Andrew
4ff3048dd3
- _helpers.tpl: required guard on image.tag — silent empty deploys can no longer happen; helm fails fast with a clear message. - configmap-nginx: HTTPS fastcgi param uses if_not_empty, so PHP only sees HTTPS when X-Forwarded-Proto is actually present. - deployment-app: add startupProbe with 100s budget so first-boot cache warmup doesn't trip liveness. - deployment-horizon: failureThreshold=5 on the horizon:status probe; transient Valkey blips no longer cause restart loops. - job-migrate: mount oauth-keys so seeders that touch Passport clients don't silently fail. - statefulset-valkey: replace separate password Secret with a requirePassword toggle that reads REDIS_PASSWORD from the main chart Secret (same Secret app/horizon/scheduler already mount). Liveness probe authenticates with the password when set. - values-us-prod: enable valkey.requirePassword. - README: add REDIS_PASSWORD to bootstrap procedure. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
52 lines
1.7 KiB
YAML
52 lines
1.7 KiB
YAML
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: {{ include "ezscale-website.fullname" . }}-nginx
|
|
labels: {{- include "ezscale-website.labels" . | nindent 4 }}
|
|
data:
|
|
default.conf: |
|
|
server {
|
|
listen 80 default_server;
|
|
server_name _;
|
|
root /var/www/html/public;
|
|
index index.php index.html;
|
|
|
|
client_max_body_size 50M;
|
|
charset utf-8;
|
|
|
|
add_header X-Frame-Options "SAMEORIGIN";
|
|
add_header X-Content-Type-Options "nosniff";
|
|
add_header Referrer-Policy "strict-origin-when-cross-origin";
|
|
|
|
location = /favicon.ico { access_log off; log_not_found off; }
|
|
location = /robots.txt { access_log off; log_not_found off; }
|
|
|
|
location / {
|
|
try_files $uri $uri/ /index.php?$query_string;
|
|
}
|
|
|
|
location ~ \.php$ {
|
|
try_files $uri =404;
|
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
fastcgi_pass 127.0.0.1:9000;
|
|
fastcgi_index index.php;
|
|
include fastcgi_params;
|
|
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
|
|
fastcgi_param DOCUMENT_ROOT $realpath_root;
|
|
fastcgi_param HTTP_PROXY "";
|
|
# Pass HTTPS to PHP only when X-Forwarded-Proto is non-empty.
|
|
# if_not_empty avoids the param being set to "" when the header
|
|
# is missing (which would falsely satisfy isset($_SERVER['HTTPS'])).
|
|
fastcgi_param HTTPS $http_x_forwarded_proto if_not_empty;
|
|
fastcgi_buffers 16 16k;
|
|
fastcgi_buffer_size 32k;
|
|
fastcgi_read_timeout 300;
|
|
}
|
|
|
|
location ~ /\.(?!well-known).* {
|
|
deny all;
|
|
access_log off;
|
|
log_not_found off;
|
|
}
|
|
}
|