NAS-123507 / 24.04 / fix URL generation for nextcloud when SSL is enabled (#1465)

* fix URL generation for nextcloud when SSL is enabled * wording * adjust overwritehost variable too * no need for printf * add field to define port for url rewrite * wording * increase 10min to 15min startup time to accomodate slower IO for installes/upgrades
2026-02-13 23:35:36 +08:00 · 2023-08-30 14:58:04 +03:00
parent 96c0a81299
commit 67683ae63e
5 changed files with 43 additions and 3 deletions
--- a/library/ix-dev/charts/nextcloud/Chart.yaml
+++ b/library/ix-dev/charts/nextcloud/Chart.yaml
@@ -4,7 +4,7 @@ description: A file sharing server that puts the control and security of your ow
 annotations:
  title: Nextcloud
 type: application
-version: 1.6.42
+version: 1.6.43
 apiVersion: v2
 appVersion: 27.0.2
 kubeVersion: '>=1.16.0-0'
--- a/library/ix-dev/charts/nextcloud/ci/test-values.yaml
+++ b/library/ix-dev/charts/nextcloud/ci/test-values.yaml
@@ -12,6 +12,8 @@ environmentVariables: []
 ixChartContext: {}
 nginxConfig:
  proxy_timeouts: 120
+  useDifferentAccessPort: true
+  externalPort: 443
 nextcloud:
  datadir: /var/www/html/data
  host: nextcloud.kube.home
--- a/library/ix-dev/charts/nextcloud/questions.yaml
+++ b/library/ix-dev/charts/nextcloud/questions.yaml
@@ -86,6 +86,23 @@ questions:
            min: 30
            default: 60
            required: true
+        - variable: useDifferentAccessPort
+          label: "Use different port for URL rewrites"
+          description: |
+            If enabled, the URL rewrite will use [Access Port] defined below instead of the [Node Port].</br>
+            Note that Nextcloud will still listen on the [Node Port]. (Default 9001)
+          schema:
+            type: boolean
+            default: false
+        - variable: externalAccessPort
+          label: "External Access Port"
+          schema:
+            type: int
+            show_if: [["useDifferentAccessPort", "=", true]]
+            min: 443
+            max: 65535
+            default: 443
+            required: true

  - variable: nextcloud
    description: "Nextcloud configuration details"
--- a/library/ix-dev/charts/nextcloud/templates/deployment.yaml
+++ b/library/ix-dev/charts/nextcloud/templates/deployment.yaml
@@ -83,7 +83,11 @@ spec: {{ include "common.deployment.common_spec" . | nindent 2 }}
        {{ if eq (include "nginx.certAvailable" .) "true" }}
        {{ $envList = mustAppend $envList (dict "name" "APACHE_DISABLE_REWRITE_IP" "value" "1") }}
          {{ if and .Values.nextcloud.host .Values.service.nodePort }}
+            {{ if .Values.nginxConfig.use443 }}
+        {{ $envList = mustAppend $envList (dict "name" "OVERWRITEHOST" "value" .Values.nextcloud.host) }}
+            {{ else }}
        {{ $envList = mustAppend $envList (dict "name" "OVERWRITEHOST" "value" (printf "%v:%v" .Values.nextcloud.host .Values.service.nodePort)) }}
+            {{ end }}
          {{ end }}
        {{ $envList = mustAppend $envList (dict "name" "OVERWRITEPROTOCOL" "value" "https") }}
        {{ $envList = mustAppend $envList (dict "name" "TRUSTED_PROXIES" "value" "127.0.0.1") }}
@@ -154,9 +158,9 @@ spec: {{ include "common.deployment.common_spec" . | nindent 2 }}
              value: localhost
        {{ end }}
          initialDelaySeconds: 60
-          periodSeconds: 5
+          periodSeconds: 10
          timeoutSeconds: 2
-          failureThreshold: 120
+          failureThreshold: 100
          successThreshold: 1
        volumeMounts:
        - name: nextcloud-data
--- a/library/ix-dev/charts/nextcloud/templates/nginx-configmap.yaml
+++ b/library/ix-dev/charts/nextcloud/templates/nginx-configmap.yaml
@@ -6,6 +6,11 @@ data:
  protocol: {{ include "nginx.scheme" . }}
  {{ $timeout := 60 }}
  {{ $size := .Values.nextcloud.max_upload_size | default 3 }}
+  {{ $externalAccessPort := printf ":%v" .Values.nginxConfig.externalAccessPort }}
+  {{/* If its 443, do not append it on the rewrite at all */}}
+  {{ if eq $externalAccessPort ":443" }}
+    {{ $externalAccessPort = "" }}
+  {{ end }}
  {{/* Safely access key as it is conditionaly shown */}}
  {{ if hasKey .Values "nginxConfig" }}
    {{ $timeout = .Values.nginxConfig.proxy_timeouts | default 60 }}
@@ -41,11 +46,19 @@ data:
        }

        location = /.well-known/carddav {
+          {{ if .Values.nginxConfig.useDifferentAccessPort }}
+          return 301 $scheme://$host{{ $externalAccessPort }}/remote.php/dav;
+          {{ else }}
          return 301 $scheme://$host:$server_port/remote.php/dav;
+          {{ end }}
        }

        location = /.well-known/caldav {
+          {{ if .Values.nginxConfig.useDifferentAccessPort }}
+          return 301 $scheme://$host{{ $externalAccessPort }}/remote.php/dav;
+          {{ else }}
          return 301 $scheme://$host:$server_port/remote.php/dav;
+          {{ end }}
        }

        location / {
@@ -62,7 +75,11 @@ data:
          proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto https;
          proxy_set_header X-Forwarded-Host  $host;
+          {{ if .Values.nginxConfig.useDifferentAccessPort }}
+          proxy_set_header X-Forwarded-Port  {{ .Values.nginxConfig.externalAccessPort }};
+          {{ else }}
          proxy_set_header X-Forwarded-Port  $server_port;
+          {{ end }}

          # Proxy timeouts
          proxy_connect_timeout              {{ $timeout }}s;