Release 1.4.0

Important Upgrade Notes

Drop ReplicaCount

As with any upgrade to this kit, you must set NEXTCLOUD_REPLICA_COUNT to 1 before doing the upgrade, or it will fail. The Nextcloud configuration file is only writable with a replica count of 1. It is never recommended to attempt an installation or upgrade with NEXTCLOUD_REPLICA_COUNT > 1 as multiple pods may attempt to upgrade at the same time.

Required Steps for Redis

• Before upgrading your cluster to this version, you must switch the appropriate K8s namespace and run ./deploy_redis_app.sh to deploy a Redis instance to the cluster.
• After upgrading to this version (and confirming that everything is working), you no longer need an Azure Cache for Redis instance. Be sure to remove it from your Azure account through the Azure portal so you aren't getting billed for it anymore.

App Updates

The recommended versions of apps are included in config.example.env. If you want to upgrade your image to these versions, you will need to manually copy over the updated URLs to your NEXTCLOUD_CUSTOM_APPS variable in your own config.env file before publishing your v1.4.0 images to ACR.

New Relic Updates

New Relic Agent 8.5.0.235 is no longer available on the New Relic server. The NEW_RELIC_AGENT_URL variable in config.example.env has been updated to point to 8.7.0.242 instead. If you want New Relic to work in your images, you will need to update the NEW_RELIC_AGENT_URL variable in your own config.env file before publishing your v1.4.0 images to ACR.

Full Changelog

Enhancements

• Update to Nextcloud 15.0.8 (from 15.0.7).
• Switch to Redis in the AKS cluster instead of Azure Cache for Redis with Stunnel (see upgrade notes).
• Update default app versions:
  • files_antivirus (2.0.1 -> 2.1.1)
  • files_automatedtagging (1.6.0 -> 1.5.0) **DOWNGRADE** since 1.6.0 is not actually compatible with NC 15.x
  • music (0.9.4 -> 0.9.5)
  • ownbackup (18.11.10 -> 19.5.0)
  • owncloud-checksum (0.4.2 -> 0.4.3)
  • user_external (0.6.1 -> 0.6.3)
  • user_saml (2.2.0 -> 2.3.1)
• Update to New Relic Agent 8.7.0.242 by default.
• Increase liveness failure threshold on Nextcloud pods from 3 failed checks to 12, to give upgrade scripts up to two minutes to perform app and Nextcloud updates. Also gives pods more of a chance to recover from failure before being restarted.
• Disable file-based response buffering on Nginx to improve stability of large downloads.
• Added a K8s configuration for deploying an Ubuntu utility image inside an NC cluster, purely for diagnostic purposes. (This config can be manually deployed with ./deploy_ubuntu_diag_app.sh).
• Minor inline + README documentation clean-up.

Bug fixes

• Fix Apache HTTPS and client IP handling if behind ingress.
• Correct the site base URL from "/index.php" to "/" when running on Apache.

Security Notes

The Apache and NGinx images in this kit are configured to implicitly trust the HTTP_X_Forwarded_Proto HTTP request header. As long as you are using this resource kit as intended -- with Nextcloud running internally and only accessible through an HTTPS-only ingress controller, this is safe. However, if you are not, this setup may have security implications for you; especially if the Nextcloud service is exposed directly to the internet via a LoadBalancer service type on port 80. This is because it may make it easier for an attacker to perform a man-in-the-middle attack over an insecure connection with your Nextcloud deployment while tricking your deployment into thinking that the connection is secure.

It is never a good idea to run Nextcloud over an unencrypted connection. When possible, use an ingress controller that automatically handles SSL setup for you.

Hotfix 1.3.1

Changes since 1.3.0:

• Fixed Helm Ingress Script References: Looks like references to preprocess_config.sh did not get updated when this add-on moved in the project.

Release 1.3.0

Changes since 1.2.1:

• Added the "Right click" app to the default list of apps.

Hotfix 1.2.1

Changes since v1.2.0:

• Updated to user_saml 2.2.0 to Fix SAML Authentication: This should hopefully fix the 500 Internal Server Error on /apps/user_saml/saml/acs. The error in the logs is preg_replace(): Compilation failed: invalid range in character class at offset 8, which appears related to nextcloud/user_saml#290 (which got purportedly got fixed in user_saml 2.2.0).

Release 1.2.0

Changes since v1.1.0:

• Upgrade to Nextcloud 15.0.7 from 15.0.5.
• Enhancements to Reduce Azure Storage I/O and System Load:
  • Scale Back Readiness Probe Frequency.
  • Cache Config Data for Up to 5 Minutes (up from 2 Minutes).
• Allow Files up to 1 TB to be Uploaded.
• Allow Release Tags to Specify Default Container Version via New VERSION File.

Release 1.1.0

Changes since v1.0.0:

• Ensure Context Gets Reset during (Re)Launch of aks browse
• Clarify Docs for the ACR Service Principle
• Allow Docker Images to Be Discovered Automatically during Publishing
• Clean-up, Combine, and Rename Related K8s Templates
• Helm Ingress Add-on: Increase Ingress Body Limit to 2 GB
• Add SFTP Add-on for Connecting to NC Azure Files Shares over SFTP
• Tidy up nextcloud-aci README
• Move Helm-deployed Ingress Controller into addons/ + Add Readme
• Add README for SFTP Add-on App
• Make Configuration Files Read-only when Replica Count > 1
• Make It Possible to Version Container Images
• Increase Log Level
• Automatically Update *.config.php Snippets During Container Launch
• Add Readiness and Liveness Probes
• Reduce CPU Requests by an Order of Magnitude
• Pin latest Images to Specific Versions + Stop Always Pulling
• Pin to Nginx Version 1.15.10 and Switch Nginx to Alpine

Full diff:
v1.0.0...v1.1.0

Release 1.0.0

Initial release. Consider this a beta for the moment.