Could not check that the data directory is protected

[joshuacox]

Describe your Issue

after installing with the helm chart I get a multitude of errors on this page: https://nextcloud.example.com/settings/admin/overview

Logs and Errors

Could not check that the data directory is protected. Please check manually that your server does not allow access to the data directory. To allow this check to run you have to make sure that your Web server can connect to itself. Therefore it must be able to resolve and connect to at least one of its trusted_domains or the overwrite.cli.url. This failure may be the result of a server-side DNS mismatch or outbound firewall rule.
Your webserver is not set up to serve .js.map files. Without these files, JavaScript Source Maps won't function properly, making it more challenging to troubleshoot and debug any issues that may arise.
Unable to run check for JavaScript support. Please remedy or confirm manually if your webserver serves .mjs files using the JavaScript MIME type. To allow this check to run you have to make sure that your Web server can connect to itself. Therefore it must be able to resolve and connect to at least one of its trusted_domains or the overwrite.cli.url. This failure may be the result of a server-side DNS mismatch or outbound firewall rule.
Could not check if your web server properly resolves the OCM and OCS provider URLs. To allow this check to run you have to make sure that your Web server can connect to itself. Therefore it must be able to resolve and connect to at least one of its trusted_domains or the overwrite.cli.url. This failure may be the result of a server-side DNS mismatch or outbound firewall rule.
One or more mimetype migrations are available. Occasionally new mimetypes are added to better handle certain file types. Migrating the mimetypes take a long time on larger instances so this is not done automatically during upgrades. Use the command occ maintenance:repair --include-expensive to perform the migrations.
Detected some missing optional indices. Occasionally new indices are added (by Nextcloud or installed applications) to improve database performance. Adding indices can sometimes take awhile and temporarily hurt performance so this is not done automatically during upgrades. Once the indices are added, queries to those tables should be faster. Use the command occ db:add-missing-indices to add them. Missing indices: "fs_storage_path_prefix" in table "filecache", "systag_by_objectid" in table "systemtag_object_mapping". For more details see the documentation ↗.
Could not check that your web server is properly set up to allow file synchronization over WebDAV. Please check manually. To allow this check to run you have to make sure that your Web server can connect to itself. Therefore it must be able to resolve and connect to at least one of its trusted_domains or the overwrite.cli.url. This failure may be the result of a server-side DNS mismatch or outbound firewall rule. For more details see the documentation ↗.
Could not check that your web server serves .well-known correctly. Please check manually. To allow this check to run you have to make sure that your Web server can connect to itself. Therefore it must be able to resolve and connect to at least one of its trusted_domains or the overwrite.cli.url. This failure may be the result of a server-side DNS mismatch or outbound firewall rule. For more details see the documentation ↗.
Could not check for otf loading support. Please check manually if your webserver serves .otf files. To allow this check to run you have to make sure that your Web server can connect to itself. Therefore it must be able to resolve and connect to at least one of its trusted_domains or the overwrite.cli.url. This failure may be the result of a server-side DNS mismatch or outbound firewall rule. For more details see the documentation ↗.
The database is used for transactional file locking. To enhance performance, please configure memcache, if available. For more details see the documentation ↗.
Could not check that your web server serves security headers correctly. Please check manually. For more details see the documentation ↗.

Describe your Environment

• Kubernetes distribution: KinD

• Helm Version (or App that manages helm):

helm version
version.BuildInfo{Version:"v3.17.0", GitCommit:"301108edc7ac2a8ba79e4ebf5701b0b6ce6a31e4", GitTreeState:"", GoVersion:"go1.23.5"}
argocd version
argocd: v2.13.1+unknown
  BuildDate: 2024-11-21T01:49:20Z
  GitCommit: 
  GitTreeState: 
  GitTag: 2.13.1
  GoVersion: go1.23.3
  Compiler: gc
  Platform: linux/amd64
argocd-server: v2.13.2+dc43124
  BuildDate: 2024-12-11T18:37:15Z
  GitCommit: dc43124058130db9a747d141d86d7c2f4aac7bf9
  GitTreeState: clean
  GoVersion: go1.23.1
  Compiler: gc
  Platform: linux/amd64
  Kustomize Version: v5.4.3 2024-07-19T16:40:33Z
  Helm Version: v3.15.4+gfa9efb0
  Kubectl Version: v0.31.0
  Jsonnet Version: v0.20.0

• Helm Chart Version:

head -n2 Chart.yaml 
apiVersion: v2
appVersion: 30.0.4

• values.yaml:

https://github.com/joshuacox/argocd-tests/blob/main/example/nc/values.yaml

Additional context, if any

If you have mkcert installed and have run mkcert -install then you should be able to run this script to spin up an identical local cluster to test.

[joshuacox]

It seems this is common to many of the issues:

Therefore it must be able to resolve and connect to at least one of its trusted_domains or the overwrite.cli.url

I have added these configs to no avail:

    extras.config.php: |-
      <?php
      $CONFIG = array (
        'maintenance_window_start' => 1,
        'default_phone_region' => 'US',
      );

        'trusted_proxies' =>
        array(
        0 => '127.0.0.1',
        1 => '10.0.0.0/8',
        ),
        'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR'),

        'trusted_domains' =>
        array(
        0 => 'nextcloud.example.com',
        ),
      );