this post was submitted on 24 Jun 2023
3 points (80.0% liked)

Lemmy Administration

698 readers
10 users here now

Anything about running your own Lemmy instance. Including how to install it, maintain and customise it.

Be sure to check out the docs: https://join-lemmy.org/docs/en/administration/administration.html

If you have any problems, describe them here and we will try to help you fixing them.

founded 4 years ago
MODERATORS
nutomic@lemmy.ml
3
Kubernetes IngressRoute CRD for Lemmy (lemmyonline.com)
submitted 1 year ago by xtremeownage@lemmyonline.com to c/lemmy_admin@lemmy.ml
2 comments fedilink hide all child comments
 

For anyone else running lemmy on kubernetes-

Here is an IngressRoute CRD you can use, to leverage your built-in traefik reverse proxy.

Normally-

(ingress / ingressroute) -> (service) -> (nginx proxy) -> (lemmy / lemmy ui)

With this-

(ingress / ingressroute) -> (service) -> (lemmy / lemmy ui)

A slight optimization to better take advantage of the built in kubernetes functionality. (since, it already has a nginx and/or traefik instance running).

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: lemmy
  namespace: lemmy
spec:
  entryPoints:
    - websecure
  routes:
    - kind: Rule
      match: Host(`lemmyonline.com`) && (Headers(`Accept`, `application/activity+json`) || HeadersRegexp("Accept", "^application/.*") || Headers(`Accept`, `application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"`))
      services:
        - name: lemmy
          port: http
    - kind: Rule
      match: Host(`lemmyonline.com`) && (PathPrefix(`/api`) || PathPrefix(`/pictrs`) || PathPrefix(`/feeds`) || PathPrefix(`/nodeinfo`) || PathPrefix(`/.well-known`))
      services:
        - name: lemmy
          port: http
    - kind: Rule
      match: Host(`lemmyonline.com`) && Method(`POST`)
      services:
        - name: lemmy
          port: http
    - kind: Rule
      match: Host(`lemmyonline.com`)
      services:
        - name: lemmy-ui
          port: http

Just- make sure to replace your host, with the proper instance name.

top 2 comments
sorted by: hot top controversial new old
[โ€“] timbuck2themoon@lemmy.ml 1 points 1 year ago (1 children)

This is great. I've thought proxying to nginx wasn't too desirable.

Would anyone happen to know how to do this with ingress nginx? I could do the regex for paths but I'm stuck on method and headers.

[โ€“] xtremeownage@lemmyonline.com 1 points 1 year ago

Knock on wood, A fellow on reddit sent me CRDs for nginx.

I have not tested this- but, it might be a great starting point for you.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: lemmy
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: 100m
nginx.ingress.kubernetes.io/limit-rps: "30"
nginx.ingress.kubernetes.io/limit-rpm: "600"
nginx.ingress.kubernetes.io/use-regex: "true"
spec:
rules:
- host: example.com
http:
paths:
- path: /(api|pictrs|feeds|nodeinfo|.well-known)
pathType: Prefix
backend:
service:
name: lemmy
port:
number: 80
tls:
- hosts:
- example.com
secretName: lemmy-tls
***
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: lemmy-ui
annotations:
nginx.ingress.kubernetes.io/limit-rps: "30"
nginx.ingress.kubernetes.io/limit-rpm: "600"
spec:
rules:
- host: example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: lemmy-ui
port:
number: 80
tls:
- hosts:
- example.com
secretName: lemmy-tls
***
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: pictshare-redirect
annotations:
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite ^/pictshare(.*)$ /pictrs/image$1 redirect;
spec:
rules:
- host: example.com
http:
paths:
- path: /pictshare
pathType: Prefix
backend:
service:
name: pictrs
port:
number: 80
tls:
- hosts:
- example.com
secretName: lemmy-tls