286 lines
8.8 KiB
YAML
286 lines
8.8 KiB
YAML
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: lifeline-web-default-conf-cm
|
|
namespace: lifeline-web
|
|
labels:
|
|
app: lifeline-web
|
|
data:
|
|
default.conf: |
|
|
|
|
# ---------------------
|
|
fastcgi_cache_path /var/lib/nginx/cache levels=1:2 keys_zone=MYAPP:100m inactive=60m;
|
|
fastcgi_cache_key "$scheme$request_method$host$request_uri";
|
|
# -----------------------------------------
|
|
fastcgi_intercept_errors on;
|
|
fastcgi_ignore_client_abort on;
|
|
fastcgi_buffers 8 16k;
|
|
fastcgi_buffer_size 32k;
|
|
fastcgi_read_timeout 120;
|
|
#fastcgi_index index.php;
|
|
# --------------------------------
|
|
|
|
# Only cache positive responses
|
|
proxy_cache_valid 200 1h;
|
|
proxy_cache_valid 301 302 15m;
|
|
|
|
server {
|
|
listen 80 default; ## listen for ipv4; this line is default and implied
|
|
listen [::]:80 default ipv6only=on; ## listen for ipv6
|
|
|
|
server_name dev-lifeline.com "";
|
|
|
|
return 301 https://www.$host$request_uri;
|
|
|
|
root /usr/share/nginx/subdomain/www;
|
|
index index.php index.html index.htm;
|
|
|
|
}
|
|
|
|
|
|
subdomain.conf: |
|
|
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
|
|
server_name ~^(?<subdomain>.+)\.dev-lifeline\.com$;
|
|
|
|
if ($http_x_forwarded_proto != 'https') {
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
|
|
root /usr/share/nginx/subdomain/$subdomain;
|
|
index index.php index.html index.htm;
|
|
sendfile off;
|
|
|
|
# Security - Hide nginx version number in error pages and Server header
|
|
server_tokens off;
|
|
|
|
# Add stdout logging
|
|
error_log /dev/stdout error;
|
|
access_log /dev/stdout;
|
|
|
|
# reduce the data that needs to be sent over network
|
|
gzip on;
|
|
gzip_min_length 10240;
|
|
gzip_proxied expired no-cache no-store private auth;
|
|
gzip_types text/plain text/css text/xml application/json text/javascript application/x-javascript application/xml;
|
|
gzip_disable "MSIE [1-6]\.";
|
|
add_header 'Content-Security-Policy' 'upgrade-insecure-requests';
|
|
add_header X-Cache-Status $upstream_cache_status;
|
|
add_header Cache-Control "public";
|
|
|
|
#Cache everything by default
|
|
set $no_cache 0;
|
|
|
|
#Don't cache POST requests
|
|
if ($request_method = POST)
|
|
{
|
|
set $no_cache 1;
|
|
}
|
|
|
|
#Don't cache if the URL contains a query string
|
|
if ($query_string != "")
|
|
{
|
|
set $no_cache 1;
|
|
}
|
|
|
|
#Don't cache the following URLs
|
|
if ($request_uri ~* "/(administrator/|wp-login.php)")
|
|
{
|
|
set $no_cache 1;
|
|
}
|
|
|
|
#Don't cache if there is a cookie called PHPSESSID
|
|
if ($http_cookie = "PHPSESSID")
|
|
{
|
|
set $no_cache 1;
|
|
}
|
|
|
|
location / {
|
|
# First attempt to serve request as file, then
|
|
# as directory, then fall back to index.php
|
|
try_files $uri $uri/ /index.php?$args;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
fastcgi_param SUBDOMAIN $subdomain; # $_SERVER["SUBDOMAIN"]
|
|
include fastcgi_params;
|
|
fastcgi_cache MYAPP;
|
|
fastcgi_cache_valid 200 302 60m;
|
|
fastcgi_cache_valid 301 1h;
|
|
fastcgi_cache_valid any 1m;
|
|
fastcgi_cache_bypass $no_cache;
|
|
fastcgi_no_cache $no_cache;
|
|
|
|
}
|
|
|
|
# redirect server error pages to the static page /50x.html
|
|
#
|
|
error_page 500 502 503 504 /50x.html;
|
|
location = /50x.html {
|
|
root /usr/share/nginx/subdomain/$subdomain;
|
|
}
|
|
|
|
# pass the PHP scripts to FastCGI server listening on socket
|
|
#
|
|
#~ \.php$
|
|
location ~ [^/]\.php(/|$) {
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
try_files $uri $uri/ /index.php?$args;
|
|
if (!-f $document_root$fastcgi_script_name) {
|
|
return 404;
|
|
}
|
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
|
|
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
|
|
fastcgi_index index.php;
|
|
include fastcgi_params;
|
|
fastcgi_param SUBDOMAIN $subdomain; # $_SERVER["SUBDOMAIN"]
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
fastcgi_param PATH_INFO $fastcgi_path_info;
|
|
fastcgi_cache MYAPP;
|
|
fastcgi_cache_valid 200 302 60m;
|
|
fastcgi_cache_valid 301 1h;
|
|
fastcgi_cache_valid any 1m;
|
|
fastcgi_cache_bypass $no_cache;
|
|
fastcgi_no_cache $no_cache;
|
|
}
|
|
|
|
location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
fastcgi_cache MYAPP;
|
|
fastcgi_cache_valid 200 302 60m;
|
|
fastcgi_cache_valid 301 1h;
|
|
fastcgi_cache_valid any 1m;
|
|
proxy_cache_background_update on;
|
|
proxy_cache_lock on;
|
|
}
|
|
|
|
# deny access to . files, for security
|
|
#
|
|
location ~ /\. {
|
|
log_not_found off;
|
|
deny all;
|
|
}
|
|
|
|
}
|
|
|
|
localhost.conf: |
|
|
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
|
|
server_name localhost;
|
|
root /usr/share/nginx/subdomain/www;
|
|
index index.php index.html index.htm;
|
|
|
|
sendfile off;
|
|
server_tokens off;
|
|
error_log /dev/stdout error;
|
|
access_log /dev/stdout;
|
|
|
|
# reduce the data that needs to be sent over network
|
|
gzip on;
|
|
gzip_min_length 10240;
|
|
gzip_proxied expired no-cache no-store private auth;
|
|
gzip_types text/plain text/css text/xml application/json text/javascript application/x-javascript application/xml;
|
|
gzip_disable "MSIE [1-6]\.";
|
|
add_header 'Content-Security-Policy' 'upgrade-insecure-requests';
|
|
add_header X-Cache-Status $upstream_cache_status;
|
|
add_header Cache-Control "public";
|
|
|
|
#Cache everything by default
|
|
set $no_cache 0;
|
|
|
|
#Don't cache POST requests
|
|
if ($request_method = POST)
|
|
{
|
|
set $no_cache 1;
|
|
}
|
|
|
|
#Don't cache if the URL contains a query string
|
|
if ($query_string != "")
|
|
{
|
|
set $no_cache 1;
|
|
}
|
|
|
|
#Don't cache the following URLs
|
|
if ($request_uri ~* "/(administrator/|wp-login.php)")
|
|
{
|
|
set $no_cache 1;
|
|
}
|
|
|
|
#Don't cache if there is a cookie called PHPSESSID
|
|
if ($http_cookie = "PHPSESSID")
|
|
{
|
|
set $no_cache 1;
|
|
}
|
|
|
|
location / {
|
|
# First attempt to serve request as file, then
|
|
# as directory, then fall back to index.php
|
|
try_files $uri $uri/ /index.php?$args;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
fastcgi_param SUBDOMAIN www; # $_SERVER["SUBDOMAIN"]
|
|
include fastcgi_params;
|
|
fastcgi_cache MYAPP;
|
|
fastcgi_cache_valid 200 302 60m;
|
|
fastcgi_cache_valid 301 1h;
|
|
fastcgi_cache_valid any 1m;
|
|
fastcgi_cache_bypass $no_cache;
|
|
fastcgi_no_cache $no_cache;
|
|
|
|
}
|
|
|
|
# redirect server error pages to the static page /50x.html
|
|
#
|
|
error_page 500 502 503 504 /50x.html;
|
|
location = /50x.html {
|
|
root /usr/share/nginx/subdomain/www;
|
|
}
|
|
|
|
# pass the PHP scripts to FastCGI server listening on socket
|
|
#
|
|
#~ \.php$
|
|
location ~ [^/]\.php(/|$) {
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
try_files $uri $uri/ /index.php?$args;
|
|
if (!-f $document_root$fastcgi_script_name) {
|
|
return 404;
|
|
}
|
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
|
|
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
|
|
fastcgi_index index.php;
|
|
include fastcgi_params;
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
fastcgi_param PATH_INFO $fastcgi_path_info;
|
|
fastcgi_param SUBDOMAIN www; # $_SERVER["SUBDOMAIN"]
|
|
fastcgi_cache MYAPP;
|
|
fastcgi_cache_valid 200 302 60m;
|
|
fastcgi_cache_valid 301 1h;
|
|
fastcgi_cache_valid any 1m;
|
|
fastcgi_cache_bypass $no_cache;
|
|
fastcgi_no_cache $no_cache;
|
|
}
|
|
|
|
location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
fastcgi_cache MYAPP;
|
|
fastcgi_cache_valid 200 302 60m;
|
|
fastcgi_cache_valid 301 1h;
|
|
fastcgi_cache_valid any 1m;
|
|
proxy_cache_background_update on;
|
|
proxy_cache_lock on;
|
|
}
|
|
|
|
# deny access to . files, for security
|
|
#
|
|
location ~ /\. {
|
|
log_not_found off;
|
|
deny all;
|
|
}
|
|
|
|
}
|