diff --git a/docker-compose/7.2.N-compose.yaml b/docker-compose/7.2.N-compose.yaml index 748a9155c..67e4c8b3b 100644 --- a/docker-compose/7.2.N-compose.yaml +++ b/docker-compose/7.2.N-compose.yaml @@ -67,6 +67,8 @@ services: - "traefik.enable=true" - "traefik.http.routers.alfresco.rule=PathPrefix(`/`)" - "traefik.http.services.alfresco.loadbalancer.server.port=8080" + - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=5368709120" + - "traefik.http.routers.alfresco.middlewares=limit@docker" - "traefik.http.routers.solrapideny.rule=PathRegexp(`^/alfresco/(wc)?s(ervice)?/api/solr/.*$`)" - "traefik.http.middlewares.acsfakeauth.basicauth.users=fake:" - "traefik.http.routers.solrapideny.middlewares=acsfakeauth@docker" @@ -171,6 +173,8 @@ services: - "traefik.enable=true" - "traefik.http.routers.share.rule=PathPrefix(`/share`)" - "traefik.http.services.share.loadbalancer.server.port=8080" + - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=5368709120" + - "traefik.http.routers.share.middlewares=limit@docker" - "traefik.http.routers.proxiedsolrapideny.rule=PathRegexp(`^/share/proxy/alfresco(-(noauth|feed|api))?/api/solr/`)" - "traefik.http.middlewares.sharefakeauth.basicauth.users=fake:" - "traefik.http.routers.proxiedsolrapideny.middlewares=sharefakeauth@docker" @@ -276,6 +280,7 @@ services: - "--providers.docker=true" - "--entrypoints.web.address=:8080" - "--entryPoints.traefik.address=:8888" + - "--entrypoints.web.transport.respondingTimeouts.readTimeout=20m" - "--accesslog=true" - "--providers.docker.exposedByDefault=false" - "--ping.entrypoint=web" diff --git a/docker-compose/7.3.N-compose.yaml b/docker-compose/7.3.N-compose.yaml index a95cd0cfe..5f8fca40b 100644 --- a/docker-compose/7.3.N-compose.yaml +++ b/docker-compose/7.3.N-compose.yaml @@ -63,6 +63,8 @@ services: - "traefik.enable=true" - "traefik.http.routers.alfresco.rule=PathPrefix(`/`)" - "traefik.http.services.alfresco.loadbalancer.server.port=8080" + - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=5368709120" + - "traefik.http.routers.alfresco.middlewares=limit@docker" - "traefik.http.routers.solrapideny.rule=PathRegexp(`^/alfresco/(wc)?s(ervice)?/api/solr/.*$`)" - "traefik.http.middlewares.acsfakeauth.basicauth.users=fake:" - "traefik.http.routers.solrapideny.middlewares=acsfakeauth@docker" @@ -163,6 +165,8 @@ services: - "traefik.enable=true" - "traefik.http.routers.share.rule=PathPrefix(`/share`)" - "traefik.http.services.share.loadbalancer.server.port=8080" + - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=5368709120" + - "traefik.http.routers.share.middlewares=limit@docker" - "traefik.http.routers.proxiedsolrapideny.rule=PathRegexp(`^/share/proxy/alfresco(-(noauth|feed|api))?/api/solr/`)" - "traefik.http.middlewares.sharefakeauth.basicauth.users=fake:" - "traefik.http.routers.proxiedsolrapideny.middlewares=sharefakeauth@docker" @@ -268,6 +272,7 @@ services: - "--providers.docker=true" - "--entrypoints.web.address=:8080" - "--entryPoints.traefik.address=:8888" + - "--entrypoints.web.transport.respondingTimeouts.readTimeout=20m" - "--accesslog=true" - "--providers.docker.exposedByDefault=false" - "--ping.entrypoint=web" diff --git a/docker-compose/7.4.N-compose.yaml b/docker-compose/7.4.N-compose.yaml index 1fd98539a..8909d1cd7 100644 --- a/docker-compose/7.4.N-compose.yaml +++ b/docker-compose/7.4.N-compose.yaml @@ -63,6 +63,8 @@ services: - "traefik.enable=true" - "traefik.http.routers.alfresco.rule=PathPrefix(`/`)" - "traefik.http.services.alfresco.loadbalancer.server.port=8080" + - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=5368709120" + - "traefik.http.routers.alfresco.middlewares=limit@docker" - "traefik.http.routers.solrapideny.rule=PathRegexp(`^/alfresco/(wc)?s(ervice)?/api/solr/.*$`)" - "traefik.http.middlewares.acsfakeauth.basicauth.users=fake:" - "traefik.http.routers.solrapideny.middlewares=acsfakeauth@docker" @@ -163,6 +165,8 @@ services: - "traefik.enable=true" - "traefik.http.routers.share.rule=PathPrefix(`/share`)" - "traefik.http.services.share.loadbalancer.server.port=8080" + - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=5368709120" + - "traefik.http.routers.share.middlewares=limit@docker" - "traefik.http.routers.proxiedsolrapideny.rule=PathRegexp(`^/share/proxy/alfresco(-(noauth|feed|api))?/api/solr/`)" - "traefik.http.middlewares.sharefakeauth.basicauth.users=fake:" - "traefik.http.routers.proxiedsolrapideny.middlewares=sharefakeauth@docker" @@ -268,6 +272,7 @@ services: - "--providers.docker=true" - "--entrypoints.web.address=:8080" - "--entryPoints.traefik.address=:8888" + - "--entrypoints.web.transport.respondingTimeouts.readTimeout=20m" - "--accesslog=true" - "--providers.docker.exposedByDefault=false" - "--ping.entrypoint=web" diff --git a/docker-compose/community-compose.yaml b/docker-compose/community-compose.yaml index f6292fe02..785c4f907 100644 --- a/docker-compose/community-compose.yaml +++ b/docker-compose/community-compose.yaml @@ -54,6 +54,8 @@ services: - "traefik.enable=true" - "traefik.http.routers.alfresco.rule=PathPrefix(`/`)" - "traefik.http.services.alfresco.loadbalancer.server.port=8080" + - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=5368709120" + - "traefik.http.routers.alfresco.middlewares=limit@docker" - "traefik.http.routers.solrapideny.rule=PathRegexp(`^/alfresco/(wc)?s(ervice)?/api/solr/.*$`)" - "traefik.http.middlewares.acsfakeauth.basicauth.users=fake:" - "traefik.http.routers.solrapideny.middlewares=acsfakeauth@docker" @@ -103,6 +105,8 @@ services: - "traefik.enable=true" - "traefik.http.routers.share.rule=PathPrefix(`/share`)" - "traefik.http.services.share.loadbalancer.server.port=8080" + - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=5368709120" + - "traefik.http.routers.share.middlewares=limit@docker" - "traefik.http.routers.proxiedsolrapideny.rule=PathRegexp(`^/share/proxy/alfresco(-(noauth|feed|api))?/api/solr/`)" - "traefik.http.middlewares.sharefakeauth.basicauth.users=fake:" - "traefik.http.routers.proxiedsolrapideny.middlewares=sharefakeauth@docker" @@ -202,6 +206,7 @@ services: - "--api.insecure=true" - "--providers.docker=true" - "--entrypoints.web.address=:8080" + - "--entrypoints.web.transport.respondingTimeouts.readTimeout=20m" - "--entryPoints.traefik.address=:8888" - "--accesslog=true" - "--providers.docker.exposedByDefault=false" diff --git a/docker-compose/compose.yaml b/docker-compose/compose.yaml index 37144de12..0bdc8e7f8 100644 --- a/docker-compose/compose.yaml +++ b/docker-compose/compose.yaml @@ -61,6 +61,8 @@ services: - "traefik.enable=true" - "traefik.http.routers.alfresco.rule=PathPrefix(`/`)" - "traefik.http.services.alfresco.loadbalancer.server.port=8080" + - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=5368709120" + - "traefik.http.routers.alfresco.middlewares=limit@docker" - "traefik.http.routers.solrapideny.rule=PathRegexp(`^/alfresco/(wc)?s(ervice)?/api/solr/.*$`)" - "traefik.http.middlewares.acsfakeauth.basicauth.users=fake:" - "traefik.http.routers.solrapideny.middlewares=acsfakeauth@docker" @@ -161,6 +163,8 @@ services: - "traefik.enable=true" - "traefik.http.routers.share.rule=PathPrefix(`/share`)" - "traefik.http.services.share.loadbalancer.server.port=8080" + - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=5368709120" + - "traefik.http.routers.share.middlewares=limit@docker" - "traefik.http.routers.proxiedsolrapideny.rule=PathRegexp(`^/share/proxy/alfresco(-(noauth|feed|api))?/api/solr/`)" - "traefik.http.middlewares.sharefakeauth.basicauth.users=fake:" - "traefik.http.routers.proxiedsolrapideny.middlewares=sharefakeauth@docker" @@ -348,6 +352,7 @@ services: - "--providers.docker=true" - "--entrypoints.web.address=:8080" - "--entryPoints.traefik.address=:8888" + - "--entrypoints.web.transport.respondingTimeouts.readTimeout=20m" - "--accesslog=true" - "--providers.docker.exposedByDefault=false" - "--ping.entrypoint=web" diff --git a/docker-compose/pre-release-compose.yaml b/docker-compose/pre-release-compose.yaml index 6ac747f54..b9fcb0989 100644 --- a/docker-compose/pre-release-compose.yaml +++ b/docker-compose/pre-release-compose.yaml @@ -61,6 +61,8 @@ services: - "traefik.enable=true" - "traefik.http.routers.alfresco.rule=PathPrefix(`/`)" - "traefik.http.services.alfresco.loadbalancer.server.port=8080" + - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=5368709120" + - "traefik.http.routers.alfresco.middlewares=limit@docker" - "traefik.http.routers.solrapideny.rule=PathRegexp(`^/alfresco/(wc)?s(ervice)?/api/solr/.*$`)" - "traefik.http.middlewares.acsfakeauth.basicauth.users=fake:" - "traefik.http.routers.solrapideny.middlewares=acsfakeauth@docker" @@ -161,6 +163,8 @@ services: - "traefik.enable=true" - "traefik.http.routers.share.rule=PathPrefix(`/share`)" - "traefik.http.services.share.loadbalancer.server.port=8080" + - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=5368709120" + - "traefik.http.routers.share.middlewares=limit@docker" - "traefik.http.routers.proxiedsolrapideny.rule=PathRegexp(`^/share/proxy/alfresco(-(noauth|feed|api))?/api/solr/`)" - "traefik.http.middlewares.sharefakeauth.basicauth.users=fake:" - "traefik.http.routers.proxiedsolrapideny.middlewares=sharefakeauth@docker" @@ -348,6 +352,7 @@ services: - "--providers.docker=true" - "--entrypoints.web.address=:8080" - "--entryPoints.traefik.address=:8888" + - "--entrypoints.web.transport.respondingTimeouts.readTimeout=20m" - "--accesslog=true" - "--providers.docker.exposedByDefault=false" - "--ping.entrypoint=web" diff --git a/docs/docker-compose/README.md b/docs/docker-compose/README.md index 7dd0e9015..ed01011c8 100644 --- a/docs/docker-compose/README.md +++ b/docs/docker-compose/README.md @@ -185,6 +185,26 @@ The provided Docker compose file provides some default configuration, the sections below show the full set of environment variables exposed by each of the containers in the deployment. +### Set max upload size + +The default maximum upload size is 5GB provided the upload do not last more than +20 minutes. This restriction applies to the Alfresco repository APIs, Share and +Alfresco Sync Service. Trying to upload files which do not conform to these +limits will result in errors such as HTTP 413 (Request Entity Too Large) or HTTP +504 (Gateway Timeout). + +To change this behavior, you need to set to different values for: + +* `entrypoints.web.transport.respondingTimeouts.readTimeout` in the + as a command argument in `.services.proxy.command`. Check the + [Traefik documentation](https://doc.traefik.io/traefik/routing/entrypoints/#respondingtimeouts) + for more information. +* each `traefik.http.middlewares.limit.buffering.maxRequestBodyBytes` label + of each service where the restriction applies: `.services.alfresco`, + `.services.share` & `.services.sync-service`. + +> Setting these values to 0 to disable limits is not a good idea. + ### Alfresco Content Repository (alfresco) | Property | Description | Default value | diff --git a/docs/helm/ingress-nginx.md b/docs/helm/ingress-nginx.md index 59d9f7e42..c526e33fe 100644 --- a/docs/helm/ingress-nginx.md +++ b/docs/helm/ingress-nginx.md @@ -41,3 +41,27 @@ kubectl get pods --namespace=ingress-nginx More information can be found in the [ingress-nginx deploy docs](https://kubernetes.github.io/ingress-nginx/deploy/). + +## Configure file uploads limitations + +The alfresco-repository & alfresco-share Helm charts this chart depends on, come +with settings to limit the maximum size of file uploads and the maximum duration +of a request. These settings are configured using default ingress annotations. +They can be overriden from the umbrella chart (alfresco-content-services) by +setting the following values: + +```yaml +alfresco-repository:: + ingress: + annotations: + nginx.ingress.kubernetes.io/proxy-body-size: 100m + nginx.ingress.kubernetes.io/proxy-read-timeout: 600 +share: + ingress: + annotations: + nginx.ingress.kubernetes.io/proxy-body-size: 100m + nginx.ingress.kubernetes.io/proxy-read-timeout: 600 +``` + +> Above values would limit the uploads to 100 MB files or 10 minutes long +uploads in bith Alfresco repository API & Share UI. diff --git a/helm/acs-sso-example/Chart.lock b/helm/acs-sso-example/Chart.lock index 8a32c21d0..27eccd053 100644 --- a/helm/acs-sso-example/Chart.lock +++ b/helm/acs-sso-example/Chart.lock @@ -7,15 +7,15 @@ dependencies: version: 6.0.0 - name: alfresco-repository repository: https://alfresco.github.io/alfresco-helm-charts/ - version: 0.8.2 + version: 0.9.0-alpha.0 - name: activemq repository: https://alfresco.github.io/alfresco-helm-charts/ version: 3.6.1 - name: alfresco-share repository: https://alfresco.github.io/alfresco-helm-charts/ - version: 1.2.1 + version: 1.3.0-alpha.0 - name: alfresco-adf-app repository: https://alfresco.github.io/alfresco-helm-charts/ version: 0.2.1 -digest: sha256:70695614aae280a1ad3d5756ca753d77a419f01545d0572ba5282c3a5feb3105 -generated: "2025-01-30T19:55:30.550179661Z" +digest: sha256:1dccc143c287ee81c263a32b78d3d8c54e6a3226f8befdd6ec54bc4e22643bec +generated: "2025-02-05T14:18:19.859037+01:00" diff --git a/helm/acs-sso-example/Chart.yaml b/helm/acs-sso-example/Chart.yaml index 6d09b7e08..f2e29191c 100644 --- a/helm/acs-sso-example/Chart.yaml +++ b/helm/acs-sso-example/Chart.yaml @@ -35,13 +35,13 @@ dependencies: version: 6.0.0 - name: alfresco-repository repository: https://alfresco.github.io/alfresco-helm-charts/ - version: 0.8.2 + version: 0.9.0-alpha.0 - name: activemq repository: https://alfresco.github.io/alfresco-helm-charts/ version: 3.6.1 - name: alfresco-share repository: https://alfresco.github.io/alfresco-helm-charts/ - version: 1.2.1 + version: 1.3.0-alpha.0 - name: alfresco-adf-app alias: alfresco-content-app repository: https://alfresco.github.io/alfresco-helm-charts/ diff --git a/helm/acs-sso-example/README.md b/helm/acs-sso-example/README.md index 62e30ec8f..9438511c0 100644 --- a/helm/acs-sso-example/README.md +++ b/helm/acs-sso-example/README.md @@ -39,8 +39,8 @@ deployment is destroyed or rolled back! |------------|------|---------| | https://alfresco.github.io/alfresco-helm-charts/ | activemq | 3.6.1 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-content-app(alfresco-adf-app) | 0.2.1 | -| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-repository | 0.8.2 | -| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-share | 1.2.1 | +| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-repository | 0.9.0-alpha.0 | +| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-share | 1.3.0-alpha.0 | | https://codecentric.github.io/helm-charts | keycloakx | 6.0.0 | | oci://registry-1.docker.io/bitnamicharts | repository-database(postgresql) | 13.4.0 | diff --git a/helm/alfresco-content-services/Chart.lock b/helm/alfresco-content-services/Chart.lock index 0f83d1dbc..42ee02bc8 100644 --- a/helm/alfresco-content-services/Chart.lock +++ b/helm/alfresco-content-services/Chart.lock @@ -16,7 +16,7 @@ dependencies: version: 0.2.1 - name: alfresco-repository repository: https://alfresco.github.io/alfresco-helm-charts/ - version: 0.8.2 + version: 0.9.0-alpha.0 - name: activemq repository: https://alfresco.github.io/alfresco-helm-charts/ version: 3.6.1 @@ -37,7 +37,7 @@ dependencies: version: 2.0.0 - name: alfresco-share repository: https://alfresco.github.io/alfresco-helm-charts/ - version: 1.2.1 + version: 1.3.0-alpha.0 - name: alfresco-connector-ms365 repository: https://alfresco.github.io/alfresco-helm-charts/ version: 3.0.0 @@ -50,5 +50,5 @@ dependencies: - name: alfresco-audit-storage repository: https://alfresco.github.io/alfresco-helm-charts/ version: 0.2.0 -digest: sha256:2be5a4d5dc657832add2f8f56ef0119bd62ba1e0c4b8a8b60aa972a969af3c82 -generated: "2025-01-30T19:56:31.548102031Z" +digest: sha256:003f3c462222792347a2cc8546ac4b5501896cb8df5c76d9bd8931e7dbdad84e +generated: "2025-02-05T14:16:46.275757+01:00" diff --git a/helm/alfresco-content-services/Chart.yaml b/helm/alfresco-content-services/Chart.yaml index 0fab5530d..632549be4 100644 --- a/helm/alfresco-content-services/Chart.yaml +++ b/helm/alfresco-content-services/Chart.yaml @@ -41,7 +41,7 @@ dependencies: condition: >- alfresco-digital-workspace.enabled - name: alfresco-repository - version: 0.8.2 + version: 0.9.0-alpha.0 repository: https://alfresco.github.io/alfresco-helm-charts/ - name: activemq version: 3.6.1 @@ -70,7 +70,7 @@ dependencies: condition: alfresco-connector-msteams.enabled - name: alfresco-share alias: share - version: 1.2.1 + version: 1.3.0-alpha.0 repository: https://alfresco.github.io/alfresco-helm-charts/ condition: share.enabled - name: alfresco-connector-ms365 diff --git a/helm/alfresco-content-services/README.md b/helm/alfresco-content-services/README.md index 0a939992a..ae5a0d625 100644 --- a/helm/alfresco-content-services/README.md +++ b/helm/alfresco-content-services/README.md @@ -30,10 +30,10 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-common | 4.0.0 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-connector-ms365 | 3.0.0 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-connector-msteams | 2.0.0 | -| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-repository | 0.8.2 | +| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-repository | 0.9.0-alpha.0 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-search-enterprise | 4.3.0 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-search(alfresco-search-service) | 5.0.0 | -| https://alfresco.github.io/alfresco-helm-charts/ | share(alfresco-share) | 1.2.1 | +| https://alfresco.github.io/alfresco-helm-charts/ | share(alfresco-share) | 1.3.0-alpha.0 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-sync-service | 7.0.0 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-transform-service | 2.1.3 | | oci://registry-1.docker.io/bitnamicharts | elasticsearch | 21.4.1 | @@ -86,7 +86,6 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | alfresco-control-center.image.pullPolicy | string | `"IfNotPresent"` | | | alfresco-control-center.image.repository | string | `"quay.io/alfresco/alfresco-control-center"` | | | alfresco-control-center.image.tag | string | `"9.3.0"` | | -| alfresco-control-center.ingress.annotations."nginx.ingress.kubernetes.io/proxy-body-size" | string | `"5g"` | | | alfresco-control-center.ingress.hosts[0].paths[0].path | string | `"/control-center"` | | | alfresco-control-center.ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | | | alfresco-control-center.ingress.tls | list | `[]` | | @@ -98,7 +97,6 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | alfresco-digital-workspace.image.pullPolicy | string | `"IfNotPresent"` | | | alfresco-digital-workspace.image.repository | string | `"quay.io/alfresco/alfresco-digital-workspace"` | | | alfresco-digital-workspace.image.tag | string | `"5.3.0"` | | -| alfresco-digital-workspace.ingress.annotations."nginx.ingress.kubernetes.io/proxy-body-size" | string | `"5g"` | | | alfresco-digital-workspace.ingress.hosts[0].paths[0].path | string | `"/workspace"` | | | alfresco-digital-workspace.ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | | | alfresco-digital-workspace.ingress.tls | list | `[]` | | diff --git a/helm/alfresco-content-services/values.yaml b/helm/alfresco-content-services/values.yaml index bc6ab8bd1..a91725b7b 100644 --- a/helm/alfresco-content-services/values.yaml +++ b/helm/alfresco-content-services/values.yaml @@ -396,8 +396,6 @@ alfresco-digital-workspace: enabled: true nameOverride: "alfresco-dw" ingress: - annotations: - nginx.ingress.kubernetes.io/proxy-body-size: "5g" tls: [] hosts: - paths: @@ -415,8 +413,6 @@ alfresco-control-center: enabled: true nameOverride: "alfresco-cc" ingress: - annotations: - nginx.ingress.kubernetes.io/proxy-body-size: "5g" tls: [] hosts: - paths: