From c83f3988aedd4b1b22d1c48a07cc36b431970102 Mon Sep 17 00:00:00 2001 From: Alexander Olofsson Date: Tue, 22 Aug 2023 14:08:43 +0200 Subject: [PATCH] lemmy: Clean up indentation of proxy config --- charts/lemmy/templates/configmap-proxy.yaml | 139 ++++++++++---------- 1 file changed, 70 insertions(+), 69 deletions(-) diff --git a/charts/lemmy/templates/configmap-proxy.yaml b/charts/lemmy/templates/configmap-proxy.yaml index 393bc7a..3703c99 100644 --- a/charts/lemmy/templates/configmap-proxy.yaml +++ b/charts/lemmy/templates/configmap-proxy.yaml @@ -12,93 +12,94 @@ data: worker_processes auto; events { - worker_connections 1024; + worker_connections 1024; } + http { - # We construct a string consistent of the "request method" and "http accept header" - # and then apply soem ~simply regexp matches to that combination to decide on the - # HTTP upstream we should proxy the request to. - # - # Example strings: - # - # "GET:application/activity+json" - # "GET:text/html" - # "POST:application/activity+json" - # - # You can see some basic match tests in this regex101 matching this configuration - # https://regex101.com/r/vwMJNc/1 - # - # Learn more about nginx maps here http://nginx.org/en/docs/http/ngx_http_map_module.html - map "$request_method:$http_accept" $proxpass { - # If no explicit matches exists below, send traffic to lemmy-ui - default "http://lemmy-ui"; + # We construct a string consistent of the "request method" and "http accept header" + # and then apply soem ~simply regexp matches to that combination to decide on the + # HTTP upstream we should proxy the request to. + # + # Example strings: + # + # "GET:application/activity+json" + # "GET:text/html" + # "POST:application/activity+json" + # + # You can see some basic match tests in this regex101 matching this configuration + # https://regex101.com/r/vwMJNc/1 + # + # Learn more about nginx maps here http://nginx.org/en/docs/http/ngx_http_map_module.html + map "$request_method:$http_accept" $proxpass { + # If no explicit matches exists below, send traffic to lemmy-ui + default "http://lemmy-ui"; - # GET/HEAD requests that accepts ActivityPub or Linked Data JSON should go to lemmy. - # - # These requests are used by Mastodon and other fediverse instances to look up profile information, - # discover site information and so on. - "~^(?:GET|HEAD):.*?application\/(?:activity|ld)\+json" "http://lemmy"; + # GET/HEAD requests that accepts ActivityPub or Linked Data JSON should go to lemmy. + # + # These requests are used by Mastodon and other fediverse instances to look up profile information, + # discover site information and so on. + "~^(?:GET|HEAD):.*?application\/(?:activity|ld)\+json" "http://lemmy"; - # All non-GET/HEAD requests should go to lemmy - # - # Rather than calling out POST, PUT, DELETE, PATCH, CONNECT and all the verbs manually - # we simply negate the GET|HEAD pattern from above and accept all possibly $http_accept values - "~^(?!(GET|HEAD)).*:" "http://lemmy"; - } + # All non-GET/HEAD requests should go to lemmy + # + # Rather than calling out POST, PUT, DELETE, PATCH, CONNECT and all the verbs manually + # we simply negate the GET|HEAD pattern from above and accept all possibly $http_accept values + "~^(?!(GET|HEAD)).*:" "http://lemmy"; + } - upstream lemmy { + upstream lemmy { # this needs to map to the lemmy (server) docker service hostname server "{{ include "lemmy.fullname" . }}:{{ .Values.backend.service.port }}"; - } - upstream lemmy-ui { + } + upstream lemmy-ui { # this needs to map to the lemmy-ui docker service hostname server "{{ include "lemmy.uiname" . }}:{{ .Values.frontend.service.port }}"; - } + } - server { - # this is the port inside docker, not the public one yet - listen 1236; - listen 8536; + server { + # this is the port inside docker, not the public one yet + listen 1236; + listen 8536; - server_name {{ .Values.serverName }}; - server_tokens off; + server_name {{ .Values.serverName }}; + server_tokens off; - gzip on; - gzip_types text/css application/javascript image/svg+xml; - gzip_vary on; + gzip on; + gzip_types text/css application/javascript image/svg+xml; + gzip_vary on; - # Upload limit, relevant for pictrs - client_max_body_size 20M; + # Upload limit, relevant for pictrs + client_max_body_size 20M; - add_header X-Frame-Options SAMEORIGIN; - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; + add_header X-Frame-Options SAMEORIGIN; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; - # Send actual client IP upstream - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # Send actual client IP upstream + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - # frontend general requests - location / { - proxy_pass $proxpass; - rewrite ^(.+)/+$ $1 permanent; - } + # frontend general requests + location / { + proxy_pass $proxpass; + rewrite ^(.+)/+$ $1 permanent; + } - # security.txt - location = /.well-known/security.txt { - proxy_pass "http://lemmy-ui"; - } + # security.txt + location = /.well-known/security.txt { + proxy_pass "http://lemmy-ui"; + } - # backend - location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) { - proxy_pass "http://lemmy"; + # backend + location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) { + proxy_pass "http://lemmy"; - # proxy common stuff - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } - } + # proxy common stuff + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + } } {{- end }}