Skip to content

Instantly share code, notes, and snippets.

@snobu

snobu/nginx-conf-configmap.yaml

Last active September 17, 2021 08:04
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save snobu/d9708e699afca721f6b19cd3833a12a8 to your computer and use it in GitHub Desktop.
Save snobu/d9708e699afca721f6b19cd3833a12a8 to your computer and use it in GitHub Desktop.
Download ZIP
WordPress on AKS with rook-ceph
Raw
nginx-conf-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: nginxconf
data:
nginx.conf: |-
user nginx; # match php-fpm user so we can purge cache from Nginx Helper WP plugin
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
gzip on;
include /etc/nginx/conf.d/*.conf;
}
Raw
nginx-default-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: nginxthroughpass
data:
default.conf: |-
fastcgi_cache_path /var/www/html/nginx_cache levels=1:2 keys_zone=wordpress:1024m inactive=60m;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
server {
listen 80;
listen 443 ssl;
# force https-redirects
#if ($scheme = http) {
# return 301 https://$server_name$request_uri;
#}
ssl_certificate /etc/nginx/ssl/tls.crt;
ssl_certificate_key /etc/nginx/ssl/tls.key;
root /var/www/html;
server_name killerpress.biz;
index index.php;
client_max_body_size 12M; # Max POST body size
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PHP_VALUE "memory_limit = 2048M";
fastcgi_read_timeout 900;
fastcgi_cache wordpress;
fastcgi_cache_valid 200 301 302 7d;
fastcgi_cache_use_stale error timeout updating invalid_header http_500 http_503;
fastcgi_cache_min_uses 1;
fastcgi_cache_lock on;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
add_header X-FastCGI-Cache $upstream_cache_status;
add_header x-pingback "";
}
# Used by Nginx Helper WP plugin to invalidate cache for posts/pages we update
#
location ~ /purge(/.*) {
fastcgi_cache_purge wordpress "$scheme$request_method$host$1";
}
set $skip_cache 0;
# POST requests and urls with a query string should always go to PHP
if ($request_method = POST) {
set $skip_cache 1;
}
if ($query_string != "") {
set $skip_cache 1;
}
# Don't cache uris containing the following segments
if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-..php|^/feed/|/tag/./feed/|index.php|/.sitemap..(xml|xsl)") {
set $skip_cache 1;
}
# Don't use the cache for logged in users or recent commenters
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
set $skip_cache 1;
}
}
Raw
service.yaml
apiVersion: v1
kind: Service
metadata:
labels:
app: wordpress
name: wordpress
namespace: default
spec:
ports:
- port: 443
name: wordpress-tls
protocol: TCP
targetPort: 443
- port: 80
name: wordpress
protocol: TCP
targetPort: 80
selector:
app: wordpress
tier: frontend
sessionAffinity: None
type: LoadBalancer
status:
loadBalancer: {}
Raw
wordpress-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: wordpress
labels:
app: wordpress
spec:
selector:
matchLabels:
app: wordpress
tier: frontend
strategy:
type: Recreate
template:
metadata:
labels:
app: wordpress
tier: frontend
spec:
containers:
- name: wordpress
image: wordpress:5.8.0-php8.0-fpm-alpine
env:
- name: WORDPRESS_DB_HOST
valueFrom:
secretKeyRef:
name: mysql
key: host
- name: WORDPRESS_DB_NAME
valueFrom:
secretKeyRef:
name: mysql
key: database
- name: WORDPRESS_DB_USER
valueFrom:
secretKeyRef:
name: mysql
key: username
- name: WORDPRESS_DB_PASSWORD
valueFrom:
secretKeyRef:
name: mysql
key: password
- name: WORDPRESS_CONFIG_EXTRA
value: |
define('MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL);
define('WP_AUTO_UPDATE_CORE', false);
ports:
- containerPort: 80
name: nginx
- containerPort: 9000
name: wp-php-fpm
volumeMounts:
- name: rook-cephfs-wordpress-pvc
mountPath: /var/www/html
- name: nginx
image: emcniece/nginx-cache-purge:1.13-alpine
imagePullPolicy : IfNotPresent
volumeMounts:
- name: tls-certs
mountPath: /etc/nginx/ssl
readOnly: true
- name: rook-cephfs-wordpress-pvc
mountPath: /var/www/html
- name: nginxdefaultconf
mountPath: /etc/nginx/conf.d/default.conf
subPath: default.conf
readOnly: true
- name: nginxconf
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
readOnly: true
volumes:
- name: tls-certs
secret:
secretName: cloudflare-origin-wordpress
- name: rook-cephfs-wordpress-pvc
persistentVolumeClaim:
claimName: rook-cephfs-wordpress-pvc
- configMap:
name: nginxconf
defaultMode: 256
optional: false
name: nginxconf
- configMap:
name: nginxthroughpass
defaultMode: 256
optional: false
name: nginxdefaultconf
Raw
wordpress-pvc.yaml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: rook-cephfs-wordpress-pvc
spec:
storageClassName: rook-cephfs
accessModes:
- ReadWriteMany
resources:
requests:
storage: 9Gi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment