diff --git a/charts/nextcloud/Chart.yaml b/charts/nextcloud/Chart.yaml index 212620b8..9a8bf00f 100644 --- a/charts/nextcloud/Chart.yaml +++ b/charts/nextcloud/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: nextcloud -version: 4.5.4 +version: 4.5.5 appVersion: 27.1.4 description: A file sharing server that puts the control and security of your own data back into your hands. keywords: diff --git a/charts/nextcloud/README.md b/charts/nextcloud/README.md index 5cfc1009..b0a6c0ce 100644 --- a/charts/nextcloud/README.md +++ b/charts/nextcloud/README.md @@ -384,6 +384,39 @@ nginx enabled: true ``` +### Service discovery with nginx and ingress + +For service discovery (CalDAV, CardDAV, webfinger, nodeinfo) to work you need to add redirects to your ingress. +If you use the [ingress-nginx](https://github.com/kubernetes/ingress-nginx) you can use the following server snippet annotation: + +```yaml +ingress: + annotations: + nginx.ingress.kubernetes.io/server-snippet: |- + server_tokens off; + proxy_hide_header X-Powered-By; + rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last; + rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last; + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json; + location = /.well-known/carddav { + return 301 $scheme://$host/remote.php/dav; + } + location = /.well-known/caldav { + return 301 $scheme://$host/remote.php/dav; + } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { + deny all; + } + location ~ ^/(?:autotest|occ|issue|indie|db_|console) { + deny all; + } +``` ## Preserving Source IP - Make sure your loadbalancer preserves source IP, for bare metal, `metalb` does and `klipper-lb` doesn't. diff --git a/charts/nextcloud/values.yaml b/charts/nextcloud/values.yaml index 12828542..e231a16e 100644 --- a/charts/nextcloud/values.yaml +++ b/charts/nextcloud/values.yaml @@ -27,6 +27,7 @@ ingress: # nginx.ingress.kubernetes.io/proxy-body-size: 4G # kubernetes.io/tls-acme: "true" # cert-manager.io/cluster-issuer: letsencrypt-prod + # # Keep this in sync with the README.md: # nginx.ingress.kubernetes.io/server-snippet: |- # server_tokens off; # proxy_hide_header X-Powered-By;