soketi / charts

The source repository for Soketi Helm charts.
Apache License 2.0
20 stars 19 forks source link

Expose soketi service using Ingress #38

Open yaayes opened 10 months ago

yaayes commented 10 months ago

Hello,

Thank you for the effort of putting together a Helm chart, I was wondering if there's any example to expose the soketi service using Ingress controller?

What I've tried so far:

# https://kubernetes.io/docs/concepts/services-networking/ingress/#the-ingress-resource

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-nginx-ws
  namespace: {{ .Values.application.namespace }}
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /$1
    nginx.ingress.kubernetes.io/backend-protocol: "FCGI"
    nginx.ingress.kubernetes.io/fastcgi-index: "index.php"
    nginx.ingress.kubernetes.io/fastcgi-params-configmap: "ingress-conf"
    nginx.ingress.kubernetes.io/websocket-services: php-soketi
    nginx.org/websocket-services: php-soketi
    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"

spec:
  ingressClassName: "nginx"
  rules:
  - http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: {{ .Values.service.name }}
            port:
              name: {{ .Values.service.port.name }}
      - path: /ws
        pathType: Prefix
        backend:
          service:
            name: php-soketi
            port:
              number: 6001

but I recieve the following error using Laravel Echo:

(index):29 WebSocket connection to 'ws://192.168.58.2/ws:80/app/cuG014DSf9tjcjyvvuOHNfhBSZqqOBsp?protocol=7&client=js&version=8.4.0-rc2&flash=false' failed: WebSocket is closed before the connection is established.

codeautopilot[bot] commented 10 months ago

Your organization has reached the subscribed usage limit. You can upgrade your plan at https://github.com/marketplace/code-autopilot-ai-coder

maxvisser commented 8 months ago
ingress:
  enabled: true
  class: nginx
  annotations: 
    cert-manager.io/issuer: "letsencrypt-prod"
    cert-manager.io/acme-challenge-type: "http01"
    kubernetes.io/tls-acme: "true"
    ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/affinity: cookie
    nginx.ingress.kubernetes.io/secure-backends: "true"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
    nginx.org/websocket-services: "php-soketi"
    nginx.ingress.kubernetes.io/server-snippets: |
      location / {
       proxysetheader Upgrade $httpupgrade;
       proxyhttpversion 1.1;
       proxysetheader X-Forwarded-Host $httphost;
       proxysetheader X-Forwarded-Proto $scheme;
       proxysetheader X-Forwarded-For $remoteaddr;
       proxysetheader Host $host;
       proxysetheader Connection "upgrade";
       proxycachebypass $httpupgrade;
       }
  hosts:
    - host: soketi.$APP_HOSTNAME
      paths: 
        - "/"
  tls: 
    - secretName: soketi-example-tls
      hosts:
         - soketi.$APP_HOSTNAME

Which I tested in postman over port 443 image

ericbsantana commented 2 months ago

To anyone whom may needs to configure a Traefik Ingress for Soketi, I would recommend to use IngressRoute with a Middleware.

Your Middleware manifest should be like this:

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: ssl-middleware
spec:
  headers:
    customRequestHeaders:
      Connection: keep-alive, Upgrade
      Upgrade: WebSocket

And inside your IngressRoute spec:

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
...
spec:
  ...
  routes:
    - match: Host(`your-domain.com`)
      kind: Rule
      middlewares:
        - name: ssl-middleware
   ....