-
Notifications
You must be signed in to change notification settings - Fork 58
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #511 from saravanpa-aot/master
changes for caddy to nginx migration
- Loading branch information
Showing
10 changed files
with
833 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
**/node_modules | ||
**/dist |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
FROM docker-remote.artifacts.developer.gov.bc.ca/node:10 as build-stage | ||
ENV NODE_ENV=prod | ||
ENV VUE_APP_PATH=/ | ||
WORKDIR /app | ||
COPY ./package*.json ./ | ||
RUN npm install | ||
COPY . . | ||
RUN npm run build | ||
|
||
FROM docker-remote.artifacts.developer.gov.bc.ca/nginx:1.18.0 as production-stage | ||
COPY nginx.conf /etc/nginx/nginx.conf | ||
RUN mkdir /app | ||
COPY --from=build-stage /app/dist /app | ||
EXPOSE 8080:8080 | ||
CMD ["nginx", "-g", "daemon off;"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,81 @@ | ||
# nginx.conf | ||
worker_processes auto; | ||
error_log /var/log/nginx/error.log; | ||
|
||
pid /tmp/nginx.pid; | ||
|
||
|
||
events { | ||
worker_connections 4096; | ||
} | ||
|
||
http { | ||
include /etc/nginx/mime.types; | ||
client_body_temp_path /tmp/client_temp; | ||
proxy_temp_path /tmp/proxy_temp_path; | ||
fastcgi_temp_path /tmp/fastcgi_temp; | ||
uwsgi_temp_path /tmp/uwsgi_temp; | ||
scgi_temp_path /tmp/scgi_temp; | ||
default_type application/octet-stream; | ||
server_tokens off; | ||
underscores_in_headers on; | ||
|
||
# Use a w3c standard log format | ||
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | ||
'$status $body_bytes_sent "$http_referer" ' | ||
'"$http_user_agent" "$http_x_forwarded_for"'; | ||
|
||
access_log /var/log/nginx/access.log main; | ||
|
||
server { | ||
|
||
# Enable HTTP Strict Transport Security (HSTS) to force clients to always | ||
# connect via HTTPS (do not use if only testing) | ||
add_header Strict-Transport-Security "max-age=31536000;"; | ||
|
||
# Enable cross-site filter (XSS) and tell browser to block detected attacks | ||
add_header X-XSS-Protection "1; mode=block"; | ||
|
||
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type | ||
add_header X-Content-Type-Options "nosniff"; | ||
|
||
# Disallow the site to be rendered within a frame (clickjacking protection) | ||
add_header X-Frame-Options "DENY"; | ||
|
||
# Turn off all caddy caching | ||
add_header Cache-Control "no-cache,no-store,must-revalidate"; | ||
add_header Pragma "no-cache"; | ||
|
||
# Content Security Policy | ||
add_header Content-Security-Policy "default-src 'none';frame-src 'self' *.gov.bc.ca; script-src 'self' 'sha256-YaRF5VNtISs/hr8ATuoP3elKspUwWe/m1uAve9Sbxuk=' 'sha256-jz1UoDQhFYj7qWX/RHHnCdXPMP5++pxLOljIpiaXsPE=' *.gov.bc.ca https://maps.googleapis.com; style-src 'self' 'unsafe-inline'; font-src 'self' *.gov.bc.ca; img-src 'self' *.gov.bc.ca data: https://maps.googleapis.com ; connect-src 'self' *.gov.bc.ca; manifest-src 'self';"; | ||
|
||
|
||
listen 8080; | ||
server_name _; | ||
|
||
index index.html; | ||
error_log /dev/stdout info; | ||
access_log /dev/stdout; | ||
|
||
location / { | ||
root /app; | ||
index index.html; | ||
try_files $uri $uri/ /index.html; | ||
} | ||
|
||
# For status of ngnix service, OpenShift is configured to call this | ||
location /nginx_status { | ||
# Enable Nginx stats | ||
stub_status on; | ||
|
||
# Only allow access from localhost | ||
allow all; | ||
|
||
# Other request should be denied | ||
# deny all; | ||
|
||
# No need to log this request, its just noise | ||
access_log off; | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
**/node_modules | ||
**/dist |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
FROM docker-remote.artifacts.developer.gov.bc.ca/node:10 as build-stage | ||
ENV NODE_ENV=prod | ||
ENV VUE_APP_PATH=/ | ||
WORKDIR /app | ||
COPY ./package*.json ./ | ||
RUN npm install | ||
COPY . . | ||
RUN npm run build | ||
|
||
FROM docker-remote.artifacts.developer.gov.bc.ca/nginx:1.18.0 as production-stage | ||
COPY nginx.conf /etc/nginx/nginx.conf | ||
RUN mkdir /app | ||
COPY --from=build-stage /app/dist /app | ||
EXPOSE 8080:8080 | ||
CMD ["nginx", "-g", "daemon off;"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
# nginx.conf | ||
worker_processes auto; | ||
error_log /var/log/nginx/error.log; | ||
|
||
pid /tmp/nginx.pid; | ||
|
||
|
||
events { | ||
worker_connections 4096; | ||
} | ||
|
||
http { | ||
include /etc/nginx/mime.types; | ||
client_body_temp_path /tmp/client_temp; | ||
proxy_temp_path /tmp/proxy_temp_path; | ||
fastcgi_temp_path /tmp/fastcgi_temp; | ||
uwsgi_temp_path /tmp/uwsgi_temp; | ||
scgi_temp_path /tmp/scgi_temp; | ||
default_type application/octet-stream; | ||
server_tokens off; | ||
underscores_in_headers on; | ||
|
||
# Use a w3c standard log format | ||
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | ||
'$status $body_bytes_sent "$http_referer" ' | ||
'"$http_user_agent" "$http_x_forwarded_for"'; | ||
|
||
access_log /var/log/nginx/access.log main; | ||
|
||
server { | ||
|
||
# Enable HTTP Strict Transport Security (HSTS) to force clients to always | ||
# connect via HTTPS (do not use if only testing) | ||
add_header Strict-Transport-Security "max-age=31536000;"; | ||
|
||
# Enable cross-site filter (XSS) and tell browser to block detected attacks | ||
add_header X-XSS-Protection "1; mode=block"; | ||
|
||
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type | ||
add_header X-Content-Type-Options "nosniff"; | ||
|
||
# Disallow the site to be rendered within a frame (clickjacking protection) | ||
add_header X-Frame-Options "DENY"; | ||
|
||
# Turn off all caddy caching | ||
add_header Cache-Control "no-cache,no-store,must-revalidate"; | ||
add_header Pragma "no-cache"; | ||
|
||
listen 8080; | ||
server_name _; | ||
|
||
index index.html; | ||
error_log /dev/stdout info; | ||
access_log /dev/stdout; | ||
|
||
location / { | ||
root /app; | ||
index index.html; | ||
try_files $uri $uri/ /index.html; | ||
} | ||
|
||
# For status of ngnix service, OpenShift is configured to call this | ||
location /nginx_status { | ||
# Enable Nginx stats | ||
stub_status on; | ||
|
||
# Only allow access from localhost | ||
allow all; | ||
|
||
# Other request should be denied | ||
# deny all; | ||
|
||
# No need to log this request, its just noise | ||
access_log off; | ||
} | ||
} | ||
} |
109 changes: 109 additions & 0 deletions
109
openshift/templates/appointment-nginx-frontend-build.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,109 @@ | ||
apiVersion: template.openshift.io/v1 | ||
kind: Template | ||
metadata: | ||
labels: | ||
app: ${NAME} | ||
name: ${NAME}-build | ||
annotations: | ||
description: "" | ||
tags: appointment,python | ||
iconClass: icon-python | ||
objects: | ||
- apiVersion: v1 | ||
kind: ImageStream | ||
metadata: | ||
name: ${NAME} | ||
labels: | ||
app: ${NAME} | ||
- apiVersion: v1 | ||
kind: BuildConfig | ||
metadata: | ||
name: ${NAME} | ||
labels: | ||
app: ${NAME} | ||
spec: | ||
output: | ||
to: | ||
kind: ImageStreamTag | ||
name: ${NAME}:${OUTPUT_IMAGE_TAG} | ||
resources: | ||
limits: | ||
cpu: ${CPU_LIMIT} | ||
memory: ${MEMORY_LIMIT} | ||
requests: | ||
cpu: ${CPU_REQUEST} | ||
memory: ${MEMORY_REQUEST} | ||
runPolicy: Serial | ||
source: | ||
contextDir: ${SOURCE_CONTEXT_DIR} | ||
git: | ||
ref: ${GIT_REF} | ||
uri: ${GIT_REPO_URL} | ||
type: Git | ||
strategy: | ||
type: Docker | ||
dockerStrategy: | ||
"dockerfilePath": "${DOCKER_FILE_PATH}" | ||
pullSecret: | ||
name: artifactory-creds | ||
postCommit: { } | ||
nodeSelector: | ||
successfulBuildsHistoryLimit: 10 | ||
failedBuildsHistoryLimit: 2 | ||
triggers: | ||
- type: ConfigChange | ||
parameters: | ||
- description: | | ||
The name assigned to all of the objects defined in this template. | ||
You should keep this as default unless your know what your doing. | ||
displayName: Name | ||
name: NAME | ||
required: true | ||
value: appointment-nginx-frontend | ||
- description: | | ||
The URL to your GIT repo, don't use the this default unless | ||
your just experimenting. | ||
displayName: Git Repo URL | ||
name: GIT_REPO_URL | ||
required: true | ||
value: https://github.com/bcgov/queue-management | ||
- description: The git reference or branch. | ||
displayName: Git Reference | ||
name: GIT_REF | ||
required: true | ||
value: master | ||
- description: The source context directory. | ||
displayName: Source Context Directory | ||
name: SOURCE_CONTEXT_DIR | ||
required: false | ||
value: appointment-frontend | ||
- description: The tag given to the built image. | ||
displayName: Output Image Tag | ||
name: OUTPUT_IMAGE_TAG | ||
required: true | ||
value: latest | ||
- description: The resources CPU limit (in cores) for this build. | ||
displayName: Resources CPU Limit | ||
name: CPU_LIMIT | ||
required: true | ||
value: "2" | ||
- description: The resources Memory limit (in Mi, Gi, etc) for this build. | ||
displayName: Resources Memory Limit | ||
name: MEMORY_LIMIT | ||
required: true | ||
value: 4Gi | ||
- description: The resources CPU request (in cores) for this build. | ||
displayName: Resources CPU Request | ||
name: CPU_REQUEST | ||
required: true | ||
value: "1" | ||
- description: The resources Memory request (in Mi, Gi, etc) for this build. | ||
displayName: Resources Memory Request | ||
name: MEMORY_REQUEST | ||
required: true | ||
value: 4Gi | ||
- description: The path and file of the docker file defining the build. | ||
displayName: DockferFile | ||
name: DOCKER_FILE_PATH | ||
required: true | ||
value: Dockerfile |
Oops, something went wrong.