Last active
November 24, 2020 11:38
-
-
Save ideepu/088167abbbf8cb19586950899585ec17 to your computer and use it in GitHub Desktop.
Forward the traffic to a service or app using Nginx with https.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: nginx-conf | |
| data: | |
| nginx.conf: | | |
| user nginx; | |
| worker_processes 1; | |
| error_log /var/log/nginx/error.log; | |
| events { | |
| worker_connections 1024; | |
| } | |
| http { | |
| log_format main | |
| 'remote_addr:$remote_addr\t' | |
| 'time_local:$time_local\t' | |
| 'method:$request_method\t' | |
| 'uri:$request_uri\t' | |
| 'host:$host\t' | |
| 'status:$status\t' | |
| 'bytes_sent:$body_bytes_sent\t' | |
| 'referer:$http_referer\t' | |
| 'useragent:$http_user_agent\t' | |
| 'forwardedfor:$http_x_forwarded_for\t' | |
| 'request_time:$request_time'; | |
| access_log /var/log/nginx/access.log main; | |
| ssl_certificate /certs/domain.crt; | |
| ssl_certificate_key /certs/domain.key; | |
| server { | |
| listen 443 ssl; | |
| listen [::]:443 ssl; | |
| server_name sample.example.com; | |
| location / { | |
| proxy_pass https://220.221.10.1:443; | |
| } | |
| } | |
| include /etc/nginx/virtualhost/virtualhost.conf; | |
| } | |
| virtualhost.conf: | | |
| upstream app { | |
| server localhost:8080; | |
| keepalive 1024; | |
| } | |
| server { | |
| listen 80 default_server; | |
| root /usr/local/app; | |
| access_log /var/log/nginx/app.access_log main; | |
| error_log /var/log/nginx/app.error_log; | |
| location / { | |
| proxy_pass http://app/; | |
| proxy_http_version 1.1; | |
| } | |
| } | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: nginx | |
| spec: | |
| replicas: 1 | |
| selector: | |
| matchLabels: | |
| app: nginx | |
| template: | |
| metadata: | |
| labels: | |
| app: nginx | |
| spec: | |
| containers: | |
| - name: nginx | |
| image: nginx | |
| ports: | |
| - containerPort: 443 | |
| volumeMounts: | |
| - mountPath: /etc/nginx # mount nginx-conf volumn to /etc/nginx | |
| readOnly: true | |
| name: nginx-conf | |
| - mountPath: /var/log/nginx | |
| name: log | |
| - mountPath: "/certs/domain.crt" | |
| subPath: "domain.crt" | |
| name: certs | |
| - mountPath: "/certs/domain.key" | |
| subPath: "domain.key" | |
| name: certs | |
| volumes: | |
| - configMap: | |
| name: ssl-certs | |
| defaultMode: 0755 | |
| name: certs | |
| - name: nginx-conf | |
| configMap: | |
| name: nginx-conf # place ConfigMap `nginx-conf` on /etc/nginx | |
| items: | |
| - key: nginx.conf | |
| path: nginx.conf | |
| - key: virtualhost.conf | |
| path: virtualhost/virtualhost.conf # dig directory | |
| - name: log | |
| emptyDir: {} | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: nginx | |
| spec: | |
| type: LoadBalancer | |
| loadBalancerIP: 220.221.10.1 | |
| ports: | |
| - port: 443 | |
| targetPort: 443 | |
| selector: | |
| app: nginx |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment