vynil/domain
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Sébastien Huss
2024-05-16 18:39:05 +02:00
parent 377b430669
commit fe68c68633
13 changed files with 1332 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

236
apps/wordpress/wordpress_ConfigMap.tf Normal file
View File

@@ -0,0 +1,236 @@
resource "kubectl_manifest" "wordpress_cfg" {
yaml_body = <<-EOF
apiVersion: v1
kind: ConfigMap
metadata:
name: "${var.instance}-${var.component}-envs"
labels: ${jsonencode(local.common_labels)}
namespace: ${var.namespace}
data:
WORDPRESS_DB_HOST: ${var.instance}-${var.component}-mysqld.${var.namespace}.svc:3306
WORDPRESS_DB_NAME: ${mysql_database.component.name}
WORDPRESS_DB_USER: ${mysql_user.component.user}
WORDPRESS_HOST: ${local.dns_name}
WORDPRESS_TABLE_PREFIX: wp_
WORDPRESS_DEBUG: ""
WORDPRESS_CONFIG_EXTRA: |
#### general settings
define('WP_HOME', 'https://$${WORDPRESS_HOST}');
define('WP_SITEURL', 'https://$${WORDPRESS_HOST}');
define('WP_CACHE', true );
#### memory limits
# define('WP_MEMORY_LIMIT', '40' ); # default
# define('WP_MAX_MEMORY_LIMIT', '256' ); # default
EOF
}
resource "kubectl_manifest" "wordpress_files" {
yaml_body = <<-EOF
apiVersion: v1
kind: ConfigMap
metadata:
name: "${var.instance}-${var.component}-files"
labels: ${jsonencode(local.common_labels)}
namespace: ${var.namespace}
data:
wp-cli: |-
#!/bin/sh
WP_PATH=/var/www/html/
CLI=/tmp/wp-cli.phar
if ! [ -f "$CLI" ]; then
curl https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -o $CLI
fi
export PAGER="more"
php $CLI --path=$WP_PATH "$@"
docker-php-ext-redis.ini: |-
extension = redis.so
session.save_handler = redis
session.save_path = "tcp://${var.instance}-${var.component}-redis.${var.namespace}.svc:6379/?prefix=SESSION_${var.component}_${var.instance}:"
php-fpm-zz-docker.conf: |-
[global]
daemonize = no
[www]
listen = 8080
php-opcache-recommended.ini: |-
opcache.enable=1
opcache.memory_consumption=128
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.validate_timestamps=1
opcache.revalidate_freq=60
php-uploads.ini: |-
memory_limit = 256M
max_file_uploads = 50
upload_max_filesize = 96M
post_max_size = 96M
max_execution_time = 300
max_input_time = 600
nginx.conf: |-
worker_processes auto;
error_log /dev/stderr;
pid /tmp/nginx.pid;
worker_rlimit_nofile 8192;
events {
worker_connections 1024;
multi_accept on;
}
http {
# cache informations about FDs, frequently accessed files
# can boost performance, but you need to test those values
open_file_cache max=40000 inactive=20s;
open_file_cache_valid 60s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
# copies data between one FD and other from within the kernel
# faster than read() + write()
sendfile on;
# send headers in one piece, it is better than sending them one by one
tcp_nopush on;
# don't buffer data sent, good for small data bursts in real time
tcp_nodelay on;
# gzip settings
gzip on;
gzip_buffers 16 8k;
gzip_min_length 10k;
gzip_proxied any;
gzip_types
text/css
text/javascript
text/xml
text/plain
text/x-component
application/javascript
application/x-javascript
application/json
application/xml
application/rss+xml
application/atom+xml
font/truetype
font/opentype
application/vnd.ms-fontobject
image/svg+xml;
# allow the server to close connection on non responding client, this will free up memory
reset_timedout_connection on;
# request timed out -- default 60
client_body_timeout 20;
# if client stop responding, free up memory -- default 60
send_timeout 10;
# server will close connection after this time -- default 75
keepalive_timeout 30;
# number of requests client can make over keep-alive -- for testing environment
keepalive_requests 10000;
# other settings
client_max_body_size 96M;
server_tokens off;
include mime.types;
default_type application/octet-stream;
add_header X-Frame-Options SAMEORIGIN;
# trust these ips to set the correct http_x_forwarded_for header
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 127.0.0.1;
real_ip_header X-Forwarded-For;
# to boost I/O on HDD we can disable access logs
# access_log off;
log_format main '$remote_addr - $status [$request] $body_bytes_sent '
'"$http_referer" "$http_user_agent" via $realip_remote_addr';
access_log "/dev/stdout" main buffer=2048 flush=5s;
client_body_temp_path /tmp/client_temp 1 2;
proxy_temp_path /tmp/proxy_temp_path 1 2;
fastcgi_temp_path /tmp/fastcgi_temp 1 2;
uwsgi_temp_path /tmp/uwsgi_temp 1 2;
scgi_temp_path /tmp/scgi_temp 1 2;
####################################
### fastcgi cache start
#fastcgi_cache_path /tmp/fastcgi-cache levels=1:2 keys_zone=WORDPRESS:100m inactive=10m;
#fastcgi_cache_key "$scheme$request_method$host$request_uri";
#fastcgi_cache_use_stale error timeout invalid_header http_500;
#fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
### fastcgi cache end
####################################
server {
listen 8080 default_server;
server_name _;
root /var/www/html;
index index.php;
location / {
# deliver files directly or from php
# $uri - for regular files (html, css, js, jpg, ...)
# $uri/ - needed for indexes like /wp-config/ or /tag/nice/
# /index.php?$args - sends the request to wordpress using fastcgi / php
try_files $uri $uri/ /index.php?$args;
}
# DISABLE_DIRECT_CONTENT_PHP_EXECUTION
location ~ /(?:wp-content|wp-includes|uploads)/.*\.php$ {
deny all;
#access_log off;
#log_not_found off;
}
# Deny access to load load-scripts.php, load-styles.php; can be used for DOS attacks;
location ~ \/wp-admin\/load\-(scripts|styles)\.php {
deny all;
}
# START Nginx Rewrites for Rank Math Sitemaps
rewrite ^/sitemap_index.xml$ /index.php?sitemap=1 last;
rewrite ^/([^/]+?)-sitemap([0-9]+)?.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
# END Nginx Rewrites for Rank Math Sitemaps
####################################
### fastcgi cache start
# define when to skip the cache
#set $skip_cache 0;
# Requests with a query string should not be cached
#if ($query_string != "") {
# set $skip_cache 1;
#}
# Don't cache uris containing the following segments
#if ($request_uri ~ "/wp-admin/|/xmlrpc.php|wp-.*.php|index.php") {
# set $skip_cache 1;
#}
# Don't use the cache for logged in users or recent commenters
#if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
# set $skip_cache 1;
#}
### fastcgi cache end
####################################
# send .php requests to wordpress using (fastcgi)
location ~ [^/]\.php(/|$) {
# split the request path into its components
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
# check if the requested php file exits;
# don't send the request to fastcgi if no such file exits (saves some resources)
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
# include fastcgi_params from nginx directory (/etc/nginx/fastcgi_params)
include fastcgi_params;
# set the script filename (eg. /var/www/html/index.php)
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_index index.php;
# tell wordpress that the request came over https to avoid redirect-loops
fastcgi_param REQUEST_SCHEME 'https';
fastcgi_param HTTPS 'on';
# hide PHP header
fastcgi_hide_header X-Powered-By;
# send the request to php
fastcgi_pass localhost:9000;
#fastcgi_pass unix:/run/php/fpm.sock;
####################################
### fastcgi cache start
#fastcgi_cache_methods GET HEAD;
#fastcgi_cache_bypass $skip_cache;
#fastcgi_no_cache $skip_cache;
#fastcgi_cache WORDPRESS;
#fastcgi_cache_valid 10m;
#add_header X-FastCGI-Cache $upstream_cache_status;
### fastcgi cache end
####################################
}
# enable client cache for media files and fonts
location ~* \.(css|js|ico|gif|jpeg|jpg|webp|png|svg|eot|otf|woff|woff2|ttf|ogg|pdf)$ {
expires 120d;
}
}
}
EOF
}