153 lines
4.2 KiB
YAML
153 lines
4.2 KiB
YAML
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: matrix
|
|
labels:
|
|
app.kubernetes.io/name: matrix
|
|
app.kubernetes.io/part-of: matrix
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt
|
|
nginx.ingress.kubernetes.io/cors-allow-origin: https://chat.distrust.co,https:app.matrix.org
|
|
nginx.ingress.kubernetes.io/enable-cors: "true"
|
|
nginx.ingress.kubernetes.io/proxy-body-size: 110m
|
|
spec:
|
|
ingressClassName: nginx
|
|
tls:
|
|
- hosts:
|
|
- matrix.distrust.co
|
|
secretName: matrix-distrust-co-tls
|
|
- hosts:
|
|
- matrix-fed.distrust.co
|
|
secretName: matrix-fed-distrust-co-tls
|
|
rules:
|
|
- host: matrix.distrust.co
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: synapse
|
|
port:
|
|
name: http
|
|
- host: matrix-fed.distrust.co
|
|
http:
|
|
paths:
|
|
- path: /_matrix/
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: synapse
|
|
port:
|
|
name: http
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: matrix-media-repo
|
|
labels:
|
|
app.kubernetes.io/name: matrix
|
|
app.kubernetes.io/part-of: matrix
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt
|
|
nginx.ingress.kubernetes.io/cors-allow-origin: https://chat.distrust.co,https:app.matrix.org
|
|
nginx.ingress.kubernetes.io/enable-cors: "true"
|
|
nginx.ingress.kubernetes.io/proxy-body-size: 110m
|
|
# This combination of configurations allows for the media-repo to function
|
|
# properly
|
|
nginx.ingress.kubernetes.io/upstream-vhost: distrust.co
|
|
nginx.ingress.kubernetes.io/configuration-snippet: |
|
|
more_set_input_headers 'Host: distrust.co';
|
|
more_set_input_headers 'X-Forwarded-Host: distrust.co';
|
|
spec:
|
|
ingressClassName: nginx
|
|
tls:
|
|
- hosts:
|
|
- matrix.distrust.co
|
|
secretName: matrix-distrust-co-tls
|
|
rules:
|
|
- host: matrix.distrust.co
|
|
http:
|
|
paths:
|
|
- path: /_matrix/media/
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: media-repo
|
|
port:
|
|
name: http
|
|
- host: matrix-fed.distrust.co
|
|
http:
|
|
paths:
|
|
- path: /_matrix/
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: synapse
|
|
port:
|
|
name: http
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: element-web
|
|
labels:
|
|
app.kubernetes.io/name: element-web
|
|
app.kubernetes.io/part-of: matrix
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt
|
|
nginx.ingress.kubernetes.io/configuration-snippet: |
|
|
add_header X-Frame-Options SAMEORIGIN;
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
add_header Content-Security-Policy "frame-ancestors 'self'";
|
|
spec:
|
|
ingressClassName: nginx
|
|
tls:
|
|
- hosts:
|
|
- chat.distrust.co
|
|
secretName: element-distrust-co-tls
|
|
rules:
|
|
- host: chat.distrust.co
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: element-web
|
|
port:
|
|
name: http
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: appservice-slack
|
|
labels:
|
|
app.kubernetes.io/name: appservice-slack
|
|
app.kubernetes.io/part-of: matrix
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt
|
|
nginx.ingress.kubernetes.io/configuration-snippet: |
|
|
add_header X-Frame-Options SAMEORIGIN;
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
add_header Content-Security-Policy "frame-ancestors 'self'";
|
|
spec:
|
|
ingressClassName: nginx
|
|
tls:
|
|
- hosts:
|
|
- slack-bridge.matrix.distrust.co
|
|
secretName: slack-bridge-matrix-distrust-co-tls
|
|
rules:
|
|
- host: slack-bridge.matrix.distrust.co
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: appservice-slack
|
|
port:
|
|
name: rtm
|