apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: name: nextcloud-web annotations: cert-manager.io/cluster-issuer: letsencrypt-prod kubernetes.io/ingress.class: traefik spec: entryPoints: - websecure tls: secretName: cloud-limbosolutions-com-tls domains: - main: cloud.limbosolutions.com routes: # # AUTHENTIK OUTPOST # - match: Host(`cloud.limbosolutions.com`) && PathPrefix(`/outpost.goauthentik.io`) # kind: Rule # services: # - name: ak-outpost-authentik-embedded-outpost # namespace: id-limbosolutions-com # port: 9000 # # PUBLIC SHARES (NO SSO) # - match: Host(`cloud.limbosolutions.com`) && # (PathPrefix(`/s/`) || # PathPrefix(`/index.php/s/`) || # PathPrefix(`/public.php/`) || # PathPrefix(`/remote.php/dav/public-files/`)) # kind: Rule # services: # - name: nextcloud # port: 8080 # middlewares: # - name: rate-limit # - name: nextcloud-security-headers # # Sync clients + mobile app (no SSO) # - match: Host(`cloud.limbosolutions.com`) && # (PathPrefix(`/remote.php/dav`) || # PathPrefix(`/remote.php/webdav`) || # PathPrefix(`/remote.php/caldav`) || # PathPrefix(`/remote.php/carddav`) || # PathPrefix(`/ocs/v1.php`) || # PathPrefix(`/ocs/v2.php`) || # PathPrefix(`/status.php`) || # PathPrefix(`/index.php/login/v2`) || # PathPrefix(`/index.php/login/v2/poll`)) # kind: Rule # services: # - name: nextcloud # port: 8080 # middlewares: # #- name: webdav-strip-auth # #- name: rate-limit # 3) EVERYTHING ELSE (SSO REQUIRED) - match: Host(`cloud.limbosolutions.com`) kind: Rule services: - name: nextcloud port: 8080 middlewares: [] #- name: authentik-forward-auth #- name: nextcloud-security-headers #- name: rate-limit