tec3/ublue-forge
tec3/ublue-forge
1
0
Fork 0
mirror of https://github.com/ublue-os/forge.git synced 2025-04-16 11:33:43 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat: add caddy as reverse proxy (#8)

Browse source
This commit is contained in:
Stephan Lüscher 2023-04-28 18:03:45 +00:00
parent b2b2f81b5d
commit aab9df8e04
No known key found for this signature in database
GPG key ID: 445779060FF3D3CF
3 changed files with 50 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
forge-pod.yml
View file

@ -10,10 +10,26 @@ spec:
- name: ublue-os_forge-minica-pvc
persistentVolumeClaim:
claimName: ublue-os_forge-minica
- name: ublue-os_forge-registry-pvc
persistentVolumeClaim:
claimName: ublue-os_forge-registry
containers:
- name: rvproxy.ublue.local
image: rvproxy
resources:
limits:
memory: 128Mi
cpu: 200m
volumeMounts:
- mountPath: /certs
name: ublue-os_forge-minica-pvc
ports:
- containerPort: 443
hostPort: 443
protocol: TCP
- name: registry.ublue.local
image: registry
resources:
@ -28,8 +44,8 @@ spec:
name: ublue-os_forge-registry-pvc
ports:
- containerPort: 5000
hostPort: 9001
protocol: TCP
initContainers:
- name: minica.ublue.local
image: minica

28
rvproxy/Caddyfile Normal file
View file

@ -0,0 +1,28 @@
# Global options
{
auto_https disable_certs
persist_config off
}
# Reverse-proxy configuration
*.ublue.local {
## TLS certificates
tls /certs/_.ublue.local/cert.pem /certs/_.ublue.local/key.pem
# container registry
@registry host registry.ublue.local
handle @registry {
reverse_proxy ublue-os_forge-registry.ublue.local:5000 {
transport http {
tls
tls_trusted_ca_certs /certs/minica.pem
}
}
}
# Fallback for otherwise unhandled domains
handle {
respond "Bad hostname" 400
}
}

5
rvproxy/Containerfile Normal file
View file

@ -0,0 +1,5 @@
# Source Image
FROM docker.io/library/caddy:2.6.4-alpine
# Add configuration file
COPY ./Caddyfile /etc/caddy/Caddyfile