theosanderson · February 11, 2025 16:20
diff --git a/proxy.yaml b/proxy.yaml
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: reverse-proxy
  namespace: argocd
 spec:
  project: default
  source:
    repoURL: https://charts.bitnami.com/bitnami
    targetRevision: 15.1.1
    chart: nginx
    helm:
      values: |
        serverBlock: |-
          # Cache configuration
          proxy_cache_path /tmp/nginx_cache levels=1:2 keys_zone=my_cache:120m max_size=10g inactive=60m use_temp_path=off;
          
          server {
            listen 8080;
            server_name _;
            
            # Enable gzip compression
            gzip on;
            gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
            gzip_min_length 1000;
            gzip_proxied any;
            
            location / {
              proxy_cache my_cache;
              proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
              proxy_cache_valid 200 302 120m;
              proxy_cache_valid 404 10m;
              proxy_cache_bypass $http_pragma;
              proxy_cache_key $scheme$proxy_host$request_uri;
              
              # Add cache status to response headers
              add_header X-Cache-Status $upstream_cache_status;
              
              proxy_set_header Host api.ncbi.nlm.nih.gov;
              proxy_set_header X-Real-IP $remote_addr;
              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
              proxy_set_header X-Forwarded-Proto $scheme;
              
              # Rewrite the URL to append to /api/
              #rewrite ^/(.*) /api/$1 break;
              
              # Forward to Google
              proxy_pass https://api.ncbi.nlm.nih.gov;
              
              # Additional security headers
              proxy_ssl_server_name on;
              proxy_ssl_protocols TLSv1.2 TLSv1.3;
              
              # Timeouts
              proxy_connect_timeout 6000s;
              proxy_send_timeout 6000s;
              proxy_read_timeout 6000s;
              
              # Cache bypass conditions
              proxy_no_cache $http_pragma $http_authorization;
              proxy_cache_bypass $http_pragma $http_authorization;
            }
            
            # Cache status endpoint
            location /cache-status {
              stub_status on;
              access_log off;
              allow 127.0.0.1;
              deny all;
            }
          }
        
        service:
          type: ClusterIP
          ports:
            http: 80
            
        replicaCount: 2
        
        resources:
          limits:
            cpu: 200m
            memory: 512Mi  # Increased for cache
          requests:
            cpu: 100m
            memory: 256Mi  # Increased for cache
            
        autoscaling:
          enabled: true
          minReplicas: 2
          maxReplicas: 5
          targetCPU: 80
          targetMemory: 80
          
        # Add persistent volume for cache
        persistence:
          enabled: true
          mountPath: /tmp/nginx_cache
          size: 10Gi
          
  destination:
    server: https://kubernetes.default.svc
    namespace: proxy
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
    - CreateNamespace=true
	apiVersion: argoproj.io/v1alpha1
	kind: Application
	metadata:
	name: reverse-proxy
	namespace: argocd
	spec:
	project: default
	source:
	repoURL: https://charts.bitnami.com/bitnami
	targetRevision: 15.1.1
	chart: nginx
	helm:
	values: \|
	serverBlock: \|-
	# Cache configuration
	proxy_cache_path /tmp/nginx_cache levels=1:2 keys_zone=my_cache:120m max_size=10g inactive=60m use_temp_path=off;

	server {
	listen 8080;
	server_name _;

	# Enable gzip compression
	gzip on;
	gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
	gzip_min_length 1000;
	gzip_proxied any;

	location / {
	proxy_cache my_cache;
	proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
	proxy_cache_valid 200 302 120m;
	proxy_cache_valid 404 10m;
	proxy_cache_bypass $http_pragma;
	proxy_cache_key $scheme$proxy_host$request_uri;

	# Add cache status to response headers
	add_header X-Cache-Status $upstream_cache_status;

	proxy_set_header Host api.ncbi.nlm.nih.gov;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;

	# Rewrite the URL to append to /api/
	#rewrite ^/(.*) /api/$1 break;

	# Forward to Google
	proxy_pass https://api.ncbi.nlm.nih.gov;

	# Additional security headers
	proxy_ssl_server_name on;
	proxy_ssl_protocols TLSv1.2 TLSv1.3;

	# Timeouts
	proxy_connect_timeout 6000s;
	proxy_send_timeout 6000s;
	proxy_read_timeout 6000s;

	# Cache bypass conditions
	proxy_no_cache $http_pragma $http_authorization;
	proxy_cache_bypass $http_pragma $http_authorization;
	}

	# Cache status endpoint
	location /cache-status {
	stub_status on;
	access_log off;
	allow 127.0.0.1;
	deny all;
	}
	}

	service:
	type: ClusterIP
	ports:
	http: 80

	replicaCount: 2

	resources:
	limits:
	cpu: 200m
	memory: 512Mi # Increased for cache
	requests:
	cpu: 100m
	memory: 256Mi # Increased for cache

	autoscaling:
	enabled: true
	minReplicas: 2
	maxReplicas: 5
	targetCPU: 80
	targetMemory: 80

	# Add persistent volume for cache
	persistence:
	enabled: true
	mountPath: /tmp/nginx_cache
	size: 10Gi

	destination:
	server: https://kubernetes.default.svc
	namespace: proxy
	syncPolicy:
	automated:
	prune: true
	selfHeal: true
	syncOptions:
	- CreateNamespace=true