Running this chart configured with nginx causes incorrect redirects and CSP errors #560
Comments
|
I'm unable to reproduce this. Could you please fill out the values.yaml in your post so we, or someone else in the community, can better help you? I just went to https://cloud.mydomain/apps/files on my server and it redirected to https with no issues. I also verified via web developer tools in firefox that all requests are 200s. I have nginx enabled. You can view my whole config here. |
|
Hello, same problem here on a fresh install of the helm chart. The redirections are looping as follow:
Here my values.yaml (I took the liberty to keep only the relevant part. Tell me if you want the full one) image:
repository: nextcloud
flavor: fpm
ingress:
enabled: true
className: nginx
servicePort: 8080
annotations:
cert-manager.io/cluster-issuer: letsencrypt-staging
nginx.ingress.kubernetes.io/proxy-body-size: 4G
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For"
# Keep this in sync with the README.md:
nginx.ingress.kubernetes.io/server-snippet: |-
server_tokens off;
proxy_hide_header X-Powered-By;
rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last;
rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last;
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
deny all;
}
tls:
- secretName: nextcloud-tls
hosts:
- nextcloud.domain.com
labels: {}
path: /
pathType: Prefix
nextcloud:
host: nextcloud.domain.com
nginx:
enabled: true
image:
repository: nginx
tag: alpine
pullPolicy: IfNotPresent |
|
I'm still unable to reproduce this with my current settings, which you can find here: I think the only difference is that I currently have cors disabled, and I have a valid TLS cert currently, as I am using letsencrypt-prod right now. In the meantime, I've added a |
Describe your Issue
When running this chart with nginx enabled, URIs without an ending "/" will cause nginx to redirect with a 301 to "http" instead of "https" (this is of course assuming that you have a reverse proxy serving https as well).
Nginx is the part that is causing this redirect, and it seems like this is solved by adding "absolute_redirect off;" in the server section in the nginx configuration. I would gladly open a PR for this, but I'm not knowledgeable enough about the project to know if this is the best solution.
This issue appears most clearly when trying to enable/disable apps, which will cause a request to https://server/apps/files, which gets incorrectly redirected to http://server/apps/files/
Logs and Errors
Describe your Environment
Kubernetes distribution: k3s
Helm Version (or App that manages helm):
Helm Chart Version:
values.yaml:# paste your values.yaml (anonymize any sensitive data)Additional context, if any
The text was updated successfully, but these errors were encountered: