Browse Source

init

master
tobi 1 year ago
commit
4a8d2d6476
4 changed files with 328 additions and 0 deletions
  1. +24
    -0
      README.md
  2. +16
    -0
      cert.yaml
  3. +284
    -0
      deploy.yaml
  4. +4
    -0
      namespace.yaml

+ 24
- 0
README.md View File

@@ -0,0 +1,24 @@
# Central Nginx

For serving requests into different ips in the cluster.

I mainly chose to do it via a single deployment, because my fucking internet provider is too incompetent to assign me a second ipv4 address without me having to pay millions.

## certs

contains Global(Cluster)Issuer for Cert-Manager


### secret

```
apiVersion: v1
kind: Secret
metadata:
name: master-cert-key
namespace: cert-manager
data:
key: base64_encoded_tsig_key

```


+ 16
- 0
cert.yaml View File

@@ -0,0 +1,16 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: master-cert
namespace: nginx
spec:
secretName: master-cert
dnsNames:
- tobias-huebner.org
- "*.tobias-huebner.org"
# - jitcom.info
# - "*.jitcom.info"
issuerRef:
name: issuer
kind: ClusterIssuer
group: cert-manager.io

+ 284
- 0
deploy.yaml View File

@@ -0,0 +1,284 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: core-config
namespace: nginx
data:
nginx.conf: |

events {

}

http {
# get your static coredns ip from the service located in the kube-system namespace
resolver 10.2.0.10 valid=60s;
# https redirect
server {
listen 80 default_server;

server_name _;

return 301 https://$host$request_uri;
}
# mounted config map
include /sites-config/*.conf;
}

---

apiVersion: v1
kind: ConfigMap
metadata:
name: sites-config
namespace: nginx
data:
# certificates for all my domains
ssl.conf: |
ssl_certificate /master-cert/tls.crt;
ssl_certificate_key /master-cert/tls.key;


nexus_jitcom.WAITING_conf: |

server {

listen 443 ssl;
listen [::]:443 ssl;

server_name nexus.tobias-huebner.org;

client_max_body_size 1G;

include /sites-config/ssl.conf;
location / {

proxy_pass http://nexus.jitcom:8081;
# private jitcom docker registry listens on 8080
if ($http_user_agent ~ docker ) {
proxy_pass http://nexus.jitcom:8080;
}
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
}
}


nexus_th.conf: |

server {

listen 443 ssl;
listen [::]:443 ssl;

server_name nexus.tobias-huebner.org;

client_max_body_size 1G;

include /sites-config/ssl.conf;
location / {
# needs to be a variable so that the resolver kicks in, weird but that it is what it is
set $endpoint http://nexus;
proxy_pass $endpoint:8081$request_uri;

# tobias huebner docker registry listens on 8090
if ($http_user_agent ~ docker ) {
proxy_pass $endpoint:8090$request_uri;
}
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
}
}


wiki_th.conf: |
server {
listen 443 ssl;
listen [::]:443 ssl;

include /sites-config/ssl.conf;

server_name wiki.tobias-huebner.org;

location / {
set $endpoint http://wiki.tobias-huebner.svc.cluster.local;
proxy_pass $endpoint$request_uri;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

wiki_jitcom.WAITING_conf: |

server {
listen 443 ssl;
listen [::]:443 ssl;

include /sites-config/ssl.conf;

server_name wiki.jitcom.info;

location / {
proxy_pass http://wiki.jitcom.info;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}


gitea_th.conf: |

server {

listen 443 ssl;
listen [::]:443 ssl;
client_max_body_size 1G;

include /sites-config/ssl.conf;
server_name gitea.tobias-huebner.org;

location / {
set $endpoint http://gitea.tobias-huebner.svc.cluster.local;
proxy_pass $endpoint$request_uri;
}

}



gitea_jitcom.WAITING_conf: |

server {

listen 443 ssl;
listen [::]:443 ssl;
client_max_body_size 1G;
include /sites-config/ssl.conf;
server_name gitea.jitcom.info gitea.tobias-huebner.org;

location / {
proxy_pass http://gitea.jitcom/;
}

}

homepage_th.conf: |
server {

listen 443 ssl;
listen [::]:443 ssl;

server_name tobias-huebner.org;

include /sites-config/ssl.conf;

location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
}

---

apiVersion: apps/v1
kind: Deployment
metadata:
namespace: nginx
name: nginx
spec:
selector:
matchLabels:
app: nginx
replicas: 1
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx
volumeMounts:
- name: master-cert
mountPath: /master-cert
# subpath to prevent overwriting of entire folder
- name: core-config
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
- name: sites-config
mountPath: /sites-config
volumes:
- name: master-cert
secret:
secretName: master-cert
- name: core-config
configMap:
name: core-config
- name: sites-config
configMap:
name: sites-config

---

apiVersion: v1
kind: Service
metadata:
name: svc-v6
namespace: nginx
spec:
externalIPs:
- 2a02:8106:33:3300::112
- 2a02:8106:33:3300::80
ipFamily: IPv6
ports:
- name: https
protocol: TCP
port: 443
targetPort: 443
- name: http
protocol: TCP
port: 80
targetPort: 80
selector:
app: nginx

---

apiVersion: v1
kind: Service
metadata:
name: svc-v4
namespace: nginx
spec:
selector:
app: nginx
externalIPs:
- 10.0.0.80
ipFamily: IPv4
ports:
- name: https
protocol: TCP
port: 443
targetPort: 443
- name: http
protocol: TCP
port: 80
targetPort: 80


+ 4
- 0
namespace.yaml View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: nginx

Loading…
Cancel
Save