pub/charts
1
0
Fork 0
Code Issues Pull requests Releases Packages 19 Activity Actions

lemmy: Clean up indentation of proxy config

Browse source
This commit is contained in:
Alexander Olofsson 2023-08-22 14:08:43 +02:00
parent 1ca5d0782a
commit c83f3988ae
No known key found for this signature in database
GPG key ID: D439C9470CB04C73
1 changed files with 70 additions and 69 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

139
charts/lemmy/templates/configmap-proxy.yaml
View file

@ -12,93 +12,94 @@ data:
worker_processes auto; worker_processes auto;
events { events {
worker_connections 1024; worker_connections 1024;
} }
http { http {
# We construct a string consistent of the "request method" and "http accept header" # We construct a string consistent of the "request method" and "http accept header"
# and then apply soem ~simply regexp matches to that combination to decide on the # and then apply soem ~simply regexp matches to that combination to decide on the
# HTTP upstream we should proxy the request to. # HTTP upstream we should proxy the request to.
# #
# Example strings: # Example strings:
# #
# "GET:application/activity+json" # "GET:application/activity+json"
# "GET:text/html" # "GET:text/html"
# "POST:application/activity+json" # "POST:application/activity+json"
# #
# You can see some basic match tests in this regex101 matching this configuration # You can see some basic match tests in this regex101 matching this configuration
# https://regex101.com/r/vwMJNc/1 # https://regex101.com/r/vwMJNc/1
# #
# Learn more about nginx maps here http://nginx.org/en/docs/http/ngx_http_map_module.html # Learn more about nginx maps here http://nginx.org/en/docs/http/ngx_http_map_module.html
map "$request_method:$http_accept" $proxpass { map "$request_method:$http_accept" $proxpass {
# If no explicit matches exists below, send traffic to lemmy-ui # If no explicit matches exists below, send traffic to lemmy-ui
default "http://lemmy-ui"; default "http://lemmy-ui";
# GET/HEAD requests that accepts ActivityPub or Linked Data JSON should go to lemmy. # GET/HEAD requests that accepts ActivityPub or Linked Data JSON should go to lemmy.
# #
# These requests are used by Mastodon and other fediverse instances to look up profile information, # These requests are used by Mastodon and other fediverse instances to look up profile information,
# discover site information and so on. # discover site information and so on.
"~^(?:GET|HEAD):.*?application\/(?:activity|ld)\+json" "http://lemmy"; "~^(?:GET|HEAD):.*?application\/(?:activity|ld)\+json" "http://lemmy";
# All non-GET/HEAD requests should go to lemmy # All non-GET/HEAD requests should go to lemmy
# #
# Rather than calling out POST, PUT, DELETE, PATCH, CONNECT and all the verbs manually # Rather than calling out POST, PUT, DELETE, PATCH, CONNECT and all the verbs manually
# we simply negate the GET|HEAD pattern from above and accept all possibly $http_accept values # we simply negate the GET|HEAD pattern from above and accept all possibly $http_accept values
"~^(?!(GET|HEAD)).*:" "http://lemmy"; "~^(?!(GET|HEAD)).*:" "http://lemmy";
} }
upstream lemmy { upstream lemmy {
# this needs to map to the lemmy (server) docker service hostname # this needs to map to the lemmy (server) docker service hostname
server "{{ include "lemmy.fullname" . }}:{{ .Values.backend.service.port }}"; server "{{ include "lemmy.fullname" . }}:{{ .Values.backend.service.port }}";
} }
upstream lemmy-ui { upstream lemmy-ui {
# this needs to map to the lemmy-ui docker service hostname # this needs to map to the lemmy-ui docker service hostname
server "{{ include "lemmy.uiname" . }}:{{ .Values.frontend.service.port }}"; server "{{ include "lemmy.uiname" . }}:{{ .Values.frontend.service.port }}";
} }
server { server {
# this is the port inside docker, not the public one yet # this is the port inside docker, not the public one yet
listen 1236; listen 1236;
listen 8536; listen 8536;
server_name {{ .Values.serverName }}; server_name {{ .Values.serverName }};
server_tokens off; server_tokens off;
gzip on; gzip on;
gzip_types text/css application/javascript image/svg+xml; gzip_types text/css application/javascript image/svg+xml;
gzip_vary on; gzip_vary on;
# Upload limit, relevant for pictrs # Upload limit, relevant for pictrs
client_max_body_size 20M; client_max_body_size 20M;
add_header X-Frame-Options SAMEORIGIN; add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block"; add_header X-XSS-Protection "1; mode=block";
# Send actual client IP upstream # Send actual client IP upstream
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# frontend general requests # frontend general requests
location / { location / {
proxy_pass $proxpass; proxy_pass $proxpass;
rewrite ^(.+)/+$ $1 permanent; rewrite ^(.+)/+$ $1 permanent;
} }
# security.txt # security.txt
location = /.well-known/security.txt { location = /.well-known/security.txt {
proxy_pass "http://lemmy-ui"; proxy_pass "http://lemmy-ui";
} }
# backend # backend
location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) { location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) {
proxy_pass "http://lemmy"; proxy_pass "http://lemmy";
# proxy common stuff # proxy common stuff
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";
} }
} }
} }
{{- end }} {{- end }}