123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464 |
- apiVersion: networking.k8s.io/v1
- kind: Ingress
- metadata:
- name: nas-ingress
- annotations:
- cert-manager.io/cluster-issuer: "letsencrypt"
- acme.cert-manager.io/http01-edit-in-place: "true"
- nginx.org/client-max-body-size: "500m"
- nginx.org/proxy-connect-timeout: "60s"
- nginx.org/proxy-read-timeout: "60s"
- nginx.org/hsts: "True"
- nginx.org/hsts-max-age: "15552000"
- # Uncomment to allow solving HTTP01 challenge
- ingress.kubernetes.io/ssl-redirect: "true"
- nginx.org/redirect-to-https: "false"
- spec:
- tls:
- - hosts:
- - nas.dodges.it
- secretName: nas-le-secret
- rules:
- - host: nas.dodges.it
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: nas
- port:
- number: 80
- ingressClassName: nginx
- ---
- apiVersion: networking.k8s.io/v1
- kind: Ingress
- metadata:
- name: pihole-ingress
- annotations:
- cert-manager.io/cluster-issuer: "letsencrypt"
- acme.cert-manager.io/http01-edit-in-place: "true"
- nginx.org/client-max-body-size: "500m"
- nginx.org/proxy-connect-timeout: "60s"
- nginx.org/proxy-read-timeout: "60s"
- nginx.org/hsts: "True"
- nginx.org/hsts-max-age: "15552000"
- # Uncomment to allow solving HTTP01 challenge
- ingress.kubernetes.io/ssl-redirect: "true"
- nginx.org/redirect-to-https: "false"
- spec:
- tls:
- - hosts:
- - dns.dodges.it
- secretName: dns-le-secret
- rules:
- - host: dns.dodges.it
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: pihole
- port:
- number: 80
- ingressClassName: nginx
- ---
- apiVersion: networking.k8s.io/v1
- kind: Ingress
- metadata:
- name: gogs-ingress
- annotations:
- cert-manager.io/cluster-issuer: "letsencrypt"
- acme.cert-manager.io/http01-edit-in-place: "true"
- nginx.org/client-max-body-size: "500m"
- nginx.org/proxy-connect-timeout: "60s"
- nginx.org/proxy-read-timeout: "60s"
- nginx.org/hsts: "True"
- nginx.org/hsts-max-age: "15552000"
- # Uncomment to allow solving HTTP01 challenge
- #ingress.kubernetes.io/ssl-redirect: "true"
- #nginx.org/redirect-to-https: "false"
- spec:
- tls:
- - hosts:
- - gogs.dodges.it
- secretName: gogs-le-secret
- rules:
- - host: gogs.dodges.it
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: gogs
- port:
- number: 50001
- ingressClassName: nginx
- ---
- apiVersion: networking.k8s.io/v1
- kind: Ingress
- metadata:
- name: ng-ingress
- annotations:
- nginx.org/client-max-body-size: "4096m"
- nginx.org/proxy-connect-timeout: "500s"
- nginx.org/proxy-read-timeout: "500s"
- nginx.org/proxy-send-timeout: "500s"
- nginx.org/hsts: "True"
- nginx.org/hsts-max-age: "15552000"
- # Prevent nginx HTTP Server Detection
- nginx.org/server-tokens: "False"
- # Uncomment to allow solving HTTP01 challenge
- #ingress.kubernetes.io/ssl-redirect: "true"
- #nginx.org/redirect-to-https: "false"
- acme.cert-manager.io/http01-edit-in-place: "true"
- cert-manager.io/cluster-issuer: "letsencrypt"
- # Enable CalDAV and WebDAV to work. Might break ACME challenge?
- nginx.org/server-snippets: |
- location = /.well-known/carddav { return 301 /remote.php/dav/; }
- location = /.well-known/caldav { return 301 /remote.php/dav/; }
- fastcgi_buffers 64 4K;
- gzip on;
- gzip_vary on;
- gzip_comp_level 4;
- gzip_min_length 256;
- gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
- gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
- spec:
- tls:
- - hosts:
- - ng.dodges.it
- secretName: ng-le-secret
- rules:
- - host: ng.dodges.it
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: nextcloud
- port:
- number: 50011
- ingressClassName: nginx
- ---
- apiVersion: networking.k8s.io/v1
- kind: Ingress
- metadata:
- name: db-ingress
- annotations:
- cert-manager.io/cluster-issuer: "letsencrypt"
- acme.cert-manager.io/http01-edit-in-place: "true"
- nginx.org/hsts: "True"
- nginx.org/hsts-max-age: "15552000"
- # Uncomment to allow solving HTTP01 challenge
- #ingress.kubernetes.io/ssl-redirect: "true"
- #nginx.org/redirect-to-https: "false"
- spec:
- tls:
- - hosts:
- - db.dodges.it
- secretName: db-le-secret
- rules:
- - host: db.dodges.it
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: phpmyadmin
- port:
- number: 50003
- ingressClassName: nginx
- ---
- apiVersion: networking.k8s.io/v1
- kind: Ingress
- metadata:
- name: trt-ingress
- annotations:
- # Uncomment to allow solving HTTP01 challenge
- ingress.kubernetes.io/ssl-redirect: "true"
- nginx.org/redirect-to-https: "true"
- acme.cert-manager.io/http01-edit-in-place: "true"
- cert-manager.io/cluster-issuer: "letsencrypt"
- # nginx.org/basic-auth-secret: ""
- # nginx.org/basic-auth-secret: transmission-secret
- nginx.org/hsts: "true"
- nginx.org/hsts-max-age: "15552000"
- spec:
- tls:
- - hosts:
- - trt.dodges.it
- secretName: trt-le-secret
- rules:
- - host: trt.dodges.it
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: transmission
- port:
- number: 9091
- ingressClassName: nginx
- ---
- apiVersion: networking.k8s.io/v1
- kind: Ingress
- metadata:
- name: lang-ingress
- annotations:
- cert-manager.io/cluster-issuer: "letsencrypt"
- acme.cert-manager.io/http01-edit-in-place: "true"
- nginx.org/client-max-body-size: "500m"
- nginx.org/proxy-connect-timeout: "60s"
- nginx.org/proxy-read-timeout: "60s"
- nginx.org/hsts: "True"
- nginx.org/hsts-max-age: "15552000"
- # Uncomment to allow solving HTTP01 challenge
- #ingress.kubernetes.io/ssl-redirect: "true"
- #nginx.org/redirect-to-https: "false"
- spec:
- tls:
- - hosts:
- - lang-dev.dodges.it
- secretName: lang-le-secret
- rules:
- - host: lang-dev.dodges.it
- http:
- paths:
- - path: /api
- pathType: Prefix
- backend:
- service:
- name: languagetandem
- port:
- number: 8000
- - path: /
- pathType: Prefix
- backend:
- service:
- name: languagetandem-fe
- port:
- number: 80
- ingressClassName: nginx
- ---
- apiVersion: networking.k8s.io/v1
- kind: Ingress
- metadata:
- name: homeassistant-ingress
- annotations:
- cert-manager.io/cluster-issuer: "letsencrypt"
- acme.cert-manager.io/http01-edit-in-place: "true"
- nginx.org/client-max-body-size: "500m"
- nginx.org/proxy-connect-timeout: "60s"
- nginx.org/proxy-read-timeout: "60s"
- nginx.org/hsts: "True"
- nginx.org/hsts-max-age: "15552000"
- # Uncomment to allow solving HTTP01 challenge
- nginx.org/redirect-to-https: "true"
- nginx.org/location-snippets: |
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- spec:
- tls:
- - hosts:
- - ha.dodges.it
- secretName: ha-le-secret
- rules:
- - host: ha.dodges.it
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: homeassistant
- port:
- number: 8123
- ingressClassName: nginx
- ---
- apiVersion: networking.k8s.io/v1
- kind: Ingress
- metadata:
- name: cyberchef-ingress
- annotations:
- cert-manager.io/cluster-issuer: "letsencrypt"
- acme.cert-manager.io/http01-edit-in-place: "true"
- nginx.org/client-max-body-size: "500m"
- nginx.org/proxy-connect-timeout: "60s"
- nginx.org/proxy-read-timeout: "60s"
- nginx.org/hsts: "True"
- nginx.org/hsts-max-age: "15552000"
- # Uncomment to allow solving HTTP01 challenge
- ingress.kubernetes.io/ssl-redirect: "true"
- nginx.org/redirect-to-https: "false"
- spec:
- tls:
- - hosts:
- - cc.dodges.it
- secretName: cc-le-secret
- rules:
- - host: cc.dodges.it
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: cyberchef
- port:
- number: 80
- ingressClassName: nginx
- ---
- apiVersion: networking.k8s.io/v1
- kind: Ingress
- metadata:
- name: evil-ingress
- annotations:
- cert-manager.io/cluster-issuer: "letsencrypt"
- acme.cert-manager.io/http01-edit-in-place: "true"
- nginx.org/client-max-body-size: "500m"
- nginx.org/proxy-connect-timeout: "60s"
- nginx.org/proxy-read-timeout: "60s"
- nginx.org/hsts: "True"
- nginx.org/hsts-max-age: "15552000"
- # Uncomment to allow solving HTTP01 challenge
- ingress.kubernetes.io/ssl-redirect: "true"
- nginx.org/redirect-to-https: "false"
- nginx.org/location-snippets: |
- if ($request_method = 'POST') {
- add_header 'Access-Control-Allow-Origin' '*';
- add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT';
- add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
- }
- if ($request_method = 'OPTIONS') {
- add_header 'Access-Control-Allow-Origin' '*';
- add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT';
- add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
- add_header 'Access-Control-Max-Age' 1728000;
- add_header 'Content-Type' 'text/plain; charset=utf-8';
- add_header 'Content-Length' 0;
- return 204;
- }
- spec:
- tls:
- - hosts:
- - evil.dodges.it
- secretName: evil-le-secret
- rules:
- - host: evil.dodges.it
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: evil
- port:
- number: 80
- ingressClassName: nginx
- ---
- apiVersion: networking.k8s.io/v1
- kind: Ingress
- metadata:
- name: nc-ingress
- annotations:
- cert-manager.io/cluster-issuer: "letsencrypt"
- acme.cert-manager.io/http01-edit-in-place: "true"
- nginx.org/client-max-body-size: "500m"
- nginx.org/proxy-connect-timeout: "60s"
- nginx.org/proxy-read-timeout: "60s"
- nginx.org/hsts: "False"
- # Uncomment to allow solving HTTP01 challenge
- ingress.kubernetes.io/ssl-redirect: "true"
- nginx.org/redirect-to-https: "false"
- spec:
- tls:
- - hosts:
- - nc.dodges.it
- secretName: nc-le-secret
- rules:
- - host: nc.dodges.it
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: nc
- port:
- number: 8080
- ingressClassName: nginx
- ---
- apiVersion: networking.k8s.io/v1
- kind: Ingress
- metadata:
- name: gradewhisperer-ingress
- annotations:
- cert-manager.io/cluster-issuer: "letsencrypt"
- acme.cert-manager.io/http01-edit-in-place: "true"
- nginx.org/client-max-body-size: "500m"
- nginx.org/proxy-connect-timeout: "60s"
- nginx.org/proxy-read-timeout: "60s"
- nginx.org/hsts: "False"
- # Uncomment to allow solving HTTP01 challenge
- ingress.kubernetes.io/ssl-redirect: "true"
- nginx.org/redirect-to-https: "false"
- spec:
- tls:
- - hosts:
- - gradewhisperer.dodges.it
- secretName: gradewhisperer-le-secret
- rules:
- - host: gradewhisperer.dodges.it
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: gradewhisperer
- port:
- number: 80
- ingressClassName: nginx
- ---
- apiVersion: networking.k8s.io/v1
- kind: Ingress
- metadata:
- name: osmedeus-ingress
- annotations:
- cert-manager.io/cluster-issuer: "letsencrypt"
- acme.cert-manager.io/http01-edit-in-place: "true"
- nginx.org/client-max-body-size: "500m"
- nginx.org/proxy-connect-timeout: "60s"
- nginx.org/proxy-read-timeout: "60s"
- # Uncomment to allow solving HTTP01 challenge
- nginx.org/hsts: "True"
- # ingress.kubernetes.io/ssl-redirect: "false"
- # nginx.org/redirect-to-https: "false"
- # Upstream uses HTTPS, so connect in HTTPS.
- nginx.org/ssl-services: "osmedeus"
- spec:
- tls:
- - hosts:
- - osmedeus.dodges.it
- secretName: osmedeus-le-secret
- rules:
- - host: osmedeus.dodges.it
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: osmedeus
- port:
- number: 8000
- ingressClassName: nginx
|