wordpress proxy with nginx

Error:

Mixed Content: The page at ” was loaded over HTTPS, but requested an insecure stylesheet ”. This request has been blocked; the content must be served over HTTPS.

  • install nginx with $IP_ADDRESS:8080
version: '3.1'

services:
  wordpress:
    image: wordpress:6.2.0
    restart: always
    ports:
      - 8080:80
    volumes:
      - ./wordpress:/var/www/html

  db:
    image: mysql:5.7.39
    restart: always
    ports:
      - 3310:3306
    environment:
      MYSQL_ROOT_PASSWORD: root
    volumes:
      - ./mysql:/var/lib/mysql
  • Update https://test.example.com inside wordpress admin panel
worpress-nginx-proxy
  • update wp-config.php

define('FORCE_SSL_ADMIN', true);
if ( isset( $_SERVER['HTTP_X_FORWARDED_PROTO'] ) && strpos( $_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false ) {
$_SERVER['HTTPS'] = 'on';
}

  • /etc/nginx/conf.d/test.exmaple.conf nginx config
server {
    server_name test.example.com;
    location / {
        proxy_pass http://10.209.229.54:8080/; 
        proxy_http_version 1.1;
        proxy_buffering off;
        proxy_read_timeout    90;
        proxy_connect_timeout 90;
        proxy_redirect        off;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Port 443;
        proxy_set_header Proxy "";
    }

    listen 443 ssl;
    ssl_certificate /etc/nginx/ssl/cert.pem;
    ssl_certificate_key /etc/nginx/ssl/key.pem;

}

server {
    if ($host = test.example.com) {
        return 301 https://$host$request_uri;
    }
    server_name test.example.com;
    listen 80;
    return 404;
}

Reference:

On demand ecs fargate as Jenkins worker node

  • Create separate ecs-farget template for different kind of workload.
  • Do the proper tagging of resources so that we get proper costing

Docker with TLS:

###### server
dockerd \
    --tlsverify \
    --tlscacert=ca.pem \
    --tlscert=server-cert.pem \
    --tlskey=server-key.pem \
    -H=0.0.0.0:2376

##### client
docker --tlsverify \
    --tlscacert=ca.pem \
    --tlscert=cert.pem \
    --tlskey=key.pem \
    -H=$HOST:2376 version

##### secure by default
mkdir -pv ~/.docker
cp -v {ca,cert,key}.pem ~/.docker
export DOCKER_HOST=tcp://$HOST:2376 DOCKER_TLS_VERIFY=1


##### make sure to have correct host/DNS name while creating the server cert

Skopeo – Copy multi arch image from one registry to another registry

login to the repository:

[home@home ~]$ skopeo login --username $USER docker.io
Password: 
Login Succeeded!

Copy:

skopeo copy -a docker://nginx docker://$USER/nginx

References:

Get list of deploy with node selector kubernetes

#!/bin/bash

u_time=$(date +%s)

list_of_namespaces=$(kubectl get ns | awk '{print $1}' | sed 1d)
worker_node_list=$(kubectl get nodes --label-columns beta.kubernetes.io/instance-type --label-columns karpenter.sh/capacity-type -l role=worker | awk '{print $1}' | sed 1d)

for namespace in $list_of_namespaces
do
    echo "================$namespace=================="
    list_of_deploy=$(kubectl get deploy -n $namespace | awk '{print $1}' | sed 1d)

    for deploy in $list_of_deploy
    do
        if [ "$(kubectl get deploy $deploy -n $namespace -o yaml | grep nodeSelector -A 1 | grep role | awk '{print $NF}')" = "worker-arm64" ]
        then
            echo "$deploy,$namespace,true"
            echo "$deploy,$namespace,true" >> prod_deploy_arm64_$u_time.list
        else
            echo "$deploy,$namespace,false"
            echo "$deploy,$namespace,false" >> prod_deploy_arm64_$u_time.list
        fi
    done
done

Helm chart custom values

nginx-chart-files/
├── index.yaml
├── nginx-0.1.0.tgz
└── nginx-0.2.0.tgz

Generate manifest:

helm template ./direcotry  -f values.yaml --output-dir output_dir

helm template ./direcotry -f values.yml

#render in stdout

helm template ./direcotry  -f values.yaml --dry-run 
  • Create helm package (.gz file)
helm package ./direcotry_path
apiVersion: {{ template "controller.apiVersion" . }}
kind: {{ .Values.controller.kind }}
metadata:
  labels:
{{ $labels | indent 4 }}
  name: {{ $name }}
  namespace: {{ $.Release.Namespace }}
---
    spec:
    {{- with .Values.controller.hostAliases }}
      hostAliases:
{{ toYaml . | indent 8 }}
    {{- end }}
---

values.yml

controller:
  create: true
  kind: Deployment


---
  terminationGracePeriodSeconds: 30
  hostAliases:
  - hostnames:
    - example.com
    ip: 127.0.0.1

index.html

apiVersion: v1
entries:
  nginx:
  - apiVersion: v2
    appVersion: 1.16.0
    created: "2021-07-03T21:59:00.34571153-04:00"
    digest: b22a325b03c8e88b6a6a8d1a8e79f5d0498813855174a983426466b6de5a5f71
    maintainers:
    - email: john@example.com
      name: John Smith
    name: nginx
    type: application
    urls:
    - https://example.com/charts/nginx-0.1.0.tgz
    version: 0.1.0
  - apiVersion: v2
    appVersion: 1.17.0
    created: "2021-07-03T21:59:00.34571153-04:00"
    digest: b22a325b03c8e88b6a6a8d1a8e79f5d0498813855174a983426466b6de5a5f71
    maintainers:
    - email: john@example.com
      name: John Smith
    name: nginx
    type: application
    urls:
    - https://example.com/charts/nginx-0.2.0.tgz
    version: 0.2.0

https://kodekloud.com/blog/uploading-a-helm-chart/