From b523cf86c8cbedb43cf625a1a847ca828afd5fba Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 13 Oct 2019 17:29:11 +0200 Subject: nextcloud basic installation is finally working properly --- roles/nextcloud/templates/apache-site.conf.j2 | 18 +++++++++ roles/nextcloud/templates/nginx-vhost.conf.j2 | 45 +++++++++++++++++++++++ roles/nextcloud/templates/pod-with-mariadb.yml.j2 | 10 ++++- 3 files changed, 72 insertions(+), 1 deletion(-) create mode 100644 roles/nextcloud/templates/apache-site.conf.j2 create mode 100644 roles/nextcloud/templates/nginx-vhost.conf.j2 (limited to 'roles/nextcloud/templates') diff --git a/roles/nextcloud/templates/apache-site.conf.j2 b/roles/nextcloud/templates/apache-site.conf.j2 new file mode 100644 index 00000000..457cdfd4 --- /dev/null +++ b/roles/nextcloud/templates/apache-site.conf.j2 @@ -0,0 +1,18 @@ +Include mods-available/socache_shmcb.load +Include mods-available/ssl.load +Include mods-available/ssl.conf + + + ServerAdmin webmaster@localhost + DocumentRoot /var/www/html + + UseCanonicalName Off + UseCanonicalPhysicalPort Off + + SSLEngine On + SSLCertificateFile /etc/apache2/tls/nextcloud.crt + SSLCertificateKeyFile /etc/apache2/tls/nextcloud.key + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + diff --git a/roles/nextcloud/templates/nginx-vhost.conf.j2 b/roles/nextcloud/templates/nginx-vhost.conf.j2 new file mode 100644 index 00000000..717c0dea --- /dev/null +++ b/roles/nextcloud/templates/nginx-vhost.conf.j2 @@ -0,0 +1,45 @@ +server { + listen 80; + listen [::]:80; + server_name {{ item.value.hostnames | join(' ') }}; + + include snippets/acmetool.conf; + + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name {{ item.value.hostnames | join(' ') }}; + + include snippets/acmetool.conf; + include snippets/ssl.conf; + ssl_certificate /var/lib/acme/live/{{ item.value.hostnames[0] }}/fullchain; + ssl_certificate_key /var/lib/acme/live/{{ item.value.hostnames[0] }}/privkey; + include snippets/hsts.conf; + + location / { + include snippets/proxy-nobuff.conf; + client_max_body_size 512M; + + proxy_set_header Host $host:443; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Ssl on; + proxy_set_header X-Forwarded-Port $server_port; + + # for websockets + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + + proxy_ssl_trusted_certificate /srv/storage/nextcloud/{{ item.key }}/config/tls/nextcloud.crt; + proxy_ssl_verify on; + proxy_ssl_name nextcloud-{{ item.key }}; + + proxy_pass https://127.0.0.1:{{ item.value.port }}; + } +} diff --git a/roles/nextcloud/templates/pod-with-mariadb.yml.j2 b/roles/nextcloud/templates/pod-with-mariadb.yml.j2 index 7fa40cd4..92347a44 100644 --- a/roles/nextcloud/templates/pod-with-mariadb.yml.j2 +++ b/roles/nextcloud/templates/pod-with-mariadb.yml.j2 @@ -14,6 +14,7 @@ spec: resources: limits: memory: "4Gi" +{% if 'new' in item.value and item.value.new %} env: - name: NEXTCLOUD_TRUSTED_DOMAINS value: "{{ item.value.hostnames | join(' ') }}" @@ -25,6 +26,7 @@ spec: value: nextcloud - name: MYSQL_PASSWORD value: "{{ item.value.database.password }}" +{% endif %} volumeMounts: - name: nextcloud mountPath: /var/www/html @@ -36,8 +38,12 @@ spec: mountPath: /etc/apache2/ports.conf subPath: ports.conf readOnly: true + - name: config + mountPath: /etc/apache2/tls/ + subPath: tls + readOnly: true ports: - - containerPort: 8080 + - containerPort: 8443 hostPort: {{ item.value.port }} - name: database image: "mariadb:{{ item.value.database.version }}" @@ -50,6 +56,7 @@ spec: resources: limits: memory: "2Gi" +{% if 'new' in item.value and item.value.new %} env: - name: MYSQL_RANDOM_ROOT_PASSWORD value: "true" @@ -59,6 +66,7 @@ spec: value: nextcloud - name: MYSQL_PASSWORD value: "{{ item.value.database.password }}" +{% endif %} volumeMounts: - name: database mountPath: /var/lib/mysql -- cgit v1.2.3