Last active
December 27, 2019 08:24
-
-
Save stnet253/ccbc84bf855dbd4cebc329322a429462 to your computer and use it in GitHub Desktop.
k8s nginx-web
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
name: tony-nginx-conf | |
data: | |
tls.conf: | | |
ssl_certificate /etc/nginx/ssl/certificate.crt; | |
ssl_certificate_key /etc/nginx/ssl/private.key; | |
ssl_session_cache builtin:1000 shared:SSL:10m; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; | |
ssl_prefer_server_ciphers on; | |
tls2.conf: | | |
ssl_certificate /etc/nginx/ssl/alphagame.pw.crt; | |
ssl_certificate_key /etc/nginx/ssl/alphagame.pw.key; | |
ssl_session_cache builtin:1000 shared:SSL:10m; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; | |
ssl_prefer_server_ciphers on; | |
tls3.conf: | | |
ssl_certificate /etc/nginx/ssl/enensek.top.crt; | |
ssl_certificate_key /etc/nginx/ssl/enensek.top.key; | |
ssl_session_cache builtin:1000 shared:SSL:10m; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; | |
ssl_prefer_server_ciphers on; | |
tls4.conf: | | |
ssl_certificate /etc/nginx/ssl/chungforchen.xyz.crt; | |
ssl_certificate_key /etc/nginx/ssl/chungforchen.xyz.key; | |
ssl_session_cache builtin:1000 shared:SSL:10m; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; | |
ssl_prefer_server_ciphers on; | |
mime.types: | | |
types { | |
text/html html htm shtml; | |
text/css css; | |
text/xml xml; | |
image/gif gif; | |
image/jpeg jpeg jpg; | |
application/x-javascript js; | |
application/atom+xml atom; | |
application/rss+xml rss; | |
text/mathml mml; | |
text/plain txt; | |
text/vnd.sun.j2me.app-descriptor jad; | |
text/vnd.wap.wml wml; | |
text/x-component htc; | |
image/png png; | |
image/tiff tif tiff; | |
image/vnd.wap.wbmp wbmp; | |
image/x-icon ico; | |
image/x-jng jng; | |
image/x-ms-bmp bmp; | |
image/svg+xml svg svgz; | |
image/webp webp; | |
application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; | |
application/vnd.openxmlformats-officedocument.presentationml.slideshow ppsx; | |
application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; | |
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; | |
application/java-archive jar war ear; | |
application/mac-binhex40 hqx; | |
application/msword doc; | |
application/pdf pdf; | |
application/postscript ps eps ai; | |
application/rtf rtf; | |
application/vnd.ms-excel xls; | |
application/vnd.ms-powerpoint ppt; | |
application/vnd.wap.wmlc wmlc; | |
application/vnd.google-earth.kml+xml kml; | |
application/vnd.google-earth.kmz kmz; | |
application/x-7z-compressed 7z; | |
application/x-cocoa cco; | |
application/x-java-archive-diff jardiff; | |
application/x-java-jnlp-file jnlp; | |
application/x-makeself run; | |
application/x-perl pl pm; | |
application/x-pilot prc pdb; | |
application/x-rar-compressed rar; | |
application/x-redhat-package-manager rpm; | |
application/x-sea sea; | |
application/x-shockwave-flash swf; | |
application/x-stuffit sit; | |
application/x-tcl tcl tk; | |
application/x-x509-ca-cert der pem crt; | |
application/x-xpinstall xpi; | |
application/xhtml+xml xhtml; | |
application/zip zip; | |
application/octet-stream bin exe dll; | |
application/octet-stream deb; | |
application/octet-stream dmg; | |
application/octet-stream eot; | |
application/octet-stream iso img; | |
application/octet-stream msi msp msm; | |
audio/midi mid midi kar; | |
audio/mpeg mp3; | |
audio/ogg ogg; | |
audio/x-realaudio ra; | |
audio/x-m4a m4a; | |
video/3gpp 3gpp 3gp; | |
video/mpeg mpeg mpg; | |
video/quicktime mov; | |
video/x-flv flv; | |
video/x-mng mng; | |
video/x-ms-asf asx asf; | |
video/x-ms-wmv wmv; | |
video/x-msvideo avi; | |
video/mp4 mp4; | |
video/webm webm; | |
video/x-m4v m4v; | |
} | |
nginx.conf: | | |
user www-data; | |
#identifica il numero di processori e assegna i worker processes 1 x 2000 concurrency | |
worker_processes auto; | |
pid /run/nginx.pid; | |
#configurazione per | |
# macchina virtuale medium | |
#con 2000 di ram libera | |
#nginx con possibilita` di gestire fino a 17000 connessioni | |
# php con 33 processi da 60 mb in media la nostra app ne occupa 48 | |
# ognuno dei 33 processi puo` gestire 500 connessioni | |
#fulmicotone | |
#worker_rlimit_nofile 17000; | |
#daemon off; | |
env BE_BLACK_LIST_REDIS; | |
events { | |
#meccanismo che permette di recuperare solo le connessioni attive | |
use epoll; | |
worker_connections 16666; | |
multi_accept on; | |
} | |
http { | |
client_max_body_size 0; | |
proxy_headers_hash_max_size 1024; | |
proxy_headers_hash_bucket_size 128; | |
## | |
# Basic Settings | |
## | |
sendfile on; | |
keepalive_timeout 1800; | |
keepalive_requests 10; | |
types_hash_max_size 2048; | |
include /etc/nginx/mime.types; | |
default_type application/octet-stream; | |
## | |
# Logging Settings | |
## | |
#access_log /var/log/nginx/access.log; | |
#error_log /var/log/nginx/error.log; | |
#access_log /dev/stdout; | |
#error_log /dev/stdout; | |
## | |
# Gzip Settings | |
## | |
gzip on; | |
gzip_disable "msie6"; | |
gzip_min_length 256; | |
gzip_comp_level 3; | |
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; | |
open_file_cache max=10000 inactive=30s; | |
open_file_cache_valid 60s; | |
open_file_cache_min_uses 2; | |
open_file_cache_errors on; | |
tcp_nopush on; | |
reset_timedout_connection on; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
## | |
# Virtual Host Configs | |
## | |
include /etc/nginx/conf.d/*.conf; | |
#include /etc/nginx/sites-enabled/*; | |
} | |
default.conf: | | |
map_hash_bucket_size 128; | |
#map $arg_oper $brand { | |
# include conf.d/include/brand.conf; | |
#} | |
# 各版本版號 | |
#map $game_id $version { | |
# include conf.d/version/version.conf; | |
#} | |
#include conf.d/include/upstream.conf; | |
root /var/www/; | |
index index.html index.htm; | |
server { | |
listen 80 | |
listen 443 ssl http2; | |
server_name localhost; | |
ssl_certificate /etc/nginx/ssl/certificate.crt; | |
ssl_certificate_key /etc/nginx/ssl/private.key; | |
#include /etc/nginx/conf.d/setip.conf; | |
#include /etc/nginx/conf.d/include/whitelist-allow; | |
#include /etc/nginx/conf.d/include/whitelist-block; | |
#error_page 403 https://www.google.com; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
#include conf.d/include/location.conf; | |
} | |
index.html: | | |
tony index |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
name: nginx-deply-configmap-test | |
spec: | |
replicas: 1 | |
selector: | |
matchLabels: | |
service: http-server | |
strategy: | |
type: RollingUpdate | |
rollingUpdate: | |
maxSurge: 1 | |
maxUnavailable: 1 | |
minReadySeconds: 5 | |
template: | |
metadata: | |
labels: | |
service: http-server | |
spec: | |
volumes: | |
- name: tony-nginx-conf | |
configMap: | |
name: tony-nginx-conf | |
- name: indexpath | |
configMap: | |
name: nginx-index | |
items: | |
- key: index.html | |
path: index.html | |
- name: nginxconf | |
configMap: | |
name: nginx-conf | |
- name: system-ssl-key | |
configMap: | |
name: system-ssl-key | |
imagePullSecrets: | |
- name: gcrsecret | |
containers: | |
- name: nginx | |
image: nginx:1.16.1 | |
ports: | |
- containerPort: 80 | |
name: web | |
protocol: TCP | |
- containerPort: 443 | |
name: ssl | |
protocol: TCP | |
resources: | |
requests: | |
cpu: 100m | |
memory: 128Mi | |
limits: | |
cpu: 200m | |
memory: 256Mi | |
volumeMounts: | |
- name: tony-nginx-conf | |
readOnly: true | |
mountPath: /etc/nginx/ | |
- name: nginxconf | |
readOnly: true | |
mountPath: /etc/nginx/conf.d/ | |
- name: indexpath | |
mountPath: /var/www/index.html | |
subPath: index.html | |
- name: system-ssl-key | |
readOnly: true | |
mountPath: /etc/nginx/ssl/ | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: Service | |
metadata: | |
# annotations: | |
#cloud.google.com/load-balancer-type: "Internal" | |
name: http-service | |
namespace: default | |
labels: | |
service: http-server | |
spec: | |
type: LoadBalancer | |
ports: | |
- name: ssl | |
port: 443 | |
protocol: TCP | |
targetPort: 443 | |
- name: http | |
port: 80 | |
protocol: TCP | |
targetPort: 80 | |
selector: | |
service: http-server |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment