For anyone else running lemmy on kubernetes-

Here is an IngressRoute CRD you can use, to leverage your built-in traefik reverse proxy.

Normally-

(ingress / ingressroute) -> (service) -> (nginx proxy) -> (lemmy / lemmy ui)

With this-

(ingress / ingressroute) -> (service) -> (lemmy / lemmy ui)

A slight optimization to better take advantage of the built in kubernetes functionality. (since, it already has a nginx and/or traefik instance running).

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: lemmy
  namespace: lemmy
spec:
  entryPoints:
    - websecure
  routes:
    - kind: Rule
      match: Host(`lemmyonline.com`) && (Headers(`Accept`, `application/activity+json`) || HeadersRegexp("Accept", "^application/.*") || Headers(`Accept`, `application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"`))
      services:
        - name: lemmy
          port: http
    - kind: Rule
      match: Host(`lemmyonline.com`) && (PathPrefix(`/api`) || PathPrefix(`/pictrs`) || PathPrefix(`/feeds`) || PathPrefix(`/nodeinfo`) || PathPrefix(`/.well-known`))
      services:
        - name: lemmy
          port: http
    - kind: Rule
      match: Host(`lemmyonline.com`) && Method(`POST`)
      services:
        - name: lemmy
          port: http
    - kind: Rule
      match: Host(`lemmyonline.com`)
      services:
        - name: lemmy-ui
          port: http

Just- make sure to replace your host, with the proper instance name.

  • timbuck2themoon
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    This is great. I’ve thought proxying to nginx wasn’t too desirable.

    Would anyone happen to know how to do this with ingress nginx? I could do the regex for paths but I’m stuck on method and headers.

    • HTTP_404_NotFound@lemmyonline.comOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Knock on wood, A fellow on reddit sent me CRDs for nginx.

      I have not tested this- but, it might be a great starting point for you.

      apiVersion: networking.k8s.io/v1
      kind: Ingress
      metadata:
      name: lemmy
      annotations:
      nginx.ingress.kubernetes.io/proxy-body-size: 100m
      nginx.ingress.kubernetes.io/limit-rps: "30"
      nginx.ingress.kubernetes.io/limit-rpm: "600"
      nginx.ingress.kubernetes.io/use-regex: "true"
      spec:
      rules:
      - host: example.com
      http:
      paths:
      - path: /(api|pictrs|feeds|nodeinfo|.well-known)
      pathType: Prefix
      backend:
      service:
      name: lemmy
      port:
      number: 80
      tls:
      - hosts:
      - example.com
      secretName: lemmy-tls
      ---
      apiVersion: networking.k8s.io/v1
      kind: Ingress
      metadata:
      name: lemmy-ui
      annotations:
      nginx.ingress.kubernetes.io/limit-rps: "30"
      nginx.ingress.kubernetes.io/limit-rpm: "600"
      spec:
      rules:
      - host: example.com
      http:
      paths:
      - path: /
      pathType: Prefix
      backend:
      service:
      name: lemmy-ui
      port:
      number: 80
      tls:
      - hosts:
      - example.com
      secretName: lemmy-tls
      ---
      apiVersion: networking.k8s.io/v1
      kind: Ingress
      metadata:
      name: pictshare-redirect
      annotations:
      nginx.ingress.kubernetes.io/configuration-snippet: |
      rewrite ^/pictshare(.*)$ /pictrs/image$1 redirect;
      spec:
      rules:
      - host: example.com
      http:
      paths:
      - path: /pictshare
      pathType: Prefix
      backend:
      service:
      name: pictrs
      port:
      number: 80
      tls:
      - hosts:
      - example.com
      secretName: lemmy-tls