No OneTemporary
Actions

Authored By

Unknown

Size

15 KB

Referenced Files

None

Subscribers

None

View Options

	diff --git a/helm/templates/proxy-configmap.yaml b/helm/templates/proxy-configmap.yaml
	index 1367180..844d14b 100644
	--- a/helm/templates/proxy-configmap.yaml
	+++ b/helm/templates/proxy-configmap.yaml
	@@ -1,401 +1,427 @@
	{{- if .Values.proxy.enabled -}}
	kind: ConfigMap
	apiVersion: v1
	metadata:
	name: proxy-config
	data:
	nginx.conf: \|
	worker_processes auto;
	error_log stderr info;
	pid /run/nginx.pid;

	# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
	include /usr/share/nginx/modules/*.conf;

	events {
	worker_connections 1024;
	}

	http {
	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
	'$status $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for"';

	access_log /dev/stdout main;

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	map $http_upgrade $connection_upgrade {
	default upgrade;
	'' close;
	}

	# Load modular configuration files from the /etc/nginx/conf.d directory.
	# See http://nginx.org/en/docs/ngx_core_module.html#include
	# for more information.
	include /etc/nginx/conf.d/*.conf;

	# Rewrite $remote_addr with $proxy_protocol_addr
	- set_real_ip_from 10.42.3.0/24;
	+ set_real_ip_from 10.0.0.0/8;
	real_ip_header proxy_protocol;

	server {
	listen 6080;
	listen 6081 proxy_protocol;
	listen 6443 ssl;
	listen 6444 ssl proxy_protocol;


	+ ssl_certificate /etc/certs/tls.crt;
	+ ssl_certificate_key /etc/certs/tls.key;
	+
	+ server_name services.{{ template "kolab.websiteDomain" . }};
	+ root /usr/share/nginx/html;
	+
	+ location / {
	+ proxy_pass http://kolab-services;
	+ proxy_redirect off;
	+ proxy_set_header Host $host;
	+ proxy_set_header X-Real-IP $remote_addr;
	+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	+ proxy_set_header X-Forwarded-Host $host;
	+ proxy_set_header X-Forwarded-Proto $scheme;
	+ proxy_no_cache 1;
	+ proxy_cache_bypass 1;
	+ client_max_body_size 11m;
	+ }
	+ }
	+
	+ server {
	+ listen 6080;
	+ listen 6081 proxy_protocol;
	+ listen 6443 ssl;
	+ listen 6444 ssl proxy_protocol;
	+
	+
	ssl_certificate /etc/certs/tls.crt;
	ssl_certificate_key /etc/certs/tls.key;

	server_name admin.{{ template "kolab.websiteDomain" . }};
	root /usr/share/nginx/html;

	location / {
	proxy_pass http://kolab;
	proxy_redirect off;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Host $host;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_no_cache 1;
	proxy_cache_bypass 1;
	client_max_body_size 11m;
	}

	-
	location /prometheus {
	rewrite /prometheus/(.*) /$1 break;
	proxy_pass http://prometheus:9090;
	proxy_redirect off;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Host $host;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "Upgrade";
	proxy_no_cache 1;
	proxy_cache_bypass 1;
	client_max_body_size 11m;
	}

	{{- if .Values.loki.enabled }}
	location /loki {
	proxy_pass http://loki:3100;
	proxy_redirect off;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Host $host;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "Upgrade";
	proxy_no_cache 1;
	proxy_cache_bypass 1;
	client_max_body_size 11m;
	}
	{{- end }}

	{{- if .Values.victorialogs.enabled }}
	location /select {
	proxy_pass http://victorialogs:9428;
	proxy_redirect off;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Host $host;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "Upgrade";
	proxy_no_cache 1;
	proxy_cache_bypass 1;
	client_max_body_size 11m;
	}
	{{- end }}

	}

	server {
	listen 6080 default_server;
	listen 6081 default_server proxy_protocol;
	listen 6443 default_server ssl;
	listen 6444 default_server ssl proxy_protocol;
	listen [::]:6443 ssl ipv6only=on;

	ssl_certificate /etc/certs/tls.crt;
	ssl_certificate_key /etc/certs/tls.key;

	server_name {{ template "kolab.websiteDomain" . }};
	root /usr/share/nginx/html;

	# Load configuration files for the default server block.
	include /etc/nginx/default.d/*.conf;

	location = /health {
	access_log off;
	add_header 'Content-Type' 'application/json';
	return 200 '{"status":"UP"}';
	}

	location / {
	proxy_pass http://kolab;
	proxy_redirect off;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Host $host;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_no_cache 1;
	proxy_cache_bypass 1;
	# Mostly for files, swoole has a 10MB limit
	client_max_body_size 11m;
	}

	location /meetmedia {
	proxy_pass http://meet;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection $connection_upgrade;
	proxy_set_header Host $host;
	}

	location /meetmedia/api {
	proxy_pass http://meet;
	proxy_redirect off;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Host $host;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_no_cache 1;
	proxy_cache_bypass 1;
	}

	- location /webmail {
	+ location {{ .Values.proxy.webmailPath }} {
	proxy_pass http://roundcube;
	proxy_redirect off;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Host $host;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_no_cache 1;
	proxy_cache_bypass 1;
	}

	location /dav {
	- proxy_pass http://imap;
	+ proxy_pass http://{{ .Values.imap.host }};
	proxy_redirect off;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Host $host;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_no_cache 1;
	proxy_cache_bypass 1;
	}

	location /chwala {
	proxy_pass http://roundcube;
	proxy_redirect off;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Host $host;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_no_cache 1;
	proxy_cache_bypass 1;
	}

	location /Microsoft-Server-ActiveSync {
	proxy_pass http://roundcube;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_send_timeout 910s;
	proxy_read_timeout 910s;
	fastcgi_send_timeout 910s;
	fastcgi_read_timeout 910s;
	}

	location ~* ^/\.well-known/autoconfig {
	proxy_pass http://roundcube;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	}

	location ~* ^/autodiscover/autodiscover\.xml {
	proxy_pass http://roundcube;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	}

	location ~* ^/\.well-known/(caldav\|carddav) {
	- proxy_pass http://imap;
	+ proxy_pass http://{{ .Values.imap.host }};
	proxy_redirect http:// $scheme://;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	}

	{{- if .Values.collabora.enabled -}}
	# static files
	location ^~ /browser {
	proxy_pass http://collabora;
	proxy_set_header Host $http_host;
	}

	# WOPI discovery URL
	location ^~ /hosting/discovery {
	proxy_pass http://collabora;
	proxy_set_header Host $http_host;
	}

	# Capabilities
	location ^~ /hosting/capabilities {
	proxy_pass http://collabora;
	proxy_set_header Host $http_host;
	}

	# main websocket
	location ~ ^/cool/(.*)/ws$ {
	proxy_pass http://collabora;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "Upgrade";
	proxy_set_header Host $http_host;
	proxy_read_timeout 36000s;
	}

	# download, presentation and image upload
	location ~ ^/(c\|l)ool {
	proxy_pass http://collabora;
	proxy_set_header Host $http_host;
	}

	# Admin Console websocket
	location ^~ /cool/adminws {
	proxy_pass http://collabora;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "Upgrade";
	proxy_set_header Host $http_host;
	proxy_read_timeout 36000s;
	}
	{{- end }}

	{{- if .Values.nextcloud.enabled }}
	location /nextcloud {
	proxy_pass http://nextcloud:80;
	proxy_redirect off;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Host $host;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "Upgrade";
	proxy_no_cache 1;
	proxy_cache_bypass 1;
	client_max_body_size 11m;
	}
	{{- end }}

	location = /auth {
	internal;
	proxy_pass http://kolab/api/webhooks/nginx-httpauth;
	proxy_pass_request_body off;
	proxy_set_header Content-Length "";
	proxy_set_header X-Original-URI $request_uri;

	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	}

	location /healthz {
	auth_basic off;
	allow all;
	return 200;
	}

	error_page 404 /404.html;
	location = /40x.html {
	}

	error_page 500 502 503 504 /50x.html;
	location = /50x.html {
	}

	}
	}

	mail {
	server_name {{ template "kolab.websiteDomain" . }};
	auth_http http://{{ .Values.kolab.servicesService }}/api/webhooks/nginx;

	proxy_pass_error_message on;
	proxy_smtp_auth on;
	xclient off;

	ssl_certificate /etc/certs/tls.crt;
	ssl_certificate_key /etc/certs/tls.key;

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
	ssl_ciphers HIGH:!aNULL:!MD5;

	server {
	listen 6143;
	listen 6144 proxy_protocol;
	protocol imap;

	proxy on;
	starttls on;
	}

	server {
	listen 6993 ssl;
	listen 6994 ssl proxy_protocol;
	- set_real_ip_from 10.42.3.0/24;
	+ set_real_ip_from 10.0.0.0/8;
	protocol imap;
	proxy on;
	}

	server {
	listen 6465 ssl;
	listen 6466 ssl proxy_protocol;
	- set_real_ip_from 10.42.3.0/24;
	+ set_real_ip_from 10.0.0.0/8;
	protocol smtp;
	proxy on;
	proxy_protocol on;
	}

	server {
	listen 6587;
	listen 6588 proxy_protocol;
	- set_real_ip_from 10.42.3.0/24;
	+ set_real_ip_from 10.0.0.0/8;
	protocol smtp;
	proxy on;
	starttls on;
	proxy_protocol on;
	}

	}

	stream {
	server {
	listen 6190;
	- proxy_pass imap:4190;
	+ proxy_pass {{ .Values.imap.host }}:4190;
	}
	}
	{{- end }}

File Metadata

Mime Type: text/x-diff
Expires: Sat, Apr 4, 4:01 AM (7 h, 42 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 18822511
Default Alt Text: (15 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions