apiVersion: v1 kind: ConfigMap metadata: name: medicalalert-web-default-conf-cm namespace: caresage-web labels: app: medicalalert-web data: default.conf: | # --------------------- fastcgi_cache_path /var/lib/nginx/cache levels=1:2 keys_zone=MYAPP:100m inactive=60m; fastcgi_cache_key "$scheme$request_method$host$request_uri"; # Only cache positive responses proxy_cache_valid 200 1h; proxy_cache_valid 301 302 15m; server { listen 80; ## listen for ipv4; this line is default and implied listen [::]:80 default ipv6only=on; ## listen for ipv6 # if ($http_x_forwarded_proto != 'https') { #set $cond A; #} #if ($http_host ~ ^localhost) { #set $cond "${cond}B"; #if ($cond = AB) { # return 301 http://$host$request_uri; #} if ($http_x_forwarded_proto != 'https') { return 301 https://$host$request_uri; } root /usr/share/nginx/html; index index.php index.html index.htm; # Make site accessible from http://localhost/ server_name localhost; #server_name local.lifeline-prod.com; # Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html sendfile off; # Security - Hide nginx version number in error pages and Server header server_tokens off; # Add stdout logging error_log /dev/stdout error; access_log /dev/stdout; # reduce the data that needs to be sent over network gzip on; gzip_min_length 10240; gzip_proxied expired no-cache no-store private auth; gzip_types text/plain text/css text/xml application/json text/javascript application/x-javascript application/xml; gzip_disable "MSIE [1-6]\."; add_header 'Content-Security-Policy' 'upgrade-insecure-requests'; add_header X-Cache-Status $upstream_cache_status; add_header Cache-Control "public"; #Cache everything by default set $no_cache 0; #Don't cache POST requests if ($request_method = POST) { set $no_cache 1; } #Don't cache if the URL contains a query string if ($query_string != "") { set $no_cache 1; } #Don't cache the following URLs if ($request_uri ~* "/(administrator/|wp-login.php)") { set $no_cache 1; } #Don't cache if there is a cookie called PHPSESSID if ($http_cookie = "PHPSESSID") { set $no_cache 1; } location / { # First attempt to serve request as file, then # as directory, then fall back to index.php try_files $uri $uri/ /index.php?$args; proxy_set_header X-Forwarded-Proto $scheme; #proxy_cache cache; #proxy_cache_background_update on; #proxy_cache_lock on; #proxy_cache_revalidate on; include /etc/nginx/fastcgi_params; fastcgi_cache MYAPP; fastcgi_cache_valid 200 302 60m; fastcgi_cache_valid 301 1h; fastcgi_cache_valid any 1m; fastcgi_cache_bypass $no_cache; fastcgi_no_cache $no_cache; } # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } # pass the PHP scripts to FastCGI server listening on socket # #~ \.php$ location ~ [^/]\.php(/|$) { #try_files $uri $uri/ /index.php?$query_string; proxy_set_header X-Forwarded-Proto $scheme; #proxy_cache cache; #proxy_cache_background_update on; #proxy_cache_lock on; #proxy_cache_revalidate on; try_files $uri $uri/ /index.php?$args; if (!-f $document_root$fastcgi_script_name) { return 404; } fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/run/php/php7.4-fpm.sock; fastcgi_index index.php; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_cache MYAPP; fastcgi_cache_valid 200 302 60m; fastcgi_cache_valid 301 1h; fastcgi_cache_valid any 1m; fastcgi_cache_bypass $no_cache; fastcgi_no_cache $no_cache; } location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { proxy_set_header X-Forwarded-Proto $scheme; fastcgi_cache MYAPP; fastcgi_cache_valid 200 302 60m; fastcgi_cache_valid 301 1h; fastcgi_cache_valid any 1m; proxy_cache_background_update on; proxy_cache_lock on; access_log off; expires max; } # deny access to . files, for security # location ~ /\. { log_not_found off; deny all; } }