qdii
/
k8s


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463
							apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nas-ingress
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt"
    acme.cert-manager.io/http01-edit-in-place: "true"
    nginx.org/client-max-body-size: "500m"
    nginx.org/proxy-connect-timeout: "60s"
    nginx.org/proxy-read-timeout: "60s"
    nginx.org/hsts: "True"
    nginx.org/hsts-max-age: "15552000"
    # Uncomment to allow solving HTTP01 challenge
    ingress.kubernetes.io/ssl-redirect: "true"
    nginx.org/redirect-to-https: "false"
spec:
  tls:
  - hosts:
    - nas.dodges.it
    secretName: nas-le-secret
  rules:
  - host: nas.dodges.it
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: nas
            port:
              number: 80
  ingressClassName: nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: pihole-ingress
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt"
    acme.cert-manager.io/http01-edit-in-place: "true"
    nginx.org/client-max-body-size: "500m"
    nginx.org/proxy-connect-timeout: "60s"
    nginx.org/proxy-read-timeout: "60s"
    nginx.org/hsts: "True"
    nginx.org/hsts-max-age: "15552000"
    # Uncomment to allow solving HTTP01 challenge
    ingress.kubernetes.io/ssl-redirect: "true"
    nginx.org/redirect-to-https: "false"
spec:
  tls:
  - hosts:
    - dns.dodges.it
    secretName: dns-le-secret
  rules:
  - host: dns.dodges.it
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: pihole
            port:
              number: 80
  ingressClassName: nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: gogs-ingress
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt"
    acme.cert-manager.io/http01-edit-in-place: "true"
    nginx.org/client-max-body-size: "500m"
    nginx.org/proxy-connect-timeout: "60s"
    nginx.org/proxy-read-timeout: "60s"
    nginx.org/hsts: "True"
    nginx.org/hsts-max-age: "15552000"
    # Uncomment to allow solving HTTP01 challenge
    #ingress.kubernetes.io/ssl-redirect: "true"
    #nginx.org/redirect-to-https: "false"
spec:
  tls:
  - hosts:
    - gogs.dodges.it
    secretName: gogs-le-secret
  rules:
  - host: gogs.dodges.it
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: gogs
            port:
              number: 50001
  ingressClassName: nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ng-ingress
  annotations:
    nginx.org/client-max-body-size: "4096m"
    nginx.org/proxy-connect-timeout: "500s"
    nginx.org/proxy-read-timeout: "500s"
    nginx.org/proxy-send-timeout: "500s"
    nginx.org/hsts: "True"
    nginx.org/hsts-max-age: "15552000"
    # Prevent nginx HTTP Server Detection
    nginx.org/server-tokens: "False"
    # Uncomment to allow solving HTTP01 challenge
    #ingress.kubernetes.io/ssl-redirect: "true"
    #nginx.org/redirect-to-https: "false"
    acme.cert-manager.io/http01-edit-in-place: "true"
    cert-manager.io/cluster-issuer: "letsencrypt"

    # Enable CalDAV and WebDAV to work. Might break ACME challenge?
    nginx.org/server-snippets: |
      location = /.well-known/carddav { return 301 /remote.php/dav/; }
      location = /.well-known/caldav  { return 301 /remote.php/dav/; }
      fastcgi_buffers 64 4K;
      gzip on;
      gzip_vary on;
      gzip_comp_level 4;
      gzip_min_length 256;
      gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
      gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

spec:
  tls:
  - hosts:
    - ng.dodges.it
    secretName: ng-le-secret
  rules:
  - host: ng.dodges.it
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: nextcloud
            port:
              number: 50011
  ingressClassName: nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: db-ingress
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt"
    acme.cert-manager.io/http01-edit-in-place: "true"
    nginx.org/hsts: "True"
    nginx.org/hsts-max-age: "15552000"
    # Uncomment to allow solving HTTP01 challenge
    #ingress.kubernetes.io/ssl-redirect: "true"
    #nginx.org/redirect-to-https: "false"
spec:
  tls:
  - hosts:
    - db.dodges.it
    secretName: db-le-secret
  rules:
  - host: db.dodges.it
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: phpmyadmin
            port:
              number: 50003
  ingressClassName: nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: trt-ingress
  annotations:
    # Uncomment to allow solving HTTP01 challenge
    ingress.kubernetes.io/ssl-redirect: "true"
    nginx.org/redirect-to-https: "true"
    acme.cert-manager.io/http01-edit-in-place: "true"
    cert-manager.io/cluster-issuer: "letsencrypt"
    nginx.org/basic-auth-secret: transmission-secret
    nginx.org/hsts: "true"
    nginx.org/hsts-max-age: "15552000"
spec:
  tls:
  - hosts:
    - trt.dodges.it
    secretName: trt-le-secret
  rules:
  - host: trt.dodges.it
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: transmission
            port:
              number: 9091
  ingressClassName: nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: lang-ingress
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt"
    acme.cert-manager.io/http01-edit-in-place: "true"
    nginx.org/client-max-body-size: "500m"
    nginx.org/proxy-connect-timeout: "60s"
    nginx.org/proxy-read-timeout: "60s"
    nginx.org/hsts: "True"
    nginx.org/hsts-max-age: "15552000"
    # Uncomment to allow solving HTTP01 challenge
    #ingress.kubernetes.io/ssl-redirect: "true"
    #nginx.org/redirect-to-https: "false"
spec:
  tls:
  - hosts:
    - lang-dev.dodges.it
    secretName: lang-le-secret
  rules:
  - host: lang-dev.dodges.it
    http:
      paths:
      - path: /api
        pathType: Prefix
        backend:
          service:
            name: languagetandem
            port:
              number: 8000
      - path: /
        pathType: Prefix
        backend:
          service:
            name: languagetandem-fe
            port:
              number: 80
  ingressClassName: nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: homeassistant-ingress
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt"
    acme.cert-manager.io/http01-edit-in-place: "true"
    nginx.org/client-max-body-size: "500m"
    nginx.org/proxy-connect-timeout: "60s"
    nginx.org/proxy-read-timeout: "60s"
    nginx.org/hsts: "True"
    nginx.org/hsts-max-age: "15552000"
    # Uncomment to allow solving HTTP01 challenge
    nginx.org/redirect-to-https: "true"
    nginx.org/location-snippets: |
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
spec:
  tls:
  - hosts:
    - ha.dodges.it
    secretName: ha-le-secret
  rules:
  - host: ha.dodges.it
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: homeassistant
            port:
              number: 8123
  ingressClassName: nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: cyberchef-ingress
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt"
    acme.cert-manager.io/http01-edit-in-place: "true"
    nginx.org/client-max-body-size: "500m"
    nginx.org/proxy-connect-timeout: "60s"
    nginx.org/proxy-read-timeout: "60s"
    nginx.org/hsts: "True"
    nginx.org/hsts-max-age: "15552000"
    # Uncomment to allow solving HTTP01 challenge
    ingress.kubernetes.io/ssl-redirect: "true"
    nginx.org/redirect-to-https: "false"
spec:
  tls:
  - hosts:
    - cc.dodges.it
    secretName: cc-le-secret
  rules:
  - host: cc.dodges.it
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: cyberchef
            port:
              number: 80
  ingressClassName: nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: evil-ingress
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt"
    acme.cert-manager.io/http01-edit-in-place: "true"
    nginx.org/client-max-body-size: "500m"
    nginx.org/proxy-connect-timeout: "60s"
    nginx.org/proxy-read-timeout: "60s"
    nginx.org/hsts: "True"
    nginx.org/hsts-max-age: "15552000"
    # Uncomment to allow solving HTTP01 challenge
    ingress.kubernetes.io/ssl-redirect: "true"
    nginx.org/redirect-to-https: "false"
    nginx.org/location-snippets: |
     if ($request_method = 'POST') {
       add_header 'Access-Control-Allow-Origin' '*';
       add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT';
       add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
     }
     if ($request_method = 'OPTIONS') {
       add_header 'Access-Control-Allow-Origin' '*';
       add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT';
       add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
       add_header 'Access-Control-Max-Age' 1728000;
       add_header 'Content-Type' 'text/plain; charset=utf-8';
       add_header 'Content-Length' 0;
       return 204;
     }
spec:
  tls:
  - hosts:
    - evil.dodges.it
    secretName: evil-le-secret
  rules:
  - host: evil.dodges.it
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: evil
            port:
              number: 80
  ingressClassName: nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nc-ingress
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt"
    acme.cert-manager.io/http01-edit-in-place: "true"
    nginx.org/client-max-body-size: "500m"
    nginx.org/proxy-connect-timeout: "60s"
    nginx.org/proxy-read-timeout: "60s"
    nginx.org/hsts: "False"
    # Uncomment to allow solving HTTP01 challenge
    ingress.kubernetes.io/ssl-redirect: "true"
    nginx.org/redirect-to-https: "false"
spec:
  tls:
  - hosts:
    - nc.dodges.it
    secretName: nc-le-secret
  rules:
  - host: nc.dodges.it
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: nc
            port:
              number: 8080
  ingressClassName: nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: gradewhisperer-ingress
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt"
    acme.cert-manager.io/http01-edit-in-place: "true"
    nginx.org/client-max-body-size: "500m"
    nginx.org/proxy-connect-timeout: "60s"
    nginx.org/proxy-read-timeout: "60s"
    nginx.org/hsts: "False"
    # Uncomment to allow solving HTTP01 challenge
    ingress.kubernetes.io/ssl-redirect: "true"
    nginx.org/redirect-to-https: "false"
spec:
  tls:
  - hosts:
    - gradewhisperer.dodges.it
    secretName: gradewhisperer-le-secret
  rules:
  - host: gradewhisperer.dodges.it
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: gradewhisperer
            port:
              number: 80
  ingressClassName: nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: osmedeus-ingress
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt"
    acme.cert-manager.io/http01-edit-in-place: "true"
    nginx.org/client-max-body-size: "500m"
    nginx.org/proxy-connect-timeout: "60s"
    nginx.org/proxy-read-timeout: "60s"
    # Uncomment to allow solving HTTP01 challenge
    nginx.org/hsts: "True"
    # ingress.kubernetes.io/ssl-redirect: "false"
    # nginx.org/redirect-to-https: "false"
    # Upstream uses HTTPS, so connect in HTTPS.
    nginx.org/ssl-services: "osmedeus"
spec:
  tls:
  - hosts:
    - osmedeus.dodges.it
    secretName: osmedeus-le-secret
  rules:
  - host: osmedeus.dodges.it
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: osmedeus
            port:
              number: 8000
  ingressClassName: nginx