htm; sendfile off; @@ -257,7 +372,6 @@ data: set $no_cache 1; } - # Don't use the cache for logged in users or recent commenters if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") { set $no_cache 1; @@ -286,17 +400,20 @@ data: } + # redirect server error pages to the static page /50x.html - # + # --------------------------------------------------------- + error_page 500 502 503 504 /500.html; location = /500.html { root /usr/share/nginx/subdomain/www; add_header Cache-Control "no-cache" always; } - # pass the PHP scripts to FastCGI server listening on socket - # - #~ \.php$ + + # pass the PHP scripts to FastCGI server listening on socket ~ \.php$ + # + location ~ [^/]\.php(/|$) { proxy_set_header X-Forwarded-Proto $scheme; try_files $uri $uri/ /index.php?$args; @@ -333,33 +450,31 @@ data: } # deny access to . files, for security - # + # --------------------------------------- + location ~ /\. { log_not_found off; deny all; } } - - dev01.conf: | - + dev01: | server { - #----------------------------- + #----------------------------- client_max_body_size 512m; # ------------------------ client_body_timeout 1200; client_header_timeout 600; # --------------------------- - listen 80; listen [::]:80; - + server_name dev01.dev-weareconnectamerica.com; if ($http_x_forwarded_proto != 'https') { return 301 https://$host$request_uri; } - + root /usr/share/nginx/subdomain/dev01; index index.php index.html index.htm; sendfile off; @@ -423,25 +538,28 @@ data: fastcgi_param SUBDOMAIN dev01; # $_SERVER["SUBDOMAIN"] include fastcgi_params; fastcgi_cache MYAPP; - fastcgi_cache_valid 200 60m; + fastcgi_cache_valid 200 60m; fastcgi_cache_valid 301 302 0m; - fastcgi_cache_valid any 1m; + fastcgi_cache_valid any 1m; fastcgi_cache_bypass $no_cache; fastcgi_no_cache $no_cache; } + # redirect server error pages to the static page /50x.html - # + # --------------------------------------------------------- + error_page 500 502 503 504 /500.html; location = /500.html { root /usr/share/nginx/subdomain/dev01; add_header Cache-Control "no-cache" always; } - # pass the PHP scripts to FastCGI server listening on socket - # - #~ \.php$ + + # pass the PHP scripts to FastCGI server listening on socket ~ \.php$ + # + location ~ [^/]\.php(/|$) { proxy_set_header X-Forwarded-Proto $scheme; try_files $uri $uri/ /index.php?$args; @@ -457,13 +575,14 @@ data: fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_cache MYAPP; - fastcgi_cache_valid 200 60m; + fastcgi_cache_valid 200 60m; fastcgi_cache_valid 301 302 0m; - fastcgi_cache_valid any 1m; + fastcgi_cache_valid any 1m; fastcgi_cache_bypass $no_cache; fastcgi_no_cache $no_cache; } + location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ { expires 7d; proxy_set_header X-Forwarded-Proto $scheme; @@ -478,7 +597,8 @@ data: } # deny access to . files, for security - # + # --------------------------------------- + location ~ /\. { log_not_found off; deny all; @@ -486,9 +606,7 @@ data: } - - localhost.conf: | - + localhost: | server { client_max_body_size 512m; listen 80; @@ -547,8 +665,8 @@ data: fastcgi_param SUBDOMAIN www; # $_SERVER["SUBDOMAIN"] include fastcgi_params; fastcgi_cache MYAPP; - fastcgi_cache_valid 200 302 60m; - fastcgi_cache_valid 301 1h; + fastcgi_cache_valid 200 60m; + fastcgi_cache_valid 301 302 0m; fastcgi_cache_valid any 1m; fastcgi_cache_bypass $no_cache; fastcgi_no_cache $no_cache; @@ -580,18 +698,19 @@ data: fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SUBDOMAIN www; # $_SERVER["SUBDOMAIN"] fastcgi_cache MYAPP; - fastcgi_cache_valid 200 302 60m; - fastcgi_cache_valid 301 1h; - fastcgi_cache_valid any 1m; + fastcgi_cache_valid 200 60m; + fastcgi_cache_valid 301 302 0m; + fastcgi_cache_valid any 1m; fastcgi_cache_bypass $no_cache; fastcgi_no_cache $no_cache; } location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { + expires 7d; proxy_set_header X-Forwarded-Proto $scheme; fastcgi_cache MYAPP; - fastcgi_cache_valid 200 302 60m; - fastcgi_cache_valid 301 1h; + fastcgi_cache_valid 200 60m; + fastcgi_cache_valid 301 302 0m; fastcgi_cache_valid any 1m; proxy_cache_background_update on; proxy_cache_lock on; @@ -603,7 +722,7 @@ data: log_not_found off; deny all; } - + location ~ ^/(status|ping)$ { access_log off; allow 127.0.0.1; diff --git a/build/prod/web-default-conf-cm.yaml b/deployment/helm/values-prod.tmpl similarity index 75% rename from build/prod/web-default-conf-cm.yaml rename to deployment/helm/values-prod.tmpl index 276a2d49..1e01ab95 100644 --- a/build/prod/web-default-conf-cm.yaml +++ b/deployment/helm/values-prod.tmpl @@ -1,18 +1,92 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: weareconnectamerica-web-default-conf-cm - namespace: weareconnectamerica-web - annotations: - meta.helm.sh/release-name: weareconnectamerica-web - meta.helm.sh/release-namespace: weareconnectamerica-web - labels: - app.kubernetes.io/managed-by: Helm - app: weareconnectamerica-web -data: - default.conf: | +replicaCount: 3 +appName: weareconnectamerica-web +image: + repository: 716593996126.dkr.ecr.us-east-1.amazonaws.com/medicalalert-web-reloaded +imagetag: $VERSION +environment: "prod" +imagePullSecret: regcred +# ------------------------ +isDev: false +# ------------- +nameOverride: weareconnectamerica +fullnameOverride: weareconnectamerica-web +# ------------------------------- +limits: + cpu: 1000m + memory: 3072Mi +requests: + cpu: 300m + memory: 700Mi + # ----------------------------- +storagequota: + requestsephemeralstorage: 2Gi + limitsephemeralstorage: 20Gi + enable: false +# ------------------ +volumeMounts: +- mountPath: /usr/share/nginx/subdomain/www/wp-content/uploads + name: persistent-storage +- mountPath: /etc/nginx/conf.d/ + name: default-conf +- mountPath: /usr/share/nginx/subdomain/www/wp-content/wflogs + name: empty-dir - # --------------------- + +volumes: +- name: persistent-storage + persistentVolumeClaim: + claimName: efs-claim-weareconnectamerica +- name: default-conf + configMap: + defaultMode: 420 + name: weareconnectamerica-web-default-conf-cm +- emptyDir: {} + name: empty-dir + +#------------------------- +pvcnames: + - "" +#------------------------------------------ +restartAt: "2023-06-08T17:04:19-04:00" + +#---------------------------- +configmap: + enabled: true + data: + DB_HOST: prod-weareconnectamerica-ecommerce.c5om7w6xopq1.us-east-1.rds.amazonaws.com + ENV: prod + WP_DEBUG: "false" + DB_CHARSET: utf8 + DB_COLLATE: utf8_general_ci + CACHE_HOST: master.redis-cache-all-be-caresage.cqsmse.use1.cache.amazonaws.com + CACHE_PORT: "6379" + DB_NAME: "www" + DB_USER: "pantheon" +# --------------------------------- +secret: + enabled: true + data: + CACHE_PASSWORD: xxxxxxxxxxxxxxxxxxxxxxxx + DB_PASSWORD: xxxxxxxxxxxx + TOKEN: QVRDVFQzeEZmR04wUUI5VHlrR0RDYXo0LXFrc2xGTUlDbjlOYXltZjdxVUxlZmRoT3ZMNnRtMmJnRW91TmRRRXd4ODRDeUxuWEtac0ZDRkQ3NXJIdnRFdEhMZEdTZzlkNGt2V1UwUXlvZEFjX19QRUZtLWdBNVJOVVo0cDhMVndCUXhBQXB3N0UyR2RyUFBPQ1ROckZlQWItaGpjMTZZMmRfZWlzWUZkNGNMNzM4UVB6RVBFaU5vPTY1MkY0MzlE +# ------------------------- +service: + serviceName: weareconnectamerica-web + serviceType: NodePort + servicePort: 80 + serviceTargetPort: 80 + serviceNodePort: 30845 +# ----------------------- +hpa: + deploymentName: weareconnectamerica-web + enabled: true + minReplicas: 3 + maxReplicas: 6 + cpuTargetAverageValue: "90" +#----------------------------- + +config: + default: | fastcgi_cache_path /usr/share/nginx/subdomain/www/wp-content/uploads/cache levels=1:2 keys_zone=MYAPP:100m inactive=60m; fastcgi_cache_key "https$request_method$host$request_uri$cookie_SESScampaignphone$cookie_SESScampaignid"; fastcgi_cache_use_stale error timeout invalid_header http_500; @@ -33,11 +107,9 @@ data: proxy_cache_valid 301 302 0m; server { - - # -------------------------- + # -------------------------- client_max_body_size 512m; # ------------------------------- - listen 80 default; ## listen for ipv4; this line is default and implied listen [::]:80 default ipv6only=on; ## listen for ipv6 @@ -47,29 +119,14 @@ data: root /usr/share/nginx/subdomain/www; index index.php index.html index.htm; - } - medicalhomealert.conf: | + subdomain: | server { - listen 80; ## listen for ipv4; this line is default and implied - listen [::]:80; ## listen for ipv6 - server_name medicalhomealert.com www.medicalhomealert.com; - - return 301 https://www.weareconnectamerica.com; - - root /usr/share/nginx/subdomain/www; - index index.php index.html index.htm; - - } - - subdomain.conf: | - - server { - #----------------------------- + #----------------------------- client_max_body_size 512m; - # ------------------------ + # ------------------------ listen 80; listen [::]:80; @@ -118,10 +175,10 @@ data: #Don't cache the following URLs if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|sitemap(_index)?.xml|wp-login.php|/medical-shipping.*|/medical-order.*|/medical-profile.*|/medical-thank.*") { + set $no_cache 1; } - # Don't use the cache for logged in users or recent commenters if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") { set $no_cache 1; @@ -142,25 +199,27 @@ data: fastcgi_param SUBDOMAIN $subdomain; # $_SERVER["SUBDOMAIN"] include fastcgi_params; fastcgi_cache MYAPP; - fastcgi_cache_valid 200 60m; + fastcgi_cache_valid 200 60m; fastcgi_cache_valid 301 302 0m; - fastcgi_cache_valid any 1m; + fastcgi_cache_valid any 1m; fastcgi_cache_bypass $no_cache; fastcgi_no_cache $no_cache; } + # redirect server error pages to the static page /50x.html - # + # --------------------------------------------------------- + error_page 500 502 503 504 /500.html; location = /500.html { root /usr/share/nginx/subdomain/$subdomain; add_header Cache-Control "no-cache" always; } - # pass the PHP scripts to FastCGI server listening on socket - # - #~ \.php$ + + # pass the PHP scripts to FastCGI server listening on socket ~ #\.php$ + location ~ [^/]\.php(/|$) { proxy_set_header X-Forwarded-Proto $scheme; try_files $uri $uri/ /index.php?$args; @@ -176,20 +235,21 @@ data: fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_cache MYAPP; - fastcgi_cache_valid 200 60m; + fastcgi_cache_valid 200 60m; fastcgi_cache_valid 301 302 0m; - fastcgi_cache_valid any 1m; + fastcgi_cache_valid any 1m; fastcgi_cache_bypass $no_cache; fastcgi_no_cache $no_cache; } + location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ { expires 7d; proxy_set_header X-Forwarded-Proto $scheme; fastcgi_cache MYAPP; - fastcgi_cache_valid 200 60m; + fastcgi_cache_valid 200 60m; fastcgi_cache_valid 301 302 0m; - fastcgi_cache_valid any 1m; + fastcgi_cache_valid any 1m; proxy_cache_background_update on; proxy_cache_lock on; fastcgi_cache_bypass $no_cache; @@ -197,16 +257,16 @@ data: } # deny access to . files, for security - # + # --------------------------------------- + location ~ /\. { log_not_found off; deny all; } } - - localhost.conf: | + localhost: | server { client_max_body_size 512m; listen 80; @@ -248,6 +308,7 @@ data: #Don't cache the following URLs if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|sitemap(_index)?.xml|wp-login.php|/medical-shipping.*|/medical-order.*|/medical-profile.*|/medical-thank.*") { + set $no_cache 1; } @@ -266,6 +327,7 @@ data: include fastcgi_params; fastcgi_cache MYAPP; fastcgi_cache_valid 200 5m; + fastcgi_cache_valid 301 302 0m; fastcgi_cache_valid any 1m; fastcgi_cache_bypass $no_cache; fastcgi_no_cache $no_cache; @@ -297,16 +359,19 @@ data: fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SUBDOMAIN www; # $_SERVER["SUBDOMAIN"] fastcgi_cache MYAPP; - fastcgi_cache_valid 200 60m; - fastcgi_cache_valid any 1m; + fastcgi_cache_valid 200 60m; + fastcgi_cache_valid 301 302 0m; + fastcgi_cache_valid any 1m; fastcgi_cache_bypass $no_cache; fastcgi_no_cache $no_cache; } location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { + expires 7d; proxy_set_header X-Forwarded-Proto $scheme; fastcgi_cache MYAPP; - fastcgi_cache_valid 200 60m; + fastcgi_cache_valid 200 60m; + fastcgi_cache_valid 301 302 0m; fastcgi_cache_valid any 1m; proxy_cache_background_update on; proxy_cache_lock on; @@ -318,7 +383,7 @@ data: log_not_found off; deny all; } - + location ~ ^/(status|ping)$ { access_log off; allow 127.0.0.1; diff --git a/build/qa/web-default-conf-cm.yaml b/deployment/helm/values-qa.tmpl similarity index 77% rename from build/qa/web-default-conf-cm.yaml rename to deployment/helm/values-qa.tmpl index 34e21d0c..a3c8bb95 100644 --- a/build/qa/web-default-conf-cm.yaml +++ b/deployment/helm/values-qa.tmpl @@ -1,17 +1,92 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: weareconnectamerica-web-default-conf-cm - namespace: weareconnectamerica-web - annotations: - meta.helm.sh/release-name: weareconnectamerica-web - meta.helm.sh/release-namespace: weareconnectamerica-web - labels: - app.kubernetes.io/managed-by: Helm - app: weareconnectamerica-web -data: - default.conf: | +replicaCount: 2 +appName: weareconnectamerica-web +image: + repository: 716593996126.dkr.ecr.us-east-1.amazonaws.com/medicalalert-web-reloaded +imagetag: $VERSION +environment: "qa" +imagePullSecret: regcred +# ------------------------ +isDev: false +# ------------- +nameOverride: weareconnectamerica +fullnameOverride: weareconnectamerica-web +# ------------------------------- +limits: + cpu: 500m + memory: 1024Mi +requests: + cpu: 300m + memory: 700Mi + # ----------------------------- +storagequota: + requestsephemeralstorage: 2Gi + limitsephemeralstorage: 20Gi + enable: false +# ------------------ +volumeMounts: +- mountPath: /usr/share/nginx/subdomain/www/wp-content/uploads + name: persistent-storage +- mountPath: /etc/nginx/conf.d/ + name: default-conf +- mountPath: /usr/share/nginx/subdomain/www/wp-content/wflogs + name: empty-dir + +volumes: +- name: persistent-storage + persistentVolumeClaim: + claimName: efs-claim-weareconnectamerica +- name: default-conf + configMap: + defaultMode: 420 + name: weareconnectamerica-web-default-conf-cm +- emptyDir: {} + name: empty-dir + +#------------------------- +pvcnames: + - "" +#------------------------------------------ +restartAt: "2023-06-08T17:04:19-04:00" + +#---------------------------- +configmap: + enabled: true + data: + DB_HOST: qa-weareconnectamerica-ecommerce.c5om7w6xopq1.us-east-1.rds.amazonaws.com + ENV: qa + WP_DEBUG: "false" + DB_CHARSET: utf8 + DB_COLLATE: utf8_general_ci + CACHE_HOST: master.redis-cache-all-be-caresage.cqsmse.use1.cache.amazonaws.com + CACHE_PORT: "6379" + DB_NAME: "www" + DB_USER: "pantheon" +# --------------------------------- +secret: + enabled: true + data: + CACHE_PASSWORD: xxxxxxxxxxx + DB_PASSWORD: xxxxxxxxxxxxxx + TOKEN: QVRDVFQzeEZmR04wUUI5VHlrR0RDYXo0LXFrc2xGTUlDbjlOYXltZjdxVUxlZmRoT3ZMNnRtMmJnRW91TmRRRXd4ODRDeUxuWEtac0ZDRkQ3NXJIdnRFdEhMZEdTZzlkNGt2V1UwUXlvZEFjX19QRUZtLWdBNVJOVVo0cDhMVndCUXhBQXB3N0UyR2RyUFBPQ1ROckZlQWItaGpjMTZZMmRfZWlzWUZkNGNMNzM4UVB6RVBFaU5vPTY1MkY0MzlE +# ------------------------- +service: + serviceName: weareconnectamerica-web + serviceType: NodePort + servicePort: 80 + serviceTargetPort: 80 + serviceNodePort: 30845 +# ----------------------- +hpa: + deploymentName: weareconnectamerica-web + enabled: true + minReplicas: 1 + maxReplicas: 2 + cpuTargetAverageValue: "90" +#----------------------------- + +config: + default: | # --------------------- fastcgi_cache_path /usr/share/nginx/subdomain/www/wp-content/uploads/cache levels=1:2 keys_zone=MYAPP:100m inactive=60m; fastcgi_cache_key "https$request_method$host$request_uri$cookie_SESScampaignphone$cookie_SESScampaignid"; @@ -27,39 +102,33 @@ data: fastcgi_cache_lock on; #fastcgi_index index.php; # -------------------------------- - + # Only cache positive responses proxy_cache_valid 200 1h; proxy_cache_valid 301 302 0m; server { - - # -------------------------- + # -------------------------- client_max_body_size 512m; # ------------------------------- - listen 80 default; ## listen for ipv4; this line is default and implied listen [::]:80 default ipv6only=on; ## listen for ipv6 server_name qa-weareconnectamerica.com ""; - return 301 https://www.qa-weareconnectamerica.com$request_uri; root /usr/share/nginx/subdomain/www; index index.php index.html index.htm; - } - - subdomain.conf: | - + subdomain: | server { - #----------------------------- + #----------------------------- client_max_body_size 512m; # ------------------------ - listen 80; listen [::]:80; + server_name ~^(?.+)\.qa-weareconnectamerica\.com$; @@ -67,6 +136,7 @@ data: return 301 https://$host$request_uri; } + root /usr/share/nginx/subdomain/$subdomain; index index.php index.html index.htm; sendfile off; @@ -105,10 +175,10 @@ data: #Don't cache the following URLs if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|sitemap(_index)?.xml|wp-login.php|/medical-shipping.*|/medical-order.*|/medical-profile.*|/medical-thank.*") { + set $no_cache 1; } - # Don't use the cache for logged in users or recent commenters if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") { set $no_cache 1; @@ -137,17 +207,20 @@ data: } + # redirect server error pages to the static page /50x.html # + error_page 500 502 503 504 /500.html; location = /500.html { root /usr/share/nginx/subdomain/$subdomain; add_header Cache-Control "no-cache" always; } - # pass the PHP scripts to FastCGI server listening on socket - # - #~ \.php$ + + # pass the PHP scripts to FastCGI server listening on socket ~ \.php$ + # + location ~ [^/]\.php(/|$) { proxy_set_header X-Forwarded-Proto $scheme; try_files $uri $uri/ /index.php?$args; @@ -165,11 +238,12 @@ data: fastcgi_cache MYAPP; fastcgi_cache_valid 200 60m; fastcgi_cache_valid 301 302 0m; - fastcgi_cache_valid any 1m; + fastcgi_cache_valid any 1m; fastcgi_cache_bypass $no_cache; fastcgi_no_cache $no_cache; } + location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ { expires 7d; proxy_set_header X-Forwarded-Proto $scheme; @@ -184,16 +258,16 @@ data: } # deny access to . files, for security - # + # --------------------------------------- + location ~ /\. { log_not_found off; deny all; } } - - localhost.conf: | + localhost: | server { client_max_body_size 512m; listen 80; @@ -252,8 +326,8 @@ data: fastcgi_param SUBDOMAIN www; # $_SERVER["SUBDOMAIN"] include fastcgi_params; fastcgi_cache MYAPP; - fastcgi_cache_valid 200 302 60m; - fastcgi_cache_valid 301 1h; + fastcgi_cache_valid 200 60m; + fastcgi_cache_valid 301 302 0m; fastcgi_cache_valid any 1m; fastcgi_cache_bypass $no_cache; fastcgi_no_cache $no_cache; @@ -285,18 +359,19 @@ data: fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SUBDOMAIN www; # $_SERVER["SUBDOMAIN"] fastcgi_cache MYAPP; - fastcgi_cache_valid 200 302 60m; - fastcgi_cache_valid 301 1h; - fastcgi_cache_valid any 1m; + fastcgi_cache_valid 200 60m; + fastcgi_cache_valid 301 302 0m; + fastcgi_cache_valid any 1m; fastcgi_cache_bypass $no_cache; fastcgi_no_cache $no_cache; } location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { + expires 7d; proxy_set_header X-Forwarded-Proto $scheme; fastcgi_cache MYAPP; - fastcgi_cache_valid 200 302 60m; - fastcgi_cache_valid 301 1h; + fastcgi_cache_valid 200 60m; + fastcgi_cache_valid 301 302 0m; fastcgi_cache_valid any 1m; proxy_cache_background_update on; proxy_cache_lock on; @@ -308,7 +383,7 @@ data: log_not_found off; deny all; } - + location ~ ^/(status|ping)$ { access_log off; allow 127.0.0.1; diff --git a/build/stage/web-default-conf-cm.yaml b/deployment/helm/values-stage.tmpl similarity index 77% rename from build/stage/web-default-conf-cm.yaml rename to deployment/helm/values-stage.tmpl index 4352e20e..ee7f5374 100644 --- a/build/stage/web-default-conf-cm.yaml +++ b/deployment/helm/values-stage.tmpl @@ -1,17 +1,92 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: weareconnectamerica-web-default-conf-cm - namespace: weareconnectamerica-web - annotations: - meta.helm.sh/release-name: weareconnectamerica-web - meta.helm.sh/release-namespace: weareconnectamerica-web - labels: - app.kubernetes.io/managed-by: Helm - app: weareconnectamerica-web -data: - default.conf: | +replicaCount: 2 +appName: weareconnectamerica-web +image: + repository: 716593996126.dkr.ecr.us-east-1.amazonaws.com/medicalalert-web-reloaded +imagetag: $VERSION +environment: "stage" +imagePullSecret: regcred +# ------------------------ +isDev: false +# ------------- +nameOverride: weareconnectamerica +fullnameOverride: weareconnectamerica-web +# ------------------------------- +limits: + cpu: 1000m + memory: 1024Mi +requests: + cpu: 300m + memory: 700Mi + # ----------------------------- +storagequota: + requestsephemeralstorage: 2Gi + limitsephemeralstorage: 20Gi + enable: false +# ------------------ +volumeMounts: +- mountPath: /usr/share/nginx/subdomain/www/wp-content/uploads + name: persistent-storage +- mountPath: /etc/nginx/conf.d/ + name: default-conf +- mountPath: /usr/share/nginx/subdomain/www/wp-content/wflogs + name: empty-dir + +volumes: +- name: persistent-storage + persistentVolumeClaim: + claimName: efs-claim-weareconnectamerica +- name: default-conf + configMap: + defaultMode: 420 + name: weareconnectamerica-web-default-conf-cm +- emptyDir: {} + name: empty-dir + +#------------------------- +pvcnames: + - "" +#------------------------------------------ +restartAt: "2023-06-08T17:04:19-04:00" + +#---------------------------- +configmap: + enabled: true + data: + DB_HOST: stage-weareconnectamerica-ecommerce.c5om7w6xopq1.us-east-1.rds.amazonaws.com + ENV: stage + WP_DEBUG: "false" + DB_CHARSET: utf8 + DB_COLLATE: utf8_general_ci + CACHE_HOST: master.redis-cache-all-be-caresage.cqsmse.use1.cache.amazonaws.com + CACHE_PORT: "6379" + DB_NAME: "www" + DB_USER: "pantheon" +# --------------------------------- +secret: + enabled: true + data: + CACHE_PASSWORD: xxxxxxxxxxxxxxxxx + DB_PASSWORD: xxxxxxxxxxxxxxxxxxx + TOKEN: QVRDVFQzeEZmR04wUUI5VHlrR0RDYXo0LXFrc2xGTUlDbjlOYXltZjdxVUxlZmRoT3ZMNnRtMmJnRW91TmRRRXd4ODRDeUxuWEtac0ZDRkQ3NXJIdnRFdEhMZEdTZzlkNGt2V1UwUXlvZEFjX19QRUZtLWdBNVJOVVo0cDhMVndCUXhBQXB3N0UyR2RyUFBPQ1ROckZlQWItaGpjMTZZMmRfZWlzWUZkNGNMNzM4UVB6RVBFaU5vPTY1MkY0MzlE +# ------------------------- +service: + serviceName: weareconnectamerica-web + serviceType: NodePort + servicePort: 80 + serviceTargetPort: 80 + serviceNodePort: 30845 +# ----------------------- +hpa: + deploymentName: weareconnectamerica-web + enabled: true + minReplicas: 1 + maxReplicas: 2 + cpuTargetAverageValue: "90" +#----------------------------- + +config: + default: | # --------------------- fastcgi_cache_path /usr/share/nginx/subdomain/www/wp-content/uploads/cache levels=1:2 keys_zone=MYAPP:100m inactive=60m; fastcgi_cache_key "https$request_method$host$request_uri$cookie_SESScampaignphone$cookie_SESScampaignid"; @@ -27,17 +102,15 @@ data: fastcgi_cache_lock on; #fastcgi_index index.php; # -------------------------------- - + # Only cache positive responses proxy_cache_valid 200 1h; - proxy_cache_valid 301 302 0m; + proxy_cache_valid 301 302 0m; server { - - # -------------------------- + # -------------------------- client_max_body_size 512m; # ------------------------------- - listen 80 default; ## listen for ipv4; this line is default and implied listen [::]:80 default ipv6only=on; ## listen for ipv6 @@ -47,19 +120,16 @@ data: root /usr/share/nginx/subdomain/www; index index.php index.html index.htm; - } - - subdomain.conf: | - + subdomain: | server { - #----------------------------- + #----------------------------- client_max_body_size 512m; # ------------------------ - listen 80; listen [::]:80; + server_name ~^(?.+)\.stage-weareconnectamerica\.com$; @@ -105,10 +175,10 @@ data: #Don't cache the following URLs if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|sitemap(_index)?.xml|wp-login.php|/medical-shipping.*|/medical-order.*|/medical-profile.*|/medical-thank.*") { + set $no_cache 1; } - # Don't use the cache for logged in users or recent commenters if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") { set $no_cache 1; @@ -129,25 +199,27 @@ data: fastcgi_param SUBDOMAIN $subdomain; # $_SERVER["SUBDOMAIN"] include fastcgi_params; fastcgi_cache MYAPP; - fastcgi_cache_valid 200 60m; + fastcgi_cache_valid 200 60m; fastcgi_cache_valid 301 302 0m; - fastcgi_cache_valid any 1m; + fastcgi_cache_valid any 1m; fastcgi_cache_bypass $no_cache; fastcgi_no_cache $no_cache; } + # redirect server error pages to the static page /50x.html # + error_page 500 502 503 504 /500.html; location = /500.html { root /usr/share/nginx/subdomain/$subdomain; add_header Cache-Control "no-cache" always; } - # pass the PHP scripts to FastCGI server listening on socket - # - #~ \.php$ + + # pass the PHP scripts to FastCGI server listening on socket ~ \.php$ + # location ~ [^/]\.php(/|$) { proxy_set_header X-Forwarded-Proto $scheme; try_files $uri $uri/ /index.php?$args; @@ -163,13 +235,14 @@ data: fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_cache MYAPP; - fastcgi_cache_valid 200 60m; + fastcgi_cache_valid 200 60m; fastcgi_cache_valid 301 302 0m; - fastcgi_cache_valid any 1m; + fastcgi_cache_valid any 1m; fastcgi_cache_bypass $no_cache; fastcgi_no_cache $no_cache; } + location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ { expires 7d; proxy_set_header X-Forwarded-Proto $scheme; @@ -184,16 +257,16 @@ data: } # deny access to . files, for security - # + # --------------------------------------- + location ~ /\. { log_not_found off; deny all; } } - - localhost.conf: | + localhost: | server { client_max_body_size 512m; listen 80; @@ -253,7 +326,8 @@ data: include fastcgi_params; fastcgi_cache MYAPP; fastcgi_cache_valid 200 5m; - fastcgi_cache_valid any 1m; + fastcgi_cache_valid 301 302 0m; + fastcgi_cache_valid any 1m; fastcgi_cache_bypass $no_cache; fastcgi_no_cache $no_cache; @@ -284,8 +358,9 @@ data: fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SUBDOMAIN www; # $_SERVER["SUBDOMAIN"] fastcgi_cache MYAPP; - fastcgi_cache_valid 200 60m; - fastcgi_cache_valid any 1m; + fastcgi_cache_valid 200 60m; + fastcgi_cache_valid 301 302 0m; + fastcgi_cache_valid any 1m; fastcgi_cache_bypass $no_cache; fastcgi_no_cache $no_cache; } @@ -305,6 +380,7 @@ data: log_not_found off; deny all; } + location ~ ^/(status|ping)$ { access_log off; allow 127.0.0.1;