Move k8s config dir to deploy dir

2019-08-08 08:30:14 -04:00
parent 3558e23a5e
commit c100cc8d1f
32 changed files with 0 additions and 841 deletions
--- a/deploy/azure/atst-nginx-configmap.yml
+++ b/deploy/azure/atst-nginx-configmap.yml
@@ -0,0 +1,78 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: atst-nginx
+  namespace: atat
+data:
+  nginx-config: |-
+    server {
+        listen 8342;
+        server_name azure.atat.code.mil;
+        return 301 https://$host$request_uri;
+    }
+    server {
+        listen 8343;
+        server_name auth-azure.atat.code.mil;
+        return 301 https://$host$request_uri;
+    }
+    server {
+        server_name azure.atat.code.mil;
+        # access_log /var/log/nginx/access.log json;
+        listen 8442 ssl;
+        listen [::]:8442 ssl ipv6only=on;
+        ssl_certificate /etc/ssl/private/atat.crt;
+        ssl_certificate_key /etc/ssl/private/atat.key;
+        location /login-redirect {
+            return 301 https://auth-azure.atat.code.mil$request_uri;
+        }
+        location /login-dev {
+            try_files $uri @appbasicauth;
+        }
+        location / {
+            try_files $uri @app;
+        }
+        location @app {
+            include uwsgi_params;
+            uwsgi_pass unix:///var/run/uwsgi/uwsgi.socket;
+            uwsgi_param HTTP_X_REQUEST_ID $request_id;
+        }
+        location @appbasicauth {
+            include uwsgi_params;
+            uwsgi_pass unix:///var/run/uwsgi/uwsgi.socket;
+            auth_basic "Developer Access";
+            auth_basic_user_file /etc/nginx/.htpasswd;
+            uwsgi_param HTTP_X_REQUEST_ID $request_id;
+        }
+    }
+    server {
+        # access_log /var/log/nginx/access.log json;
+        server_name auth-azure.atat.code.mil;
+        listen 8443 ssl;
+        listen [::]:8443 ssl ipv6only=on;
+        ssl_certificate /etc/ssl/private/atat.crt;
+        ssl_certificate_key /etc/ssl/private/atat.key;
+        # Request and validate client certificate
+        ssl_verify_client on;
+        ssl_verify_depth 10;
+        ssl_client_certificate /etc/ssl/client-ca-bundle.pem;
+        # Guard against HTTPS -> HTTP downgrade
+        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; always";
+        location / {
+            return 301 https://azure.atat.code.mil$request_uri;
+        }
+        location /login-redirect {
+            try_files $uri @app;
+        }
+        location @app {
+            include uwsgi_params;
+            uwsgi_pass unix:///var/run/uwsgi/uwsgi.socket;
+            uwsgi_param HTTP_X_SSL_CLIENT_VERIFY $ssl_client_verify;
+            uwsgi_param HTTP_X_SSL_CLIENT_CERT $ssl_client_raw_cert;
+            uwsgi_param HTTP_X_SSL_CLIENT_S_DN $ssl_client_s_dn;
+            uwsgi_param HTTP_X_SSL_CLIENT_S_DN_LEGACY $ssl_client_s_dn_legacy;
+            uwsgi_param HTTP_X_SSL_CLIENT_I_DN $ssl_client_i_dn;
+            uwsgi_param HTTP_X_SSL_CLIENT_I_DN_LEGACY $ssl_client_i_dn_legacy;
+            uwsgi_param HTTP_X_REQUEST_ID $request_id;
+        }
+    }