Home Explore Help
Register Sign In
lcy
/
truenas
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 52c29991c9
Branches Tags
truenas
/
charts
/
nextcloud
/
1.6.61
/
templates
/
nginx-configmap.yaml

nginx-configmap.yaml 3.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596 
  1. apiVersion: v1
    2. 

  2. kind: ConfigMap
    3. 

  3. metadata:
    4. 

  4.   name: "nginx-configuration"
    5. 

  5. data:
    6. 

  6.   protocol: {{ include "nginx.scheme" . }}
    7. 

  7.   {{ $timeout := 60 }}
    8. 

  8.   {{ $size := .Values.nextcloud.max_upload_size | default 3 }}
    9. 

  9. 

  10.   {{ $useDiffAccessPort := false }}
    11. 

  11.   {{ $externalAccessPort := "" }}
    12. 

  12. 

  13.   {{/* Safely access key as it is conditionaly shown */}}
    14. 

  14.   {{ if hasKey .Values "nginxConfig" }}
    15. 

  15.     {{ $useDiffAccessPort = .Values.nginxConfig.useDifferentAccessPort }}
    16. 

  16.     {{ $externalAccessPort = printf ":%v" .Values.nginxConfig.externalAccessPort }}
    17. 

  17.     {{ $timeout = .Values.nginxConfig.proxy_timeouts | default 60 }}
    18. 

  18.   {{ end }}
    19. 

  19. 

  20.   {{/* If its 443, do not append it on the rewrite at all */}}
    21. 

  21.   {{ if eq $externalAccessPort ":443" }}
    22. 

  22.     {{ $externalAccessPort = "" }}
    23. 

  23.   {{ end }}
    24. 

  24.   nginx.conf: |-
    25. 

  25.     events {}
    26. 

  26.     http {
    27. 

  27.       # redirects all http requests to https requests
    28. 

  28.       server {
    29. 

  29.         listen 8000 default_server;
    30. 

  30.         listen [::]:8000 default_server;
    31. 

  31.         return 301 https://$host$request_uri;
    32. 

  32.       }
    33. 

  33. 

  34.       server {
    35. 

  35.         server_name localhost;
    36. 

  36. 

  37.         listen {{ .Values.service.nodePort }} ssl http2;
    38. 

  38.         listen [::]:{{ .Values.service.nodePort }} ssl http2;
    39. 

  39. 

  40.         ssl_certificate '/etc/nginx-certs/public.crt';
    41. 

  41.         ssl_certificate_key '/etc/nginx-certs/private.key';
    42. 

  42. 

  43.         # maximum 3GB Upload File; change to fit your needs
    44. 

  44.         client_max_body_size {{ $size }}G;
    45. 

  45. 

  46.         add_header Strict-Transport-Security "max-age=15552000; includeSubDomains; preload" always;
    47. 

  47. 

  48.         location = /robots.txt {
    49. 

  49.           allow all;
    50. 

  50.           log_not_found off;
    51. 

  51.           access_log off;
    52. 

  52.         }
    53. 

  53. 

  54.         location = /.well-known/carddav {
    55. 

  55.           {{ if $useDiffAccessPort }}
    56. 

  56.           return 301 $scheme://$host{{ $externalAccessPort }}/remote.php/dav;
    57. 

  57.           {{ else }}
    58. 

  58.           return 301 $scheme://$host:$server_port/remote.php/dav;
    59. 

  59.           {{ end }}
    60. 

  60.         }
    61. 

  61. 

  62.         location = /.well-known/caldav {
    63. 

  63.           {{ if $useDiffAccessPort }}
    64. 

  64.           return 301 $scheme://$host{{ $externalAccessPort }}/remote.php/dav;
    65. 

  65.           {{ else }}
    66. 

  66.           return 301 $scheme://$host:$server_port/remote.php/dav;
    67. 

  67.           {{ end }}
    68. 

  68.         }
    69. 

  69. 

  70.         location / {
    71. 

  71.           proxy_pass http://localhost;
    72. 

  72.           proxy_http_version                 1.1;
    73. 

  73.           proxy_cache_bypass                 $http_upgrade;
    74. 

  74.           proxy_request_buffering            off;
    75. 

  75. 

  76.           # Proxy headers
    77. 

  77.           proxy_set_header Upgrade           $http_upgrade;
    78. 

  78.           proxy_set_header Connection        "upgrade";
    79. 

  79.           proxy_set_header Host              $http_host;
    80. 

  80.           proxy_set_header X-Real-IP         $remote_addr;
    81. 

  81.           proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
    82. 

  82.           proxy_set_header X-Forwarded-Proto https;
    83. 

  83.           proxy_set_header X-Forwarded-Host  $host;
    84. 

  84.           {{ if $useDiffAccessPort }}
    85. 

  85.           proxy_set_header X-Forwarded-Port  {{ $externalAccessPort | default "443" | trimPrefix ":" }};
    86. 

  86.           {{ else }}
    87. 

  87.           proxy_set_header X-Forwarded-Port  $server_port;
    88. 

  88.           {{ end }}
    89. 

  89. 

  90.           # Proxy timeouts
    91. 

  91.           proxy_connect_timeout              {{ $timeout }}s;
    92. 

  92.           proxy_send_timeout                 {{ $timeout }}s;
    93. 

  93.           proxy_read_timeout                 {{ $timeout }}s;
    94. 

  94.         }
    95. 

  95.       }
    96. 

  96.     }
    97.