-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnginx-redirect-prod.yaml
129 lines (120 loc) · 3.04 KB
/
nginx-redirect-prod.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
apiVersion: route.openshift.io/v1
kind: Route
metadata:
annotations:
router.cern.ch/network-visibility: Internet
# Autogenerate cert with Let's encrypt: https://cern.service-now.com/service-portal?id=kb_article&n=KB0006299
kubernetes.io/tls-acme: 'true'
haproxy.router.openshift.io/ip_whitelist: ""
labels:
app: nginx-redirection
name: nginx-redirection
spec:
host: linux.cern.ch
tls:
insecureEdgeTerminationPolicy: Redirect
termination: edge
to:
kind: Service
name: nginx-redirection
weight: 100
wildcardPolicy: None
---
apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
annotations:
description: Redirects users from https://linux.cern.ch to https://linux.web.cern.ch
labels:
app: nginx-redirection
name: nginx-redirection
spec:
replicas: 1
selector:
app: nginx-redirection
deploymentconfig: nginx-redirection
strategy:
type: Rolling
template:
metadata:
annotations:
openshift.io/container.nginx-redirection.image.entrypoint: '["nginx","-g","daemon
off;"]'
openshift.io/generated-by: OpenShiftNewApp
labels:
app: nginx-redirection
deploymentconfig: nginx-redirection
spec:
containers:
- image: nginx:stable-alpine
imagePullPolicy: Always
name: nginx-redirection
ports:
- containerPort: 8080
protocol: TCP
resources:
limits:
cpu: 100m
memory: 20Mi
requests:
cpu: 50m
memory: 10Mi
volumeMounts:
- mountPath: /etc/nginx/conf.d
name: config
- mountPath: /var/cache/nginx
name: volume-cache
- mountPath: /var/run
name: volume-run
restartPolicy: Always
volumes:
- configMap:
defaultMode: 420
name: nginx-redirection
name: config
- emptyDir: {}
name: volume-cache
- emptyDir: {}
name: volume-run
triggers:
- type: ConfigChange
---
apiVersion: v1
kind: Service
metadata:
labels:
app: nginx-redirection
name: nginx-redirection
spec:
ports:
- name: 8080-tcp
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: nginx-redirection
deploymentconfig: nginx-redirection
sessionAffinity: None
type: ClusterIP
---
apiVersion: v1
data:
redirect.conf: |
server {
listen 8080 default_server;
server_name linux.web.cern.ch;
server_tokens off; ## Don't show the nginx version number, a security best practice
return 301 https://$server_name$request_uri; # Make sure we redirect to the servername we want and not the host header sent by the client
access_log /dev/stdout;
error_log /dev/stdout;
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
kind: ConfigMap
metadata:
labels:
app: gitlab
name: nginx-redirection