marcio.fernandes/nextcloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add middlewares (source nginx template on source helm values), and default_phone_region
All checks were successful
/ continuous-deploy (push) Successful in 24s
Details

Browse Source
This commit is contained in:
Márcio Fernandes
2026-04-16 22:58:37 +00:00
parent 5acca5d4c7
commit 75aede94ac
4 changed files with 74 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
deploy/app/helm-values.yaml
View File

@@ -84,10 +84,6 @@ resources:
cronjob:
enabled: true
# openssl.cafile = /etc/ssl/certs/ca-certificates.crt
#openssl.capath = /etc/ssl/certs
nextcloud:
extraInitContainers:
@@ -191,17 +187,16 @@ nextcloud:
mountPath: /mnt/shared/NerdStuff
configs:
# appstore.override.config.php: |-
# <?php
# $CONFIG = array (
# 'appstoreenabled' => true,
# 'appstoreurl' => 'https://apps.nextcloud.com/api/v1',
# );
global.config.php: |-
<?php
$CONFIG = array (
'allow_local_remote_servers' => true
'allow_local_remote_servers' => true,
);
phone.config.php: |-
<?php
$CONFIG = array (
'default_phone_region' => 'PT',
);
https.config.php: |-
<?php
@@ -228,7 +223,7 @@ nextcloud:
onlyoffice.config.php: |-
<?php
$CONFIG = array (
'onlyoffice' =>
'onlyoffice' =>
array (
'verify_peer_off' => true,
'allow_local_remote_servers' => true,

8
deploy/infra/ingress-web-public.yaml
View File

@@ -25,7 +25,6 @@ spec:
- name: nextcloud-security-headers
- name: rate-limit
# PUBLIC SHARES (NO SSO)
- match: Host(`cloud.limbosolutions.com`) &&
(PathPrefix(`/s/`) ||
@@ -39,6 +38,7 @@ spec:
middlewares:
- name: rate-limit
- name: nextcloud-security-headers
- name: nextcloud-deny-paths
# Sync clients + mobile app (no SSO)
- match: Host(`cloud.limbosolutions.com`) &&
@@ -58,6 +58,8 @@ spec:
middlewares:
- name: webdav-strip-auth
- name: rate-limit
- name: nextcloud-deny-paths
- name: nextcloud-dav
# 3) EVERYTHING ELSE (SSO REQUIRED)
- match: Host(`cloud.limbosolutions.com`)
@@ -69,7 +71,9 @@ spec:
# - name: authentik-forward-auth
- name: nextcloud-security-headers
- name: rate-limit
- name: nextcloud-deny-paths
- name: nextcloud-wellknown
- name: nextcloud-hostmeta

6
deploy/infra/ingress-web.yaml
View File

@@ -22,6 +22,8 @@ spec:
middlewares:
- name: nextcloud-security-headers
- name: rate-limit
- name: nextcloud-deny-paths
- name: nextcloud-wellknown
- name: nextcloud-hostmeta
- name: nextcloud-dav

58
deploy/infra/middlewares.yaml
View File

@@ -36,6 +36,7 @@ spec:
stsIncludeSubdomains: true
stsPreload: true
customResponseHeaders:
X-Powered-By: ""
X-Content-Type-Options: "nosniff"
X-Frame-Options: "SAMEORIGIN"
X-XSS-Protection: "1; mode=block"
@@ -63,4 +64,59 @@ spec:
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version
---
---
piVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: nextcloud-deny-paths
spec:
redirectRegex:
regex: "^/(build|tests|config|lib|3rdparty|templates|data|autotest|occ|issue|indie|db_|console)"
replacement: "/"
permanent: false
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: nextcloud-dav
spec:
redirectRegex:
regex: "^/.well-known/(carddav|caldav)$"
replacement: "/remote.php/dav"
permanent: true
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: nextcloud-wellknown
spec:
redirectRegex:
regex: "^/.well-known/(webfinger|nodeinfo)$"
replacement: "/index.php/.well-known/${1}"
permanent: true
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: nextcloud-hostmeta
spec:
redirectRegex:
regex: "^/.well-known/host-meta$"
replacement: "/public.php?service=host-meta"
permanent: true
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: nextcloud-hostmeta-json
spec:
redirectRegex:
regex: "^/.well-known/host-meta.json$"
replacement: "/public.php?service=host-meta-json"
permanent: true