k8s/ingress/ingress.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nas-ingress
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt"
    acme.cert-manager.io/http01-edit-in-place: "true"
    nginx.org/client-max-body-size: "500m"
    nginx.org/proxy-connect-timeout: "60s"
    nginx.org/proxy-read-timeout: "60s"
    nginx.org/hsts: "True"
    nginx.org/hsts-max-age: "15552000"
    # Uncomment to allow solving HTTP01 challenge
    ingress.kubernetes.io/ssl-redirect: "true"
    nginx.org/redirect-to-https: "false"
spec:
  tls:
  - hosts:
    - nas.dodges.it
    secretName: nas-le-secret
  rules:
  - host: nas.dodges.it
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: nas
            port:
              number: 80
  ingressClassName: nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: pihole-ingress
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt"
    acme.cert-manager.io/http01-edit-in-place: "true"
    nginx.org/client-max-body-size: "500m"
    nginx.org/proxy-connect-timeout: "60s"
    nginx.org/proxy-read-timeout: "60s"
    nginx.org/hsts: "True"
    nginx.org/hsts-max-age: "15552000"
    # Uncomment to allow solving HTTP01 challenge
    ingress.kubernetes.io/ssl-redirect: "true"
    nginx.org/redirect-to-https: "false"
spec:
  tls:
  - hosts:
    - dns.dodges.it
    secretName: dns-le-secret
  rules:
  - host: dns.dodges.it
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: pihole
            port:
              number: 80
  ingressClassName: nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: gogs-ingress
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt"
    acme.cert-manager.io/http01-edit-in-place: "true"
    nginx.org/client-max-body-size: "500m"
    nginx.org/proxy-connect-timeout: "60s"
    nginx.org/proxy-read-timeout: "60s"
    nginx.org/hsts: "True"
    nginx.org/hsts-max-age: "15552000"
    # Uncomment to allow solving HTTP01 challenge
    #ingress.kubernetes.io/ssl-redirect: "true"
    #nginx.org/redirect-to-https: "false"
spec:
  tls:
  - hosts:
    - gogs.dodges.it
    secretName: gogs-le-secret
  rules:
  - host: gogs.dodges.it
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: gogs
            port:
              number: 50001
  ingressClassName: nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ng-ingress
  annotations:
    nginx.org/client-max-body-size: "4096m"
    nginx.org/proxy-connect-timeout: "500s"
    nginx.org/proxy-read-timeout: "500s"
    nginx.org/proxy-send-timeout: "500s"
    nginx.org/hsts: "True"
    nginx.org/hsts-max-age: "15552000"
    # Prevent nginx HTTP Server Detection
    nginx.org/server-tokens: "False"
    # Uncomment to allow solving HTTP01 challenge
    #ingress.kubernetes.io/ssl-redirect: "true"
    #nginx.org/redirect-to-https: "false"
    acme.cert-manager.io/http01-edit-in-place: "true"
    cert-manager.io/cluster-issuer: "letsencrypt"

    # Enable CalDAV and WebDAV to work. Might break ACME challenge?
    nginx.org/server-snippets: |
      location = /.well-known/carddav { return 301 /remote.php/dav/; }
      location = /.well-known/caldav  { return 301 /remote.php/dav/; }
      fastcgi_buffers 64 4K;
      gzip on;
      gzip_vary on;
      gzip_comp_level 4;
      gzip_min_length 256;
      gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
      gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

spec:
  tls:
  - hosts:
    - ng.dodges.it
    secretName: ng-le-secret
  rules:
  - host: ng.dodges.it
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: nextcloud
            port:
              number: 50011
  ingressClassName: nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: db-ingress
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt"
    acme.cert-manager.io/http01-edit-in-place: "true"
    nginx.org/hsts: "True"
    nginx.org/hsts-max-age: "15552000"
    # Uncomment to allow solving HTTP01 challenge
    #ingress.kubernetes.io/ssl-redirect: "true"
    #nginx.org/redirect-to-https: "false"
spec:
  tls:
  - hosts:
    - db.dodges.it
    secretName: db-le-secret
  rules:
  - host: db.dodges.it
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: phpmyadmin
            port:
              number: 50003
  ingressClassName: nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: trt-ingress
  annotations:
    # Uncomment to allow solving HTTP01 challenge
    ingress.kubernetes.io/ssl-redirect: "true"
    nginx.org/redirect-to-https: "true"
    acme.cert-manager.io/http01-edit-in-place: "true"
    cert-manager.io/cluster-issuer: "letsencrypt"
    # nginx.org/basic-auth-secret: ""
    # nginx.org/basic-auth-secret: transmission-secret
    nginx.org/hsts: "true"
    nginx.org/hsts-max-age: "15552000"
spec:
  tls:
  - hosts:
    - trt.dodges.it
    secretName: trt-le-secret
  rules:
  - host: trt.dodges.it
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: transmission
            port:
              number: 9091
  ingressClassName: nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: lang-ingress
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt"
    acme.cert-manager.io/http01-edit-in-place: "true"
    nginx.org/client-max-body-size: "500m"
    nginx.org/proxy-connect-timeout: "60s"
    nginx.org/proxy-read-timeout: "60s"
    nginx.org/hsts: "True"
    nginx.org/hsts-max-age: "15552000"
    # Uncomment to allow solving HTTP01 challenge
    #ingress.kubernetes.io/ssl-redirect: "true"
    #nginx.org/redirect-to-https: "false"
spec:
  tls:
  - hosts:
    - lang-dev.dodges.it
    secretName: lang-le-secret
  rules:
  - host: lang-dev.dodges.it
    http:
      paths:
      - path: /api
        pathType: Prefix
        backend:
          service:
            name: languagetandem
            port:
              number: 8000
      - path: /
        pathType: Prefix
        backend:
          service:
            name: languagetandem-fe
            port:
              number: 80
  ingressClassName: nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: homeassistant-ingress
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt"
    acme.cert-manager.io/http01-edit-in-place: "true"
    nginx.org/client-max-body-size: "500m"
    nginx.org/proxy-connect-timeout: "60s"
    nginx.org/proxy-read-timeout: "60s"
    nginx.org/hsts: "True"
    nginx.org/hsts-max-age: "15552000"
    # Uncomment to allow solving HTTP01 challenge
    nginx.org/redirect-to-https: "true"
    nginx.org/location-snippets: |
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
spec:
  tls:
  - hosts:
    - ha.dodges.it
    secretName: ha-le-secret
  rules:
  - host: ha.dodges.it
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: homeassistant
            port:
              number: 8123
  ingressClassName: nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: cyberchef-ingress
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt"
    acme.cert-manager.io/http01-edit-in-place: "true"
    nginx.org/client-max-body-size: "500m"
    nginx.org/proxy-connect-timeout: "60s"
    nginx.org/proxy-read-timeout: "60s"
    nginx.org/hsts: "True"
    nginx.org/hsts-max-age: "15552000"
    # Uncomment to allow solving HTTP01 challenge
    ingress.kubernetes.io/ssl-redirect: "true"
    nginx.org/redirect-to-https: "false"
spec:
  tls:
  - hosts:
    - cc.dodges.it
    secretName: cc-le-secret
  rules:
  - host: cc.dodges.it
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: cyberchef
            port:
              number: 80
  ingressClassName: nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: evil-ingress
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt"
    acme.cert-manager.io/http01-edit-in-place: "true"
    nginx.org/client-max-body-size: "500m"
    nginx.org/proxy-connect-timeout: "60s"
    nginx.org/proxy-read-timeout: "60s"
    nginx.org/hsts: "True"
    nginx.org/hsts-max-age: "15552000"
    # Uncomment to allow solving HTTP01 challenge
    ingress.kubernetes.io/ssl-redirect: "true"
    nginx.org/redirect-to-https: "false"
    nginx.org/location-snippets: |
     if ($request_method = 'POST') {
       add_header 'Access-Control-Allow-Origin' '*';
       add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT';
       add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
     }
     if ($request_method = 'OPTIONS') {
       add_header 'Access-Control-Allow-Origin' '*';
       add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT';
       add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
       add_header 'Access-Control-Max-Age' 1728000;
       add_header 'Content-Type' 'text/plain; charset=utf-8';
       add_header 'Content-Length' 0;
       return 204;
     }
spec:
  tls:
  - hosts:
    - evil.dodges.it
    secretName: evil-le-secret
  rules:
  - host: evil.dodges.it
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: evil
            port:
              number: 80
  ingressClassName: nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nc-ingress
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt"
    acme.cert-manager.io/http01-edit-in-place: "true"
    nginx.org/client-max-body-size: "500m"
    nginx.org/proxy-connect-timeout: "60s"
    nginx.org/proxy-read-timeout: "60s"
    nginx.org/hsts: "False"
    # Uncomment to allow solving HTTP01 challenge
    ingress.kubernetes.io/ssl-redirect: "true"
    nginx.org/redirect-to-https: "false"
spec:
  tls:
  - hosts:
    - nc.dodges.it
    secretName: nc-le-secret
  rules:
  - host: nc.dodges.it
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: nc
            port:
              number: 8080
  ingressClassName: nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: gradewhisperer-ingress
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt"
    acme.cert-manager.io/http01-edit-in-place: "true"
    nginx.org/client-max-body-size: "500m"
    nginx.org/proxy-connect-timeout: "60s"
    nginx.org/proxy-read-timeout: "60s"
    nginx.org/hsts: "False"
    # Uncomment to allow solving HTTP01 challenge
    ingress.kubernetes.io/ssl-redirect: "true"
    nginx.org/redirect-to-https: "false"
spec:
  tls:
  - hosts:
    - gradewhisperer.dodges.it
    secretName: gradewhisperer-le-secret
  rules:
  - host: gradewhisperer.dodges.it
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: gradewhisperer
            port:
              number: 80
  ingressClassName: nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: osmedeus-ingress
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt"
    acme.cert-manager.io/http01-edit-in-place: "true"
    nginx.org/client-max-body-size: "500m"
    nginx.org/proxy-connect-timeout: "60s"
    nginx.org/proxy-read-timeout: "60s"
    # Uncomment to allow solving HTTP01 challenge
    nginx.org/hsts: "True"
    # ingress.kubernetes.io/ssl-redirect: "false"
    # nginx.org/redirect-to-https: "false"
    # Upstream uses HTTPS, so connect in HTTPS.
    nginx.org/ssl-services: "osmedeus"
spec:
  tls:
  - hosts:
    - osmedeus.dodges.it
    secretName: osmedeus-le-secret
  rules:
  - host: osmedeus.dodges.it
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: osmedeus
            port:
              number: 8000
  ingressClassName: nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: photoprism-ingress
  namespace: photoprism
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt"
    acme.cert-manager.io/http01-edit-in-place: "true"
    nginx.org/client-max-body-size: "500m"
    nginx.org/proxy-connect-timeout: "60s"
    nginx.org/proxy-read-timeout: "60s"
    # Uncomment to allow solving HTTP01 challenge
    nginx.org/hsts: "false"
    ingress.kubernetes.io/ssl-redirect: "false"
    nginx.org/redirect-to-https: "false"
spec:
  tls:
  - hosts:
    - pics.dodges.it
    secretName: photoprism-le-secret
  rules:
  - host: pics.dodges.it
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: photoprism
            port:
              number: 2342
  ingressClassName: nginx