diff --git a/nginx/nginx-rc.yaml b/nginx/nginx-rc.yaml index 5a1c1f436..e876ae093 100644 --- a/nginx/nginx-rc.yaml +++ b/nginx/nginx-rc.yaml @@ -6,16 +6,18 @@ metadata: labels: app: nginx version: 1.9.11 - spec: v1 + spec: v2 spec: replicas: 2 selector: app: nginx + rcv: v2 template: metadata: labels: app: nginx lb-target: nginx + rcv: v2 spec: containers: - image: nginx:1.9.11 @@ -27,6 +29,8 @@ spec: mountPath: /etc/nginx/ssl/dhparam - name: nginx-config mountPath: /etc/nginx/conf.d + - name: nginx-logs + mountPath: /var/log/nginx ports: - containerPort: 80 - containerPort: 443 @@ -40,3 +44,5 @@ spec: - name: nginx-config secret: secretName: nginx-config + - name: nginx-logs + emptyDir: {} diff --git a/nginx/server.conf b/nginx/server.conf index 965e36259..269c519bf 100644 --- a/nginx/server.conf +++ b/nginx/server.conf @@ -6,6 +6,8 @@ log_format logstash '$http_host ' '$request_time ' '$upstream_response_time'; +access_log /var/log/nginx/access.log logstash; + # Modern SSL config ssl_protocols TLSv1.2; ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; @@ -25,7 +27,6 @@ add_header Strict-Transport-Security max-age=15768000; server { listen 80; server_name *.tazj.in tazj.in; - access_log /var/log/nginx/tls_redirect.log logstash; return 301 https://$server_name$request_uri; }