Add k8s manifest: configmap-nginx.yaml

2026-03-12 14:24:58 +09:00
parent f05ff6694c
commit 3597531b9f
1 changed files with 96 additions and 0 deletions
--- a/k8s/anvil/configmap-nginx.yaml
+++ b/k8s/anvil/configmap-nginx.yaml
@@ -0,0 +1,96 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: nginx-config
+data:
+  default.conf: |
+    upstream php-upstream {
+        server php-fpm:9000;
+        keepalive 32;
+    }
+
+    server {
+        listen 80;
+        server_name _;
+        root /var/www/html;
+        index index.php index.html;
+
+        # Gzip compression
+        gzip on;
+        gzip_vary on;
+        gzip_min_length 1024;
+        gzip_types text/plain text/css application/json application/javascript text/xml application/xml;
+
+        # Buffer settings
+        client_body_buffer_size 16k;
+        client_max_body_size 100m;
+
+        location / {
+            try_files $uri $uri/ /index.php?$query_string;
+        }
+
+        location ~ \.php$ {
+            fastcgi_pass php-upstream;
+            fastcgi_index index.php;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            include fastcgi_params;
+
+            # Real IP를 PHP로 전달
+            fastcgi_param REMOTE_ADDR $remote_addr;
+            fastcgi_param HTTP_X_FORWARDED_FOR $http_x_forwarded_for;
+            fastcgi_param HTTP_X_REAL_IP $remote_addr;
+
+            # FastCGI optimization
+            fastcgi_keep_conn on;
+            fastcgi_buffer_size 32k;
+            fastcgi_buffers 16 16k;
+            fastcgi_busy_buffers_size 32k;
+            fastcgi_read_timeout 60s;
+            fastcgi_send_timeout 60s;
+            fastcgi_connect_timeout 5s;
+        }
+
+        location ~ /\.ht {
+            deny all;
+        }
+
+        # Static files caching
+        location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
+            expires 7d;
+            add_header Cache-Control "public, immutable";
+        }
+    }
+  nginx.conf: |
+    worker_processes auto;
+    error_log /var/log/nginx/error.log warn;
+    pid /var/run/nginx.pid;
+
+    events {
+        worker_connections 1024;
+        use epoll;
+        multi_accept on;
+    }
+
+    http {
+        include /etc/nginx/mime.types;
+        default_type application/octet-stream;
+
+        log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+                        '$status $body_bytes_sent "$http_referer" '
+                        '"$http_user_agent" "$http_x_forwarded_for"';
+
+        access_log /var/log/nginx/access.log main;
+
+        sendfile on;
+        tcp_nopush on;
+        tcp_nodelay on;
+        keepalive_timeout 65;
+
+        # Real IP 설정
+        set_real_ip_from 0.0.0.0/0;
+        set_real_ip_from ::/0;
+        real_ip_header X-Forwarded-For;
+        real_ip_recursive on;
+
+        include /etc/nginx/conf.d/*.conf;
+    }