Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-29 16:27:11 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
da68be8e951225133c7dfb572d5101ca3d61c5ae
charts/bitnami/harbor/templates/nginx/configmap-http.yaml
Felipe V.C. Serafim da68be8e95 Add copyright header (#17300) 
* Add copyright header

Signed-off-by: sfelipe <sfelipe@vmware.com>

* Remove copyright from vib runtime_parameters files

Signed-off-by: sfelipe <sfelipe@vmware.com>

* Add copyright header for pinniped-auth.sh

Signed-off-by: sfelipe <sfelipe@vmware.com>

* Update templates copyright header format

Signed-off-by: sfelipe <sfelipe@vmware.com>

---------

Signed-off-by: sfelipe <sfelipe@vmware.com>
2023-06-26 10:28:56 +02:00

175 lines
5.7 KiB
YAML
Raw Blame History

{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and (eq .Values.exposureType "proxy") (not .Values.nginx.tls.enabled) }}
{{- $scheme := ternary "https" "http" .Values.internalTLS.enabled -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "harbor.nginx" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
app.kubernetes.io/component: nginx
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
nginx.conf: |+
worker_processes auto;
pid /opt/bitnami/nginx/tmp/nginx.pid;
events {
worker_connections 3096;
use epoll;
multi_accept on;
}
http {
client_body_temp_path "/opt/bitnami/nginx/tmp/client_body" 1 2;
proxy_temp_path "/opt/bitnami/nginx/tmp/proxy" 1 2;
fastcgi_temp_path "/opt/bitnami/nginx/tmp/fastcgi" 1 2;
scgi_temp_path "/opt/bitnami/nginx/tmp/scgi" 1 2;
uwsgi_temp_path "/opt/bitnami/nginx/tmp/uwsgi" 1 2;
tcp_nodelay on;
# this is necessary for us to be able to disable request buffering in all cases
proxy_http_version 1.1;
upstream core {
server {{ printf "%s:%d" (include "harbor.core" .) (ternary .Values.core.service.ports.https .Values.core.service.ports.http .Values.internalTLS.enabled | int) }};
}
upstream portal {
server {{ printf "%s:%d" (include "harbor.portal" .) (ternary .Values.portal.service.ports.https .Values.portal.service.ports.http .Values.internalTLS.enabled | int) }};
}
log_format timed_combined '[$time_local]:$remote_addr - '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'$request_time $upstream_response_time $pipe';
access_log /dev/stdout timed_combined;
server {
{{- if .Values.ipFamily.ipv4.enabled }}
listen {{ .Values.nginx.containerPorts.http }};
{{- end }}
{{- if .Values.ipFamily.ipv6.enabled }}
listen [::]:{{ .Values.nginx.containerPorts.http }};
{{- end }}
server_tokens off;
# disable any limits to avoid HTTP 413 for large image uploads
client_max_body_size 0;
# Add extra headers
add_header X-Frame-Options DENY;
add_header Content-Security-Policy "frame-ancestors 'none'";
location / {
proxy_pass {{ $scheme }}://portal/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
{{- if not .Values.nginx.behindReverseProxy }}
proxy_set_header X-Forwarded-Proto $scheme;
{{- end }}
proxy_buffering off;
proxy_request_buffering off;
}
location /api/ {
proxy_pass {{ $scheme }}://core/api/;
{{- if and .Values.internalTLS.enabled }}
proxy_ssl_verify off;
proxy_ssl_session_reuse on;
{{- end }}
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
{{- if not .Values.nginx.behindReverseProxy }}
proxy_set_header X-Forwarded-Proto $scheme;
{{- end }}
proxy_buffering off;
proxy_request_buffering off;
}
location /chartrepo/ {
proxy_pass {{ $scheme }}://core/chartrepo/;
{{- if and .Values.internalTLS.enabled }}
proxy_ssl_verify off;
proxy_ssl_session_reuse on;
{{- end }}
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
{{- if not .Values.nginx.behindReverseProxy }}
proxy_set_header X-Forwarded-Proto $scheme;
{{- end }}
proxy_buffering off;
proxy_request_buffering off;
}
location /c/ {
proxy_pass {{ $scheme }}://core/c/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
{{- if not .Values.nginx.behindReverseProxy }}
proxy_set_header X-Forwarded-Proto $scheme;
{{- end }}
proxy_buffering off;
proxy_request_buffering off;
}
location /v1/ {
return 404;
}
location /v2/ {
proxy_pass {{ $scheme }}://core/v2/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
{{- if not .Values.nginx.behindReverseProxy }}
proxy_set_header X-Forwarded-Proto $scheme;
{{- end }}
proxy_buffering off;
proxy_request_buffering off;
}
location /service/ {
proxy_pass {{ $scheme }}://core/service/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
{{- if not .Values.nginx.behindReverseProxy }}
proxy_set_header X-Forwarded-Proto $scheme;
{{- end }}
proxy_buffering off;
proxy_request_buffering off;
}
location /service/notifications {
return 404;
}
}
}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink