Micke
1c192c41fd
This is the minumum needed to run a multinode customer in kubernetes. Each customer will run in their own namespace with a nextcloud container and a redis container. There is a proxysql cluster running in its own namespace, used by all customer. This is a monorepo that uses kustomize to allow using this repo for both prod and test (and other things we can think of in the future).
174 lines
6 KiB
YAML
174 lines
6 KiB
YAML
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: nextcloud-configmap
|
|
data:
|
|
000-default.conf: |
|
|
LoadModule remoteip_module /usr/lib/apache2/modules/mod_remoteip.so
|
|
LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
|
|
<VirtualHost *:80>
|
|
ServerAdmin webmaster@localhost
|
|
DocumentRoot /var/www/html
|
|
# Log format config
|
|
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" common
|
|
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
|
|
|
|
# Header config
|
|
RemoteIPHeader X-Forwarded-For
|
|
RemoteIPInternalProxy 37.156.195.14
|
|
RemoteIPInternalProxy 37.156.195.19
|
|
RemoteIPInternalProxy 37.156.195.84
|
|
RemoteIPInternalProxy 37.156.195.92
|
|
#ErrorDocument 404 /404.html
|
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
|
CustomLog ${APACHE_LOG_DIR}/access.log combined env=forwarded
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
|
<Directory /var/www/html/>
|
|
LimitRequestBody 0
|
|
Require all granted
|
|
AllowOverride All
|
|
Options FollowSymLinks MultiViews
|
|
|
|
<IfModule mod_dav.c>
|
|
Dav off
|
|
</IfModule>
|
|
</Directory>
|
|
</VirtualHost>
|
|
<VirtualHost *:443>
|
|
ServerAdmin webmaster@localhost
|
|
DocumentRoot /var/www/html
|
|
# Log format config
|
|
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" common
|
|
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
|
|
|
|
# Header config
|
|
RemoteIPHeader X-Forwarded-For
|
|
RemoteIPInternalProxy 37.156.195.14
|
|
RemoteIPInternalProxy 37.156.195.19
|
|
RemoteIPInternalProxy 37.156.195.84
|
|
RemoteIPInternalProxy 37.156.195.92
|
|
#ErrorDocument 404 /404.html
|
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
|
CustomLog ${APACHE_LOG_DIR}/access.log combined env=forwarded
|
|
SSLEngine On
|
|
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
|
|
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
|
|
<Directory /var/www/html/>
|
|
LimitRequestBody 0
|
|
Require all granted
|
|
AllowOverride All
|
|
Options FollowSymLinks MultiViews
|
|
|
|
<IfModule mod_dav.c>
|
|
Dav off
|
|
</IfModule>
|
|
</Directory>
|
|
</VirtualHost>
|
|
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
|
|
config.php: |
|
|
<?php
|
|
$CONFIG = array (
|
|
'memcache.local' => '\\OC\\Memcache\\APCu',
|
|
'appstoreenabled' => false,
|
|
'apps_paths' =>
|
|
array (
|
|
0 =>
|
|
array (
|
|
'path' => '/var/www/html/apps',
|
|
'url' => '/apps',
|
|
'writable' => false,
|
|
),
|
|
1 =>
|
|
array (
|
|
'path' => '/var/www/html/custom_apps',
|
|
'url' => '/custom_apps',
|
|
'writable' => true,
|
|
),
|
|
),
|
|
'memcache.distributed' => '\\OC\\Memcache\\Redis',
|
|
'memcache.locking' => '\\OC\\Memcache\\Redis',
|
|
'redis' =>
|
|
array (
|
|
'host' => '{{REDIS_HOST}}',
|
|
'port' => 6379,
|
|
),
|
|
'forcessl' => true,
|
|
'overwriteprotocol' => 'https',
|
|
'objectstore' =>
|
|
array (
|
|
'class' => '\\OC\\Files\\ObjectStore\\S3',
|
|
'arguments' =>
|
|
array (
|
|
'bucket' => '{{OBJECTSTORE_S3_BUCKET}}',
|
|
'key' => '{{OBJECTSTORE_S3_KEY}}',
|
|
'secret' => '{{OBJECTSTORE_S3_SECRET}}',
|
|
'region' => '{{OBJECTSTORE_S3_REGION}}',
|
|
'hostname' => '{{OBJECTSTORE_S3_HOST}}',
|
|
'port' => '',
|
|
'objectPrefix' => 'urn:oid:',
|
|
'autocreate' => false,
|
|
'use_ssl' => true,
|
|
'use_path_style' => true,
|
|
'legacy_auth' => false,
|
|
),
|
|
),
|
|
'csrf.disabled' => true,
|
|
'passwordsalt' => '{{NEXTCLOUD_PASSWORDSALT}}',
|
|
'secret' => '{{NEXTCLOUD_SECRET}}',
|
|
'trusted_domains' =>
|
|
array (
|
|
0 => '{{NEXTCLOUD_TRUSTED_DOMAINS}}'
|
|
),
|
|
'config_is_read_only' => true,
|
|
'datadirectory' => '/var/www/html/data',
|
|
'dbhost' => '{{MYSQL_HOST}}:{{MYSQL_PORT}}',
|
|
'dbname' => '{{MYSQL_DATABASE}}',
|
|
'dbpassword' => '{{MYSQL_PASSWORD}}',
|
|
'dbport' => '{{MYSQL_PORT}}',
|
|
'dbtableprefix' => 'oc_',
|
|
'dbtype' => 'mysql',
|
|
'dbuser' => '{{MYSQL_USER}}',
|
|
'gs.enabled' => 'true',
|
|
'gs.federation' => 'global',
|
|
'gs.trustedHosts' => ['*.sunet.se'],
|
|
'gss.jwt.key' => '{{GSS_JWT_KEY}}',
|
|
'gss.master.url' => '{{GSS_MASTER_URL}}',
|
|
'gss.mode' => 'slave',
|
|
'gss.user.discovery.module' => '\\OCA\\GlobalSiteSelector\\UserDiscoveryModules\\ManualUserMapping',
|
|
'installed' => true,
|
|
'instanceid' => '{{NEXTCLOUD_INSTANCEID}}',
|
|
'log_type' => 'file',
|
|
'loglevel' => 0,
|
|
'lookup_server' => '{{LOOKUP_SERVER}}',
|
|
'mail_domain' => '{{MAIL_DOMAIN}}',
|
|
'mail_from_address' => '{{MAIL_FROM_ADDRESS}}',
|
|
'mail_sendmailmode' => 'smtp',
|
|
'mail_smtpauth' => 1,
|
|
'mail_smtpauthtype' => 'LOGIN',
|
|
'mail_smtphost' => '{{MAIL_SMTPHOST}}',
|
|
'mail_smtpmode' => 'smtp',
|
|
'mail_smtpname' => '{{MAIL_SMTPNAME}}',
|
|
'mail_smtppassword' => '{{MAIL_SMTPPASSWORD}}',
|
|
'mail_smtpport' => '587',
|
|
'mail_smtpsecure' => 'tls',
|
|
'mail_template_class' => 'OCA\DriveEmailTemplate\EMailTemplate',
|
|
'mysql.utf8mb4' => true,
|
|
'overwritehost' => '{{SITE_NAME}}',
|
|
'overwrite.cli.url' => 'https://{{SITE_NAME}}',
|
|
'templatedirectory' => '',
|
|
'skeletondirectory' => '',
|
|
'twofactor_enforced' => 'true',
|
|
'twofactor_enforced_groups' =>
|
|
array (
|
|
0 => 'admin',
|
|
),
|
|
'version' => '{{NEXTCLOUD_VERSION_STRING}}',
|
|
'app_install_overwrite' =>
|
|
array (
|
|
0 => 'globalsiteselector',
|
|
),
|
|
|
|
);
|