-
Notifications
You must be signed in to change notification settings - Fork 271
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Running this chart configured with nginx causes incorrect redirects and CSP errors #560
Comments
I'm unable to reproduce this. Could you please fill out the values.yaml in your post so we, or someone else in the community, can better help you? I just went to https://cloud.mydomain/apps/files on my server and it redirected to https with no issues. I also verified via web developer tools in firefox that all requests are 200s. I have nginx enabled. You can view my whole config here. |
Hello, same problem here on a fresh install of the helm chart. The redirections are looping as follow:
Here my values.yaml (I took the liberty to keep only the relevant part. Tell me if you want the full one) image:
repository: nextcloud
flavor: fpm
ingress:
enabled: true
className: nginx
servicePort: 8080
annotations:
cert-manager.io/cluster-issuer: letsencrypt-staging
nginx.ingress.kubernetes.io/proxy-body-size: 4G
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For"
# Keep this in sync with the README.md:
nginx.ingress.kubernetes.io/server-snippet: |-
server_tokens off;
proxy_hide_header X-Powered-By;
rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last;
rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last;
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
deny all;
}
tls:
- secretName: nextcloud-tls
hosts:
- nextcloud.domain.com
labels: {}
path: /
pathType: Prefix
nextcloud:
host: nextcloud.domain.com
nginx:
enabled: true
image:
repository: nginx
tag: alpine
pullPolicy: IfNotPresent |
I'm still unable to reproduce this with my current settings, which you can find here: I think the only difference is that I currently have cors disabled, and I have a valid TLS cert currently, as I am using letsencrypt-prod right now. In the meantime, I've added a |
Describe your Issue
When running this chart with nginx enabled, URIs without an ending "/" will cause nginx to redirect with a 301 to "http" instead of "https" (this is of course assuming that you have a reverse proxy serving https as well).
Nginx is the part that is causing this redirect, and it seems like this is solved by adding "absolute_redirect off;" in the server section in the nginx configuration. I would gladly open a PR for this, but I'm not knowledgeable enough about the project to know if this is the best solution.
This issue appears most clearly when trying to enable/disable apps, which will cause a request to https://server/apps/files, which gets incorrectly redirected to http://server/apps/files/
Logs and Errors
Describe your Environment
Kubernetes distribution: k3s
Helm Version (or App that manages helm):
Helm Chart Version:
values.yaml
:# paste your values.yaml (anonymize any sensitive data)
Additional context, if any
The text was updated successfully, but these errors were encountered: