From 53a7e536aaff54156f0e5886fc67ec6b9d2e28a0 Mon Sep 17 00:00:00 2001 From: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Date: Thu, 27 Jul 2023 20:24:30 +0300 Subject: [PATCH] NAS-122852 / 23.10 / Allow setting timeouts for nginx and upload size to both php and nginx (#1380) * Allow setting timeouts and upload size for nginx when certificate is selected * configure php upload size * expand description * add validation for min values * bump --- library/ix-dev/charts/nextcloud/Chart.yaml | 2 +- .../nextcloud/charts/common-2304.0.1.tgz | Bin 4993 -> 4994 bytes .../charts/nextcloud/ci/test-values.yaml | 3 ++ .../ix-dev/charts/nextcloud/questions.yaml | 32 ++++++++++++++++++ .../nextcloud/templates/deployment.yaml | 9 ++--- .../nextcloud/templates/nginx-configmap.yaml | 22 +++++++----- .../charts/nextcloud/templates/service.yaml | 2 +- 7 files changed, 56 insertions(+), 14 deletions(-) diff --git a/library/ix-dev/charts/nextcloud/Chart.yaml b/library/ix-dev/charts/nextcloud/Chart.yaml index 02906af31c..c3292b7ddc 100644 --- a/library/ix-dev/charts/nextcloud/Chart.yaml +++ b/library/ix-dev/charts/nextcloud/Chart.yaml @@ -4,7 +4,7 @@ description: A file sharing server that puts the control and security of your ow annotations: title: Nextcloud type: application -version: 1.6.36 +version: 1.6.37 apiVersion: v2 appVersion: 27.0.1 kubeVersion: '>=1.16.0-0' diff --git a/library/ix-dev/charts/nextcloud/charts/common-2304.0.1.tgz b/library/ix-dev/charts/nextcloud/charts/common-2304.0.1.tgz index 217c5d97c60cf2ae6caeb2d7c8d8ee30fdfbaeb8..70fb1576bae641af2029e8bb396bfc0b0933f670 100644 GIT binary patch delta 4636 zcmV+%665WGCxR!CJb(Rj+qRPZS%1YIlg_hqH6_`yedC$VoX^gC^)z)daVGC|Zf;zN zge24?zyP2eUF!SWZ}3HeUy^LcO415H*dn=DEP(yuVgW`hO&RT<%@CL20;S1!pT7(S zgTc{gr2h{FgZlr${$TLka5OqRJUlo$J|2BH819db55I%K6Cu#jD7lb`e>Zq^TlLO; zBL!vTJ?4TidIIzP9?G)va@dQJ+aiCDq7x zy;%8|IL#6yvFKk5%;zM+D2iB4Whk>ptAthZKRO=PxqvR_e} z)StJaQT=bji6~_fDHqd2ya$Snx?#K6DFp`4)LEXjq$ z{Nhcp3p+T? zPlo0I3sJ3JTul&3Ab3raMM*Ru8iPaVJOQBvTjW{BxWq9K>O@+<0R&x>TjQ^qc!vs` z2w*2Bk%Yh!8+aWvBN7yXxeI@Q7 zfED(CI2aw(?Emrc(ZSaKZ=z`X{}$628}qKrww`gV5KtTwrDRd^M&Hv;K+OeM+pIge z_bjVt-tABCp&`Swkmkl-#fbR#^lzukIigbx&#yHC1EqoXG?;m3P`{jokcdyQd{aCt zuYIFDlQIijm5hHg$s(3mWcJDje|Pq#fG!NQb`Cm`Izyy}Ut6NEsqc4ThcfBRQAq9m zU1yL0+%4On)9a<-t|)BhnpCg;q8jn9RT}y~A>+Qb?)_`e$$CotKNub#)b;<-XsiD> zQvCSOE#o%{L$U8&cPe)e#;A18lEi8_j%a+EWHWS`r*MDh2V(w&5tMJcER+8TWoS$i zA_;z!0$An$?e90_|M+0EmH$l?>;K7|n~)94GR`tikW{~2>_Izz=LqWnjC8S|C7z$p zIkB!MunbFtWr)W_mjaY!qCX!7jW}!XJ{00CVT)9~)7_KAqT-X&cqNgH z6C?R>DkFc+=#`rn359=!mtO8*}mHsk+?`&<3L ziQ@ZzHhL>&h~pSg#F-GQrQb!5mFUiJl7?bt7--4zo(&&{#wA=oW><#pLzA&`TI4H$ z4wh%(O+Ln)Vu?jaSieX(P_My_DlLv_E0z>dG{t}M-gr@6YjlB-YJH<;uPpJ88r8-S z?6uOjVlmaNe6-djR7galW%aq~?q!Kaffmar;d{G$fI+F|BijtCo$H`Ksk-z=)kTBnKf1j_JUow_qs0aSkR^SSjjamt*NrtW(UsnvN)h(5GHw& zEZ{?q5;7smB4n8!^|1F(Y`Ul6rRt=b0Reww9HCrb5G=*;bD_P>Tulg0VzW?}kd#Oq zgJd9QM8M8?q37}Z@=C!HIt7v8XgBO#Ou#C2gCt^9B0`1D?9=y%gj5;NJrXu7kC>&F|7VmYAoCq*}I}m1f2v_M#XZ{I~uU-D*pkYmulX zSeI-qfxM@bc|&ZG?iJ~SJL`CzyZ3(_`+88J5(ueJg|7=uGL+VQD2@SvFi5pht%9mS zEx8?t0D-%+CR=*-K-IXOwAO^QrYIW1T8@&Mwi=pR?G~}#25-L2((eBoyN0>wUt>Ba zoKYPcec-FW3jhCLFx;>D|NDdE;c)B!Z=(45AKp~M9C3oi3GNR17CaJq_1=^22QYuT z6>aHPF`XS{IK?RgoSK84nU^HSFfnoW{hf$1%tm^;vc zswAL_P?a0J=&GP>OFc5?Y{FBGm4NSR|fSniRnoChVz8OH)I*_YyxhLYsvS3fIW zhH&Q;U^;K#w6c=_9ASRW?6Nud(w1mjzC>B+|B)0;AGrx=RsPq}!ErtRV>H_Oe;X+- zCx8e~CZqSd7*9)LtsxVsBXyKf3|DqBBFDmR`Z zw^IHy#vi*0c-8vUHQ(WF;KGx(Od}M`heR~mR9{=u0V+XbuP&xlfYK! z|NUX({Fme7!Cwc zFI#0gtc3Bl9>briwAz1)njTC8!J^t1Iw@~arZ=XPQUbl%#-2dWWm@0g3Cxk~%0 z@hO(~t?Qr8)Sx)a#|eo_a8o_>XRetTVSzGE=1Afj+=%6Wl|i>v`d{aiKk^KSmFs`U zjr^~}t^c=~qIDAhz*{@#;LW&GM%}uo1oqs&9h3YEK7SpgHqXH8glvQm%6LAc#&k_37WtIOoJZPN%d$f)JZl;)h7Rv7H6e|SU z?z0Kp;Dy;$WPLW}^dX&#P8dae(S15_o3F9lTbby69Xs_kck7w#HlLJ^isy}_LbAnKJAYD3fO8h#Rrg82AL{M6Gs!~O1>+RAw)G>Vxsaz>rUbL{BwT9uog3oUaQF2Q zjm18jUkn6%FO0`n&O!h?mHL0c?~G6gegNN5tF-R-!<+

LJuKQQ-l}K#!O1C5#nA zusMlwynK_zmuBp3S*x_`f5|wS;{G+tvMclZ2_nz`867mve?C4w+Uoy}6uT2jYjBih z?^%+k_!pK_d)njblUfZ-0auf!4K;svC8w-PSt&N~X-3q!GKw&LI;oqM?wC|J!-@?v zXooXYoO<2Ct96F-bNM@XxQ#7KuI%I z4)@W*xbByH0DSxkeasC|3JQY90v zy(yzM2!$E2!(r6>0|uoq$rY2^4h(!qrwQI4|xw*;r|~T zAJy`|_lJiE+x;IKDO$bQ>BYs1znXV#6HL@cWH=%d5-ATWMN2*mW#!q~WKr@>P_l7+yi6xQYr%ogtCM|jOPIa_Olp4)d(6FC@k(3h*i_qnZhWtgvfta8f!mT z4!Uzo9&x4 zlw}pK;%}l<1FKz%Ec>Y@^tdMSrMMN5*{U=@S1nz;~e9eL~{H=SEk5{Oq{xIj$?!MJ_dCx}nn*)3$sHT9G%W zV`D?_-Z~nizB;_%+HD{3E^50bD_pB~yBIc?Axitd-2WpV?EpOK_a6>N`_26y+wVVsjBCUgoJif+&pi?H_$^x=5+gMb3W3?~Up6E=S~dyxp8{s0^&NRl}= zdZfIMXxw`S6i1u@~G7fy-n>%WHlUO4_=-q(NKjoGxX{`w7Ku)_W0- z(M|6~C{y*DaWa4Hz4*W0GkA|UVYz^d^OvF*W}N+wBiRc{j8Wf!bM|{LoQsIXxc`-l zzAje&-@ZIO|K(+v#!u14%KV=}L;eTb@4sxOJcC#EqyA^hKI*UTX@Fku#fyKQzP-G- z{KpBr`|08e&VD+5`wlLy;PUl5_~qs4g73{U%Y*J_U_fM zFJAP_@tQ;cg8%*rCuz0$|Jj*InTeBr-+f6SW|8PimXS!irV8|0AKxna&lJpV2p7sR z&vKqIq4U&L7p9!$nNnWv6U1yvA{b+Ni?R9m$<2R=|D3VZo*OGd==H7$jW8fcm=1!O z2QXpkbzFbf5z0Mq%1IxwY)OJ!B(%bmN{ezF=Mjb!5h^i73Tec2EU0YWBG+F}&V@d0 zSs%g87l5LfcE%7)8A=o-W30Mz{`S|f*L(I1E~w-z&UMO;9Z+-lt$O5(c#hXaQIz+FdQ8oeFyy~pdh7Dav>4_uK(z^>Ye*W z3d+cP%mrce1m?pI%Chou(20@UB7cXX6rX@$td3k{_{3H0%pLCGL4OqX!$Idu_y4b6 zto%!yW(ks5^sWWwa}r?`MJ%T>l-Z+I!aDgM9S>^qe>6JS$^TZ$r%$~Xoioh@U}qle z)OTL=?(RCDKJ7z{Cxl`M46}q)4hdlY?yghOBZJNjq45b^8NgGEFU1nYNPnV}4uDY- zpFRPhQIf|ca`iyCCTz`1l;QwF_ya!VOk%jZvlv8%B7-J;ixZ3l4lmv9Ds+OzI1vhT zztN<577Co;NHYFPUz+wPp)sZsM!J)#GN!Tq{iP@FGnIz?M+p+b(*vJD0j!b#;b=Ij z%m3kEC;wY1TK?b7hycd|T7L~-0Z0IXagyVV6KbqIN)jj2z{bDhND7cMBmr>@5ywd4 zxN}S7j8Kp>Y<&P{{lldS#qyk!`k)ZD=W~?gSis4T5E@w5d;wwWD6v;y?doKbCkeGm z#MLAdm?7~qUKFha3gjxEOvpz=0zjjQA7M|A#{`1!=lkE!gX&|8Dt|07b!~%%;xH)Z z(Yr;aDRxzqrv!hfp+R{fAy}_h+ZAes9$)u$0APjwt1G;s|723oXdula^$;Zc6{Si2 zc`F*#|2CY6QYMjdF+Iflpx9_RjCbRtMoUXCY6SRKBE!*1Nz@+Wu!ldC6BL{!xsaG& zya~Fnhto_hiih2uXdnMpD>Nf!Ak^I7%QY*vKYT%Tn0WF zngc9EwR&+iK_r3THBA;J(ST?S4x#e|gcfX(XBp!X$3UnPY5fKeESuaKf7Qf0RMzEmlpb*S1`~i}a)SKC%Y0lZ~bHfZyfdg@&O%7Ur&zuzo|V_W zQJzVe1+GfQnSW#vODr;b<%7RFds9Fc23k7@OOZN5q=sKxqOhs&yRb)@bml0e_I}qH zBmj5IHt6(vX}Bv2+qovytG}p5{A-nl{!hrbr>%SM+HB|b|E&~1 z{&UOtO~O#@d)G^qy9Z-bI%i2@H5^AYK25S2y3A8J^nU{}f5HgLw_R4re}pnLCJB)Q zKS}|t^Z$m!hWsB74tMgujbi;jnR64eL0QIG#tD+@w~IY!$L}0r9e|N8_OrtC^EoHh z^#qn-iLeaunCMb~vP|^mgP;*-?c9e#oF#0Ls&~43l2}xHavHBBl6aCQ_a8@LYi?sC zA5LY&8GrqqjaN}PMlzc9=7TYosD;iiEfRmJvP%Ek(8;400M_aMgTrS0|KMP!|F=S??B8sLs-hUr2s%wod5K^sg^z4--{!yda7=ry) z`qnI_x|NUCx`YaeXtb(6H{HD~(J0Vj`6PUAmrw9V${4QWfPZmzD+FJ-cG-MLJ^=$!-Zt?V9bLdu}zfUb%GYK>@v< zW6nv8^)gUSBRD#+D?(BhKA>-g0O%re>Wm{O@J>(eQQ)QoAl+(2o+X&rM~_p?HhH>5rT znBS$t$Z?jS2t)Ai0R-24STlc%9vQj(>eUs89)n)ThGNg(ewFYd#dmfIt|eTB%k+)u5K# z4n%;!%d;k1di6lnxS6!pgtVq88p2wRlA5*}np*7^vEBu5zRl9^{~No8x#(SEIwzb_ z9UFb%tH2un|DZn@R{j5B|LAzQ^Z&O|{QM7Zs$q^eLE{835Be575_Sx8v z5MDY3n9kcbt*qrgN0^^8yJ`-;v?bb=FHzR|e5xRh5S!>;jpR(@*si|iIAelH#uotu5={dLvVS~D-mrv3 zh2N#AJAuI4c~RDbySpXt*clVjy~o_DIel#f4{ zWPPnCO5g`83yrHqRk&pRK!2gLl$+Fg9UpepxWioLH<3`sL4 zq}#jYetTHlEv;AlWc?;4v&wRJSH3f84AiVaG#A2mKH#pDrB(lzD-fc0olEk_B(OF5 ze>iBI|8jhEG}!6?ZIr71_m-aA-r}Vi-^-bGutwLn?n*9pmoML#T`W7N;n6!ey``R_ zgB)iGiIC_C$&tjwc zFI#0gtc3A)9>briwAz1)Q;PNS@=~1lhx8)ZCK^(fO!E0GcC`=w&@Z zfqXnGpDte|EjTGu$gb@Q-V=m{!?q}osjmoqof(hLTYalWc%9E(?HBA7r}NZN=??vj z7cQHVT}e*pw7V?ZtaKB-QJrv>7Hga){cN+5{3=H9xgBBxowxSzfoeqCm&`@cT%~>0 z_!P_g*7Z+kYEYcz+kZ zyU!+YgBNC3k@eY>(}#2}I$;#?#q!gE+kB1H-pWMp>)5NWxm(Yq+k8?wDxNoz5+Mkk zs@n>`?te%v0nS-`SKTK8f2g-x;A0`~beAR%zYuhdBxI)I+FeqQV1`fgUg2OBgGL zU~>}Vc=aZWFU{DyvQcT*|B`Vu#l35kWmo3+6C$4fGdgIT|9pHr+UftT6uT2jYjBih z?^%+k_!pK_d)njrlUof;0oRkL4K;r+OHNsrvQli|(~PKdWfWohbW%4h%VSc@8CGnW zL6TkEzMH0Z%izI42yQ7eDQ=8DMww1U^;Hoi=+3 z-7FQybsLrm-Tjw_nBr_z$9n1&iEtd-lqogOlt~a+29^5$*`~#5*X>6_KQe#KlzepD zV(0Qv?Vx#E8!?hd*v&(=R-VsUa;|Wk{0Ih@53I+;yWx{tFiCN%KwJ!WqYqYCxD8+a zWQY6joTcPn22D`X)Ox_|@!qrwQI4|xw*uA@YBf#@Y*3 zgYMlDIb*pj?gd_R1w7`Q@#|DfbrlzzxuDv5*IH)U?B9<+?=!zQ!>XC zGR6|X;S_%BrBwDLqBlLkQmjCK10rnA+ZpB<2?O<;^2bW}-*k|USSs*Glx7JQp*}LB z-USzE!yjNzXWJJY?sv`DcVT}ok+A1({{ac6T{x(sa_DsQ$Qzb=bMB)hOWJGBY>n17 zQie_FO~~1Rq=6zy#^Y;qQs4EQB`u`gtFhu({U!nW{QemdEdx^(jt36C*YxU5w}tGZ zEUS1Ge-ot|SnpC~*-tg0$2E~J#jS|UR;Bs5YU$b?$JFX>)ET6#Qh$GsXdgC5L^Wh< zZ?+)YcwAxGE5Is^=o(()^c6FsPe^?D-013$pB=Y7$91K;$fagXH*~sY+E!0NEAr-a zY;EY>TSsHm*M}EeyX^zMjM`e0!T@0Jc5T*TJ?f;RFb^xCA`wxesVRQe-?)>+y zlxl8L>G$b%Ci1ZmfH8j(I0i<+#uip5D{U4vsKv9^DwyY9;KIGA#=?F1Pf@s$0x8$~ zo>w9z4p;FKydkcZ@8x_uZ=+WJ!x>IeGNp{;&)>#c`9Ca!nKkib@X|F^yM$t{4!G!4JenN4ZbzX#H zbklhe%2fSkoJ@Z^FaEFd4BjJ7ST5k={H5rG8E3!aNOnRJW7IR?oc-Pj=OSV;?tSH= zuZxxcw=Yl6e|Z_E@l&+1HvgyJkpKSf`!Cxm&)}8)sQ=ljkNT^78lcm8@#3GSZ!a${ z|8WBEe!94Vv!71izJrS^xP1K%etCI%`3~N_hW~mA7ngrm?@nL6dU+1#7jIvly?gcR zix(Ypye1KV;J<&uNm_0GfA(flX5ysRb6*mOStNRrWhBzBsRF&$$G3{!GX>KP;X*m) zSm#`N0#G#5&KQCzLy4kfj8#|8-~JkQI?tZL1(lq|xlY-!18NSxwV64>^}5(BIKxSX zxq#aliDnQXTAb=E8N_&w6P5wRw~nk_ryJ=BYD^ + - proxy_connect_timeout
+ - proxy_send_timeout
+ - proxy_read_timeout
+ schema: + type: int + min: 30 + default: 60 + required: true + - variable: nextcloud description: "Nextcloud configuration details" label: "Nextcloud Configuration" @@ -116,6 +137,17 @@ questions: schema: type: boolean default: false + - variable: max_upload_size + label: "Max Upload Size (Giga Bytes)" + description: | + Applies the timeout to the following settings:
+ - client_max_body_size in nginx
+ - post_max_size and upload_max_filesize in php
+ schema: + type: int + default: 3 + min: 1 + required: true - variable: cronjob description: "Setup cronjob for nextcloud" diff --git a/library/ix-dev/charts/nextcloud/templates/deployment.yaml b/library/ix-dev/charts/nextcloud/templates/deployment.yaml index 3ed0bedeb5..1f73b03050 100644 --- a/library/ix-dev/charts/nextcloud/templates/deployment.yaml +++ b/library/ix-dev/charts/nextcloud/templates/deployment.yaml @@ -26,13 +26,13 @@ spec: {{ include "common.deployment.common_spec" . | nindent 2 }} containerPort: 8000 protocol: TCP - name: nginx-https - containerPort: 443 + containerPort: {{ .Values.service.nodePort }} protocol: TCP livenessProbe: httpGet: scheme: HTTPS path: /status.php - port: 443 + port: {{ .Values.service.nodePort }} httpHeaders: - name: Host value: localhost @@ -45,7 +45,7 @@ spec: {{ include "common.deployment.common_spec" . | nindent 2 }} httpGet: scheme: HTTPS path: /status.php - port: 443 + port: {{ .Values.service.nodePort }} httpHeaders: - name: Host value: localhost @@ -58,7 +58,7 @@ spec: {{ include "common.deployment.common_spec" . | nindent 2 }} httpGet: scheme: HTTPS path: /status.php - port: 443 + port: {{ .Values.service.nodePort }} httpHeaders: - name: Host value: localhost @@ -77,6 +77,7 @@ spec: {{ include "common.deployment.common_spec" . | nindent 2 }} {{ $envList = mustAppend $envList (dict "name" "POSTGRES_HOST" "value" (printf "%s:5432" (include "common.names.fullname" $postgres_values))) }} {{ $envList = mustAppend $envList (dict "name" "POSTGRES_DB" "value" (include "postgres.DatabaseName" .)) }} {{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_DATA_DIR" "value" .Values.nextcloud.datadir) }} + {{ $envList = mustAppend $envList (dict "name" "PHP_UPLOAD_LIMIT" "value" (printf "%vG" (.Values.nextcloud.max_upload_size | default 3))) }} {{ if eq (include "nginx.certAvailable" .) "true" }} {{ $envList = mustAppend $envList (dict "name" "APACHE_DISABLE_REWRITE_IP" "value" "1") }} {{ if and .Values.nextcloud.host .Values.service.nodePort }} diff --git a/library/ix-dev/charts/nextcloud/templates/nginx-configmap.yaml b/library/ix-dev/charts/nextcloud/templates/nginx-configmap.yaml index a10f4bde6d..f33e4e24d0 100644 --- a/library/ix-dev/charts/nextcloud/templates/nginx-configmap.yaml +++ b/library/ix-dev/charts/nextcloud/templates/nginx-configmap.yaml @@ -4,6 +4,12 @@ metadata: name: "nginx-configuration" data: protocol: {{ include "nginx.scheme" . }} + {{ $timeout := 60 }} + {{ $size := .Values.nextcloud.max_upload_size | default 3 }} + {{/* Safely access key as it is conditionaly shown */}} + {{ if hasKey .Values "nginxConfig" }} + {{ $timeout = .Values.nginxConfig.proxy_timeouts | default 60 }} + {{ end }} nginx.conf: |- events {} http { @@ -17,14 +23,14 @@ data: server { server_name localhost; - listen 443 ssl http2; - listen [::]:433 ssl http2; + listen {{ .Values.service.nodePort }} ssl http2; + listen [::]:{{ .Values.service.nodePort }} ssl http2; ssl_certificate '/etc/nginx-certs/public.crt'; ssl_certificate_key '/etc/nginx-certs/private.key'; # maximum 3GB Upload File; change to fit your needs - client_max_body_size 3G; + client_max_body_size {{ $size }}G; add_header Strict-Transport-Security "max-age=15552000; includeSubDomains; preload" always; @@ -35,11 +41,11 @@ data: } location = /.well-known/carddav { - return 301 $scheme://$host/remote.php/dav; + return 301 $scheme://$host:$server_port/remote.php/dav; } location = /.well-known/caldav { - return 301 $scheme://$host/remote.php/dav; + return 301 $scheme://$host:$server_port/remote.php/dav; } location / { @@ -59,9 +65,9 @@ data: proxy_set_header X-Forwarded-Port $server_port; # Proxy timeouts - proxy_connect_timeout 60s; - proxy_send_timeout 60s; - proxy_read_timeout 60s; + proxy_connect_timeout {{ $timeout }}s; + proxy_send_timeout {{ $timeout }}s; + proxy_read_timeout {{ $timeout }}s; } } } diff --git a/library/ix-dev/charts/nextcloud/templates/service.yaml b/library/ix-dev/charts/nextcloud/templates/service.yaml index 14c751eada..5be80aba7f 100644 --- a/library/ix-dev/charts/nextcloud/templates/service.yaml +++ b/library/ix-dev/charts/nextcloud/templates/service.yaml @@ -1,7 +1,7 @@ {{ $svc := .Values.service }} {{ $ports := list }} {{ if eq (include "nginx.certAvailable" .) "true" }} -{{ $ports = mustAppend $ports (dict "name" "nginx-https" "targetPort" 443 "port" 443 "nodePort" $svc.nodePort) }} +{{ $ports = mustAppend $ports (dict "name" "nginx-https" "targetPort" .Values.service.nodePort "port" .Values.service.nodePort "nodePort" $svc.nodePort) }} {{ else }} {{ $ports = mustAppend $ports (dict "name" "http" "port" 80 "nodePort" $svc.nodePort) }} {{ end }}