feat: add AIO_LOG_LEVEL env to configure log level across all main containers

Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/cd05ca56-d0e8-4260-988b-a7cc0747beff

Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>

Containers/apache/start.sh

@@ -36,6 +36,15 @@ else
     export PROTOCOL="https"
 fi
 
+# Apply log level to Caddy and Apache httpd
+case "${AIO_LOG_LEVEL:-warning}" in
+    debug)   CADDY_LOG_LEVEL="DEBUG"; APACHE_LOG_LEVEL="debug" ;;
+    info)    CADDY_LOG_LEVEL="INFO";  APACHE_LOG_LEVEL="info" ;;
+    warning) CADDY_LOG_LEVEL="WARN";  APACHE_LOG_LEVEL="warn" ;;
+    error)   CADDY_LOG_LEVEL="ERROR"; APACHE_LOG_LEVEL="error" ;;
+    *)       CADDY_LOG_LEVEL="WARN";  APACHE_LOG_LEVEL="warn" ;;
+esac
+
 # Change the auto_https in case of reverse proxies
 if [ "$APACHE_PORT" != '443' ]; then
     CADDYFILE="$(sed 's|auto_https.*|auto_https off|' /Caddyfile)"
@@ -44,6 +53,10 @@ else
 fi
 echo "$CADDYFILE" > /tmp/Caddyfile
 
+# Apply Caddy log level
+CADDYFILE="$(sed "s|level [A-Z]*|level $CADDY_LOG_LEVEL|" /tmp/Caddyfile)"
+echo "$CADDYFILE" > /tmp/Caddyfile
+
 # Change the trusted_proxies in case of reverse proxies
 if [ "$APACHE_PORT" != '443' ]; then
     # Here the 100.64.0.0/10 range gets added which is the CGNAT range used by Tailscale nodes
@@ -74,4 +87,18 @@ fi
 # Fix apache startup
 rm -f /usr/local/apache2/logs/httpd.pid
 
-exec "$@"
+# Apply Apache httpd log level
+sed -i "s|LogLevel [a-z]*|LogLevel $APACHE_LOG_LEVEL|" /usr/local/apache2/conf/nextcloud.conf
+
+# Apply supervisord log level (supervisord.conf is not writable by this user, so use /tmp copy)
+case "${AIO_LOG_LEVEL:-warning}" in
+    debug)   SUPERVISORD_LOG_LEVEL="debug" ;;
+    info)    SUPERVISORD_LOG_LEVEL="info" ;;
+    warning) SUPERVISORD_LOG_LEVEL="warn" ;;
+    error)   SUPERVISORD_LOG_LEVEL="error" ;;
+    *)       SUPERVISORD_LOG_LEVEL="warn" ;;
+esac
+cp /supervisord.conf /tmp/supervisord.conf
+sed -i "s|loglevel=.*|loglevel=$SUPERVISORD_LOG_LEVEL|" /tmp/supervisord.conf
+
+exec /usr/bin/supervisord -c /tmp/supervisord.conf

Containers/borgbackup/start.sh

@@ -4,6 +4,39 @@
 export MOUNT_DIR="/mnt/borgbackup"
 export BORG_BACKUP_DIRECTORY="$MOUNT_DIR/borg"  # necessary even when remote to store the aio-lockfile
 
+# Map AIO_LOG_LEVEL to a Python logging config for borg (via BORG_LOGGING_CONF)
+case "${AIO_LOG_LEVEL:-warning}" in
+    debug)   BORG_PYTHON_LOG_LEVEL="DEBUG" ;;
+    info)    BORG_PYTHON_LOG_LEVEL="INFO" ;;
+    warning) BORG_PYTHON_LOG_LEVEL="WARNING" ;;
+    error)   BORG_PYTHON_LOG_LEVEL="ERROR" ;;
+    *)       BORG_PYTHON_LOG_LEVEL="WARNING" ;;
+esac
+cat > /tmp/borg-logging.conf << EOF
+[loggers]
+keys=root
+
+[handlers]
+keys=console
+
+[formatters]
+keys=simple
+
+[logger_root]
+level=$BORG_PYTHON_LOG_LEVEL
+handlers=console
+
+[handler_console]
+class=StreamHandler
+level=$BORG_PYTHON_LOG_LEVEL
+formatter=simple
+args=(sys.stderr,)
+
+[formatter_simple]
+format=%(message)s
+EOF
+export BORG_LOGGING_CONF=/tmp/borg-logging.conf
+
 # Validate BORG_PASSWORD
 if [ -z "$BORG_PASSWORD" ] && [ -z "$BACKUP_RESTORE_PASSWORD" ]; then
     echo "Neither BORG_PASSWORD nor BACKUP_RESTORE_PASSWORD are set."

Containers/clamav/start.sh

@@ -3,6 +3,40 @@
 # Print out clamav version for compliance reasons
 clamscan --version
 
+# Apply AIO_LOG_LEVEL to ClamAV by copying the read-only config files to /tmp
+# and applying the appropriate LogVerbose / Debug settings there.
+# supervisord.conf is also copied so its loglevel can be adjusted.
+cp /etc/clamav/clamd.conf /tmp/clamd.conf
+cp /etc/clamav/freshclam.conf /tmp/freshclam.conf
+cp /supervisord.conf /tmp/supervisord.conf
+
+# Point supervisord to the /tmp copies of the ClamAV configs
+sed -i "s|/etc/clamav/clamd.conf|/tmp/clamd.conf|g" /tmp/supervisord.conf
+
+case "${AIO_LOG_LEVEL:-warning}" in
+    debug)
+        sed -i "s|#\?LogVerbose.*|LogVerbose yes|" /tmp/clamd.conf
+        sed -i "s|#\?Debug.*|Debug yes|" /tmp/clamd.conf
+        sed -i "s|#\?LogVerbose.*|LogVerbose yes|" /tmp/freshclam.conf
+        SUPERVISORD_LOG_LEVEL="debug"
+        ;;
+    info)
+        sed -i "s|#\?LogVerbose.*|LogVerbose yes|" /tmp/clamd.conf
+        sed -i "s|#\?Debug.*|Debug no|" /tmp/clamd.conf
+        sed -i "s|#\?LogVerbose.*|LogVerbose yes|" /tmp/freshclam.conf
+        SUPERVISORD_LOG_LEVEL="info"
+        ;;
+    warning|error|*)
+        sed -i "s|#\?LogVerbose.*|LogVerbose no|" /tmp/clamd.conf
+        sed -i "s|#\?Debug.*|Debug no|" /tmp/clamd.conf
+        sed -i "s|#\?LogVerbose.*|LogVerbose no|" /tmp/freshclam.conf
+        SUPERVISORD_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
+        # supervisord uses 'warn' not 'warning'
+        [ "$SUPERVISORD_LOG_LEVEL" = "warning" ] && SUPERVISORD_LOG_LEVEL="warn"
+        ;;
+esac
+sed -i "s|loglevel=.*|loglevel=$SUPERVISORD_LOG_LEVEL|" /tmp/supervisord.conf
+
 echo "Clamav started"
 
-exec "$@"
+exec /usr/bin/supervisord -c /tmp/supervisord.conf

Containers/docker-socket-proxy/haproxy.cfg

@@ -2,6 +2,7 @@
 
 global
     maxconn 10
+    # HAPROXY_LOG_PLACEHOLDER
 
 defaults
     timeout connect 30s

Containers/docker-socket-proxy/start.sh

@@ -8,7 +8,7 @@ done
 
 set -x
 IPv4_ADDRESS_NC="$(dig nextcloud-aio-nextcloud IN A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
-HAPROXYFILE="$(sed "s|NC_IPV4_PLACEHOLDER|$IPv4_ADDRESS_NC|" /haproxy.cfg)" 
+HAPROXYFILE="$(sed "s|NC_IPV4_PLACEHOLDER|$IPv4_ADDRESS_NC|" /haproxy.cfg)"
 echo "$HAPROXYFILE" > /tmp/haproxy.cfg
 
 IPv6_ADDRESS_NC="$(dig nextcloud-aio-nextcloud AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
@@ -18,6 +18,17 @@ else
     HAPROXYFILE="$(sed "s# || { src NC_IPV6_PLACEHOLDER }##g" /tmp/haproxy.cfg)"
 fi
 echo "$HAPROXYFILE" > /tmp/haproxy.cfg
+
+# Apply AIO_LOG_LEVEL as HAProxy global log directive
+case "${AIO_LOG_LEVEL:-warning}" in
+    debug)   HAPROXY_LOG_LEVEL="debug" ;;
+    info)    HAPROXY_LOG_LEVEL="info" ;;
+    warning) HAPROXY_LOG_LEVEL="notice" ;;
+    error)   HAPROXY_LOG_LEVEL="err" ;;
+    *)       HAPROXY_LOG_LEVEL="notice" ;;
+esac
+HAPROXYFILE="$(sed "s|# HAPROXY_LOG_PLACEHOLDER|log stdout format raw local0 $HAPROXY_LOG_LEVEL|" /tmp/haproxy.cfg)"
+echo "$HAPROXYFILE" > /tmp/haproxy.cfg
 set +x
 
 haproxy -f /tmp/haproxy.cfg -db

Containers/domaincheck/start.sh

@@ -14,6 +14,16 @@ fi
 CONF_FILE="$(sed "s|ipv6-placeholder|\[::\]:$APACHE_PORT|" /lighttpd.conf)"
 echo "$CONF_FILE" > /etc/lighttpd/lighttpd.conf
 
+# Enable verbose debug logging when AIO_LOG_LEVEL is set to debug
+if [ "${AIO_LOG_LEVEL:-warning}" = "debug" ]; then
+    {
+        echo 'debug.log-request-handling = "enable"'
+        echo 'debug.log-response-header = "enable"'
+        echo 'debug.log-request-header = "enable"'
+        echo 'debug.log-condition-handling = "enable"'
+    } >> /etc/lighttpd/lighttpd.conf
+fi
+
 # Check config file
 lighttpd -tt -f /etc/lighttpd/lighttpd.conf
 

Containers/mastercontainer/start.sh

@@ -396,6 +396,19 @@ if [ -d "/mnt/docker-aio-config/caddy/locks" ]; then
     rm -rf /mnt/docker-aio-config/caddy/locks/*
 fi
 
+# Apply log level to Caddyfiles, supervisord and PHP-FPM
+case "${AIO_LOG_LEVEL:-warning}" in
+    debug)   CADDY_LOG_LEVEL="DEBUG";  SUPERVISORD_LOG_LEVEL="debug";  PHP_FPM_LOG_LEVEL="debug" ;;
+    info)    CADDY_LOG_LEVEL="INFO";   SUPERVISORD_LOG_LEVEL="info";   PHP_FPM_LOG_LEVEL="notice" ;;
+    warning) CADDY_LOG_LEVEL="WARN";   SUPERVISORD_LOG_LEVEL="warn";   PHP_FPM_LOG_LEVEL="warning" ;;
+    error)   CADDY_LOG_LEVEL="ERROR";  SUPERVISORD_LOG_LEVEL="error";  PHP_FPM_LOG_LEVEL="error" ;;
+    *)       CADDY_LOG_LEVEL="WARN";   SUPERVISORD_LOG_LEVEL="warn";   PHP_FPM_LOG_LEVEL="warning" ;;
+esac
+sed -i "s|level [A-Z]*|level $CADDY_LOG_LEVEL|" /acme.Caddyfile
+sed -i "s|level [A-Z]*|level $CADDY_LOG_LEVEL|" /internal.Caddyfile
+sed -i "s|loglevel=.*|loglevel=$SUPERVISORD_LOG_LEVEL|" /supervisord.conf
+printf '[global]\nlog_level = %s\n' "$PHP_FPM_LOG_LEVEL" > /usr/local/etc/php-fpm.d/z-aio-log-level.conf
+
 # Fix the Caddyfile format
 caddy fmt --overwrite /acme.Caddyfile
 caddy fmt --overwrite /internal.Caddyfile

Containers/nextcloud/entrypoint.sh

@@ -437,7 +437,14 @@ EOF
             # Apply log settings
             echo "Applying default settings..."
             mkdir -p /var/www/html/data
-            php /var/www/html/occ config:system:set loglevel --value="2" --type=integer
+            case "${AIO_LOG_LEVEL:-warning}" in
+                debug)   NC_LOG_LEVEL=0 ;;
+                info)    NC_LOG_LEVEL=1 ;;
+                warning) NC_LOG_LEVEL=2 ;;
+                error)   NC_LOG_LEVEL=3 ;;
+                *)       NC_LOG_LEVEL=2 ;;
+            esac
+            php /var/www/html/occ config:system:set loglevel --value="$NC_LOG_LEVEL" --type=integer
             php /var/www/html/occ config:system:set log_type --value="file"
             php /var/www/html/occ config:system:set logfile --value="/var/www/html/data/nextcloud.log"
             php /var/www/html/occ config:system:set log_rotate_size --value="10485760" --type=integer

Containers/nextcloud/start.sh

@@ -172,4 +172,14 @@ if [ "$THIS_IS_AIO" = "true" ] && [ "$APACHE_PORT" = 443 ]; then
 fi
 set +x
 
+# Apply AIO_LOG_LEVEL to supervisord (runs as root so file is writable)
+case "${AIO_LOG_LEVEL:-warning}" in
+    debug)   SUPERVISORD_LOG_LEVEL="debug" ;;
+    info)    SUPERVISORD_LOG_LEVEL="info" ;;
+    warning) SUPERVISORD_LOG_LEVEL="warn" ;;
+    error)   SUPERVISORD_LOG_LEVEL="error" ;;
+    *)       SUPERVISORD_LOG_LEVEL="warn" ;;
+esac
+sed -i "s|loglevel=.*|loglevel=$SUPERVISORD_LOG_LEVEL|" /supervisord.conf
+
 exec "$@"

Containers/notify-push/start.sh

@@ -38,6 +38,12 @@ fi
 
 echo "notify-push was started"
 
+# Map AIO_LOG_LEVEL to RUST_LOG (Rust uses 'warn' not 'warning')
+case "${AIO_LOG_LEVEL:-warning}" in
+    warning) export RUST_LOG="warn" ;;
+    *)       export RUST_LOG="${AIO_LOG_LEVEL:-warn}" ;;
+esac
+
 # Run it
 /var/www/html/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push \
     --port 7867 \

Containers/postgresql/start.sh

@@ -6,6 +6,15 @@ export DUMP_DIR="/mnt/data"
 DUMP_FILE="$DUMP_DIR/database-dump.sql"
 export PGPASSWORD="$POSTGRES_PASSWORD"
 
+# Map AIO_LOG_LEVEL to PostgreSQL log_min_messages
+case "${AIO_LOG_LEVEL:-warning}" in
+    debug)   PG_LOG_LEVEL="DEBUG1" ;;
+    info)    PG_LOG_LEVEL="INFO" ;;
+    warning) PG_LOG_LEVEL="WARNING" ;;
+    error)   PG_LOG_LEVEL="ERROR" ;;
+    *)       PG_LOG_LEVEL="WARNING" ;;
+esac
+
 # Don't start database as long as backup is running
 while [ -f "$DUMP_DIR/backup-is-running" ]; do
     echo "Waiting for backup container to finish..."
@@ -82,7 +91,7 @@ if ( [ -f "$DATADIR/PG_VERSION" ] && [ "$PG_MAJOR" != "$(cat "$DATADIR/PG_VERSIO
     export PGPORT=11000
 
     # Create new database
-    exec docker-entrypoint.sh postgres &
+    exec docker-entrypoint.sh postgres -c "log_min_messages=$PG_LOG_LEVEL" &
 
     # Wait for creation
     while ! psql -d "postgresql://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@127.0.0.1:11000/$POSTGRES_DB" -c "select now()"; do
@@ -164,6 +173,9 @@ if [ -f "/var/lib/postgresql/data/postgresql.conf" ]; then
         sed -i 's|#log_checkpoints.*|log_checkpoints = off|' /var/lib/postgresql/data/postgresql.conf
     fi
 
+    # Set log level
+    sed -i "s|^#\?log_min_messages.*|log_min_messages = $PG_LOG_LEVEL|" "/var/lib/postgresql/data/postgresql.conf"
+
     # Closing idling connections automatically seems to break any logic so was reverted again to default where it is disabled
     if grep -q "^idle_session_timeout" /var/lib/postgresql/data/postgresql.conf; then
         sed -i 's|^idle_session_timeout.*|#idle_session_timeout|' /var/lib/postgresql/data/postgresql.conf
@@ -194,5 +206,5 @@ do_database_dump() {
 trap do_database_dump SIGINT SIGTERM
 
 # Start the database
-exec docker-entrypoint.sh postgres &
+exec docker-entrypoint.sh postgres -c "log_min_messages=$PG_LOG_LEVEL" &
 wait $!

Containers/redis/start.sh

@@ -6,12 +6,21 @@ if [ "$(sysctl -n vm.overcommit_memory)" != "1" ]; then
     echo "See https://github.com/nextcloud/all-in-one/discussions/1731 how to enable overcommit"
 fi
 
+# Map AIO_LOG_LEVEL to Redis log level
+case "${AIO_LOG_LEVEL:-warning}" in
+    debug)   REDIS_LOG_LEVEL="debug" ;;
+    info)    REDIS_LOG_LEVEL="verbose" ;;
+    warning) REDIS_LOG_LEVEL="notice" ;;
+    error)   REDIS_LOG_LEVEL="warning" ;;
+    *)       REDIS_LOG_LEVEL="notice" ;;
+esac
+
 # Run redis with a password if provided
 echo "Redis has started"
 if [ -n "$REDIS_HOST_PASSWORD" ]; then
-    exec redis-server --requirepass "$REDIS_HOST_PASSWORD" --loglevel warning
+    exec redis-server --requirepass "$REDIS_HOST_PASSWORD" --loglevel "$REDIS_LOG_LEVEL"
 else
-    exec redis-server --loglevel warning
+    exec redis-server --loglevel "$REDIS_LOG_LEVEL"
 fi
 
 exec "$@"

Containers/talk-recording/start.sh

@@ -21,8 +21,14 @@ rm -fr /tmp/{*,.*}
 
 cat << RECORDING_CONF > "/conf/recording.conf"
 [logs]
-# 30 means Warning
-level = 30
+# 10=debug 20=info 30=warning 40=error
+$(case "${AIO_LOG_LEVEL:-warning}" in
+    debug)   echo "level = 10" ;;
+    info)    echo "level = 20" ;;
+    warning) echo "level = 30" ;;
+    error)   echo "level = 40" ;;
+    *)       echo "level = 30" ;;
+esac)
 
 [http]
 listen = 0.0.0.0:1234

Containers/talk/start.sh

@@ -66,7 +66,7 @@ eturnal:
       port: $TALK_PORT
       transport: tcp
   log_dir: stdout
-  log_level: warning
+  log_level: ${AIO_LOG_LEVEL:-warning}
   secret: "$TURN_SECRET"
   relay_ipv4_addr: "$IPv4_ADDRESS_TALK_RELAY"
   relay_ipv6_addr: "$IPv6_ADDRESS_TALK"
@@ -129,4 +129,18 @@ maxstreambitrate = ${TALK_MAX_STREAM_BITRATE}
 maxscreenbitrate = ${TALK_MAX_SCREEN_BITRATE}
 SIGNALING_CONF
 
-exec "$@"
+# Apply AIO_LOG_LEVEL to supervisord and Janus debug level
+# (supervisord.conf is not writable by this user, so use /tmp copy)
+# Janus debug levels: 2=ERR, 3=WARN, 4=INFO, 7=DBG
+case "${AIO_LOG_LEVEL:-warning}" in
+    debug)   SUPERVISORD_LOG_LEVEL="debug"; JANUS_DEBUG_LEVEL=7 ;;
+    info)    SUPERVISORD_LOG_LEVEL="info";  JANUS_DEBUG_LEVEL=4 ;;
+    warning) SUPERVISORD_LOG_LEVEL="warn";  JANUS_DEBUG_LEVEL=3 ;;
+    error)   SUPERVISORD_LOG_LEVEL="error"; JANUS_DEBUG_LEVEL=2 ;;
+    *)       SUPERVISORD_LOG_LEVEL="warn";  JANUS_DEBUG_LEVEL=3 ;;
+esac
+cp /supervisord.conf /tmp/supervisord.conf
+sed -i "s|loglevel=.*|loglevel=$SUPERVISORD_LOG_LEVEL|" /tmp/supervisord.conf
+sed -i "s|--debug-level [0-9]*|--debug-level $JANUS_DEBUG_LEVEL|" /tmp/supervisord.conf
+
+exec supervisord -c /tmp/supervisord.conf

Containers/watchtower/start.sh

@@ -17,7 +17,12 @@ if [ -f /run/.containerenv ]; then
 fi
 
 if [ -n "$CONTAINER_TO_UPDATE" ]; then
-    exec /watchtower --cleanup --debug --run-once "$CONTAINER_TO_UPDATE"
+    # Map AIO_LOG_LEVEL to watchtower log level (watchtower uses 'warn' not 'warning')
+    case "${AIO_LOG_LEVEL:-warning}" in
+        warning) WATCHTOWER_LOG_LEVEL="warn" ;;
+        *)       WATCHTOWER_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}" ;;
+    esac
+    exec /watchtower --cleanup --log-level "$WATCHTOWER_LOG_LEVEL" --run-once "$CONTAINER_TO_UPDATE"
 else
     echo "'CONTAINER_TO_UPDATE' is not set. Cannot update anything."
     exit 1

Containers/whiteboard/start.sh

@@ -16,5 +16,11 @@ REDIS_HOST_PASSWORD="$(jq -rn --arg v "$REDIS_HOST_PASSWORD" '$v|@uri')"
 
 export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST:$REDIS_PORT/$REDIS_DB_INDEX"
 
+# Map AIO_LOG_LEVEL to pino log level (pino uses 'warn' not 'warning')
+case "${AIO_LOG_LEVEL:-warning}" in
+    warning) export LOG_LEVEL="warn" ;;
+    *)       export LOG_LEVEL="${AIO_LOG_LEVEL:-warn}" ;;
+esac
+
 # Run it
 exec npm --prefix /app run server:start