NAS-122852 / 23.10 / Allow setting timeouts for nginx and upload size to both php and nginx (#1380)

* Allow setting timeouts and upload size for nginx when certificate is selected

* configure php upload size

* expand description

* add validation for min values

* bump

library/ix-dev/charts/nextcloud/Chart.yaml

@@ -4,7 +4,7 @@ description: A file sharing server that puts the control and security of your ow
 annotations:
   title: Nextcloud
 type: application
-version: 1.6.36
+version: 1.6.37
 apiVersion: v2
 appVersion: 27.0.1
 kubeVersion: '>=1.16.0-0'

library/ix-dev/charts/nextcloud/ci/test-values.yaml

@@ -10,11 +10,14 @@ dnsConfig:
 emptyDirVolumes: true
 environmentVariables: []
 ixChartContext: {}
+nginxConfig:
+  proxy_timeouts: 120
 nextcloud:
   datadir: /var/www/html/data
   host: nextcloud.kube.home
   install_ffmpeg: true
   install_smbclient: true
+  max_upload_size: 5
   password: changeme
   username: admin
 postgresAppVolumeMounts:

library/ix-dev/charts/nextcloud/questions.yaml

@@ -66,6 +66,27 @@ questions:
       $ref:
         - "definitions/certificate"
 
+  - variable: nginxConfig
+    description: "Configure Nginx for Nextcloud"
+    label: "Nginx Configuration"
+    group: "Nextcloud Configuration"
+    schema:
+      type: dict
+      show_if: [["certificate", "!=", null]]
+      attrs:
+        - variable: proxy_timeouts
+          label: "Proxy timeouts (Seconds)"
+          description: |
+            Applies the timeout to the following settings:</br>
+            - proxy_connect_timeout</br>
+            - proxy_send_timeout</br>
+            - proxy_read_timeout</br>
+          schema:
+            type: int
+            min: 30
+            default: 60
+            required: true
+
   - variable: nextcloud
     description: "Nextcloud configuration details"
     label: "Nextcloud Configuration"
@@ -116,6 +137,17 @@ questions:
           schema:
             type: boolean
             default: false
+        - variable: max_upload_size
+          label: "Max Upload Size (Giga Bytes)"
+          description: |
+            Applies the timeout to the following settings:</br>
+            - client_max_body_size in nginx</br>
+            - post_max_size and upload_max_filesize in php</br>
+          schema:
+            type: int
+            default: 3
+            min: 1
+            required: true
 
   - variable: cronjob
     description: "Setup cronjob for nextcloud"

library/ix-dev/charts/nextcloud/templates/deployment.yaml

@@ -26,13 +26,13 @@ spec: {{ include "common.deployment.common_spec" . | nindent 2 }}
             containerPort: 8000
             protocol: TCP
           - name: nginx-https
-            containerPort: 443
+            containerPort: {{ .Values.service.nodePort }}
             protocol: TCP
         livenessProbe:
           httpGet:
             scheme: HTTPS
             path: /status.php
-            port: 443
+            port: {{ .Values.service.nodePort }}
             httpHeaders:
             - name: Host
               value: localhost
@@ -45,7 +45,7 @@ spec: {{ include "common.deployment.common_spec" . | nindent 2 }}
           httpGet:
             scheme: HTTPS
             path: /status.php
-            port: 443
+            port: {{ .Values.service.nodePort }}
             httpHeaders:
             - name: Host
               value: localhost
@@ -58,7 +58,7 @@ spec: {{ include "common.deployment.common_spec" . | nindent 2 }}
           httpGet:
             scheme: HTTPS
             path: /status.php
-            port: 443
+            port: {{ .Values.service.nodePort }}
             httpHeaders:
             - name: Host
               value: localhost
@@ -77,6 +77,7 @@ spec: {{ include "common.deployment.common_spec" . | nindent 2 }}
         {{ $envList = mustAppend $envList (dict "name" "POSTGRES_HOST" "value" (printf "%s:5432" (include "common.names.fullname" $postgres_values))) }}
         {{ $envList = mustAppend $envList (dict "name" "POSTGRES_DB" "value" (include "postgres.DatabaseName" .)) }}
         {{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_DATA_DIR" "value" .Values.nextcloud.datadir) }}
+        {{ $envList = mustAppend $envList (dict "name" "PHP_UPLOAD_LIMIT" "value" (printf "%vG" (.Values.nextcloud.max_upload_size | default 3))) }}
         {{ if eq (include "nginx.certAvailable" .) "true" }}
         {{ $envList = mustAppend $envList (dict "name" "APACHE_DISABLE_REWRITE_IP" "value" "1") }}
           {{ if and .Values.nextcloud.host .Values.service.nodePort }}

library/ix-dev/charts/nextcloud/templates/nginx-configmap.yaml

@@ -4,6 +4,12 @@ metadata:
   name: "nginx-configuration"
 data:
   protocol: {{ include "nginx.scheme" . }}
+  {{ $timeout := 60 }}
+  {{ $size := .Values.nextcloud.max_upload_size | default 3 }}
+  {{/* Safely access key as it is conditionaly shown */}}
+  {{ if hasKey .Values "nginxConfig" }}
+    {{ $timeout = .Values.nginxConfig.proxy_timeouts | default 60 }}
+  {{ end }}
   nginx.conf: |-
     events {}
     http {
@@ -17,14 +23,14 @@ data:
       server {
         server_name localhost;
 
-        listen 443 ssl http2;
-        listen [::]:433 ssl http2;
+        listen {{ .Values.service.nodePort }} ssl http2;
+        listen [::]:{{ .Values.service.nodePort }} ssl http2;
 
         ssl_certificate '/etc/nginx-certs/public.crt';
         ssl_certificate_key '/etc/nginx-certs/private.key';
 
         # maximum 3GB Upload File; change to fit your needs
-        client_max_body_size 3G;
+        client_max_body_size {{ $size }}G;
 
         add_header Strict-Transport-Security "max-age=15552000; includeSubDomains; preload" always;
 
@@ -35,11 +41,11 @@ data:
         }
 
         location = /.well-known/carddav {
-          return 301 $scheme://$host/remote.php/dav;
+          return 301 $scheme://$host:$server_port/remote.php/dav;
         }
 
         location = /.well-known/caldav {
-          return 301 $scheme://$host/remote.php/dav;
+          return 301 $scheme://$host:$server_port/remote.php/dav;
         }
 
         location / {
@@ -59,9 +65,9 @@ data:
           proxy_set_header X-Forwarded-Port  $server_port;
 
           # Proxy timeouts
-          proxy_connect_timeout              60s;
-          proxy_send_timeout                 60s;
-          proxy_read_timeout                 60s;
+          proxy_connect_timeout              {{ $timeout }}s;
+          proxy_send_timeout                 {{ $timeout }}s;
+          proxy_read_timeout                 {{ $timeout }}s;
         }
       }
     }

library/ix-dev/charts/nextcloud/templates/service.yaml

@@ -1,7 +1,7 @@
 {{ $svc := .Values.service }}
 {{ $ports := list }}
 {{ if eq (include "nginx.certAvailable" .) "true" }}
-{{ $ports = mustAppend $ports (dict "name" "nginx-https" "targetPort" 443 "port" 443 "nodePort" $svc.nodePort) }}
+{{ $ports = mustAppend $ports (dict "name" "nginx-https" "targetPort" .Values.service.nodePort "port" .Values.service.nodePort "nodePort" $svc.nodePort) }}
 {{ else }}
 {{ $ports = mustAppend $ports (dict "name" "http" "port" 80 "nodePort" $svc.nodePort) }}
 {{ end }}