From 03588304315ee3ad85a954f4d3c7a9154118ab24 Mon Sep 17 00:00:00 2001
From: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Date: Thu, 9 May 2024 13:38:16 +0300
Subject: [PATCH] nextcloud: fixes (#2447)
---
library/ix-dev/charts/nextcloud/Chart.yaml | 2 +-
.../charts/nextcloud/ci/nocmd-values.yaml | 5 +---
.../charts/nextcloud/migrations/migrate | 10 +++----
.../ix-dev/charts/nextcloud/questions.yaml | 21 +++++++------
.../nextcloud/templates/_configuration.tpl | 30 ++++++++++++-------
.../templates/_nextcloud-configs.tpl | 20 +++++++++++++
.../templates/_nginx-configuration.tpl | 27 +++--------------
.../nextcloud/templates/_persistence.tpl | 10 +++++++
.../charts/nextcloud/templates/_portal.tpl | 18 +++++++++--
library/ix-dev/charts/nextcloud/values.yaml | 4 +++
10 files changed, 90 insertions(+), 57 deletions(-)
diff --git a/library/ix-dev/charts/nextcloud/Chart.yaml b/library/ix-dev/charts/nextcloud/Chart.yaml
index 64566be22e..daadeb3ccd 100644
--- a/library/ix-dev/charts/nextcloud/Chart.yaml
+++ b/library/ix-dev/charts/nextcloud/Chart.yaml
@@ -4,7 +4,7 @@ description: A file sharing server that puts the control and security of your ow
annotations:
title: Nextcloud
type: application
-version: 2.0.3
+version: 2.0.4
apiVersion: v2
appVersion: 29.0.0
kubeVersion: '>=1.16.0-0'
diff --git a/library/ix-dev/charts/nextcloud/ci/nocmd-values.yaml b/library/ix-dev/charts/nextcloud/ci/nocmd-values.yaml
index b90b56686d..ecf573ed13 100644
--- a/library/ix-dev/charts/nextcloud/ci/nocmd-values.yaml
+++ b/library/ix-dev/charts/nextcloud/ci/nocmd-values.yaml
@@ -9,10 +9,7 @@ ncConfig:
ncNetwork:
webPort: 30001
- nginx:
- proxyTimeouts: 120
- useDifferentAccessPort: false
- externalAccessPort: 443
+ nginx: {}
ncStorage:
pgData:
diff --git a/library/ix-dev/charts/nextcloud/migrations/migrate b/library/ix-dev/charts/nextcloud/migrations/migrate
index 135e93b9b6..d53e3a29f6 100755
--- a/library/ix-dev/charts/nextcloud/migrations/migrate
+++ b/library/ix-dev/charts/nextcloud/migrations/migrate
@@ -33,7 +33,7 @@ def migrate_common_lib(values):
'proxyTimeouts': values.get('nginxConfig', {}).get('proxy_timeouts', 60),
'useDifferentAccessPort': values.get('nginxConfig', {}).get('useDifferentAccessPort', False),
'externalAccessPort': values.get('nginxConfig', {}).get('externalAccessPort', 443)
- }
+ } if values['certificate'] else {}
},
# Migrate Resources
'resources': {
@@ -70,7 +70,6 @@ def migrate_common_lib(values):
},
# Migrate Storage
'ncStorage': {
- 'shouldShowStorageToggle': True,
'isDataInTheSameVolume': True,
'pgData': migrate_volume(values['postgresAppVolumeMounts']['postgres-data']),
'pgBackup': migrate_volume(values['postgresAppVolumeMounts']['postgres-backup']),
@@ -93,16 +92,17 @@ def migrate_common_lib(values):
return values
def migrate(values):
- if 'isDataInTheSameVolume' in values.keys() or 'shouldShowStorageToggle' in values.keys():
+ if 'isDataInTheSameVolume' in values.keys():
values['ncStorage']['isDataInTheSameVolume'] = values.pop('isDataInTheSameVolume', True)
- values['ncStorage']['shouldShowStorageToggle'] = values.pop('shouldShowStorageToggle', True)
return values
# If this missing, we have already migrated
if not 'appVolumeMounts' in values.keys():
+ if 'certificateID' in values['ncNetwork']:
+ if not values['ncNetwork']['certificateID']:
+ values['ncNetwork']['nginx'] = {}
# If 'shouldFixMigration' missing, we should fix migration and then add the key
if not 'migrationFixed' in values['ncStorage'].keys():
- values['ncStorage']['shouldShowStorageToggle'] = True
values['ncStorage']['isDataInTheSameVolume'] = True
values['ncStorage']['migrationFixed'] = True
return values
diff --git a/library/ix-dev/charts/nextcloud/questions.yaml b/library/ix-dev/charts/nextcloud/questions.yaml
index a5975f8cfb..a6a18edfd6 100644
--- a/library/ix-dev/charts/nextcloud/questions.yaml
+++ b/library/ix-dev/charts/nextcloud/questions.yaml
@@ -44,7 +44,12 @@ questions:
required: true
- variable: host
label: Host
- description: Nextcloud host to create application URLs
+ description: |
+ Nextcloud host to create application URLs
+ Examples:
+ cloud.domain.com:30001
+ cloud.domain.com (if you use port 443 externally)
+ 192.168.1.100:9001 (replace ip and port with your own)
schema:
type: string
$ref:
@@ -194,7 +199,7 @@ questions:
description: The port for the Nextcloud Web UI.
schema:
type: int
- default: 20810
+ default: 9001
min: 9000
max: 65535
required: true
@@ -248,12 +253,6 @@ questions:
schema:
type: dict
attrs:
- - variable: shouldShowStorageToggle
- label: ""
- schema:
- type: boolean
- default: false
- hidden: true
# Dummy variable so we can skip "fixing" migration on new installations
- variable: migrationFixed
label: ""
@@ -264,6 +263,7 @@ questions:
- variable: isDataInTheSameVolume
label: "Pre v2 Storage Structure (See the tooltip for more information)"
description: |
+ Do NOT check this, if this is a new installation.
If this is checked, means that this is an installation coming from a previous version (v1.x.x).
In order to have backwards compatibility, the older storage structure was kept for this installation.
If you want to utilize the new storage structure, move 'data' in a separate directory or dataset.
@@ -272,10 +272,9 @@ questions:
You will NOT likely want to change that if your setup uses ixVolume as storage.
schema:
type: boolean
- show_if: [["shouldShowStorageToggle", "=", true]]
default: false
- variable: html
- label: Nextcloud HTML Storage
+ label: Nextcloud AppData Storage (HTML, Custom Themes, Apps, etc.)
description: The path to store Nextcloud HTML and AppData.
schema:
type: dict
@@ -774,7 +773,7 @@ questions:
schema:
type: string
max_length: 12
- valid_chars: '^[1-9][0-9]*([EPTGMK]i?|e[0-9]+)?$'
+ valid_chars: "^[1-9][0-9]*([EPTGMK]i?|e[0-9]+)?$"
valid_chars_error: |
Valid Memory limit formats are
- Suffixed with E/P/T/G/M/K - eg. 1G
diff --git a/library/ix-dev/charts/nextcloud/templates/_configuration.tpl b/library/ix-dev/charts/nextcloud/templates/_configuration.tpl
index 89c673d406..82955f0c68 100644
--- a/library/ix-dev/charts/nextcloud/templates/_configuration.tpl
+++ b/library/ix-dev/charts/nextcloud/templates/_configuration.tpl
@@ -27,10 +27,10 @@
{{/* Temporary set dynamic db details on values,
so we can print them on the notes */}}
- {{- $_ := set .Values "ncDbPass" $dbPass -}}
- {{- $_ := set .Values "ncDbHost" $dbHost -}}
- {{- $_ := set .Values "ncDbName" $dbName -}}
- {{- $_ := set .Values "ncDbUser" $dbUser -}}
+ {{- $_ := set .Values "ncDbPass" $dbPass | quote -}}
+ {{- $_ := set .Values "ncDbHost" $dbHost | quote -}}
+ {{- $_ := set .Values "ncDbName" $dbName | quote -}}
+ {{- $_ := set .Values "ncDbUser" $dbUser | quote -}}
{{- $dbURL := (printf "postgres://%s:%s@%s:5432/%s?sslmode=disable" $dbUser $dbPass $dbHost $dbName) }}
secret:
@@ -63,7 +63,14 @@ secret:
NEXTCLOUD_DATA_DIR: {{ .Values.ncConfig.dataDir }}
PHP_UPLOAD_LIMIT: {{ printf "%vG" .Values.ncConfig.maxUploadLimit | default 3 }}
PHP_MEMORY_LIMIT: {{ printf "%vM" .Values.ncConfig.phpMemoryLimit | default 512 }}
- NEXTCLOUD_TRUSTED_DOMAINS: {{ list .Values.ncConfig.host "127.0.0.1" "localhost" $fullname (printf "%v-*" $fullname) | mustUniq | join " " | quote }}
+ {{- $host := "127.0.0.1" -}}
+ {{- if .Values.ncConfig.host -}}
+ {{- $host = printf "%v:%v" .Values.ncConfig.host .Values.ncNetwork.webPort -}}
+ {{- if contains ":" $host -}} {{/* Make sure it always contains a port https://ixsystems.atlassian.net/browse/TNCHARTS-1016 */}}
+ {{- $host = .Values.ncConfig.host -}}
+ {{- end -}}
+ {{- end }}
+ NEXTCLOUD_TRUSTED_DOMAINS: {{ list $host "127.0.0.1" "localhost" (printf "%v-*" $fullname) $fullname | mustUniq | join " " | quote }}
NEXTCLOUD_ADMIN_USER: {{ .Values.ncConfig.adminUser }}
NEXTCLOUD_ADMIN_PASSWORD: {{ .Values.ncConfig.adminPassword }}
{{- if .Values.ncNetwork.certificateID }}
@@ -75,11 +82,14 @@ secret:
{{- end }}
APACHE_DISABLE_REWRITE_IP: "1"
OVERWRITEPROTOCOL: "https"
- TRUSTED_PROXIES: {{ list $svcCidr $clusterCidr "127.0.0.1" | mustUniq | join "," | quote }}
- {{- if and .Values.ncConfig.host .Values.ncNetwork.webPort }}
- {{- $overwritehost := .Values.ncConfig.host -}}
- {{- if .Values.ncNetwork.nginx.useDifferentAccessPort }}
- {{ $overwritehost = (printf "%v:%v" .Values.ncConfig.host .Values.ncNetwork.webPort) }}
+ TRUSTED_PROXIES: {{ list $svcCidr $clusterCidr "127.0.0.1" | mustUniq | join " " | quote }}
+ {{- if .Values.ncConfig.host }}
+ {{- $overwritehost := printf "%v:%v" .Values.ncConfig.host .Values.ncNetwork.webPort -}}
+ {{- if .Values.ncNetwork.nginx.useDifferentAccessPort -}}
+ {{ $overwritehost = printf "%v:%v" .Values.ncConfig.host .Values.ncNetwork.nginx.externalAccessPort -}}
+ {{- if contains ":" .Values.ncConfig.host -}}
+ {{- $overwritehost = .Values.ncConfig.host -}}
+ {{- end -}}
{{- end }}
OVERWRITEHOST: {{ $overwritehost }}
{{- end }}
diff --git a/library/ix-dev/charts/nextcloud/templates/_nextcloud-configs.tpl b/library/ix-dev/charts/nextcloud/templates/_nextcloud-configs.tpl
index 4c27361f70..c32ccfa7fa 100644
--- a/library/ix-dev/charts/nextcloud/templates/_nextcloud-configs.tpl
+++ b/library/ix-dev/charts/nextcloud/templates/_nextcloud-configs.tpl
@@ -12,4 +12,24 @@ configmap:
limitrequestbody.conf: |
LimitRequestBody {{ mul .Values.ncConfig.maxUploadLimit $bytesGB }}
+
+ occ: |
+ #!/bin/bash
+ uid="$(id -u)"
+ gid="$(id -g)"
+ if [ "$uid" = '0' ]; then
+ user='www-data'
+ group='www-data'
+ else
+ user="$uid"
+ group="$gid"
+ fi
+ run_as() {
+ if [ "$(id -u)" = 0 ]; then
+ su -p "$user" -s /bin/bash -c 'php /var/www/html/occ "$@"' - "$@"
+ else
+ /bin/bash -c 'php /var/www/html/occ "$@"' - "$@"
+ fi
+ }
+ run_as "$@"
{{- end -}}
diff --git a/library/ix-dev/charts/nextcloud/templates/_nginx-configuration.tpl b/library/ix-dev/charts/nextcloud/templates/_nginx-configuration.tpl
index cd41c22396..7b75aac61a 100644
--- a/library/ix-dev/charts/nextcloud/templates/_nginx-configuration.tpl
+++ b/library/ix-dev/charts/nextcloud/templates/_nginx-configuration.tpl
@@ -10,7 +10,7 @@ scaleCertificate:
{{ $timeout := 60 }}
{{ $size := .Values.ncConfig.maxUploadLimit | default 3 }}
{{ $useDiffAccessPort := false }}
- {{ $externalAccessPort := "" }}
+ {{ $externalAccessPort := ":$server_port" }}
{{/* Safely access key as it is conditionaly shown */}}
{{ if hasKey .Values.ncNetwork "nginx" }}
{{ $useDiffAccessPort = .Values.ncNetwork.nginx.useDifferentAccessPort }}
@@ -29,22 +29,15 @@ configmap:
events {}
http {
server {
- # redirects all http requests to https requests
- listen 8000 default_server;
- listen [::]:8000 default_server;
- return 301 https://$host$request_uri;
- }
-
- server {
- server_name localhost;
-
listen {{ .Values.ncNetwork.webPort }} ssl http2;
listen [::]:{{ .Values.ncNetwork.webPort }} ssl http2;
+ # Redirect HTTP to HTTPS
+ error_page 497 301 =307 https://$host{{ $externalAccessPort }}$request_uri;
+
ssl_certificate '/etc/nginx-certs/public.crt';
ssl_certificate_key '/etc/nginx-certs/private.key';
- # maximum 3GB Upload File; change to fit your needs
client_max_body_size {{ $size }}G;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains; preload" always;
@@ -56,19 +49,11 @@ configmap:
}
location = /.well-known/carddav {
- {{ if $useDiffAccessPort }}
return 301 $scheme://$host{{ $externalAccessPort }}/remote.php/dav;
- {{ else }}
- return 301 $scheme://$host:$server_port/remote.php/dav;
- {{ end }}
}
location = /.well-known/caldav {
- {{ if $useDiffAccessPort }}
return 301 $scheme://$host{{ $externalAccessPort }}/remote.php/dav;
- {{ else }}
- return 301 $scheme://$host:$server_port/remote.php/dav;
- {{ end }}
}
location / {
@@ -85,11 +70,7 @@ configmap:
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
- {{ if $useDiffAccessPort }}
proxy_set_header X-Forwarded-Port {{ $externalAccessPort | default "443" | trimPrefix ":" }};
- {{ else }}
- proxy_set_header X-Forwarded-Port $server_port;
- {{ end }}
# Proxy timeouts
proxy_connect_timeout {{ $timeout }}s;
diff --git a/library/ix-dev/charts/nextcloud/templates/_persistence.tpl b/library/ix-dev/charts/nextcloud/templates/_persistence.tpl
index f9195845b9..21fce74bb4 100644
--- a/library/ix-dev/charts/nextcloud/templates/_persistence.tpl
+++ b/library/ix-dev/charts/nextcloud/templates/_persistence.tpl
@@ -108,6 +108,16 @@ persistence:
# https://github.com/nextcloud/docker/issues/1796
mountPath: /etc/apache2/conf-enabled/limitrequestbody.conf
subPath: limitrequestbody.conf
+ nc-occ:
+ enabled: true
+ type: configmap
+ objectName: nextcloud-config
+ defaultMode: "0755"
+ targetSelector:
+ nextcloud:
+ nextcloud:
+ mountPath: /usr/bin/occ
+ subPath: occ
tmp:
enabled: true
type: emptyDir
diff --git a/library/ix-dev/charts/nextcloud/templates/_portal.tpl b/library/ix-dev/charts/nextcloud/templates/_portal.tpl
index bbf8a923c8..9d4ffbeaff 100644
--- a/library/ix-dev/charts/nextcloud/templates/_portal.tpl
+++ b/library/ix-dev/charts/nextcloud/templates/_portal.tpl
@@ -1,12 +1,24 @@
{{- define "nextcloud.portal" -}}
+{{- $protocol := "http" -}}
+{{- if .Values.ncNetwork.certificateID -}}
+ {{- $protocol = "https" -}}
+{{- end -}}
+{{- $host := "$node_ip" -}}
+{{- if .Values.ncConfig.host -}}
+ {{- $host = .Values.ncConfig.host -}}
+{{- end -}}
+{{- $port := .Values.ncNetwork.webPort -}}
+{{- if .Values.ncNetwork.nginx.useDifferentAccessPort -}}
+ {{- $port = .Values.ncNetwork.nginx.externalAccessPort -}}
+{{- end }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: portal
data:
- port: {{ .Values.ncNetwork.webPort | quote }}
+ port: {{ $port | quote }}
path: "/"
- protocol: "http"
- host: $node_ip
+ protocol: {{ $protocol }}
+ host: {{ $host | quote }}
{{- end -}}
diff --git a/library/ix-dev/charts/nextcloud/values.yaml b/library/ix-dev/charts/nextcloud/values.yaml
index 3994a76e06..d818b38269 100644
--- a/library/ix-dev/charts/nextcloud/values.yaml
+++ b/library/ix-dev/charts/nextcloud/values.yaml
@@ -87,3 +87,7 @@ notes:
{{- $_ := unset .Values "ncDbName" }}
{{- $_ := unset .Values "ncDbPass" }}
{{- $_ := unset .Values "ncDbHost" }}
+
+ Note: Nextcloud will create an additional new user and password for the admin user
+ on first startup. You can find those credentials in the `/var/www/html/config/config.php` file
+ inside the container.