diff --git a/charts/nextcloud/Chart.yaml b/charts/nextcloud/Chart.yaml index 51a78c68..bb329c08 100644 --- a/charts/nextcloud/Chart.yaml +++ b/charts/nextcloud/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: nextcloud -version: 9.2.0 +version: 9.3.0 # renovate: image=docker.io/library/nextcloud appVersion: 34.0.1 description: A file sharing server that puts the control and security of your own data back into your hands. diff --git a/charts/nextcloud/README.md b/charts/nextcloud/README.md index f42d2b64..b0f686e6 100644 --- a/charts/nextcloud/README.md +++ b/charts/nextcloud/README.md @@ -707,6 +707,9 @@ ingress: deny all; } ``` + +When exposing Nextcloud through the Gateway API (`httpRoute.enabled: true`), the CalDAV and CardDAV redirects are added automatically as `RequestRedirect` rules (`httpRoute.wellKnown.enabled`, on by default), so no implementation-specific configuration is required. Set `httpRoute.wellKnown.enabled: false` to opt out. + ## Preserving Source IP - Make sure your loadbalancer preserves source IP, for bare metal, `metalb` does and `klipper-lb` doesn't. diff --git a/charts/nextcloud/templates/route.yaml b/charts/nextcloud/templates/route.yaml index 2ead705d..57908e17 100644 --- a/charts/nextcloud/templates/route.yaml +++ b/charts/nextcloud/templates/route.yaml @@ -25,11 +25,35 @@ spec: {{- tpl (toYaml .) $ | nindent 4 }} {{- end }} rules: + {{- if .Values.httpRoute.wellKnown.enabled }} + {{- range $path := list "/.well-known/carddav" "/.well-known/caldav" }} + - matches: + - path: + type: Exact + value: {{ $path }} + filters: + - type: RequestRedirect + requestRedirect: + path: + type: ReplaceFullPath + replaceFullPath: /remote.php/dav + statusCode: 301 + {{- end }} + {{- end }} {{- range .Values.httpRoute.rules }} - - backendRefs: + {{- $isRedirect := false }} + {{- range .filters }} + {{- if eq (.type | default "") "RequestRedirect" }} + {{- $isRedirect = true }} + {{- end }} + {{- end }} + - + {{- if not $isRedirect }} + backendRefs: - name: {{ $fullName }} port: {{ $svcPort }} weight: 1 + {{- end }} {{- with .matches }} matches: {{- toYaml . | nindent 8 }} diff --git a/charts/nextcloud/values.yaml b/charts/nextcloud/values.yaml index 3db5ebc5..fafdcb7b 100644 --- a/charts/nextcloud/values.yaml +++ b/charts/nextcloud/values.yaml @@ -45,6 +45,12 @@ httpRoute: hostnames: [] # -- Reference to parent gateways parentRefs: [] + # -- Add the standard Nextcloud service discovery redirects + # (`/.well-known/carddav` and `/.well-known/caldav` -> `/remote.php/dav`) as + # Gateway API `RequestRedirect` rules. Unlike the ingress-nginx server snippet + # this needs no implementation-specific config. Set to false to opt out. + wellKnown: + enabled: true # -- List of rules and filters applied. rules: - matches: