From 039bd42592b559f1b3a9ed2e066117598e0bf0a4 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 13 Apr 2026 15:54:10 +0000 Subject: [PATCH] feat: add AIO_LOG_LEVEL env to configure log level across all main containers Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/cd05ca56-d0e8-4260-988b-a7cc0747beff Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com> --- Containers/apache/start.sh | 29 ++++++++++- Containers/borgbackup/start.sh | 33 ++++++++++++ Containers/clamav/start.sh | 36 +++++++++++++- Containers/docker-socket-proxy/haproxy.cfg | 1 + Containers/docker-socket-proxy/start.sh | 13 ++++- Containers/domaincheck/start.sh | 10 ++++ Containers/mastercontainer/start.sh | 13 +++++ Containers/nextcloud/entrypoint.sh | 9 +++- Containers/nextcloud/start.sh | 10 ++++ Containers/notify-push/start.sh | 6 +++ Containers/postgresql/start.sh | 16 +++++- Containers/redis/start.sh | 13 ++++- Containers/talk-recording/start.sh | 10 +++- Containers/talk/start.sh | 18 ++++++- Containers/watchtower/start.sh | 7 ++- Containers/whiteboard/start.sh | 6 +++ compose.yaml | 1 + php/containers.json | 58 ++++++++++++++-------- php/src/Data/ConfigurationManager.php | 39 +++++++++++++++ readme.md | 4 ++ tests/QA/060-environmental-variables.md | 1 + 21 files changed, 300 insertions(+), 33 deletions(-) diff --git a/Containers/apache/start.sh b/Containers/apache/start.sh index 02a2f2ad..87787b35 100644 --- a/Containers/apache/start.sh +++ b/Containers/apache/start.sh @@ -36,6 +36,15 @@ else export PROTOCOL="https" fi +# Apply log level to Caddy and Apache httpd +case "${AIO_LOG_LEVEL:-warning}" in + debug) CADDY_LOG_LEVEL="DEBUG"; APACHE_LOG_LEVEL="debug" ;; + info) CADDY_LOG_LEVEL="INFO"; APACHE_LOG_LEVEL="info" ;; + warning) CADDY_LOG_LEVEL="WARN"; APACHE_LOG_LEVEL="warn" ;; + error) CADDY_LOG_LEVEL="ERROR"; APACHE_LOG_LEVEL="error" ;; + *) CADDY_LOG_LEVEL="WARN"; APACHE_LOG_LEVEL="warn" ;; +esac + # Change the auto_https in case of reverse proxies if [ "$APACHE_PORT" != '443' ]; then CADDYFILE="$(sed 's|auto_https.*|auto_https off|' /Caddyfile)" @@ -44,6 +53,10 @@ else fi echo "$CADDYFILE" > /tmp/Caddyfile +# Apply Caddy log level +CADDYFILE="$(sed "s|level [A-Z]*|level $CADDY_LOG_LEVEL|" /tmp/Caddyfile)" +echo "$CADDYFILE" > /tmp/Caddyfile + # Change the trusted_proxies in case of reverse proxies if [ "$APACHE_PORT" != '443' ]; then # Here the 100.64.0.0/10 range gets added which is the CGNAT range used by Tailscale nodes @@ -74,4 +87,18 @@ fi # Fix apache startup rm -f /usr/local/apache2/logs/httpd.pid -exec "$@" +# Apply Apache httpd log level +sed -i "s|LogLevel [a-z]*|LogLevel $APACHE_LOG_LEVEL|" /usr/local/apache2/conf/nextcloud.conf + +# Apply supervisord log level (supervisord.conf is not writable by this user, so use /tmp copy) +case "${AIO_LOG_LEVEL:-warning}" in + debug) SUPERVISORD_LOG_LEVEL="debug" ;; + info) SUPERVISORD_LOG_LEVEL="info" ;; + warning) SUPERVISORD_LOG_LEVEL="warn" ;; + error) SUPERVISORD_LOG_LEVEL="error" ;; + *) SUPERVISORD_LOG_LEVEL="warn" ;; +esac +cp /supervisord.conf /tmp/supervisord.conf +sed -i "s|loglevel=.*|loglevel=$SUPERVISORD_LOG_LEVEL|" /tmp/supervisord.conf + +exec /usr/bin/supervisord -c /tmp/supervisord.conf diff --git a/Containers/borgbackup/start.sh b/Containers/borgbackup/start.sh index bb7a8a6a..49a69e39 100644 --- a/Containers/borgbackup/start.sh +++ b/Containers/borgbackup/start.sh @@ -4,6 +4,39 @@ export MOUNT_DIR="/mnt/borgbackup" export BORG_BACKUP_DIRECTORY="$MOUNT_DIR/borg" # necessary even when remote to store the aio-lockfile +# Map AIO_LOG_LEVEL to a Python logging config for borg (via BORG_LOGGING_CONF) +case "${AIO_LOG_LEVEL:-warning}" in + debug) BORG_PYTHON_LOG_LEVEL="DEBUG" ;; + info) BORG_PYTHON_LOG_LEVEL="INFO" ;; + warning) BORG_PYTHON_LOG_LEVEL="WARNING" ;; + error) BORG_PYTHON_LOG_LEVEL="ERROR" ;; + *) BORG_PYTHON_LOG_LEVEL="WARNING" ;; +esac +cat > /tmp/borg-logging.conf << EOF +[loggers] +keys=root + +[handlers] +keys=console + +[formatters] +keys=simple + +[logger_root] +level=$BORG_PYTHON_LOG_LEVEL +handlers=console + +[handler_console] +class=StreamHandler +level=$BORG_PYTHON_LOG_LEVEL +formatter=simple +args=(sys.stderr,) + +[formatter_simple] +format=%(message)s +EOF +export BORG_LOGGING_CONF=/tmp/borg-logging.conf + # Validate BORG_PASSWORD if [ -z "$BORG_PASSWORD" ] && [ -z "$BACKUP_RESTORE_PASSWORD" ]; then echo "Neither BORG_PASSWORD nor BACKUP_RESTORE_PASSWORD are set." diff --git a/Containers/clamav/start.sh b/Containers/clamav/start.sh index 609120c1..8721bf35 100644 --- a/Containers/clamav/start.sh +++ b/Containers/clamav/start.sh @@ -3,6 +3,40 @@ # Print out clamav version for compliance reasons clamscan --version +# Apply AIO_LOG_LEVEL to ClamAV by copying the read-only config files to /tmp +# and applying the appropriate LogVerbose / Debug settings there. +# supervisord.conf is also copied so its loglevel can be adjusted. +cp /etc/clamav/clamd.conf /tmp/clamd.conf +cp /etc/clamav/freshclam.conf /tmp/freshclam.conf +cp /supervisord.conf /tmp/supervisord.conf + +# Point supervisord to the /tmp copies of the ClamAV configs +sed -i "s|/etc/clamav/clamd.conf|/tmp/clamd.conf|g" /tmp/supervisord.conf + +case "${AIO_LOG_LEVEL:-warning}" in + debug) + sed -i "s|#\?LogVerbose.*|LogVerbose yes|" /tmp/clamd.conf + sed -i "s|#\?Debug.*|Debug yes|" /tmp/clamd.conf + sed -i "s|#\?LogVerbose.*|LogVerbose yes|" /tmp/freshclam.conf + SUPERVISORD_LOG_LEVEL="debug" + ;; + info) + sed -i "s|#\?LogVerbose.*|LogVerbose yes|" /tmp/clamd.conf + sed -i "s|#\?Debug.*|Debug no|" /tmp/clamd.conf + sed -i "s|#\?LogVerbose.*|LogVerbose yes|" /tmp/freshclam.conf + SUPERVISORD_LOG_LEVEL="info" + ;; + warning|error|*) + sed -i "s|#\?LogVerbose.*|LogVerbose no|" /tmp/clamd.conf + sed -i "s|#\?Debug.*|Debug no|" /tmp/clamd.conf + sed -i "s|#\?LogVerbose.*|LogVerbose no|" /tmp/freshclam.conf + SUPERVISORD_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}" + # supervisord uses 'warn' not 'warning' + [ "$SUPERVISORD_LOG_LEVEL" = "warning" ] && SUPERVISORD_LOG_LEVEL="warn" + ;; +esac +sed -i "s|loglevel=.*|loglevel=$SUPERVISORD_LOG_LEVEL|" /tmp/supervisord.conf + echo "Clamav started" -exec "$@" +exec /usr/bin/supervisord -c /tmp/supervisord.conf diff --git a/Containers/docker-socket-proxy/haproxy.cfg b/Containers/docker-socket-proxy/haproxy.cfg index 632df434..0a349302 100644 --- a/Containers/docker-socket-proxy/haproxy.cfg +++ b/Containers/docker-socket-proxy/haproxy.cfg @@ -2,6 +2,7 @@ global maxconn 10 + # HAPROXY_LOG_PLACEHOLDER defaults timeout connect 30s diff --git a/Containers/docker-socket-proxy/start.sh b/Containers/docker-socket-proxy/start.sh index 657c914e..cdcb184b 100644 --- a/Containers/docker-socket-proxy/start.sh +++ b/Containers/docker-socket-proxy/start.sh @@ -8,7 +8,7 @@ done set -x IPv4_ADDRESS_NC="$(dig nextcloud-aio-nextcloud IN A +short +search | grep '^[0-9.]\+$' | sort | head -n1)" -HAPROXYFILE="$(sed "s|NC_IPV4_PLACEHOLDER|$IPv4_ADDRESS_NC|" /haproxy.cfg)" +HAPROXYFILE="$(sed "s|NC_IPV4_PLACEHOLDER|$IPv4_ADDRESS_NC|" /haproxy.cfg)" echo "$HAPROXYFILE" > /tmp/haproxy.cfg IPv6_ADDRESS_NC="$(dig nextcloud-aio-nextcloud AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)" @@ -18,6 +18,17 @@ else HAPROXYFILE="$(sed "s# || { src NC_IPV6_PLACEHOLDER }##g" /tmp/haproxy.cfg)" fi echo "$HAPROXYFILE" > /tmp/haproxy.cfg + +# Apply AIO_LOG_LEVEL as HAProxy global log directive +case "${AIO_LOG_LEVEL:-warning}" in + debug) HAPROXY_LOG_LEVEL="debug" ;; + info) HAPROXY_LOG_LEVEL="info" ;; + warning) HAPROXY_LOG_LEVEL="notice" ;; + error) HAPROXY_LOG_LEVEL="err" ;; + *) HAPROXY_LOG_LEVEL="notice" ;; +esac +HAPROXYFILE="$(sed "s|# HAPROXY_LOG_PLACEHOLDER|log stdout format raw local0 $HAPROXY_LOG_LEVEL|" /tmp/haproxy.cfg)" +echo "$HAPROXYFILE" > /tmp/haproxy.cfg set +x haproxy -f /tmp/haproxy.cfg -db diff --git a/Containers/domaincheck/start.sh b/Containers/domaincheck/start.sh index 06c0aef2..afa1d435 100644 --- a/Containers/domaincheck/start.sh +++ b/Containers/domaincheck/start.sh @@ -14,6 +14,16 @@ fi CONF_FILE="$(sed "s|ipv6-placeholder|\[::\]:$APACHE_PORT|" /lighttpd.conf)" echo "$CONF_FILE" > /etc/lighttpd/lighttpd.conf +# Enable verbose debug logging when AIO_LOG_LEVEL is set to debug +if [ "${AIO_LOG_LEVEL:-warning}" = "debug" ]; then + { + echo 'debug.log-request-handling = "enable"' + echo 'debug.log-response-header = "enable"' + echo 'debug.log-request-header = "enable"' + echo 'debug.log-condition-handling = "enable"' + } >> /etc/lighttpd/lighttpd.conf +fi + # Check config file lighttpd -tt -f /etc/lighttpd/lighttpd.conf diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh index aaec638c..03984b90 100644 --- a/Containers/mastercontainer/start.sh +++ b/Containers/mastercontainer/start.sh @@ -396,6 +396,19 @@ if [ -d "/mnt/docker-aio-config/caddy/locks" ]; then rm -rf /mnt/docker-aio-config/caddy/locks/* fi +# Apply log level to Caddyfiles, supervisord and PHP-FPM +case "${AIO_LOG_LEVEL:-warning}" in + debug) CADDY_LOG_LEVEL="DEBUG"; SUPERVISORD_LOG_LEVEL="debug"; PHP_FPM_LOG_LEVEL="debug" ;; + info) CADDY_LOG_LEVEL="INFO"; SUPERVISORD_LOG_LEVEL="info"; PHP_FPM_LOG_LEVEL="notice" ;; + warning) CADDY_LOG_LEVEL="WARN"; SUPERVISORD_LOG_LEVEL="warn"; PHP_FPM_LOG_LEVEL="warning" ;; + error) CADDY_LOG_LEVEL="ERROR"; SUPERVISORD_LOG_LEVEL="error"; PHP_FPM_LOG_LEVEL="error" ;; + *) CADDY_LOG_LEVEL="WARN"; SUPERVISORD_LOG_LEVEL="warn"; PHP_FPM_LOG_LEVEL="warning" ;; +esac +sed -i "s|level [A-Z]*|level $CADDY_LOG_LEVEL|" /acme.Caddyfile +sed -i "s|level [A-Z]*|level $CADDY_LOG_LEVEL|" /internal.Caddyfile +sed -i "s|loglevel=.*|loglevel=$SUPERVISORD_LOG_LEVEL|" /supervisord.conf +printf '[global]\nlog_level = %s\n' "$PHP_FPM_LOG_LEVEL" > /usr/local/etc/php-fpm.d/z-aio-log-level.conf + # Fix the Caddyfile format caddy fmt --overwrite /acme.Caddyfile caddy fmt --overwrite /internal.Caddyfile diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh index 912a1399..bec58ced 100644 --- a/Containers/nextcloud/entrypoint.sh +++ b/Containers/nextcloud/entrypoint.sh @@ -437,7 +437,14 @@ EOF # Apply log settings echo "Applying default settings..." mkdir -p /var/www/html/data - php /var/www/html/occ config:system:set loglevel --value="2" --type=integer + case "${AIO_LOG_LEVEL:-warning}" in + debug) NC_LOG_LEVEL=0 ;; + info) NC_LOG_LEVEL=1 ;; + warning) NC_LOG_LEVEL=2 ;; + error) NC_LOG_LEVEL=3 ;; + *) NC_LOG_LEVEL=2 ;; + esac + php /var/www/html/occ config:system:set loglevel --value="$NC_LOG_LEVEL" --type=integer php /var/www/html/occ config:system:set log_type --value="file" php /var/www/html/occ config:system:set logfile --value="/var/www/html/data/nextcloud.log" php /var/www/html/occ config:system:set log_rotate_size --value="10485760" --type=integer diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh index a5f38534..7d084435 100644 --- a/Containers/nextcloud/start.sh +++ b/Containers/nextcloud/start.sh @@ -172,4 +172,14 @@ if [ "$THIS_IS_AIO" = "true" ] && [ "$APACHE_PORT" = 443 ]; then fi set +x +# Apply AIO_LOG_LEVEL to supervisord (runs as root so file is writable) +case "${AIO_LOG_LEVEL:-warning}" in + debug) SUPERVISORD_LOG_LEVEL="debug" ;; + info) SUPERVISORD_LOG_LEVEL="info" ;; + warning) SUPERVISORD_LOG_LEVEL="warn" ;; + error) SUPERVISORD_LOG_LEVEL="error" ;; + *) SUPERVISORD_LOG_LEVEL="warn" ;; +esac +sed -i "s|loglevel=.*|loglevel=$SUPERVISORD_LOG_LEVEL|" /supervisord.conf + exec "$@" diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh index f4986ce6..e5956124 100644 --- a/Containers/notify-push/start.sh +++ b/Containers/notify-push/start.sh @@ -38,6 +38,12 @@ fi echo "notify-push was started" +# Map AIO_LOG_LEVEL to RUST_LOG (Rust uses 'warn' not 'warning') +case "${AIO_LOG_LEVEL:-warning}" in + warning) export RUST_LOG="warn" ;; + *) export RUST_LOG="${AIO_LOG_LEVEL:-warn}" ;; +esac + # Run it /var/www/html/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push \ --port 7867 \ diff --git a/Containers/postgresql/start.sh b/Containers/postgresql/start.sh index 551bb10e..ee9f1973 100644 --- a/Containers/postgresql/start.sh +++ b/Containers/postgresql/start.sh @@ -6,6 +6,15 @@ export DUMP_DIR="/mnt/data" DUMP_FILE="$DUMP_DIR/database-dump.sql" export PGPASSWORD="$POSTGRES_PASSWORD" +# Map AIO_LOG_LEVEL to PostgreSQL log_min_messages +case "${AIO_LOG_LEVEL:-warning}" in + debug) PG_LOG_LEVEL="DEBUG1" ;; + info) PG_LOG_LEVEL="INFO" ;; + warning) PG_LOG_LEVEL="WARNING" ;; + error) PG_LOG_LEVEL="ERROR" ;; + *) PG_LOG_LEVEL="WARNING" ;; +esac + # Don't start database as long as backup is running while [ -f "$DUMP_DIR/backup-is-running" ]; do echo "Waiting for backup container to finish..." @@ -82,7 +91,7 @@ if ( [ -f "$DATADIR/PG_VERSION" ] && [ "$PG_MAJOR" != "$(cat "$DATADIR/PG_VERSIO export PGPORT=11000 # Create new database - exec docker-entrypoint.sh postgres & + exec docker-entrypoint.sh postgres -c "log_min_messages=$PG_LOG_LEVEL" & # Wait for creation while ! psql -d "postgresql://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@127.0.0.1:11000/$POSTGRES_DB" -c "select now()"; do @@ -164,6 +173,9 @@ if [ -f "/var/lib/postgresql/data/postgresql.conf" ]; then sed -i 's|#log_checkpoints.*|log_checkpoints = off|' /var/lib/postgresql/data/postgresql.conf fi + # Set log level + sed -i "s|^#\?log_min_messages.*|log_min_messages = $PG_LOG_LEVEL|" "/var/lib/postgresql/data/postgresql.conf" + # Closing idling connections automatically seems to break any logic so was reverted again to default where it is disabled if grep -q "^idle_session_timeout" /var/lib/postgresql/data/postgresql.conf; then sed -i 's|^idle_session_timeout.*|#idle_session_timeout|' /var/lib/postgresql/data/postgresql.conf @@ -194,5 +206,5 @@ do_database_dump() { trap do_database_dump SIGINT SIGTERM # Start the database -exec docker-entrypoint.sh postgres & +exec docker-entrypoint.sh postgres -c "log_min_messages=$PG_LOG_LEVEL" & wait $! diff --git a/Containers/redis/start.sh b/Containers/redis/start.sh index 69764c1a..72d117b5 100644 --- a/Containers/redis/start.sh +++ b/Containers/redis/start.sh @@ -6,12 +6,21 @@ if [ "$(sysctl -n vm.overcommit_memory)" != "1" ]; then echo "See https://github.com/nextcloud/all-in-one/discussions/1731 how to enable overcommit" fi +# Map AIO_LOG_LEVEL to Redis log level +case "${AIO_LOG_LEVEL:-warning}" in + debug) REDIS_LOG_LEVEL="debug" ;; + info) REDIS_LOG_LEVEL="verbose" ;; + warning) REDIS_LOG_LEVEL="notice" ;; + error) REDIS_LOG_LEVEL="warning" ;; + *) REDIS_LOG_LEVEL="notice" ;; +esac + # Run redis with a password if provided echo "Redis has started" if [ -n "$REDIS_HOST_PASSWORD" ]; then - exec redis-server --requirepass "$REDIS_HOST_PASSWORD" --loglevel warning + exec redis-server --requirepass "$REDIS_HOST_PASSWORD" --loglevel "$REDIS_LOG_LEVEL" else - exec redis-server --loglevel warning + exec redis-server --loglevel "$REDIS_LOG_LEVEL" fi exec "$@" diff --git a/Containers/talk-recording/start.sh b/Containers/talk-recording/start.sh index b49e5e9c..6c5a4c9e 100644 --- a/Containers/talk-recording/start.sh +++ b/Containers/talk-recording/start.sh @@ -21,8 +21,14 @@ rm -fr /tmp/{*,.*} cat << RECORDING_CONF > "/conf/recording.conf" [logs] -# 30 means Warning -level = 30 +# 10=debug 20=info 30=warning 40=error +$(case "${AIO_LOG_LEVEL:-warning}" in + debug) echo "level = 10" ;; + info) echo "level = 20" ;; + warning) echo "level = 30" ;; + error) echo "level = 40" ;; + *) echo "level = 30" ;; +esac) [http] listen = 0.0.0.0:1234 diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh index 57344ee0..04c61ff6 100644 --- a/Containers/talk/start.sh +++ b/Containers/talk/start.sh @@ -66,7 +66,7 @@ eturnal: port: $TALK_PORT transport: tcp log_dir: stdout - log_level: warning + log_level: ${AIO_LOG_LEVEL:-warning} secret: "$TURN_SECRET" relay_ipv4_addr: "$IPv4_ADDRESS_TALK_RELAY" relay_ipv6_addr: "$IPv6_ADDRESS_TALK" @@ -129,4 +129,18 @@ maxstreambitrate = ${TALK_MAX_STREAM_BITRATE} maxscreenbitrate = ${TALK_MAX_SCREEN_BITRATE} SIGNALING_CONF -exec "$@" +# Apply AIO_LOG_LEVEL to supervisord and Janus debug level +# (supervisord.conf is not writable by this user, so use /tmp copy) +# Janus debug levels: 2=ERR, 3=WARN, 4=INFO, 7=DBG +case "${AIO_LOG_LEVEL:-warning}" in + debug) SUPERVISORD_LOG_LEVEL="debug"; JANUS_DEBUG_LEVEL=7 ;; + info) SUPERVISORD_LOG_LEVEL="info"; JANUS_DEBUG_LEVEL=4 ;; + warning) SUPERVISORD_LOG_LEVEL="warn"; JANUS_DEBUG_LEVEL=3 ;; + error) SUPERVISORD_LOG_LEVEL="error"; JANUS_DEBUG_LEVEL=2 ;; + *) SUPERVISORD_LOG_LEVEL="warn"; JANUS_DEBUG_LEVEL=3 ;; +esac +cp /supervisord.conf /tmp/supervisord.conf +sed -i "s|loglevel=.*|loglevel=$SUPERVISORD_LOG_LEVEL|" /tmp/supervisord.conf +sed -i "s|--debug-level [0-9]*|--debug-level $JANUS_DEBUG_LEVEL|" /tmp/supervisord.conf + +exec supervisord -c /tmp/supervisord.conf diff --git a/Containers/watchtower/start.sh b/Containers/watchtower/start.sh index cf16e7a4..7d2ea2f9 100644 --- a/Containers/watchtower/start.sh +++ b/Containers/watchtower/start.sh @@ -17,7 +17,12 @@ if [ -f /run/.containerenv ]; then fi if [ -n "$CONTAINER_TO_UPDATE" ]; then - exec /watchtower --cleanup --debug --run-once "$CONTAINER_TO_UPDATE" + # Map AIO_LOG_LEVEL to watchtower log level (watchtower uses 'warn' not 'warning') + case "${AIO_LOG_LEVEL:-warning}" in + warning) WATCHTOWER_LOG_LEVEL="warn" ;; + *) WATCHTOWER_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}" ;; + esac + exec /watchtower --cleanup --log-level "$WATCHTOWER_LOG_LEVEL" --run-once "$CONTAINER_TO_UPDATE" else echo "'CONTAINER_TO_UPDATE' is not set. Cannot update anything." exit 1 diff --git a/Containers/whiteboard/start.sh b/Containers/whiteboard/start.sh index e0babd7f..9e67f841 100644 --- a/Containers/whiteboard/start.sh +++ b/Containers/whiteboard/start.sh @@ -16,5 +16,11 @@ REDIS_HOST_PASSWORD="$(jq -rn --arg v "$REDIS_HOST_PASSWORD" '$v|@uri')" export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST:$REDIS_PORT/$REDIS_DB_INDEX" +# Map AIO_LOG_LEVEL to pino log level (pino uses 'warn' not 'warning') +case "${AIO_LOG_LEVEL:-warning}" in + warning) export LOG_LEVEL="warn" ;; + *) export LOG_LEVEL="${AIO_LOG_LEVEL:-warn}" ;; +esac + # Run it exec npm --prefix /app run server:start diff --git a/compose.yaml b/compose.yaml index e3286ea3..2b88a9b9 100644 --- a/compose.yaml +++ b/compose.yaml @@ -17,6 +17,7 @@ services: # security_opt: ["label:disable"] # Is needed when using SELinux. See https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled # environment: # Is needed when using any of the options below # AIO_DISABLE_BACKUP_SECTION: false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section + # AIO_LOG_LEVEL: warning # Adjusts the log level of all included containers. Allowed values are warning, error, info and debug. Defaults to warning. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-log-level # APACHE_PORT: 11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md # APACHE_IP_BINDING: 127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md # APACHE_ADDITIONAL_NETWORK: frontend_net # (Optional) Connect the apache container to an additional docker network. Needed when behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) running in a different docker network on same server. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md diff --git a/php/containers.json b/php/containers.json index 96346cfe..0977f10a 100644 --- a/php/containers.json +++ b/php/containers.json @@ -51,7 +51,8 @@ "APACHE_MAX_TIME=%NEXTCLOUD_MAX_TIME%", "NOTIFY_PUSH_HOST=nextcloud-aio-notify-push", "WHITEBOARD_HOST=nextcloud-aio-whiteboard", - "HARP_HOST=nextcloud-aio-harp" + "HARP_HOST=nextcloud-aio-harp", + "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%" ], "volumes": [ { @@ -121,7 +122,8 @@ "POSTGRES_DB=nextcloud_database", "POSTGRES_USER=nextcloud", "TZ=%TIMEZONE%", - "PGTZ=%TIMEZONE%" + "PGTZ=%TIMEZONE%", + "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%" ], "stop_grace_period": 1800, "restart": "unless-stopped", @@ -263,7 +265,8 @@ "WHITEBOARD_SECRET=%WHITEBOARD_SECRET%", "WHITEBOARD_ENABLED=%WHITEBOARD_ENABLED%", "HARP_ENABLED=%HARP_ENABLED%", - "HP_SHARED_KEY=%HP_SHARED_KEY%" + "HP_SHARED_KEY=%HP_SHARED_KEY%", + "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%" ], "stop_grace_period": 600, "restart": "unless-stopped", @@ -310,7 +313,8 @@ ], "environment": [ "NEXTCLOUD_HOST=nextcloud-aio-nextcloud", - "TZ=%TIMEZONE%" + "TZ=%TIMEZONE%", + "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%" ], "restart": "unless-stopped", "read_only": true, @@ -339,7 +343,8 @@ "internal_port": "6379", "environment": [ "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%", - "TZ=%TIMEZONE%" + "TZ=%TIMEZONE%", + "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%" ], "volumes": [ { @@ -380,7 +385,7 @@ "internal_port": "9980", "environment": [ "aliasgroup1=https://%NC_DOMAIN%:443,http://nextcloud-aio-apache.nextcloud-aio:23973", - "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+", + "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=%COLLABORA_LOG_LEVEL% --o:logging.level_startup=%COLLABORA_LOG_LEVEL% --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+", "dictionaries=%COLLABORA_DICTIONARIES%", "TZ=%TIMEZONE%", "server_name=%NC_DOMAIN%", @@ -450,7 +455,8 @@ "SIGNALING_SECRET=%SIGNALING_SECRET%", "TZ=%TIMEZONE%", "TALK_PORT=%TALK_PORT%", - "INTERNAL_SECRET=%TALK_INTERNAL_SECRET%" + "INTERNAL_SECRET=%TALK_INTERNAL_SECRET%", + "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%" ], "secrets": [ "TURN_SECRET", @@ -497,7 +503,8 @@ "NC_DOMAIN=%NC_DOMAIN%", "TZ=%TIMEZONE%", "RECORDING_SECRET=%RECORDING_SECRET%", - "INTERNAL_SECRET=%TALK_INTERNAL_SECRET%" + "INTERNAL_SECRET=%TALK_INTERNAL_SECRET%", + "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%" ], "volumes": [ { @@ -544,7 +551,8 @@ "ADDITIONAL_DIRECTORIES_BACKUP=%ADDITIONAL_DIRECTORIES_BACKUP%", "BORGBACKUP_HOST_LOCATION=%BORGBACKUP_HOST_LOCATION%", "BORG_HOST_ID=nextcloud-aio-borgbackup", - "BORG_RETENTION_POLICY=%BORG_RETENTION_POLICY%" + "BORG_RETENTION_POLICY=%BORG_RETENTION_POLICY%", + "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%" ], "volumes": [ { @@ -605,7 +613,8 @@ "image": "ghcr.io/nextcloud-releases/aio-watchtower", "init": true, "environment": [ - "CONTAINER_TO_UPDATE=nextcloud-aio-mastercontainer" + "CONTAINER_TO_UPDATE=nextcloud-aio-mastercontainer", + "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%" ], "volumes": [ { @@ -636,7 +645,8 @@ "internal_port": "%APACHE_PORT%", "environment": [ "INSTANCE_ID=%INSTANCE_ID%", - "APACHE_PORT=%APACHE_PORT%" + "APACHE_PORT=%APACHE_PORT%", + "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%" ], "secrets": [ "INSTANCE_ID" @@ -672,7 +682,8 @@ "internal_port": "3310", "environment": [ "TZ=%TIMEZONE%", - "MAX_SIZE=%NEXTCLOUD_UPLOAD_LIMIT%" + "MAX_SIZE=%NEXTCLOUD_UPLOAD_LIMIT%", + "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%" ], "volumes": [ { @@ -719,7 +730,9 @@ "TZ=%TIMEZONE%", "JWT_ENABLED=true", "JWT_HEADER=AuthorizationJwt", - "JWT_SECRET=%ONLYOFFICE_SECRET%" + "JWT_SECRET=%ONLYOFFICE_SECRET%", + "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%", + "LOG_LEVEL=%ONLYOFFICE_LOG_LEVEL%" ], "volumes": [ { @@ -760,7 +773,8 @@ "internal_port": "9000", "environment": [ "TZ=%TIMEZONE%", - "IMAGINARY_SECRET=%IMAGINARY_SECRET%" + "IMAGINARY_SECRET=%IMAGINARY_SECRET%", + "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%" ], "restart": "unless-stopped", "cap_add": [ @@ -805,11 +819,12 @@ "bootstrap.memory_lock=false", "cluster.name=nextcloud-aio", "discovery.type=single-node", - "logger.level=WARN", + "logger.level=%FULLTEXTSEARCH_LOG_LEVEL%", "http.port=9200", "xpack.license.self_generated.type=basic", "xpack.security.enabled=false", - "FULLTEXTSEARCH_PASSWORD=%FULLTEXTSEARCH_PASSWORD%" + "FULLTEXTSEARCH_PASSWORD=%FULLTEXTSEARCH_PASSWORD%", + "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%" ], "volumes": [ { @@ -837,7 +852,8 @@ "init": true, "internal_port": "2375", "environment": [ - "TZ=%TIMEZONE%" + "TZ=%TIMEZONE%", + "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%" ], "volumes": [ { @@ -868,9 +884,10 @@ "environment": [ "HP_SHARED_KEY=%HP_SHARED_KEY%", "NC_INSTANCE_URL=https://%NC_DOMAIN%", - "HP_LOG_LEVEL=warning", + "HP_LOG_LEVEL=%AIO_LOG_LEVEL%", "HP_FRP_DISABLE_TLS=true", - "TZ=%TIMEZONE%" + "TZ=%TIMEZONE%", + "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%" ], "secrets": [ "HP_SHARED_KEY" @@ -927,7 +944,8 @@ "REDIS_HOST=nextcloud-aio-redis", "REDIS_PORT=6379", "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%", - "BACKUP_DIR=/tmp" + "BACKUP_DIR=/tmp", + "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%" ], "secrets": [ "WHITEBOARD_SECRET", diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 30bcff98..a64e1b25 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -289,6 +289,41 @@ class ConfigurationManager set { $this->set('nextcloud_keep_disabled_apps', $value); } } + /** + * @throws InvalidSettingConfigurationException + */ + public string $aioLogLevel { + get => $this->getEnvironmentalVariableOrConfig('AIO_LOG_LEVEL', 'aio_log_level', 'warning'); + set { + $this->validateAioLogLevel($value); + $this->set('aio_log_level', $value); + } + } + + private function validateAioLogLevel(string $value) : void { + $allowedValues = ['warning', 'error', 'info', 'debug']; + if (!in_array($value, $allowedValues, true)) { + throw new InvalidSettingConfigurationException("Invalid log level '" . $value . "'. Allowed values are: " . implode(', ', $allowedValues)); + } + } + + private function getCollaboraLogLevel() : string { + return match ($this->aioLogLevel) { + 'info' => 'information', + default => $this->aioLogLevel, + }; + } + + private function getUppercaseLogLevel() : string { + return match ($this->aioLogLevel) { + 'warning' => 'WARN', + 'error' => 'ERROR', + 'info' => 'INFO', + 'debug' => 'DEBUG', + default => 'WARN', + }; + } + private function getConfig() : array { if ($this->config === [] && file_exists(DataConst::GetConfigFile())) @@ -1062,6 +1097,10 @@ class ConfigurationManager 'CADDY_IP_ADDRESS' => in_array('caddy', $this->aioCommunityContainers, true) ? gethostbyname('nextcloud-aio-caddy') : '', 'WHITEBOARD_ENABLED' => $this->isWhiteboardEnabled ? 'yes' : '', 'AIO_VERSION' => $this->getAioVersion(), + 'AIO_LOG_LEVEL' => $this->aioLogLevel, + 'COLLABORA_LOG_LEVEL' => $this->getCollaboraLogLevel(), + 'FULLTEXTSEARCH_LOG_LEVEL' => $this->getUppercaseLogLevel(), + 'ONLYOFFICE_LOG_LEVEL' => $this->getUppercaseLogLevel(), default => $this->getRegisteredSecret($placeholder), }; } diff --git a/readme.md b/readme.md index 771e1f1b..4fd499a5 100644 --- a/readme.md +++ b/readme.md @@ -240,6 +240,7 @@ https://your-domain-that-points-to-this-server.tld:8443 - [How to trust user-defined Certification Authorities (CA)?](#how-to-trust-user-defined-certification-authorities-ca) - [How to disable Collabora's Seccomp feature?](#how-to-disable-collaboras-seccomp-feature) - [How to adjust the Fulltextsearch Java options?](#how-to-adjust-the-fulltextsearch-java-options) + - [How to adjust the log level?](#how-to-adjust-the-log-level) - [Guides](#guides) - [How to run AIO on macOS?](#how-to-run-aio-on-macos) - [How to run AIO on Windows?](#how-to-run-aio-on-windows) @@ -609,6 +610,9 @@ The Collabora container enables Seccomp by default, which is a security feature ### How to adjust the Fulltextsearch Java options? The Fulltextsearch Java options are by default set to `-Xms512M -Xmx512M` which might not be enough on some systems. You can adjust this by adding e.g. `--env FULLTEXTSEARCH_JAVA_OPTIONS="-Xms1024M -Xmx1024M"` to the initial docker run command. If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used. +### How to adjust the log level? +The log level for all included containers is by default set to `warning`. You can adjust this by adding e.g. `--env AIO_LOG_LEVEL=error` to the initial docker run command. If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used. Allowed values are `warning`, `error`, `info` and `debug`. + ## Guides ### How to run AIO on macOS? diff --git a/tests/QA/060-environmental-variables.md b/tests/QA/060-environmental-variables.md index b984c0e3..9089a0c1 100644 --- a/tests/QA/060-environmental-variables.md +++ b/tests/QA/060-environmental-variables.md @@ -25,5 +25,6 @@ See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certificat - [ ] When starting the mastercontainer with `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true`, the resulting Nextcloud container should have the /dev/dri device mounted into the container. (Only works if a `/dev/dri` device is present on the host) - [ ] When starting the mastercontainer with `--env NEXTCLOUD_ENABLE_NVIDIA_GPU=true`, the resulting Nextcloud container should have the nvidia gpu device mounted into the container. (Only works if a Nvidia GPU and runtime is installed on the host) - [ ] When starting the mastercontainer with `--env NEXTCLOUD_KEEP_DISABLED_APPS=true` it should keep apps in Nextcloud that are disabled in the AIO interface. For example if Collabora is disabled in the AIO interface and you install the richdocuments app in Nextcloud, a restart should not uninstall the richdocuments app in Nextcloud anymore. +- [ ] When starting the mastercontainer with `--env AIO_LOG_LEVEL=debug` all included main containers should use their debug log level. Using any value other than `warning`, `error`, `info` or `debug` should not allow the mastercontainer to start correctly. You can now continue with [070-timezone-change.md](./070-timezone-change.md)