Claude
31935a5c68
Implement a new nginx.forwardRealIP configuration flag to enable/disable real client IP extraction from X-Forwarded-For headers on bare-metal clusters. Changes: - Added nginx.forwardRealIP.enabled flag (default: false) to values.yaml - Added nginx.forwardRealIP.trustedProxies list for flexible proxy IP ranges - Updated Nginx configmap to conditionally apply real IP extraction settings - Updated FastCGI parameters to use real IP when enabled, direct connection IP otherwise - Updated WordPress wp-config.php to conditionally extract real IPs from headers Configuration: - When enabled: Extracts real client IP from X-Forwarded-For header - When disabled: Uses direct connection IP (default Nginx behavior) - Supports custom proxy IP ranges for CloudFlare, AWS ALB, etc. This allows Helmchart to work seamlessly on both: 1. Bare-metal clusters with iptables load balancing 2. Cloud-managed clusters with proper IP forwarding Version bumped to 6.9.0-a (WordPress version with implementation suffix) Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
164 lines
4.1 KiB
YAML
164 lines
4.1 KiB
YAML
# デフォルト値設定
|
||
replicaCount: 2
|
||
|
||
image:
|
||
nginx:
|
||
registry: docker.io
|
||
repository: nginx
|
||
tag: "1.29.4-alpine-perl"
|
||
pullPolicy: IfNotPresent
|
||
wordpress:
|
||
registry: docker.io
|
||
repository: wordpress
|
||
tag: "6.9.0-php8.5-fpm-alpine"
|
||
pullPolicy: IfNotPresent
|
||
|
||
# WordPress設定
|
||
wordpress:
|
||
# データベース設定
|
||
dbHost: mysql-service
|
||
dbName: wordpress
|
||
dbUser: wordpress
|
||
# 本番環境ではSecretを使用してください
|
||
dbPassword: "changeme"
|
||
tablePrefix: wp_
|
||
|
||
# WordPress初期設定
|
||
siteTitle: "My WordPress Site"
|
||
adminUser: "admin"
|
||
adminPassword: "" # 空の場合はランダム生成
|
||
adminEmail: "admin@example.com"
|
||
|
||
# WordPress Multisite設定
|
||
multisite:
|
||
enabled: false
|
||
# サブドメイン型: true, サブディレクトリ型: false
|
||
subdomains: false
|
||
# Multisiteのベースドメイン(サブドメイン型の場合必須)
|
||
domain: "example.com"
|
||
|
||
# ads.txt設定
|
||
adsTxt:
|
||
enabled: false
|
||
content: |
|
||
# ads.txt content
|
||
# google.com, pub-0000000000000000, DIRECT, f08c47fec0942fa0
|
||
|
||
nginx:
|
||
# ベアメタルクラスター等でリアルIPを取得する設定
|
||
# ローカルIP(ベアメタル等)から訪問者のリアルIPを取得する場合に有効にします
|
||
forwardRealIP:
|
||
enabled: false
|
||
# 信頼できるプロキシのIPレンジを追加してください
|
||
trustedProxies:
|
||
- 10.0.0.0/8
|
||
- 172.16.0.0/12
|
||
- 192.168.0.0/16
|
||
# CloudflareやAWS ALB等を使っている場合は以下のIPレンジも追加してください
|
||
# - 173.245.48.0/20
|
||
# - 103.21.244.0/22
|
||
|
||
extraConfig: |
|
||
|
||
# Service設定
|
||
service:
|
||
type: LoadBalancer
|
||
# type: ClusterIP
|
||
port: 80
|
||
targetPort: 80
|
||
|
||
# Ingress設定
|
||
ingress:
|
||
enabled: false
|
||
className: nginx
|
||
annotations: {}
|
||
# コメントを外すだけで有効化できる設定例
|
||
# cert-manager.io/cluster-issuer: "letsencrypt-issuer",
|
||
# acme.cert-manager.io/http01-ingress-class: "nginx",
|
||
# nginx.ingress.kubernetes.io/ssl-redirect: "true",
|
||
# nginx.ingress.kubernetes.io/force-ssl-redirect: "true",
|
||
# nginx.ingress.kubernetes.io/from-to-www-redirect: "true",
|
||
# nginx.ingress.kubernetes.io/proxy-body-size: "100m",
|
||
# nginx.ingress.kubernetes.io/proxy-buffer-size: "16k",
|
||
# IP取得用(Nginx Ingress Controllerの場合)
|
||
# nginx.ingress.kubernetes.io/use-forwarded-headers: "true",
|
||
# nginx.ingress.kubernetes.io/compute-full-forwarded-for: "true",
|
||
# IP取得用(AWS ALBの場合)
|
||
# alb.ingress.kubernetes.io/target-type: ip,
|
||
# IP取得用(GKE Ingressの場合)
|
||
# cloud.google.com/neg: '{"ingress": true}',
|
||
hostname: wordpress.example.com
|
||
path: /
|
||
pathType: Prefix
|
||
# TLS設定(true にするだけで hostname を使用して自動設定)
|
||
tls: false
|
||
# tlsを有効にすると自動的に以下が設定されます:
|
||
# - hosts: [hostname]
|
||
# - secretName: {hostname}-tls
|
||
|
||
# 追加のホスト設定
|
||
extraHosts: []
|
||
# - name: blog.example.com
|
||
# path: /
|
||
|
||
# 追加のTLS設定
|
||
extraTls: []
|
||
# - hosts:
|
||
# - blog.example.com
|
||
# secretName: blog-example-com-tls
|
||
|
||
# PersistentVolume設定(wp-contentのみ永続化 - bitnami方式)
|
||
persistence:
|
||
enabled: true
|
||
storageClass: ""
|
||
accessMode: ReadWriteOnce
|
||
size: 10Gi
|
||
# 注意: WordPress本体はemptyDirに配置(使い捨て)
|
||
# wp-contentディレクトリのみがPVCに永続化されます
|
||
|
||
# リソース設定
|
||
resources:
|
||
nginx:
|
||
limits:
|
||
cpu: 500m
|
||
memory: 512Mi
|
||
requests:
|
||
cpu: 250m
|
||
memory: 256Mi
|
||
wordpress:
|
||
limits:
|
||
cpu: 1000m
|
||
memory: 1Gi
|
||
requests:
|
||
cpu: 500m
|
||
memory: 512Mi
|
||
|
||
# Health Check
|
||
healthCheck:
|
||
enabled: true
|
||
livenessProbe:
|
||
httpGet:
|
||
path: /
|
||
port: 80
|
||
initialDelaySeconds: 60
|
||
periodSeconds: 10
|
||
timeoutSeconds: 5
|
||
failureThreshold: 6
|
||
readinessProbe:
|
||
httpGet:
|
||
path: /
|
||
port: 80
|
||
initialDelaySeconds: 30
|
||
periodSeconds: 5
|
||
timeoutSeconds: 3
|
||
failureThreshold: 3
|
||
|
||
# Node Selector
|
||
nodeSelector: {}
|
||
|
||
# Tolerations
|
||
tolerations: []
|
||
|
||
# Affinity
|
||
affinity: {}
|