nextcloud
installed new nextcloud, errors with Content Security Policy
Describe your Issue
Installed a new helm chart for nextcloud and now i am facing this issue
this didnt happen in an old version that i had installed before. i re-used most of the same configuration from an old deployment in the same enviroment.
this error is preventing me from enabling apps and other stuff.
In the values file you can see i already tried some fixes i found in the web (like overwriteprotocol flag)
Logs and Errors
Refused to connect to 'http://domain.com/remote.php/dav/' because it violates the following Content Security Policy directive: "connect-src 'self'".
overview:1 Refused to connect to 'http://domain.com/index.php/.well-known/webfinger' because it violates the following Content Security Policy directive: "connect-src 'self'".
overview:1 Refused to connect to 'http://domain.com/remote.php/dav/' because it violates the following Content Security Policy directive: "connect-src 'self'".
overview:1 Refused to connect to 'http://domain.com/index.php/.well-known/nodeinfo' because it violates the following Content Security Policy directive: "connect-src 'self'".
Describe your Environment
-
Kubernetes distribution: k3s v1.27
-
Helm Version (or App that manages helm): latest helm
-
Helm Chart Version: 4.6.6
-
values.yaml:
image:
repository: nextcloud
flavor: fpm
tag:
pullPolicy: IfNotPresent
replicaCount: 1
ingress:
enabled: true
className: traefik
annotations:
traefik.ingress.kubernetes.io/router.middlewares: nextcloud-add-hsts-header@kubernetescrd
cert-manager.io/cluster-issuer: cluster-issuer
tls:
- secretName: nextcloud.domain.com-tls
hosts:
- nextcloud.domain.com
phpClientHttpsFix:
enabled: true
protocol: https
nextcloud:
host: nextcloud.domain.com
username: changeme
password: changeme
update: 0
containerPort: 80
datadir: /var/www/html/data
phpConfigs: {}
defaultConfigs:
.htaccess: true
redis.config.php: true
apache-pretty-urls.config.php: true
apcu.config.php: true
apps.config.php: true
autoconfig.php: true
smtp.config.php: true
configs:
login.config.php: |-
<?php
$CONFIG = array (
'social_login_auto_redirect' => true
);
proxy.config.php: |-
<?php
$CONFIG = array (
'trusted_proxies' => array(
0 => '127.0.0.1',
1 => '10.0.0.0/8',
),
'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR'),
'overwriteprotocol' => 'https',
'overwrite.cli.url' => 'https://nextcloud.domain.com',
);
nginx:
enabled: true
image:
repository: nginx
tag: alpine
pullPolicy: IfNotPresent
config:
default: true
internalDatabase:
enabled: false
externalDatabase:
enabled: false
mariadb:
enabled: false
postgresql:
enabled: true
global:
postgresql:
auth:
username: nextcloud
password: changeme
database: nextcloud
postgresPassword: changeme
primary:
persistence:
enabled: true
startupProbe:
enabled: true
initialDelaySeconds: 30
redis:
enabled: true
architecture: standalone
auth:
enabled: true
password: "changeme"
cronjob:
enabled: true
service:
type: ClusterIP
port: 8080
persistence:
enabled: true
Hmmm, I've not seen this one before, but I don't use traefik personally. Do you have the ability to try with ingress-nginx? With nginx, we recommend some of these annotations: https://github.com/nextcloud/helm/tree/main/charts/nextcloud#service-discovery-with-nginx-and-ingress
