apiVersion: v1 kind: ConfigMap metadata: name: medicalalert-web-default-conf-cm namespace: medicalalert-web labels: app: medicalalert-web data: default.conf: | # --------------------- fastcgi_cache_path /var/lib/nginx/cache levels=1:2 keys_zone=MYAPP:100m inactive=60m; fastcgi_cache_key "$scheme$request_method$host$request_uri"; # ----------------------------------------- fastcgi_intercept_errors on; fastcgi_ignore_client_abort on; fastcgi_buffers 8 16k; fastcgi_buffer_size 32k; fastcgi_read_timeout 120; #fastcgi_index index.php; # -------------------------------- # Only cache positive responses proxy_cache_valid 200 1h; proxy_cache_valid 301 302 15m; server { listen 80 default; ## listen for ipv4; this line is default and implied listen [::]:80 default ipv6only=on; ## listen for ipv6 server_name dev-medicalalert.com ""; return 301 https://www.$host$request_uri; root /usr/share/nginx/subdomain/www; index index.php index.html index.htm; } subdomain.conf: | server { listen 80; listen [::]:80; server_name ~^(?.+)\.dev-medicalalert\.com$; if ($http_x_forwarded_proto != 'https') { return 301 https://$host$request_uri; } root /usr/share/nginx/subdomain/$subdomain; index index.php index.html index.htm; sendfile off; # Security - Hide nginx version number in error pages and Server header server_tokens off; # Add stdout logging error_log /dev/stdout error; access_log /dev/stdout; # reduce the data that needs to be sent over network gzip on; gzip_min_length 10240; gzip_proxied expired no-cache no-store private auth; gzip_types text/plain text/css text/xml application/json text/javascript application/x-javascript application/xml; gzip_disable "MSIE [1-6]\."; add_header 'Content-Security-Policy' 'upgrade-insecure-requests'; add_header X-Cache-Status $upstream_cache_status; add_header Cache-Control "public"; #Cache everything by default set $no_cache 0; #Don't cache POST requests if ($request_method = POST) { set $no_cache 1; } #Don't cache if the URL contains a query string if ($query_string != "") { set $no_cache 1; } #Don't cache the following URLs if ($request_uri ~* "/(administrator/|wp-login.php)") { set $no_cache 1; } #Don't cache if there is a cookie called PHPSESSID if ($http_cookie = "PHPSESSID") { set $no_cache 1; } location / { # First attempt to serve request as file, then # as directory, then fall back to index.php try_files $uri $uri/ /index.php?$args; proxy_set_header X-Forwarded-Proto $scheme; fastcgi_param SUBDOMAIN $subdomain; # $_SERVER["SUBDOMAIN"] include fastcgi_params; fastcgi_cache MYAPP; fastcgi_cache_valid 200 302 60m; fastcgi_cache_valid 301 1h; fastcgi_cache_valid any 1m; fastcgi_cache_bypass $no_cache; fastcgi_no_cache $no_cache; } # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/subdomain/$subdomain; } # pass the PHP scripts to FastCGI server listening on socket # #~ \.php$ location ~ [^/]\.php(/|$) { proxy_set_header X-Forwarded-Proto $scheme; try_files $uri $uri/ /index.php?$args; if (!-f $document_root$fastcgi_script_name) { return 404; } fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/run/php/php7.4-fpm.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_param SUBDOMAIN $subdomain; # $_SERVER["SUBDOMAIN"] fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_cache MYAPP; fastcgi_cache_valid 200 302 60m; fastcgi_cache_valid 301 1h; fastcgi_cache_valid any 1m; fastcgi_cache_bypass $no_cache; fastcgi_no_cache $no_cache; } location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { proxy_set_header X-Forwarded-Proto $scheme; fastcgi_cache MYAPP; fastcgi_cache_valid 200 302 60m; fastcgi_cache_valid 301 1h; fastcgi_cache_valid any 1m; proxy_cache_background_update on; proxy_cache_lock on; } # deny access to . files, for security # location ~ /\. { log_not_found off; deny all; } } localhost.conf: | server { listen 80; listen [::]:80; server_name localhost 127.0.0.1; root /usr/share/nginx/subdomain/www; index index.php index.html index.htm; sendfile off; server_tokens off; error_log /dev/stdout error; access_log /dev/stdout; # reduce the data that needs to be sent over network gzip on; gzip_min_length 10240; gzip_proxied expired no-cache no-store private auth; gzip_types text/plain text/css text/xml application/json text/javascript application/x-javascript application/xml; gzip_disable "MSIE [1-6]\."; add_header 'Content-Security-Policy' 'upgrade-insecure-requests'; add_header X-Cache-Status $upstream_cache_status; add_header Cache-Control "public"; #Cache everything by default set $no_cache 0; #Don't cache POST requests if ($request_method = POST) { set $no_cache 1; } #Don't cache if the URL contains a query string if ($query_string != "") { set $no_cache 1; } #Don't cache the following URLs if ($request_uri ~* "/(administrator/|wp-login.php)") { set $no_cache 1; } #Don't cache if there is a cookie called PHPSESSID if ($http_cookie = "PHPSESSID") { set $no_cache 1; } location / { # First attempt to serve request as file, then # as directory, then fall back to index.php try_files $uri $uri/ /index.php?$args; proxy_set_header X-Forwarded-Proto $scheme; fastcgi_param SUBDOMAIN www; # $_SERVER["SUBDOMAIN"] include fastcgi_params; fastcgi_cache MYAPP; fastcgi_cache_valid 200 302 60m; fastcgi_cache_valid 301 1h; fastcgi_cache_valid any 1m; fastcgi_cache_bypass $no_cache; fastcgi_no_cache $no_cache; } # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/subdomain/www; } # pass the PHP scripts to FastCGI server listening on socket # #~ \.php$ location ~ [^/]\.php(/|$) { proxy_set_header X-Forwarded-Proto $scheme; try_files $uri $uri/ /index.php?$args; if (!-f $document_root$fastcgi_script_name) { return 404; } fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/run/php/php7.4-fpm.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SUBDOMAIN www; # $_SERVER["SUBDOMAIN"] fastcgi_cache MYAPP; fastcgi_cache_valid 200 302 60m; fastcgi_cache_valid 301 1h; fastcgi_cache_valid any 1m; fastcgi_cache_bypass $no_cache; fastcgi_no_cache $no_cache; } location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { proxy_set_header X-Forwarded-Proto $scheme; fastcgi_cache MYAPP; fastcgi_cache_valid 200 302 60m; fastcgi_cache_valid 301 1h; fastcgi_cache_valid any 1m; proxy_cache_background_update on; proxy_cache_lock on; } # deny access to . files, for security # location ~ /\. { log_not_found off; deny all; } location ~ ^/(status|ping)$ { access_log off; allow 127.0.0.1; deny all; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $fastcgi_script_name; fastcgi_pass unix:/run/php/php7.4-fpm.sock; } }