apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: mailu-webdav-ingress
  namespace: mailu-mailserver
  annotations:
    kubernetes.io/tls-acme: "true"
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    certmanager.k8s.io/cluster-issuer: letsencrypt-stage
    #ingress.kubernetes.io/auth-url: http://admin.mailu-mailserver.svc.cluster.local/internal/auth/basic
    ingress.kubernetes.io/configuration-snippet: |
      rewrite ^/webdav/(.*) /$1 break;
      auth_request /internal/auth/basic;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      auth_request_set $user $upstream_http_x_user;
      proxy_set_header X-Remote-User $user;
      proxy_set_header X-Script-Name /webdav;
    ingress.kubernetes.io/server-snippet: |
      location /internal {
        internal;

        proxy_set_header Authorization $http_authorization;
        proxy_pass_header Authorization;
        proxy_pass http://admin.mailu-mailserver.svc.cluster.local;
        proxy_pass_request_body off;
        proxy_set_header Content-Length "";
      }
  labels:
    app: mailu
    role: mail
    tier: frontend
spec:
  tls:
  - hosts:
    - "mail.example.com"
    secretName: letsencrypt-certs-all # If unsure how to generate these, check out https://github.com/ployst/docker-letsencrypt
  rules:
  - host: "mail.example.com"
    http:
      paths:
      - path: "/webdav"
        backend:
          serviceName: webdav
          servicePort: 5232