replicaCount: 2 appName: weareconnectamerica-web image: repository: 716593996126.dkr.ecr.us-east-1.amazonaws.com/medicalalert-web-reloaded imagetag: $VERSION environment: "stage" imagePullSecret: regcred # ------------------------ isDev: false # ------------- nameOverride: weareconnectamerica fullnameOverride: weareconnectamerica-web # ------------------------------- limits: cpu: 1000m memory: 1024Mi requests: cpu: 300m memory: 700Mi # ----------------------------- storagequota: requestsephemeralstorage: 2Gi limitsephemeralstorage: 20Gi enable: false # ------------------ volumeMounts: - mountPath: /usr/share/nginx/subdomain/www/wp-content/uploads name: persistent-storage - mountPath: /etc/nginx/conf.d/ name: default-conf - mountPath: /usr/share/nginx/subdomain/www/wp-content/wflogs name: empty-dir volumes: - name: persistent-storage persistentVolumeClaim: claimName: efs-claim-weareconnectamerica - name: default-conf configMap: defaultMode: 420 name: weareconnectamerica-web-default-conf-cm - emptyDir: {} name: empty-dir #------------------------- pvcnames: - "" #------------------------------------------ restartAt: "2023-06-08T17:04:19-04:00" #---------------------------- configmap: enabled: true data: DB_HOST: stage-weareconnectamerica-ecommerce.c5om7w6xopq1.us-east-1.rds.amazonaws.com ENV: stage WP_DEBUG: "false" DB_CHARSET: utf8 DB_COLLATE: utf8_general_ci CACHE_HOST: master.redis-cache-all-be-caresage.cqsmse.use1.cache.amazonaws.com CACHE_PORT: "6379" DB_NAME: "www" DB_USER: "pantheon" # --------------------------------- secret: enabled: true data: CACHE_PASSWORD: xxxxxxxxxxxxxxxxx DB_PASSWORD: xxxxxxxxxxxxxxxxxxx TOKEN: QVRDVFQzeEZmR04wUUI5VHlrR0RDYXo0LXFrc2xGTUlDbjlOYXltZjdxVUxlZmRoT3ZMNnRtMmJnRW91TmRRRXd4ODRDeUxuWEtac0ZDRkQ3NXJIdnRFdEhMZEdTZzlkNGt2V1UwUXlvZEFjX19QRUZtLWdBNVJOVVo0cDhMVndCUXhBQXB3N0UyR2RyUFBPQ1ROckZlQWItaGpjMTZZMmRfZWlzWUZkNGNMNzM4UVB6RVBFaU5vPTY1MkY0MzlE # ------------------------- service: serviceName: weareconnectamerica-web serviceType: NodePort servicePort: 80 serviceTargetPort: 80 serviceNodePort: 30845 # ----------------------- hpa: deploymentName: weareconnectamerica-web enabled: true minReplicas: 1 maxReplicas: 2 cpuTargetAverageValue: "90" #----------------------------- config: default: | # --------------------- fastcgi_cache_path /usr/share/nginx/subdomain/www/wp-content/uploads/cache levels=1:2 keys_zone=MYAPP:100m inactive=60m; fastcgi_cache_key "https$request_method$host$request_uri$cookie_SESScampaignphone$cookie_SESScampaignid"; fastcgi_cache_use_stale error timeout invalid_header http_500; fastcgi_ignore_headers Cache-Control Expires Set-Cookie; # ----------------------------------------- fastcgi_intercept_errors on; fastcgi_ignore_client_abort on; fastcgi_buffers 8 16k; fastcgi_buffer_size 32k; fastcgi_read_timeout 120; fastcgi_cache_min_uses 1; fastcgi_cache_lock on; #fastcgi_index index.php; # -------------------------------- # Only cache positive responses proxy_cache_valid 200 1h; proxy_cache_valid 301 302 0m; server { # -------------------------- client_max_body_size 512m; # ------------------------------- listen 80 default; ## listen for ipv4; this line is default and implied listen [::]:80 default ipv6only=on; ## listen for ipv6 server_name stage-weareconnectamerica.com ""; return 301 https://www.stage-weareconnectamerica.com$request_uri; root /usr/share/nginx/subdomain/www; index index.php index.html index.htm; } subdomain: | server { #----------------------------- client_max_body_size 512m; # ------------------------ listen 80; listen [::]:80; server_name ~^(?.+)\.stage-weareconnectamerica\.com$; if ($http_x_forwarded_proto != 'https') { return 301 https://$host$request_uri; } root /usr/share/nginx/subdomain/$subdomain; index index.php index.html index.htm; sendfile off; # Security - Hide nginx version number in error pages and Server header server_tokens off; # Add stdout logging error_log /dev/stdout error; access_log /dev/stdout; # reduce the data that needs to be sent over network gzip on; gzip_min_length 10240; gzip_proxied expired no-cache no-store private auth; gzip_types text/plain text/css text/xml application/json text/javascript application/x-javascript application/xml; gzip_disable "MSIE [1-6]\."; add_header 'Content-Security-Policy' 'upgrade-insecure-requests'; add_header X-Cache-Status $upstream_cache_status; add_header Cache-Control "public"; #Cache everything by default set $no_cache 0; #Don't cache POST requests if ($request_method = POST) { set $no_cache 1; } #Don't cache if the URL contains a query string if ($query_string != "") { set $no_cache 1; } #Don't cache the following URLs if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|sitemap(_index)?.xml|wp-login.php|/medical-shipping.*|/medical-order.*|/medical-profile.*|/medical-thank.*") { set $no_cache 1; } # Don't use the cache for logged in users or recent commenters if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") { set $no_cache 1; } #Don't cache if there is a cookie called PHPSESSID if ($http_cookie = "PHPSESSID") { set $no_cache 1; } location / { # First attempt to serve request as file, then # as directory, then fall back to index.php try_files $uri $uri/ /index.php?$args; proxy_set_header X-Forwarded-Proto $scheme; fastcgi_param SUBDOMAIN $subdomain; # $_SERVER["SUBDOMAIN"] include fastcgi_params; fastcgi_cache MYAPP; fastcgi_cache_valid 200 60m; fastcgi_cache_valid 301 302 0m; fastcgi_cache_valid any 1m; fastcgi_cache_bypass $no_cache; fastcgi_no_cache $no_cache; } # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /500.html; location = /500.html { root /usr/share/nginx/subdomain/$subdomain; add_header Cache-Control "no-cache" always; } # pass the PHP scripts to FastCGI server listening on socket ~ \.php$ # location ~ [^/]\.php(/|$) { proxy_set_header X-Forwarded-Proto $scheme; try_files $uri $uri/ /index.php?$args; if (!-f $document_root$fastcgi_script_name) { return 404; } fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/run/php/php7.4-fpm.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_param SUBDOMAIN $subdomain; # $_SERVER["SUBDOMAIN"] fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_cache MYAPP; fastcgi_cache_valid 200 60m; fastcgi_cache_valid 301 302 0m; fastcgi_cache_valid any 1m; fastcgi_cache_bypass $no_cache; fastcgi_no_cache $no_cache; } location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ { expires 7d; proxy_set_header X-Forwarded-Proto $scheme; fastcgi_cache MYAPP; fastcgi_cache_valid 200 60m; fastcgi_cache_valid 301 302 0m; fastcgi_cache_valid any 1m; proxy_cache_background_update on; proxy_cache_lock on; fastcgi_cache_bypass $no_cache; fastcgi_no_cache $no_cache; } # deny access to . files, for security # --------------------------------------- location ~ /\. { log_not_found off; deny all; } } localhost: | server { client_max_body_size 512m; listen 80; listen [::]:80; server_name localhost 127.0.0.1; root /usr/share/nginx/subdomain/www; index index.php index.html index.htm; sendfile off; server_tokens off; error_log /dev/stdout error; access_log /dev/stdout; # reduce the data that needs to be sent over network gzip on; gzip_min_length 10240; gzip_proxied expired no-cache no-store private auth; gzip_types text/plain text/css text/xml application/json text/javascript application/x-javascript application/xml; gzip_disable "MSIE [1-6]\."; add_header 'Content-Security-Policy' 'upgrade-insecure-requests'; add_header X-Cache-Status $upstream_cache_status; add_header Cache-Control "public"; #Cache everything by default set $no_cache 0; #Don't cache POST requests if ($request_method = POST) { set $no_cache 1; } #Don't cache if the URL contains a query string if ($query_string != "") { set $no_cache 1; } #Don't cache the following URLs if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|sitemap(_index)?.xml|wp-login.php|/medical-shipping.*|/medical-order.*|/medical-profile.*|/medical-thank.*") { set $no_cache 1; } #Don't cache if there is a cookie called PHPSESSID if ($http_cookie = "PHPSESSID") { set $no_cache 1; } location / { # First attempt to serve request as file, then # as directory, then fall back to index.php try_files $uri $uri/ /index.php?$args; proxy_set_header X-Forwarded-Proto $scheme; fastcgi_param SUBDOMAIN www; # $_SERVER["SUBDOMAIN"] include fastcgi_params; fastcgi_cache MYAPP; fastcgi_cache_valid 200 5m; fastcgi_cache_valid 301 302 0m; fastcgi_cache_valid any 1m; fastcgi_cache_bypass $no_cache; fastcgi_no_cache $no_cache; } # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /500.html; location = /500.html { root /usr/share/nginx/subdomain/www; } # pass the PHP scripts to FastCGI server listening on socket # #~ \.php$ location ~ [^/]\.php(/|$) { proxy_set_header X-Forwarded-Proto $scheme; try_files $uri $uri/ /index.php?$args; if (!-f $document_root$fastcgi_script_name) { return 404; } fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/run/php/php7.4-fpm.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SUBDOMAIN www; # $_SERVER["SUBDOMAIN"] fastcgi_cache MYAPP; fastcgi_cache_valid 200 60m; fastcgi_cache_valid 301 302 0m; fastcgi_cache_valid any 1m; fastcgi_cache_bypass $no_cache; fastcgi_no_cache $no_cache; } location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { proxy_set_header X-Forwarded-Proto $scheme; fastcgi_cache MYAPP; fastcgi_cache_valid 200 60m; fastcgi_cache_valid any 1m; proxy_cache_background_update on; proxy_cache_lock on; } # deny access to . files, for security # location ~ /\. { log_not_found off; deny all; } location ~ ^/(status|ping)$ { access_log off; allow 127.0.0.1; deny all; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $fastcgi_script_name; fastcgi_pass unix:/run/php/php7.4-fpm.sock; } }