nextcloud
Could not check that the data directory is protected
Describe your Issue
after installing with the helm chart I get a multitude of errors on this page: https://nextcloud.example.com/settings/admin/overview
Logs and Errors
Could not check that the data directory is protected. Please check manually that your server does not allow access to the data directory. To allow this check to run you have to make sure that your Web server can connect to itself. Therefore it must be able to resolve and connect to at least one of its trusted_domains or the overwrite.cli.url. This failure may be the result of a server-side DNS mismatch or outbound firewall rule.
Your webserver is not set up to serve .js.map files. Without these files, JavaScript Source Maps won't function properly, making it more challenging to troubleshoot and debug any issues that may arise.
Unable to run check for JavaScript support. Please remedy or confirm manually if your webserver serves .mjs files using the JavaScript MIME type. To allow this check to run you have to make sure that your Web server can connect to itself. Therefore it must be able to resolve and connect to at least one of its trusted_domains or the overwrite.cli.url. This failure may be the result of a server-side DNS mismatch or outbound firewall rule.
Could not check if your web server properly resolves the OCM and OCS provider URLs. To allow this check to run you have to make sure that your Web server can connect to itself. Therefore it must be able to resolve and connect to at least one of its trusted_domains or the overwrite.cli.url. This failure may be the result of a server-side DNS mismatch or outbound firewall rule.
One or more mimetype migrations are available. Occasionally new mimetypes are added to better handle certain file types. Migrating the mimetypes take a long time on larger instances so this is not done automatically during upgrades. Use the command occ maintenance:repair --include-expensive to perform the migrations.
Detected some missing optional indices. Occasionally new indices are added (by Nextcloud or installed applications) to improve database performance. Adding indices can sometimes take awhile and temporarily hurt performance so this is not done automatically during upgrades. Once the indices are added, queries to those tables should be faster. Use the command occ db:add-missing-indices to add them. Missing indices: "fs_storage_path_prefix" in table "filecache", "systag_by_objectid" in table "systemtag_object_mapping". For more details see the documentation ↗.
Could not check that your web server is properly set up to allow file synchronization over WebDAV. Please check manually. To allow this check to run you have to make sure that your Web server can connect to itself. Therefore it must be able to resolve and connect to at least one of its trusted_domains or the overwrite.cli.url. This failure may be the result of a server-side DNS mismatch or outbound firewall rule. For more details see the documentation ↗.
Could not check that your web server serves .well-known correctly. Please check manually. To allow this check to run you have to make sure that your Web server can connect to itself. Therefore it must be able to resolve and connect to at least one of its trusted_domains or the overwrite.cli.url. This failure may be the result of a server-side DNS mismatch or outbound firewall rule. For more details see the documentation ↗.
Could not check for otf loading support. Please check manually if your webserver serves .otf files. To allow this check to run you have to make sure that your Web server can connect to itself. Therefore it must be able to resolve and connect to at least one of its trusted_domains or the overwrite.cli.url. This failure may be the result of a server-side DNS mismatch or outbound firewall rule. For more details see the documentation ↗.
The database is used for transactional file locking. To enhance performance, please configure memcache, if available. For more details see the documentation ↗.
Could not check that your web server serves security headers correctly. Please check manually. For more details see the documentation ↗.
Describe your Environment
-
Kubernetes distribution: KinD
-
Helm Version (or App that manages helm):
helm version
version.BuildInfo{Version:"v3.17.0", GitCommit:"301108edc7ac2a8ba79e4ebf5701b0b6ce6a31e4", GitTreeState:"", GoVersion:"go1.23.5"}
argocd version
argocd: v2.13.1+unknown
BuildDate: 2024-11-21T01:49:20Z
GitCommit:
GitTreeState:
GitTag: 2.13.1
GoVersion: go1.23.3
Compiler: gc
Platform: linux/amd64
argocd-server: v2.13.2+dc43124
BuildDate: 2024-12-11T18:37:15Z
GitCommit: dc43124058130db9a747d141d86d7c2f4aac7bf9
GitTreeState: clean
GoVersion: go1.23.1
Compiler: gc
Platform: linux/amd64
Kustomize Version: v5.4.3 2024-07-19T16:40:33Z
Helm Version: v3.15.4+gfa9efb0
Kubectl Version: v0.31.0
Jsonnet Version: v0.20.0
- Helm Chart Version:
head -n2 Chart.yaml
apiVersion: v2
appVersion: 30.0.4
values.yaml:
https://github.com/joshuacox/argocd-tests/blob/main/example/nc/values.yaml
Additional context, if any
If you have mkcert installed and have run mkcert -install then you should be able to run this script to spin up an identical local cluster to test.
It seems this is common to many of the issues:
Therefore it must be able to resolve and connect to at least one of its trusted_domains or the overwrite.cli.url
I have added these configs to no avail:
extras.config.php: |-
<?php
$CONFIG = array (
'maintenance_window_start' => 1,
'default_phone_region' => 'US',
);
'trusted_proxies' =>
array(
0 => '127.0.0.1',
1 => '10.0.0.0/8',
),
'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR'),
'trusted_domains' =>
array(
0 => 'nextcloud.example.com',
),
);