vynil/domain
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Sébastien Huss
2024-01-25 17:43:46 +01:00
parent e066715b9b
commit 0727fca591
124 changed files with 1848 additions and 1796 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
apps/nextcloud/apps_v1_Deployment_nextcloud-metrics.yaml
View File

@@ -5,7 +5,7 @@ metadata:
name: nextcloud-metrics
labels:
app.kubernetes.io/name: nextcloud
helm.sh/chart: nextcloud-4.3.6
helm.sh/chart: nextcloud-4.5.11
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: metrics
@@ -27,7 +27,7 @@ spec:
spec:
containers:
- name: metrics-exporter
image: "xperimental/nextcloud-exporter:0.6.1"
image: "xperimental/nextcloud-exporter:0.6.2"
imagePullPolicy: IfNotPresent
env:
- name: NEXTCLOUD_USERNAME
@@ -41,8 +41,8 @@ spec:
name: nextcloud
key: nextcloud-password
# NEXTCLOUD_SERVER is used by metrics-exporter to reach the Nextcloud (K8s-)Service to grab the serverinfo api endpoint
- name: NEXTCLOUD_SERVER
value: http://nextcloud:80
- name: NEXTCLOUD_SERVER # deployment.namespace.svc.cluster.local
value: "http://nextcloud.vynil-cloud.svc.cluster.local:80"
- name: NEXTCLOUD_TIMEOUT
value: 5s
- name: NEXTCLOUD_TLS_SKIP_VERIFY

294
apps/nextcloud/apps_v1_Deployment_nextcloud.yaml
View File

@@ -5,7 +5,7 @@ metadata:
name: nextcloud
labels:
app.kubernetes.io/name: nextcloud
helm.sh/chart: nextcloud-4.3.6
helm.sh/chart: nextcloud-4.5.11
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: app
@@ -30,154 +30,154 @@ spec:
nginx-config-hash: 18dd8f905a93ed27f032e9ae68084222ed7e5926f7144cda17b979780f4da54b
spec:
containers:
- name: nextcloud
image: nextcloud:27.1.3-apache
imagePullPolicy: IfNotPresent
env:
- name: POSTGRES_HOST
value:
- name: POSTGRES_DB
value: "nextcloud"
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: nextcloud-db
key: username
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: nextcloud-db
key: password
- name: NEXTCLOUD_ADMIN_USER
valueFrom:
secretKeyRef:
name: nextcloud
key: nextcloud-username
- name: NEXTCLOUD_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: nextcloud
key: nextcloud-password
- name: NEXTCLOUD_TRUSTED_DOMAINS
value: nextcloud.kube.home
- name: NEXTCLOUD_UPDATE
value: "1"
- name: NEXTCLOUD_DATA_DIR
value: "/var/www/html/data"
resources:
{}
volumeMounts:
- name: nextcloud-main
mountPath: /var/www/
subPath: root
- name: nextcloud-main
mountPath: /var/www/html
subPath: html
- name: nextcloud-main
mountPath: /var/www/html/data
subPath: data
- name: nextcloud-main
mountPath: /var/www/html/config
subPath: config
- name: nextcloud-main
mountPath: /var/www/html/custom_apps
subPath: custom_apps
- name: nextcloud-main
mountPath: /var/www/tmp
subPath: tmp
- name: nextcloud-main
mountPath: /var/www/html/themes
subPath: themes
- name: nextcloud-config
mountPath: /var/www/html/config/locale.config.php
subPath: locale.config.php
- name: nextcloud-config
mountPath: /var/www/html/config/redis.config.php
subPath: redis.config.php
- name: nextcloud-config
mountPath: /var/www/html/config/.htaccess
subPath: .htaccess
- name: nextcloud-config
mountPath: /var/www/html/config/apcu.config.php
subPath: apcu.config.php
- name: nextcloud-config
mountPath: /var/www/html/config/apps.config.php
subPath: apps.config.php
- name: nextcloud-config
mountPath: /var/www/html/config/autoconfig.php
subPath: autoconfig.php
- name: nextcloud-config
mountPath: /var/www/html/config/smtp.config.php
subPath: smtp.config.php
- name: nextcloud-nginx
image: "nginx:alpine"
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
protocol: TCP
livenessProbe:
httpGet:
path: /status.php
port: http
httpHeaders:
- name: Host
value: "nextcloud.kube.home"
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /status.php
port: 80
httpHeaders:
- name: Host
value: "nextcloud.kube.home"
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
- name: nextcloud
image: nextcloud:28.0.1-apache
imagePullPolicy: IfNotPresent
env:
- name: POSTGRES_HOST
value:
- name: POSTGRES_DB
value: "nextcloud"
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: nextcloud-db
key: username
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: nextcloud-db
key: password
- name: NEXTCLOUD_ADMIN_USER
valueFrom:
secretKeyRef:
name: nextcloud
key: nextcloud-username
- name: NEXTCLOUD_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: nextcloud
key: nextcloud-password
- name: NEXTCLOUD_TRUSTED_DOMAINS
value: nextcloud.kube.home
- name: NEXTCLOUD_UPDATE
value: "1"
- name: NEXTCLOUD_DATA_DIR
value: "/var/www/html/data"
resources:
{}
volumeMounts:
- name: nextcloud-main
mountPath: /var/www/
subPath: root
- name: nextcloud-main
mountPath: /var/www/html
subPath: html
- name: nextcloud-main
mountPath: /var/www/html/data
subPath: data
- name: nextcloud-main
mountPath: /var/www/html/config
subPath: config
- name: nextcloud-main
mountPath: /var/www/html/custom_apps
subPath: custom_apps
- name: nextcloud-main
mountPath: /var/www/tmp
subPath: tmp
- name: nextcloud-main
mountPath: /var/www/html/themes
subPath: themes
- name: nextcloud-config
mountPath: /var/www/html/config/locale.config.php
subPath: locale.config.php
- name: nextcloud-config
mountPath: /var/www/html/config/redis.config.php
subPath: redis.config.php
- name: nextcloud-config
mountPath: /var/www/html/config/.htaccess
subPath: .htaccess
- name: nextcloud-config
mountPath: /var/www/html/config/apcu.config.php
subPath: apcu.config.php
- name: nextcloud-config
mountPath: /var/www/html/config/apps.config.php
subPath: apps.config.php
- name: nextcloud-config
mountPath: /var/www/html/config/autoconfig.php
subPath: autoconfig.php
- name: nextcloud-config
mountPath: /var/www/html/config/smtp.config.php
subPath: smtp.config.php
- name: nextcloud-nginx
image: "nginx:alpine"
imagePullPolicy: IfNotPresent
ports:
- name: http
protocol: TCP
containerPort: 80
livenessProbe:
httpGet:
path: /status.php
port: 80
httpHeaders:
- name: Host
value: "nextcloud.kube.home"
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /status.php
port: 80
httpHeaders:
- name: Host
value: "nextcloud.kube.home"
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
resources:
{}
volumeMounts:
- name: nextcloud-main
mountPath: /var/www/
subPath: root
- name: nextcloud-main
mountPath: /var/www/html
subPath: html
- name: nextcloud-main
mountPath: /var/www/html/data
subPath: data
- name: nextcloud-main
mountPath: /var/www/html/config
subPath: config
- name: nextcloud-main
mountPath: /var/www/html/custom_apps
subPath: custom_apps
- name: nextcloud-main
mountPath: /var/www/tmp
subPath: tmp
- name: nextcloud-main
mountPath: /var/www/html/themes
subPath: themes
- name: nextcloud-nginx-config
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
resources:
{}
volumeMounts:
- name: nextcloud-main
mountPath: /var/www/
subPath: root
- name: nextcloud-main
mountPath: /var/www/html
subPath: html
- name: nextcloud-main
mountPath: /var/www/html/data
subPath: data
- name: nextcloud-main
mountPath: /var/www/html/config
subPath: config
- name: nextcloud-main
mountPath: /var/www/html/custom_apps
subPath: custom_apps
- name: nextcloud-main
mountPath: /var/www/tmp
subPath: tmp
- name: nextcloud-main
mountPath: /var/www/html/themes
subPath: themes
- name: nextcloud-nginx-config
mountPath: /etc/nginx/conf.d/
volumes:
- name: nextcloud-main
persistentVolumeClaim:
claimName: nextcloud-nextcloud
- name: nextcloud-config
configMap:
name: nextcloud-config
- name: nextcloud-nginx-config
configMap:
name: nextcloud-nginxconfig
- name: nextcloud-main
persistentVolumeClaim:
claimName: nextcloud-nextcloud
- name: nextcloud-config
configMap:
name: nextcloud-config
- name: nextcloud-nginx-config
configMap:
name: nextcloud-nginxconfig
securityContext:
# Will mount configuration files as www-data (id: 82) for nextcloud
fsGroup: 82

2
apps/nextcloud/autoscaling_v1_HorizontalPodAutoscaler_nextcloud.yaml
View File

@@ -5,7 +5,7 @@ metadata:
name: nextcloud
labels:
app.kubernetes.io/name: nextcloud
helm.sh/chart: nextcloud-4.3.6
helm.sh/chart: nextcloud-4.5.11
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: app

2
apps/nextcloud/datas.tf
View File

@@ -1,4 +1,6 @@
locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
common-labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace

376
apps/nextcloud/index.yaml
View File

@@ -6,26 +6,6 @@ metadata:
name: nextcloud
description: null
options:
postgres:
default:
replicas: 1
storage: 5Gi
version: '14'
examples:
- replicas: 1
storage: 5Gi
version: '14'
properties:
replicas:
default: 1
type: integer
storage:
default: 5Gi
type: string
version:
default: '14'
type: string
type: object
admin:
default:
name: nextcloud_admin
@@ -36,126 +16,68 @@ options:
default: nextcloud_admin
type: string
type: object
domain-name:
default: your_company.com
domain:
default: your-company
examples:
- your_company.com
type: string
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
- your-company
type: string
app-group:
default: ''
examples:
- ''
type: string
backups:
default:
enable: false
endpoint: ''
key-id-key: s3-id
restic-key: bck-password
retention:
db: 30d
keepDaily: 14
keepMonthly: 12
keepWeekly: 6
keepYearly: 12
schedule:
backup: 30 3 * * *
check: 30 5 * * 1
db: 30 3 * * *
prune: 30 1 * * 0
secret-key: s3-secret
secret-name: backup-settings
use-barman: false
openid-name:
default: vynil
examples:
- enable: false
endpoint: ''
key-id-key: s3-id
restic-key: bck-password
retention:
db: 30d
keepDaily: 14
keepMonthly: 12
keepWeekly: 6
keepYearly: 12
schedule:
backup: 30 3 * * *
check: 30 5 * * 1
db: 30 3 * * *
prune: 30 1 * * 0
secret-key: s3-secret
secret-name: backup-settings
use-barman: false
- vynil
type: string
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
ingress-class:
default: traefik
examples:
- traefik
type: string
redis:
default:
exporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.44.0
image: quay.io/opstree/redis:v7.0.12
storage: 2Gi
examples:
- exporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.44.0
image: quay.io/opstree/redis:v7.0.12
storage: 2Gi
properties:
enable:
default: false
type: boolean
endpoint:
default: ''
type: string
key-id-key:
default: s3-id
type: string
restic-key:
default: bck-password
type: string
retention:
exporter:
default:
db: 30d
keepDaily: 14
keepMonthly: 12
keepWeekly: 6
keepYearly: 12
enabled: true
image: quay.io/opstree/redis-exporter:v1.44.0
properties:
db:
default: 30d
type: string
keepDaily:
default: 14
type: integer
keepMonthly:
default: 12
type: integer
keepWeekly:
default: 6
type: integer
keepYearly:
default: 12
type: integer
type: object
schedule:
default:
backup: 30 3 * * *
check: 30 5 * * 1
db: 30 3 * * *
prune: 30 1 * * 0
properties:
backup:
default: 30 3 * * *
type: string
check:
default: 30 5 * * 1
type: string
db:
default: 30 3 * * *
type: string
prune:
default: 30 1 * * 0
enabled:
default: true
type: boolean
image:
default: quay.io/opstree/redis-exporter:v1.44.0
type: string
type: object
secret-key:
default: s3-secret
image:
default: quay.io/opstree/redis:v7.0.12
type: string
secret-name:
default: backup-settings
storage:
default: 2Gi
type: string
use-barman:
default: false
type: boolean
type: object
storage:
default:
@@ -176,41 +98,6 @@ options:
default: 10Gi
type: string
type: object
sub-domain:
default: files
examples:
- files
type: string
ingress-class:
default: traefik
examples:
- traefik
type: string
hpa:
default:
avg-cpu: 50
max-replicas: 5
min-replicas: 1
examples:
- avg-cpu: 50
max-replicas: 5
min-replicas: 1
properties:
avg-cpu:
default: 50
type: integer
max-replicas:
default: 5
type: integer
min-replicas:
default: 1
type: integer
type: object
domain:
default: your-company
examples:
- your-company
type: string
images:
default:
collabora:
@@ -374,43 +261,131 @@ options:
type: string
type: object
type: object
openid-name:
default: vynil
examples:
- vynil
type: string
redis:
hpa:
default:
exporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.44.0
image: quay.io/opstree/redis:v7.0.12
storage: 2Gi
avg-cpu: 50
max-replicas: 5
min-replicas: 1
examples:
- exporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.44.0
image: quay.io/opstree/redis:v7.0.12
storage: 2Gi
- avg-cpu: 50
max-replicas: 5
min-replicas: 1
properties:
exporter:
avg-cpu:
default: 50
type: integer
max-replicas:
default: 5
type: integer
min-replicas:
default: 1
type: integer
type: object
backups:
default:
enable: false
endpoint: ''
key-id-key: s3-id
restic-key: bck-password
retention:
db: 30d
keepDaily: 14
keepMonthly: 12
keepWeekly: 6
keepYearly: 12
schedule:
backup: 30 3 * * *
check: 30 5 * * 1
db: 30 3 * * *
prune: 30 1 * * 0
secret-key: s3-secret
secret-name: backup-settings
use-barman: false
examples:
- enable: false
endpoint: ''
key-id-key: s3-id
restic-key: bck-password
retention:
db: 30d
keepDaily: 14
keepMonthly: 12
keepWeekly: 6
keepYearly: 12
schedule:
backup: 30 3 * * *
check: 30 5 * * 1
db: 30 3 * * *
prune: 30 1 * * 0
secret-key: s3-secret
secret-name: backup-settings
use-barman: false
properties:
enable:
default: false
type: boolean
endpoint:
default: ''
type: string
key-id-key:
default: s3-id
type: string
restic-key:
default: bck-password
type: string
retention:
default:
enabled: true
image: quay.io/opstree/redis-exporter:v1.44.0
db: 30d
keepDaily: 14
keepMonthly: 12
keepWeekly: 6
keepYearly: 12
properties:
enabled:
default: true
type: boolean
image:
default: quay.io/opstree/redis-exporter:v1.44.0
db:
default: 30d
type: string
keepDaily:
default: 14
type: integer
keepMonthly:
default: 12
type: integer
keepWeekly:
default: 6
type: integer
keepYearly:
default: 12
type: integer
type: object
schedule:
default:
backup: 30 3 * * *
check: 30 5 * * 1
db: 30 3 * * *
prune: 30 1 * * 0
properties:
backup:
default: 30 3 * * *
type: string
check:
default: 30 5 * * 1
type: string
db:
default: 30 3 * * *
type: string
prune:
default: 30 1 * * 0
type: string
type: object
image:
default: quay.io/opstree/redis:v7.0.12
secret-key:
default: s3-secret
type: string
storage:
default: 2Gi
secret-name:
default: backup-settings
type: string
use-barman:
default: false
type: boolean
type: object
apps:
default:
@@ -502,6 +477,31 @@ options:
default: true
type: boolean
type: object
postgres:
default:
replicas: 1
storage: 5Gi
version: '14'
examples:
- replicas: 1
storage: 5Gi
version: '14'
properties:
replicas:
default: 1
type: integer
storage:
default: 5Gi
type: string
version:
default: '14'
type: string
type: object
sub-domain:
default: files
examples:
- files
type: string
dependencies:
- dist: null
category: share

2
apps/nextcloud/monitoring.coreos.com_v1_ServiceMonitor_nextcloud.yaml
View File

@@ -6,7 +6,7 @@ metadata:
namespace: "vynil-cloud"
labels:
app.kubernetes.io/name: nextcloud
helm.sh/chart: nextcloud-4.3.6
helm.sh/chart: nextcloud-4.5.11
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: metrics

2
apps/nextcloud/v1_ConfigMap_nextcloud-config.yaml
View File

@@ -5,7 +5,7 @@ metadata:
name: nextcloud-config
labels:
app.kubernetes.io/name: nextcloud
helm.sh/chart: nextcloud-4.3.6
helm.sh/chart: nextcloud-4.5.11
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
data:

245
apps/nextcloud/v1_ConfigMap_nextcloud-nginxconfig.yaml
View File

@@ -5,169 +5,140 @@ metadata:
name: nextcloud-nginxconfig
labels:
app.kubernetes.io/name: nextcloud
helm.sh/chart: nextcloud-4.3.6
helm.sh/chart: nextcloud-4.5.11
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
data:
nginx.conf: |-
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /tmp/nginx.pid;
events {
worker_connections 1024;
default.conf: |-
upstream php-handler {
server 127.0.0.1:9000;
}
server {
listen 80;
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
# HSTS settings
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
access_log /var/log/nginx/access.log main;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
sendfile on;
#tcp_nopush on;
# Pagespeed is not supported by Nextcloud, so if your server is built
# with the `ngx_pagespeed` module, uncomment this line to disable it.
#pagespeed off;
keepalive_timeout 65;
# HTTP response headers borrowed from Nextcloud `.htaccess`
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-XSS-Protection "1; mode=block" always;
#gzip on;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
upstream php-handler {
server 127.0.0.1:9000;
# Path to the root of your installation
root /var/www/html;
# Specify how to handle directories -- specifying `/index.php$request_uri`
# here as the fallback means that Nginx always exhibits the desired behaviour
# when a client requests a path that corresponds to a directory that exists
# on the server. In particular, if that directory contains an index.php file,
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
# `try_files $uri $uri/ /index.php$request_uri`
# always provides the desired behaviour.
index index.php index.html /index.php$request_uri;
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
location = / {
if ( $http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/$is_args$args;
}
}
server {
listen 80;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# HSTS settings
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# Make a regex exception for `/.well-known` so that clients can still
# access it despite the existence of the regex rule
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
# for `/.well-known`.
location ^~ /.well-known {
# The following 6 rules are borrowed from `.htaccess`
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
# Anything else is dynamically handled by Nextcloud
location ^~ /.well-known { return 301 /index.php$uri; }
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
try_files $uri $uri/ =404;
}
# Pagespeed is not supported by Nextcloud, so if your server is built
# with the `ngx_pagespeed` module, uncomment this line to disable it.
#pagespeed off;
# Rules borrowed from `.htaccess` to hide certain paths from clients
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
# HTTP response headers borrowed from Nextcloud `.htaccess`
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-XSS-Protection "1; mode=block" always;
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
# to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) {
# Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
# Path to the root of your installation
root /var/www/html;
try_files $fastcgi_script_name =404;
# Specify how to handle directories -- specifying `/index.php$request_uri`
# here as the fallback means that Nginx always exhibits the desired behaviour
# when a client requests a path that corresponds to a directory that exists
# on the server. In particular, if that directory contains an index.php file,
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
# `try_files $uri $uri/ /index.php$request_uri`
# always provides the desired behaviour.
index index.php index.html /index.php$request_uri;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
#fastcgi_param HTTPS on;
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
location = / {
if ( $http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/$is_args$args;
}
}
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass php-handler;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
# Make a regex exception for `/.well-known` so that clients can still
# access it despite the existence of the regex rule
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
# for `/.well-known`.
location ^~ /.well-known {
# The following 6 rules are borrowed from `.htaccess`
location ~ \.(?:css|js|svg|gif)$ {
try_files $uri /index.php$request_uri;
expires 6M; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
# Anything else is dynamically handled by Nextcloud
location ^~ /.well-known { return 301 /index.php$uri; }
location ~ \.woff2?$ {
try_files $uri /index.php$request_uri;
expires 7d; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
try_files $uri $uri/ =404;
}
# Rules borrowed from `.htaccess` to hide certain paths from clients
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
# to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) {
# Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
#fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ \.(?:css|js|svg|gif)$ {
try_files $uri /index.php$request_uri;
expires 6M; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
location ~ \.woff2?$ {
try_files $uri /index.php$request_uri;
expires 7d; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
location / {
try_files $uri $uri/ /index.php$request_uri;
}
location / {
try_files $uri $uri/ /index.php$request_uri;
}
}

2
apps/nextcloud/v1_PersistentVolumeClaim_nextcloud-nextcloud.yaml
View File

@@ -5,7 +5,7 @@ metadata:
name: nextcloud-nextcloud
labels:
app.kubernetes.io/name: nextcloud
helm.sh/chart: nextcloud-4.3.6
helm.sh/chart: nextcloud-4.5.11
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: app

2
apps/nextcloud/v1_Service_nextcloud-metrics.yaml
View File

@@ -5,7 +5,7 @@ metadata:
name: nextcloud-metrics
labels:
app.kubernetes.io/name: nextcloud
helm.sh/chart: nextcloud-4.3.6
helm.sh/chart: nextcloud-4.5.11
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: metrics

2
apps/nextcloud/v1_Service_nextcloud.yaml
View File

@@ -5,7 +5,7 @@ metadata:
name: nextcloud
labels:
app.kubernetes.io/name: nextcloud
helm.sh/chart: nextcloud-4.3.6
helm.sh/chart: nextcloud-4.5.11
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: app