ungleich-public
/
ungleich-k8s
6
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

zammad: update nginx config

This commit is contained in:
Nico Schottelius 2021-10-10 00:11:39 +09:00
parent 689346f1b8
commit 2044a9b802
2 changed files with 177 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
apps/zammad/nginx/default.conf
View File

@ -12,18 +12,6 @@ server {
ssl_certificate /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/privkey.pem;
# Increase timeouts -- mainly for initial setup
proxy_read_timeout 300;
proxy_send_timeout 300;
proxy_connect_timeout 300;
# HSTS settings
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# set max upload size
client_max_body_size 512M;
@ -37,45 +25,40 @@ server {
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
root /opt/zammad/public;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make a regex exception for `/.well-known` so that clients can still
# access it despite the existence of the regex rule
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
# for `/.well-known`.
# location ^~ /.well-known {
# # The rules in this block are an adaptation of the rules
# # in `.htaccess` that concern `/.well-known`.
location /ws {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header CLIENT_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 86400;
proxy_pass http://localhost:6042;
}
# location = /.well-known/carddav { return 301 /remote.php/dav/; }
# location = /.well-known/caldav { return 301 /remote.php/dav/; }
# location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
# location /.well-known/pki-validation { try_files $uri $uri/ =404; }
# # Let Nextcloud's API for `/.well-known` URIs handle all other
# # requests by passing them to the front-end controller.
# return 301 /index.php$request_uri;
# }
location / {
#try_files $uri $uri/ /index.php$request_uri;
proxy_set_header Host $http_host;
proxy_set_header CLIENT_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8080;
# Change this line in an SSO setup
proxy_set_header X-Forwarded-User "";
# Forward original host name to be seen in unicorn
proxy_set_header Host $host;
# Server name and address like being available in PHP
proxy_set_header SERVER_NAME $server_name;
proxy_set_header SERVER_ADDR $server_addr;
# Forward client ip address to rack/rails so logging
proxy_set_header X-Forwarded-For $remote_addr;
proxy_read_timeout 300;
proxy_pass http://localhost:3000;
gzip on;
gzip_types text/plain text/xml text/css image/svg+xml application/javascript application/x-javascript application/json application/xml;
gzip_proxied any;
}
}

182
apps/zammad/templates/deployment.yaml
View File

@ -31,6 +31,56 @@ spec:
persistentVolumeClaim:
claimName: {{ tpl .Values.identifier . }}-postgres-data
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Release.Name }}-elasticsearch
spec:
selector:
matchLabels:
app: {{ .Release.Name }}-elasticsearch
replicas: 1
template:
metadata:
labels:
app: {{ .Release.Name }}-elasticsearch
spec:
containers:
- name: elasticsearch
image: zammad/zammad-docker-compose:zammad-elasticsearch-{{ .Chart.AppVersion }}
env:
- name: discovery.type
value: "single-node"
# Required, because elasticsearch is using chroot()
securityContext:
capabilities:
add: ["SYS_CHROOT"]
#image: docker.elastic.co/elasticsearch/elasticsearch:7.15.0
# resources:
# requests:
# memory: "64Mi"
# cpu: "100m"
# limits:
# memory: "128Mi"
# cpu: "500m"
ports:
- containerPort: 9200
---
apiVersion: v1
kind: Service
metadata:
name: {{ .Release.Name }}-elasticsearch
labels:
app: {{ .Release.Name }}-elasticsearch
spec:
type: ClusterIP
ports:
- port: 9200
name: elasticsearch
selector:
app: {{ .Release.Name }}-elasticsearch
---
apiVersion: v1
kind: Service
metadata:
@ -91,7 +141,7 @@ spec:
secretKeyRef:
name: {{ tpl .Values.identifier . }}-postgres-config
key: POSTGRES_USER
- name: POSTGRESQL_PASSWORD
- name: POSTGRESQL_PASS
valueFrom:
secretKeyRef:
name: {{ tpl .Values.identifier . }}-postgres-config
@ -101,13 +151,14 @@ spec:
secretKeyRef:
name: {{ tpl .Values.identifier . }}-postgres-config
key: POSTGRES_DB
- name: ELASTICSEARCH_HOST
value: "{{ .Release.Name }}-elasticsearch"
volumeMounts:
- name: zammad-data
mountPath: "/opt/zammad"
containers:
- name: nginx
image: nginx:1.21-alpine
image: nginx:1.21.3-alpine
ports:
- containerPort: 443
volumeMounts:
@ -116,7 +167,7 @@ spec:
- name: etcletsencrypt
mountPath: "/etc/letsencrypt"
- name: zammad-data
mountPath: "/var/www/html"
mountPath: "/opt/zammad"
# Is it ready to work?
readinessProbe:
tcpSocket:
@ -140,26 +191,6 @@ spec:
cpu: "500m"
ports:
- containerPort: 11211
- name: elasticsearch
image: zammad/zammad-docker-compose:zammad-elasticsearch-{{ .Chart.AppVersion }}
env:
- name: discovery.type
value: "single-node"
# Required, because elasticsearch is using chroot()
securityContext:
capabilities:
add: ["SYS_CHROOT"]
#image: docker.elastic.co/elasticsearch/elasticsearch:7.15.0
# resources:
# requests:
# memory: "64Mi"
# cpu: "100m"
# limits:
# memory: "128Mi"
# cpu: "500m"
ports:
- containerPort: 9200
- name: redis
image: redis:6.2.6-alpine
# resources:
@ -171,8 +202,11 @@ spec:
# cpu: "500m"
ports:
- containerPort: 6379
- name: zammad
- name: zammad-railsserver
image: zammad/zammad-docker-compose:zammad-{{ .Chart.AppVersion }}
command:
- /docker-entrypoint.sh
- zammad-railsserver
# Wait for 10 minutes to get ready
# startupProbe:
# httpGet:
@ -194,7 +228,7 @@ spec:
# failureThreshold: 3
# periodSeconds: 30
ports:
- containerPort: 8080
- containerPort: 3000
name: rails
env:
- name: POSTGRESQL_HOST
@ -204,7 +238,7 @@ spec:
secretKeyRef:
name: {{ tpl .Values.identifier . }}-postgres-config
key: POSTGRES_USER
- name: POSTGRESQL_PASSWORD
- name: POSTGRESQL_PASS
valueFrom:
secretKeyRef:
name: {{ tpl .Values.identifier . }}-postgres-config
@ -219,7 +253,7 @@ spec:
- name: MEMCACHE_SERVERS
value: "localhost:11211"
- name: ELASTICSEARCH_HOST
value: "localhost"
value: "{{ .Release.Name }}-elasticsearch"
# - name: ZAMMAD_TRUSTED_DOMAINS
# value: "{{ tpl .Values.fqdn . }}"
# - name: ZAMMAD_ADMIN_USER
@ -235,6 +269,98 @@ spec:
volumeMounts:
- name: zammad-data
mountPath: "/opt/zammad"
- name: zammad-scheduler
image: zammad/zammad-docker-compose:zammad-{{ .Chart.AppVersion }}
command:
- /docker-entrypoint.sh
- zammad-scheduler
env:
- name: POSTGRESQL_HOST
value: {{ .Release.Name }}-postgres
- name: POSTGRESQL_USER
valueFrom:
secretKeyRef:
name: {{ tpl .Values.identifier . }}-postgres-config
key: POSTGRES_USER
- name: POSTGRESQL_PASS
valueFrom:
secretKeyRef:
name: {{ tpl .Values.identifier . }}-postgres-config
key: POSTGRES_PASSWORD
- name: POSTGRESQL_DB
valueFrom:
secretKeyRef:
name: {{ tpl .Values.identifier . }}-postgres-config
key: POSTGRES_DB
- name: REDIS_URL
value: "redis://localhost:6379"
- name: MEMCACHE_SERVERS
value: "localhost:11211"
- name: ELASTICSEARCH_HOST
value: "{{ .Release.Name }}-elasticsearch"
# - name: ZAMMAD_TRUSTED_DOMAINS
# value: "{{ tpl .Values.fqdn . }}"
# - name: ZAMMAD_ADMIN_USER
# valueFrom:
# secretKeyRef:
# name: {{ tpl .Values.identifier . }}-zammad
# key: USERNAME
# - name: ZAMMAD_ADMIN_PASSWORD
# valueFrom:
# secretKeyRef:
# name: {{ tpl .Values.identifier . }}-zammad
# key: PASSWORD
volumeMounts:
- name: zammad-data
mountPath: "/opt/zammad"
- name: zammad-websocket
image: zammad/zammad-docker-compose:zammad-{{ .Chart.AppVersion }}
command:
- sh
- -c
- "cd /opt/zammad && bundle exec script/websocket-server.rb -b :: -p 6042 start"
env:
- name: POSTGRESQL_HOST
value: {{ .Release.Name }}-postgres
- name: POSTGRESQL_USER
valueFrom:
secretKeyRef:
name: {{ tpl .Values.identifier . }}-postgres-config
key: POSTGRES_USER
- name: POSTGRESQL_PASS
valueFrom:
secretKeyRef:
name: {{ tpl .Values.identifier . }}-postgres-config
key: POSTGRES_PASSWORD
- name: POSTGRESQL_DB
valueFrom:
secretKeyRef:
name: {{ tpl .Values.identifier . }}-postgres-config
key: POSTGRES_DB
- name: REDIS_URL
value: "redis://localhost:6379"
- name: MEMCACHE_SERVERS
value: "localhost:11211"
- name: ELASTICSEARCH_HOST
value: "{{ .Release.Name }}-elasticsearch"
# - name: ZAMMAD_TRUSTED_DOMAINS
# value: "{{ tpl .Values.fqdn . }}"
# - name: ZAMMAD_ADMIN_USER
# valueFrom:
# secretKeyRef:
# name: {{ tpl .Values.identifier . }}-zammad
# key: USERNAME
# - name: ZAMMAD_ADMIN_PASSWORD
# valueFrom:
# secretKeyRef:
# name: {{ tpl .Values.identifier . }}-zammad
# key: PASSWORD
volumeMounts:
- name: zammad-data
mountPath: "/opt/zammad"
ports:
- containerPort: 6042
name: websocket
volumes:
- name: etcletsencrypt
persistentVolumeClaim: