From 5db261046f2ec2bcb1993bfb24042aeef7410713 Mon Sep 17 00:00:00 2001
From: Viktor Barzin <vbarzin@gmail.com>
Date: Sat, 2 Aug 2025 12:27:15 +0000
Subject: [PATCH] fix immich ingress video playback [ci skip]

---
 modules/kubernetes/immich/main.tf | 109 +++++++++++++++---------------
 1 file changed, 53 insertions(+), 56 deletions(-)

diff --git a/modules/kubernetes/immich/main.tf b/modules/kubernetes/immich/main.tf
index 9eb0da46..bdb553ff 100644
--- a/modules/kubernetes/immich/main.tf
+++ b/modules/kubernetes/immich/main.tf
@@ -184,66 +184,63 @@ resource "helm_release" "immich" {
   values = [templatefile("${path.module}/chart_values.tpl", { postgresql_password = var.postgresql_password })]
 }
 
-module "ingress" {
-  source          = "../ingress_factory"
-  namespace       = "immich"
-  name            = "immich"
-  tls_secret_name = var.tls_secret_name
-  port            = 2283
-  service_name    = "immich-server"
-  extra_annotations = {
-    "kubernetes.io/ingress.class" = "nginx"
-    # WARNING: When changing any of the below settings, ensure that large file uploads continue working
-    "nginx.ingress.kubernetes.io/proxy-read-timeout" : "6000",
-    "nginx.ingress.kubernetes.io/proxy-send-timeout" : "6000",
-    "nginx.ingress.kubernetes.io/proxy-connect-timeout" : "6000"
-    "nginx.ingress.kubernetes.io/client-max-body-size" : "0"
-    # "nginx.ingress.kubernetes.io/proxy-body-size" : "5G",
-    "nginx.ingress.kubernetes.io/proxy-body-size" : "0",
-    # "nginx.ingress.kubernetes.io/proxy-buffering" : "on"
-    # "nginx.ingress.kubernetes.io/proxy-max-temp-file-size" : "4096m"
-    # "nginx.ingress.kubernetes.io/proxy-request-buffering" : "off"
-    # "nginx.ingress.kubernetes.io/client-body-buffer-size" : "5G"
-    # "nginx.ingress.kubernetes.io/proxy-buffer-size" : "16k"
-    # "nginx.ingress.kubernetes.io/proxy-buffers-number" : "8"
+resource "kubernetes_ingress_v1" "ingress" {
+  metadata {
+    namespace = "immich"
+    name      = "immich"
+    annotations = {
+      # NOTE: when changing - test video playback from mobile and web!
+      # Easy to break!
+
+      "kubernetes.io/ingress.class"                  = "nginx"
+      "nginx.ingress.kubernetes.io/backend-protocol" = "HTTP"
+
+      # As per https://immich.app/docs/administration/reverse-proxy
+      "nginx.org/websocket-services" : "immich-server"
+      # Allow big uploads
+      "nginx.ingress.kubernetes.io/client-max-body-size" : "0"
+      # Websockets
+      "nginx.ingress.kubernetes.io/proxy-http-version" : "1.1"
+      "nginx.ingress.kubernetes.io/proxy-set-header" : "Upgrade $http_upgrade"
+      "nginx.ingress.kubernetes.io/proxy-set-header" : "Connection $connection_upgrade" # this makes a difference for web!!!
+      "nginx.ingress.kubernetes.io/proxy-redirect-from" : "off"
+      # Timeouts
+      "nginx.ingress.kubernetes.io/proxy-read-timeout" : "6000s",
+      "nginx.ingress.kubernetes.io/proxy-send-timeout" : "6000s",
 
 
-    # "nginx.ingress.kubernetes.io/client-body-buffer-size" : "5000m"
-    # "nginx.ingress.kubernetes.io/proxy-buffers-number" : "8"
-    # "nginx.ingress.kubernetes.io/proxy-buffer-size" : "16k"
-    # "nginx.ingress.kubernetes.io/proxy-body-size" : "0",
-    # "nginx.ingress.kubernetes.io/affinity" : "cookie"
-    # "nginx.ingress.kubernetes.io/affinity-mode" : "persistent"
-    # "nginx.ingress.kubernetes.io/session-cookie-change-on-failure" : true
-    # "nginx.ingress.kubernetes.io/session-cookie-expires" : 172800
-    # "nginx.ingress.kubernetes.io/session-cookie-max-age" : 172800
-    # "nginx.ingress.kubernetes.io/session-cookie-name" : "STICKY_SESSION"
-    # "nginx.ingress.kubernetes.io/use-regex" : false
-    "nginx.org/websocket-services" : "immich-server"
+      "gethomepage.dev/enabled"      = "true"
+      "gethomepage.dev/description"  = "Photos library"
+      "gethomepage.dev/icon"         = "immich.png"
+      "gethomepage.dev/name"         = "Immich"
+      "gethomepage.dev/widget.type"  = "immich"
+      "gethomepage.dev/widget.url"   = "https://immich.viktorbarzin.me"
+      "gethomepage.dev/pod-selector" = ""
+      "gethomepage.dev/widget.key"   = var.homepage_token
+    }
+  }
 
-    "gethomepage.dev/enabled"      = "true"
-    "gethomepage.dev/description"  = "Photos library"
-    "gethomepage.dev/icon"         = "immich.png"
-    "gethomepage.dev/name"         = "Immich"
-    "gethomepage.dev/widget.type"  = "immich"
-    "gethomepage.dev/widget.url"   = "https://immich.viktorbarzin.me"
-    "gethomepage.dev/pod-selector" = ""
-    "gethomepage.dev/widget.key"   = var.homepage_token
+  spec {
+    tls {
+      hosts       = ["immich.viktorbarzin.me"]
+      secret_name = var.tls_secret_name
+    }
+    rule {
+      host = "immich.viktorbarzin.me"
+      http {
+        path {
+          backend {
+            service {
+              name = "immich-server"
+              port {
+                number = 2283
 
-    # location ~* \.(png|jpg|jpeg|gif|webp|svg)$ {
-    #   expires 1M;
-    #   add_header Cache-Control "public, max-age=31536000, immutable";
-    # }
-    "nginx.ingress.kubernetes.io/configuration-snippet" = <<-EOF
-        proxy_cache static-cache;
-        proxy_cache_valid 404 1m;
-        proxy_cache_use_stale error timeout updating http_404 http_500 http_502 http_503 http_504;
-        proxy_cache_bypass $http_x_purge;
-        add_header X-Cache-Status $upstream_cache_status;
-        EOF
-    "nginx.ingress.kubernetes.io/limit-connections" : 0
-    "nginx.ingress.kubernetes.io/limit-rps" : 0
-    "nginx.ingress.kubernetes.io/limit-rpm" : 0
+              }
+            }
+          }
+        }
+      }
+    }
   }
 }