-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
17 changed files
with
492 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,84 @@ | ||
| {{- if and .Values.proxy.enabled .Values.proxy.config.enabled }} | ||
| --- | ||
| apiVersion: v1 | ||
| kind: ConfigMap | ||
| metadata: | ||
| name: {{ include "lemmy.service.fullname" (dict "name" "proxy" "context" .) | quote }} | ||
| data: | ||
| nginx.conf: | | ||
| worker_processes 1; | ||
| events { | ||
| worker_connections 1024; | ||
| } | ||
| http { | ||
| upstream lemmy { | ||
| server {{ include "lemmy.service.fullname" (dict "name" "server" "context" .) | quote }}; | ||
| } | ||
| upstream lemmy-ui { | ||
| server {{ include "lemmy.service.fullname" (dict "name" "ui" "context" .) | quote }}; | ||
| } | ||
| server { | ||
| # this is the port inside docker, not the public one yet | ||
| listen 80; | ||
| # change if needed, this is facing the public web | ||
| server_name localhost; | ||
| server_tokens off; | ||
| gzip on; | ||
| gzip_types text/css application/javascript image/svg+xml; | ||
| gzip_vary on; | ||
| # Upload limit, relevant for pictrs | ||
| client_max_body_size 20M; | ||
| add_header X-Frame-Options SAMEORIGIN; | ||
| add_header X-Content-Type-Options nosniff; | ||
| add_header X-XSS-Protection "1; mode=block"; | ||
| {{- range .Values.proxy.config.allowedProxies }} | ||
| set_real_ip_from {{ . }}; | ||
| {{- end }} | ||
| # frontend general requests | ||
| location / { | ||
| # distinguish between ui requests and backend | ||
| # don't change lemmy-ui or lemmy here, they refer to the upstream definitions on top | ||
| set $proxpass "http://lemmy-ui"; | ||
| if ($http_accept = "application/activity+json") { | ||
| set $proxpass "http://lemmy"; | ||
| } | ||
| if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") { | ||
| set $proxpass "http://lemmy"; | ||
| } | ||
| if ($request_method = POST) { | ||
| set $proxpass "http://lemmy"; | ||
| } | ||
| proxy_pass $proxpass; | ||
| rewrite ^(.+)/+$ $1 permanent; | ||
| # Send actual client IP upstream | ||
| proxy_set_header X-Real-IP $remote_addr; | ||
| proxy_set_header Host $host; | ||
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
| } | ||
| # backend | ||
| location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) { | ||
| proxy_pass "http://lemmy"; | ||
| # proxy common stuff | ||
| proxy_http_version 1.1; | ||
| proxy_set_header Upgrade $http_upgrade; | ||
| proxy_set_header Connection "upgrade"; | ||
| # Send actual client IP upstream | ||
| proxy_set_header X-Real-IP $remote_addr; | ||
| proxy_set_header Host $host; | ||
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
| } | ||
| } | ||
| } | ||
| {{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,64 @@ | ||
| {{- if .Values.proxy.enabled }} | ||
| --- | ||
| apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| name: {{ include "lemmy.service.fullname" (dict "name" "proxy" "context" .) | quote }} | ||
| spec: | ||
| replicas: 1 | ||
| selector: | ||
| matchLabels: {{- include "common.labels.matchLabels" (dict "customLabels" .Values.proxy.labels "context" $) | nindent 6 }} | ||
| service: lemmy-proxy | ||
| template: | ||
| metadata: | ||
| {{- with .Values.proxy.annotations }} | ||
| annotations: {{- toYaml . | nindent 8 }} | ||
| {{- end }} | ||
| labels: {{- include "common.labels.standard" (dict "customLabels" .Values.proxy.labels "context" $) | nindent 8 }} | ||
| service: lemmy-proxy | ||
| spec: | ||
| containers: | ||
| - name: {{ include "lemmy.service.fullname" (dict "name" "proxy" "context" .) | quote }} | ||
| image: {{ include "common.images.image" ( dict "imageRoot" (merge .Values.proxy.image (dict "tag" .Chart.AppVersion)) ) | quote }} | ||
| imagePullPolicy: {{ quote .Values.proxy.image.pullPolicy }} | ||
| {{- with .Values.proxy.env }} | ||
| env: {{- toYaml . | nindent 12 }} | ||
| {{- end }} | ||
| {{- with .Values.proxy.envFrom }} | ||
| envFrom: {{- toYaml . | nindent 12 }} | ||
| {{- end }} | ||
| ports: | ||
| - containerPort: 80 | ||
| name: http | ||
| protocol: TCP | ||
| {{- if .Values.proxy.resources }} | ||
| resources: {{- toYaml .Values.proxy.resources | nindent 12 }} | ||
| {{- else if ne .Values.proxy.resourcesPreset "none" }} | ||
| resources: {{- include "common.resources.preset" (dict "type" .Values.proxy.resourcesPreset) | nindent 12 }} | ||
| {{- end }} | ||
| {{- with .Values.proxy.podSecurityContext }} | ||
| securityContext: {{- toYaml . | nindent 12 }} | ||
| {{- end }} | ||
| {{- if or .Values.proxy.config.enabled .Values.proxy.volumeMounts }} | ||
| volumeMounts: | ||
| {{- if .Values.proxy.config.enabled }} | ||
| - name: config | ||
| mountPath: /etc/nginx/nginx.conf | ||
| subPath: nginx.conf | ||
| {{- end }} | ||
| {{- with .Values.proxy.volumeMounts }} | ||
| {{- toYaml . | nindent 12 }} | ||
| {{- end }} | ||
| {{- end }} | ||
| {{- if or .Values.proxy.config.enabled .Values.proxy.volumes }} | ||
| volumes: | ||
| {{- if .Values.proxy.config.enabled }} | ||
| - name: config | ||
| configMap: | ||
| name: {{ include "lemmy.service.fullname" (dict "name" "proxy" "context" .) | quote }} | ||
| {{- end }} | ||
| {{- with .Values.proxy.volumes }} | ||
| {{- toYaml . | nindent 8 }} | ||
| {{- end }} | ||
| {{- end }} | ||
| {{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| {{- if .Values.ui.ingress.enabled }} | ||
| --- | ||
| apiVersion: networking.k8s.io/v1 | ||
| kind: Ingress | ||
| metadata: | ||
| name: {{ include "lemmy.service.fullname" (dict "name" "ui" "context" .) | quote }} | ||
| {{- with .Values.ui.ingress.annotations }} | ||
| annotations: {{- toYaml . | nindent 4 }} | ||
| {{- end }} | ||
| spec: | ||
| rules: | ||
| {{- range .Values.ui.ingress.hosts }} | ||
| - host: {{ quote . }} | ||
| http: | ||
| paths: | ||
| - path: / | ||
| pathType: ImplementationSpecific | ||
| backend: | ||
| service: | ||
| name: {{ include "lemmy.service.fullname" (dict "name" "ui" "context" $) | quote }} | ||
| port: | ||
| name: http | ||
| {{- range list "/api" "/pictrs" "/feeds" "/nodeinfo" "/.well-known" }} | ||
| - path: {{ quote . }} | ||
| pathType: ImplementationSpecific | ||
| backend: | ||
| service: | ||
| name: {{ include "lemmy.service.fullname" (dict "name" "server" "context" $) | quote }} | ||
| port: | ||
| name: http | ||
| {{- end }} | ||
| {{- end }} | ||
| {{- with .Values.ui.ingress.tls }} | ||
| tls: {{- toYaml . | nindent 4 }} | ||
| {{- end }} | ||
| {{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| {{- if .Values.proxy.enabled }} | ||
| --- | ||
| apiVersion: v1 | ||
| kind: Service | ||
| metadata: | ||
| name: {{ include "lemmy.service.fullname" (dict "name" "proxy" "context" .) | quote }} | ||
| spec: | ||
| selector: {{- include "common.labels.matchLabels" (dict "customLabels" .Values.proxy.labels "context" $) | nindent 4 }} | ||
| service: lemmy-proxy | ||
| ports: | ||
| - name: http | ||
| port: 80 | ||
| targetPort: http | ||
| {{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| {{- define "voyager.service.fullname" }} | ||
| {{- printf "%s-%s" (include "common.names.fullname" .context | trunc (sub 62 (len .name) | int) | trimSuffix "-") .name -}} | ||
| {{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,93 @@ | ||
| {{- if and .Values.proxy.enabled .Values.proxy.config.enabled }} | ||
| --- | ||
| apiVersion: v1 | ||
| kind: ConfigMap | ||
| metadata: | ||
| name: {{ include "voyager.service.fullname" (dict "name" "proxy" "context" .) | quote }} | ||
| data: | ||
| nginx.conf: | | ||
| worker_processes 1; | ||
| events { | ||
| worker_connections 1024; | ||
| } | ||
| http { | ||
| upstream lemmy { | ||
| server {{ quote .Values.proxy.config.lemmyServer }}; | ||
| } | ||
| upstream voyager-ui { | ||
| server {{ include "voyager.service.fullname" (dict "name" "ui" "context" .) | quote }}; | ||
| } | ||
| server { | ||
| # this is the port inside docker, not the public one yet | ||
| listen 80; | ||
| # change if needed, this is facing the public web | ||
| server_name localhost; | ||
| server_tokens off; | ||
| gzip on; | ||
| gzip_types text/css application/javascript image/svg+xml; | ||
| gzip_vary on; | ||
| # Upload limit, relevant for pictrs | ||
| client_max_body_size 20M; | ||
| add_header X-Frame-Options SAMEORIGIN; | ||
| add_header X-Content-Type-Options nosniff; | ||
| add_header X-XSS-Protection "1; mode=block"; | ||
| {{- range .Values.proxy.config.allowedProxies }} | ||
| set_real_ip_from {{ . }}; | ||
| {{- end }} | ||
| # frontend general requests | ||
| location / { | ||
| # distinguish between ui requests and backend | ||
| # don't change voyager-ui or lemmy here, they refer to the upstream definitions on top | ||
| set $proxpass "http://voyager-ui"; | ||
| if ($http_accept = "application/activity+json") { | ||
| set $proxpass "http://lemmy"; | ||
| } | ||
| if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") { | ||
| set $proxpass "http://lemmy"; | ||
| } | ||
| if ($request_method = POST) { | ||
| set $proxpass "http://lemmy"; | ||
| } | ||
| proxy_pass $proxpass; | ||
| rewrite ^(.+)/+$ $1 permanent; | ||
| # Send actual client IP upstream | ||
| proxy_set_header X-Real-IP $remote_addr; | ||
| proxy_set_header Host $host; | ||
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
| } | ||
| location ~ ^/api/(.*)/api { | ||
| proxy_pass "http://voyager-ui"; | ||
| rewrite ^(.+)/+$ $1 permanent; | ||
| # Send actual client IP upstream | ||
| proxy_set_header X-Real-IP $remote_addr; | ||
| proxy_set_header Host $host; | ||
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
| } | ||
| # backend | ||
| location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) { | ||
| proxy_pass "http://lemmy"; | ||
| # proxy common stuff | ||
| proxy_http_version 1.1; | ||
| proxy_set_header Upgrade $http_upgrade; | ||
| proxy_set_header Connection "upgrade"; | ||
| # Send actual client IP upstream | ||
| proxy_set_header X-Real-IP $remote_addr; | ||
| proxy_set_header Host $host; | ||
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
| } | ||
| } | ||
| } | ||
| {{- end }} |
Oops, something went wrong.