Comments (5)
But due to the fact that redis php is configured also here:
https://github.com/nextcloud/docker/blob/7a4823180dc0a8c7d92a5dfb20701b04770c5706/29/apache/entrypoint.sh#L123
and as you can see tcp://
is hardcoded ... not sure it could work no ?
from helm.
Hoi!
Looks like redis host is templated here:
helm/charts/nextcloud/templates/_helpers.tpl
Lines 215 to 231 in 1ae7421
And the redis config is templated here if you're using default (which you're not):
helm/charts/nextcloud/templates/config.yaml
Lines 32 to 48 in 1ae7421
And your custom redis config would be templated here:
helm/charts/nextcloud/templates/config.yaml
Lines 12 to 15 in 1ae7421
According to the above, it should allow your override, unless I'm missing something (which I could be).
Digging a bit further into this...
It looks like redis ssl support in nextcloud/server was added here 3 years ago: nextcloud/server@ed10d85
but it doesn't look like the ssl_context
options were passed in to the configs above or the one in nextcloud/docker here.
The config.sample.php
for redis under the ssl section in the official nextcloud/server repo shows you may need an additional section. I've included the samples below for you to reference:
click for config.sample.php
redis sections
/**
* Connection details for redis to use for memory caching in a single server configuration.
*
* For enhanced security it is recommended to configure Redis
* to require a password. See http://redis.io/topics/security
* for more information.
*
* We also support redis SSL/TLS encryption as of version 6.
* See https://redis.io/topics/encryption for more information.
*/
'redis' => [
'host' => 'localhost', // can also be a unix domain socket: '/tmp/redis.sock'
'port' => 6379,
'timeout' => 0.0,
'read_timeout' => 0.0,
'user' => '', // Optional: if not defined, no password will be used.
'password' => '', // Optional: if not defined, no password will be used.
'dbindex' => 0, // Optional: if undefined SELECT will not run and will use Redis Server's default DB Index.
// If redis in-transit encryption is enabled, provide certificates
// SSL context https://www.php.net/manual/en/context.ssl.php
'ssl_context' => [
'local_cert' => '/certs/redis.crt',
'local_pk' => '/certs/redis.key',
'cafile' => '/certs/ca.crt'
]
],
/**
* Connection details for a Redis Cluster.
*
* Redis Cluster support requires the php module phpredis in version 3.0.0 or
* higher.
*
* Available failover modes:
* - \RedisCluster::FAILOVER_NONE - only send commands to master nodes (default)
* - \RedisCluster::FAILOVER_ERROR - failover to slaves for read commands if master is unavailable (recommended)
* - \RedisCluster::FAILOVER_DISTRIBUTE - randomly distribute read commands across master and slaves
*
* WARNING: FAILOVER_DISTRIBUTE is a not recommended setting, and we strongly
* suggest to not use it if you use Redis for file locking. Due to the way Redis
* is synchronized it could happen, that the read for an existing lock is
* scheduled to a slave that is not fully synchronized with the connected master
* which then causes a FileLocked exception.
*
* See https://redis.io/topics/cluster-spec for details about the Redis cluster
*
* Authentication works with phpredis version 4.2.1+. See
* https://github.com/phpredis/phpredis/commit/c5994f2a42b8a348af92d3acb4edff1328ad8ce1
*/
'redis.cluster' => [
'seeds' => [ // provide some or all of the cluster servers to bootstrap discovery, port required
'localhost:7000',
'localhost:7001',
],
'timeout' => 0.0,
'read_timeout' => 0.0,
'failover_mode' => \RedisCluster::FAILOVER_ERROR,
'user' => '', // Optional: if not defined, no password will be used.
'password' => '', // Optional: if not defined, no password will be used.
// If redis in-transit encryption is enabled, provide certificates
// SSL context https://www.php.net/manual/en/context.ssl.php
'ssl_context' => [
'local_cert' => '/certs/redis.crt',
'local_pk' => '/certs/redis.key',
'cafile' => '/certs/ca.crt'
]
],
Perhaps you need to try passing in those ssl_context optons to your custom config? Let us know if that helps. Anyone else in the community familiar with this, please feel free to chime in.
from helm.
This config:
nextcloud:
defaultConfigs:
redis.config.php: false
configs:
redis.config.php: |-
<?php
$CONFIG = array (
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => "tls://nextcloud-wrapper-redis-master.default.svc.cluster.local",
'port' => getenv('REDIS_HOST_PORT') ?: 6379,
'password' => getenv('REDIS_HOST_PASSWORD'),
'ssl_context' => [
'verify_peer_name' => false
'local_cert' => '/certs/redis.crt',
'local_pk' => '/certs/redis.key',
'cafile' => '/certs/ca.crt',
],
),
);
extraEnv:
- name: PHP_MEMORY_LIMIT
value: 4096M
- name: PHP_UPLOAD_LIMIT
value: 16G
###### Shelve for now - in case we want to try TLS again
- name: REDIS_HOST_PASSWORD
value: changeme!
redis:
architecture: standalone
enabled: true
auth:
enabled: false
password: changeme!
tls:
enabled: true
authClients: true
autoGenerated: true
Produces this on the webpage itself
Internal Server Error
The server encountered an internal error and was unable to complete your request.
Please contact the server administrator if this error reappears multiple times, please include the technical details below in your report.
More details can be found in the webserver log.
<br />
<b>Parse error</b>: syntax error, unexpected single-quoted string "local_cert", expecting "]" in <b>/var/www/html/config/redis.config.php</b> on line <b>11</b><br />
The good news is that the override is getting interpreted by nextcloud, but I guess it doesn't know what to do with local_cert
?
from helm.
Ah. So fixing this would require changing the docker repo for dockerhub as well as this helm repo. Not sure where to open a feature request for this, or whether just this github issue will suffice
from helm.
Maybe we could add a way to override the entrypoint by mounting a ConfigMap ?
When I read this comment it's not sure we will be able to change the way.
The best proposal will be to not have this file managed by entrypoint but by a clean ConfigMap I think.
from helm.
Related Issues (20)
- Access through untrusted domain HOT 6
- Unable to configure the helm chart appropriately for preexisting empty postgres db HOT 5
- accessMode: ReadWriteMany prevents the application from starting HOT 4
- Unable to configure Redis Sentinel or Redis Cluster with official Helm, standalone Redis works fine HOT 3
- HPA not working "unknown/60%" HOT 1
- nginx containerPort confusion HOT 4
- Feature: Add persistence settings for redis HOT 2
- Discussion: state of helm-docs for generating sectioned documentation HOT 1
- Where is v4.6.5? HOT 2
- volumeMount and NFS mount clash when trying to use NFS for primary data storage HOT 8
- Accessed through an untrusted domain name HOT 1
- installed new nextcloud, errors with Content Security Policy HOT 1
- Your web server is not properly set up to resolve "/.well-known/caldav" or "/.well-known/carddav" HOT 6
- Running this chart configured with nginx causes incorrect redirects and CSP errors HOT 3
- HPA kills new pods instantly after creation HOT 5
- Android | DAVx5 autoconfig does not work | PROPFIND |405 Not Allowed
- Can't start Nextcloud because the version of the data (0.0.0.0) is higher than the docker image version () and downgrading is not supported. Are you sure you have pulled the newest image version? HOT 1
- Helm chart 4.6.8 does not work when using an external database for NextCloud. "key" is not defined. HOT 1
- Cannot disable packaged PostgreSQL HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from helm.