27 lines
790 B
YAML
27 lines
790 B
YAML
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: cryptpad-sandbox
|
|
namespace: cryptpad
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt
|
|
# The sandbox domain is required by CryptPad for CSP isolation of embedded content.
|
|
# It must be a different origin from the main domain but points to the same backend.
|
|
# No auth middleware — this domain serves sandboxed iframes with restrictive CSP headers.
|
|
spec:
|
|
tls:
|
|
- hosts:
|
|
- ${CRYPTPAD_SANDBOX_HOST}
|
|
secretName: cryptpad-sandbox-tls
|
|
rules:
|
|
- host: ${CRYPTPAD_SANDBOX_HOST}
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: cryptpad
|
|
port:
|
|
number: 3000
|