apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: name: syncthing-ingressroute namespace: syncthing spec: entryPoints: - websecure routes: # Landing page - match: Host(`ss.hexor.cy`) && Path(`/`) kind: Rule services: - name: syncthing-landing port: 80 middlewares: - name: authentik-forward-auth namespace: syncthing # NAS instance and its assets - match: Host(`ss.hexor.cy`) && PathPrefix(`/nas`) kind: Rule priority: 100 services: - name: syncthing-nas port: 8384 middlewares: - name: authentik-forward-auth namespace: syncthing - name: syncthing-headers-nas namespace: syncthing - name: set-cookie-nas namespace: syncthing - name: strip-prefix-nas namespace: syncthing # Master instance and its assets - match: Host(`ss.hexor.cy`) && PathPrefix(`/master`) kind: Rule priority: 100 services: - name: syncthing-master port: 8384 middlewares: - name: authentik-forward-auth namespace: syncthing - name: syncthing-headers-master namespace: syncthing - name: set-cookie-master namespace: syncthing - name: strip-prefix-master namespace: syncthing # Iris instance and its assets - match: Host(`ss.hexor.cy`) && PathPrefix(`/iris`) kind: Rule priority: 100 services: - name: syncthing-khv port: 8384 middlewares: - name: authentik-forward-auth namespace: syncthing - name: syncthing-headers-iris namespace: syncthing - name: set-cookie-iris namespace: syncthing - name: strip-prefix-iris namespace: syncthing # Catch all static assets and route based on referer header - match: Host(`ss.hexor.cy`) && (PathPrefix(`/vendor`) || PathPrefix(`/theme-assets`) || PathPrefix(`/meta`) || PathPrefix(`/syncthing`)) kind: Rule priority: 50 services: - name: syncthing-router namespace: syncthing port: 80 middlewares: - name: authentik-forward-auth namespace: syncthing - name: asset-router namespace: syncthing tls: secretName: syncthing-tls