this post was submitted on 24 Jun 2023
4 points (100.0% liked)

Lemmy Administration

11 readers
1 users here now

Anything about running your own Lemmy instance. Including how to install it, maintain and customise it.

Be sure to check out the docs: https://join-lemmy.org/docs/en/administration/administration.html

If you have any problems, describe them here and we will try to help you fixing them.

founded 4 years ago
MODERATORS
 

For anyone else running lemmy on kubernetes-

Here is an IngressRoute CRD you can use, to leverage your built-in traefik reverse proxy.

Normally-

(ingress / ingressroute) -> (service) -> (nginx proxy) -> (lemmy / lemmy ui)

With this-

(ingress / ingressroute) -> (service) -> (lemmy / lemmy ui)

A slight optimization to better take advantage of the built in kubernetes functionality. (since, it already has a nginx and/or traefik instance running).

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: lemmy
  namespace: lemmy
spec:
  entryPoints:
    - websecure
  routes:
    - kind: Rule
      match: Host(`lemmyonline.com`) && (Headers(`Accept`, `application/activity+json`) || HeadersRegexp("Accept", "^application/.*") || Headers(`Accept`, `application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"`))
      services:
        - name: lemmy
          port: http
    - kind: Rule
      match: Host(`lemmyonline.com`) && (PathPrefix(`/api`) || PathPrefix(`/pictrs`) || PathPrefix(`/feeds`) || PathPrefix(`/nodeinfo`) || PathPrefix(`/.well-known`))
      services:
        - name: lemmy
          port: http
    - kind: Rule
      match: Host(`lemmyonline.com`) && Method(`POST`)
      services:
        - name: lemmy
          port: http
    - kind: Rule
      match: Host(`lemmyonline.com`)
      services:
        - name: lemmy-ui
          port: http

Just- make sure to replace your host, with the proper instance name.

you are viewing a single comment's thread
view the rest of the comments
[–] xtremeownage@lemmyonline.com 1 points 1 year ago

Knock on wood, A fellow on reddit sent me CRDs for nginx.

I have not tested this- but, it might be a great starting point for you.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: lemmy
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: 100m
nginx.ingress.kubernetes.io/limit-rps: "30"
nginx.ingress.kubernetes.io/limit-rpm: "600"
nginx.ingress.kubernetes.io/use-regex: "true"
spec:
rules:
- host: example.com
http:
paths:
- path: /(api|pictrs|feeds|nodeinfo|.well-known)
pathType: Prefix
backend:
service:
name: lemmy
port:
number: 80
tls:
- hosts:
- example.com
secretName: lemmy-tls
***
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: lemmy-ui
annotations:
nginx.ingress.kubernetes.io/limit-rps: "30"
nginx.ingress.kubernetes.io/limit-rpm: "600"
spec:
rules:
- host: example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: lemmy-ui
port:
number: 80
tls:
- hosts:
- example.com
secretName: lemmy-tls
***
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: pictshare-redirect
annotations:
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite ^/pictshare(.*)$ /pictrs/image$1 redirect;
spec:
rules:
- host: example.com
http:
paths:
- path: /pictshare
pathType: Prefix
backend:
service:
name: pictrs
port:
number: 80
tls:
- hosts:
- example.com
secretName: lemmy-tls