apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: appflowy-ingress namespace: appflowy annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" nginx.ingress.kubernetes.io/force-ssl-redirect: "true" nginx.ingress.kubernetes.io/proxy-body-size: "50m" nginx.ingress.kubernetes.io/rewrite-target: /$2 spec: ingressClassName: nginx tls: - hosts: - appflowy.prod.panic.haus # ← replace with your public domain secretName: appflowy-tls rules: - host: appflowy.prod.panic.haus http: paths: # ┌──────────────────────────────────────────────────────────────────────────────┐ # │ 1) Admin UI (served under /console) │ # └──────────────────────────────────────────────────────────────────────────────┘ - path: /console pathType: Prefix backend: service: name: admin-frontend port: number: 80 # ┌──────────────────────────────────────────────────────────────────────────────┐ # │ 2) GoTrue (auth) – exposed under /gotrue │ # └──────────────────────────────────────────────────────────────────────────────┘ - path: /gotrue(/|$)(.*) pathType: ImplementationSpecific backend: service: name: gotrue port: number: 9999 # ┌──────────────────────────────────────────────────────────────────────────────┐ # │ 3) AppFlowy-Cloud API & Web │ # • If you want API served on /api, and the static Web on / │ # • You could also send all traffic to appflowy-web and let it call │ # • the backend at /api internally. │ # └──────────────────────────────────────────────────────────────────────────────┘ # a) Direct all `/api/*` calls to the backend service - path: /api(/|$)(.*) pathType: ImplementationSpecific backend: service: name: appflowy-cloud port: number: 8000 # b) Everything else (root path) → appflowy-web (static UI) - path: / pathType: Prefix backend: service: name: appflowy-web port: number: 80