122 lines
3.3 KiB
YAML
122 lines
3.3 KiB
YAML
|
apiVersion: networking.k8s.io/v1
|
||
|
kind: Ingress
|
||
|
metadata:
|
||
|
name: matrix
|
||
|
labels:
|
||
|
app.kubernetes.io/name: matrix
|
||
|
app.kubernetes.io/part-of: matrix
|
||
|
annotations:
|
||
|
cert-manager.io/cluster-issuer: letsencrypt
|
||
|
nginx.ingress.kubernetes.io/cors-allow-origin: https://chat.distrust.co,https:app.matrix.org
|
||
|
nginx.ingress.kubernetes.io/enable-cors: "true"
|
||
|
nginx.ingress.kubernetes.io/proxy-body-size: 110m
|
||
|
spec:
|
||
|
ingressClassName: nginx
|
||
|
tls:
|
||
|
- hosts:
|
||
|
- matrix.distrust.co
|
||
|
secretName: matrix-distrust-co-tls
|
||
|
- hosts:
|
||
|
- matrix-fed.distrust.co
|
||
|
secretName: matrix-fed-distrust-co-tls
|
||
|
rules:
|
||
|
- host: matrix.distrust.co
|
||
|
http:
|
||
|
paths:
|
||
|
- path: /
|
||
|
pathType: Prefix
|
||
|
backend:
|
||
|
service:
|
||
|
name: synapse
|
||
|
port:
|
||
|
name: http
|
||
|
- host: matrix-fed.distrust.co
|
||
|
http:
|
||
|
paths:
|
||
|
- path: /_matrix/
|
||
|
pathType: Prefix
|
||
|
backend:
|
||
|
service:
|
||
|
name: synapse
|
||
|
port:
|
||
|
name: http
|
||
|
---
|
||
|
apiVersion: networking.k8s.io/v1
|
||
|
kind: Ingress
|
||
|
metadata:
|
||
|
name: matrix-media-repo
|
||
|
labels:
|
||
|
app.kubernetes.io/name: matrix
|
||
|
app.kubernetes.io/part-of: matrix
|
||
|
annotations:
|
||
|
cert-manager.io/cluster-issuer: letsencrypt
|
||
|
nginx.ingress.kubernetes.io/cors-allow-origin: https://chat.distrust.co,https:app.matrix.org
|
||
|
nginx.ingress.kubernetes.io/enable-cors: "true"
|
||
|
nginx.ingress.kubernetes.io/proxy-body-size: 110m
|
||
|
# This combination of configurations allows for the media-repo to function
|
||
|
# properly
|
||
|
nginx.ingress.kubernetes.io/upstream-vhost: distrust.co
|
||
|
nginx.ingress.kubernetes.io/configuration-snippet: |
|
||
|
more_set_input_headers 'Host: distrust.co';
|
||
|
more_set_input_headers 'X-Forwarded-Host: distrust.co';
|
||
|
spec:
|
||
|
ingressClassName: nginx
|
||
|
tls:
|
||
|
- hosts:
|
||
|
- matrix.distrust.co
|
||
|
secretName: matrix-distrust-co-tls
|
||
|
rules:
|
||
|
- host: matrix.distrust.co
|
||
|
http:
|
||
|
paths:
|
||
|
- path: /_matrix/media/
|
||
|
pathType: Prefix
|
||
|
backend:
|
||
|
service:
|
||
|
name: media-repo
|
||
|
port:
|
||
|
name: http
|
||
|
- host: matrix-fed.distrust.co
|
||
|
http:
|
||
|
paths:
|
||
|
- path: /_matrix/
|
||
|
pathType: Prefix
|
||
|
backend:
|
||
|
service:
|
||
|
name: synapse
|
||
|
port:
|
||
|
name: http
|
||
|
---
|
||
|
apiVersion: networking.k8s.io/v1
|
||
|
kind: Ingress
|
||
|
metadata:
|
||
|
name: element-web
|
||
|
labels:
|
||
|
app.kubernetes.io/name: element-web
|
||
|
app.kubernetes.io/part-of: matrix
|
||
|
annotations:
|
||
|
cert-manager.io/cluster-issuer: letsencrypt
|
||
|
nginx.ingress.kubernetes.io/configuration-snippet: |
|
||
|
add_header X-Frame-Options SAMEORIGIN;
|
||
|
add_header X-Content-Type-Options nosniff;
|
||
|
add_header X-XSS-Protection "1; mode=block";
|
||
|
add_header Content-Security-Policy "frame-ancestors 'self'";
|
||
|
spec:
|
||
|
ingressClassName: nginx
|
||
|
tls:
|
||
|
- hosts:
|
||
|
- chat.distrust.co
|
||
|
secretName: element-distrust-co-tls
|
||
|
rules:
|
||
|
- host: chat.distrust.co
|
||
|
http:
|
||
|
paths:
|
||
|
- path: /
|
||
|
pathType: Prefix
|
||
|
backend:
|
||
|
service:
|
||
|
name: element-web
|
||
|
port:
|
||
|
name: http
|
||
|
|