OPSEXP-3015: set sensible default for max upload for compose

docker-compose/7.2.N-compose.yaml

@@ -67,6 +67,8 @@ services:
       - "traefik.enable=true"
       - "traefik.http.routers.alfresco.rule=PathPrefix(`/`)"
       - "traefik.http.services.alfresco.loadbalancer.server.port=8080"
+      - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=5368709120"
+      - "traefik.http.routers.alfresco.middlewares=limit@docker"
       - "traefik.http.routers.solrapideny.rule=PathRegexp(`^/alfresco/(wc)?s(ervice)?/api/solr/.*$`)"
       - "traefik.http.middlewares.acsfakeauth.basicauth.users=fake:"
       - "traefik.http.routers.solrapideny.middlewares=acsfakeauth@docker"
@@ -171,6 +173,8 @@ services:
       - "traefik.enable=true"
       - "traefik.http.routers.share.rule=PathPrefix(`/share`)"
       - "traefik.http.services.share.loadbalancer.server.port=8080"
+      - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=5368709120"
+      - "traefik.http.routers.share.middlewares=limit@docker"
       - "traefik.http.routers.proxiedsolrapideny.rule=PathRegexp(`^/share/proxy/alfresco(-(noauth|feed|api))?/api/solr/`)"
       - "traefik.http.middlewares.sharefakeauth.basicauth.users=fake:"
       - "traefik.http.routers.proxiedsolrapideny.middlewares=sharefakeauth@docker"
@@ -276,6 +280,7 @@ services:
       - "--providers.docker=true"
       - "--entrypoints.web.address=:8080"
       - "--entryPoints.traefik.address=:8888"
+      - "--entrypoints.web.transport.respondingTimeouts.readTimeout=20m"
       - "--accesslog=true"
       - "--providers.docker.exposedByDefault=false"
       - "--ping.entrypoint=web"

docker-compose/7.3.N-compose.yaml

@@ -63,6 +63,8 @@ services:
       - "traefik.enable=true"
       - "traefik.http.routers.alfresco.rule=PathPrefix(`/`)"
       - "traefik.http.services.alfresco.loadbalancer.server.port=8080"
+      - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=5368709120"
+      - "traefik.http.routers.alfresco.middlewares=limit@docker"
       - "traefik.http.routers.solrapideny.rule=PathRegexp(`^/alfresco/(wc)?s(ervice)?/api/solr/.*$`)"
       - "traefik.http.middlewares.acsfakeauth.basicauth.users=fake:"
       - "traefik.http.routers.solrapideny.middlewares=acsfakeauth@docker"
@@ -163,6 +165,8 @@ services:
       - "traefik.enable=true"
       - "traefik.http.routers.share.rule=PathPrefix(`/share`)"
       - "traefik.http.services.share.loadbalancer.server.port=8080"
+      - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=5368709120"
+      - "traefik.http.routers.share.middlewares=limit@docker"
       - "traefik.http.routers.proxiedsolrapideny.rule=PathRegexp(`^/share/proxy/alfresco(-(noauth|feed|api))?/api/solr/`)"
       - "traefik.http.middlewares.sharefakeauth.basicauth.users=fake:"
       - "traefik.http.routers.proxiedsolrapideny.middlewares=sharefakeauth@docker"
@@ -268,6 +272,7 @@ services:
       - "--providers.docker=true"
       - "--entrypoints.web.address=:8080"
       - "--entryPoints.traefik.address=:8888"
+      - "--entrypoints.web.transport.respondingTimeouts.readTimeout=20m"
       - "--accesslog=true"
       - "--providers.docker.exposedByDefault=false"
       - "--ping.entrypoint=web"

docker-compose/7.4.N-compose.yaml

@@ -63,6 +63,8 @@ services:
       - "traefik.enable=true"
       - "traefik.http.routers.alfresco.rule=PathPrefix(`/`)"
       - "traefik.http.services.alfresco.loadbalancer.server.port=8080"
+      - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=5368709120"
+      - "traefik.http.routers.alfresco.middlewares=limit@docker"
       - "traefik.http.routers.solrapideny.rule=PathRegexp(`^/alfresco/(wc)?s(ervice)?/api/solr/.*$`)"
       - "traefik.http.middlewares.acsfakeauth.basicauth.users=fake:"
       - "traefik.http.routers.solrapideny.middlewares=acsfakeauth@docker"
@@ -163,6 +165,8 @@ services:
       - "traefik.enable=true"
       - "traefik.http.routers.share.rule=PathPrefix(`/share`)"
       - "traefik.http.services.share.loadbalancer.server.port=8080"
+      - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=5368709120"
+      - "traefik.http.routers.share.middlewares=limit@docker"
       - "traefik.http.routers.proxiedsolrapideny.rule=PathRegexp(`^/share/proxy/alfresco(-(noauth|feed|api))?/api/solr/`)"
       - "traefik.http.middlewares.sharefakeauth.basicauth.users=fake:"
       - "traefik.http.routers.proxiedsolrapideny.middlewares=sharefakeauth@docker"
@@ -268,6 +272,7 @@ services:
       - "--providers.docker=true"
       - "--entrypoints.web.address=:8080"
       - "--entryPoints.traefik.address=:8888"
+      - "--entrypoints.web.transport.respondingTimeouts.readTimeout=20m"
       - "--accesslog=true"
       - "--providers.docker.exposedByDefault=false"
       - "--ping.entrypoint=web"

docker-compose/community-compose.yaml

@@ -54,6 +54,8 @@ services:
       - "traefik.enable=true"
       - "traefik.http.routers.alfresco.rule=PathPrefix(`/`)"
       - "traefik.http.services.alfresco.loadbalancer.server.port=8080"
+      - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=5368709120"
+      - "traefik.http.routers.alfresco.middlewares=limit@docker"
       - "traefik.http.routers.solrapideny.rule=PathRegexp(`^/alfresco/(wc)?s(ervice)?/api/solr/.*$`)"
       - "traefik.http.middlewares.acsfakeauth.basicauth.users=fake:"
       - "traefik.http.routers.solrapideny.middlewares=acsfakeauth@docker"
@@ -103,6 +105,8 @@ services:
       - "traefik.enable=true"
       - "traefik.http.routers.share.rule=PathPrefix(`/share`)"
       - "traefik.http.services.share.loadbalancer.server.port=8080"
+      - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=5368709120"
+      - "traefik.http.routers.share.middlewares=limit@docker"
       - "traefik.http.routers.proxiedsolrapideny.rule=PathRegexp(`^/share/proxy/alfresco(-(noauth|feed|api))?/api/solr/`)"
       - "traefik.http.middlewares.sharefakeauth.basicauth.users=fake:"
       - "traefik.http.routers.proxiedsolrapideny.middlewares=sharefakeauth@docker"
@@ -202,6 +206,7 @@ services:
       - "--api.insecure=true"
       - "--providers.docker=true"
       - "--entrypoints.web.address=:8080"
+      - "--entrypoints.web.transport.respondingTimeouts.readTimeout=20m"
       - "--entryPoints.traefik.address=:8888"
       - "--accesslog=true"
       - "--providers.docker.exposedByDefault=false"

docker-compose/compose.yaml

@@ -61,6 +61,8 @@ services:
       - "traefik.enable=true"
       - "traefik.http.routers.alfresco.rule=PathPrefix(`/`)"
       - "traefik.http.services.alfresco.loadbalancer.server.port=8080"
+      - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=5368709120"
+      - "traefik.http.routers.alfresco.middlewares=limit@docker"
       - "traefik.http.routers.solrapideny.rule=PathRegexp(`^/alfresco/(wc)?s(ervice)?/api/solr/.*$`)"
       - "traefik.http.middlewares.acsfakeauth.basicauth.users=fake:"
       - "traefik.http.routers.solrapideny.middlewares=acsfakeauth@docker"
@@ -161,6 +163,8 @@ services:
       - "traefik.enable=true"
       - "traefik.http.routers.share.rule=PathPrefix(`/share`)"
       - "traefik.http.services.share.loadbalancer.server.port=8080"
+      - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=5368709120"
+      - "traefik.http.routers.share.middlewares=limit@docker"
       - "traefik.http.routers.proxiedsolrapideny.rule=PathRegexp(`^/share/proxy/alfresco(-(noauth|feed|api))?/api/solr/`)"
       - "traefik.http.middlewares.sharefakeauth.basicauth.users=fake:"
       - "traefik.http.routers.proxiedsolrapideny.middlewares=sharefakeauth@docker"
@@ -348,6 +352,7 @@ services:
       - "--providers.docker=true"
       - "--entrypoints.web.address=:8080"
       - "--entryPoints.traefik.address=:8888"
+      - "--entrypoints.web.transport.respondingTimeouts.readTimeout=20m"
       - "--accesslog=true"
       - "--providers.docker.exposedByDefault=false"
       - "--ping.entrypoint=web"

docs/docker-compose/README.md

@@ -185,6 +185,26 @@ The provided Docker compose file provides some default configuration, the
 sections below show the full set of environment variables exposed by each of
 the containers in the deployment.
 
+### Set max upload size
+
+The default maximum upload size is 5GB provided the upload do not last more than
+20 minutes. This restriction applies to the Alfresco repository APIs, Share and
+Alfresco Sync Service. Trying to upload files which do not conform to these
+limits will result in errors such as HTTP 413 (Request Entity Too Large) or HTTP
+504 (Gateway Timeout).
+
+To change this behavior, you need to set to different values for:
+
+* `entrypoints.web.transport.respondingTimeouts.readTimeout` in the
+  as a command argument in `.services.proxy.command`. Check the
+  [Traefik documentation](https://doc.traefik.io/traefik/routing/entrypoints/#respondingtimeouts)
+  for more information.
+* each `traefik.http.middlewares.limit.buffering.maxRequestBodyBytes` label
+  of each service where the restriction applies: `.services.alfresco`,
+  `.services.share` & `.services.sync-service`.
+
+> Setting these values to 0 to disable limits is not a good idea.
+
 ### Alfresco Content Repository (alfresco)
 
 | Property          | Description                                                                                                                                                                                                                                                                                                                                                                         | Default value |

docs/helm/ingress-nginx.md

@@ -41,3 +41,27 @@ kubectl get pods --namespace=ingress-nginx
 
 More information can be found in the
 [ingress-nginx deploy docs](https://kubernetes.github.io/ingress-nginx/deploy/).
+
+## Configure file uploads limitations
+
+The alfresco-repository & alfresco-share Helm charts this chart depends on, come
+with settings to limit the maximum size of file uploads and the maximum duration
+of a request. These settings are configured using default ingress annotations.
+They can be overriden from the umbrella chart (alfresco-content-services) by
+setting the following values:
+
+```yaml
+alfresco-repository::
+  ingress:
+    annotations:
+      nginx.ingress.kubernetes.io/proxy-body-size: 100m
+      nginx.ingress.kubernetes.io/proxy-read-timeout: 600
+share:
+  ingress:
+    annotations:
+      nginx.ingress.kubernetes.io/proxy-body-size: 100m
+      nginx.ingress.kubernetes.io/proxy-read-timeout: 600
+```
+
+> Above values would limit the uploads to 100 MB files or 10 minutes long
+uploads in bith Alfresco repository API & Share UI.

helm/acs-sso-example/Chart.lock

@@ -7,15 +7,15 @@ dependencies:
   version: 6.0.0
 - name: alfresco-repository
   repository: https://alfresco.github.io/alfresco-helm-charts/
-  version: 0.8.2
+  version: 0.9.0-alpha.0
 - name: activemq
   repository: https://alfresco.github.io/alfresco-helm-charts/
   version: 3.6.1
 - name: alfresco-share
   repository: https://alfresco.github.io/alfresco-helm-charts/
-  version: 1.2.1
+  version: 1.3.0-alpha.0
 - name: alfresco-adf-app
   repository: https://alfresco.github.io/alfresco-helm-charts/
   version: 0.2.1
-digest: sha256:70695614aae280a1ad3d5756ca753d77a419f01545d0572ba5282c3a5feb3105
-generated: "2025-01-30T19:55:30.550179661Z"
+digest: sha256:1dccc143c287ee81c263a32b78d3d8c54e6a3226f8befdd6ec54bc4e22643bec
+generated: "2025-02-05T14:18:19.859037+01:00"

helm/acs-sso-example/Chart.yaml

@@ -35,13 +35,13 @@ dependencies:
     version: 6.0.0
   - name: alfresco-repository
     repository: https://alfresco.github.io/alfresco-helm-charts/
-    version: 0.8.2
+    version: 0.9.0-alpha.0
   - name: activemq
     repository: https://alfresco.github.io/alfresco-helm-charts/
     version: 3.6.1
   - name: alfresco-share
     repository: https://alfresco.github.io/alfresco-helm-charts/
-    version: 1.2.1
+    version: 1.3.0-alpha.0
   - name: alfresco-adf-app
     alias: alfresco-content-app
     repository: https://alfresco.github.io/alfresco-helm-charts/

helm/acs-sso-example/README.md

@@ -39,8 +39,8 @@ deployment is destroyed or rolled back!
 |------------|------|---------|
 | https://alfresco.github.io/alfresco-helm-charts/ | activemq | 3.6.1 |
 | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-content-app(alfresco-adf-app) | 0.2.1 |
-| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-repository | 0.8.2 |
-| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-share | 1.2.1 |
+| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-repository | 0.9.0-alpha.0 |
+| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-share | 1.3.0-alpha.0 |
 | https://codecentric.github.io/helm-charts | keycloakx | 6.0.0 |
 | oci://registry-1.docker.io/bitnamicharts | repository-database(postgresql) | 13.4.0 |
 

helm/alfresco-content-services/Chart.lock

@@ -16,7 +16,7 @@ dependencies:
   version: 0.2.1
 - name: alfresco-repository
   repository: https://alfresco.github.io/alfresco-helm-charts/
-  version: 0.8.2
+  version: 0.9.0-alpha.0
 - name: activemq
   repository: https://alfresco.github.io/alfresco-helm-charts/
   version: 3.6.1
@@ -37,7 +37,7 @@ dependencies:
   version: 2.0.0
 - name: alfresco-share
   repository: https://alfresco.github.io/alfresco-helm-charts/
-  version: 1.2.1
+  version: 1.3.0-alpha.0
 - name: alfresco-connector-ms365
   repository: https://alfresco.github.io/alfresco-helm-charts/
   version: 3.0.0
@@ -50,5 +50,5 @@ dependencies:
 - name: alfresco-audit-storage
   repository: https://alfresco.github.io/alfresco-helm-charts/
   version: 0.2.0
-digest: sha256:2be5a4d5dc657832add2f8f56ef0119bd62ba1e0c4b8a8b60aa972a969af3c82
-generated: "2025-01-30T19:56:31.548102031Z"
+digest: sha256:003f3c462222792347a2cc8546ac4b5501896cb8df5c76d9bd8931e7dbdad84e
+generated: "2025-02-05T14:16:46.275757+01:00"

helm/alfresco-content-services/Chart.yaml

@@ -41,7 +41,7 @@ dependencies:
     condition: >-
       alfresco-digital-workspace.enabled
   - name: alfresco-repository
-    version: 0.8.2
+    version: 0.9.0-alpha.0
     repository: https://alfresco.github.io/alfresco-helm-charts/
   - name: activemq
     version: 3.6.1
@@ -70,7 +70,7 @@ dependencies:
     condition: alfresco-connector-msteams.enabled
   - name: alfresco-share
     alias: share
-    version: 1.2.1
+    version: 1.3.0-alpha.0
     repository: https://alfresco.github.io/alfresco-helm-charts/
     condition: share.enabled
   - name: alfresco-connector-ms365

helm/alfresco-content-services/README.md

@@ -30,10 +30,10 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b
 | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-common | 4.0.0 |
 | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-connector-ms365 | 3.0.0 |
 | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-connector-msteams | 2.0.0 |
-| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-repository | 0.8.2 |
+| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-repository | 0.9.0-alpha.0 |
 | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-search-enterprise | 4.3.0 |
 | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-search(alfresco-search-service) | 5.0.0 |
-| https://alfresco.github.io/alfresco-helm-charts/ | share(alfresco-share) | 1.2.1 |
+| https://alfresco.github.io/alfresco-helm-charts/ | share(alfresco-share) | 1.3.0-alpha.0 |
 | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-sync-service | 7.0.0 |
 | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-transform-service | 2.1.3 |
 | oci://registry-1.docker.io/bitnamicharts | elasticsearch | 21.4.1 |
@@ -86,7 +86,6 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b
 | alfresco-control-center.image.pullPolicy | string | `"IfNotPresent"` |  |
 | alfresco-control-center.image.repository | string | `"quay.io/alfresco/alfresco-control-center"` |  |
 | alfresco-control-center.image.tag | string | `"9.3.0"` |  |
-| alfresco-control-center.ingress.annotations."nginx.ingress.kubernetes.io/proxy-body-size" | string | `"5g"` |  |
 | alfresco-control-center.ingress.hosts[0].paths[0].path | string | `"/control-center"` |  |
 | alfresco-control-center.ingress.hosts[0].paths[0].pathType | string | `"Prefix"` |  |
 | alfresco-control-center.ingress.tls | list | `[]` |  |
@@ -98,7 +97,6 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b
 | alfresco-digital-workspace.image.pullPolicy | string | `"IfNotPresent"` |  |
 | alfresco-digital-workspace.image.repository | string | `"quay.io/alfresco/alfresco-digital-workspace"` |  |
 | alfresco-digital-workspace.image.tag | string | `"5.3.0"` |  |
-| alfresco-digital-workspace.ingress.annotations."nginx.ingress.kubernetes.io/proxy-body-size" | string | `"5g"` |  |
 | alfresco-digital-workspace.ingress.hosts[0].paths[0].path | string | `"/workspace"` |  |
 | alfresco-digital-workspace.ingress.hosts[0].paths[0].pathType | string | `"Prefix"` |  |
 | alfresco-digital-workspace.ingress.tls | list | `[]` |  |

helm/alfresco-content-services/values.yaml

@@ -396,8 +396,6 @@ alfresco-digital-workspace:
   enabled: true
   nameOverride: "alfresco-dw"
   ingress:
-    annotations:
-      nginx.ingress.kubernetes.io/proxy-body-size: "5g"
     tls: []
     hosts:
       - paths:
@@ -415,8 +413,6 @@ alfresco-control-center:
   enabled: true
   nameOverride: "alfresco-cc"
   ingress:
-    annotations:
-      nginx.ingress.kubernetes.io/proxy-body-size: "5g"
     tls: []
     hosts:
       - paths: