67 lines
2.0 KiB
YAML
67 lines
2.0 KiB
YAML
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: configmap-nginx
|
|
labels:
|
|
{{- include "site.labels" . | nindent 4 }}
|
|
|
|
data:
|
|
default.conf: |
|
|
# from http://geekyplatypus.com/dockerise-your-php-application-with-nginx-and-php7-fpm/
|
|
# Gzip Settings
|
|
gzip on;
|
|
|
|
# gzip_vary on;
|
|
gzip_proxied any;
|
|
gzip_comp_level 5;
|
|
# gzip_buffers 16 8k;
|
|
# gzip_http_version 1.1;
|
|
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
|
|
|
|
# Security Headers
|
|
#add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
|
|
#add_header X-Xss-Protection "1; mode=block" always;
|
|
#add_header X-Frame-Options "SAMEORIGIN" always;
|
|
#add_header X-Content-Type-Options "nosniff" always;
|
|
#add_header Referrer-Policy "origin-when-cross-origin" always;
|
|
#add_header Strict-Transport-Security "max-age=31536000" always;
|
|
|
|
server {
|
|
index index.php;
|
|
root /var/www/html/web;
|
|
listen 8080;
|
|
server_name _;
|
|
error_log /dev/stderr;
|
|
access_log /dev/stdout;
|
|
|
|
location = /favicon.ico {
|
|
log_not_found off;
|
|
access_log off;
|
|
}
|
|
|
|
location = /robots.txt {
|
|
allow all;
|
|
log_not_found off;
|
|
access_log off;
|
|
}
|
|
|
|
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
|
|
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
|
|
location ~ /\. {
|
|
deny all;
|
|
}
|
|
|
|
location / {
|
|
disable_symlinks off;
|
|
try_files $uri $uri/ /index.php;
|
|
}
|
|
|
|
location ~* \.php$ {
|
|
fastcgi_pass 127.0.0.1:9000;
|
|
#fastcgi_pass archivescacm-php-fpm:9000;
|
|
include fastcgi_params;
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
}
|
|
}
|
|
|