github-personal/Biohazard
1
0
Fork 0
mirror of https://github.com/outbackdingo/Biohazard.git synced 2026-01-27 18:18:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(external-proxy-x): add Immich share

Browse Source
This commit is contained in:
JJGadgets
2024-05-15 02:43:21 +08:00
parent 8145c365f0
commit 0ff327e978
2 changed files with 32 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
kube/deploy/core/ingress/external-proxy-x/app/hr.yaml
View File

@@ -95,9 +95,14 @@ spec:
bind :80 accept-proxy
redirect scheme https code 301 if !{ ssl_fc } # HTTP to HTTPS redirect
option forwardfor
use_backend immich if { req.hdr(host) -m str ${APP_DNS_IMMICH} } { path_beg /share/ }
use_backend nginx-public if { req.hdr(host) -m end ${DNS_LONG} }
use_backend nginx-external if { req.hdr(host) -m end ${DNS_SHORT} }
backend immich
mode http
server immich immich.immich.svc.cluster.local:3001 check
backend nginx-public
mode http
server nginxpublic nginx-public-controller.ingress.svc.cluster.local:443 ssl verify none sni str(%[ssl_fc_sni]) check check-sni str(external-proxy-x.${DNS_LONG})
@@ -109,8 +114,8 @@ spec:
# server internalnginx ingress-nginx-controller.ingress.svc.cluster.local:443 ssl verify required ca-file /tls/ca.pem
resources:
requests:
cpu: 50m
cpu: 10m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
memory: 512Mi

25
kube/deploy/core/ingress/external-proxy-x/app/netpol.yaml Normal file
View File

@@ -0,0 +1,25 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/cilium.io/ciliumnetworkpolicy_v2.json
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: &app external-proxy-x
namespace: ingress
spec:
endpointSelector:
matchLabels:
app.kubernetes.io/name: haproxy
app.kubernetes.io/instance: *app
ingress:
- fromCIDRSet:
- cidr: "${IP_EC2_NON_K8S}/32"
toPorts:
- ports:
- port: "80"
protocol: TCP
- port: "80"
protocol: UDP
- port: "443"
protocol: TCP
- port: "443"
protocol: UDP