Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / refs/heads/main / . / charts / penpot / templates / frontend / configmap.yaml
blob: b31698d6f3725e3d26e1cfcb2194fc4d722a78e2 [file] [log] [blame]
Giorgi Lekveishvili3e45d0a2023-06-26 09:53:42 +0400[diff] [blame]1apiVersion: v1
2kind: ConfigMap
3metadata:
4 name: "{{ include "penpot.fullname" . }}-frontend-nginx"
5 namespace: {{ .Release.Namespace }}
6 labels:
7 {{- include "penpot.labels" . | nindent 4 }}
8data:
9 nginx.conf: |
10 user www-data;
11 worker_processes auto;
12 pid /run/nginx.pid;
13 include /etc/nginx/modules-enabled/*.conf;
14
15 events {
16 worker_connections 2048;
17 # multi_accept on;
18 }
19
20 http {
21 sendfile on;
22 tcp_nopush on;
23 tcp_nodelay on;
24 keepalive_requests 30;
25 keepalive_timeout 65;
26 types_hash_max_size 2048;
27
28 server_tokens off;
29
30 reset_timedout_connection on;
31 client_body_timeout 30s;
32 client_header_timeout 30s;
33
34 include /etc/nginx/mime.types;
35 default_type application/octet-stream;
36
37 error_log /dev/stdout;
38 access_log /dev/stdout;
39
40 gzip on;
41 gzip_vary on;
42 gzip_proxied any;
43 gzip_static on;
44 gzip_comp_level 4;
45 gzip_buffers 16 8k;
46 gzip_http_version 1.1;
47
48 gzip_types text/plain text/css text/javascript application/javascript application/json application/transit+json;
49
50 resolver 127.0.0.11;
51
52 map $http_upgrade $connection_upgrade {
53 default upgrade;
54 '' close;
55 }
56
57 server {
58 listen 80 default_server;
59 server_name _;
60
61 client_max_body_size 100M;
62 charset utf-8;
63
64 proxy_http_version 1.1;
65 proxy_set_header Host $http_host;
66 proxy_set_header X-Real-IP $remote_addr;
67 proxy_set_header X-Scheme $scheme;
68 proxy_set_header X-Forwarded-Proto $scheme;
69 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
70
71 etag off;
72 root /var/www/app/;
73
74 location ~* \.(js|css).*$ {
75 add_header Cache-Control "max-age=86400" always; # 24 hours
76 }
77
78 location ~* \.(html).*$ {
79 add_header Cache-Control "no-cache, max-age=0" always;
80 }
81
82 location /api/export {
83 proxy_pass http://{{ include "penpot.fullname" . }}-exporter:6061;
84 }
85
86 location /api {
87 proxy_pass http://{{ include "penpot.fullname" . }}-backend:6060/api;
88 }
89
90 location /ws/notifications {
91 proxy_set_header Upgrade $http_upgrade;
92 proxy_set_header Connection 'upgrade';
93 proxy_pass http://{{ include "penpot.fullname" . }}-backend:6060/ws/notifications;
94 }
95
96 location @handle_redirect {
97 set $redirect_uri "$upstream_http_location";
98 set $redirect_host "$upstream_http_x_host";
99 set $redirect_cache_control "$upstream_http_cache_control";
100
101 proxy_buffering off;
102
103 proxy_set_header Host "$redirect_host";
104 proxy_hide_header etag;
105 proxy_hide_header x-amz-id-2;
106 proxy_hide_header x-amz-request-id;
107 proxy_hide_header x-amz-meta-server-side-encryption;
108 proxy_hide_header x-amz-server-side-encryption;
109 proxy_pass $redirect_uri;
110
111 add_header x-internal-redirect "$redirect_uri";
112 add_header x-cache-control "$redirect_cache_control";
113 add_header cache-control "$redirect_cache_control";
114 }
115
116 location /assets {
117 proxy_pass http://{{ include "penpot.fullname" . }}-backend:6060/assets;
118 recursive_error_pages on;
119 proxy_intercept_errors on;
120 error_page 301 302 307 = @handle_redirect;
121 }
122
123 location /internal/assets {
124 internal;
125 alias /opt/data/assets;
126 add_header x-internal-redirect "$upstream_http_x_accel_redirect";
127 }
128 }
129 }