add proxy protocol and proxy timeout to reverse-proxy ingresses [ci skip]

2023-12-16 14:40:19 +00:00 · 2023-12-16 14:40:19 +00:00 · 73d293d1ba
commit 73d293d1ba
parent cc26c84653
3 changed files with 23 additions and 8 deletions
--- a/modules/kubernetes/reverse_proxy/factory/main.tf
+++ b/modules/kubernetes/reverse_proxy/factory/main.tf
@ -22,6 +22,14 @@ variable "max_body_size" {
  type    = string
  default = "50m"
 }
+variable "use_proxy_protocol" {
+  type    = bool
+  default = true
+}
+variable "proxy_timeout" {
+  type    = number
+  default = 60
+}


 resource "kubernetes_service" "proxied-service" {
@ -59,6 +67,11 @@ resource "kubernetes_ingress_v1" "proxied-ingress" {
      "nginx.ingress.kubernetes.io/auth-url" : var.protected ? "http://oauth2.oauth2.svc.cluster.local/oauth2/auth" : null
      # "nginx.ingress.kubernetes.io/auth-signin" : var.protected ? "http://oauth2.oauth2.svc.cluster.local/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" : null
      "nginx.ingress.kubernetes.io/proxy-body-size" : var.max_body_size
+      "nginx.ingress.kubernetes.io/use-proxy-protocol" : var.use_proxy_protocol
+      "nginx.ingress.kubernetes.io/proxy-connect-timeout" : var.proxy_timeout
+      "nginx.ingress.kubernetes.io/proxy-send-timeout" : var.proxy_timeout
+      "nginx.ingress.kubernetes.io/proxy-read-timeout" : var.proxy_timeout
+
    }
  }

--- a/modules/kubernetes/reverse_proxy/main.tf
+++ b/modules/kubernetes/reverse_proxy/main.tf
@ -117,20 +117,22 @@ module "valchedrym" {
  external_name    = "valchedrym.viktorbarzin.lan"
  port             = 20123
  tls_secret_name  = var.tls_secret_name
-  backend_protocol = "HTTPS"
+  backend_protocol = "HTTP"
  depends_on       = [kubernetes_namespace.reverse-proxy]
 }

 # https://ip150.viktorbarzin.me/
 # Does not seem to load? - works when auth is down
 module "valchedrym-ip150" {
-  source          = "./factory"
-  name            = "ip150"
-  external_name   = "valchedrym.ddns.net"
-  port            = 8080
-  tls_secret_name = var.tls_secret_name
-  protected       = false
-  depends_on      = [kubernetes_namespace.reverse-proxy]
+  source             = "./factory"
+  name               = "ip150"
+  external_name      = "valchedrym.ddns.net"
+  port               = 5081 // HTTPS port; 5080 is HTTP if needed
+  backend_protocol   = "HTTPS"
+  use_proxy_protocol = false
+  tls_secret_name    = var.tls_secret_name
+  protected          = false
+  depends_on         = [kubernetes_namespace.reverse-proxy]
 }

 # https://mladost3.viktorbarzin.me/
--- a/terraform.tfstate
+++ b/terraform.tfstate