Skip to content

C
Charts
Commit 03a0d67d authored by sonicaj's avatar sonicaj
Browse files
Options

Correctly configure env variables for reverse proxy using https

parent a19715fb
Hide whitespace changes
Inline Side-by-side
Showing with 3 additions and 40 deletions
test/nextcloud/1.3.6/templates/deployment.yaml
View file @ 03a0d67d
...@@ -34,9 +34,11 @@ spec: {{ include "common.deployment.common_spec" . | nindent 2 }} ...@@ -34,9 +34,11 @@ spec: {{ include "common.deployment.common_spec" . | nindent 2 }}
{{ $envList = mustAppend $envList (dict "name" "POSTGRES_HOST" "value" (printf "%s:5432" (include "common.names.fullname" $postgres_values))) }} {{ $envList = mustAppend $envList (dict "name" "POSTGRES_HOST" "value" (printf "%s:5432" (include "common.names.fullname" $postgres_values))) }}
{{ $envList = mustAppend $envList (dict "name" "POSTGRES_DB" "value" (include "postgres.DatabaseName" .)) }} {{ $envList = mustAppend $envList (dict "name" "POSTGRES_DB" "value" (include "postgres.DatabaseName" .)) }}
{{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_DATA_DIR" "value" .Values.nextcloud.datadir) }} {{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_DATA_DIR" "value" .Values.nextcloud.datadir) }}
{{ if eq (include "nginx.certAvailable" .) "true" }}
{{ $envList = mustAppend $envList (dict "name" "APACHE_DISABLE_REWRITE_IP" "value" "1") }} {{ $envList = mustAppend $envList (dict "name" "APACHE_DISABLE_REWRITE_IP" "value" "1") }}
{{ $envList = mustAppend $envList (dict "name" "OVERWRITEHOST" "value" "ssh.sonicaj.com:39001") }} {{ $envList = mustAppend $envList (dict "name" "OVERWRITEHOST" "value" (printf "%v:%v" .Values.nextcloud.host .Values.service.nodePort)) }}
{{ $envList = mustAppend $envList (dict "name" "OVERWRITEPROTOCOL" "value" "https") }} {{ $envList = mustAppend $envList (dict "name" "OVERWRITEPROTOCOL" "value" "https") }}
{{ end }}
{{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_TRUSTED_DOMAINS" "value" .Values.nextcloud.host) }} {{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_TRUSTED_DOMAINS" "value" .Values.nextcloud.host) }}
{{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_ADMIN_USER" "valueFromSecret" true "secretName" $secretName "secretKey" "nextcloud-username") }} {{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_ADMIN_USER" "valueFromSecret" true "secretName" $secretName "secretKey" "nextcloud-username") }}
{{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_ADMIN_PASSWORD" "valueFromSecret" true "secretName" $secretName "secretKey" "nextcloud-password") }} {{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_ADMIN_PASSWORD" "valueFromSecret" true "secretName" $secretName "secretKey" "nextcloud-password") }}
......
test/nextcloud/1.3.6/templates/nginx-configmap.yaml
View file @ 03a0d67d
...@@ -23,18 +23,6 @@ data: ...@@ -23,18 +23,6 @@ data:
ssl_certificate '/etc/nginx-certs/public.crt'; ssl_certificate '/etc/nginx-certs/public.crt';
ssl_certificate_key '/etc/nginx-certs/private.key'; ssl_certificate_key '/etc/nginx-certs/private.key';
# ssl_session_timeout 120m;
# ssl_session_cache shared:ssl:16m;
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
# ssl_prefer_server_ciphers on;
# ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA:EDH+aRSA:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
# add_header Strict-Transport-Security max-age=31536000;
# add_header X-Content-Type-Options nosniff;
# add_header X-XSS-Protection "1";
# maximum 3GB Upload File; change to fit your needs # maximum 3GB Upload File; change to fit your needs
client_max_body_size 3G; client_max_body_size 3G;
...@@ -67,38 +55,11 @@ data: ...@@ -67,38 +55,11 @@ data:
proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Port $server_port;
# proxy_redirect http://localhost https://ssh.sonicaj.com:39001;
# Proxy timeouts # Proxy timeouts
proxy_connect_timeout 60s; proxy_connect_timeout 60s;
proxy_send_timeout 60s; proxy_send_timeout 60s;
proxy_read_timeout 60s; proxy_read_timeout 60s;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header Connection keep-alive;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header Host $http_host;
# we don't want nginx trying to do something clever with
# redirects, we set the Host: header above already.
# proxy_redirect off;
# proxy_pass http://localhost:80;
# We clear this as we will be adding it in our reverse proxy
# more_clear_headers 'Strict-Transport-Security';
# proxy_pass http://localhost:80;
# set proper x-forwarded-headers
# proxy_set_header 'X-Forwarded-Host' nextcloud.domain.tld;
# proxy_set_header 'X-Forwarded-Proto' https;
# -For and -IP:
# see https://stackoverflow.com/questions/19366090/what-is-the-difference-between-x-forwarded-for-and-x-forwarded-ip
# proxy_set_header 'X-Forwarded-For' $remote_addr;
# proxy_set_header 'X-Forwarded-IP' $remote_addr;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
} }
} }
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment