apiVersion: v1 kind: ConfigMap metadata: name: configmap-nginx labels: {{- include "site.labels" . | nindent 4 }} data: default.conf: | # from http://geekyplatypus.com/dockerise-your-php-application-with-nginx-and-php7-fpm/ # Gzip Settings gzip on; # gzip_vary on; gzip_proxied any; gzip_comp_level 5; # gzip_buffers 16 8k; # gzip_http_version 1.1; gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; # Security Headers #add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always; #add_header X-Xss-Protection "1; mode=block" always; #add_header X-Frame-Options "SAMEORIGIN" always; #add_header X-Content-Type-Options "nosniff" always; #add_header Referrer-Policy "origin-when-cross-origin" always; #add_header Strict-Transport-Security "max-age=31536000" always; server { index index.php; root /var/www/html/web; listen 8080; server_name _; error_log /dev/stderr; access_log /dev/stdout; location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { allow all; log_not_found off; access_log off; } # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban) location ~ /\. { deny all; } location / { disable_symlinks off; try_files $uri $uri/ /index.php; } location ~* \.php$ { fastcgi_pass 127.0.0.1:9000; #fastcgi_pass archivescacm-php-fpm:9000; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } }