Use Ingress for wss:// connections

ObserveRTC · Oct 8, 2024 · 2c22c07 · 2c22c07
1 parent 941ae7b
commit 2c22c07
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 24 deletions.
diff --git a/.github/workflows/deploy-gke.yaml b/.github/workflows/deploy-gke.yaml
@@ -31,7 +31,7 @@ jobs:
         cd webapp
         docker build \
           --tag docker.io/levaitamas/webrtc-observer-webapp \
-          --build-arg host="wss://webrtc-observer.org:9081" \
+          --build-arg host="wss://webrtc-observer.org:443" \
           .
         cd ../media-server
         docker build \

diff --git a/charts/webrtc-observer-org/README.md b/charts/webrtc-observer-org/README.md
@@ -15,6 +15,7 @@ kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/
 - nginx-controller ([docs](https://kubernetes.github.io/ingress-nginx/deploy/#gce-gke))
 ```console
 kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.2/deploy/static/provider/cloud/deploy.yaml
+kubectl patch configmap -n ingress-nginx ingress-nginx-controller -p '{"data":{"allow-snippet-annotations": "true"}}'
 ```
 
 - stunner-gateway-operator ([docs](https://docs.l7mp.io/en/stable/INSTALL/))

diff --git a/charts/webrtc-observer-org/templates/mediaserver.yaml b/charts/webrtc-observer-org/templates/mediaserver.yaml
@@ -47,10 +47,10 @@ metadata:
   labels:
     app: mediaserver
 spec:
-  type: LoadBalancer
-  loadBalancerIP: {{ .Values.publicIP }}
+  type: ClusterIP
   ports:
-  - port: 9081
+  - port: 443
+    targetPort: 9081
     protocol: TCP
     name: mediaserver-ws
   selector:

diff --git a/charts/webrtc-observer-org/templates/webapp.yaml b/charts/webrtc-observer-org/templates/webapp.yaml
@@ -53,30 +53,40 @@ metadata:
   annotations:
     kubernetes.io/ingress.global-static-ip-name: webrtc-observer-org
     cert-manager.io/cluster-issuer: letsencrypt-prod
-    # nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
-    # nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
-    # nginx.org/websocket-services: "mediaserver-ws"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
+    nginx.org/websocket-services: "mediaserver-ws"
+    nginx.ingress.kubernetes.io/server-snippet: |
+      location / {
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_http_version 1.1;
+        proxy_set_header X-Forwarded-Host $http_host;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header Host $host;
+        proxy_set_header Connection "upgrade";
+        proxy_cache_bypass $http_upgrade;
+      }
 spec:
   ingressClassName: nginx
   tls:
     - hosts:
         - {{ .Values.domain }}
       secretName: webapp-tls
+  defaultBackend:
+    service:
+      name: webapp
+      port:
+        number: 80
   rules:
-  - host: {{ .Values.domain }}
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: webapp
-            port:
-              number: 80
-      # - path: /
-      #   pathType: Prefix
-      #   backend:
-      #     service:
-      #       name: mediaserver-ws
-      #       port:
-      #         number: 9081
+    - host: {{ .Values.domain }}
+      http:
+        paths:
+        - path: /
+          pathType: Prefix
+          backend:
+            service:
+              name: mediaserver-ws
+              port:
+                number: 443