Compare commits

...

2 commits

Author SHA1 Message Date
Johannes Meixner
6037e4adb6 Clean up nginx config
Trying different URIs will lead to responding with index.html to JSON
translations and fail the app
2023-07-10 17:26:29 +02:00
Johannes Meixner
1bbf689821 Improve Helm Chart
- use official v0.3.13 docker images hosted on GitHub
- load configs for Element-Call (public/config.json), nginx and SSL
  certs through ConfigMaps / PersistentVolumeClaims
2023-07-10 17:21:02 +02:00
7 changed files with 89 additions and 6 deletions

View file

@ -12,8 +12,6 @@ server {
# also turn off last-modified since they are just the timestamps of the file in the docker image # also turn off last-modified since they are just the timestamps of the file in the docker image
# and may or may not bear any resemblance to when the resource changed # and may or may not bear any resemblance to when the resource changed
add_header Last-Modified ""; add_header Last-Modified "";
try_files $uri /$uri /index.html;
} }
# assets can be cached because they have hashed filenames # assets can be cached because they have hashed filenames
@ -23,3 +21,31 @@ server {
} }
} }
server {
listen 8443 ssl;
server_name mx22.local;
root /app;
location / {
# disable cache entriely by default (apart from Etag which is accurate enough)
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
# also turn off last-modified since they are just the timestamps of the file in the docker image
# and may or may not bear any resemblance to when the resource changed
add_header Last-Modified "";
}
# assets can be cached because they have hashed filenames
location /assets {
expires 1w;
add_header Cache-Control "public, no-transform";
}
ssl_certificate "/etc/ssl/certs/element-call.crt";
ssl_certificate_key "/etc/ssl/private/element-call.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers on;
}

View file

@ -21,4 +21,4 @@ version: 0.1.0
# incremented each time you make changes to the application. Versions are not expected to # incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using. # follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes. # It is recommended to use it with quotes.
appVersion: "1.16.0" appVersion: v0.3.13

1
helm-chart/files/nginx.conf Symbolic link
View file

@ -0,0 +1 @@
../../config/nginx.conf

View file

@ -1,3 +1,4 @@
---
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
@ -6,3 +7,31 @@ metadata:
data: data:
{{ .Values.config.fileName }}: | {{ .Values.config.fileName }}: |
{{ .Values.config.data | toPrettyJson | quote }} {{ .Values.config.data | toPrettyJson | quote }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-config
namespace: default
data:
default.conf: {{ .Files.Get "files/nginx.conf" | quote }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: ssl-cert
namespace: default
data:
element-call.crt: {{ .Files.Get "certs/element-call.crt" | quote }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: ssl-key
namespace: default
data:
element-call.key: {{ .Files.Get "certs/element-call.key" | quote }}

View file

@ -37,6 +37,9 @@ spec:
- name: http - name: http
containerPort: {{ .Values.service.port }} containerPort: {{ .Values.service.port }}
protocol: TCP protocol: TCP
- name: https
containerPort: {{ .Values.service.port_https }}
protocol: TCP
livenessProbe: livenessProbe:
httpGet: httpGet:
path: / path: /
@ -51,10 +54,25 @@ spec:
- name: config-volume - name: config-volume
mountPath: "{{ .Values.config.path }}" mountPath: "{{ .Values.config.path }}"
subPath: "{{ .Values.config.fileName }}" subPath: "{{ .Values.config.fileName }}"
- name: nginx-volume
mountPath: "{{ .Values.nginx_config.path }}"
- name: ssl-cert-volume
mountPath: "/etc/ssl/certs/"
- name: ssl-key-volume
mountPath: "/etc/ssl/private/"
volumes: volumes:
- name: config-volume - name: config-volume
configMap: configMap:
name: app-config name: app-config
- name: nginx-volume
configMap:
name: nginx-config
- name: ssl-cert-volume
configMap:
name: ssl-cert
- name: ssl-key-volume
configMap:
name: ssl-key
{{- with .Values.nodeSelector }} {{- with .Values.nodeSelector }}
nodeSelector: nodeSelector:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}

View file

@ -11,5 +11,9 @@ spec:
targetPort: http targetPort: http
protocol: TCP protocol: TCP
name: http name: http
- port: {{ .Values.service.port_https }}
targetPort: {{ .Values.service.port_https }}
protocol: TCP
name: element-https
selector: selector:
{{- include "element-call.selectorLabels" . | nindent 4 }} {{- include "element-call.selectorLabels" . | nindent 4 }}

View file

@ -5,10 +5,10 @@
replicaCount: 1 replicaCount: 1
image: image:
repository: element-call_call repository: ghcr.io/vector-im/element-call
pullPolicy: Never pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion. # Overrides the image tag whose default is the chart appVersion.
tag: "" # tag: ""
imagePullSecrets: [] imagePullSecrets: []
nameOverride: "" nameOverride: ""
@ -41,6 +41,7 @@ service:
port: 8080 port: 8080
targetPort: 8080 targetPort: 8080
nodePort: 30070 nodePort: 30070
port_https: 8443
ingress: ingress:
enabled: false enabled: false
@ -87,3 +88,7 @@ config:
"feature_group_calls_without_video_and_audio": true "feature_group_calls_without_video_and_audio": true
} }
} }
nginx_config:
path: /etc/nginx/conf.d
fileName: default.conf