From 5a3e9ea76cae173bea3b46e93faa4ff265f8b80c Mon Sep 17 00:00:00 2001
From: Viktor Barzin <vbarzin@gmail.com>
Date: Sat, 2 Dec 2023 21:36:21 +0000
Subject: [PATCH] add option to set max proxy body size in the reverse proxy
 factory [ci skip]

---
 modules/kubernetes/reverse_proxy/factory/main.tf | 6 +++++-
 modules/kubernetes/reverse_proxy/main.tf         | 4 ++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/modules/kubernetes/reverse_proxy/factory/main.tf b/modules/kubernetes/reverse_proxy/factory/main.tf
index edb98c69..492cad28 100644
--- a/modules/kubernetes/reverse_proxy/factory/main.tf
+++ b/modules/kubernetes/reverse_proxy/factory/main.tf
@@ -18,6 +18,10 @@ variable "ingress_path" {
   type    = list(string)
   default = ["/"]
 }
+variable "max_body_size" {
+  type    = string
+  default = "50m"
+}
 
 
 resource "kubernetes_service" "proxied-service" {
@@ -54,7 +58,7 @@ resource "kubernetes_ingress_v1" "proxied-ingress" {
       # Do not do hairpinning
       "nginx.ingress.kubernetes.io/auth-url" : var.protected ? "http://oauth2.oauth2.svc.cluster.local/oauth2/auth" : null
       # "nginx.ingress.kubernetes.io/auth-signin" : var.protected ? "http://oauth2.oauth2.svc.cluster.local/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" : null
-      "nginx.ingress.kubernetes.io/proxy-body-size" : "50m"
+      "nginx.ingress.kubernetes.io/proxy-body-size" : var.max_body_size
     }
   }
 
diff --git a/modules/kubernetes/reverse_proxy/main.tf b/modules/kubernetes/reverse_proxy/main.tf
index 56670708..e9564fab 100644
--- a/modules/kubernetes/reverse_proxy/main.tf
+++ b/modules/kubernetes/reverse_proxy/main.tf
@@ -33,6 +33,7 @@ module "nas" {
   port             = 5001
   tls_secret_name  = var.tls_secret_name
   backend_protocol = "HTTPS"
+  max_body_size    = "0m"
 }
 
 # https://files.viktorbarzin.me/
@@ -45,6 +46,7 @@ module "nas-files" {
   backend_protocol = "HTTPS"
   protected        = false # allow anyone to download files
   ingress_path     = ["/sharing", "/scripts", "/webman", "/wfmlogindialog.js", "/fsdownload"]
+  max_body_size    = "0m"
 }
 
 # https://idrac.viktorbarzin.me/
@@ -75,6 +77,7 @@ module "truenas" {
   external_name   = "truenas.viktorbarzin.lan"
   port            = 80
   tls_secret_name = var.tls_secret_name
+  max_body_size   = "0m"
 }
 
 # https://r730.viktorbarzin.me/
@@ -95,6 +98,7 @@ module "esxi" {
   port             = 443
   tls_secret_name  = var.tls_secret_name
   backend_protocol = "HTTPS"
+  max_body_size    = "0" # unlimited
 }
 
 # https://valchedrym.viktorbarzin.me/