NAS-123507 / 24.04 / fix URL generation for nextcloud when SSL is enabled (#1465)

* fix URL generation for nextcloud when SSL is enabled

* wording

* adjust overwritehost variable too

* no need for printf

* add field to define port for url rewrite

* wording

* increase 10min to 15min startup time to accomodate slower IO for installes/upgrades

library/ix-dev/charts/nextcloud/Chart.yaml

@@ -4,7 +4,7 @@ description: A file sharing server that puts the control and security of your ow
 annotations:
   title: Nextcloud
 type: application
-version: 1.6.42
+version: 1.6.43
 apiVersion: v2
 appVersion: 27.0.2
 kubeVersion: '>=1.16.0-0'

library/ix-dev/charts/nextcloud/ci/test-values.yaml

@@ -12,6 +12,8 @@ environmentVariables: []
 ixChartContext: {}
 nginxConfig:
   proxy_timeouts: 120
+  useDifferentAccessPort: true
+  externalPort: 443
 nextcloud:
   datadir: /var/www/html/data
   host: nextcloud.kube.home

library/ix-dev/charts/nextcloud/questions.yaml

@@ -86,6 +86,23 @@ questions:
             min: 30
             default: 60
             required: true
+        - variable: useDifferentAccessPort
+          label: "Use different port for URL rewrites"
+          description: |
+            If enabled, the URL rewrite will use [Access Port] defined below instead of the [Node Port].</br>
+            Note that Nextcloud will still listen on the [Node Port]. (Default 9001)
+          schema:
+            type: boolean
+            default: false
+        - variable: externalAccessPort
+          label: "External Access Port"
+          schema:
+            type: int
+            show_if: [["useDifferentAccessPort", "=", true]]
+            min: 443
+            max: 65535
+            default: 443
+            required: true
 
   - variable: nextcloud
     description: "Nextcloud configuration details"

library/ix-dev/charts/nextcloud/templates/deployment.yaml

@@ -83,7 +83,11 @@ spec: {{ include "common.deployment.common_spec" . | nindent 2 }}
         {{ if eq (include "nginx.certAvailable" .) "true" }}
         {{ $envList = mustAppend $envList (dict "name" "APACHE_DISABLE_REWRITE_IP" "value" "1") }}
           {{ if and .Values.nextcloud.host .Values.service.nodePort }}
+            {{ if .Values.nginxConfig.use443 }}
+        {{ $envList = mustAppend $envList (dict "name" "OVERWRITEHOST" "value" .Values.nextcloud.host) }}
+            {{ else }}
         {{ $envList = mustAppend $envList (dict "name" "OVERWRITEHOST" "value" (printf "%v:%v" .Values.nextcloud.host .Values.service.nodePort)) }}
+            {{ end }}
           {{ end }}
         {{ $envList = mustAppend $envList (dict "name" "OVERWRITEPROTOCOL" "value" "https") }}
         {{ $envList = mustAppend $envList (dict "name" "TRUSTED_PROXIES" "value" "127.0.0.1") }}
@@ -154,9 +158,9 @@ spec: {{ include "common.deployment.common_spec" . | nindent 2 }}
               value: localhost
         {{ end }}
           initialDelaySeconds: 60
-          periodSeconds: 5
+          periodSeconds: 10
           timeoutSeconds: 2
-          failureThreshold: 120
+          failureThreshold: 100
           successThreshold: 1
         volumeMounts:
         - name: nextcloud-data

library/ix-dev/charts/nextcloud/templates/nginx-configmap.yaml

@@ -6,6 +6,11 @@ data:
   protocol: {{ include "nginx.scheme" . }}
   {{ $timeout := 60 }}
   {{ $size := .Values.nextcloud.max_upload_size | default 3 }}
+  {{ $externalAccessPort := printf ":%v" .Values.nginxConfig.externalAccessPort }}
+  {{/* If its 443, do not append it on the rewrite at all */}}
+  {{ if eq $externalAccessPort ":443" }}
+    {{ $externalAccessPort = "" }}
+  {{ end }}
   {{/* Safely access key as it is conditionaly shown */}}
   {{ if hasKey .Values "nginxConfig" }}
     {{ $timeout = .Values.nginxConfig.proxy_timeouts | default 60 }}
@@ -41,11 +46,19 @@ data:
         }
 
         location = /.well-known/carddav {
+          {{ if .Values.nginxConfig.useDifferentAccessPort }}
+          return 301 $scheme://$host{{ $externalAccessPort }}/remote.php/dav;
+          {{ else }}
           return 301 $scheme://$host:$server_port/remote.php/dav;
+          {{ end }}
         }
 
         location = /.well-known/caldav {
+          {{ if .Values.nginxConfig.useDifferentAccessPort }}
+          return 301 $scheme://$host{{ $externalAccessPort }}/remote.php/dav;
+          {{ else }}
           return 301 $scheme://$host:$server_port/remote.php/dav;
+          {{ end }}
         }
 
         location / {
@@ -62,7 +75,11 @@ data:
           proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
           proxy_set_header X-Forwarded-Proto https;
           proxy_set_header X-Forwarded-Host  $host;
+          {{ if .Values.nginxConfig.useDifferentAccessPort }}
+          proxy_set_header X-Forwarded-Port  {{ .Values.nginxConfig.externalAccessPort }};
+          {{ else }}
           proxy_set_header X-Forwarded-Port  $server_port;
+          {{ end }}
 
           # Proxy timeouts
           proxy_connect_timeout              {{ $timeout }}s;