apiVersion: v1
kind: ConfigMap
metadata:
  name: pingora-config
  namespace: ingress
data:
  config.toml: |
    # Sunbeam proxy config.
    #
    # Substitution placeholders (replaced by sed at deploy time):
    #   DOMAIN_SUFFIX — e.g. <LIMA_IP>.sslip.io (local) or yourdomain.com (production)

    [listen]
    http  = "0.0.0.0:80"
    https = "0.0.0.0:443"

    [tls]
    # Cert files are written here by the proxy on startup and on cert renewal
    # via the K8s API.  The /etc/tls directory is an emptyDir volume.
    cert_path = "/etc/tls/tls.crt"
    key_path  = "/etc/tls/tls.key"

    [telemetry]
    # Empty = OTEL disabled. Set to http://otel-collector.data.svc:4318 when ready.
    otlp_endpoint = ""

    # Host-prefix → backend routing table.
    # The prefix is the subdomain before the first dot, so these routes work
    # identically for yourdomain.com and *.sslip.io.
    # Edit to match your own service names and namespaces.
    #
    # Per-route options:
    #   host_prefix  — subdomain to match (required)
    #   backend      — upstream URL, e.g. "http://svc.ns.svc.cluster.local:8000" (required)
    #   websocket    — proxy WebSocket upgrades (default: false)
    #   disable_secure_redirection — when true, plain-HTTP requests are forwarded
    #                  as-is instead of being 301-redirected to HTTPS.
    #                  Default: false (all HTTP → HTTPS redirect enforced).

    [[routes]]
    host_prefix = "docs"
    backend     = "http://docs.lasuite.svc.cluster.local:8000"
    websocket   = true

    [[routes]]
    host_prefix = "meet"
    backend     = "http://meet.lasuite.svc.cluster.local:8000"
    websocket   = true

    [[routes]]
    host_prefix = "drive"
    backend     = "http://drive.lasuite.svc.cluster.local:8000"

    [[routes]]
    host_prefix = "mail"
    backend     = "http://messages.lasuite.svc.cluster.local:8000"

    [[routes]]
    host_prefix = "chat"
    backend     = "http://conversations.lasuite.svc.cluster.local:8000"
    websocket   = true

    [[routes]]
    host_prefix = "people"
    backend     = "http://people-backend.lasuite.svc.cluster.local:8000"

    [[routes]]
    host_prefix = "find"
    backend     = "http://find-backend.lasuite.svc.cluster.local:8000"

    [[routes]]
    host_prefix = "src"
    backend     = "http://gitea-http.devtools.svc.cluster.local:3000"
    websocket   = true

    # auth: login-ui handles browser UI; Hydra handles OAuth2/OIDC; Kratos handles self-service flows.
    [[routes]]
    host_prefix = "auth"
    backend     = "http://login-ui.ory.svc.cluster.local:3000"

      [[routes.paths]]
      prefix   = "/oauth2"
      backend  = "http://hydra-public.ory.svc.cluster.local:4444"

      [[routes.paths]]
      prefix   = "/.well-known"
      backend  = "http://hydra-public.ory.svc.cluster.local:4444"

      [[routes.paths]]
      prefix   = "/userinfo"
      backend  = "http://hydra-public.ory.svc.cluster.local:4444"

      # /kratos prefix is stripped before forwarding so Kratos sees its native paths.
      [[routes.paths]]
      prefix        = "/kratos"
      backend       = "http://kratos-public.ory.svc.cluster.local:4433"
      strip_prefix  = true

    [[routes]]
    host_prefix = "s3"
    backend     = "http://seaweedfs-filer.storage.svc.cluster.local:8333"