This commit is contained in:
92
templates/configmap-nginx.yaml
Normal file
92
templates/configmap-nginx.yaml
Normal file
@@ -0,0 +1,92 @@
|
||||
{{- if .Values.nginx.enabled }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ include "phpfpm.fullname" . }}-nginx-config
|
||||
labels:
|
||||
{{- include "phpfpm.labels" . | nindent 4 }}
|
||||
data:
|
||||
default.conf: |
|
||||
{{- if or .Values.nginx.forwardRealIP.enabled (and .Values.nginx.customConfig.enabled .Values.nginx.customConfig.httpSnippet) }}
|
||||
# HTTP-level configuration
|
||||
{{- if .Values.nginx.forwardRealIP.enabled }}
|
||||
# Real IP forwarding configuration
|
||||
real_ip_header {{ .Values.nginx.forwardRealIP.header }};
|
||||
{{- if .Values.nginx.forwardRealIP.recursive }}
|
||||
real_ip_recursive on;
|
||||
{{- end }}
|
||||
|
||||
# Trusted proxy networks
|
||||
{{- range .Values.nginx.forwardRealIP.trustedProxies }}
|
||||
set_real_ip_from {{ . }};
|
||||
{{- end }}
|
||||
{{- range .Values.nginx.forwardRealIP.additionalTrustedProxies }}
|
||||
set_real_ip_from {{ . }};
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- if and .Values.nginx.customConfig.enabled .Values.nginx.customConfig.httpSnippet }}
|
||||
# Custom HTTP-level configuration
|
||||
{{ .Values.nginx.customConfig.httpSnippet | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
server {
|
||||
listen 8080;
|
||||
server_name _;
|
||||
root /var/www/html;
|
||||
index index.php index.html;
|
||||
|
||||
# Security headers
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
|
||||
{{- if and .Values.nginx.customConfig.enabled .Values.nginx.customConfig.serverSnippet }}
|
||||
# Custom server-level configuration
|
||||
{{ .Values.nginx.customConfig.serverSnippet | nindent 8 }}
|
||||
{{- end }}
|
||||
|
||||
# Health check endpoint
|
||||
location /health {
|
||||
access_log off;
|
||||
return 200 "healthy\n";
|
||||
add_header Content-Type text/plain;
|
||||
}
|
||||
|
||||
# Default location block
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php?$query_string;
|
||||
}
|
||||
|
||||
# PHP-FPM handler
|
||||
location ~ \.php$ {
|
||||
try_files $uri =404;
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass 127.0.0.1:9000;
|
||||
fastcgi_index index.php;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
|
||||
{{- if .Values.nginx.forwardRealIP.enabled }}
|
||||
# Pass real IP information to PHP-FPM
|
||||
fastcgi_param REMOTE_ADDR $remote_addr;
|
||||
fastcgi_param HTTP_X_REAL_IP $realip_remote_addr;
|
||||
fastcgi_param HTTP_X_FORWARDED_FOR $proxy_add_x_forwarded_for;
|
||||
{{- end }}
|
||||
|
||||
# Standard FastCGI parameters
|
||||
fastcgi_param SERVER_NAME $host;
|
||||
fastcgi_param SERVER_PORT $server_port;
|
||||
fastcgi_param HTTPS $https if_not_empty;
|
||||
}
|
||||
|
||||
# Deny access to hidden files
|
||||
location ~ /\. {
|
||||
deny all;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
}
|
||||
}
|
||||
{{- end }}
|
||||
Reference in New Issue
Block a user