diff --git a/apps/zammad/nginx/default.conf b/apps/zammad/nginx/default.conf index 3abdf73..891f9e1 100644 --- a/apps/zammad/nginx/default.conf +++ b/apps/zammad/nginx/default.conf @@ -12,18 +12,6 @@ server { ssl_certificate /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/privkey.pem; - # Increase timeouts -- mainly for initial setup - proxy_read_timeout 300; - proxy_send_timeout 300; - proxy_connect_timeout 300; - - # HSTS settings - # WARNING: Only add the preload option once you read about - # the consequences in https://hstspreload.org/. This option - # will add the domain to a hardcoded list that is shipped - # in all major browsers and getting removed from this list - # could take several months. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; # set max upload size client_max_body_size 512M; @@ -37,45 +25,40 @@ server { gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + root /opt/zammad/public; + location = /robots.txt { allow all; log_not_found off; access_log off; } - # Make a regex exception for `/.well-known` so that clients can still - # access it despite the existence of the regex rule - # `location ~ /(\.|autotest|...)` which would otherwise handle requests - # for `/.well-known`. - # location ^~ /.well-known { - # # The rules in this block are an adaptation of the rules - # # in `.htaccess` that concern `/.well-known`. + location /ws { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header CLIENT_IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 86400; + proxy_pass http://localhost:6042; + } - # location = /.well-known/carddav { return 301 /remote.php/dav/; } - # location = /.well-known/caldav { return 301 /remote.php/dav/; } - - # location /.well-known/acme-challenge { try_files $uri $uri/ =404; } - # location /.well-known/pki-validation { try_files $uri $uri/ =404; } - - # # Let Nextcloud's API for `/.well-known` URIs handle all other - # # requests by passing them to the front-end controller. - # return 301 /index.php$request_uri; - # } location / { - #try_files $uri $uri/ /index.php$request_uri; + proxy_set_header Host $http_host; + proxy_set_header CLIENT_IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass http://localhost:8080; + # Change this line in an SSO setup + proxy_set_header X-Forwarded-User ""; - # Forward original host name to be seen in unicorn - proxy_set_header Host $host; - - # Server name and address like being available in PHP - proxy_set_header SERVER_NAME $server_name; - proxy_set_header SERVER_ADDR $server_addr; - - # Forward client ip address to rack/rails so logging - proxy_set_header X-Forwarded-For $remote_addr; + proxy_read_timeout 300; + proxy_pass http://localhost:3000; + gzip on; + gzip_types text/plain text/xml text/css image/svg+xml application/javascript application/x-javascript application/json application/xml; + gzip_proxied any; } } diff --git a/apps/zammad/templates/deployment.yaml b/apps/zammad/templates/deployment.yaml index 9bd4880..5c808de 100644 --- a/apps/zammad/templates/deployment.yaml +++ b/apps/zammad/templates/deployment.yaml @@ -31,6 +31,56 @@ spec: persistentVolumeClaim: claimName: {{ tpl .Values.identifier . }}-postgres-data --- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }}-elasticsearch +spec: + selector: + matchLabels: + app: {{ .Release.Name }}-elasticsearch + replicas: 1 + template: + metadata: + labels: + app: {{ .Release.Name }}-elasticsearch + spec: + containers: + - name: elasticsearch + image: zammad/zammad-docker-compose:zammad-elasticsearch-{{ .Chart.AppVersion }} + env: + - name: discovery.type + value: "single-node" + # Required, because elasticsearch is using chroot() + securityContext: + capabilities: + add: ["SYS_CHROOT"] + + #image: docker.elastic.co/elasticsearch/elasticsearch:7.15.0 + # resources: + # requests: + # memory: "64Mi" + # cpu: "100m" + # limits: + # memory: "128Mi" + # cpu: "500m" + ports: + - containerPort: 9200 +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }}-elasticsearch + labels: + app: {{ .Release.Name }}-elasticsearch +spec: + type: ClusterIP + ports: + - port: 9200 + name: elasticsearch + selector: + app: {{ .Release.Name }}-elasticsearch +--- apiVersion: v1 kind: Service metadata: @@ -91,7 +141,7 @@ spec: secretKeyRef: name: {{ tpl .Values.identifier . }}-postgres-config key: POSTGRES_USER - - name: POSTGRESQL_PASSWORD + - name: POSTGRESQL_PASS valueFrom: secretKeyRef: name: {{ tpl .Values.identifier . }}-postgres-config @@ -101,13 +151,14 @@ spec: secretKeyRef: name: {{ tpl .Values.identifier . }}-postgres-config key: POSTGRES_DB + - name: ELASTICSEARCH_HOST + value: "{{ .Release.Name }}-elasticsearch" volumeMounts: - name: zammad-data mountPath: "/opt/zammad" - containers: - name: nginx - image: nginx:1.21-alpine + image: nginx:1.21.3-alpine ports: - containerPort: 443 volumeMounts: @@ -116,7 +167,7 @@ spec: - name: etcletsencrypt mountPath: "/etc/letsencrypt" - name: zammad-data - mountPath: "/var/www/html" + mountPath: "/opt/zammad" # Is it ready to work? readinessProbe: tcpSocket: @@ -140,26 +191,6 @@ spec: cpu: "500m" ports: - containerPort: 11211 - - name: elasticsearch - image: zammad/zammad-docker-compose:zammad-elasticsearch-{{ .Chart.AppVersion }} - env: - - name: discovery.type - value: "single-node" - # Required, because elasticsearch is using chroot() - securityContext: - capabilities: - add: ["SYS_CHROOT"] - - #image: docker.elastic.co/elasticsearch/elasticsearch:7.15.0 - # resources: - # requests: - # memory: "64Mi" - # cpu: "100m" - # limits: - # memory: "128Mi" - # cpu: "500m" - ports: - - containerPort: 9200 - name: redis image: redis:6.2.6-alpine # resources: @@ -171,8 +202,11 @@ spec: # cpu: "500m" ports: - containerPort: 6379 - - name: zammad + - name: zammad-railsserver image: zammad/zammad-docker-compose:zammad-{{ .Chart.AppVersion }} + command: + - /docker-entrypoint.sh + - zammad-railsserver # Wait for 10 minutes to get ready # startupProbe: # httpGet: @@ -194,7 +228,7 @@ spec: # failureThreshold: 3 # periodSeconds: 30 ports: - - containerPort: 8080 + - containerPort: 3000 name: rails env: - name: POSTGRESQL_HOST @@ -204,7 +238,7 @@ spec: secretKeyRef: name: {{ tpl .Values.identifier . }}-postgres-config key: POSTGRES_USER - - name: POSTGRESQL_PASSWORD + - name: POSTGRESQL_PASS valueFrom: secretKeyRef: name: {{ tpl .Values.identifier . }}-postgres-config @@ -219,7 +253,7 @@ spec: - name: MEMCACHE_SERVERS value: "localhost:11211" - name: ELASTICSEARCH_HOST - value: "localhost" + value: "{{ .Release.Name }}-elasticsearch" # - name: ZAMMAD_TRUSTED_DOMAINS # value: "{{ tpl .Values.fqdn . }}" # - name: ZAMMAD_ADMIN_USER @@ -235,6 +269,98 @@ spec: volumeMounts: - name: zammad-data mountPath: "/opt/zammad" + - name: zammad-scheduler + image: zammad/zammad-docker-compose:zammad-{{ .Chart.AppVersion }} + command: + - /docker-entrypoint.sh + - zammad-scheduler + env: + - name: POSTGRESQL_HOST + value: {{ .Release.Name }}-postgres + - name: POSTGRESQL_USER + valueFrom: + secretKeyRef: + name: {{ tpl .Values.identifier . }}-postgres-config + key: POSTGRES_USER + - name: POSTGRESQL_PASS + valueFrom: + secretKeyRef: + name: {{ tpl .Values.identifier . }}-postgres-config + key: POSTGRES_PASSWORD + - name: POSTGRESQL_DB + valueFrom: + secretKeyRef: + name: {{ tpl .Values.identifier . }}-postgres-config + key: POSTGRES_DB + - name: REDIS_URL + value: "redis://localhost:6379" + - name: MEMCACHE_SERVERS + value: "localhost:11211" + - name: ELASTICSEARCH_HOST + value: "{{ .Release.Name }}-elasticsearch" + # - name: ZAMMAD_TRUSTED_DOMAINS + # value: "{{ tpl .Values.fqdn . }}" + # - name: ZAMMAD_ADMIN_USER + # valueFrom: + # secretKeyRef: + # name: {{ tpl .Values.identifier . }}-zammad + # key: USERNAME + # - name: ZAMMAD_ADMIN_PASSWORD + # valueFrom: + # secretKeyRef: + # name: {{ tpl .Values.identifier . }}-zammad + # key: PASSWORD + volumeMounts: + - name: zammad-data + mountPath: "/opt/zammad" + - name: zammad-websocket + image: zammad/zammad-docker-compose:zammad-{{ .Chart.AppVersion }} + command: + - sh + - -c + - "cd /opt/zammad && bundle exec script/websocket-server.rb -b :: -p 6042 start" + env: + - name: POSTGRESQL_HOST + value: {{ .Release.Name }}-postgres + - name: POSTGRESQL_USER + valueFrom: + secretKeyRef: + name: {{ tpl .Values.identifier . }}-postgres-config + key: POSTGRES_USER + - name: POSTGRESQL_PASS + valueFrom: + secretKeyRef: + name: {{ tpl .Values.identifier . }}-postgres-config + key: POSTGRES_PASSWORD + - name: POSTGRESQL_DB + valueFrom: + secretKeyRef: + name: {{ tpl .Values.identifier . }}-postgres-config + key: POSTGRES_DB + - name: REDIS_URL + value: "redis://localhost:6379" + - name: MEMCACHE_SERVERS + value: "localhost:11211" + - name: ELASTICSEARCH_HOST + value: "{{ .Release.Name }}-elasticsearch" + # - name: ZAMMAD_TRUSTED_DOMAINS + # value: "{{ tpl .Values.fqdn . }}" + # - name: ZAMMAD_ADMIN_USER + # valueFrom: + # secretKeyRef: + # name: {{ tpl .Values.identifier . }}-zammad + # key: USERNAME + # - name: ZAMMAD_ADMIN_PASSWORD + # valueFrom: + # secretKeyRef: + # name: {{ tpl .Values.identifier . }}-zammad + # key: PASSWORD + volumeMounts: + - name: zammad-data + mountPath: "/opt/zammad" + ports: + - containerPort: 6042 + name: websocket volumes: - name: etcletsencrypt persistentVolumeClaim: