Open dankar opened 2 months ago
jessebot
commented
1 month ago I'm unable to reproduce this. Could you please fill out the values.yaml in your post so we, or someone else in the community, can better help you? I just went to https://cloud.mydomain/apps/files on my server and it redirected to https with no issues. I also verified via web developer tools in firefox that all requests are 200s. I have nginx enabled. You can view my whole config here.
Xysto
commented
1 month ago Hello, same problem here on a fresh install of the helm chart. The redirections are looping as follow:
Here my values.yaml (I took the liberty to keep only the relevant part. Tell me if you want the full one)
image:
repository: nextcloud
flavor: fpm
ingress:
enabled: true
className: nginx
servicePort: 8080
annotations:
cert-manager.io/cluster-issuer: letsencrypt-staging
nginx.ingress.kubernetes.io/proxy-body-size: 4G
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For"
# Keep this in sync with the README.md:
nginx.ingress.kubernetes.io/server-snippet: |-
server_tokens off;
proxy_hide_header X-Powered-By;
rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last;
rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last;
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
deny all;
}
tls:
- secretName: nextcloud-tls
hosts:
- nextcloud.domain.com
labels: {}
path: /
pathType: Prefix
nextcloud:
host: nextcloud.domain.com
nginx:
enabled: true
image:
repository: nginx
tag: alpine
pullPolicy: IfNotPresentI'm still unable to reproduce this with my current settings, which you can find here: https://github.com/small-hack/argocd-apps/blob/667215dd71d433f3d0cf240ff7e72c2c2d395669/nextcloud/app_of_apps/nextcloud_argocd_appset.yaml
I think the only difference is that I currently have cors disabled, and I have a valid TLS cert currently, as I am using letsencrypt-prod right now.
In the meantime, I've added a help wanted label here, so that if anyone else in the community does encounter this and knows the solution, they can perhaps chime in.
Describe your Issue
When running this chart with nginx enabled, URIs without an ending "/" will cause nginx to redirect with a 301 to "http" instead of "https" (this is of course assuming that you have a reverse proxy serving https as well).
Nginx is the part that is causing this redirect, and it seems like this is solved by adding "absolute_redirect off;" in the server section in the nginx configuration. I would gladly open a PR for this, but I'm not knowledgeable enough about the project to know if this is the best solution.
This issue appears most clearly when trying to enable/disable apps, which will cause a request to https://server/apps/files, which gets incorrectly redirected to http://server/apps/files/
Logs and Errors
Describe your Environment
Kubernetes distribution: k3s
Helm Version (or App that manages helm):
Helm Chart Version:
values.yaml:Additional context, if any