Information
I’m running Nextcloud in k3s with the official helm chart and the default Traefik installation that it provide with some minor tweak (check the file below). Even if I have HTTPS redirection for all domain, Nextcloud is warning me that my instance support unsecured URL. I don’t really know how to fix this error
I already search for help online like this forum post about running Nextcloud + Docker + Traefik and I also try everything that the doc is recommending about running Nextcloud behind a reverse proxy, but this is still not working
Help me please
Is this the first time you’ve seen this error? (Y/N): Y
Configuration files
My Helm value
image:
repository: nextcloud
tag: 23.0.2-apache
pullPolicy: IfNotPresent
pullSecrets: []
replicaCount: 1
nextcloud:
host: cloud.exemple.com
username: alexo
password: STRONGPASSWORD
mail:
enabled: false
datadir: /var/www/html/data
extraEnv:
- name: OVERWRITEPROTOCOL
value: https
- name: OVERWRITECLIURL
value: https://cloud.exemple.com
- name: OVERWRITECONDADDR
value: ^10\.43\.68\.233$
- name: OVERWRITEHOST
value: cloud.exemple.com
- name: overwrite.cli.url
value: https://${cloud.exemple.com}
# This is the Cluster Ip of the loadbalancer
- name: TRUSTED_PROXIES
value: 10.43.68.233
- name: APACHE_DISABLE_REWRITE_IP
value: "1"
phpConfigs:
opcache.interned_strings_buffer: "10"
internalDatabase:
enabled: false
mariadb:
## Whether to deploy a mariadb server to satisfy the applications database requirements. To use an external database set this to false and configure the externalDatabase parameters
enabled: true
auth:
database: nextcloud
username: nextcloud
password: STRONGPASSWORD
rootPassword: STRONGPASSWORD
primary:
extraEnvVars:
- name: BITNAMI_DEBUG
value: "true"
persistence:
enabled: true
storageClass: longhorn-fast-durable
accessMode: ReadWriteOnce
size: 8Gi
persistence:
# Nextcloud Data (/var/www/html)
enabled: true
existingClaim: nextcloud-data
livenessProbe:
enabled: false
initialDelaySeconds: 360
readinessProbe:
enabled: false
initialDelaySeconds: 360
## Prometheus Exporter / Metrics
##
metrics:
enabled: true
# resources: {}
service:
type: ClusterIP
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9205"
The output of your Nextcloud log in Admin > Logging:
No relevant logs, just about calendar/device error
The output of your config.php file in /path/to/nextcloud
(make sure you remove any identifiable information!):
<?php
$CONFIG = array (
'htaccess.RewriteBase' => '/',
'memcache.local' => '\\OC\\Memcache\\APCu',
'apps_paths' =>
array (
0 =>
array (
'path' => '/var/www/html/apps',
'url' => '/apps',
'writable' => false,
),
1 =>
array (
'path' => '/var/www/html/custom_apps',
'url' => '/custom_apps',
'writable' => true,
),
),
'passwordsalt' => 'SALT',
'secret' => 'SECRET',
'trusted_domains' =>
array (
0 => 'localhost',
1 => 'cloud.exemple.com',
),
'datadirectory' => '/var/www/html/data',
'dbtype' => 'mysql',
'version' => '23.0.2.1',
'overwrite.cli.url' => 'https://cloud.exemple.com',
'dbname' => 'nextcloud',
'dbhost' => 'nextcloud-mariadb',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'nextcloud',
'dbpassword' => 'STRONGPASSWORD'',
'installed' => true',
'instanceid' => 'ID',
'loglevel' => 2,
'maintenance' => false,
'overwritehost' => 'cloud.exemple.com',
'overwriteprotocol' => 'https',
'overwritecondaddr' => '^10\\.43\\.68\\.233$',
'trusted_proxies' =>
array (
0 => '10.43.68.233',
),
);
Traefik ingress route
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: nextcloud
namespace: nextcloud
spec:
entryPoints:
- websecure
routes:
- kind: Rule
match: Host(`cloud.exemple.com`)
middlewares:
- name: nextcloud-middleware-headers
- name: nextcloud-middleware-regex
services:
- name: nextcloud
port: 8080
tls:
certResolver: letsencrypt-prod
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: nextcloud-http
namespace: nextcloud
spec:
entryPoints:
- web
routes:
- kind: Rule
match: Host(`cloud.exemple.com`)
middlewares:
- name: nextcloud-middleware-https
services:
- name: nextcloud
port: 8080
--- # This need to be deployed in the same namespace as the running nextcloud instance
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: nextcloud-middleware-headers
spec:
headers:
stsSeconds: 31536000
stsIncludeSubdomains: true
stsPreload: true
sslRedirect: true
--- # This need to be deployed in the same namespace as the running nextcloud instance
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: nextcloud-middleware-regex
spec:
redirectRegex:
permanent: true
regex: "https://(.*)/.well-known/(card|cal)dav"
replacement: "https://${1}/remote.php/dav/"
--- # This need to be deployed in the same namespace as the running nextcloud instance
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: nextcloud-middleware-https
spec:
redirectScheme:
scheme: https
permanent: true
Traefik helm value
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
name: traefik
namespace: kube-system
spec:
valuesContent: |-
additionalArguments:
- --certificatesresolvers.letsencrypt-prod.acme.tlschallenge=false
- --certificatesresolvers.letsencrypt-prod.acme.dnschallenge=true
- --certificatesresolvers.letsencrypt-prod.acme.dnschallenge.provider=cloudflare
- --certificatesresolvers.letsencrypt-prod.acme.email=admin@exemple.com
- --certificatesresolvers.letsencrypt-prod.acme.storage=/data/cloudlfare-acme.json
- --certificatesresolvers.letsencrypt-prod.acme.caserver=https://acme-v02.api.letsencrypt.org/directory
env:
- name: CLOUDFLARE_DNS_API_TOKEN
valueFrom:
secretKeyRef:
key: cf-token-dns
name: cloudflare-api-token
- name: CLOUDFLARE_ZONE_API_TOKEN
valueFrom:
secretKeyRef:
key: cf-token-zone
name: cloudflare-api-token
ports:
web:
redirectTo: websecure
scheme: https
websecure:
tls:
certResolver: letsencrypt-prod
logs:
general:
level: DEBUG
access:
enabled: true
persistence:
enabled: true
existingClaim: traefik-data-pvc
path: /data
Nextcloud / System Information
Nextcloud version: 23.0.2
Operating system and version: debian bullseye
Docker container tag: nextcloud:23.0.2-apache
PHP version: 8.0.16
Traefik version: 2.5.6
K3S version: v1.22.6+k3s1