Fix resources isues 22

2026-01-22 21:04:26 +01:00
parent ea48f52173
commit 6fdfff6488
4 changed files with 53 additions and 30 deletions
--- a/infrastructure/platform/mail/mailu-helm/prod/mailu-ingress.yaml
+++ b/infrastructure/platform/mail/mailu-helm/prod/mailu-ingress.yaml
@@ -9,29 +9,46 @@ metadata:
    environment: production
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-production
+    # Proxy settings for large attachments and long connections
    nginx.ingress.kubernetes.io/proxy-body-size: "100m"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
+    nginx.ingress.kubernetes.io/proxy-connect-timeout: "60"
+    # SSL redirect
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
-    # CRITICAL: Headers for Mailu compatibility to fix webmail redirect loop
+    # CRITICAL: Disable proxy buffering for webmail streaming/long-polling
+    # This prevents the "stuck loading" issue with Roundcube webmail
+    # Reference: https://github.com/Mailu/Mailu/issues/2850
+    nginx.ingress.kubernetes.io/proxy-buffering: "off"
+    nginx.ingress.kubernetes.io/proxy-request-buffering: "off"
+    # WebSocket support for webmail real-time features
+    nginx.ingress.kubernetes.io/proxy-http-version: "1.1"
+    nginx.ingress.kubernetes.io/upstream-hash-by: "$remote_addr"
+    # CRITICAL: Configuration snippet for Mailu header handling
+    # Fixes redirect loops by ensuring Mailu sees the correct protocol
+    # Reference: https://mailu.io/2.0/reverse.html
    nginx.ingress.kubernetes.io/configuration-snippet: |
-      # Set proper headers for Mailu
-      more_set_headers "X-Forwarded-Proto $scheme";
-      more_set_headers "X-Forwarded-Port $server_port";
-      more_set_headers "X-Original-Forwarded-For $http_x_forwarded_for";
+      # CRITICAL: Force X-Forwarded-Proto to https to prevent redirect loops
+      # Mailu's internal nginx checks this header to decide if redirect is needed
+      proxy_set_header X-Forwarded-Proto https;
+      proxy_set_header X-Forwarded-Port 443;
+      proxy_set_header X-Forwarded-Ssl on;

-      # Handle redirects properly to prevent loops for webmail
-      proxy_redirect https://$host https://$host;
-      proxy_redirect http://$host https://$host;
-
-      # Ensure proper host header
+      # Real IP headers for Mailu logging and rate limiting
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-      proxy_set_header X-Forwarded-Proto $scheme;
-    # Additional proxy settings for Mailu
-    nginx.ingress.kubernetes.io/proxy-set-headers: "X-Forwarded-Proto https"
+
+      # Fix redirects from Mailu internal services (admin, webmail)
+      # Don't add trailing slash to prevent 404 on redirects
+      proxy_redirect http://localhost https://$host;
+      proxy_redirect https://localhost https://$host;
+      proxy_redirect http://$host https://$host;
+
+      # Disable buffering for streaming responses (webmail)
+      proxy_buffering off;
+      proxy_cache off;
 spec:
  ingressClassName: nginx
  tls: