truenas/chart
1
0
Fork 0
mirror of https://github.com/truenas/charts.git synced 2026-04-13 17:52:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add nginx configuration for nextcloud

Browse Source
This commit is contained in:
sonicaj
2021-10-11 18:36:19 +05:00
parent 12efaafa91
commit 3e731e377f
3 changed files with 136 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
test/nextcloud/1.3.6/ix_values.yaml
View File

@@ -2,3 +2,8 @@ image:
pullPolicy: IfNotPresent
repository: nextcloud
tag: '22.2'
nginx:
image:
repository: nginx
tag: 1.21.3
pullPolicy: IfNotPresent

79
test/nextcloud/1.3.6/templates/_nginx.tpl Normal file
View File

@@ -0,0 +1,79 @@
{{/*
Retrieve true/false if certificate is configured
*/}}
{{- define "nginx.certAvailable" -}}
{{- if .Values.certificate -}}
{{- $values := (. | mustDeepCopy) -}}
{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate) -}}
{{- template "common.resources.cert_present" $values -}}
{{- else -}}
{{- false -}}
{{- end -}}
{{- end -}}
{{/*
Retrieve public key of certificate
*/}}
{{- define "nginx.cert.publicKey" -}}
{{- $values := (. | mustDeepCopy) -}}
{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate "publicKey" true) -}}
{{ include "common.resources.cert" $values }}
{{- end -}}
{{/*
Retrieve private key of certificate
*/}}
{{- define "nginx.cert.privateKey" -}}
{{- $values := (. | mustDeepCopy) -}}
{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate) -}}
{{ include "common.resources.cert" $values }}
{{- end -}}
{{/*
Retrieve configured protocol scheme for nextcloud
*/}}
{{- define "nginx.scheme" -}}
{{- if eq (include "nginx.certAvailable" .) "true" -}}
{{- print "https" -}}
{{- else -}}
{{- print "http" -}}
{{- end -}}
{{- end -}}
{{/*
Retrieve nginx certificate secret name
*/}}
{{- define "nginx.secretName" -}}
{{- print "nginx-secret" -}}
{{- end -}}
{{/*
Formats volumeMount for tls keys and trusted certs
*/}}
{{- define "nginx.tlsKeysVolumeMount" -}}
{{- if eq (include "nginx.certAvailable" .) "true" -}}
- name: cert-secret-volume
mountPath: "/etc/nginx"
{{- end -}}
{{- end -}}
{{/*
Formats volume for tls keys and trusted certs
*/}}
{{- define "nginx.tlsKeysVolume" -}}
{{- if eq (include "nginx.certAvailable" .) "true" -}}
- name: cert-secret-volume
secret:
secretName: {{ include "nginx.secretName" . }}
items:
- key: certPublicKey
path: public.crt
- key: certPrivateKey
path: private.key
{{- end -}}
{{- end -}}

52
test/nextcloud/1.3.6/templates/nginx-configmap.yaml Normal file
View File

@@ -0,0 +1,52 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: "nginx-configuration"
data:
config: |-
http {
# redirects all http requests to https requests
server {
listen 80 default_server;
listen [::]:80 default_server;
return 301 https://$host$request_uri;
}
server {
server_name localhost;
listen 443 ssl http2;
listen [::]:433 ssl http2;
ssl_certificate /etc/nginx/public.crt
ssl_certificate_key /etc/nginx/private.key
ssl_session_timeout 120m;
ssl_session_cache shared:ssl:16m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA:EDH+aRSA:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
add_header Strict-Transport-Security max-age=31536000;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1";
# maximum 3GB Upload File; change to fit your needs
client_max_body_size 3G;
location / {
# We clear this as we will be adding it in our reverse proxy
more_clear_headers 'Strict-Transport-Security';
proxy_pass http://localhost:80;
# set proper x-forwarded-headers
# proxy_set_header 'X-Forwarded-Host' nextcloud.domain.tld;
# proxy_set_header 'X-Forwarded-Proto' https;
# -For and -IP:
# see https://stackoverflow.com/questions/19366090/what-is-the-difference-between-x-forwarded-for-and-x-forwarded-ip
proxy_set_header 'X-Forwarded-For' $remote_addr;
proxy_set_header 'X-Forwarded-IP' $remote_addr;
}
}
}