Commit aacd4848 authored by Dominik Hebeler's avatar Dominik Hebeler
Browse files

Merge branch '29-optimize-pipeline' into 'master'

Resolve "optimize pipeline"

Closes #29

See merge request !28
parents 7786af55 2c85f03c
.composer
.npm
.gitlab
.vscode
node_modules
vendor
.editorconfig
.git
.gitattributes
.gitignore
.gitlab-ci.yaml
.gitlab
.gitlab-ci.yaml
\ No newline at end of file
APP_ENV=local
APP_KEY=
APP_DEBUG=true
APP_LOG_LEVEL=debug
LOG_CHANNEL=stderr
APP_URL=https://localhost:8080
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=homestead
DB_USERNAME=homestead
DB_PASSWORD=secret
BROADCAST_DRIVER=log
CACHE_DRIVER=redis
SESSION_DRIVER=array
QUEUE_DRIVER=sync
CENTRAL_REDIS_HOST=redis
CENTRAL_REDIS_PASSWORD=null
CENTRAL_REDIS_PORT=6379
REDIS_HOST=redis
REDIS_PASSWORD=null
REDIS_PORT=6379
MAIL_DRIVER=smtp
MAIL_HOST=mailtrap.io
MAIL_PORT=2525
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
PUSHER_APP_ID=
PUSHER_APP_KEY=
PUSHER_APP_SECRET=
PROXY_PASSWORD_OLD=secure_password
PROXY_PASSWORD=very_secure_password
PROXY_TIMEOUT=3600
PROXY_URL=https://localhost:8080
PROXY_LOG_LOCATION=/var/log/proxy/proxy.log
PROXY_MEMORY_CACHE=5242880
PROXY_FREE_DOWNLOAD_LIMIT=104857600
CACHE_ENABLED=true
\ No newline at end of file
......@@ -4,6 +4,7 @@
/storage/*.key
/vendor
.npm
.composer
.env
.env.backup
.phpunit.result.cache
......
......@@ -14,6 +14,7 @@ variables:
SAST_DISABLED: "true"
TEST_DISABLED: "true"
CACHE_FALLBACK_KEY: proxy-master
AUTO_DEVOPS_BUILD_IMAGE_FORWARDED_CI_VARIABLES: "AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY,S3_HOST,S3_BUCKETNAME"
include:
- template: Jobs/Build.gitlab-ci.yml
......@@ -23,7 +24,6 @@ include:
image: "registry.gitlab.com/gitlab-org/cluster-integration/auto-deploy-image:v2.12.0"
stages:
- prepare
- build
- test
- deploy # dummy stage to follow the template guidelines
......@@ -38,30 +38,6 @@ stages:
- incremental rollout 100%
- performance
- cleanup
prepare_node:
stage: prepare
image: node:16
before_script:
- npm i --cache .npm --prefer-offline --no-audit --progress=false
script:
- npm run prod
artifacts:
paths:
- public/js/
- public/css/
- public/mix-manifest.json
cache:
# Reuse existing cache or create new one if package-lock changed
key:
files:
- package-lock.json
paths:
- .npm
- node_modules
only:
- branches
- tags
build:
services:
......
......@@ -4,7 +4,7 @@ podDisruptionBudget:
maxUnavailable:
service:
externalPort: 80
internalPort: 80
internalPort: 8080
commonName:
ingress:
tls:
......
......@@ -4,7 +4,7 @@ podDisruptionBudget:
maxUnavailable:
service:
externalPort: 80
internalPort: 80
internalPort: 8080
commonName:
ingress:
tls:
......
service:
enabled: true
externalPort: 80
internalPort: 80
internalPort: 8080
commonName: ""
ingress:
tls:
......
FROM debian:10
# syntax = docker/dockerfile:experimental
FROM debian:10 AS dependencies
WORKDIR /html
EXPOSE 8080
# Install System Components
RUN apt update \
&& apt install -y \
nginx \
tzdata \
cron \
lsb-release \
apt-transport-https \
zip \
curl
curl \
zip
RUN curl -o /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg \
&& echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list
......@@ -30,15 +33,34 @@ RUN apt update \
php7.4-dom \
php7.4-fileinfo \
php7.4-redis \
php7.4-xdebug \
php7.4-zip
WORKDIR /html
# Install Composer
COPY ./helpers/installComposer.sh /usr/bin/installComposer
RUN chmod +x /usr/bin/installComposer && \
/usr/bin/installComposer && \
rm /usr/bin/installComposer
RUN sed -i 's/error_log = \/var\/log\/php7.4-fpm.log/error_log = \/dev\/stderr/g' /etc/php/7.4/fpm/php-fpm.conf && \
# Install Nodejs
COPY ./helpers/installNodejs.sh /usr/bin/installNodejs
RUN chmod +x /usr/bin/installNodejs && \
/usr/bin/installNodejs && \
rm /usr/bin/installNodejs
ENV PATH /usr/local/lib/nodejs/bin:$PATH
# Install Minio Client
RUN curl -o /usr/bin/mc "https://dl.min.io/client/mc/release/linux-amd64/mc" &&\
chmod +x /usr/bin/mc
FROM dependencies AS development
RUN sed -i 's/pid = \/run\/php\/php7.4-fpm.pid/;pid = \/run\/php\/php7.4-fpm.pid/g' /etc/php/7.4/fpm/php-fpm.conf && \
sed -i 's/error_log = \/var\/log\/php7.4-fpm.log/error_log = \/dev\/stderr/g' /etc/php/7.4/fpm/php-fpm.conf && \
sed -i 's/;daemonize = yes/daemonize = no/g' /etc/php/7.4/fpm/php-fpm.conf && \
mkdir -p /run/php && \
sed -i 's/listen = \/run\/php\/php7.4-fpm.sock/listen = 9000/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/decorate_workers_output = no/decorate_workers_output = no/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/;catch_workers_output = yes/catch_workers_output = yes/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/user = nobody/user = www-data/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/group = nobody/group = www-data/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/pm.max_children = 5/pm.max_children = 1024/g' /etc/php/7.4/fpm/pool.d/www.conf && \
......@@ -46,33 +68,54 @@ RUN sed -i 's/error_log = \/var\/log\/php7.4-fpm.log/error_log = \/dev\/stderr/g
sed -i 's/pm.min_spare_servers = 1/pm.min_spare_servers = 5/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/pm.max_spare_servers = 3/pm.max_spare_servers = 50/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/7.4/fpm/php.ini && \
sed -i 's/expose_php = On/expose_php = Off/g' /etc/php/7.4/fpm/php.ini && \
# Opcache configuration
sed -i 's/;zend_extension=xdebug.so/zend_extension=xdebug.so/g' /etc/php/7.4/fpm/conf.d/20-xdebug.ini && \
echo "xdebug.mode = debug" >> /etc/php/7.4/fpm/conf.d/20-xdebug.ini && \
echo "xdebug.start_with_request = yes" >> /etc/php/7.4/fpm/conf.d/20-xdebug.ini && \
echo "xdebug.discover_client_host = true" >> /etc/php/7.4/fpm/conf.d/20-xdebug.ini && \
echo "xdebug.idekey=VSCODE" >> /etc/php/7.4/fpm/conf.d/20-xdebug.ini && \
cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime && \
echo "Europe/Berlin" > /etc/timezone
# Using image as non-root
RUN groupadd -g 1000 metager-proxy && \
useradd -b /home/metager-proxy -g 1000 -u 1000 -M -s /bin/bash metager-proxy
RUN chown -R 1000:1000 /var/lib/nginx /var/log/nginx
RUN mkdir -p /home/metager-proxy &&\
chown 1000:1000 /home/metager-proxy
RUN touch /run/nginx.pid && \
chown 1000:1000 /run/nginx.pid
USER 1000:1000
CMD /entrypoint.sh
# Just the changes we need for production use (i.e. enable opcache, disable xdebug, etc.)
FROM development AS production
USER 0:0
# Opcache configuration
RUN apt purge -y php7.4-xdebug
RUN sed -i 's/expose_php = On/expose_php = Off/g' /etc/php/7.4/fpm/php.ini && \
sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php/7.4/fpm/php.ini && \
sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=128/g' /etc/php/7.4/fpm/php.ini && \
sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php/7.4/fpm/php.ini && \
sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=10000/g' /etc/php/7.4/fpm/php.ini && \
sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/7.4/fpm/php.ini && \
sed -i 's/;opcache.validate_timestamps=1/opcache.validate_timestamps=1/g' /etc/php/7.4/fpm/php.ini && \
sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=300/g' /etc/php/7.4/fpm/php.ini && \
cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime && \
echo "Europe/Berlin" > /etc/timezone && \
(crontab -l ; echo "* * * * * php /html/artisan schedule:run >> /dev/null 2>&1") | crontab -
sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=300/g' /etc/php/7.4/fpm/php.ini
COPY config/nginx.conf /etc/nginx/nginx.conf
COPY config/nginx-default.conf /etc/nginx/sites-available/default
RUN sed -i 's/fastcgi_pass phpfpm:9000;/fastcgi_pass localhost:9000;/g' /etc/nginx/sites-available/default
COPY --chown=root:www-data . /html
COPY ./helpers/installComposer.sh /usr/bin/installComposer
RUN chmod +x /usr/bin/installComposer && \
/usr/bin/installComposer && \
rm /usr/bin/installComposer && \
composer install --no-dev
# Install Entrypoint
COPY ./helpers/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
WORKDIR /html
EXPOSE 80
COPY --chown=1000:1000 . /html
# Install packages
RUN --mount=type=secret,id=auto-devops-build-secrets . /run/secrets/auto-devops-build-secrets && \
chmod +x ./helpers/installPackages.sh && \
/bin/sh -c ./helpers/installPackages.sh
CMD cron -L /dev/stdout && \
php-fpm7.4 -F -R
USER 1000:1000
FROM debian:10
# Install System Components
RUN apt update \
&& apt install -y \
nginx \
tzdata \
cron \
lsb-release \
apt-transport-https \
curl \
zip
RUN curl -o /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg \
&& echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list
# Install PHP Components
RUN apt update \
&& apt install -y \
php7.4 \
php7.4-fpm \
php7.4-json \
php7.4-bcmath \
php7.4-ctype \
php7.4-mbstring \
php7.4-pdo \
php7.4-tokenizer \
php7.4-xml \
php7.4-curl \
php7.4-dom \
php7.4-fileinfo \
php7.4-redis \
php7.4-xdebug \
php7.4-zip
WORKDIR /html
RUN sed -i 's/error_log = \/var\/log\/php7.4-fpm.log/error_log = \/dev\/stderr/g' /etc/php/7.4/fpm/php-fpm.conf && \
sed -i 's/;daemonize = yes/daemonize = no/g' /etc/php/7.4/fpm/php-fpm.conf && \
mkdir -p /run/php && \
sed -i 's/listen = \/run\/php\/php7.4-fpm.sock/listen = 9000/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/decorate_workers_output = no/decorate_workers_output = no/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/user = nobody/user = www-data/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/group = nobody/group = www-data/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/pm.max_children = 5/pm.max_children = 100/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/pm.start_servers = 2/pm.start_servers = 5/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/pm.min_spare_servers = 1/pm.min_spare_servers = 5/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/pm.max_spare_servers = 3/pm.max_spare_servers = 25/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/7.4/fpm/php.ini && \
sed -i 's/expose_php = On/expose_php = Off/g' /etc/php/7.4/fpm/php.ini && \
sed -i 's/;zend_extension=xdebug.so/zend_extension=xdebug.so/g' /etc/php/7.4/fpm/conf.d/20-xdebug.ini && \
echo "xdebug.mode = debug" >> /etc/php/7.4/fpm/conf.d/20-xdebug.ini && \
echo "xdebug.start_with_request = yes" >> /etc/php/7.4/fpm/conf.d/20-xdebug.ini && \
echo "xdebug.discover_client_host = true" >> /etc/php/7.4/fpm/conf.d/20-xdebug.ini && \
echo "xdebug.idekey=VSCODE" >> /etc/php/7.4/fpm/conf.d/20-xdebug.ini && \
cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime && \
echo "Europe/Berlin" > /etc/timezone && \
(crontab -l ; echo "* * * * * php /html/artisan schedule:run >> /dev/null 2>&1") | crontab -
COPY ./helpers/installComposer.sh /usr/bin/installComposer
RUN chmod +x /usr/bin/installComposer && \
/usr/bin/installComposer && \
rm /usr/bin/installComposer
WORKDIR /html
EXPOSE 80
CMD cron -L /dev/stdout && \
composer install && \
php-fpm7.4 -F -R
......@@ -41,10 +41,10 @@ class RequestFetcher extends Command
{
parent::__construct();
$this->multicurl = curl_multi_init();
$this->proxyhost = env("PROXY_HOST", "");
$this->proxyport = env("PROXY_PORT", "");
$this->proxyuser = env("PROXY_USER", "");
$this->proxypassword = env("PROXY_PASSWORD", "");
$this->proxyhost = config("requestfetcher.proxy.host");
$this->proxyport = config("requestfetcher.proxy.port");
$this->proxyuser = config("requestfetcher.proxy.user");
$this->proxypassword = config("requestfetcher.proxy.password");
}
/**
......@@ -67,7 +67,8 @@ class RequestFetcher extends Command
} catch (\Exception $e) {
if ($count >= 9) {
// If its not available after 10 seconds we will exit
return;
echo "Redis Connection was not possible within 10 seconds." . PHP_EOL;
return 1;
}
sleep(1);
}
......
......@@ -133,7 +133,7 @@ class DownloadController extends Controller
if (!is_string($data) || strlen($data) === 0) {
return null;
}
return hash_hmac("sha256", $data, env("PROXY_PASSWORD", "unsecure_password"));
return hash_hmac("sha256", $data, config("proxy.password"));
}
private static function checkPassword($url, $validUntil, $password)
......@@ -142,7 +142,7 @@ class DownloadController extends Controller
if (!is_string($data) || strlen($data) === 0) {
return false;
}
$excpectedHash = hash_hmac("sha256", $data, env("PROXY_PASSWORD", "unsecure_password"));
$excpectedHash = hash_hmac("sha256", $data, config("proxy.password"));
return hash_equals($excpectedHash, $password);
}
}
......@@ -20,7 +20,7 @@ class ProxyController extends Controller
public function proxyPage(Request $request)
{
if(!$request->filled("url") || !$request->filled("password")){
if (env("APP_ENV", "") !== "production") {
if (\App::environment() !== "production") {
return view("development");
} else {
return redirect("https://metager.de");
......@@ -63,7 +63,7 @@ class ProxyController extends Controller
$redirProxyUrl = rtrim($redirProxyUrl, "&");
$pw = md5(env('PROXY_PASSWORD') . $redirProxyUrl);
$pw = md5(config("proxy.password") . $redirProxyUrl);
$redirProxyUrl = base64_encode(str_rot13($redirProxyUrl));
$redirProxyUrl = urlencode(str_replace("/", "<<SLASH>>", $redirProxyUrl));
......@@ -322,7 +322,7 @@ class ProxyController extends Controller
private function fetchUrl($targetUrl){
$hash = md5($targetUrl);
if (!Cache::has($hash) || env("CACHE_ENABLED") === false) {
if (!Cache::has($hash) || config("proxy.cache.enabled") === false) {
$useragent = $_SERVER['HTTP_USER_AGENT'];
if (preg_match('/(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino/i', $useragent) || preg_match('/1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-/i', substr($useragent, 0, 4))) {
// Mobile Browser Dummy Mobile Useragent
......@@ -528,7 +528,7 @@ class ProxyController extends Controller
if (!is_string($data) || strlen($data) === 0) {
return null;
}
return hash_hmac("sha256", $data, env("PROXY_PASSWORD", "unsecure_password"));
return hash_hmac("sha256", $data, config("proxy.password"));
}
private static function checkPassword($url, $validUntil, $password)
......@@ -542,13 +542,13 @@ class ProxyController extends Controller
if (!is_string($data) || strlen($data) === 0) {
return false;
}
$excpectedHash = hash_hmac("sha256", $data, env("PROXY_PASSWORD", "unsecure_password"));
$excpectedHash = hash_hmac("sha256", $data, config("proxy.password"));
return hash_equals($excpectedHash, $password);
}
private function writeLog($targetUrl, $ip)
{
$logFile = env('PROXY_LOG_LOCATION');
$logFile = config("proxy.log.location");
$dateString = date('D M d H:i:s Y');
......
......@@ -18,7 +18,7 @@ class CheckPassword
$password = $request->route('password');
if ($timed === "true") {
$checkPw = md5(env('PROXY_PASSWORD') . date('dmy'));
$checkPw = md5(config('proxy.password') . date('dmy'));
if ($checkPw === $password) {
return $next($request);
}
......@@ -32,7 +32,7 @@ class CheckPassword
}
// Check Password:
$checkPw = md5(env('PROXY_PASSWORD_OLD') . $targetUrl);
$checkPw = md5(config('proxy.password_old') . $targetUrl);
$password = $request->route('password');
if ($checkPw === $password) {
return $next($request);
......
......@@ -25,9 +25,9 @@ class AppServiceProvider extends ServiceProvider
{
\Prometheus\Storage\Redis::setDefaultOptions(
[
'host' => env("REDIS_HOST", '127.0.0.1'),
'port' => intval(env("REDIS_PORT", 6379)),
'password' => env("REDIS_PASSWORD", null),
'host' => config("database.redis.default.host"),
'port' => intval(config("database.redis.default.port")),
'password' => config("database.redis.default.password"),
'timeout' => 0.1, // in seconds
'read_timeout' => '10', // in seconds
'persistent_connections' => false
......
......@@ -57,6 +57,10 @@ spec:
- name: env-files
secret:
secretName: {{ .Values.application.secretName }}
securityContext:
fsGroup: 1000
runAsUser: 1000
runAsGroup: 1000
containers:
- name: {{ .Chart.Name }}-phpfpm
image: {{ template "imagename" . }}
......@@ -133,8 +137,7 @@ spec:
# WORKER
- name: {{ .Chart.Name }}-worker
image: {{ template "imagename" . }}
command: ["su"]
args: ["-s", "/bin/sh", "-c", "php artisan requests:fetcher", "www-data"]
command: ["/bin/sh", "-c", "php artisan requests:fetcher"]
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.application.secretName }}
envFrom:
......@@ -190,4 +193,8 @@ spec:
requests:
cpu: 100m
memory: 500M
securityContext:
runAsUser: 100
runAsGroup: 101
allowPrivilegeEscalation: false
{{- end -}}
server {
listen 80;
listen 8080;
server_name localhost;
root /html/public;
index index.php index.html index.htm;
......
server {
listen 80;
listen 8080;
server_name localhost;
root /html/public;
index index.php index.html index.htm;
......
user www-data;
# user www-data;
worker_processes auto;
error_log /dev/stdout warn;
pid /run/nginx.pid;
# pid /run/nginx.pid;
daemon off;
......
<?php
return [
'password_old' => env("PROXY_PASSWORD_OLD", "old_secret"),
'password' => env("PROXY_PASSWORD", "secret"),
'cache' => [
"enabled" => env("CACHE_ENABLED", true),
],
'log' => [
'location' => env("PROXY_LOG_LOCATION", "/dev/null"),
],
];
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment