From 3bf0eb7dd635b9e00f00bf7501bded03d6727848 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 24 Mar 2026 16:50:46 +0000 Subject: [PATCH] Restore backup_volumes and fix secrets declarations in MySQL DB containers Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com> Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/729f8a52-a9df-49b9-b95f-20103c416d52 --- community-containers/bahmni-lite/bahmni-lite.json | 11 ++++++++++- community-containers/bahmni-lite/readme.md | 3 ++- community-containers/caddy/readme.md | 3 ++- community-containers/fail2ban/fail2ban.json | 5 +++++ community-containers/fail2ban/readme.md | 2 +- 5 files changed, 20 insertions(+), 4 deletions(-) diff --git a/community-containers/bahmni-lite/bahmni-lite.json b/community-containers/bahmni-lite/bahmni-lite.json index 542b5c67..ac999572 100644 --- a/community-containers/bahmni-lite/bahmni-lite.json +++ b/community-containers/bahmni-lite/bahmni-lite.json @@ -75,6 +75,11 @@ "source": "nextcloud_aio_bahmni_configuration_checksums", "destination": "/openmrs/data/configuration_checksums", "writeable": true + }, + { + "source": "nextcloud_aio_bahmni_openmrs_logs", + "destination": "/openmrs/data/logs", + "writeable": true } ], "backup_volumes": [ @@ -83,7 +88,8 @@ "nextcloud_aio_bahmni_clinical_forms", "nextcloud_aio_bahmni_lab_results", "nextcloud_aio_bahmni_uploaded_files", - "nextcloud_aio_bahmni_configuration_checksums" + "nextcloud_aio_bahmni_configuration_checksums", + "nextcloud_aio_bahmni_openmrs_logs" ], "depends_on": [ "nextcloud-aio-bahmni-openmrsdb", @@ -210,6 +216,7 @@ "MYSQL_PASSWORD=%BAHMNI_REPORTS_DB_PASSWORD%" ], "secrets": [ + "BAHMNI_MYSQL_ROOT_PASSWORD", "BAHMNI_REPORTS_DB_PASSWORD" ], "volumes": [ @@ -317,6 +324,7 @@ "MYSQL_PASSWORD=%BAHMNI_CRATER_DB_PASSWORD%" ], "secrets": [ + "BAHMNI_MYSQL_ROOT_PASSWORD", "BAHMNI_CRATER_DB_PASSWORD" ], "volumes": [ @@ -407,6 +415,7 @@ "MYSQL_PASSWORD=%BAHMNI_CRATER_ATOMFEED_DB_PASSWORD%" ], "secrets": [ + "BAHMNI_MYSQL_ROOT_PASSWORD", "BAHMNI_CRATER_ATOMFEED_DB_PASSWORD" ], "volumes": [ diff --git a/community-containers/bahmni-lite/readme.md b/community-containers/bahmni-lite/readme.md index 475d682f..6c65b636 100644 --- a/community-containers/bahmni-lite/readme.md +++ b/community-containers/bahmni-lite/readme.md @@ -16,7 +16,7 @@ Bahmni Lite includes the following services: - **Crater Atomfeed** + **Crater Atomfeed DB** – OpenMRS ↔ Crater sync service ### Notes -- You need to configure a reverse proxy in order to use this container bundle, since Bahmni needs a dedicated (sub)domain! For that, you might have a look at https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy or follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md. You need to point the reverse proxy at `nextcloud-aio-bahmni-openmrs:8080` for the core Bahmni/OpenMRS application. +- You need to configure a reverse proxy in order to use this container bundle, since Bahmni needs a dedicated (sub)domain! The easiest way is to install the [Caddy community container](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy), which auto-configures `bahmni.your-nc-domain.com` for you — just point a CNAME record for `bahmni.your-nc-domain.com` at your server before enabling Caddy. Caddy will automatically route all Bahmni paths (`/openmrs/`, `/bahmni/`, `/bahmni-new/`, `/bahmni-lab/`, `/implementer-interface/`, `/document_images/`, `/uploaded_results/`, `/uploaded-files/`, `/appointments/`, `/reports/`) to the correct backend containers. Alternatively, you can follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md and configure your own reverse proxy manually using the path-to-container mapping documented below. - The core Bahmni EMR is accessible at `/openmrs/` on the OpenMRS container (`nextcloud-aio-bahmni-openmrs`, port `8080`). After starting, visit `http:///openmrs/` and log in with the default credentials: username `admin`, password `Admin123`. **⚠️ Change the default OpenMRS admin password immediately after first login.** The Bahmni database image ships with this well-known default — leaving it in place is a serious security risk. Note: after changing the OpenMRS admin password, you must also update `OPENMRS_ATOMFEED_PASSWORD` in the `nextcloud-aio-bahmni-crater-atomfeed` container to match the new password, otherwise the Crater billing sync will stop working. - For the full Bahmni UI experience (Bahmni Web, Bahmni Apps Frontend etc.), a reverse proxy must be set up to route the following paths to the correct containers: - `/openmrs/` → `nextcloud-aio-bahmni-openmrs:8080` @@ -29,6 +29,7 @@ Bahmni Lite includes the following services: - `/reports/` → `nextcloud-aio-bahmni-reports:8080` - The Crater billing system can be reached at `nextcloud-aio-bahmni-crater-nginx:80`. The Crater admin email is `admin@bahmni.org` and the password is shown next to the container in the AIO interface. - All Bahmni data (patient images, documents, clinical forms, databases) will be automatically included in AIOs backup solution! +- The [Fail2ban community container](https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban) auto-configures brute-force protection for Bahmni/OpenMRS login attempts when both containers are enabled. - This container bundle requires significant system resources. A minimum of **4 GB RAM** and **2 CPU cores** is recommended; **8 GB RAM** is preferred for production use. - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack. diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md index 3284decc..5f70616e 100644 --- a/community-containers/caddy/readme.md +++ b/community-containers/caddy/readme.md @@ -1,5 +1,5 @@ ## Caddy with geoblocking -This container bundles caddy and auto-configures it for you. It also covers [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) by listening on `bw.$NC_DOMAIN`, if installed. It also covers [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart) by listening on `mail.$NC_DOMAIN`, if installed. It also covers [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) by listening on `media.$NC_DOMAIN`, if installed. It also covers [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) by listening on `ldap.$NC_DOMAIN`, if installed. It also covers [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb) by listening on `tables.$NC_DOMAIN`, if installed. It also covers [seerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr) by listening on `requests.$NC_DOMAIN`, if installed. It also covers [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter) by listening on `metrics.$NC_DOMAIN`, if installed. It also covers [LocalAI](https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai) by listening on `ai.$NC_DOMAIN`, if installed. +This container bundles caddy and auto-configures it for you. It also covers [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) by listening on `bw.$NC_DOMAIN`, if installed. It also covers [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart) by listening on `mail.$NC_DOMAIN`, if installed. It also covers [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) by listening on `media.$NC_DOMAIN`, if installed. It also covers [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) by listening on `ldap.$NC_DOMAIN`, if installed. It also covers [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb) by listening on `tables.$NC_DOMAIN`, if installed. It also covers [seerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr) by listening on `requests.$NC_DOMAIN`, if installed. It also covers [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter) by listening on `metrics.$NC_DOMAIN`, if installed. It also covers [LocalAI](https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai) by listening on `ai.$NC_DOMAIN`, if installed. It also covers [Bahmni Lite](https://github.com/nextcloud/all-in-one/tree/main/community-containers/bahmni-lite) by listening on `bahmni.$NC_DOMAIN`, if installed. ### Notes - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time! @@ -15,6 +15,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau - If you want to use this with [seerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr), make sure that you point `requests.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for seerr. - If you want to use this with [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter), make sure that you point `metrics.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for nextcloud-exporter. - If you want to use this with [local AI](https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai), make sure that you point `ai.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for local AI. +- If you want to use this with [Bahmni Lite](https://github.com/nextcloud/all-in-one/tree/main/community-containers/bahmni-lite), make sure that you point `bahmni.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for Bahmni Lite. - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active! - You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack diff --git a/community-containers/fail2ban/fail2ban.json b/community-containers/fail2ban/fail2ban.json index 78bf0a85..7887ad1b 100644 --- a/community-containers/fail2ban/fail2ban.json +++ b/community-containers/fail2ban/fail2ban.json @@ -35,6 +35,11 @@ "source": "nextcloud_aio_jellyseerr", "destination": "/jellyseerr", "writeable": false + }, + { + "source": "nextcloud_aio_bahmni_openmrs_logs", + "destination": "/bahmni-openmrs", + "writeable": false } ] } diff --git a/community-containers/fail2ban/readme.md b/community-containers/fail2ban/readme.md index 28ab21e3..a60b602f 100644 --- a/community-containers/fail2ban/readme.md +++ b/community-containers/fail2ban/readme.md @@ -1,5 +1,5 @@ ## Fail2ban -This container bundles fail2ban and auto-configures it for you in order to block ip-addresses automatically. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin, and https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr, if installed. +This container bundles fail2ban and auto-configures it for you in order to block ip-addresses automatically. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin, https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr, and https://github.com/nextcloud/all-in-one/tree/main/community-containers/bahmni-lite, if installed. ### Notes - If you get an error like `"ip6tables v1.8.9 (legacy): can't initialize ip6tables table filter': Table does not exist (do you need to insmod?)"`, you need to enable ip6tables on your host via `sudo modprobe ip6table_filter`.