create a bag-cache

_apps/bagcache.yaml

@@ -0,0 +1,21 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: bagcache
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: bagcache
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    path: bagcache
+    repoURL: https://git.tbrnt.ch/tobru/gitops-tbrnt.git
+    targetRevision: HEAD
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: bagcache

bagcache/bagcache.conf

@@ -0,0 +1,32 @@
+server {
+  listen 0.0.0.0:8080;
+  server_name bag-cache.tobru.ch;
+  root /app;
+  index index.htm index.html;
+
+  location / {
+    expires 30d;
+    proxy_cache cache_zone;
+    proxy_cache_lock on;
+    proxy_cache_revalidate on;
+    proxy_cache_background_update on;
+    proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
+    proxy_cache_valid 200 302 301 10m;
+    proxy_cache_key $scheme://$host$request_uri;
+    proxy_pass https://www.bag.admin.ch$request_uri;
+    proxy_set_header User-Agent "Mozilla/5.0 (X11; Linux x86_64; rv:74.0) Gecko/20100101 Firefox/74.0 (never gonna give you up, never gonna let you down - bag-cache.tobru.ch - operated by tobias@tobru.ch)";
+    proxy_set_header Host www.bag.admin.ch;
+    proxy_set_header Accept-Encoding ""; # no compression allowed or next won't work
+    sub_filter "<!-- begin: container -->" "<p style='width: 100%; height: 100px; padding: 30px;'> ⚠️ This is a cached version and non-authoritative mirror of <a href='https://www.bag.admin.ch'>www.bag.admin.ch</a> for faster access during demanding times. It should be up to date around 10 minutes of delay.</p><!-- begin: container -->";
+    sub_filter "https://www.bag.admin.ch/" "https://bag-cache.tobru.ch/";
+    add_header X-Cached $upstream_cache_status;
+    add_header X-Cache-Server "amazeeio/nginx-cache";
+    add_header X-Robots-Tag "noindex, nofollow";
+    proxy_ignore_headers "Set-Cookie";
+    proxy_ignore_headers "Expires";
+    add_header set-cookie "";
+    proxy_hide_header "x-content-type-options";
+    proxy_hide_header "Set-Cookie";
+  }
+
+}

bagcache/cm.yaml

@@ -0,0 +1,38 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: nginx-config
+data:
+  bagcache.conf: |
+    server {
+      listen 0.0.0.0:8080;
+      server_name bag-cache.tobru.ch;
+      root /app;
+      index index.htm index.html;
+
+      location / {
+        expires 30d;
+        proxy_cache cache_zone;
+        proxy_cache_lock on;
+        proxy_cache_revalidate on;
+        proxy_cache_background_update on;
+        proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
+        proxy_cache_valid 200 302 301 10m;
+        proxy_cache_key $scheme://$host$request_uri;
+        proxy_pass https://www.bag.admin.ch$request_uri;
+        proxy_set_header User-Agent "Mozilla/5.0 (X11; Linux x86_64; rv:74.0) Gecko/20100101 Firefox/74.0 (never gonna give you up, never gonna let you down - bag-cache.tobru.ch - operated by tobias@tobru.ch)";
+        proxy_set_header Host www.bag.admin.ch;
+        proxy_set_header Accept-Encoding ""; # no compression allowed or next won't work
+        sub_filter "<!-- begin: container -->" "<p style='width: 100%; height: 100px; padding: 30px;'> ⚠️ This is a cached version and non-authoritative mirror of <a href='https://www.bag.admin.ch'>www.bag.admin.ch</a> for faster access during demanding times. It should be up to date around 10 minutes of delay.</p><!-- begin: container -->";
+        sub_filter "https://www.bag.admin.ch/" "https://bag-cache.tobru.ch/";
+        add_header X-Cached $upstream_cache_status;
+        add_header X-Cache-Server "amazeeio/nginx-cache";
+        add_header X-Robots-Tag "noindex, nofollow";
+        proxy_ignore_headers "Set-Cookie";
+        proxy_ignore_headers "Expires";
+        add_header set-cookie "";
+        proxy_hide_header "x-content-type-options";
+        proxy_hide_header "Set-Cookie";
+      }
+
+    }

bagcache/deployment.yaml

@@ -0,0 +1,26 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: nginxcache
+  name: nginxcache
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nginxcache
+  template:
+    metadata:
+      labels:
+        app: nginxcache
+    spec:
+      containers:
+      - image: bitnami/nginx:latest
+        name: nginx
+        volumeMounts:
+        - name: config
+          mountPath: /opt/bitnami/nginx/conf/server_blocks/
+      volumes:
+      - name: config
+        configMap:
+          name: nginx-config

bagcache/ingress.yaml

@@ -0,0 +1,22 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    ingress.kubernetes.io/ssl-redirect: "true"
+  name: nginxcache
+  labels:
+    app: nginxcache
+spec:
+  rules:
+  - host: bag-cache.tobru.ch
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: nginxcache
+          servicePort: 8080
+  tls:
+  - hosts:
+    - bag-cache.tobru.ch
+    secretName: bag-cache-tobru-ch-cert

bagcache/service.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: nginxcache
+  labels:
+    app: nginxcache
+spec:
+  ports:
+  - port: 8080
+    protocol: TCP
+    targetPort: 8080
+  selector:
+    app: nginxcache
+  type: ClusterIP