apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: nas-ingress annotations: cert-manager.io/cluster-issuer: "letsencrypt" acme.cert-manager.io/http01-edit-in-place: "true" nginx.org/client-max-body-size: "500m" nginx.org/proxy-connect-timeout: "60s" nginx.org/proxy-read-timeout: "60s" nginx.org/hsts: "True" nginx.org/hsts-max-age: "15552000" # Uncomment to allow solving HTTP01 challenge ingress.kubernetes.io/ssl-redirect: "true" nginx.org/redirect-to-https: "false" spec: tls: - hosts: - nas.dodges.it secretName: nas-le-secret rules: - host: nas.dodges.it http: paths: - path: / pathType: Prefix backend: service: name: nas port: number: 80 ingressClassName: nginx --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: pihole-ingress annotations: cert-manager.io/cluster-issuer: "letsencrypt" acme.cert-manager.io/http01-edit-in-place: "true" nginx.org/client-max-body-size: "500m" nginx.org/proxy-connect-timeout: "60s" nginx.org/proxy-read-timeout: "60s" nginx.org/hsts: "True" nginx.org/hsts-max-age: "15552000" # Uncomment to allow solving HTTP01 challenge ingress.kubernetes.io/ssl-redirect: "true" nginx.org/redirect-to-https: "false" spec: tls: - hosts: - dns.dodges.it secretName: dns-le-secret rules: - host: dns.dodges.it http: paths: - path: / pathType: Prefix backend: service: name: pihole port: number: 80 ingressClassName: nginx --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: gogs-ingress annotations: cert-manager.io/cluster-issuer: "letsencrypt" acme.cert-manager.io/http01-edit-in-place: "true" nginx.org/client-max-body-size: "500m" nginx.org/proxy-connect-timeout: "60s" nginx.org/proxy-read-timeout: "60s" nginx.org/hsts: "True" nginx.org/hsts-max-age: "15552000" # Uncomment to allow solving HTTP01 challenge #ingress.kubernetes.io/ssl-redirect: "true" #nginx.org/redirect-to-https: "false" spec: tls: - hosts: - gogs.dodges.it secretName: gogs-le-secret rules: - host: gogs.dodges.it http: paths: - path: / pathType: Prefix backend: service: name: gogs port: number: 50001 ingressClassName: nginx --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: ng-ingress annotations: nginx.org/client-max-body-size: "4096m" nginx.org/proxy-connect-timeout: "500s" nginx.org/proxy-read-timeout: "500s" nginx.org/proxy-send-timeout: "500s" nginx.org/hsts: "True" nginx.org/hsts-max-age: "15552000" # Prevent nginx HTTP Server Detection nginx.org/server-tokens: "False" # Uncomment to allow solving HTTP01 challenge #ingress.kubernetes.io/ssl-redirect: "true" #nginx.org/redirect-to-https: "false" acme.cert-manager.io/http01-edit-in-place: "true" cert-manager.io/cluster-issuer: "letsencrypt" # Enable CalDAV and WebDAV to work. Might break ACME challenge? nginx.org/server-snippets: | location = /.well-known/carddav { return 301 /remote.php/dav/; } location = /.well-known/caldav { return 301 /remote.php/dav/; } fastcgi_buffers 64 4K; gzip on; gzip_vary on; gzip_comp_level 4; gzip_min_length 256; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; spec: tls: - hosts: - ng.dodges.it secretName: ng-le-secret rules: - host: ng.dodges.it http: paths: - path: / pathType: Prefix backend: service: name: nextcloud port: number: 50011 ingressClassName: nginx --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: db-ingress annotations: cert-manager.io/cluster-issuer: "letsencrypt" acme.cert-manager.io/http01-edit-in-place: "true" nginx.org/hsts: "True" nginx.org/hsts-max-age: "15552000" # Uncomment to allow solving HTTP01 challenge #ingress.kubernetes.io/ssl-redirect: "true" #nginx.org/redirect-to-https: "false" spec: tls: - hosts: - db.dodges.it secretName: db-le-secret rules: - host: db.dodges.it http: paths: - path: / pathType: Prefix backend: service: name: phpmyadmin port: number: 50003 ingressClassName: nginx --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: trt-ingress annotations: # Uncomment to allow solving HTTP01 challenge ingress.kubernetes.io/ssl-redirect: "true" nginx.org/redirect-to-https: "true" acme.cert-manager.io/http01-edit-in-place: "true" cert-manager.io/cluster-issuer: "letsencrypt" nginx.org/basic-auth-secret: transmission-secret nginx.org/hsts: "true" nginx.org/hsts-max-age: "15552000" spec: tls: - hosts: - trt.dodges.it secretName: trt-le-secret rules: - host: trt.dodges.it http: paths: - path: / pathType: Prefix backend: service: name: transmission port: number: 9091 ingressClassName: nginx --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: lang-ingress annotations: cert-manager.io/cluster-issuer: "letsencrypt" acme.cert-manager.io/http01-edit-in-place: "true" nginx.org/client-max-body-size: "500m" nginx.org/proxy-connect-timeout: "60s" nginx.org/proxy-read-timeout: "60s" nginx.org/hsts: "True" nginx.org/hsts-max-age: "15552000" # Uncomment to allow solving HTTP01 challenge #ingress.kubernetes.io/ssl-redirect: "true" #nginx.org/redirect-to-https: "false" spec: tls: - hosts: - lang-dev.dodges.it secretName: lang-le-secret rules: - host: lang-dev.dodges.it http: paths: - path: /api pathType: Prefix backend: service: name: languagetandem port: number: 8000 - path: / pathType: Prefix backend: service: name: languagetandem-fe port: number: 80 ingressClassName: nginx --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: homeassistant-ingress annotations: cert-manager.io/cluster-issuer: "letsencrypt" acme.cert-manager.io/http01-edit-in-place: "true" nginx.org/client-max-body-size: "500m" nginx.org/proxy-connect-timeout: "60s" nginx.org/proxy-read-timeout: "60s" nginx.org/hsts: "True" nginx.org/hsts-max-age: "15552000" # Uncomment to allow solving HTTP01 challenge nginx.org/redirect-to-https: "true" nginx.org/location-snippets: | proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; spec: tls: - hosts: - ha.dodges.it secretName: ha-le-secret rules: - host: ha.dodges.it http: paths: - path: / pathType: Prefix backend: service: name: homeassistant port: number: 8123 ingressClassName: nginx --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: cyberchef-ingress annotations: cert-manager.io/cluster-issuer: "letsencrypt" acme.cert-manager.io/http01-edit-in-place: "true" nginx.org/client-max-body-size: "500m" nginx.org/proxy-connect-timeout: "60s" nginx.org/proxy-read-timeout: "60s" nginx.org/hsts: "True" nginx.org/hsts-max-age: "15552000" # Uncomment to allow solving HTTP01 challenge ingress.kubernetes.io/ssl-redirect: "true" nginx.org/redirect-to-https: "false" spec: tls: - hosts: - cc.dodges.it secretName: cc-le-secret rules: - host: cc.dodges.it http: paths: - path: / pathType: Prefix backend: service: name: cyberchef port: number: 80 ingressClassName: nginx --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: evil-ingress annotations: cert-manager.io/cluster-issuer: "letsencrypt" acme.cert-manager.io/http01-edit-in-place: "true" nginx.org/client-max-body-size: "500m" nginx.org/proxy-connect-timeout: "60s" nginx.org/proxy-read-timeout: "60s" nginx.org/hsts: "True" nginx.org/hsts-max-age: "15552000" # Uncomment to allow solving HTTP01 challenge ingress.kubernetes.io/ssl-redirect: "true" nginx.org/redirect-to-https: "false" nginx.org/location-snippets: | if ($request_method = 'POST') { add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT'; add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; } if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT'; add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; add_header 'Access-Control-Max-Age' 1728000; add_header 'Content-Type' 'text/plain; charset=utf-8'; add_header 'Content-Length' 0; return 204; } spec: tls: - hosts: - evil.dodges.it secretName: evil-le-secret rules: - host: evil.dodges.it http: paths: - path: / pathType: Prefix backend: service: name: evil port: number: 80 ingressClassName: nginx --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: nc-ingress annotations: cert-manager.io/cluster-issuer: "letsencrypt" acme.cert-manager.io/http01-edit-in-place: "true" nginx.org/client-max-body-size: "500m" nginx.org/proxy-connect-timeout: "60s" nginx.org/proxy-read-timeout: "60s" nginx.org/hsts: "False" # Uncomment to allow solving HTTP01 challenge ingress.kubernetes.io/ssl-redirect: "true" nginx.org/redirect-to-https: "false" spec: tls: - hosts: - nc.dodges.it secretName: nc-le-secret rules: - host: nc.dodges.it http: paths: - path: / pathType: Prefix backend: service: name: nc port: number: 8080 ingressClassName: nginx --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: gradewhisperer-ingress annotations: cert-manager.io/cluster-issuer: "letsencrypt" acme.cert-manager.io/http01-edit-in-place: "true" nginx.org/client-max-body-size: "500m" nginx.org/proxy-connect-timeout: "60s" nginx.org/proxy-read-timeout: "60s" nginx.org/hsts: "False" # Uncomment to allow solving HTTP01 challenge ingress.kubernetes.io/ssl-redirect: "true" nginx.org/redirect-to-https: "false" spec: tls: - hosts: - gradewhisperer.dodges.it secretName: gradewhisperer-le-secret rules: - host: gradewhisperer.dodges.it http: paths: - path: / pathType: Prefix backend: service: name: gradewhisperer port: number: 80 ingressClassName: nginx