ronnibaslund/dezky
1
0
Fork 0
Code Issues 37 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

feat(mail): CalDAV/CardDAV exposed + in the Apple profile
ci / changes (push) Successful in 4s
Details
ci / tc_booking (push) Has been skipped
Details
ci / tc_operator (push) Has been skipped
Details
ci / tc_website (push) Has been skipped
Details
ci / tc_platform_api (push) Successful in 23s
Details
ci / tc_portal (push) Successful in 26s
Details
ci / build_booking (push) Has been skipped
Details
ci / build_operator (push) Has been skipped
Details
ci / test_platform_api (push) Successful in 33s
Details
ci / build_portal (push) Successful in 43s
Details
ci / build_platform_api (push) Successful in 16s
Details
ci / deploy (push) Successful in 43s
Details

Browse Source 
DAV was internal-only (the node's :443 is Traefik's). New mail-dav
Ingress routes /.well-known/caldav, /.well-known/carddav and /dav on
mail.dezky.eu through to Stalwart — with the HTTPS-redirect middleware
(safe for DAV's GET/PROPFIND; kept OFF the autodiscover Ingress whose
POSTs don't survive redirects). The _caldavs/_carddavs SRV records are
now legitimate, so the Domains page surfaces them, and the Apple
.mobileconfig gains CalDAV + CardDAV payloads: one install sets up Mail,
Calendar and Contacts on Mac/iPhone. Stalwart's STALWART_PUBLIC_URL is
set to https://mail.dezky.eu on the host (discovery documents).
This commit is contained in:
Ronni Baslund
2026-06-11 08:23:15 +02:00
parent 716d854b3d
commit 77898c5027
3 changed files with 72 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
infrastructure/production/fleet/apps/mail-autodiscovery.yaml
+33
View File
@@ -75,3 +75,36 @@ spec:
- path: /mail/config-v1.1.xml
pathType: Exact
backend: { service: { name: stalwart-http, port: { number: 8080 } } }
---
# CalDAV/CardDAV for mail.dezky.eu — Apple Calendar/Contacts, Thunderbird and
# every other DAV client. Separate Ingress from the autodiscovery one because
# DAV gets the HTTPS-redirect middleware (safe for GET/PROPFIND; the
# autodiscover Ingress must stay redirect-free for Outlook's POST). Only the
# well-knowns + /dav are routed — the admin surface stays internal.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: mail-dav
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
traefik.ingress.kubernetes.io/router.middlewares: dezky-apps-redirect-https@kubernetescrd
spec:
ingressClassName: traefik
tls:
- hosts:
- mail.dezky.eu
secretName: mail-dezky-eu-traefik-tls
rules:
- host: mail.dezky.eu
http:
paths:
- path: /.well-known/caldav
pathType: Exact
backend: { service: { name: stalwart-http, port: { number: 8080 } } }
- path: /.well-known/carddav
pathType: Exact
backend: { service: { name: stalwart-http, port: { number: 8080 } } }
- path: /dav
pathType: Prefix
backend: { service: { name: stalwart-http, port: { number: 8080 } } }