apiVersion: v1 kind: ConfigMap metadata: name: {{ taskserv.name }}-nginx namespace: {{ taskserv.namespace }} labels: app.kubernetes.io/name: {{ taskserv.name }} app.kubernetes.io/managed-by: provisioning data: nginx.conf: | worker_processes auto; worker_rlimit_nofile 8192; events { worker_connections 8000; multi_accept on; } http { include mime.types; default_type application/octet-stream; sendfile on; tcp_nopush on; keepalive_timeout 65; client_max_body_size 128M; log_format main '$http_x_forwarded_for - $remote_addr [$time_local] "$request" ' '$status $body_bytes_sent $upstream_response_time "$http_referer" "$http_user_agent"'; error_log /dev/stderr warn; access_log /dev/stdout main; gzip on; gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; gzip_vary on; fastcgi_cache_path /tmp/nginx-cache levels=1:2 keys_zone=wp-cache:100m inactive=60m; fastcgi_cache_key "$scheme$request_method$host$request_uri"; upstream fpm { server 127.0.0.1:9000; } include /etc/nginx/conf.d/*.conf; } default.conf: | server { listen 80; server_name {{ taskserv.domain }}{% for extra in taskserv.domains_extra %} {{ extra }}{% endfor %}; root /var/www/html; index index.php; error_log /dev/stderr warn; access_log /dev/stdout main; set $skip_cache 0; if ($request_method = POST) { set $skip_cache 1; } if ($query_string != "") { set $skip_cache 1; } if ($request_uri ~* "/wp-admin/|/wp-login.php|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") { set $skip_cache 1; } if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") { set $skip_cache 1; } location /health_check { return 200; access_log off; } location ~ ([^/]*)sitemap(.*).x(m|s)l$ { rewrite ^/sitemap.xml$ /sitemap_index.xml permanent; rewrite ^/([a-z]+)?-?sitemap.xsl$ /index.php?xsl=$1 last; rewrite ^/sitemap_index.xml$ /index.php?sitemap=1 last; rewrite ^/([^/]+?)-sitemap([0-9]+)?.xml$ /index.php?sitemap=$1&sitemap_n=$2 last; } location / { try_files $uri $uri/ /index.php?$args; } location /wp-admin { location ~ /wp-admin/admin-ajax.php$ { try_files $uri =404; include fastcgi.conf; fastcgi_pass fpm; fastcgi_param HTTPS on; fastcgi_param HTTP_SCHEME https; fastcgi_cache wp-cache; fastcgi_cache_bypass $skip_cache; fastcgi_no_cache $skip_cache; fastcgi_read_timeout 300; } location ~* /wp-admin/.*\.php$ { satisfy any; allow 127.0.0.1; deny all; auth_basic "Authorization Required"; auth_basic_user_file /etc/nginx/htpasswd; try_files $uri =404; include fastcgi.conf; fastcgi_pass fpm; fastcgi_param HTTPS on; fastcgi_param HTTP_SCHEME https; fastcgi_cache wp-cache; fastcgi_cache_bypass $skip_cache; fastcgi_no_cache $skip_cache; fastcgi_read_timeout 300; } } location ^~ /wp-login.php { auth_basic "Login"; auth_basic_user_file /etc/nginx/htpasswd; include fastcgi.conf; fastcgi_pass fpm; fastcgi_param HTTPS on; fastcgi_param HTTP_SCHEME https; fastcgi_cache wp-cache; fastcgi_cache_bypass $skip_cache; fastcgi_no_cache $skip_cache; fastcgi_read_timeout 300; } location ~* ^/wp-content/.*\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt)$ { expires 1M; access_log off; add_header Cache-Control "public"; } location ~* /(?:uploads|files)/.*\.php$ { deny all; } location ~ \.php$ { try_files $uri =404; include fastcgi.conf; fastcgi_pass fpm; fastcgi_param HTTPS on; fastcgi_param HTTP_SCHEME https; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_read_timeout 300; fastcgi_cache wp-cache; fastcgi_cache_bypass $skip_cache; fastcgi_no_cache $skip_cache; fastcgi_cache_valid 200 60m; } location ~ ^/\.user\.ini { deny all; } }