Skip to content

Release 1.4.0
Compare
Choose a tag to compare
@GuyPaddock GuyPaddock released this 06 Jun 17:43
· 379 commits to develop since this release
v1.4.0
152eb04

Important Upgrade Notes

Drop ReplicaCount

As with any upgrade to this kit, you must set NEXTCLOUD_REPLICA_COUNT to 1 before doing the upgrade, or it will fail. The Nextcloud configuration file is only writable with a replica count of 1. It is never recommended to attempt an installation or upgrade with NEXTCLOUD_REPLICA_COUNT > 1 as multiple pods may attempt to upgrade at the same time.

Required Steps for Redis

  • Before upgrading your cluster to this version, you must switch the appropriate K8s namespace and run ./deploy_redis_app.sh to deploy a Redis instance to the cluster.
  • After upgrading to this version (and confirming that everything is working), you no longer need an Azure Cache for Redis instance. Be sure to remove it from your Azure account through the Azure portal so you aren't getting billed for it anymore.

App Updates

The recommended versions of apps are included in config.example.env. If you want to upgrade your image to these versions, you will need to manually copy over the updated URLs to your NEXTCLOUD_CUSTOM_APPS variable in your own config.env file before publishing your v1.4.0 images to ACR.

New Relic Updates

New Relic Agent 8.5.0.235 is no longer available on the New Relic server. The NEW_RELIC_AGENT_URL variable in config.example.env has been updated to point to 8.7.0.242 instead. If you want New Relic to work in your images, you will need to update the NEW_RELIC_AGENT_URL variable in your own config.env file before publishing your v1.4.0 images to ACR.

Full Changelog

Enhancements

  • Update to Nextcloud 15.0.8 (from 15.0.7).
  • Switch to Redis in the AKS cluster instead of Azure Cache for Redis with Stunnel (see upgrade notes).
  • Update default app versions:
    • files_antivirus (2.0.1 -> 2.1.1)
    • files_automatedtagging (1.6.0 -> 1.5.0) **DOWNGRADE** since 1.6.0 is not actually compatible with NC 15.x
    • music (0.9.4 -> 0.9.5)
    • ownbackup (18.11.10 -> 19.5.0)
    • owncloud-checksum (0.4.2 -> 0.4.3)
    • user_external (0.6.1 -> 0.6.3)
    • user_saml (2.2.0 -> 2.3.1)
  • Update to New Relic Agent 8.7.0.242 by default.
  • Increase liveness failure threshold on Nextcloud pods from 3 failed checks to 12, to give upgrade scripts up to two minutes to perform app and Nextcloud updates. Also gives pods more of a chance to recover from failure before being restarted.
  • Disable file-based response buffering on Nginx to improve stability of large downloads.
  • Added a K8s configuration for deploying an Ubuntu utility image inside an NC cluster, purely for diagnostic purposes. (This config can be manually deployed with ./deploy_ubuntu_diag_app.sh).
  • Minor inline + README documentation clean-up.

Bug fixes

  • Fix Apache HTTPS and client IP handling if behind ingress.
  • Correct the site base URL from "/index.php" to "/" when running on Apache.

Security Notes

The Apache and NGinx images in this kit are configured to implicitly trust the HTTP_X_Forwarded_Proto HTTP request header. As long as you are using this resource kit as intended -- with Nextcloud running internally and only accessible through an HTTPS-only ingress controller, this is safe. However, if you are not, this setup may have security implications for you; especially if the Nextcloud service is exposed directly to the internet via a LoadBalancer service type on port 80. This is because it may make it easier for an attacker to perform a man-in-the-middle attack over an insecure connection with your Nextcloud deployment while tricking your deployment into thinking that the connection is secure.

It is never a good idea to run Nextcloud over an unencrypted connection. When possible, use an ingress controller that automatically handles SSL setup for you.

Assets 2
Loading