For anyone else running lemmy on kubernetes-

Here is an IngressRoute CRD you can use, to leverage your built-in traefik reverse proxy.

Normally-

(ingress / ingressroute) -> (service) -> (nginx proxy) -> (lemmy / lemmy ui)

With this-

(ingress / ingressroute) -> (service) -> (lemmy / lemmy ui)

A slight optimization to better take advantage of the built in kubernetes functionality. (since, it already has a nginx and/or traefik instance running).

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: lemmy
  namespace: lemmy
spec:
  entryPoints:
    - websecure
  routes:
    - kind: Rule
      match: Host(`lemmyonline.com`) && (Headers(`Accept`, `application/activity+json`) || HeadersRegexp("Accept", "^application/.*") || Headers(`Accept`, `application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"`))
      services:
        - name: lemmy
          port: http
    - kind: Rule
      match: Host(`lemmyonline.com`) && (PathPrefix(`/api`) || PathPrefix(`/pictrs`) || PathPrefix(`/feeds`) || PathPrefix(`/nodeinfo`) || PathPrefix(`/.well-known`))
      services:
        - name: lemmy
          port: http
    - kind: Rule
      match: Host(`lemmyonline.com`) && Method(`POST`)
      services:
        - name: lemmy
          port: http
    - kind: Rule
      match: Host(`lemmyonline.com`)
      services:
        - name: lemmy-ui
          port: http

Just- make sure to replace your host, with the proper instance name.

  • timbuck2themoon@lemmy.mlEnglish
    1·
    1 year ago

    This is great. I’ve thought proxying to nginx wasn’t too desirable.

    Would anyone happen to know how to do this with ingress nginx? I could do the regex for paths but I’m stuck on method and headers.

    • HTTP_404_NotFound@lemmyonline.comOPEnglish
      1·
      1 year ago

      Knock on wood, A fellow on reddit sent me CRDs for nginx.

      I have not tested this- but, it might be a great starting point for you.

      apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: lemmy
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: 100m
nginx.ingress.kubernetes.io/limit-rps: "30"
nginx.ingress.kubernetes.io/limit-rpm: "600"
nginx.ingress.kubernetes.io/use-regex: "true"
spec:
rules:
- host: example.com
http:
paths:
- path: /(api|pictrs|feeds|nodeinfo|.well-known)
pathType: Prefix
backend:
service:
name: lemmy
port:
number: 80
tls:
- hosts:
- example.com
secretName: lemmy-tls
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: lemmy-ui
annotations:
nginx.ingress.kubernetes.io/limit-rps: "30"
nginx.ingress.kubernetes.io/limit-rpm: "600"
spec:
rules:
- host: example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: lemmy-ui
port:
number: 80
tls:
- hosts:
- example.com
secretName: lemmy-tls
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: pictshare-redirect
annotations:
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite ^/pictshare(.*)$ /pictrs/image$1 redirect;
spec:
rules:
- host: example.com
http:
paths:
- path: /pictshare
pathType: Prefix
backend:
service:
name: pictrs
port:
number: 80
tls:
- hosts:
- example.com
secretName: lemmy-tls