Created
February 10, 2025 19:03
-
-
Save Mikej81/e6ec41ec79ace91b4e2323061cb1e403 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: nginx-config | |
| namespace: m-coleman | |
| annotations: | |
| ves.io/virtual-sites: shared/coleman-io-us-no-ash | |
| data: | |
| nginx.conf: | | |
| worker_processes auto; | |
| pid /tmp/nginx.pid; | |
| error_log /var/log/nginx/error.log debug; | |
| events { | |
| worker_connections 10240; | |
| } | |
| http { | |
| upstream app_servers { | |
| server 68.183.126.197; | |
| } | |
| client_body_temp_path /tmp; | |
| proxy_temp_path /tmp; | |
| fastcgi_temp_path /tmp; | |
| uwsgi_temp_path /tmp; | |
| scgi_temp_path /tmp; | |
| # Define cache zones for static content and API responses | |
| proxy_cache_path /tmp/nginx_cache levels=1:2 keys_zone=static_cache:50m max_size=100m inactive=60m use_temp_path=off; | |
| proxy_cache_path /tmp/api_cache levels=1:2 keys_zone=api_cache:50m max_size=100m inactive=30m use_temp_path=off; | |
| # Enable proxy buffering for performance optimization | |
| proxy_buffering on; | |
| proxy_buffer_size 128k; | |
| proxy_buffers 32 128k; | |
| proxy_busy_buffers_size 256k; | |
| proxy_max_temp_file_size 100m; | |
| log_format main | |
| 'cache_status:$upstream_cache_status\t' | |
| 'remote_addr:$remote_addr\t' | |
| 'time_local:$time_local\t' | |
| 'method:$request_method\t' | |
| 'uri:$request_uri\t' | |
| 'host:$host\t' | |
| 'status:$status\t' | |
| 'bytes_sent:$body_bytes_sent\t' | |
| 'referer:$http_referer\t' | |
| 'useragent:$http_user_agent\t' | |
| 'forwardedfor:$http_x_forwarded_for\t' | |
| 'request_time:$request_time'; | |
| access_log /var/log/nginx/access.log main; | |
| server { | |
| listen 8080; | |
| # π Cache ALL static files for 30 days (ignoring upstream headers) | |
| location ~* ^/en-us/.*\.(ico|css|js|gif|jpe?g|png|woff2?|eot|ttf|svg|mp4|webp|avif)$ { | |
| proxy_pass http://app_servers; | |
| proxy_cache_key $scheme://$host$uri$is_args$query_string; | |
| proxy_cache static_cache; | |
| proxy_cache_valid 200 30d; | |
| proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; | |
| expires 30d; | |
| add_header Cache-Control "public, max-age=2592000, immutable" always; | |
| add_header X-Cache-Status $upstream_cache_status; | |
| proxy_ignore_headers Cache-Control Expires Set-Cookie; | |
| proxy_cache_bypass 0; | |
| proxy_no_cache 0; | |
| access_log off; | |
| } | |
| # π Cache API responses for 10 minutes (ignoring upstream headers) | |
| location ~* ^/en-us/api/ { | |
| proxy_pass http://app_servers; | |
| proxy_cache_key $scheme://$host$uri$is_args$query_string; | |
| proxy_cache api_cache; | |
| proxy_cache_valid 200 10m; | |
| proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; | |
| add_header X-Cache-Status $upstream_cache_status; | |
| proxy_ignore_headers Cache-Control Expires Set-Cookie; | |
| proxy_cache_bypass 0; | |
| proxy_no_cache 0; | |
| } | |
| # π Cache JSON & HTML for 1 hour (ignoring upstream headers) | |
| location ~* ^/en-us/.*\.(html|json)$ { | |
| proxy_pass http://app_servers; | |
| proxy_cache_key $scheme://$host$uri$is_args$query_string; | |
| proxy_cache api_cache; | |
| proxy_cache_valid 200 1h; | |
| proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; | |
| expires 1h; | |
| add_header Cache-Control "public, max-age=3600"; | |
| add_header X-Cache-Status $upstream_cache_status; | |
| proxy_ignore_headers Cache-Control Expires Set-Cookie; | |
| proxy_cache_bypass 0; | |
| proxy_no_cache 0; | |
| } | |
| # π Cache ALL OTHER responses (if successful) for 10 minutes | |
| location ^~ /en-us/ { | |
| proxy_pass http://app_servers; | |
| proxy_cache_key $scheme://$host$uri$is_args$query_string; | |
| proxy_cache api_cache; | |
| proxy_cache_valid 200 10m; | |
| proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; | |
| add_header X-Cache-Status $upstream_cache_status; | |
| proxy_ignore_headers Cache-Control Expires Set-Cookie; | |
| proxy_cache_bypass 0; | |
| proxy_no_cache 0; | |
| } | |
| #Fallback for any request that does not match /en-us/ | |
| location / { | |
| return 404; | |
| } | |
| } | |
| } | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: nginx-unprivileged | |
| namespace: m-coleman | |
| annotations: | |
| ves.io/virtual-sites: shared/coleman-io-us-no-ash | |
| ves.io/workload-flavor: large | |
| spec: | |
| replicas: 1 | |
| selector: | |
| matchLabels: | |
| app: nginx-unprivileged | |
| template: | |
| metadata: | |
| labels: | |
| app: nginx-unprivileged | |
| spec: | |
| containers: | |
| - name: nginx | |
| image: ghcr.io/nginxinc/nginx-unprivileged | |
| ports: | |
| - containerPort: 8080 | |
| volumeMounts: | |
| - name: nginx-config | |
| mountPath: /etc/nginx/nginx.conf | |
| subPath: nginx.conf | |
| command: ["/bin/sh", "-c"] | |
| args: | |
| - | | |
| echo "Ensuring cache directories exist..." | |
| mkdir -p /tmp/nginx_cache /tmp/api_cache | |
| chmod -R 777 /tmp/nginx_cache /tmp/api_cache | |
| echo "Starting Nginx..." | |
| nginx -g 'daemon off;' | |
| volumes: | |
| - name: nginx-config | |
| configMap: | |
| name: nginx-config | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: nginx-service | |
| namespace: m-coleman | |
| annotations: | |
| ves.io/virtual-sites: shared/coleman-io-us-no-ash | |
| spec: | |
| selector: | |
| app: nginx-unprivileged | |
| ports: | |
| - protocol: TCP | |
| port: 8080 | |
| targetPort: 8080 | |
| type: ClusterIP |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment