From 446d245a684583cc7f6e138444019c4fab781296 Mon Sep 17 00:00:00 2001
From: Arie Peterson <arie@greenhost.nl>
Date: Tue, 26 Jul 2022 17:13:44 +0200
Subject: [PATCH] Change nextcloud trusted_proxies to pod range

---
 templates/nextcloud-onlyoffice-config.yaml | 45 +++++++++++-----------
 1 file changed, 22 insertions(+), 23 deletions(-)

diff --git a/templates/nextcloud-onlyoffice-config.yaml b/templates/nextcloud-onlyoffice-config.yaml
index 6ea899c3..47881242 100644
--- a/templates/nextcloud-onlyoffice-config.yaml
+++ b/templates/nextcloud-onlyoffice-config.yaml
@@ -83,33 +83,32 @@ data:
     php $occ db:add-missing-primary-keys --no-interaction
     php $occ db:convert-filecache-bigint --no-interaction
 
-  #
   # All values in config.json are applied by the nextcloud occ command
   #   config:import.
-  # system.trusted_proxies contains a list of proxies that are considered
-  #   to be trusted. 10.43.0.0/16 contains all ip addresses that are
-  #   assigned to kubernetes services which includes the ip address of
-  #   the ingress service that functions as a proxy.
-  # system.overwriteprotocol overwrites the protocol of links that are
-  #   generated by nextcloud to HTTPS.
-  # apps.core.backgroundjobs_mode set to cron disables the unreliable ajax
-  #   scheduling that is enabled by default. Ajax scheduling is not needed
-  #   because cronjobs are regularly executed by a kubernetes resource.
-  #
   config.json: |
     {
-        "system":{
-            "trusted_proxies": "10.43.0.0/16",
-            "overwriteprotocol": "https",
-            "appstoreenabled": false,
-            "debug": {{ .Values.nextcloud.debug | quote }}
+      "system":{
+        # system.trusted_proxies contains a list of proxies that are considered
+        # to be trusted. 10.42.0.0/16 contains all ip addresses that are
+        # assigned to kubernetes pods which includes the ip address of
+        # the ingress controller pod that functions as a reverse proxy.
+        "trusted_proxies": "10.42.0.0/16",
+        # system.overwriteprotocol overwrites the protocol of links that are
+        # generated by nextcloud to HTTPS.
+        "overwriteprotocol": "https",
+        "appstoreenabled": false,
+        "debug": {{ .Values.nextcloud.debug | quote }}
+      },
+      "apps":{
+        "core":{
+          # apps.core.backgroundjobs_mode set to webcron disables the
+          # unreliable ajax scheduling that is enabled by default. Ajax
+          # scheduling is not needed because cronjobs are regularly executed by
+          # a kubernetes resource.
+          "backgroundjobs_mode": "webcron"
         },
-        "apps":{
-            "core":{
-                "backgroundjobs_mode": "webcron"
-            },
-            "onlyoffice":{
-                "sameTab": "true"
-            }
+        "onlyoffice":{
+          "sameTab": "true"
         }
+      }
     }
-- 
GitLab