Home A - Z
Page Index

An Otter Wiki

Howto: NGINX-public_html

  1. create a ~/public_html/domain.tld on gate0.t3m4.net
  2. sudo or ping mail@redimp.de to add the folder to /etc/exports and run exportfs -a
  3. create a domain-tld.yaml definition for a deployment, a service and an ingress and kubectl apply -f domain-tld.yaml it.
Warning

Please consider all files in the exported folders as public, since any k8s pod can mount it via nfs. name the directories accordingly, e.g. public_html or share.

One nginx for multiple domains: k8s deployment, services and ingress

An example for an nginx deployment with multiple virtualhosts can be found below. Make sure to replace all the

  • domain1.tld
  • doman2.tld
  • username
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-conf
  namespace: username-vserver
data:
  virtualhost.conf: |
    server {
      listen 80;
      server_name domain1.tld www.domain1.tld;
      root /var/www/html/domain1.tld;
      index index.html;
      location / {
                try_files $uri $uri/ =404;
      }
    }

    server {
      listen 80;
      server_name domain2.tld www.domain2.tld;
      root /var/www/html/domain2.tld;
      index index.html;
      location / {
                try_files $uri $uri/ =404;
      }
    }
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-static
  namespace: username-vserver
spec:
  selector:
    matchLabels:
      app: nginx-static
  replicas: 1
  template:
    metadata:
      labels:
        app: nginx-static
    spec:
      containers:
      - name: nginx
        image: nginx:1.14.2
        command:
        - /bin/sh
        - -c
        - |
          sed -i '/^nginx/d' /etc/passwd
          sed -i '/^nginx/d' /etc/group
          echo "nginx:x:101:101:nginx user,,,:/nonexistent:/bin/false" >> /etc/passwd
          echo "nginx:x:101:" >> /etc/group
          nginx -g 'daemon off;'
        ports:
        - containerPort: 80
        volumeMounts:
        - name: nginx-conf
          subPath: virtualhost.conf
          mountPath: /etc/nginx/conf.d/virtualhost.conf
        - name: nfs-public-html
          mountPath: /var/www/html
      volumes:
      - name: nginx-conf
        configMap:
          name: nginx-conf
          items:
          - key: virtualhost.conf
            path: virtualhost.conf
      - name: nfs-public-html
        nfs:
          server: 10.1.0.2
          path: /home/username/public_html
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-static
  namespace: username-vserver
spec:
  ports:
  - port: 80
    targetPort: 80
    protocol: TCP
  selector:
    app: nginx-static
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-static
  namespace: username-vserver
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt-production"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/server-alias: "www.domain1.tld,www.domain2.tld,domain2.tld"
spec:
  ingressClassName: "nginx"
  tls:
  - hosts:
    - domain1.tld
    - www.domain1.tld
    - domain2.tld
    - www.domain2.tld
    secretName: nginx-static-tls
  rules:
  - host: domain1.tld
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: nginx-static
            port:
              number: 80
  - host: domain2.tld
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: nginx-static
            port:
              number: 80

One nginx per domain: k8s deployment, service and ingress

An example for an nginx deployment can be found below. Make sure to replace all the

  • domain-tld
  • domain.tld
  • username

entries.

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-domain-tld
  namespace: username-vserver
spec:
  selector:
    matchLabels:
      app: nginx-domain-tld
  replicas: 1
  template:
    metadata:
      labels:
        app: nginx-domain-tld
    spec:
      containers:
      - name: nginx
        image: nginx:1.14.2
        command:
        - /bin/sh
        - -c
        - |
          sed -i '/^nginx/d' /etc/passwd
          sed -i '/^nginx/d' /etc/group
          echo "nginx:x:101:101:nginx user,,,:/nonexistent:/bin/false" >> /etc/passwd
          echo "nginx:x:101:" >> /etc/group
          nginx -g 'daemon off;'
        ports:
        - containerPort: 80
        volumeMounts:
        - name: nfs-public-html
          mountPath: /usr/share/nginx/html
      volumes:
      - name: nfs-public-html
        nfs:
          server: 10.1.0.2
          path: /home/username/public_html/domain.tld
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-domain-tld
  namespace: username-vserver
spec:
  ports:
  - port: 80
    targetPort: 80
    protocol: TCP
  selector:
    app: nginx-domain-tld
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-domain-tld
  namespace: username-vserver
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt-production"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/server-alias: "www.domain.tld"
spec:
  ingressClassName: "nginx"
  tls:
  - hosts:
    - domain.tld
    - www.domain.tld
    secretName: domain-tld-tls
  rules:
  - host: domain.tld
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: nginx-domain-tld
            port:
              number: 80