From 6c61acf97adea0f19567f3507038009cb65699f7 Mon Sep 17 00:00:00 2001 From: djpbessems Date: Fri, 27 May 2022 15:08:16 +0200 Subject: [PATCH] OpenCart deploy through plain lighttpd;Add Traefik certificate --- ingress/Traefik2.x/configMap-Traefik.yml | 3 + services/OpenCart/configMap-OpenCart.yml | 51 ++++++++++-- services/OpenCart/deploy-OpenCart.yml | 88 ++++++--------------- services/OpenCart/sealedSecret-OpenCart.yml | 26 ++++++ 4 files changed, 98 insertions(+), 70 deletions(-) create mode 100644 services/OpenCart/sealedSecret-OpenCart.yml diff --git a/ingress/Traefik2.x/configMap-Traefik.yml b/ingress/Traefik2.x/configMap-Traefik.yml index 5a07dcf..19a674b 100644 --- a/ingress/Traefik2.x/configMap-Traefik.yml +++ b/ingress/Traefik2.x/configMap-Traefik.yml @@ -41,6 +41,9 @@ data: - main: '*.itch.fyi' sans: - 'itch.fyi' + - main: '*.oneup.town' + sans: + - 'oneup.town' # trustedIPs: # - "127.0.0.0/8" # - "192.168.5.0/24" diff --git a/services/OpenCart/configMap-OpenCart.yml b/services/OpenCart/configMap-OpenCart.yml index 6468354..cd860ea 100644 --- a/services/OpenCart/configMap-OpenCart.yml +++ b/services/OpenCart/configMap-OpenCart.yml @@ -1,12 +1,47 @@ apiVersion: v1 kind: ConfigMap metadata: - name: configmap-opencart + name: configmap-opencart-conf data: - OPENCART_HOST: condo.itch.fyi - OPENCART_ENABLE_HTTPS: 'yes' - OPENCART_DATABASE_HOST: opencart.default.svc.cluster.local - OPENCART_DATABASE_PORT_NUMBER: '3306' - OPENCART_DATABASE_NAME: opencart - OPENCART_DATABASE_USER: opencart - OPENCART_DATABASE_PASSWORD: opencart + lighttpd.conf: | + server.modules = ( + "mod_access", + "mod_alias", + "mod_auth", + "mod_authn_file", + "mod_compress", + "mod_redirect", + "mod_rewrite", + ) + + server.document-root = "/var/www/html" + server.upload-dirs = ( "/var/cache/lighttpd/uploads" ) + server.errorlog = "/var/log/lighttpd/error.log" + server.pid-file = "/var/run/lighttpd.pid" + server.username = "www-data" + server.groupname = "www-data" + server.port = 8080 + + auth.backend = "plain" + auth.backend.plain.userfile = "/etc/lighttpd/.htpasswd" + + index-file.names = ( "index.php", "index.html", "index.lighttpd.html" ) + url.access-deny = ( "~", ".inc" ) + static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) + + compress.cache-dir = "/var/cache/lighttpd/compress/" + compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" ) + + include_shell "/usr/share/lighttpd/create-mime.assign.pl" + include_shell "/usr/share/lighttpd/include-conf-enabled.pl" + include_shell "cat /etc/lighttpd/vhosts.d/*.conf" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: configmap-opencart-vhosts +data: + condo.oneup.town.conf: | + $HTTP["host"] == "condo.oneup.town" { + server.document-root = "/var/www/condo.oneup.town/" + } diff --git a/services/OpenCart/deploy-OpenCart.yml b/services/OpenCart/deploy-OpenCart.yml index 6ac52ef..693a3cd 100644 --- a/services/OpenCart/deploy-OpenCart.yml +++ b/services/OpenCart/deploy-OpenCart.yml @@ -33,18 +33,18 @@ spec: spec: containers: - name: web - image: bv11-cr01.bessems.eu/proxy/bitnami/opencart:3 - envFrom: - - configMapRef: - name: configmap-opencart + image: bv11-cr01.bessems.eu/library/lighttpd-php-powershell ports: - name: web containerPort: 8080 volumeMounts: - - mountPath: /bitnami/opencart - name: flexvolsmb-opencart-config - - mountPath: /bitnami/opencart_storage - name: flexvolsmb-opencart-data + - name: configmap-opencart-conf + mountPath: /etc/lighttpd/lighttpd.conf + subPath: lighttpd.conf + - name: configmap-opencart-vhosts + mountPath: /etc/lighttpd/vhosts.d + - name: flexvolsmb-opencart-websites + mountPath: /var/www/ - name: db image: bv11-cr01.bessems.eu/proxy/library/mariadb:10.7 args: @@ -52,15 +52,9 @@ spec: securityContext: runAsUser: 999 runAsGroup: 999 - env: - - name: MARIADB_RANDOM_ROOT_PASSWORD - value: 'true' - - name: MARIADB_DATABASE - value: opencart - - name: MARIADB_USER - value: opencart - - name: MARIADB_PASSWORD - value: opencart + envFrom: + - secretRef: + name: opencart-secret ports: - name: db containerPort: 3306 @@ -68,12 +62,15 @@ spec: - mountPath: /var/lib/mysql name: flexvolsmb-opencart-db volumes: - - name: flexvolsmb-opencart-config + - name: configmap-opencart-conf + configMap: + name: configmap-opencart-conf + - name: configmap-opencart-vhosts + configMap: + name: configmap-opencart-vhosts + - name: flexvolsmb-opencart-websites persistentVolumeClaim: - claimName: flexvolsmb-opencart-config - - name: flexvolsmb-opencart-data - persistentVolumeClaim: - claimName: flexvolsmb-opencart-data + claimName: flexvolsmb-opencart-websites - name: flexvolsmb-opencart-db persistentVolumeClaim: claimName: flexvolsmb-opencart-db @@ -86,7 +83,7 @@ spec: entryPoints: - websecure routes: - - match: Host(`condo.itch.fyi`) + - match: Host(`condo.oneup.town`) kind: Rule services: - name: opencart @@ -98,63 +95,31 @@ spec: apiVersion: v1 kind: PersistentVolume metadata: - name: flexvolsmb-opencart-config + name: flexvolsmb-opencart-websites spec: capacity: storage: 1Gi accessModes: - ReadWriteMany - storageClassName: flexvolsmb-opencart-config + storageClassName: flexvolsmb-opencart-websites flexVolume: driver: mount/smb secretRef: name: smb-secret namespace: default options: - opts: domain=bessems.eu,file_mode=0755,dir_mode=0755,uid=1001,gid=1001,iocharset=utf8 + opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8 server: 192.168.11.225 - share: /K3s.Volumes/opencart/config + share: /K3s.Volumes/opencart/websites --- apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: flexvolsmb-opencart-config + name: flexvolsmb-opencart-websites spec: accessModes: - ReadWriteMany - storageClassName: flexvolsmb-opencart-config - resources: - requests: - storage: 1Gi ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: flexvolsmb-opencart-data -spec: - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - storageClassName: flexvolsmb-opencart-data - flexVolume: - driver: mount/smb - secretRef: - name: smb-secret - namespace: default - options: - opts: domain=bessems.eu,file_mode=0755,dir_mode=0755,uid=1001,gid=1001,iocharset=utf8 - server: 192.168.11.225 - share: /K3s.Volumes/opencart/data ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: flexvolsmb-opencart-data -spec: - accessModes: - - ReadWriteMany - storageClassName: flexvolsmb-opencart-data + storageClassName: flexvolsmb-opencart-websites resources: requests: storage: 1Gi @@ -190,4 +155,3 @@ spec: resources: requests: storage: 1Gi - diff --git a/services/OpenCart/sealedSecret-OpenCart.yml b/services/OpenCart/sealedSecret-OpenCart.yml new file mode 100644 index 0000000..0bcfeea --- /dev/null +++ b/services/OpenCart/sealedSecret-OpenCart.yml @@ -0,0 +1,26 @@ +{ + "kind": "SealedSecret", + "apiVersion": "bitnami.com/v1alpha1", + "metadata": { + "name": "opencart-secret", + "namespace": "default", + "creationTimestamp": null + }, + "spec": { + "template": { + "metadata": { + "name": "opencart-secret", + "namespace": "default", + "creationTimestamp": null + }, + "type": "Opaque", + "data": null + }, + "encryptedData": { + "MARIADB_DATABASE": "AgCbSUfNgr+RVtKWNlZ45X4akmEl9/cbASwyp2O5yjCipzhFOuHSY+b2dMdjHPAB3x+UqTKlYL99G74cgx1w5mOWIQI5JXMspbObqOOZo/6AQ7DuXini/XssvBeCHa8oT9DJsdjT/SO/dRfalDKX4KKWPs+Wk5l612zpjUMrPb6b9j2r5wyOrJu2E65CH1PxjbHciizP2cBOsRCAtL2Uo9AY7lXuFz0EweJ2zaGfVRF3oNl5AoCLLv57X67wqe0Lz+aNPJuogXHMZjMmf7rUHVcntow8YpPYYjN+R/AWd1Vwsv1ZOW07kZHaLooX2q+HJdQwvrnAOcg4EtGH3qWW6+IR8J8ylPFlrMk78eSHyqThTEGTm10zRDHFyHhi+DHpxpGCpAHVs9KBoEEyhZn2a86tDChXNaEIp/j2CzQY+61CC19OppLDqfV0AuS3HXHpQBpLTb6Md47jMko2Wt8GMHM+yPUH5H4SP5SU0cFyHHnfhVWL1Hh29a9bHqhsN1of8QSes6Gril3NzcMOKYpdI9rsrH0PxXHQ+RPUytQvgh87xW7ja0Fpq4jiTlFFLIv58Ctfh3ZlzCNnlf9kHnq3Zy4qz6wzwCeT2AbR/Ayit7UHuFHE5eXeCBkQrxxFXKMsjvAgsPlimRxt0jzm/q1rbRcDpDVFUNdW2EHuwEk7JW0qnzFrKgHrbZsY5gDF9ynNdAsJe+W/haA03Q==", + "MARIADB_PASSWORD": "AgATMjVb8XdkgQp5puvGIIdCpz9YLGhHJdhflYKs0pe1tyURtyjvZRBqKMQt2tyvfeSySkfMVMFc4t/78hvEMAkg2rdGxl8uAe2GLQkn8IE/Vngl3s4DPP1AEoIF0Co3/vT6mEyRs9yYi3ybELW1kR2HhwCHn7xLFuIv6J2rCzPFyvA3ML9afq8cXlT+b2cp03FXu2uisBZTIbi6auL6FOGdpjfn1uign5q6o3D4JMvJfF0FIL0M0VXUyjpnUqYCuoukbIGPjlJ/Q8NWpyUG9Pd63HTnZj7lWHgLGeq84fMf21rtLR/DtoKOAccJE5dllv5MZnoZHDRawY/cnp7/8YE78wJRyd9pERd9kGz+1PXsELvfp6zgosJ6pExiEM195JkBaMgbGyiRO7grx127T8nnBpjsqSikIPX2E6ptW41RWVu4gCHULhhaVPhMskS6dDwsRwHpod1MOBMyPzEZKv/8kXg7+LTk7o8sjF+0uc0BOynHH4Hy+ZFntU6CyWwugtZCZgB9uijD6FOqEPCTClFn25HI4oiYaaagID8O/gZpTkhieS63jZUxou1pCAhMLWwNrlHNnz0dmO6CtYzht++yky2BKU8LAST4w//2BhW+gZAksPdtVIuEHdJz/4d0Bux0whFcBzhiVKIx0nIg4wuHlwivM3E4LtUJZaXnDMmqhMovTs7rdlTZeNhXMUieZmwPYyzIVHgfMN7UHnVe3nnuJ4yNBJ2+t6T0Ce1WiK3w3A==", + "MARIADB_RANDOM_ROOT_PASSWORD": "AgBaYcix9OgDaSJsuhTx0HUsuz8ysFNBB1syXa6jh/MpRwGV82Ig9L24AXA5OyJYNpA3c+2UQ17FgIVA+YyqiVAc0weqzVCF8v8ZhbspFefKN/nL4ENjNhF9Y3Lz4kK5OC+57nC32gsAE/0A/l8USUpzy8geyYLB3vsRIddhLRMLXuIFTLw9o81243hV3mtWQ6pd1G2Aq4hX2RYh4boxO/Hc0hYJezZrOquNKXgw9UX8fW22E4QQ3hDphZpSJAZ8otd2HGYHdj9jTlvatoEquXmGRY2RrQ5t9yMMkpx9NF1HNKwh/RabM835a7SGmf32RUwCszTn9l1Bq7WFGoHf9hngay4/c6Bj/gi55iQDDahg+NgV36jtL6aTAp9RbaMRklc1rWRTGvi7JclTrK3+C+Fd7wnuIEzIuLzVb12K7+nRAgBbsJJsNYHWaiBeu20kbS6eSbUr55wHIz/+q5qd8p2n5vL+0Of7TluJ8XkBOrWSc4WTKMGY3x16YvqjbaTrWnyRbk92cN0GvuhXVwhXuiQwBB3gXtyovnWG44Xz3PJVZuVm7a7yeKbiQ4kg0ZTgU794NIViFM5+dZkm9k4M8yIYhdpkigl/KjRSw0iDehiVH3WjDM8zVejUDwG1dHOnUKUWTVEyfHuI4FDJS/Ve/CGhugxhuhGnxOz43O9CG8agUbYOft4w61OVMDSHUZrH+UG8ER4s", + "MARIADB_USER": "AgCxgpOn1rQyv/h7mv6Mszjv2Gi7MuDUVeXKV3Iuc2Y0ZoaIqLOoIr6MSDaVr3gcAzpQ+li6ZAGDqs+x14cMr6JUdzDtloKQMt+03Qu5AsUzQLKvKeW24tah9c5f0a5K1qpPwViqBE48WFh+Uzt6SWPFeRIruUlr4uYkVnOUwe3yihr3nlIDyPHdIslDTi0zlpzq7+Chp/7D+Uq8VHr7y+GLgdBadE0UX5HK/0qqyvO/fgPzHyzuMt7Ka5y65XSOqblfSeU3l4bwjcFG5lxpPwPDgTuxQXDd9r5o9g2WHgtc8QyPUmktk7p2f7KBu6cDlQKXVF27Rd8xVmreDzpoFw+uSBlCVaSyx8lvweH/bQ8v2DskP+VyJn9VtqhE7MqmTQo1J3bsINQ+y7s6J8cipeCk0jjB8rN0WVclQaDFZXTVZ74EhuI6EdEAZ2l30cZ/plgga4YWWjn/MD4YKsjQd7NOPuvQw6Wv7RCqlUSvZZpH3UH7AHTUDFMYVUfJ455BW5u/opy+uaBQQcDvfNp7xcwxopgN9xM0/Rbu7GKOTKk2Gs84FZR4Yd5bZ2ADfrV/Fx+bDIyB9D/IRJLstzBfAKpMC8DvEVDXw7z0ELEX2/DqY2OpiPOyRLJxGDKZIG9ohf25Ssro0AcF+06/ek8Pt5rqrAZmotUXWpi3BxfJI0EVCVjJdRvmIM12Ui8v93ikzlXEeoX5tzWkbg==" + } + } +}