diff --git a/k8s/apps/syncthing/asset-router.yaml b/k8s/apps/syncthing/asset-router.yaml deleted file mode 100644 index 0bff4c3..0000000 --- a/k8s/apps/syncthing/asset-router.yaml +++ /dev/null @@ -1,85 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: nginx-router-config - namespace: syncthing -data: - default.conf: | - server { - listen 80; - server_name _; - - # Route assets based on cookie or referer - location / { - # Check cookie first - if ($cookie_syncthing_instance = "nas") { - proxy_pass http://syncthing-nas:8384; - } - if ($cookie_syncthing_instance = "master") { - proxy_pass http://syncthing-master:8384; - } - if ($cookie_syncthing_instance = "iris") { - proxy_pass http://syncthing-khv:8384; - } - - # Check referer as fallback - if ($http_referer ~ "/nas") { - proxy_pass http://syncthing-nas:8384; - } - if ($http_referer ~ "/master") { - proxy_pass http://syncthing-master:8384; - } - if ($http_referer ~ "/iris") { - proxy_pass http://syncthing-khv:8384; - } - - # Default to nas if no match - proxy_pass http://syncthing-nas:8384; - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - } ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: syncthing-router - namespace: syncthing -spec: - replicas: 1 - selector: - matchLabels: - app: syncthing-router - template: - metadata: - labels: - app: syncthing-router - spec: - containers: - - name: nginx - image: nginx:alpine - ports: - - containerPort: 80 - volumeMounts: - - name: config - mountPath: /etc/nginx/conf.d - volumes: - - name: config - configMap: - name: nginx-router-config ---- -apiVersion: v1 -kind: Service -metadata: - name: syncthing-router - namespace: syncthing -spec: - selector: - app: syncthing-router - ports: - - protocol: TCP - port: 80 - targetPort: 80 \ No newline at end of file diff --git a/k8s/apps/syncthing/ingress-route.yaml b/k8s/apps/syncthing/ingress-route.yaml deleted file mode 100644 index a9a8adc..0000000 --- a/k8s/apps/syncthing/ingress-route.yaml +++ /dev/null @@ -1,85 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: syncthing-ingressroute - namespace: syncthing -spec: - entryPoints: - - websecure - routes: - # Landing page - - match: Host(`ss.hexor.cy`) && Path(`/`) - kind: Rule - services: - - name: syncthing-landing - port: 80 - middlewares: - - name: authentik-forward-auth - namespace: syncthing - - # NAS instance and its assets - - match: Host(`ss.hexor.cy`) && PathPrefix(`/nas`) - kind: Rule - priority: 100 - services: - - name: syncthing-nas - port: 8384 - middlewares: - - name: authentik-forward-auth - namespace: syncthing - - name: syncthing-headers-nas - namespace: syncthing - - name: set-cookie-nas - namespace: syncthing - - name: strip-prefix-nas - namespace: syncthing - - # Master instance and its assets - - match: Host(`ss.hexor.cy`) && PathPrefix(`/master`) - kind: Rule - priority: 100 - services: - - name: syncthing-master - port: 8384 - middlewares: - - name: authentik-forward-auth - namespace: syncthing - - name: syncthing-headers-master - namespace: syncthing - - name: set-cookie-master - namespace: syncthing - - name: strip-prefix-master - namespace: syncthing - - # Iris instance and its assets - - match: Host(`ss.hexor.cy`) && PathPrefix(`/iris`) - kind: Rule - priority: 100 - services: - - name: syncthing-khv - port: 8384 - middlewares: - - name: authentik-forward-auth - namespace: syncthing - - name: syncthing-headers-iris - namespace: syncthing - - name: set-cookie-iris - namespace: syncthing - - name: strip-prefix-iris - namespace: syncthing - - # Catch all static assets and route based on referer header - - match: Host(`ss.hexor.cy`) && (PathPrefix(`/vendor`) || PathPrefix(`/theme-assets`) || PathPrefix(`/meta`) || PathPrefix(`/syncthing`)) - kind: Rule - priority: 50 - services: - - name: syncthing-router - namespace: syncthing - port: 80 - middlewares: - - name: authentik-forward-auth - namespace: syncthing - - name: asset-router - namespace: syncthing - tls: - secretName: syncthing-tls \ No newline at end of file diff --git a/k8s/apps/syncthing/kustomization.yaml b/k8s/apps/syncthing/kustomization.yaml index d29ea1e..3b2e879 100644 --- a/k8s/apps/syncthing/kustomization.yaml +++ b/k8s/apps/syncthing/kustomization.yaml @@ -4,10 +4,8 @@ kind: Kustomization resources: - app.yaml - - ingress-route.yaml - - middleware.yaml - - landing-page.yaml - - asset-router.yaml + - nginx-router.yaml + - traefik-simple.yaml helmCharts: - name: syncthing @@ -32,4 +30,4 @@ helmCharts: releaseName: syncthing-nas namespace: syncthing valuesFile: syncthing-nas.yaml - includeCRDs: true + includeCRDs: true \ No newline at end of file diff --git a/k8s/apps/syncthing/landing-page.yaml b/k8s/apps/syncthing/landing-page.yaml deleted file mode 100644 index 50fed59..0000000 --- a/k8s/apps/syncthing/landing-page.yaml +++ /dev/null @@ -1,103 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: syncthing-landing-html - namespace: syncthing -data: - index.html: | - - - - Syncthing Instances - - - -
-

Syncthing Instances

-
- NAS Instance - Master Instance - Iris Instance -
-
- - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: syncthing-landing - namespace: syncthing -spec: - replicas: 1 - selector: - matchLabels: - app: syncthing-landing - template: - metadata: - labels: - app: syncthing-landing - spec: - containers: - - name: nginx - image: nginx:alpine - ports: - - containerPort: 80 - volumeMounts: - - name: html - mountPath: /usr/share/nginx/html - volumes: - - name: html - configMap: - name: syncthing-landing-html ---- -apiVersion: v1 -kind: Service -metadata: - name: syncthing-landing - namespace: syncthing -spec: - selector: - app: syncthing-landing - ports: - - protocol: TCP - port: 80 - targetPort: 80 \ No newline at end of file diff --git a/k8s/apps/syncthing/middleware.yaml b/k8s/apps/syncthing/middleware.yaml deleted file mode 100644 index 28b33bc..0000000 --- a/k8s/apps/syncthing/middleware.yaml +++ /dev/null @@ -1,125 +0,0 @@ ---- -apiVersion: traefik.io/v1alpha1 -kind: Middleware -metadata: - name: authentik-forward-auth - namespace: syncthing -spec: - forwardAuth: - address: http://authentik-server.authentik.svc.cluster.local/outpost.goauthentik.io/auth/traefik - trustForwardHeader: true - authResponseHeaders: - - X-authentik-username - - X-authentik-groups - - X-authentik-email - - X-authentik-name - - X-authentik-uid ---- -apiVersion: traefik.io/v1alpha1 -kind: Middleware -metadata: - name: strip-prefix-nas - namespace: syncthing -spec: - stripPrefix: - prefixes: - - /nas - forceSlash: false ---- -apiVersion: traefik.io/v1alpha1 -kind: Middleware -metadata: - name: strip-prefix-master - namespace: syncthing -spec: - stripPrefix: - prefixes: - - /master - forceSlash: false ---- -apiVersion: traefik.io/v1alpha1 -kind: Middleware -metadata: - name: strip-prefix-iris - namespace: syncthing -spec: - stripPrefix: - prefixes: - - /iris - forceSlash: false ---- -apiVersion: traefik.io/v1alpha1 -kind: Middleware -metadata: - name: syncthing-headers-nas - namespace: syncthing -spec: - headers: - customRequestHeaders: - X-Forwarded-Prefix: "/nas" ---- -apiVersion: traefik.io/v1alpha1 -kind: Middleware -metadata: - name: syncthing-headers-master - namespace: syncthing -spec: - headers: - customRequestHeaders: - X-Forwarded-Prefix: "/master" ---- -apiVersion: traefik.io/v1alpha1 -kind: Middleware -metadata: - name: syncthing-headers-iris - namespace: syncthing -spec: - headers: - customRequestHeaders: - X-Forwarded-Prefix: "/iris" ---- -apiVersion: traefik.io/v1alpha1 -kind: Middleware -metadata: - name: set-cookie-nas - namespace: syncthing -spec: - headers: - customResponseHeaders: - Set-Cookie: "syncthing_instance=nas; Path=/; HttpOnly" ---- -apiVersion: traefik.io/v1alpha1 -kind: Middleware -metadata: - name: set-cookie-master - namespace: syncthing -spec: - headers: - customResponseHeaders: - Set-Cookie: "syncthing_instance=master; Path=/; HttpOnly" ---- -apiVersion: traefik.io/v1alpha1 -kind: Middleware -metadata: - name: set-cookie-iris - namespace: syncthing -spec: - headers: - customResponseHeaders: - Set-Cookie: "syncthing_instance=iris; Path=/; HttpOnly" ---- -apiVersion: traefik.io/v1alpha1 -kind: Middleware -metadata: - name: asset-router - namespace: syncthing -spec: - plugin: - simplerouter: - routes: - - match: Header(`Referer`, `.*\/nas.*`) - service: syncthing-nas - - match: Header(`Referer`, `.*\/master.*`) - service: syncthing-master - - match: Header(`Referer`, `.*\/iris.*`) - service: syncthing-khv \ No newline at end of file diff --git a/k8s/apps/syncthing/nginx-router.yaml b/k8s/apps/syncthing/nginx-router.yaml new file mode 100644 index 0000000..4ea0325 --- /dev/null +++ b/k8s/apps/syncthing/nginx-router.yaml @@ -0,0 +1,216 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: nginx-config + namespace: syncthing +data: + default.conf: | + server { + listen 80; + server_name _; + + # Landing page + location = / { + root /usr/share/nginx/html; + try_files /index.html =404; + } + + # NAS instance + location /nas { + rewrite ^/nas$ /nas/ permanent; + } + + location /nas/ { + proxy_pass http://syncthing-nas:8384/; + + # Important: tell syncthing that we're using /nas as base path + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # Handle websockets + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + # Sub filter to fix asset paths + sub_filter 'href="/' 'href="/nas/'; + sub_filter 'src="/' 'src="/nas/'; + sub_filter 'url(/' 'url(/nas/'; + sub_filter '"/meta' '"/nas/meta'; + sub_filter '"/rest' '"/nas/rest'; + sub_filter '"/vendor' '"/nas/vendor'; + sub_filter '"/theme-assets' '"/nas/theme-assets'; + sub_filter '"/syncthing' '"/nas/syncthing'; + sub_filter_once off; + sub_filter_types text/html text/css application/javascript; + } + + # Master instance + location /master { + rewrite ^/master$ /master/ permanent; + } + + location /master/ { + proxy_pass http://syncthing-master:8384/; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + sub_filter 'href="/' 'href="/master/'; + sub_filter 'src="/' 'src="/master/'; + sub_filter 'url(/' 'url(/master/'; + sub_filter '"/meta' '"/master/meta'; + sub_filter '"/rest' '"/master/rest'; + sub_filter '"/vendor' '"/master/vendor'; + sub_filter '"/theme-assets' '"/master/theme-assets'; + sub_filter '"/syncthing' '"/master/syncthing'; + sub_filter_once off; + sub_filter_types text/html text/css application/javascript; + } + + # Iris instance + location /iris { + rewrite ^/iris$ /iris/ permanent; + } + + location /iris/ { + proxy_pass http://syncthing-khv:8384/; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + sub_filter 'href="/' 'href="/iris/'; + sub_filter 'src="/' 'src="/iris/'; + sub_filter 'url(/' 'url(/iris/'; + sub_filter '"/meta' '"/iris/meta'; + sub_filter '"/rest' '"/iris/rest'; + sub_filter '"/vendor' '"/iris/vendor'; + sub_filter '"/theme-assets' '"/iris/theme-assets'; + sub_filter '"/syncthing' '"/iris/syncthing'; + sub_filter_once off; + sub_filter_types text/html text/css application/javascript; + } + } + + index.html: | + + + + Syncthing Instances + + + +
+

Syncthing Instances

+
+ NAS Instance + Master Instance + Iris Instance +
+
+ + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: syncthing-router + namespace: syncthing +spec: + replicas: 1 + selector: + matchLabels: + app: syncthing-router + template: + metadata: + labels: + app: syncthing-router + spec: + containers: + - name: nginx + image: nginx:alpine + ports: + - containerPort: 80 + volumeMounts: + - name: config + mountPath: /etc/nginx/conf.d + - name: html + mountPath: /usr/share/nginx/html + volumes: + - name: config + configMap: + name: nginx-config + items: + - key: default.conf + path: default.conf + - name: html + configMap: + name: nginx-config + items: + - key: index.html + path: index.html +--- +apiVersion: v1 +kind: Service +metadata: + name: syncthing-router + namespace: syncthing +spec: + selector: + app: syncthing-router + ports: + - protocol: TCP + port: 80 + targetPort: 80 \ No newline at end of file diff --git a/k8s/apps/syncthing/traefik-simple.yaml b/k8s/apps/syncthing/traefik-simple.yaml new file mode 100644 index 0000000..4795934 --- /dev/null +++ b/k8s/apps/syncthing/traefik-simple.yaml @@ -0,0 +1,36 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: syncthing-ingressroute + namespace: syncthing +spec: + entryPoints: + - websecure + routes: + - match: Host(`ss.hexor.cy`) + kind: Rule + services: + - name: syncthing-router + port: 80 + middlewares: + - name: authentik-forward-auth + namespace: syncthing + tls: + secretName: syncthing-tls +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: authentik-forward-auth + namespace: syncthing +spec: + forwardAuth: + address: http://authentik-server.authentik.svc.cluster.local/outpost.goauthentik.io/auth/traefik + trustForwardHeader: true + authResponseHeaders: + - X-authentik-username + - X-authentik-groups + - X-authentik-email + - X-authentik-name + - X-authentik-uid \ No newline at end of file