feat(nextcloud): Enable including custom Nginx configurations and sho…

…w X-Real-IP in Nextcloud logs when Nginx is enabled (#1260) * feat(nextcloud): Get real client IP from proxies * feat(nextcloud): Show X-Real-IP in Nextcloud logs * refactor(nextcloud): Add an option to include custom Nginx configuration refactor(nextcloud): Only show the `X-Real-IP` header in Nextcloud logs when Nginx is enabled * refactor(nextcloud): Simplify custom Nginx config mounts * fix(nextcloud): Remove custom confs from tests * fix(nextcloud): Set custom_confs values type to hostpath Co-authored-by: Stavros Kois <[email protected]> * chore(nextcloud): Remove CHANGELOG.md --------- Co-authored-by: Stavros Kois <[email protected]>
truenas · Jan 31, 2025 · 967f886 · 967f886
1 parent 1653f0f
commit 967f886
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 2 deletions.
diff --git a/ix-dev/stable/nextcloud/app.yaml b/ix-dev/stable/nextcloud/app.yaml
@@ -73,4 +73,4 @@ sources:
 - https://github.com/truenas/charts/tree/master/charts/nextcloud
 title: Nextcloud
 train: stable
-version: 1.5.18
+version: 1.6.0
diff --git a/ix-dev/stable/nextcloud/questions.yaml b/ix-dev/stable/nextcloud/questions.yaml
@@ -310,6 +310,18 @@ questions:
                   max: 65535
                   show_if: [["use_different_port", "=", true]]
                   required: true
+              - variable: custom_confs
+                label: Custom Nginx Configurations
+                description: List of custom Nginx configurations.
+                schema:
+                  type: list
+                  default: []
+                  items:
+                    - variable: conf
+                      label: Configuration
+                      schema:
+                        type: hostpath
+                        required: true
 
   - variable: storage
     label: ""

diff --git a/ix-dev/stable/nextcloud/templates/docker-compose.yaml b/ix-dev/stable/nextcloud/templates/docker-compose.yaml
@@ -1,5 +1,5 @@
 {% from "macros/nc.jinja.sh" import occ, hosts_update, trusted_domains_update, imaginary_url %}
-{% from "macros/nc.jinja.conf" import opcache, php, limit_request_body, nginx_conf %}
+{% from "macros/nc.jinja.conf" import opcache, php, limit_request_body, use_x_real_ip_in_logs, nginx_conf %}
 
 {% set tpl = ix_lib.base.render.Render(values) %}
 
@@ -116,6 +116,7 @@
   {% do nc_env.x.append(("APACHE_DISABLE_REWRITE_IP", 1)) %}
   {% do nc_env.x.append(("OVERWRITEPROTOCOL", "https")) %}
   {% do nc_env.x.append(("TRUSTED_PROXIES", ["127.0.0.1", "192.168.0.0/16", "172.16.0.0/12", "10.0.0.0/8"] | join(" "))) %}
+  {% do nc_confs.append(("logformat.conf", use_x_real_ip_in_logs(), "/etc/apache2/conf-enabled/logformat.conf", "")) %}
   {% if values.nextcloud.host and values.network.nginx.use_different_port %}
     {% set host.x = "%s:%d"|format(values.nextcloud.host, values.network.nginx.external_port) %}
     {% do nc_env.x.append(("OVERWRITEHOST", host.x)) %}
@@ -199,6 +200,9 @@
   {% do nginx_container.configs.add("private", values.ix_certificates[values.network.certificate_id].privatekey, values.consts.ssl_key_path) %}
   {% do nginx_container.configs.add("public", values.ix_certificates[values.network.certificate_id].certificate, values.consts.ssl_cert_path) %}
   {% do nginx_container.configs.add("nginx.conf", nginx_conf(values), "/etc/nginx/nginx.conf", "0600") %}
+  {% for conf_path in values.network.nginx.custom_confs %}
+    {% do nginx_container.add_storage("/etc/nginx/includes/%d.conf"|format(loop.index0), {"type": "host_path", "host_path_config": {"path": conf_path}}) %}
+  {% endfor %}
   {% do nginx_container.add_storage("/tmp", {"type": "anonymous", "volume_config": {}}) %}
   {% do nginx_container.healthcheck.set_test("curl", {
     "port": values.network.web_port, "path": "/status.php",

diff --git a/ix-dev/stable/nextcloud/templates/macros/nc.jinja.conf b/ix-dev/stable/nextcloud/templates/macros/nc.jinja.conf
@@ -11,6 +11,13 @@ max_execution_time={{ values.nextcloud.max_execution_time }}
 LimitRequestBody {{ values.nextcloud.php_upload_limit * bytes_gb }}
 {%- endmacro -%}
 
+{% macro use_x_real_ip_in_logs() -%}
+{# `(%{X-Real-IP}i)` is added after each LogFormat `%h` statement from /etc/apache2/apache2.conf -#}
+LogFormat "%v:%p %h (%{X-Real-IP}i) %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+LogFormat "%h (%{X-Real-IP}i) %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%h (%{X-Real-IP}i) %l %u %t \"%r\" %>s %O" common
+{%- endmacro -%}
+
 {% macro nginx_conf(values) -%}
 {%- set port = namespace(x=":$server_port") -%}
 {%- if values.network.nginx.use_different_port -%}
@@ -35,6 +42,7 @@ http {
 
     client_max_body_size {{ values.nextcloud.php_upload_limit }}G;
     add_header Strict-Transport-Security "max-age=15552000; includeSubDomains; preload" always;
+
     location = /robots.txt {
       allow all;
       log_not_found off;
@@ -70,6 +78,8 @@ http {
       proxy_send_timeout                 {{ values.network.nginx.proxy_timeout }}s;
       proxy_read_timeout                 {{ values.network.nginx.proxy_timeout }}s;
     }
+
+    include /etc/nginx/includes/*.conf;
   }
 }
 {%- endmacro -%}