From 5a30accbe9ec5523b060673de6efc5aa6e660867 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 11 May 2026 09:35:39 +0000 Subject: [PATCH] chore: add SPDX license headers to all repository files Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com> --- .gitattributes | 3 + .github/ISSUE_TEMPLATE/Bug_report.md | 5 + .github/ISSUE_TEMPLATE/Feature_request.md | 5 + .github/ISSUE_TEMPLATE/config.yml | 3 + .github/dependabot.yml | 3 + .github/pull_request_template.md | 5 + .github/release.yml | 3 + .github/workflows/codespell.yml | 3 + .github/workflows/collabora.yml | 3 + .github/workflows/community-containers.yml | 3 + .github/workflows/dependency-updates.yml | 3 + .github/workflows/docker-lint.yml | 3 + .github/workflows/fail-on-prerelease.yml | 3 + .github/workflows/helm-release.yml | 3 + .github/workflows/imaginary-update.yml | 3 + .github/workflows/json-validator.yml | 3 + .github/workflows/lint-helm.yml | 3 + .github/workflows/lock-threads.yml | 3 + .github/workflows/nextcloud-update.yml | 3 + .../workflows/php-deprecation-detector.yml | 3 + .github/workflows/playwright-on-push.yml | 3 + .../playwright-on-workflow-dispatch.yml | 3 + .github/workflows/psalm-update-baseline.yml | 3 + .github/workflows/shellcheck.yml | 3 + .github/workflows/talk.yml | 3 + .github/workflows/twig-lint.yml | 3 + .github/workflows/update-copyright.yml | 3 + .github/workflows/update-helm.yml | 3 + .github/workflows/update-yaml.yml | 57 ++- .github/workflows/watchtower-update.yml | 3 + .gitignore | 3 + Containers/alpine/Dockerfile | 3 + Containers/apache/Caddyfile | 3 + Containers/apache/Dockerfile | 3 + Containers/apache/healthcheck.sh | 3 + Containers/apache/nextcloud.conf | 3 + Containers/apache/start.sh | 3 + Containers/apache/supervisord.conf | 47 +- Containers/borgbackup/Dockerfile | 3 + Containers/borgbackup/backupscript.sh | 3 + Containers/borgbackup/borg_excludes | 3 + Containers/borgbackup/start.sh | 3 + Containers/clamav/Dockerfile | 3 + Containers/clamav/healthcheck.sh | 3 + Containers/clamav/start.sh | 3 + Containers/clamav/supervisord.conf | 3 + Containers/collabora-online/Dockerfile | 3 + Containers/collabora-online/healthcheck.sh | 3 + Containers/collabora/Dockerfile | 3 + Containers/collabora/healthcheck.sh | 3 + Containers/collabora/start.sh | 3 + Containers/docker-socket-proxy/Dockerfile | 3 + Containers/docker-socket-proxy/haproxy.cfg | 3 + Containers/docker-socket-proxy/healthcheck.sh | 3 + Containers/docker-socket-proxy/start.sh | 3 + Containers/domaincheck/Dockerfile | 3 + Containers/domaincheck/lighttpd.conf | 3 + Containers/domaincheck/start.sh | 3 + Containers/fulltextsearch/Dockerfile | 67 +-- Containers/fulltextsearch/healthcheck.sh | 3 + Containers/fulltextsearch/start.sh | 3 + Containers/imaginary/Dockerfile | 109 +++-- Containers/imaginary/healthcheck.sh | 3 + Containers/imaginary/start.sh | 3 + Containers/mastercontainer/Dockerfile | 3 + Containers/mastercontainer/README.md | 5 + Containers/mastercontainer/acme.Caddyfile | 3 + .../backup-time-file-watcher.sh | 3 + Containers/mastercontainer/cron.sh | 3 + Containers/mastercontainer/daily-backup.sh | 3 + Containers/mastercontainer/headers.Caddyfile | 3 + Containers/mastercontainer/healthcheck.sh | 3 + Containers/mastercontainer/internal.Caddyfile | 3 + .../mastercontainer/session-deduplicator.sh | 3 + Containers/mastercontainer/start.sh | 3 + Containers/mastercontainer/supervisord.conf | 3 + Containers/nextcloud/Dockerfile | 3 + Containers/nextcloud/README.md | 5 + Containers/nextcloud/config/aio.config.php | 4 + Containers/nextcloud/config/apcu.config.php | 4 + Containers/nextcloud/config/apps.config.php | 4 + .../config/certificates-bundle.config.php | 4 + .../nextcloud/config/postgres.config.php | 4 + Containers/nextcloud/config/proxy.config.php | 4 + Containers/nextcloud/config/redis.config.php | 4 + .../nextcloud/config/reverse-proxy.config.php | 4 + Containers/nextcloud/config/s3.config.php | 98 ++-- Containers/nextcloud/config/server.config.php | 4 + Containers/nextcloud/config/smtp.config.php | 4 + Containers/nextcloud/config/swift.config.php | 66 +-- Containers/nextcloud/cron.sh | 3 + Containers/nextcloud/entrypoint.sh | 3 + Containers/nextcloud/healthcheck.sh | 3 + Containers/nextcloud/notify-all.sh | 3 + Containers/nextcloud/notify.sh | 3 + Containers/nextcloud/root.motd | 3 + Containers/nextcloud/run-exec-commands.sh | 3 + Containers/nextcloud/start.sh | 3 + Containers/nextcloud/supervisord.conf | 3 + Containers/nextcloud/upgrade.exclude | 3 + Containers/notify-push/Dockerfile | 3 + Containers/notify-push/healthcheck.sh | 3 + Containers/notify-push/start.sh | 3 + Containers/onlyoffice/Dockerfile | 3 + Containers/onlyoffice/healthcheck.sh | 3 + Containers/postgresql/Dockerfile | 3 + Containers/postgresql/healthcheck.sh | 3 + Containers/postgresql/init-user-db.sh | 3 + Containers/postgresql/start.sh | 3 + Containers/redis/Dockerfile | 3 + Containers/redis/healthcheck.sh | 3 + Containers/redis/start.sh | 3 + Containers/talk-recording/Dockerfile | 3 + Containers/talk-recording/healthcheck.sh | 3 + Containers/talk-recording/start.sh | 3 + Containers/talk/Dockerfile | 3 + Containers/talk/healthcheck.sh | 3 + Containers/talk/server.conf.in | 3 + Containers/talk/start.sh | 3 + Containers/talk/supervisord.conf | 3 + Containers/watchtower/Dockerfile | 3 + Containers/watchtower/start.sh | 3 + Containers/whiteboard/Dockerfile | 3 + Containers/whiteboard/healthcheck.sh | 3 + Containers/whiteboard/start.sh | 3 + app/.editorconfig | 3 + app/appinfo/info.xml | 4 + app/composer/autoload.php | 4 + app/composer/composer/ClassLoader.php | 4 + app/composer/composer/InstalledVersions.php | 4 + app/composer/composer/autoload_classmap.php | 4 + app/composer/composer/autoload_namespaces.php | 4 + app/composer/composer/autoload_psr4.php | 4 + app/composer/composer/autoload_real.php | 4 + app/composer/composer/autoload_static.php | 4 + app/composer/composer/installed.php | 4 + app/lib/Settings/Admin.php | 25 +- app/readme.md | 5 + app/templates/admin.php | 13 +- .../borgbackup-viewer/readme.md | 5 + community-containers/caddy/readme.md | 5 + community-containers/calcardbackup/readme.md | 5 + .../container-management/readme.md | 5 + community-containers/dlna/readme.md | 5 + .../facerecognition/readme.md | 5 + community-containers/fail2ban/readme.md | 5 + community-containers/glances/readme.md | 5 + community-containers/helloworld/readme.md | 5 + community-containers/home-assistant/readme.md | 5 + community-containers/jellyfin/readme.md | 5 + community-containers/jellyseerr/readme.md | 5 + community-containers/languagetool/readme.md | 5 + community-containers/libretranslate/readme.md | 5 + community-containers/lldap/readme.md | 5 + community-containers/local-ai/readme.md | 5 + community-containers/makemkv/readme.md | 5 + community-containers/memories/readme.md | 5 + community-containers/minio/readme.md | 5 + .../nextcloud-exporter/readme.md | 5 + community-containers/nocodb/readme.md | 5 + community-containers/notifications/readme.md | 5 + community-containers/npmplus/readme.md | 5 + community-containers/pi-hole/readme.md | 5 + community-containers/plex/readme.md | 5 + community-containers/readme.md | 5 + community-containers/scrutiny/readme.md | 5 + community-containers/smbserver/readme.md | 5 + community-containers/stalwart/readme.md | 5 + community-containers/vaultwarden/readme.md | 5 + compose.yaml | 3 + develop.md | 5 + docker-ipv6-support.md | 5 + docker-rootless.md | 79 +-- local-instance.md | 85 ++-- manual-install/latest.yml | 3 + manual-install/readme.md | 113 +++-- manual-install/sample.conf | 3 + manual-install/update-yaml.sh | 3 + manual-upgrade.md | 249 +++++----- migration.md | 5 + multiple-instances.md | 461 +++++++++--------- nextcloud-aio-helm-chart/Chart.yaml | 3 + nextcloud-aio-helm-chart/readme.md | 5 + .../nextcloud-aio-apache-deployment.yaml | 3 + ...loud-aio-apache-persistentvolumeclaim.yaml | 3 + .../nextcloud-aio-apache-service.yaml | 3 + .../nextcloud-aio-clamav-deployment.yaml | 3 + ...loud-aio-clamav-persistentvolumeclaim.yaml | 3 + .../nextcloud-aio-clamav-service.yaml | 3 + .../nextcloud-aio-collabora-deployment.yaml | 3 + .../nextcloud-aio-collabora-service.yaml | 3 + .../nextcloud-aio-database-deployment.yaml | 3 + ...o-database-dump-persistentvolumeclaim.yaml | 3 + ...ud-aio-database-persistentvolumeclaim.yaml | 3 + .../nextcloud-aio-database-service.yaml | 3 + ...o-elasticsearch-persistentvolumeclaim.yaml | 3 + ...xtcloud-aio-fulltextsearch-deployment.yaml | 3 + .../nextcloud-aio-fulltextsearch-service.yaml | 3 + .../nextcloud-aio-imaginary-deployment.yaml | 3 + .../nextcloud-aio-imaginary-service.yaml | 3 + .../nextcloud-aio-namespace-namespace.yaml | 3 + .../nextcloud-aio-networkpolicy.yaml | 3 + ...-nextcloud-data-persistentvolumeclaim.yaml | 3 + .../nextcloud-aio-nextcloud-deployment.yaml | 3 + ...d-aio-nextcloud-persistentvolumeclaim.yaml | 3 + .../nextcloud-aio-nextcloud-service.yaml | 3 + ...trusted-cacerts-persistentvolumeclaim.yaml | 3 + .../nextcloud-aio-notify-push-deployment.yaml | 3 + .../nextcloud-aio-notify-push-service.yaml | 3 + .../nextcloud-aio-onlyoffice-deployment.yaml | 3 + ...-aio-onlyoffice-persistentvolumeclaim.yaml | 3 + .../nextcloud-aio-onlyoffice-service.yaml | 3 + .../nextcloud-aio-redis-deployment.yaml | 3 + ...cloud-aio-redis-persistentvolumeclaim.yaml | 3 + .../nextcloud-aio-redis-service.yaml | 3 + .../nextcloud-aio-talk-deployment.yaml | 3 + ...xtcloud-aio-talk-recording-deployment.yaml | 3 + ...-talk-recording-persistentvolumeclaim.yaml | 3 + .../nextcloud-aio-talk-recording-service.yaml | 3 + .../templates/nextcloud-aio-talk-service.yaml | 3 + .../nextcloud-aio-whiteboard-deployment.yaml | 3 + .../nextcloud-aio-whiteboard-service.yaml | 3 + nextcloud-aio-helm-chart/update-helm.sh | 3 + nextcloud-aio-helm-chart/values.yaml | 3 + php/README.md | 5 + php/domain-validator.php | 4 + php/get-configurable-aio-variables.sh | 3 + php/psalm-baseline.xml | 4 + php/psalm.xml | 4 + php/public/automatic_reload.js | 3 + php/public/base_path.js | 3 + php/public/before-unload.js | 3 + php/public/click-handlers.js | 3 + php/public/containers-form-submit.js | 3 + php/public/disable-containers.js | 3 + php/public/forms.js | 3 + php/public/img/collabora.svg | 2 + php/public/img/nextcloud-logo.svg | 2 + php/public/img/office-none.svg | 2 + php/public/img/onlyoffice.svg | 2 + php/public/index.php | 4 + php/public/log-view.js | 3 + php/public/logs.css | 3 + php/public/robots.txt | 3 + php/public/scroll-into-view.js | 3 + php/public/second-tab-warning.js | 25 +- php/public/style.css | 3 + php/public/timezone.js | 3 + php/public/toggle-dark-mode.js | 3 + php/src/Auth/AuthManager.php | 4 + php/src/Auth/PasswordGenerator.php | 4 + php/src/Container/AioVariables.php | 4 + php/src/Container/Container.php | 4 + .../ContainerEnvironmentVariables.php | 4 + php/src/Container/ContainerPort.php | 4 + php/src/Container/ContainerPorts.php | 4 + php/src/Container/ContainerState.php | 4 + php/src/Container/ContainerVolume.php | 4 + php/src/Container/ContainerVolumes.php | 4 + php/src/Container/VersionState.php | 4 + php/src/ContainerDefinitionFetcher.php | 4 + .../Controller/ConfigurationController.php | 4 + php/src/Controller/DockerController.php | 4 + php/src/Controller/LoginController.php | 4 + php/src/Cron/BackupNotification.php | 4 + php/src/Cron/CheckBackup.php | 38 +- php/src/Cron/CheckFreeDiskSpace.php | 4 + php/src/Cron/CreateBackup.php | 38 +- php/src/Cron/OutdatedNotification.php | 4 + php/src/Cron/PullContainerImages.php | 4 + php/src/Cron/StartAndUpdateContainers.php | 44 +- php/src/Cron/StartContainers.php | 44 +- php/src/Cron/StopContainers.php | 38 +- php/src/Cron/UpdateMastercontainer.php | 38 +- php/src/Cron/UpdateNotification.php | 4 + php/src/Data/ConfigurationManager.php | 4 + php/src/Data/DataConst.php | 4 + .../InvalidSettingConfigurationException.php | 4 + php/src/Data/Setup.php | 4 + php/src/DependencyInjection.php | 4 + php/src/Docker/DockerActionManager.php | 4 + php/src/Docker/DockerHubManager.php | 4 + .../Docker/GitHubContainerRegistryManager.php | 4 + php/src/Middleware/AuthMiddleware.php | 4 + php/src/Twig/ClassExtension.php | 4 + php/src/Twig/CsrfExtension.php | 4 + php/templates/already-installed.twig | 5 + php/templates/components/container-state.twig | 5 + php/templates/containers.twig | 5 + php/templates/includes/aio-config.twig | 5 + php/templates/includes/aio-version.twig | 5 + php/templates/includes/backup-dirs.twig | 5 + .../includes/community-containers.twig | 5 + .../includes/optional-containers.twig | 5 + php/templates/layout.twig | 5 + php/templates/log.twig | 5 + php/templates/login.twig | 5 + php/templates/setup.twig | 5 + php/tests/.gitignore | 3 + php/tests/playwright.config.js | 3 + php/tests/tests/initial-setup.spec.js | 3 + php/tests/tests/restore-instance.spec.js | 3 + readme.md | 5 + reverse-proxy.md | 5 + tests/QA/001-initial-setup.md | 25 +- tests/QA/002-new-instance.md | 65 +-- tests/QA/003-automatic-login.md | 19 +- tests/QA/004-initial-backup.md | 67 +-- tests/QA/010-restore-instance.md | 75 +-- tests/QA/020-backup-and-restore.md | 27 +- tests/QA/030-aio-password-change.md | 27 +- tests/QA/040-login-behavior.md | 17 +- tests/QA/050-optional-addons.md | 37 +- tests/QA/055-community-containers.md | 5 + tests/QA/060-environmental-variables.md | 67 +-- tests/QA/070-timezone-change.md | 23 +- tests/QA/080-daily-backup-script.md | 15 +- tests/QA/assets/backup-archive/readme.md | 13 +- tests/QA/readme.md | 19 +- zizmor.yml | 3 + 320 files changed, 2198 insertions(+), 1053 deletions(-) diff --git a/.gitattributes b/.gitattributes index 176a458f..530319e9 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1 +1,4 @@ +# SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + * text=auto diff --git a/.github/ISSUE_TEMPLATE/Bug_report.md b/.github/ISSUE_TEMPLATE/Bug_report.md index aca2e718..12cd0209 100644 --- a/.github/ISSUE_TEMPLATE/Bug_report.md +++ b/.github/ISSUE_TEMPLATE/Bug_report.md @@ -1,3 +1,8 @@ + + --- name: 🐛 Bug report - no questions and no support! about: Help us improving by reporting a bug - this category is not for questions and also not for support! Please use one of the options below for questions and support diff --git a/.github/ISSUE_TEMPLATE/Feature_request.md b/.github/ISSUE_TEMPLATE/Feature_request.md index 2cc54fb4..c546262a 100644 --- a/.github/ISSUE_TEMPLATE/Feature_request.md +++ b/.github/ISSUE_TEMPLATE/Feature_request.md @@ -1,3 +1,8 @@ + + --- name: 📖 Existing feature/documentation enhancement about: Suggest an enhancement of an existing feature/documentation - for other types, please use the feature request option below diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml index 72ae238a..d448b03b 100644 --- a/.github/ISSUE_TEMPLATE/config.yml +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + blank_issues_enabled: false contact_links: - name: 📘 Documentation on Nextcloud AIO diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 7fe1067e..ff34faff 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + version: 2 updates: - package-ecosystem: "github-actions" diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 5d1441b4..05fcf9b0 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,3 +1,8 @@ + + + # Nextcloud All-in-One `mastercontainer` This folder contains the OCI/Docker container definition, along with associated resources and diff --git a/Containers/mastercontainer/acme.Caddyfile b/Containers/mastercontainer/acme.Caddyfile index 77d7df9e..ac5d182d 100644 --- a/Containers/mastercontainer/acme.Caddyfile +++ b/Containers/mastercontainer/acme.Caddyfile @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2026 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + { admin off diff --git a/Containers/mastercontainer/backup-time-file-watcher.sh b/Containers/mastercontainer/backup-time-file-watcher.sh index 6c5fc80d..7476cb50 100644 --- a/Containers/mastercontainer/backup-time-file-watcher.sh +++ b/Containers/mastercontainer/backup-time-file-watcher.sh @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + #!/bin/bash if [ "$AIO_LOG_LEVEL" = 'debug' ]; then diff --git a/Containers/mastercontainer/cron.sh b/Containers/mastercontainer/cron.sh index af0a25bc..cc9bf504 100644 --- a/Containers/mastercontainer/cron.sh +++ b/Containers/mastercontainer/cron.sh @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + #!/bin/bash if [ "$AIO_LOG_LEVEL" = 'debug' ]; then diff --git a/Containers/mastercontainer/daily-backup.sh b/Containers/mastercontainer/daily-backup.sh index 99293b60..e39e943e 100644 --- a/Containers/mastercontainer/daily-backup.sh +++ b/Containers/mastercontainer/daily-backup.sh @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + #!/bin/bash if [ "$AIO_LOG_LEVEL" = 'debug' ]; then diff --git a/Containers/mastercontainer/headers.Caddyfile b/Containers/mastercontainer/headers.Caddyfile index 269ead29..9f846373 100644 --- a/Containers/mastercontainer/headers.Caddyfile +++ b/Containers/mastercontainer/headers.Caddyfile @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2026 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + header { # CSP limits which features can be used. By default we allow nothing and only allow required options. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy # default-src 'none'; Allow nothing by default diff --git a/Containers/mastercontainer/healthcheck.sh b/Containers/mastercontainer/healthcheck.sh index db77524b..8c5a4460 100644 --- a/Containers/mastercontainer/healthcheck.sh +++ b/Containers/mastercontainer/healthcheck.sh @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + #!/bin/bash if [ "$AIO_LOG_LEVEL" = 'debug' ]; then diff --git a/Containers/mastercontainer/internal.Caddyfile b/Containers/mastercontainer/internal.Caddyfile index 9890acc0..3a93c134 100644 --- a/Containers/mastercontainer/internal.Caddyfile +++ b/Containers/mastercontainer/internal.Caddyfile @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2026 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + { admin off diff --git a/Containers/mastercontainer/session-deduplicator.sh b/Containers/mastercontainer/session-deduplicator.sh index 73f886ba..dddd1556 100644 --- a/Containers/mastercontainer/session-deduplicator.sh +++ b/Containers/mastercontainer/session-deduplicator.sh @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + #!/bin/bash deduplicate_sessions() { diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh index 72260a4e..7ad95f66 100644 --- a/Containers/mastercontainer/start.sh +++ b/Containers/mastercontainer/start.sh @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + #!/bin/bash # Function to show text in green diff --git a/Containers/mastercontainer/supervisord.conf b/Containers/mastercontainer/supervisord.conf index df682fff..62d4f6b3 100644 --- a/Containers/mastercontainer/supervisord.conf +++ b/Containers/mastercontainer/supervisord.conf @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + [supervisord] nodaemon=true logfile=/var/log/supervisord/supervisord.log diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index cfd8591f..41f38796 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + # syntax=docker/dockerfile:latest FROM php:8.3.30-fpm-alpine3.23 diff --git a/Containers/nextcloud/README.md b/Containers/nextcloud/README.md index 574afd03..252acaab 100644 --- a/Containers/nextcloud/README.md +++ b/Containers/nextcloud/README.md @@ -1,3 +1,8 @@ + + # Nextcloud All-in-One ``nextcloud`` Container This folder contains the OCI/Docker container definition, along with associated resources and configuration files, for building the `nextcloud` container as part of the [Nextcloud All-in-One](https://github.com/nextcloud/all-in-one) project. This container hosts PHP and the Nextcloud Server application. diff --git a/Containers/nextcloud/config/aio.config.php b/Containers/nextcloud/config/aio.config.php index 7c80b6ba..01f58dda 100644 --- a/Containers/nextcloud/config/aio.config.php +++ b/Containers/nextcloud/config/aio.config.php @@ -1,4 +1,8 @@ true, 'one-click-instance.user-limit' => 100, diff --git a/Containers/nextcloud/config/apcu.config.php b/Containers/nextcloud/config/apcu.config.php index 69fed876..a29b6621 100644 --- a/Containers/nextcloud/config/apcu.config.php +++ b/Containers/nextcloud/config/apcu.config.php @@ -1,4 +1,8 @@ '\OC\Memcache\APCu', ); diff --git a/Containers/nextcloud/config/apps.config.php b/Containers/nextcloud/config/apps.config.php index eb2dbe58..f639edae 100644 --- a/Containers/nextcloud/config/apps.config.php +++ b/Containers/nextcloud/config/apps.config.php @@ -1,4 +1,8 @@ array ( 0 => array ( diff --git a/Containers/nextcloud/config/certificates-bundle.config.php b/Containers/nextcloud/config/certificates-bundle.config.php index cc05b06a..09e8db53 100644 --- a/Containers/nextcloud/config/certificates-bundle.config.php +++ b/Containers/nextcloud/config/certificates-bundle.config.php @@ -1,4 +1,8 @@ array( diff --git a/Containers/nextcloud/config/proxy.config.php b/Containers/nextcloud/config/proxy.config.php index c283f86e..a6ec5cc4 100644 --- a/Containers/nextcloud/config/proxy.config.php +++ b/Containers/nextcloud/config/proxy.config.php @@ -1,4 +1,8 @@ '\OC\Memcache\Redis', diff --git a/Containers/nextcloud/config/reverse-proxy.config.php b/Containers/nextcloud/config/reverse-proxy.config.php index c8650913..26adb153 100644 --- a/Containers/nextcloud/config/reverse-proxy.config.php +++ b/Containers/nextcloud/config/reverse-proxy.config.php @@ -1,4 +1,8 @@ array( - 'class' => '\OC\Files\ObjectStore\S3', - 'arguments' => array( - 'multibucket' => $multibucket === 'true', - 'num_buckets' => (int)getenv('OBJECTSTORE_S3_NUM_BUCKETS') ?: 64, - 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), - 'key' => getenv('OBJECTSTORE_S3_KEY') ?: '', - 'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '', - 'region' => getenv('OBJECTSTORE_S3_REGION') ?: '', - 'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '', - 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', - 'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '', - 'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:", - 'autocreate' => strtolower($autocreate) !== 'false', - 'use_ssl' => strtolower($use_ssl) !== 'false', - // required for some non Amazon S3 implementations - 'use_path_style' => strtolower($use_path) === 'true', - // required for older protocol versions - 'legacy_auth' => strtolower($use_legacyauth) === 'true', - 'use_nextcloud_bundle' => 1, - ) - ) - ); - - $sse_c_key = getenv('OBJECTSTORE_S3_SSE_C_KEY'); - if ($sse_c_key) { - $CONFIG['objectstore']['arguments']['sse_c_key'] = $sse_c_key; - } - - $requestChecksumValidation = getenv('OBJECTSTORE_S3_REQUEST_CHECKSUM_VALIDATION'); - if ($requestChecksumValidation) { - $CONFIG['objectstore']['arguments']['request_checksum_calculation'] = $requestChecksumValidation; - } - - $responseChecksumValidation = getenv('OBJECTSTORE_S3_RESPONSE_CHECKSUM_VALIDATION'); - if ($responseChecksumValidation) { - $CONFIG['objectstore']['arguments']['response_checksum_validation'] = $responseChecksumValidation; - } -} + array( + 'class' => '\OC\Files\ObjectStore\S3', + 'arguments' => array( + 'multibucket' => $multibucket === 'true', + 'num_buckets' => (int)getenv('OBJECTSTORE_S3_NUM_BUCKETS') ?: 64, + 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), + 'key' => getenv('OBJECTSTORE_S3_KEY') ?: '', + 'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '', + 'region' => getenv('OBJECTSTORE_S3_REGION') ?: '', + 'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '', + 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', + 'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '', + 'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:", + 'autocreate' => strtolower($autocreate) !== 'false', + 'use_ssl' => strtolower($use_ssl) !== 'false', + // required for some non Amazon S3 implementations + 'use_path_style' => strtolower($use_path) === 'true', + // required for older protocol versions + 'legacy_auth' => strtolower($use_legacyauth) === 'true', + 'use_nextcloud_bundle' => 1, + ) + ) + ); + + $sse_c_key = getenv('OBJECTSTORE_S3_SSE_C_KEY'); + if ($sse_c_key) { + $CONFIG['objectstore']['arguments']['sse_c_key'] = $sse_c_key; + } + + $requestChecksumValidation = getenv('OBJECTSTORE_S3_REQUEST_CHECKSUM_VALIDATION'); + if ($requestChecksumValidation) { + $CONFIG['objectstore']['arguments']['request_checksum_calculation'] = $requestChecksumValidation; + } + + $responseChecksumValidation = getenv('OBJECTSTORE_S3_RESPONSE_CHECKSUM_VALIDATION'); + if ($responseChecksumValidation) { + $CONFIG['objectstore']['arguments']['response_checksum_validation'] = $responseChecksumValidation; + } +} diff --git a/Containers/nextcloud/config/server.config.php b/Containers/nextcloud/config/server.config.php index c0c427c6..33cc5ad6 100644 --- a/Containers/nextcloud/config/server.config.php +++ b/Containers/nextcloud/config/server.config.php @@ -1,4 +1,8 @@ crc32(gethostname()) % 512, ); diff --git a/Containers/nextcloud/config/smtp.config.php b/Containers/nextcloud/config/smtp.config.php index b57f9b68..ab8106ad 100644 --- a/Containers/nextcloud/config/smtp.config.php +++ b/Containers/nextcloud/config/smtp.config.php @@ -1,4 +1,8 @@ 'smtp', diff --git a/Containers/nextcloud/config/swift.config.php b/Containers/nextcloud/config/swift.config.php index d46818ae..846526b0 100644 --- a/Containers/nextcloud/config/swift.config.php +++ b/Containers/nextcloud/config/swift.config.php @@ -1,31 +1,35 @@ - [ - 'class' => 'OC\\Files\\ObjectStore\\Swift', - 'arguments' => [ - 'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false', - 'user' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'), - 'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default', - ], - ], - 'scope' => [ - 'project' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default', - ], - ], - ], - 'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift', - 'region' => getenv('OBJECTSTORE_SWIFT_REGION'), - 'url' => getenv('OBJECTSTORE_SWIFT_URL'), - 'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'), - ] - ] - ); -} + [ + 'class' => 'OC\\Files\\ObjectStore\\Swift', + 'arguments' => [ + 'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false', + 'user' => [ + 'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'), + 'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'), + 'domain' => [ + 'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default', + ], + ], + 'scope' => [ + 'project' => [ + 'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'), + 'domain' => [ + 'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default', + ], + ], + ], + 'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift', + 'region' => getenv('OBJECTSTORE_SWIFT_REGION'), + 'url' => getenv('OBJECTSTORE_SWIFT_URL'), + 'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'), + ] + ] + ); +} diff --git a/Containers/nextcloud/cron.sh b/Containers/nextcloud/cron.sh index c43822ca..1dbcb67c 100644 --- a/Containers/nextcloud/cron.sh +++ b/Containers/nextcloud/cron.sh @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + #!/bin/bash if [ "$AIO_LOG_LEVEL" = 'debug' ]; then diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh index 07e0ae24..37f67dfa 100644 --- a/Containers/nextcloud/entrypoint.sh +++ b/Containers/nextcloud/entrypoint.sh @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + #!/bin/bash # version_greater A B returns whether A > B diff --git a/Containers/nextcloud/healthcheck.sh b/Containers/nextcloud/healthcheck.sh index 25588d21..0dd7b147 100644 --- a/Containers/nextcloud/healthcheck.sh +++ b/Containers/nextcloud/healthcheck.sh @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + #!/bin/bash if [ "$AIO_LOG_LEVEL" = 'debug' ]; then diff --git a/Containers/nextcloud/notify-all.sh b/Containers/nextcloud/notify-all.sh index 137abd2e..c8262282 100644 --- a/Containers/nextcloud/notify-all.sh +++ b/Containers/nextcloud/notify-all.sh @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + #!/bin/bash if [ "$AIO_LOG_LEVEL" = 'debug' ]; then diff --git a/Containers/nextcloud/notify.sh b/Containers/nextcloud/notify.sh index 5851c1ba..2a2f77a0 100644 --- a/Containers/nextcloud/notify.sh +++ b/Containers/nextcloud/notify.sh @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + #!/bin/bash if [ "$AIO_LOG_LEVEL" = 'debug' ]; then diff --git a/Containers/nextcloud/root.motd b/Containers/nextcloud/root.motd index 00cb4805..b1963fcc 100644 --- a/Containers/nextcloud/root.motd +++ b/Containers/nextcloud/root.motd @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + Warning: You have logged in into the Nextcloud container as root user. See https://github.com/nextcloud/all-in-one#how-to-run-occ-commands if you want to run occ commands. Apart from that, you can use 'sudo -E -u www-data php occ ' in order to run occ commands. diff --git a/Containers/nextcloud/run-exec-commands.sh b/Containers/nextcloud/run-exec-commands.sh index 5f3a9744..a7fe7250 100644 --- a/Containers/nextcloud/run-exec-commands.sh +++ b/Containers/nextcloud/run-exec-commands.sh @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + #!/bin/bash if [ "$AIO_LOG_LEVEL" = 'debug' ]; then diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh index d9b253c7..1a74a8c9 100644 --- a/Containers/nextcloud/start.sh +++ b/Containers/nextcloud/start.sh @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + #!/bin/bash if [ "$AIO_LOG_LEVEL" = 'debug' ]; then diff --git a/Containers/nextcloud/supervisord.conf b/Containers/nextcloud/supervisord.conf index 5bf90ed0..ccded638 100644 --- a/Containers/nextcloud/supervisord.conf +++ b/Containers/nextcloud/supervisord.conf @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + # From https://github.com/nextcloud/docker/blob/master/.examples/dockerfiles/full/fpm/supervisord.conf [supervisord] nodaemon=true diff --git a/Containers/nextcloud/upgrade.exclude b/Containers/nextcloud/upgrade.exclude index 5e4b1d73..f1f3661e 100644 --- a/Containers/nextcloud/upgrade.exclude +++ b/Containers/nextcloud/upgrade.exclude @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + /config/ /data/ /custom_apps/ diff --git a/Containers/notify-push/Dockerfile b/Containers/notify-push/Dockerfile index 66116351..f00cdce8 100644 --- a/Containers/notify-push/Dockerfile +++ b/Containers/notify-push/Dockerfile @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + # syntax=docker/dockerfile:latest FROM alpine:3.23.4 diff --git a/Containers/notify-push/healthcheck.sh b/Containers/notify-push/healthcheck.sh index c17ab9cf..460da15d 100644 --- a/Containers/notify-push/healthcheck.sh +++ b/Containers/notify-push/healthcheck.sh @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + #!/bin/bash if [ "$AIO_LOG_LEVEL" = 'debug' ]; then diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh index 335a299d..404ae079 100644 --- a/Containers/notify-push/start.sh +++ b/Containers/notify-push/start.sh @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + #!/bin/bash if [ "$AIO_LOG_LEVEL" = 'debug' ]; then diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile index 0efd5bf9..167ab030 100644 --- a/Containers/onlyoffice/Dockerfile +++ b/Containers/onlyoffice/Dockerfile @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + # syntax=docker/dockerfile:latest # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile FROM onlyoffice/documentserver:9.3.1.2 diff --git a/Containers/onlyoffice/healthcheck.sh b/Containers/onlyoffice/healthcheck.sh index a5afbf2b..40129f87 100644 --- a/Containers/onlyoffice/healthcheck.sh +++ b/Containers/onlyoffice/healthcheck.sh @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + #!/bin/bash if [ "$AIO_LOG_LEVEL" = 'debug' ]; then diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile index e8685ca3..345edafa 100644 --- a/Containers/postgresql/Dockerfile +++ b/Containers/postgresql/Dockerfile @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + # syntax=docker/dockerfile:latest # From https://github.com/docker-library/postgres/blob/master/18/alpine3.23/Dockerfile FROM postgres:18.3-alpine diff --git a/Containers/postgresql/healthcheck.sh b/Containers/postgresql/healthcheck.sh index f9e05056..55222769 100644 --- a/Containers/postgresql/healthcheck.sh +++ b/Containers/postgresql/healthcheck.sh @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + #!/bin/bash if [ "$AIO_LOG_LEVEL" = 'debug' ]; then diff --git a/Containers/postgresql/init-user-db.sh b/Containers/postgresql/init-user-db.sh index e3578a39..be4d477b 100644 --- a/Containers/postgresql/init-user-db.sh +++ b/Containers/postgresql/init-user-db.sh @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + #!/bin/bash if [ "$AIO_LOG_LEVEL" = 'debug' ]; then diff --git a/Containers/postgresql/start.sh b/Containers/postgresql/start.sh index b71e448f..e0297bb6 100644 --- a/Containers/postgresql/start.sh +++ b/Containers/postgresql/start.sh @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + #!/bin/bash if [ "$AIO_LOG_LEVEL" = 'debug' ]; then diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile index e8919e14..935afb75 100644 --- a/Containers/redis/Dockerfile +++ b/Containers/redis/Dockerfile @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + # syntax=docker/dockerfile:latest # From https://github.com/redis/docker-library-redis/blob/release/8.2/alpine/Dockerfile FROM redis:8.6.3-alpine diff --git a/Containers/redis/healthcheck.sh b/Containers/redis/healthcheck.sh index b4c47735..e01cc985 100644 --- a/Containers/redis/healthcheck.sh +++ b/Containers/redis/healthcheck.sh @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + #!/bin/bash if [ "$AIO_LOG_LEVEL" = 'debug' ]; then diff --git a/Containers/redis/start.sh b/Containers/redis/start.sh index ccc3b9bb..f52efcad 100644 --- a/Containers/redis/start.sh +++ b/Containers/redis/start.sh @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + #!/bin/bash if [ "$AIO_LOG_LEVEL" = 'debug' ]; then diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile index b9f42626..e22ae7f1 100644 --- a/Containers/talk-recording/Dockerfile +++ b/Containers/talk-recording/Dockerfile @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + # syntax=docker/dockerfile:latest FROM python:3.14.3-alpine3.23 diff --git a/Containers/talk-recording/healthcheck.sh b/Containers/talk-recording/healthcheck.sh index 2750d59e..41c43fb8 100644 --- a/Containers/talk-recording/healthcheck.sh +++ b/Containers/talk-recording/healthcheck.sh @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + #!/bin/bash if [ "$AIO_LOG_LEVEL" = 'debug' ]; then diff --git a/Containers/talk-recording/start.sh b/Containers/talk-recording/start.sh index bb7d2ea4..95e1cc16 100644 --- a/Containers/talk-recording/start.sh +++ b/Containers/talk-recording/start.sh @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + #!/bin/bash if [ "$AIO_LOG_LEVEL" = 'debug' ]; then diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index f2980095..06bb9d73 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + # syntax=docker/dockerfile:latest FROM nats:2.14.0-scratch AS nats FROM eturnal/eturnal:1.12.2-alpine AS eturnal diff --git a/Containers/talk/healthcheck.sh b/Containers/talk/healthcheck.sh index 83022f18..f5a32d61 100644 --- a/Containers/talk/healthcheck.sh +++ b/Containers/talk/healthcheck.sh @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + #!/bin/bash if [ "$AIO_LOG_LEVEL" = 'debug' ]; then diff --git a/Containers/talk/server.conf.in b/Containers/talk/server.conf.in index 2e0a7cf2..8586e14d 100644 --- a/Containers/talk/server.conf.in +++ b/Containers/talk/server.conf.in @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + [http] # IP and port to listen on for HTTP requests. # Comment line to disable the listener. diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh index e5bd251b..b75b8509 100644 --- a/Containers/talk/start.sh +++ b/Containers/talk/start.sh @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + #!/bin/bash if [ "$AIO_LOG_LEVEL" = 'debug' ]; then diff --git a/Containers/talk/supervisord.conf b/Containers/talk/supervisord.conf index 69889a4c..4167fcbe 100644 --- a/Containers/talk/supervisord.conf +++ b/Containers/talk/supervisord.conf @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + [supervisord] nodaemon=true logfile=/var/log/supervisord/supervisord.log diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile index d93fd995..b7ee3e72 100644 --- a/Containers/watchtower/Dockerfile +++ b/Containers/watchtower/Dockerfile @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + # syntax=docker/dockerfile:latest FROM golang:1.26.2-alpine3.23 AS go diff --git a/Containers/watchtower/start.sh b/Containers/watchtower/start.sh index 16e7caef..01fe3863 100644 --- a/Containers/watchtower/start.sh +++ b/Containers/watchtower/start.sh @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + #!/bin/bash if [ "$AIO_LOG_LEVEL" = 'debug' ]; then diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile index 727efaed..b11369eb 100644 --- a/Containers/whiteboard/Dockerfile +++ b/Containers/whiteboard/Dockerfile @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + # syntax=docker/dockerfile:latest # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.7 diff --git a/Containers/whiteboard/healthcheck.sh b/Containers/whiteboard/healthcheck.sh index 91dc31eb..a7468c7b 100644 --- a/Containers/whiteboard/healthcheck.sh +++ b/Containers/whiteboard/healthcheck.sh @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + #!/bin/bash if [ "$AIO_LOG_LEVEL" = 'debug' ]; then diff --git a/Containers/whiteboard/start.sh b/Containers/whiteboard/start.sh index 5675a94a..30c5d1a5 100644 --- a/Containers/whiteboard/start.sh +++ b/Containers/whiteboard/start.sh @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + #!/bin/bash if [ "$AIO_LOG_LEVEL" = 'debug' ]; then diff --git a/app/.editorconfig b/app/.editorconfig index 5ce64346..d5049a69 100644 --- a/app/.editorconfig +++ b/app/.editorconfig @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + # https://editorconfig.org root = true diff --git a/app/appinfo/info.xml b/app/appinfo/info.xml index b06b3012..08ca66f2 100644 --- a/app/appinfo/info.xml +++ b/app/appinfo/info.xml @@ -1,4 +1,8 @@ + nextcloud-aio diff --git a/app/composer/autoload.php b/app/composer/autoload.php index fae752ae..3fa559d4 100644 --- a/app/composer/autoload.php +++ b/app/composer/autoload.php @@ -1,5 +1,9 @@ array( 'pretty_version' => 'dev-master', diff --git a/app/lib/Settings/Admin.php b/app/lib/Settings/Admin.php index 36fbd01b..ef4f993b 100644 --- a/app/lib/Settings/Admin.php +++ b/app/lib/Settings/Admin.php @@ -2,26 +2,11 @@ declare(strict_types=1); -/** - * @copyright Copyright (c) 2021, Azul - * - * @author Azul - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see - * - */ + +// SPDX-FileCopyrightText: 2021 Azul +// SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors +// SPDX-License-Identifier: AGPL-3.0-or-later + namespace OCA\AllInOne\Settings; use OCP\AppFramework\Http\TemplateResponse; diff --git a/app/readme.md b/app/readme.md index 9f639500..be46e913 100644 --- a/app/readme.md +++ b/app/readme.md @@ -1,3 +1,8 @@ + + ## How to develop the app? Please note that in order to check if an app is already downloaded diff --git a/app/templates/admin.php b/app/templates/admin.php index 4812ad90..44236dae 100644 --- a/app/templates/admin.php +++ b/app/templates/admin.php @@ -1,13 +1,10 @@ - * - * @author Azul - * - * This file is licensed under the Affero General Public License version 3 or - * later. See the COPYING file. - */ + +// SPDX-FileCopyrightText: 2021 Azul +// SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors +// SPDX-License-Identifier: AGPL-3.0-or-later + /** @var array $_ */ ?>

t('Nextcloud All-in-One'));?>


diff --git a/community-containers/borgbackup-viewer/readme.md b/community-containers/borgbackup-viewer/readme.md index ddd11be7..9a157eb5 100644 --- a/community-containers/borgbackup-viewer/readme.md +++ b/community-containers/borgbackup-viewer/readme.md @@ -1,3 +1,8 @@ + + ## Borgbackup Viewer This container allows to view the local borg repository in a web session. It also allows you to restore files and folders from the backup by using desktop programs in a web browser. diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md index 5ada3738..063a3894 100644 --- a/community-containers/caddy/readme.md +++ b/community-containers/caddy/readme.md @@ -1,3 +1,8 @@ + + ## Caddy with geoblocking This container bundles caddy and auto-configures it for you. It also covers [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) by listening on `bw.$NC_DOMAIN`, if installed. It also covers [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart) by listening on `mail.$NC_DOMAIN`, if installed. It also covers [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) by listening on `media.$NC_DOMAIN`, if installed. It also covers [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) by listening on `ldap.$NC_DOMAIN`, if installed. It also covers [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb) by listening on `tables.$NC_DOMAIN`, if installed. It also covers [seerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr) by listening on `requests.$NC_DOMAIN`, if installed. It also covers [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter) by listening on `metrics.$NC_DOMAIN`, if installed. It also covers [LocalAI](https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai) by listening on `ai.$NC_DOMAIN`, if installed. diff --git a/community-containers/calcardbackup/readme.md b/community-containers/calcardbackup/readme.md index 42a218b4..2f43656c 100644 --- a/community-containers/calcardbackup/readme.md +++ b/community-containers/calcardbackup/readme.md @@ -1,3 +1,8 @@ + + ## calcardbackup This container packages calcardbackup which is a tool that exports calendars and addressbooks from Nextcloud to .ics and .vcf files and saves them to a compressed file. diff --git a/community-containers/container-management/readme.md b/community-containers/container-management/readme.md index e8c17313..5cf0b01f 100644 --- a/community-containers/container-management/readme.md +++ b/community-containers/container-management/readme.md @@ -1,3 +1,8 @@ + + ## Container-Management This container allows to manage insides of other containers via a GUI inside a Web session by allowing to run docker commands from inside this container. diff --git a/community-containers/dlna/readme.md b/community-containers/dlna/readme.md index 47502dc8..514846ba 100644 --- a/community-containers/dlna/readme.md +++ b/community-containers/dlna/readme.md @@ -1,3 +1,8 @@ + + ## DLNA server This container bundles DLNA server for your Nextcloud files to be accessible by the clients in your local network. Simply run the container and look for a new media server `nextcloud-aio` in your local network. diff --git a/community-containers/facerecognition/readme.md b/community-containers/facerecognition/readme.md index 474ed1e2..2aa65cb4 100644 --- a/community-containers/facerecognition/readme.md +++ b/community-containers/facerecognition/readme.md @@ -1,3 +1,8 @@ + + ## Facerecognition This container bundles the external model of facerecognition and auto-configures it for you. diff --git a/community-containers/fail2ban/readme.md b/community-containers/fail2ban/readme.md index 28ab21e3..f2e01edd 100644 --- a/community-containers/fail2ban/readme.md +++ b/community-containers/fail2ban/readme.md @@ -1,3 +1,8 @@ + + ## Fail2ban This container bundles fail2ban and auto-configures it for you in order to block ip-addresses automatically. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin, and https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr, if installed. diff --git a/community-containers/glances/readme.md b/community-containers/glances/readme.md index a9860778..e7a0bfd1 100644 --- a/community-containers/glances/readme.md +++ b/community-containers/glances/readme.md @@ -1,3 +1,8 @@ + + ## Glances This container starts Glances, a web-based info-board, and auto-configures it for you. diff --git a/community-containers/helloworld/readme.md b/community-containers/helloworld/readme.md index 83c557ac..18a8bfbd 100644 --- a/community-containers/helloworld/readme.md +++ b/community-containers/helloworld/readme.md @@ -1,3 +1,8 @@ + + ## Hello World This container is a template for creating a community container. diff --git a/community-containers/home-assistant/readme.md b/community-containers/home-assistant/readme.md index e5ac025a..0d357f38 100644 --- a/community-containers/home-assistant/readme.md +++ b/community-containers/home-assistant/readme.md @@ -1,3 +1,8 @@ + + ## Home Assistant This container bundles Home Assistant and auto-configures it for you. diff --git a/community-containers/jellyfin/readme.md b/community-containers/jellyfin/readme.md index 2a78bc1e..b3d7d642 100644 --- a/community-containers/jellyfin/readme.md +++ b/community-containers/jellyfin/readme.md @@ -1,3 +1,8 @@ + + ## Jellyfin This container bundles Jellyfin and auto-configures it for you. diff --git a/community-containers/jellyseerr/readme.md b/community-containers/jellyseerr/readme.md index f5541062..b5689941 100644 --- a/community-containers/jellyseerr/readme.md +++ b/community-containers/jellyseerr/readme.md @@ -1,3 +1,8 @@ + + ## Seerr This container bundles Seerr and auto-configures it for you. diff --git a/community-containers/languagetool/readme.md b/community-containers/languagetool/readme.md index c7a725e9..714ec751 100644 --- a/community-containers/languagetool/readme.md +++ b/community-containers/languagetool/readme.md @@ -1,3 +1,8 @@ + + ## LanguageTool for Nextcloud Office This container bundles a LanguageTool for Nextcloud Office which adds spell checking functionality to Nextcloud Office. diff --git a/community-containers/libretranslate/readme.md b/community-containers/libretranslate/readme.md index f9893f34..49c7b9c0 100644 --- a/community-containers/libretranslate/readme.md +++ b/community-containers/libretranslate/readme.md @@ -1,3 +1,8 @@ + + ## LibreTranslate This container bundles LibreTranslate and auto-configures it for you. diff --git a/community-containers/lldap/readme.md b/community-containers/lldap/readme.md index 586aea9e..a9a02666 100644 --- a/community-containers/lldap/readme.md +++ b/community-containers/lldap/readme.md @@ -1,3 +1,8 @@ + + ## Light LDAP server This container bundles LLDAP server and auto-configures your Nextcloud instance for you. diff --git a/community-containers/local-ai/readme.md b/community-containers/local-ai/readme.md index 2068ed1d..5835b328 100644 --- a/community-containers/local-ai/readme.md +++ b/community-containers/local-ai/readme.md @@ -1,3 +1,8 @@ + + ## Local AI This container bundles Local AI and auto-configures it for you. It support hardware acceleration with Vulkan. diff --git a/community-containers/makemkv/readme.md b/community-containers/makemkv/readme.md index e78510ee..a98f0252 100644 --- a/community-containers/makemkv/readme.md +++ b/community-containers/makemkv/readme.md @@ -1,3 +1,8 @@ + + ## MakeMKV This container bundles MakeMKV and auto-configures it for you. diff --git a/community-containers/memories/readme.md b/community-containers/memories/readme.md index 88a44c4d..2c76a01b 100644 --- a/community-containers/memories/readme.md +++ b/community-containers/memories/readme.md @@ -1,3 +1,8 @@ + + ## Memories This container bundles the hardware-transcoding container of memories and auto-configures it for you. diff --git a/community-containers/minio/readme.md b/community-containers/minio/readme.md index be41d5bd..dd1122cd 100644 --- a/community-containers/minio/readme.md +++ b/community-containers/minio/readme.md @@ -1,3 +1,8 @@ + + ## Minio This container bundles minio s3 storage and auto-configures it for you. diff --git a/community-containers/nextcloud-exporter/readme.md b/community-containers/nextcloud-exporter/readme.md index 469989b3..ac5ca205 100644 --- a/community-containers/nextcloud-exporter/readme.md +++ b/community-containers/nextcloud-exporter/readme.md @@ -1,3 +1,8 @@ + + ## Prometheus Nextcloud Exporter A Prometheus exporter that collects metrics from your Nextcloud instance for monitoring and alerting. diff --git a/community-containers/nocodb/readme.md b/community-containers/nocodb/readme.md index fa23f8f6..185d1556 100644 --- a/community-containers/nocodb/readme.md +++ b/community-containers/nocodb/readme.md @@ -1,3 +1,8 @@ + + > [!CAUTION] > NocoDB is licensed under a non-free license. > diff --git a/community-containers/notifications/readme.md b/community-containers/notifications/readme.md index 78ec49b6..5667314f 100644 --- a/community-containers/notifications/readme.md +++ b/community-containers/notifications/readme.md @@ -1,3 +1,8 @@ + + ## Notifications This container allows other AIO community containers to send admin notifications to Nextcloud users. diff --git a/community-containers/npmplus/readme.md b/community-containers/npmplus/readme.md index a71b4af2..27e97d51 100644 --- a/community-containers/npmplus/readme.md +++ b/community-containers/npmplus/readme.md @@ -1,3 +1,8 @@ + + ## NPMplus This container contains a fork of the Nginx Proxy Manager, which is a WebUI for nginx. It will also automatically create a config and cert for AIO. diff --git a/community-containers/pi-hole/readme.md b/community-containers/pi-hole/readme.md index 7254f585..408bc077 100644 --- a/community-containers/pi-hole/readme.md +++ b/community-containers/pi-hole/readme.md @@ -1,3 +1,8 @@ + + ## Pi-hole This container bundles pi-hole and auto-configures it for you. diff --git a/community-containers/plex/readme.md b/community-containers/plex/readme.md index 7f8434ab..4eb1565c 100644 --- a/community-containers/plex/readme.md +++ b/community-containers/plex/readme.md @@ -1,3 +1,8 @@ + + ## Plex This container bundles Plex and auto-configures it for you. diff --git a/community-containers/readme.md b/community-containers/readme.md index b0a3fe3e..0031e55b 100644 --- a/community-containers/readme.md +++ b/community-containers/readme.md @@ -1,3 +1,8 @@ + + # Community containers This directory features containers that are built for AIO which allows to add additional functionality very easily. diff --git a/community-containers/scrutiny/readme.md b/community-containers/scrutiny/readme.md index 3bb728f7..ab800882 100644 --- a/community-containers/scrutiny/readme.md +++ b/community-containers/scrutiny/readme.md @@ -1,3 +1,8 @@ + + ## Scrutiny This container bundles Scrutiny which is a frontend for SMART stats and auto-configures it for you. diff --git a/community-containers/smbserver/readme.md b/community-containers/smbserver/readme.md index 20d90c9f..1c03d930 100644 --- a/community-containers/smbserver/readme.md +++ b/community-containers/smbserver/readme.md @@ -1,3 +1,8 @@ + + ## SMB-server This container bundles an SMB-server and allows to configure it via a graphical shell script. diff --git a/community-containers/stalwart/readme.md b/community-containers/stalwart/readme.md index b34f04db..6da9efe4 100644 --- a/community-containers/stalwart/readme.md +++ b/community-containers/stalwart/readme.md @@ -1,3 +1,8 @@ + + > [!CAUTION] > Be aware that the mail server is the most difficult service to deploy. > diff --git a/community-containers/vaultwarden/readme.md b/community-containers/vaultwarden/readme.md index 81f37010..b109a6e7 100644 --- a/community-containers/vaultwarden/readme.md +++ b/community-containers/vaultwarden/readme.md @@ -1,3 +1,8 @@ + + ## Vaultwarden This container bundles vaultwarden and auto-configures it for you. diff --git a/compose.yaml b/compose.yaml index d3220cb0..ac75c21e 100644 --- a/compose.yaml +++ b/compose.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + name: nextcloud-aio # Add the container to the same compose project like all the sibling containers are added to automatically. services: nextcloud-aio-mastercontainer: diff --git a/develop.md b/develop.md index c4543078..1890f1d5 100644 --- a/develop.md +++ b/develop.md @@ -1,3 +1,8 @@ + + ## Developer channel If you want to switch to the develop channel, you simply stop and delete the mastercontainer and create a new one with a changed tag to develop: ```shell diff --git a/docker-ipv6-support.md b/docker-ipv6-support.md index a784e7c7..6ac29c27 100644 --- a/docker-ipv6-support.md +++ b/docker-ipv6-support.md @@ -1,3 +1,8 @@ + + # IPv6-Support for Docker ## Docker on Linux and Docker-rootless diff --git a/docker-rootless.md b/docker-rootless.md index 13511000..51085755 100644 --- a/docker-rootless.md +++ b/docker-rootless.md @@ -1,37 +1,42 @@ -# Docker rootless - -You can run AIO with docker rootless by following the steps below. - -0. If docker is already installed, you should consider disabling it first: (`sudo systemctl disable --now docker.service docker.socket`) -1. Install docker rootless by following the official documentation: https://docs.docker.com/engine/security/rootless/#install. The easiest way is installing it **Without packages** (`curl -fsSL https://get.docker.com/rootless | sh`). Further limitations, distribution specific hints, etc. are discussed on the same site. Also do not forget to enable the systemd service, which may not be enabled always by default. See https://docs.docker.com/engine/security/rootless/#usage. (`systemctl --user enable docker`) -1. If you need ipv6 support, you should enable it by following https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md. -1. Do not forget to set the mentioned environmental variables `PATH` and `DOCKER_HOST` and in best case add them to your `~/.bashrc` file as shown! -1. Also do not forget to run `loginctl enable-linger USERNAME` (and substitute USERNAME with the correct one) in order to make sure that user services are automatically started after every reboot. -1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/tips/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`). If you require the correct source IP you must expose them via `/etc/sysctl.conf`, [see note below](#note-regarding-docker-network-driver). -1. Use the official AIO startup command but use `--volume $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro` instead of `--volume /var/run/docker.sock:/var/run/docker.sock:ro` and also add `--env WATCHTOWER_DOCKER_SOCKET_PATH=$XDG_RUNTIME_DIR/docker.sock` to the initial container startup (which is needed for mastercontainer updates to work correctly). When you are using Portainer to deploy AIO, the variable `$XDG_RUNTIME_DIR` is not available. In this case, it is necessary to manually add the path (e.g. `/run/user/1000/docker.sock`) to the Docker compose file to replace the `$XDG_RUNTIME_DIR` variable. If you are not sure how to get the path, you can run on the host: `echo $XDG_RUNTIME_DIR`. -1. Now everything should work like without docker rootless. You can consider using docker-compose for this or running it behind a reverse proxy. Basically the only thing that needs to be adjusted always in the startup command or compose.yaml file (after installing docker rootles) are things that are mentioned in point 3. -1. ⚠️ **Important:** Please read through all notes below! - -### Note regarding sudo in the documentation -Almost all commands in this project's documentation use `sudo docker ...`. Since `sudo` is not needed in case of docker rootless, you simply remove `sudo` from the commands and they should work. - -### Note regarding permissions -All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. E.g. with `sudo chown -R USERNAME:GROUPNAME /mnt/backup`. The same applies when changing Nextcloud's datadir via NEXTCLOUD_DATADIR. E.g. `sudo chown -R USERNAME:GROUPNAME /mnt/ncdata`. When you want to use the NEXTCLOUD_MOUNT option for local external storage, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value). - - -### Note regarding docker network driver -By default rootless docker uses the `slirp4netns` IP driver and the `builtin` port driver. As mentioned in [the documentation](https://docs.docker.com/engine/security/rootless/#networking-errors), this combination doesn't provide "Source IP propagation". This means that Apache and Nextcloud will see all connections as coming from the docker gateway (e.g 172.19.0.1), which can lead to the Nextcloud brute force protection blocking all connection attempts. To expose the correct source IP, you will need to configure docker to also use `slirp4netns` as the port driver (see also [this guide](https://rootlesscontaine.rs/getting-started/docker/#changing-the-port-forwarder)). -As stated in the documentation, this change will likely lead to decreased network throughput. You should test this by trying to transfer a large file after completing your setup and revert back to the `builtin` port driver if the throughput is too slow. -* Add `net.ipv4.ip_unprivileged_port_start=80` to `/etc/sysctl.conf`. Editing this file requires root privileges. (using capabilities doesn't work here; see [this issue](https://github.com/rootless-containers/slirp4netns/issues/251#issuecomment-761415404)). -* Run `sudo sysctl --system` to propagate the change. -* Create `~/.config/systemd/user/docker.service.d/override.conf` - with the following content: - ``` - [Service] - Environment="DOCKERD_ROOTLESS_ROOTLESSKIT_NET=slirp4netns" - Environment="DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER=slirp4netns" - ``` -* Restart the docker daemon - ``` - systemctl --user restart docker - ``` + + +# Docker rootless + +You can run AIO with docker rootless by following the steps below. + +0. If docker is already installed, you should consider disabling it first: (`sudo systemctl disable --now docker.service docker.socket`) +1. Install docker rootless by following the official documentation: https://docs.docker.com/engine/security/rootless/#install. The easiest way is installing it **Without packages** (`curl -fsSL https://get.docker.com/rootless | sh`). Further limitations, distribution specific hints, etc. are discussed on the same site. Also do not forget to enable the systemd service, which may not be enabled always by default. See https://docs.docker.com/engine/security/rootless/#usage. (`systemctl --user enable docker`) +1. If you need ipv6 support, you should enable it by following https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md. +1. Do not forget to set the mentioned environmental variables `PATH` and `DOCKER_HOST` and in best case add them to your `~/.bashrc` file as shown! +1. Also do not forget to run `loginctl enable-linger USERNAME` (and substitute USERNAME with the correct one) in order to make sure that user services are automatically started after every reboot. +1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/tips/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`). If you require the correct source IP you must expose them via `/etc/sysctl.conf`, [see note below](#note-regarding-docker-network-driver). +1. Use the official AIO startup command but use `--volume $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro` instead of `--volume /var/run/docker.sock:/var/run/docker.sock:ro` and also add `--env WATCHTOWER_DOCKER_SOCKET_PATH=$XDG_RUNTIME_DIR/docker.sock` to the initial container startup (which is needed for mastercontainer updates to work correctly). When you are using Portainer to deploy AIO, the variable `$XDG_RUNTIME_DIR` is not available. In this case, it is necessary to manually add the path (e.g. `/run/user/1000/docker.sock`) to the Docker compose file to replace the `$XDG_RUNTIME_DIR` variable. If you are not sure how to get the path, you can run on the host: `echo $XDG_RUNTIME_DIR`. +1. Now everything should work like without docker rootless. You can consider using docker-compose for this or running it behind a reverse proxy. Basically the only thing that needs to be adjusted always in the startup command or compose.yaml file (after installing docker rootles) are things that are mentioned in point 3. +1. ⚠️ **Important:** Please read through all notes below! + +### Note regarding sudo in the documentation +Almost all commands in this project's documentation use `sudo docker ...`. Since `sudo` is not needed in case of docker rootless, you simply remove `sudo` from the commands and they should work. + +### Note regarding permissions +All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. E.g. with `sudo chown -R USERNAME:GROUPNAME /mnt/backup`. The same applies when changing Nextcloud's datadir via NEXTCLOUD_DATADIR. E.g. `sudo chown -R USERNAME:GROUPNAME /mnt/ncdata`. When you want to use the NEXTCLOUD_MOUNT option for local external storage, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value). + + +### Note regarding docker network driver +By default rootless docker uses the `slirp4netns` IP driver and the `builtin` port driver. As mentioned in [the documentation](https://docs.docker.com/engine/security/rootless/#networking-errors), this combination doesn't provide "Source IP propagation". This means that Apache and Nextcloud will see all connections as coming from the docker gateway (e.g 172.19.0.1), which can lead to the Nextcloud brute force protection blocking all connection attempts. To expose the correct source IP, you will need to configure docker to also use `slirp4netns` as the port driver (see also [this guide](https://rootlesscontaine.rs/getting-started/docker/#changing-the-port-forwarder)). +As stated in the documentation, this change will likely lead to decreased network throughput. You should test this by trying to transfer a large file after completing your setup and revert back to the `builtin` port driver if the throughput is too slow. +* Add `net.ipv4.ip_unprivileged_port_start=80` to `/etc/sysctl.conf`. Editing this file requires root privileges. (using capabilities doesn't work here; see [this issue](https://github.com/rootless-containers/slirp4netns/issues/251#issuecomment-761415404)). +* Run `sudo sysctl --system` to propagate the change. +* Create `~/.config/systemd/user/docker.service.d/override.conf` + with the following content: + ``` + [Service] + Environment="DOCKERD_ROOTLESS_ROOTLESSKIT_NET=slirp4netns" + Environment="DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER=slirp4netns" + ``` +* Restart the docker daemon + ``` + systemctl --user restart docker + ``` diff --git a/local-instance.md b/local-instance.md index 4fa42ba8..de74cbeb 100644 --- a/local-instance.md +++ b/local-instance.md @@ -1,40 +1,45 @@ -# Local instance -It is possible due to several reasons that you do not want or cannot open Nextcloud to the public internet. Perhaps you were hoping to access AIO directly from an `ip.add.r.ess` (unsupported) or without a valid domain. However, AIO requires a valid certificate to work correctly. Below is discussed how you can achieve both: Having a valid certificate for Nextcloud and only using it locally. - -### Content -- [1. Tailscale](#1-tailscale) -- [2. Pangolin](#2-pangolin) -- [3. The normal way](#3-the-normal-way) -- [4. Use the ACME DNS-challenge](#4-use-the-acme-dns-challenge) -- [5. Use Cloudflare](#5-use-cloudflare) -- [6. Buy a certificate and use that](#6-buy-a-certificate-and-use-that) - -## 1. Tailscale -This is the recommended way. For a reverse proxy example guide for Tailscale, see this guide by [@Perseus333](https://github.com/Perseus333): https://github.com/nextcloud/all-in-one/discussions/6817 - -## 2. Pangolin -[Pangolin](https://pangolin.net/) is an open-source, WireGuard-based remote access platform similar in concept to Tailscale. It uses the **Newt** connector to create outbound-only encrypted tunnels — no inbound ports need to be opened on your firewall. Pangolin handles TLS automatically, providing a valid certificate for your Nextcloud domain. - -You can use either [Pangolin Cloud](https://app.pangolin.net/) (free tier available) or [self-host your own Pangolin server](https://docs.pangolin.net/self-host/quick-install) on a VPS. For private/local-only access, self-hosting Pangolin on a machine within your local network means that Nextcloud never needs to be exposed to the public internet. - -For the reverse proxy configuration details and a step-by-step setup guide, see the [Pangolin section in the reverse proxy documentation](./reverse-proxy.md#pangolin). - -## 3. The normal way -The normal way is the following: -1. Set up your domain correctly to point to your home network -1. Set up a reverse proxy by following the [reverse proxy documentation](./reverse-proxy.md) but only open port 80 (which is needed for the ACME challenge to work - however no real traffic will use this port). -1. Set up a local DNS-server like a pi-hole and configure it to be your local DNS-server for the whole network. Then in the Pi-hole interface, add a custom DNS-record for your domain and overwrite the A-record (and possibly the AAAA-record, too) to point to the private ip-address of your reverse proxy (see https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally) -1. Enter the ip-address of your local dns-server in the daemon.json file for docker so that you are sure that all docker containers use the correct local dns-server. -1. Now, entering the domain in the AIO-interface should work as expected and should allow you to continue with the setup - -**Hint:** You may have a look at [this video](https://youtu.be/zk-y2wVkY4c) for a more complete but possibly outdated example. - -## 4. Use the ACME DNS-challenge -You can alternatively use the ACME DNS-challenge to get a valid certificate for Nextcloud. Here is described how to set it up using an external caddy reverse proxy: https://github.com/nextcloud/all-in-one#how-to-get-nextcloud-running-using-the-acme-dns-challenge - -## 5. Use Cloudflare -If you do not have any control over the network, you may think about using Cloudflare Tunnel to get a valid certificate for your Nextcloud. However it will be opened to the public internet then. See https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-tunnel how to set this up. - -## 6. Buy a certificate and use that -If none of the above ways work for you, you may simply buy a certificate from an issuer for your domain. You then download the certificate onto your server, configure AIO in [reverse proxy mode](./reverse-proxy.md) and use the certificate for your domain in your reverse proxy config. - + + +# Local instance +It is possible due to several reasons that you do not want or cannot open Nextcloud to the public internet. Perhaps you were hoping to access AIO directly from an `ip.add.r.ess` (unsupported) or without a valid domain. However, AIO requires a valid certificate to work correctly. Below is discussed how you can achieve both: Having a valid certificate for Nextcloud and only using it locally. + +### Content +- [1. Tailscale](#1-tailscale) +- [2. Pangolin](#2-pangolin) +- [3. The normal way](#3-the-normal-way) +- [4. Use the ACME DNS-challenge](#4-use-the-acme-dns-challenge) +- [5. Use Cloudflare](#5-use-cloudflare) +- [6. Buy a certificate and use that](#6-buy-a-certificate-and-use-that) + +## 1. Tailscale +This is the recommended way. For a reverse proxy example guide for Tailscale, see this guide by [@Perseus333](https://github.com/Perseus333): https://github.com/nextcloud/all-in-one/discussions/6817 + +## 2. Pangolin +[Pangolin](https://pangolin.net/) is an open-source, WireGuard-based remote access platform similar in concept to Tailscale. It uses the **Newt** connector to create outbound-only encrypted tunnels — no inbound ports need to be opened on your firewall. Pangolin handles TLS automatically, providing a valid certificate for your Nextcloud domain. + +You can use either [Pangolin Cloud](https://app.pangolin.net/) (free tier available) or [self-host your own Pangolin server](https://docs.pangolin.net/self-host/quick-install) on a VPS. For private/local-only access, self-hosting Pangolin on a machine within your local network means that Nextcloud never needs to be exposed to the public internet. + +For the reverse proxy configuration details and a step-by-step setup guide, see the [Pangolin section in the reverse proxy documentation](./reverse-proxy.md#pangolin). + +## 3. The normal way +The normal way is the following: +1. Set up your domain correctly to point to your home network +1. Set up a reverse proxy by following the [reverse proxy documentation](./reverse-proxy.md) but only open port 80 (which is needed for the ACME challenge to work - however no real traffic will use this port). +1. Set up a local DNS-server like a pi-hole and configure it to be your local DNS-server for the whole network. Then in the Pi-hole interface, add a custom DNS-record for your domain and overwrite the A-record (and possibly the AAAA-record, too) to point to the private ip-address of your reverse proxy (see https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally) +1. Enter the ip-address of your local dns-server in the daemon.json file for docker so that you are sure that all docker containers use the correct local dns-server. +1. Now, entering the domain in the AIO-interface should work as expected and should allow you to continue with the setup + +**Hint:** You may have a look at [this video](https://youtu.be/zk-y2wVkY4c) for a more complete but possibly outdated example. + +## 4. Use the ACME DNS-challenge +You can alternatively use the ACME DNS-challenge to get a valid certificate for Nextcloud. Here is described how to set it up using an external caddy reverse proxy: https://github.com/nextcloud/all-in-one#how-to-get-nextcloud-running-using-the-acme-dns-challenge + +## 5. Use Cloudflare +If you do not have any control over the network, you may think about using Cloudflare Tunnel to get a valid certificate for your Nextcloud. However it will be opened to the public internet then. See https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-tunnel how to set this up. + +## 6. Buy a certificate and use that +If none of the above ways work for you, you may simply buy a certificate from an issuer for your domain. You then download the certificate onto your server, configure AIO in [reverse proxy mode](./reverse-proxy.md) and use the certificate for your domain in your reverse proxy config. + diff --git a/manual-install/latest.yml b/manual-install/latest.yml index 400141bd..6472f5e2 100644 --- a/manual-install/latest.yml +++ b/manual-install/latest.yml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + services: nextcloud-aio-apache: depends_on: diff --git a/manual-install/readme.md b/manual-install/readme.md index 6908db09..53097a44 100644 --- a/manual-install/readme.md +++ b/manual-install/readme.md @@ -1,54 +1,59 @@ -# Manual installation - -You can run the containers that are build for AIO with docker-compose. This comes with a few downsides, that are discussed below. - -### Advantages -- You can run it without a container having access to the docker socket -- You can modify all values on your own -- You can run the containers with docker swarm -- You can run this in environments where access to ghcr.io is not possible. See [this issue](https://github.com/nextcloud/all-in-one/discussions/5268). - -### Disadvantages -- You lose the AIO interface -- You lose update notifications and automatic updates -- You lose all AIO backup and restore features -- You lose the built-in [Docker Socket Proxy container](https://github.com/nextcloud/docker-socket-proxy#readme) and [HaRP container](https://github.com/nextcloud/HaRP) (needed for [Nextcloud App API](https://github.com/nextcloud/app_api#nextcloud-appapi)) -- You lose all community containers: https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers -- **You need to know what you are doing, especially when modifying the compose.yaml file** -- For updating, you need to strictly follow the at the bottom described update routine -- Probably more - -## How to use this? -First, install docker and docker-compose (v2) if not already done. Then simply run the following: -```bash -git clone https://github.com/nextcloud/all-in-one.git -cd all-in-one/manual-install -``` -Then copy the sample.conf to default environment file, e.g. `cp sample.conf .env`, open the new conf file, e.g. with `nano .env`, edit all values that are marked with `# TODO!`, close and save the file.
-⚠️ **Warning**: Do not use the symbols `@` and `:` in your passwords. These symbols are used to build database connection strings. You will experience issues when using these symbols! Also please note that values inside the latest.yaml that are not exposed as variables are not officially supported to be changed. See for example [this report](https://github.com/nextcloud/all-in-one/issues/5612). - -Now copy the provided yaml file to a compose.yaml file by running `cp latest.yml compose.yaml`. - -Now you should be ready to go with `sudo docker compose up`. - -## Docker profiles -The default profile of `latest.yml` only provide the minimum necessary services: nextcloud, database, redis and apache. To get optional services collabora, talk, whiteboard, talk-recording, clamav, imaginary or fulltextsearch use additional arguments for each of them, for example `--profile collabora`. - -For a complete all-in-one with collabora use `sudo docker compose --profile collabora --profile talk --profile talk-recording --profile clamav --profile imaginary --profile fulltextsearch --profile whiteboard up`. - -## How to update? -Since the AIO containers may change in the future, it is highly recommended to strictly follow the following procedure whenever you want to upgrade your containers. -1. If your previous copy of `sample.conf` is named `my.conf`, run `mv -vn my.conf .env` in order to rename the file to `.env`. -1. Run `sudo docker compose down` to stop all running containers -1. Back up all important files and folders -1. If your compose file is still named `docker-compose.yml` rename it to `compose.yaml` by running `mv -vn docker-compose.yml compose.yaml` -1. Run `git pull` in order to get the updated yaml files from the repository. Now bring your `compose.yaml` file up-to-date with the updated one from the repository. You can use `diff compose.yaml latest.yml` for comparing. ⚠️ **Please note**: Starting with AIO v5.1.0, ipv6 networking will be enabled by default, so make sure to either enable it first by following steps 1 and 2 of https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md and then proceed with the steps below or disable ipv6 networking by editing the compose.yaml file and removing ipv6 from the network. -1. Also have a look at the `sample.conf` if any variable was added or renamed and add that to your conf file as well. Here may help the diff command as well. -1. After the file update was successful, simply run `sudo docker compose pull` to pull the new images. -1. At the end run `sudo docker compose up` in order to start and update the containers with the new configuration. - -## FAQ -### Backup and restore? -If you leave `NEXTCLOUD_DATADIR` in your conf file at the default value of `nextcloud_aio_nextcloud_data` and don't modify the yaml file, all data will be stored inside docker volumes which are on Linux by default located here: `/var/lib/docker/volumes`. Simply backing up this location should be a valid backup solution. Then you can also easily restore in case something bad happens. However if you change `NEXTCLOUD_DATADIR` to a path like `/mnt/ncdata`, you obviously need to back up this location, too because the Nextcloud data will be stored there. The same applies to any change to the yaml file. - -Obviously you also need to back up the conf file and the yaml file if you modified it. + + +# Manual installation + +You can run the containers that are build for AIO with docker-compose. This comes with a few downsides, that are discussed below. + +### Advantages +- You can run it without a container having access to the docker socket +- You can modify all values on your own +- You can run the containers with docker swarm +- You can run this in environments where access to ghcr.io is not possible. See [this issue](https://github.com/nextcloud/all-in-one/discussions/5268). + +### Disadvantages +- You lose the AIO interface +- You lose update notifications and automatic updates +- You lose all AIO backup and restore features +- You lose the built-in [Docker Socket Proxy container](https://github.com/nextcloud/docker-socket-proxy#readme) and [HaRP container](https://github.com/nextcloud/HaRP) (needed for [Nextcloud App API](https://github.com/nextcloud/app_api#nextcloud-appapi)) +- You lose all community containers: https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers +- **You need to know what you are doing, especially when modifying the compose.yaml file** +- For updating, you need to strictly follow the at the bottom described update routine +- Probably more + +## How to use this? +First, install docker and docker-compose (v2) if not already done. Then simply run the following: +```bash +git clone https://github.com/nextcloud/all-in-one.git +cd all-in-one/manual-install +``` +Then copy the sample.conf to default environment file, e.g. `cp sample.conf .env`, open the new conf file, e.g. with `nano .env`, edit all values that are marked with `# TODO!`, close and save the file.
+⚠️ **Warning**: Do not use the symbols `@` and `:` in your passwords. These symbols are used to build database connection strings. You will experience issues when using these symbols! Also please note that values inside the latest.yaml that are not exposed as variables are not officially supported to be changed. See for example [this report](https://github.com/nextcloud/all-in-one/issues/5612). + +Now copy the provided yaml file to a compose.yaml file by running `cp latest.yml compose.yaml`. + +Now you should be ready to go with `sudo docker compose up`. + +## Docker profiles +The default profile of `latest.yml` only provide the minimum necessary services: nextcloud, database, redis and apache. To get optional services collabora, talk, whiteboard, talk-recording, clamav, imaginary or fulltextsearch use additional arguments for each of them, for example `--profile collabora`. + +For a complete all-in-one with collabora use `sudo docker compose --profile collabora --profile talk --profile talk-recording --profile clamav --profile imaginary --profile fulltextsearch --profile whiteboard up`. + +## How to update? +Since the AIO containers may change in the future, it is highly recommended to strictly follow the following procedure whenever you want to upgrade your containers. +1. If your previous copy of `sample.conf` is named `my.conf`, run `mv -vn my.conf .env` in order to rename the file to `.env`. +1. Run `sudo docker compose down` to stop all running containers +1. Back up all important files and folders +1. If your compose file is still named `docker-compose.yml` rename it to `compose.yaml` by running `mv -vn docker-compose.yml compose.yaml` +1. Run `git pull` in order to get the updated yaml files from the repository. Now bring your `compose.yaml` file up-to-date with the updated one from the repository. You can use `diff compose.yaml latest.yml` for comparing. ⚠️ **Please note**: Starting with AIO v5.1.0, ipv6 networking will be enabled by default, so make sure to either enable it first by following steps 1 and 2 of https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md and then proceed with the steps below or disable ipv6 networking by editing the compose.yaml file and removing ipv6 from the network. +1. Also have a look at the `sample.conf` if any variable was added or renamed and add that to your conf file as well. Here may help the diff command as well. +1. After the file update was successful, simply run `sudo docker compose pull` to pull the new images. +1. At the end run `sudo docker compose up` in order to start and update the containers with the new configuration. + +## FAQ +### Backup and restore? +If you leave `NEXTCLOUD_DATADIR` in your conf file at the default value of `nextcloud_aio_nextcloud_data` and don't modify the yaml file, all data will be stored inside docker volumes which are on Linux by default located here: `/var/lib/docker/volumes`. Simply backing up this location should be a valid backup solution. Then you can also easily restore in case something bad happens. However if you change `NEXTCLOUD_DATADIR` to a path like `/mnt/ncdata`, you obviously need to back up this location, too because the Nextcloud data will be stored there. The same applies to any change to the yaml file. + +Obviously you also need to back up the conf file and the yaml file if you modified it. diff --git a/manual-install/sample.conf b/manual-install/sample.conf index ec42b95e..cb33f0fd 100644 --- a/manual-install/sample.conf +++ b/manual-install/sample.conf @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + DATABASE_PASSWORD= # TODO! This needs to be a unique and good password! FULLTEXTSEARCH_PASSWORD= # TODO! This needs to be a unique and good password! IMAGINARY_SECRET= # TODO! This needs to be a unique and good password! diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh index 9130842a..7085fc21 100644 --- a/manual-install/update-yaml.sh +++ b/manual-install/update-yaml.sh @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + #!/bin/bash -ex type {jq,sudo} || { echo "Commands not found. Please install them"; exit 127; } diff --git a/manual-upgrade.md b/manual-upgrade.md index fbc07d3e..1d5bbfec 100644 --- a/manual-upgrade.md +++ b/manual-upgrade.md @@ -1,122 +1,127 @@ -# Manual upgrade - -If you do not update Nextcloud AIO for a long time (6+ months), when you eventually update in the AIO interface you will find Nextcloud no longer works. This is due to incompatible PHP versions within the nextcloud container. -There is unfortunately no way to fix this from a maintainer POV if you refrain from upgrading for so long. - -The only way to fix this on your side is upgrading regularly (e.g. by enabling daily backups which will also automatically upgrade all containers) and following the steps below to get back to a normal state: - ---- - -## Method 1 using `assaflavie/runlike` - -> [!Warning] -> Please note that this method is apparently currently broken. See https://help.nextcloud.com/t/manual-upgrade-keeps-failing/217164/10 -> So please refer to method 2 using Portainer. - -1. Start all containers from the AIO interface - - Now, it will report that Nextcloud is restarting because it is not able to start due to the above mentioned problem - - #### Do **not** click on `Stop containers` because you will need them running going forward, see below -2. Find out with which PHP version your installed Nextcloud is compatible by running `sudo docker exec nextcloud-aio-nextcloud cat lib/versioncheck.php`. - - There you will find information about the max. supported PHP version - - **Make a mental note of this** -3. Stop the Nextcloud container and the Apache container by running - ```bash - sudo docker stop nextcloud-aio-nextcloud && sudo docker stop nextcloud-aio-apache - ``` -4. Run the following commands in order to reverse engineer the Nextcloud container: - ```bash - sudo docker pull assaflavie/runlike - echo '#!/bin/bash' > /tmp/nextcloud-aio-nextcloud - sudo docker run --rm -v /var/run/docker.sock:/var/run/docker.sock assaflavie/runlike -p nextcloud-aio-nextcloud >> /tmp/nextcloud-aio-nextcloud - sudo chown root:root /tmp/nextcloud-aio-nextcloud - ``` -5. Now open `/tmp/nextcloud-aio-nextcloud` with a text editor, and edit the container tag: - - -| To change | Replace with | -|----------------------------------------|-----------------------------------------------------| -| `ghcr.io/nextcloud-releases/aio-nextcloud:latest` | `ghcr.io/nextcloud-releases/aio-nextcloud:php{version}-latest` | -| `ghcr.io/nextcloud-releases/aio-nextcloud:latest-arm64` | `ghcr.io/nextcloud-releases/aio-nextcloud:php{version}-latest-arm64` | - - - - - e.g. `ghcr.io/nextcloud-releases/aio-nextcloud:php8.0-latest` or `ghcr.io/nextcloud-releases/aio-nextcloud:php8.0-latest-arm64` - - However, if you are unsure check the ghcr.io (https://github.com/nextcloud-releases/all-in-one/pkgs/container/aio-nextcloud/versions?filters%5Bversion_type%5D=tagged) and docker hub: https://hub.docker.com/r/nextcloud/aio-nextcloud/tags?name=php - - Using nano and the arrow keys to navigate: - - `sudo nano /tmp/nextcloud-aio-nextcloud` making changes as above, then `[Ctrl]+[o]` -> `[Enter]` and `[Ctrl]+[x]` to save and exit. -6. Next, stop and remove the current container: - ```bash - sudo docker stop nextcloud-aio-nextcloud - sudo docker rm nextcloud-aio-nextcloud - ``` -7. Now start the Nextcloud container with the new tag by simply running `sudo bash /tmp/nextcloud-aio-nextcloud` which at startup should automatically upgrade Nextcloud to a more recent version. If not, make sure that there is no `skip.update` file in the Nextcloud datadir. If there is such a file, simply delete the file and restart the container again.
-**Info**: You can open the Nextcloud container logs with `sudo docker logs -f nextcloud-aio-nextcloud`. -8. After the Nextcloud container is started (you can tell by looking at the logs), simply restart the container again with `sudo docker restart nextcloud-aio-nextcloud` until it does not install a new Nextcloud update anymore upon the container startup. -9. Now, you should be able to use the AIO interface again by simply stopping the AIO containers and starting them again which should finally bring up your instance again. -10. If not and if you get the same error again, you may repeat the process starting from the beginning again until your Nextcloud version is finally up-to-date. -11. Now, if everything is finally running as usual again, it is recommended to create a backup in order to save the current state. Consider enabling daily backups if doing regular upgrades is a hassle for you. - ---- - -## Method 2 using Portainer -#### *Approach using portainer if method 1 does not work for you* - -Prerequisite: have all containers from AIO interface running. - -##### 1. Install portainer if not installed: -```bash -docker volume create portainer_data -docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest -``` -- If you have a reverse proxy - - you can setup and navigate using a domain name. -- For the **standard** AIO install - - Open port 9443 on your firewall - - navigate to `https://:9443` -- Accept the insecure self-signed certificate and set an admin password -- If prompted to add an environment - - add local - -##### 2. Within the local portainer environment navigate to the **containers** tab -- Here you should see all the various containers running - -##### 3. Now we need to stop the `nextcloud-aio-nextcloud` and `nextcloud-aio-apache` containers - -- This can be done by selecting the checkbox's next to the containers' name and clicking the **Stop** button at the top - - or you can click into individual containers and stop them there - -##### 4. Find the version of PHP compatible with the running nextcloud container -- navigate to ```nextcloud-aio-nextcloud``` and click on ```logs```, you should see something along the lines of: -```logs -This version of nextcloud is not compatible with >=php 8.2, you are currently running php 8.2.18 -``` -Make **note** of the version which is compatible, rounding down to 1 digit after the dot. - - In this example we would want php 8.1 since anything with 8.2 or above is incompatible - -##### 5. Find the correct container version -In general it should be ```ghcr.io/nextcloud-releases/aio-nextcloud:php8.x-latest-arm64``` or `ghcr.io/nextcloud-releases/aio-nextcloud:php8.x-latest` replacing `x` with the version you require. -However, if you are unsure check the ghcr.io (https://github.com/nextcloud-releases/all-in-one/pkgs/container/aio-nextcloud/versions?filters%5Bversion_type%5D=tagged) and docker hub: https://hub.docker.com/r/nextcloud/aio-nextcloud/tags?name=php - -##### 6. Replace the container -- Navigate to the ```nextcloud-aio-nextcloud``` container within portainer -- Click ```Duplicate/Edit``` -- Within image, change this to the correct version from Step 5 -- Click ```Deploy the container``` - - if you are prompted to force repull the image click the slider and press pull image - -*Navigate to the nextcloud-aio-nextcloud logs and you will see the container updating* - -Once you see no more activities in the logs or a message like ```NOTICE: ready to handle connections```, we've done it! - -#### Now you can handle everything through the AIO interface and stop and restart the containers normally. - ---- - -##### 7. Last Step is removing portainer if you don't want to keep it - -```bash -docker stop portainer -docker rm portainer -docker volume rm portainer_data -``` -- Make sure you close port 9443 on your firewall and delete any necessary reverse proxy hosts. + + +# Manual upgrade + +If you do not update Nextcloud AIO for a long time (6+ months), when you eventually update in the AIO interface you will find Nextcloud no longer works. This is due to incompatible PHP versions within the nextcloud container. +There is unfortunately no way to fix this from a maintainer POV if you refrain from upgrading for so long. + +The only way to fix this on your side is upgrading regularly (e.g. by enabling daily backups which will also automatically upgrade all containers) and following the steps below to get back to a normal state: + +--- + +## Method 1 using `assaflavie/runlike` + +> [!Warning] +> Please note that this method is apparently currently broken. See https://help.nextcloud.com/t/manual-upgrade-keeps-failing/217164/10 +> So please refer to method 2 using Portainer. + +1. Start all containers from the AIO interface + - Now, it will report that Nextcloud is restarting because it is not able to start due to the above mentioned problem + - #### Do **not** click on `Stop containers` because you will need them running going forward, see below +2. Find out with which PHP version your installed Nextcloud is compatible by running `sudo docker exec nextcloud-aio-nextcloud cat lib/versioncheck.php`. + - There you will find information about the max. supported PHP version + - **Make a mental note of this** +3. Stop the Nextcloud container and the Apache container by running + ```bash + sudo docker stop nextcloud-aio-nextcloud && sudo docker stop nextcloud-aio-apache + ``` +4. Run the following commands in order to reverse engineer the Nextcloud container: + ```bash + sudo docker pull assaflavie/runlike + echo '#!/bin/bash' > /tmp/nextcloud-aio-nextcloud + sudo docker run --rm -v /var/run/docker.sock:/var/run/docker.sock assaflavie/runlike -p nextcloud-aio-nextcloud >> /tmp/nextcloud-aio-nextcloud + sudo chown root:root /tmp/nextcloud-aio-nextcloud + ``` +5. Now open `/tmp/nextcloud-aio-nextcloud` with a text editor, and edit the container tag: + + +| To change | Replace with | +|----------------------------------------|-----------------------------------------------------| +| `ghcr.io/nextcloud-releases/aio-nextcloud:latest` | `ghcr.io/nextcloud-releases/aio-nextcloud:php{version}-latest` | +| `ghcr.io/nextcloud-releases/aio-nextcloud:latest-arm64` | `ghcr.io/nextcloud-releases/aio-nextcloud:php{version}-latest-arm64` | + + + + - e.g. `ghcr.io/nextcloud-releases/aio-nextcloud:php8.0-latest` or `ghcr.io/nextcloud-releases/aio-nextcloud:php8.0-latest-arm64` + - However, if you are unsure check the ghcr.io (https://github.com/nextcloud-releases/all-in-one/pkgs/container/aio-nextcloud/versions?filters%5Bversion_type%5D=tagged) and docker hub: https://hub.docker.com/r/nextcloud/aio-nextcloud/tags?name=php + - Using nano and the arrow keys to navigate: + - `sudo nano /tmp/nextcloud-aio-nextcloud` making changes as above, then `[Ctrl]+[o]` -> `[Enter]` and `[Ctrl]+[x]` to save and exit. +6. Next, stop and remove the current container: + ```bash + sudo docker stop nextcloud-aio-nextcloud + sudo docker rm nextcloud-aio-nextcloud + ``` +7. Now start the Nextcloud container with the new tag by simply running `sudo bash /tmp/nextcloud-aio-nextcloud` which at startup should automatically upgrade Nextcloud to a more recent version. If not, make sure that there is no `skip.update` file in the Nextcloud datadir. If there is such a file, simply delete the file and restart the container again.
+**Info**: You can open the Nextcloud container logs with `sudo docker logs -f nextcloud-aio-nextcloud`. +8. After the Nextcloud container is started (you can tell by looking at the logs), simply restart the container again with `sudo docker restart nextcloud-aio-nextcloud` until it does not install a new Nextcloud update anymore upon the container startup. +9. Now, you should be able to use the AIO interface again by simply stopping the AIO containers and starting them again which should finally bring up your instance again. +10. If not and if you get the same error again, you may repeat the process starting from the beginning again until your Nextcloud version is finally up-to-date. +11. Now, if everything is finally running as usual again, it is recommended to create a backup in order to save the current state. Consider enabling daily backups if doing regular upgrades is a hassle for you. + +--- + +## Method 2 using Portainer +#### *Approach using portainer if method 1 does not work for you* + +Prerequisite: have all containers from AIO interface running. + +##### 1. Install portainer if not installed: +```bash +docker volume create portainer_data +docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest +``` +- If you have a reverse proxy + - you can setup and navigate using a domain name. +- For the **standard** AIO install + - Open port 9443 on your firewall + - navigate to `https://:9443` +- Accept the insecure self-signed certificate and set an admin password +- If prompted to add an environment + - add local + +##### 2. Within the local portainer environment navigate to the **containers** tab +- Here you should see all the various containers running + +##### 3. Now we need to stop the `nextcloud-aio-nextcloud` and `nextcloud-aio-apache` containers + +- This can be done by selecting the checkbox's next to the containers' name and clicking the **Stop** button at the top + - or you can click into individual containers and stop them there + +##### 4. Find the version of PHP compatible with the running nextcloud container +- navigate to ```nextcloud-aio-nextcloud``` and click on ```logs```, you should see something along the lines of: +```logs +This version of nextcloud is not compatible with >=php 8.2, you are currently running php 8.2.18 +``` +Make **note** of the version which is compatible, rounding down to 1 digit after the dot. + - In this example we would want php 8.1 since anything with 8.2 or above is incompatible + +##### 5. Find the correct container version +In general it should be ```ghcr.io/nextcloud-releases/aio-nextcloud:php8.x-latest-arm64``` or `ghcr.io/nextcloud-releases/aio-nextcloud:php8.x-latest` replacing `x` with the version you require. +However, if you are unsure check the ghcr.io (https://github.com/nextcloud-releases/all-in-one/pkgs/container/aio-nextcloud/versions?filters%5Bversion_type%5D=tagged) and docker hub: https://hub.docker.com/r/nextcloud/aio-nextcloud/tags?name=php + +##### 6. Replace the container +- Navigate to the ```nextcloud-aio-nextcloud``` container within portainer +- Click ```Duplicate/Edit``` +- Within image, change this to the correct version from Step 5 +- Click ```Deploy the container``` + - if you are prompted to force repull the image click the slider and press pull image + +*Navigate to the nextcloud-aio-nextcloud logs and you will see the container updating* + +Once you see no more activities in the logs or a message like ```NOTICE: ready to handle connections```, we've done it! + +#### Now you can handle everything through the AIO interface and stop and restart the containers normally. + +--- + +##### 7. Last Step is removing portainer if you don't want to keep it + +```bash +docker stop portainer +docker rm portainer +docker volume rm portainer_data +``` +- Make sure you close port 9443 on your firewall and delete any necessary reverse proxy hosts. diff --git a/migration.md b/migration.md index 3cdf0e87..6a503662 100644 --- a/migration.md +++ b/migration.md @@ -1,3 +1,8 @@ + + # How to migrate from an already existing Nextcloud installation to Nextcloud AIO? There are basically three ways how to migrate from an already existing Nextcloud installation to Nextcloud AIO (if you ran AIO on the former installation already, you can follow [these steps](https://github.com/nextcloud/all-in-one#how-to-migrate-from-aio-to-aio)): diff --git a/multiple-instances.md b/multiple-instances.md index a0822739..a65b69bb 100644 --- a/multiple-instances.md +++ b/multiple-instances.md @@ -1,228 +1,233 @@ -# Multiple AIO instances -It is possible to run multiple instances of AIO on one server. - -There are two ways to achieve this: The normal way is creating multiple VMs, installing AIO in [reverse proxy mode](./reverse-proxy.md) in each of them and having one reverse proxy in front of them that points to each VM (you also need to [use a different `TALK_PORT`](https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port) for each of them). The second and more advanced way is creating multiple users on the server and using docker rootless for each of them in order to install multiple instances on the same server. - - -## Run multiple AIO instances on the same server with docker rootless -1. Create as many linux users as you need first. The easiest way is to use `sudo adduser` and follow the setup for that. Make sure to create a strong unique password for each of them and write it down! -1. Log in as each of the users by opening a new SSH connection as the user and install docker rootless for each of them by following step 0-1 and 3-4 of the [docker rootless documentation](./docker-rootless.md) (you can skip step 2 in this case). -1. Then install AIO in reverse proxy mode by using the command that is described in step 2 and 3 of the [reverse proxy documentation](./reverse-proxy.md) but use a different `APACHE_PORT` and [`TALK_PORT`](https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port) for each instance as otherwise it will bug out. Also make sure to adjust the docker socket and `WATCHTOWER_DOCKER_SOCKET_PATH` correctly for each of them by following step 6 of the [docker rootless documentation](./docker-rootless.md). Additionally, modify `--publish 8080:8080` to a different port for each container, e.g. `8081:8080` as otherwise it will not work.
-**⚠️ Please note:** If you want to adjust the `NEXTCLOUD_DATADIR`, make sure to apply the correct permissions to the chosen path as documented at the bottom of the [docker rootless documentation](./docker-rootless.md). Also for the built-in backup to work, the target path needs to have the correct permissions as documented there, too. -1. Now install your webserver of choice on the host system. It is recommended to use caddy for this as it is by far the easiest solution. You can do so by following https://caddyserver.com/docs/install#debian-ubuntu-raspbian or below. (It needs to be installed directly on the host or on a different server in the same network). -1. Next create your Caddyfile with multiple entries and domains for the different instances like described in step 1 of the [reverse proxy documentation](./reverse-proxy.md). Obviously each domain needs to point correctly to the chosen `APACHE_PORT` that you've configured before. Then start Caddy which should automatically get the needed certificates for you if your domains are configured correctly and ports 80 and 443 are forwarded to your server. -1. Now open each of the AIO interfaces by opening `https://ip.address.of.this.server:8080` or e.g. `https://ip.address.of.this.server:8081` or as chosen during step 3 of this documentation. -1. Finally type in the domain that you've configured for each of the instances during step 5 of this documentation and you are done. -1. Please also do not forget to open/forward each chosen `TALK_PORT` UDP and TCP in your firewall/router as otherwise Talk will not work correctly! - -Now everything should be set up correctly and you should have created multiple working instances of AIO on the same server! - - -## Run multiple AIO instances on the same server inside their own virtual machines -This guide will walk you through creating and configuring two (or more) Debian-based VMs (with "reverse proxy mode" Nextcloud AIO installed in each VM), behind one Caddy reverse proxy, all running on one host physical machine (like a laptop or desktop PC). It's highly recommend to follow the steps in order. Steps 1 through 4 will need to be repeated. Steps 5 through 8 only need to be completed once. All commands are expected to be run as root. - -
PLEASE READ: A few expectations about your network -This guide assumes that you have forwarded ports 443 and 8443 to your host physical machine via your router's configuration page, and either set up Dynamic DNS or obtained a static outbound IP address from your ISP. If this is not the case, or if you are brand-new to networking, you probably should not proceed with this guide, unless you are just using it for educational purposes. Proper network setup and security is critical when it comes to keeping your data safe. You may consider hosting using a VPS instead, or choosing one of Nextcloud's trusted providers. -
- -
A note for VPS users -If you want to do this on a VPS, and your VPS is KVM-based and provides a static IP address, you can likely benefit from this guide too! Simply replace the words "host physical machine" with "VPS" and follow along. -
- -**Before starting:** Make sure your host physical machine has enough resources. A host machine with 8GB RAM and 100GB storage is sufficient for running two fairly minimal VMs, with 2GB RAM and 32GB storage allocated to each VM. This guide assumes you have these resources at the minimum. This is fine for just testing the setup, but you will probably want to allocate more resources to your VMs if you plan to use this for day-to-day use. -If your host machine has more than 8GB memory available, and you plan to enable any of the optional containers (Nextcloud Office, Talk, Imaginary, etc.) in any of your instances, then you should definitely allocate more memory to the VM hosting that instance. In other words, before turning on any extra features inside a particular AIO interface, make sure you've first allocated enough resources to the VM that the instance is running inside. If in doubt, the AIO interface itself gives great recommendations for extra CPU and RAM allocation. - -**Additional prerequisites:** Your host physical machine needs to have virtualization enabled in it's UEFI/BIOS. It also needs a few tools installed in order to create VMs. Assuming your host machine is a bare-bones Ubuntu or Debian Linux server without a desktop environment installed, the easiest way to create VMs is to install *QEMU*, *virsh*, *virt-install*, and a few extra packages to support UEFI booting and network config ([more info](https://wiki.debian.org/KVM)). You only need to do this once. To do this, run this command (**on the host physical machine**): - -```shell -# For host machines running Ubuntu Server or Debian: -apt install --no-install-recommends qemu-system qemu-utils libvirt-clients libvirt-daemon-system virtinst ovmf bridge-utils dnsmasq-base -``` - -**Let's begin!** This guide assumes that you have two domains where you would like to host two individual AIO instances (one instance per domain). Let's call these domains `example1.com` and `example2.com`. Therefore, we'll create two VMs named `example1-com` and `example2-com` (These are the VM names we'll use below in step 1). - -**Once you're ready, follow steps 1-4 below to set up your VMs. You will configure them one at a time.** - -1. Choose a name for your VM. A good choice is to name each VM the same as the domain name that will be used to access it. -2. Choose the distribution you'd like to install within the VM: -
Ubuntu Server 22.04.4 LTS -

Downloading the .ISO image

- You must first download an .ISO image to your host machine, and then provide virt-install with the path to that image. - - 
# Skip this part if you've already downloaded this image
-   curl -o /tmp/ubuntu-22.04.4-live-server-amd64.iso https://releases.ubuntu.com/jammy/ubuntu-22.04.4-live-server-amd64.iso
-
- Note: You may choose a different place to store the .ISO file, but it needs to be somewhere accessible by QEMU. "/tmp" and "/home" work well, but choosing a location like "/root" will cause the next command to fail. -

Creating the VM

- Now create the Ubuntu Server VM (Don't forget to replace [VM_NAME]): - 
virt-install \
-   --name [VM_NAME] \
-   --virt-type kvm \
-   --location /tmp/ubuntu-22.04.4-live-server-amd64.iso,kernel=casper/vmlinuz,initrd=casper/initrd \
-   --os-variant ubuntujammy \
-   --disk size=32 \
-   --memory 2048 \
-   --graphics none \
-   --console pty,target_type=serial \
-   --extra-args "console=ttyS0" \
-   --autostart \
-   --boot uefi
-
-

Using a different version of Ubuntu Server

- To use a different Ubuntu Server release, visit this page and find the version you want. You will need to adjust the filename and URL for the curl command, and the location and os-variant for the virt-install command, accordingly. -
-
Debian 11 -

Creating the VM

- Create the Debian VM (Don't forget to replace [VM_NAME]): - 
virt-install \
-   --name [VM_NAME] \
-   --virt-type kvm \
-   --location http://deb.debian.org/debian/dists/bullseye/main/installer-amd64/ \
-   --os-variant debian11 \
-   --disk size=32 \
-   --memory 2048 \
-   --graphics none \
-   --console pty,target_type=serial \
-   --extra-args "console=ttyS0" \
-   --autostart \
-   --boot uefi
-
-
-
Debian 12 -

Creating the VM

- Create the Debian VM (Don't forget to replace [VM_NAME]): - 
# If the os-variant "debian12" is unknown, try "debiantesting" instead
-   virt-install \
-   --name [VM_NAME] \
-   --virt-type kvm \
-   --location http://deb.debian.org/debian/dists/bookworm/main/installer-amd64/ \
-   --os-variant debian12 \
-   --disk size=32 \
-   --memory 2048 \
-   --graphics none \
-   --console pty,target_type=serial \
-   --extra-args "console=ttyS0" \
-   --autostart \
-   --boot uefi
-
-
- -3. Navigate through the text-based installer. Most options can remain as default, but here are some tips: -
For the Ubuntu Server installer - When asked about the "type of installation", you can leave the default "Ubuntu Server" without third-party drivers. You can leave the HTTP proxy information blank. In the "Profile Configuration" section, you can set "Your servers name" (hostname) to the same value as the name you gave to your VM (for example, "example1-com"). The installer will only let you create a non-root user. Note down the password you use here! You may skip enabling Ubuntu Pro. You can allow the partitioner to use the entire disk, this only uses the virtual disk that you defined above in step 2. You'll eventually be given the option to install additional software. Although "Nextcloud" is listed here, you almost certainly do not want to select this option, since you are setting up Nextcloud AIO. You'll be asked about installing "SSH server", this is entirely optional (This lets you easily SSH into the VM in the future in case you have to perform any maintenance, but even if you do not install an SSH server, you can still log in using the "virsh console" command). Finally, disregard the "[FAILED] Failed unmounting /cdrom." message, and press return. -
-
For the Debian installer - When asked, you can set the hostname to the same value as the name you gave to your VM (for example, "example1-com"). You can leave the domain name and HTTP proxy information blank. Allow the installer to create both a root and a non-root user. Note down the password(s) you use here! You can allow the partitioner to use the entire disk, this only uses the virtual disk that you defined above in step 2. When tasksel (Software selection) runs and asks if you want to install additional software, use spacebar and your arrow keys to un-check the "Debian desktop environment" and "GNOME" options. The "SSH server" option is entirely optional (This lets you easily SSH into the VM in the future in case you have to perform any maintenance, but even if you do not install an SSH server, you can still log in using the "virsh console" command). Make sure "standard system utilities" is also checked. Hit tab to select "Continue". Finally, disregard the warning about GRUB, allow it to install to your "primary drive" (again, it's only virtual, and this only applies to the VM- this will not affect the boot configuration of your host physical machine) and select "/dev/vda" for the bootable device. -
-4. Configure your new VM: - - After it has finished installing, the VM will have rebooted and presented you with a login prompt. For Debian, just use `root` as the username, and enter the password you chose during the installation process. Ubuntu restricts root account access, so you'll need to first login with your non-root user, and then run `sudo su -` to elevate your privileges. - - We will now run a few commands to install docker and AIO in reverse proxy mode! As with any other commands, carefully read and try your best to understand them before running them. - - **Each time you reach this step and run the `docker run` command below, you'll need to increment the `TALK_PORT` value. For example: 3478, 3479, etc... You may use other values as long as they don't conflict, and make sure they are [greater than 1024](https://github.com/nextcloud/all-in-one/discussions/2517). Be sure to note down the Talk port number you've assigned to this VM/AIO instance. You will need it later if you decide to enable Nextcloud Talk.** - - Run these commands (**on the VM**): - ```shell - apt install -y curl - - curl -fsSL https://get.docker.com | sh - - # Make sure you increment the TALK_PORT value every time you run this! - docker run \ - --init \ - --sig-proxy=false \ - --name nextcloud-aio-mastercontainer \ - --restart always \ - --publish 8080:8080 \ - --env APACHE_PORT=11000 \ - --env APACHE_IP_BINDING=0.0.0.0 \ - --env TALK_PORT=3478 \ - --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \ - --volume /var/run/docker.sock:/var/run/docker.sock:ro \ - ghcr.io/nextcloud-releases/all-in-one:latest - ``` - The last command may take a few minutes. When it's finished, you should see a success message, saying "Initial startup of Nextcloud All-in-One complete!". Now exit the console session with `Ctrl + [c]`. This concludes the setup for this particular VM. - - - --- -6. Go ahead and run through steps 1-4 again in order to set up your second VM. When you're finished, proceed down to step 6. *(Note: If you downloaded the Ubuntu .ISO image and no longer need it, you may delete it now.)* -7. Almost done! All that's left is configuring your reverse proxy. To do this, you first need to [install it](https://caddyserver.com/docs/install#debian-ubuntu-raspbian). Run (**on the host physical machine**): - ```shell - apt update -y - apt install -y debian-keyring debian-archive-keyring apt-transport-https curl - curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg - curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list - apt update -y - apt install -y caddy - ``` - These commands will ensure that your system is up-to-date and install the latest stable version of Caddy via it's official binary source. -8. To configure Caddy, you need to know the IP address assigned to each VM. Run (**on the host physical machine**): - ```shell - virsh net-dhcp-leases default - ``` - This will show you the VMs you set up, and the IP address corresponding to each of them. Note down each IP and corresponding hostname. - Finally, you will configure Caddy using this information. Open the default Caddyfile with a text editor: - ```shell - nano /etc/caddy/Caddyfile - ``` - Replace everything in this file with the following configuration. Don't forget to edit this sample configuration and substitute in your own domain names and IP addresses. `[DOMAIN_NAME_*]` should be a domain name like `example1.com`, and `[IP_ADDRESS_*]` should be a local IPv4 address like `192.168.122.225`. - ```shell - # Virtual machine #1 - "example1-com" - https://[DOMAIN_NAME_1]:8443 { - reverse_proxy https://[IP_ADDRESS_1]:8080 { - header_up Host {host} - transport http { - tls_insecure_skip_verify - } - } - } - https://[DOMAIN_NAME_1]:443 { - reverse_proxy [IP_ADDRESS_1]:11000 - } - - # Virtual machine #2 - "example2-com" - https://[DOMAIN_NAME_2]:8443 { - reverse_proxy https://[IP_ADDRESS_2]:8080 { - header_up Host {host} - transport http { - tls_insecure_skip_verify - } - } - } - https://[DOMAIN_NAME_2]:443 { - reverse_proxy [IP_ADDRESS_2]:11000 - } - - # (Add more configurations here if you set up more than two VMs!) - ``` - After making this change, you'll need to restart Caddy: - ```shell - systemctl restart caddy - ``` -9. That's it! Now, all that's left is to set up your instances through the AIO interface as usual by visiting `https://example1.com:8443` and `https://example2.com:8443` in a browser. Once you're finished going through each setup, you can access your new instances simply through their domain names. You can host as many instances with as many domain names as you want this way, as long as you have enough system resources. Enjoy! - -
A few extra tips for managing this setup -
    -
  • You can easily connect to a VM to perform maintenance using this command (on the host physical machine): 
    virsh console --domain [VM_NAME]
    • -
  • If you chose to install an SSH Server, you can SSH in using this command (on the host physical machine): 
    ssh [NONROOT_USER]@[IP_ADDRESS] # By default, OpenSSH does not allow logging in as root
    • -
  • If you mess up the configuration of a VM, you may wish to completely delete it and start fresh with a new one. THIS WILL DELETE ALL DATA ASSOCIATED WITH THE VM INCLUDING ANYTHING IN YOUR AIO DATADIR! If you are sure you would like to do this, run (on the host physical machine): 
    virsh destroy --domain [VM_NAME] ; virsh undefine --nvram --domain [VM_NAME] && rm -rfi /var/lib/libvirt/images/[VM_NAME].qcow2
    • -
  • Using Nextcloud Talk will require some extra configuration. Back when you set up your VMs, they were (by default) configured with NAT, meaning they are in their own subnet. The VMs must each instead be bridged, so that your router may directly "see" them (as if they were real, physical devices on your network), and each AIO instance inside each VM must be configured with a different Talk port (like 3478, 3479, etc.). You should have already set these port numbers (back when you first configured the VM in step 4 above), but if you still need to set (or want to change) these values, you can remove the mastercontainer and re-run the initial "docker run" command with a modified Talk port like so. Then, the Talk port for EACH instance needs to be forwarded in your router's settings DIRECTLY to the VM hosting the instance (completely bypassing your host physical machine/reverse proxy). And finally, inside an admin-privileged account (such as the default "admin" account) in each instance, you must visit https://[DOMAIN_NAME]/settings/admin/talk then find the STUN/TURN Settings, and from there set the proper values. If this is too complicated, it may be easier to use public STUN/TURN servers, but I have not tested any of this, rather I'm just sharing what I have found so far (more info available here). If you have figured this out or if any of this information is incorrect, please edit this section!
    • -
  • Configuring daily automatic backups is a bit more involved with this setup. But for the occasional manual borg backup, you can connect a physical SSD/HDD via a cheap USB SATA adapter/dock to a free USB port on your host physical machine, and then use these commands to pass the disk through to a VM of your choosing (on the host physical machine and on the VM): 
    virsh attach-device --live --domain [VM_NAME] --file [USB_DEVICE_DEFINITION.xml]
-   virsh console --domain [VM_NAME]
-   # (Login to the VM with root privileges)
-   mkdir -p /mnt/[MOUNT_NAME]
-   mount /dev/disk/by-label/[DISK_NAME] /mnt/[MOUNT_NAME]
    • - To create the XML device definition file, see this short guide. An SSD/HDD is recommended, but nothing is stopping you from using something as simple as a flash drive for testing if you really want. Finally, to actually perform a manual backup, make sure your disk is properly mounted and then simply use the AIO interface to perform the backup. -
  • If you want to shave off around 8-10 seconds of total boot time when you reboot your host physical machine, a simple trick is to lower the GRUB_TIMEOUT from the default five seconds to one second, on both the host physical machine and each of the VMs. You can also remove the delay, but it's generally safer to leave at least one second. (Always be extremely careful when editing GRUB config, especially on the host physical machine, as an incorrect configuration can prevent your device from booting!)
    • -
-
+ + +# Multiple AIO instances +It is possible to run multiple instances of AIO on one server. + +There are two ways to achieve this: The normal way is creating multiple VMs, installing AIO in [reverse proxy mode](./reverse-proxy.md) in each of them and having one reverse proxy in front of them that points to each VM (you also need to [use a different `TALK_PORT`](https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port) for each of them). The second and more advanced way is creating multiple users on the server and using docker rootless for each of them in order to install multiple instances on the same server. + + +## Run multiple AIO instances on the same server with docker rootless +1. Create as many linux users as you need first. The easiest way is to use `sudo adduser` and follow the setup for that. Make sure to create a strong unique password for each of them and write it down! +1. Log in as each of the users by opening a new SSH connection as the user and install docker rootless for each of them by following step 0-1 and 3-4 of the [docker rootless documentation](./docker-rootless.md) (you can skip step 2 in this case). +1. Then install AIO in reverse proxy mode by using the command that is described in step 2 and 3 of the [reverse proxy documentation](./reverse-proxy.md) but use a different `APACHE_PORT` and [`TALK_PORT`](https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port) for each instance as otherwise it will bug out. Also make sure to adjust the docker socket and `WATCHTOWER_DOCKER_SOCKET_PATH` correctly for each of them by following step 6 of the [docker rootless documentation](./docker-rootless.md). Additionally, modify `--publish 8080:8080` to a different port for each container, e.g. `8081:8080` as otherwise it will not work.
+**⚠️ Please note:** If you want to adjust the `NEXTCLOUD_DATADIR`, make sure to apply the correct permissions to the chosen path as documented at the bottom of the [docker rootless documentation](./docker-rootless.md). Also for the built-in backup to work, the target path needs to have the correct permissions as documented there, too. +1. Now install your webserver of choice on the host system. It is recommended to use caddy for this as it is by far the easiest solution. You can do so by following https://caddyserver.com/docs/install#debian-ubuntu-raspbian or below. (It needs to be installed directly on the host or on a different server in the same network). +1. Next create your Caddyfile with multiple entries and domains for the different instances like described in step 1 of the [reverse proxy documentation](./reverse-proxy.md). Obviously each domain needs to point correctly to the chosen `APACHE_PORT` that you've configured before. Then start Caddy which should automatically get the needed certificates for you if your domains are configured correctly and ports 80 and 443 are forwarded to your server. +1. Now open each of the AIO interfaces by opening `https://ip.address.of.this.server:8080` or e.g. `https://ip.address.of.this.server:8081` or as chosen during step 3 of this documentation. +1. Finally type in the domain that you've configured for each of the instances during step 5 of this documentation and you are done. +1. Please also do not forget to open/forward each chosen `TALK_PORT` UDP and TCP in your firewall/router as otherwise Talk will not work correctly! + +Now everything should be set up correctly and you should have created multiple working instances of AIO on the same server! + + +## Run multiple AIO instances on the same server inside their own virtual machines +This guide will walk you through creating and configuring two (or more) Debian-based VMs (with "reverse proxy mode" Nextcloud AIO installed in each VM), behind one Caddy reverse proxy, all running on one host physical machine (like a laptop or desktop PC). It's highly recommend to follow the steps in order. Steps 1 through 4 will need to be repeated. Steps 5 through 8 only need to be completed once. All commands are expected to be run as root. + +
PLEASE READ: A few expectations about your network +This guide assumes that you have forwarded ports 443 and 8443 to your host physical machine via your router's configuration page, and either set up Dynamic DNS or obtained a static outbound IP address from your ISP. If this is not the case, or if you are brand-new to networking, you probably should not proceed with this guide, unless you are just using it for educational purposes. Proper network setup and security is critical when it comes to keeping your data safe. You may consider hosting using a VPS instead, or choosing one of Nextcloud's trusted providers. +
+ +
A note for VPS users +If you want to do this on a VPS, and your VPS is KVM-based and provides a static IP address, you can likely benefit from this guide too! Simply replace the words "host physical machine" with "VPS" and follow along. +
+ +**Before starting:** Make sure your host physical machine has enough resources. A host machine with 8GB RAM and 100GB storage is sufficient for running two fairly minimal VMs, with 2GB RAM and 32GB storage allocated to each VM. This guide assumes you have these resources at the minimum. This is fine for just testing the setup, but you will probably want to allocate more resources to your VMs if you plan to use this for day-to-day use. +If your host machine has more than 8GB memory available, and you plan to enable any of the optional containers (Nextcloud Office, Talk, Imaginary, etc.) in any of your instances, then you should definitely allocate more memory to the VM hosting that instance. In other words, before turning on any extra features inside a particular AIO interface, make sure you've first allocated enough resources to the VM that the instance is running inside. If in doubt, the AIO interface itself gives great recommendations for extra CPU and RAM allocation. + +**Additional prerequisites:** Your host physical machine needs to have virtualization enabled in it's UEFI/BIOS. It also needs a few tools installed in order to create VMs. Assuming your host machine is a bare-bones Ubuntu or Debian Linux server without a desktop environment installed, the easiest way to create VMs is to install *QEMU*, *virsh*, *virt-install*, and a few extra packages to support UEFI booting and network config ([more info](https://wiki.debian.org/KVM)). You only need to do this once. To do this, run this command (**on the host physical machine**): + +```shell +# For host machines running Ubuntu Server or Debian: +apt install --no-install-recommends qemu-system qemu-utils libvirt-clients libvirt-daemon-system virtinst ovmf bridge-utils dnsmasq-base +``` + +**Let's begin!** This guide assumes that you have two domains where you would like to host two individual AIO instances (one instance per domain). Let's call these domains `example1.com` and `example2.com`. Therefore, we'll create two VMs named `example1-com` and `example2-com` (These are the VM names we'll use below in step 1). + +**Once you're ready, follow steps 1-4 below to set up your VMs. You will configure them one at a time.** + +1. Choose a name for your VM. A good choice is to name each VM the same as the domain name that will be used to access it. +2. Choose the distribution you'd like to install within the VM: +
Ubuntu Server 22.04.4 LTS +

Downloading the .ISO image

+ You must first download an .ISO image to your host machine, and then provide virt-install with the path to that image. + + 
# Skip this part if you've already downloaded this image
+   curl -o /tmp/ubuntu-22.04.4-live-server-amd64.iso https://releases.ubuntu.com/jammy/ubuntu-22.04.4-live-server-amd64.iso
+
+ Note: You may choose a different place to store the .ISO file, but it needs to be somewhere accessible by QEMU. "/tmp" and "/home" work well, but choosing a location like "/root" will cause the next command to fail. +

Creating the VM

+ Now create the Ubuntu Server VM (Don't forget to replace [VM_NAME]): + 
virt-install \
+   --name [VM_NAME] \
+   --virt-type kvm \
+   --location /tmp/ubuntu-22.04.4-live-server-amd64.iso,kernel=casper/vmlinuz,initrd=casper/initrd \
+   --os-variant ubuntujammy \
+   --disk size=32 \
+   --memory 2048 \
+   --graphics none \
+   --console pty,target_type=serial \
+   --extra-args "console=ttyS0" \
+   --autostart \
+   --boot uefi
+
+

Using a different version of Ubuntu Server

+ To use a different Ubuntu Server release, visit this page and find the version you want. You will need to adjust the filename and URL for the curl command, and the location and os-variant for the virt-install command, accordingly. +
+
Debian 11 +

Creating the VM

+ Create the Debian VM (Don't forget to replace [VM_NAME]): + 
virt-install \
+   --name [VM_NAME] \
+   --virt-type kvm \
+   --location http://deb.debian.org/debian/dists/bullseye/main/installer-amd64/ \
+   --os-variant debian11 \
+   --disk size=32 \
+   --memory 2048 \
+   --graphics none \
+   --console pty,target_type=serial \
+   --extra-args "console=ttyS0" \
+   --autostart \
+   --boot uefi
+
+
+
Debian 12 +

Creating the VM

+ Create the Debian VM (Don't forget to replace [VM_NAME]): + 
# If the os-variant "debian12" is unknown, try "debiantesting" instead
+   virt-install \
+   --name [VM_NAME] \
+   --virt-type kvm \
+   --location http://deb.debian.org/debian/dists/bookworm/main/installer-amd64/ \
+   --os-variant debian12 \
+   --disk size=32 \
+   --memory 2048 \
+   --graphics none \
+   --console pty,target_type=serial \
+   --extra-args "console=ttyS0" \
+   --autostart \
+   --boot uefi
+
+
+ +3. Navigate through the text-based installer. Most options can remain as default, but here are some tips: +
For the Ubuntu Server installer + When asked about the "type of installation", you can leave the default "Ubuntu Server" without third-party drivers. You can leave the HTTP proxy information blank. In the "Profile Configuration" section, you can set "Your servers name" (hostname) to the same value as the name you gave to your VM (for example, "example1-com"). The installer will only let you create a non-root user. Note down the password you use here! You may skip enabling Ubuntu Pro. You can allow the partitioner to use the entire disk, this only uses the virtual disk that you defined above in step 2. You'll eventually be given the option to install additional software. Although "Nextcloud" is listed here, you almost certainly do not want to select this option, since you are setting up Nextcloud AIO. You'll be asked about installing "SSH server", this is entirely optional (This lets you easily SSH into the VM in the future in case you have to perform any maintenance, but even if you do not install an SSH server, you can still log in using the "virsh console" command). Finally, disregard the "[FAILED] Failed unmounting /cdrom." message, and press return. +
+
For the Debian installer + When asked, you can set the hostname to the same value as the name you gave to your VM (for example, "example1-com"). You can leave the domain name and HTTP proxy information blank. Allow the installer to create both a root and a non-root user. Note down the password(s) you use here! You can allow the partitioner to use the entire disk, this only uses the virtual disk that you defined above in step 2. When tasksel (Software selection) runs and asks if you want to install additional software, use spacebar and your arrow keys to un-check the "Debian desktop environment" and "GNOME" options. The "SSH server" option is entirely optional (This lets you easily SSH into the VM in the future in case you have to perform any maintenance, but even if you do not install an SSH server, you can still log in using the "virsh console" command). Make sure "standard system utilities" is also checked. Hit tab to select "Continue". Finally, disregard the warning about GRUB, allow it to install to your "primary drive" (again, it's only virtual, and this only applies to the VM- this will not affect the boot configuration of your host physical machine) and select "/dev/vda" for the bootable device. +
+4. Configure your new VM: + + After it has finished installing, the VM will have rebooted and presented you with a login prompt. For Debian, just use `root` as the username, and enter the password you chose during the installation process. Ubuntu restricts root account access, so you'll need to first login with your non-root user, and then run `sudo su -` to elevate your privileges. + + We will now run a few commands to install docker and AIO in reverse proxy mode! As with any other commands, carefully read and try your best to understand them before running them. + + **Each time you reach this step and run the `docker run` command below, you'll need to increment the `TALK_PORT` value. For example: 3478, 3479, etc... You may use other values as long as they don't conflict, and make sure they are [greater than 1024](https://github.com/nextcloud/all-in-one/discussions/2517). Be sure to note down the Talk port number you've assigned to this VM/AIO instance. You will need it later if you decide to enable Nextcloud Talk.** + + Run these commands (**on the VM**): + ```shell + apt install -y curl + + curl -fsSL https://get.docker.com | sh + + # Make sure you increment the TALK_PORT value every time you run this! + docker run \ + --init \ + --sig-proxy=false \ + --name nextcloud-aio-mastercontainer \ + --restart always \ + --publish 8080:8080 \ + --env APACHE_PORT=11000 \ + --env APACHE_IP_BINDING=0.0.0.0 \ + --env TALK_PORT=3478 \ + --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \ + --volume /var/run/docker.sock:/var/run/docker.sock:ro \ + ghcr.io/nextcloud-releases/all-in-one:latest + ``` + The last command may take a few minutes. When it's finished, you should see a success message, saying "Initial startup of Nextcloud All-in-One complete!". Now exit the console session with `Ctrl + [c]`. This concludes the setup for this particular VM. + + + --- +6. Go ahead and run through steps 1-4 again in order to set up your second VM. When you're finished, proceed down to step 6. *(Note: If you downloaded the Ubuntu .ISO image and no longer need it, you may delete it now.)* +7. Almost done! All that's left is configuring your reverse proxy. To do this, you first need to [install it](https://caddyserver.com/docs/install#debian-ubuntu-raspbian). Run (**on the host physical machine**): + ```shell + apt update -y + apt install -y debian-keyring debian-archive-keyring apt-transport-https curl + curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg + curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list + apt update -y + apt install -y caddy + ``` + These commands will ensure that your system is up-to-date and install the latest stable version of Caddy via it's official binary source. +8. To configure Caddy, you need to know the IP address assigned to each VM. Run (**on the host physical machine**): + ```shell + virsh net-dhcp-leases default + ``` + This will show you the VMs you set up, and the IP address corresponding to each of them. Note down each IP and corresponding hostname. + Finally, you will configure Caddy using this information. Open the default Caddyfile with a text editor: + ```shell + nano /etc/caddy/Caddyfile + ``` + Replace everything in this file with the following configuration. Don't forget to edit this sample configuration and substitute in your own domain names and IP addresses. `[DOMAIN_NAME_*]` should be a domain name like `example1.com`, and `[IP_ADDRESS_*]` should be a local IPv4 address like `192.168.122.225`. + ```shell + # Virtual machine #1 - "example1-com" + https://[DOMAIN_NAME_1]:8443 { + reverse_proxy https://[IP_ADDRESS_1]:8080 { + header_up Host {host} + transport http { + tls_insecure_skip_verify + } + } + } + https://[DOMAIN_NAME_1]:443 { + reverse_proxy [IP_ADDRESS_1]:11000 + } + + # Virtual machine #2 - "example2-com" + https://[DOMAIN_NAME_2]:8443 { + reverse_proxy https://[IP_ADDRESS_2]:8080 { + header_up Host {host} + transport http { + tls_insecure_skip_verify + } + } + } + https://[DOMAIN_NAME_2]:443 { + reverse_proxy [IP_ADDRESS_2]:11000 + } + + # (Add more configurations here if you set up more than two VMs!) + ``` + After making this change, you'll need to restart Caddy: + ```shell + systemctl restart caddy + ``` +9. That's it! Now, all that's left is to set up your instances through the AIO interface as usual by visiting `https://example1.com:8443` and `https://example2.com:8443` in a browser. Once you're finished going through each setup, you can access your new instances simply through their domain names. You can host as many instances with as many domain names as you want this way, as long as you have enough system resources. Enjoy! + +
A few extra tips for managing this setup +
    +
  • You can easily connect to a VM to perform maintenance using this command (on the host physical machine): 
    virsh console --domain [VM_NAME]
    • +
  • If you chose to install an SSH Server, you can SSH in using this command (on the host physical machine): 
    ssh [NONROOT_USER]@[IP_ADDRESS] # By default, OpenSSH does not allow logging in as root
    • +
  • If you mess up the configuration of a VM, you may wish to completely delete it and start fresh with a new one. THIS WILL DELETE ALL DATA ASSOCIATED WITH THE VM INCLUDING ANYTHING IN YOUR AIO DATADIR! If you are sure you would like to do this, run (on the host physical machine): 
    virsh destroy --domain [VM_NAME] ; virsh undefine --nvram --domain [VM_NAME] && rm -rfi /var/lib/libvirt/images/[VM_NAME].qcow2
    • +
  • Using Nextcloud Talk will require some extra configuration. Back when you set up your VMs, they were (by default) configured with NAT, meaning they are in their own subnet. The VMs must each instead be bridged, so that your router may directly "see" them (as if they were real, physical devices on your network), and each AIO instance inside each VM must be configured with a different Talk port (like 3478, 3479, etc.). You should have already set these port numbers (back when you first configured the VM in step 4 above), but if you still need to set (or want to change) these values, you can remove the mastercontainer and re-run the initial "docker run" command with a modified Talk port like so. Then, the Talk port for EACH instance needs to be forwarded in your router's settings DIRECTLY to the VM hosting the instance (completely bypassing your host physical machine/reverse proxy). And finally, inside an admin-privileged account (such as the default "admin" account) in each instance, you must visit https://[DOMAIN_NAME]/settings/admin/talk then find the STUN/TURN Settings, and from there set the proper values. If this is too complicated, it may be easier to use public STUN/TURN servers, but I have not tested any of this, rather I'm just sharing what I have found so far (more info available here). If you have figured this out or if any of this information is incorrect, please edit this section!
    • +
  • Configuring daily automatic backups is a bit more involved with this setup. But for the occasional manual borg backup, you can connect a physical SSD/HDD via a cheap USB SATA adapter/dock to a free USB port on your host physical machine, and then use these commands to pass the disk through to a VM of your choosing (on the host physical machine and on the VM): 
    virsh attach-device --live --domain [VM_NAME] --file [USB_DEVICE_DEFINITION.xml]
+   virsh console --domain [VM_NAME]
+   # (Login to the VM with root privileges)
+   mkdir -p /mnt/[MOUNT_NAME]
+   mount /dev/disk/by-label/[DISK_NAME] /mnt/[MOUNT_NAME]
    • + To create the XML device definition file, see this short guide. An SSD/HDD is recommended, but nothing is stopping you from using something as simple as a flash drive for testing if you really want. Finally, to actually perform a manual backup, make sure your disk is properly mounted and then simply use the AIO interface to perform the backup. +
  • If you want to shave off around 8-10 seconds of total boot time when you reboot your host physical machine, a simple trick is to lower the GRUB_TIMEOUT from the default five seconds to one second, on both the host physical machine and each of the VMs. You can also remove the delay, but it's generally safer to leave at least one second. (Always be extremely careful when editing GRUB config, especially on the host physical machine, as an incorrect configuration can prevent your device from booting!)
    • +
+
diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml index 6ac4bfc6..463066b8 100755 --- a/nextcloud-aio-helm-chart/Chart.yaml +++ b/nextcloud-aio-helm-chart/Chart.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + name: nextcloud-aio-helm-chart description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose version: 12.9.2 diff --git a/nextcloud-aio-helm-chart/readme.md b/nextcloud-aio-helm-chart/readme.md index cb31e601..e9aa0b3b 100755 --- a/nextcloud-aio-helm-chart/readme.md +++ b/nextcloud-aio-helm-chart/readme.md @@ -1,3 +1,8 @@ + + # Nextcloud AIO Helm-chart > [!NOTE] diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml index 2d768356..13f6bc4c 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + apiVersion: apps/v1 kind: Deployment metadata: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml index 773d198f..9341f213 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + apiVersion: v1 kind: PersistentVolumeClaim metadata: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml index 98e33a4d..f13fece7 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + apiVersion: v1 kind: Service metadata: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml index fa7f0ede..ffc9f5ce 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + {{- if eq .Values.CLAMAV_ENABLED "yes" }} apiVersion: apps/v1 kind: Deployment diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml index ebb19681..84d23d21 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + {{- if eq .Values.CLAMAV_ENABLED "yes" }} apiVersion: v1 kind: PersistentVolumeClaim diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml index 8b236093..c9dbee2d 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + {{- if eq .Values.CLAMAV_ENABLED "yes" }} apiVersion: v1 kind: Service diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml index 9d6a1fc1..6dea9245 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + {{- if eq .Values.COLLABORA_ENABLED "yes" }} apiVersion: apps/v1 kind: Deployment diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml index 5c81ef3e..f1252843 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + {{- if eq .Values.COLLABORA_ENABLED "yes" }} apiVersion: v1 kind: Service diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml index 31c036fc..2fbe322c 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + apiVersion: apps/v1 kind: Deployment metadata: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml index 49135452..a9dca8ca 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + apiVersion: v1 kind: PersistentVolumeClaim metadata: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml index 7b753e22..3e7d154f 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + apiVersion: v1 kind: PersistentVolumeClaim metadata: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml index 45fdce3a..2a43996f 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + apiVersion: v1 kind: Service metadata: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml index 44458a8d..4fac2369 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + {{- if eq .Values.FULLTEXTSEARCH_ENABLED "yes" }} apiVersion: v1 kind: PersistentVolumeClaim diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml index f673e183..4a9afda7 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + {{- if eq .Values.FULLTEXTSEARCH_ENABLED "yes" }} apiVersion: apps/v1 kind: Deployment diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml index efe474b3..1cf02358 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + {{- if eq .Values.FULLTEXTSEARCH_ENABLED "yes" }} apiVersion: v1 kind: Service diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml index baf4b7a0..5e77548f 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + {{- if eq .Values.IMAGINARY_ENABLED "yes" }} apiVersion: apps/v1 kind: Deployment diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml index 44a57006..bf55bfef 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + {{- if eq .Values.IMAGINARY_ENABLED "yes" }} apiVersion: v1 kind: Service diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml index 212715e9..69be624e 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + {{- if and (ne .Values.NAMESPACE "default") (ne .Values.NAMESPACE_DISABLED "yes") }} apiVersion: v1 kind: Namespace diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-networkpolicy.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-networkpolicy.yaml index c54f8803..abeb51bb 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-networkpolicy.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-networkpolicy.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + {{- if eq .Values.NETWORK_POLICY_ENABLED "yes" }} # https://github.com/ahmetb/kubernetes-network-policy-recipes/blob/master/04-deny-traffic-from-other-namespaces.md kind: NetworkPolicy diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml index 62794e3b..8d1481bc 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + apiVersion: v1 kind: PersistentVolumeClaim metadata: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml index 1e502637..d510853c 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + apiVersion: apps/v1 kind: Deployment metadata: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml index ee55be2a..abb1324d 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + apiVersion: v1 kind: PersistentVolumeClaim metadata: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml index 08ab70f2..c37d8fde 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + apiVersion: v1 kind: Service metadata: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml index d18f7a82..daead364 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + apiVersion: v1 kind: PersistentVolumeClaim metadata: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml index 9ae0e0f1..04d6e5a0 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + apiVersion: apps/v1 kind: Deployment metadata: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml index 986d98d4..de2306d2 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + apiVersion: v1 kind: Service metadata: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml index 1ee11003..d179f178 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + {{- if eq .Values.ONLYOFFICE_ENABLED "yes" }} apiVersion: apps/v1 kind: Deployment diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml index 80de727b..535f16fd 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + {{- if eq .Values.ONLYOFFICE_ENABLED "yes" }} apiVersion: v1 kind: PersistentVolumeClaim diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml index 5fc10b85..a5cd00db 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + {{- if eq .Values.ONLYOFFICE_ENABLED "yes" }} apiVersion: v1 kind: Service diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml index 02fbb7b1..ac797d81 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + apiVersion: apps/v1 kind: Deployment metadata: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml index 51b4f588..f464888d 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + apiVersion: v1 kind: PersistentVolumeClaim metadata: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml index a6a9a0a5..89488561 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + apiVersion: v1 kind: Service metadata: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml index 41082f80..034cdae2 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + {{- if eq .Values.TALK_ENABLED "yes" }} apiVersion: apps/v1 kind: Deployment diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml index 301a3b02..e6ea7e90 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + {{- if eq .Values.TALK_RECORDING_ENABLED "yes" }} apiVersion: apps/v1 kind: Deployment diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-persistentvolumeclaim.yaml index 59961448..ea8b89da 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-persistentvolumeclaim.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-persistentvolumeclaim.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + {{- if eq .Values.TALK_RECORDING_ENABLED "yes" }} apiVersion: v1 kind: PersistentVolumeClaim diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml index 87fe0355..8d096a2a 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + {{- if eq .Values.TALK_RECORDING_ENABLED "yes" }} apiVersion: v1 kind: Service diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml index 65388792..eda9cea6 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + {{- if eq .Values.TALK_ENABLED "yes" }} --- apiVersion: v1 diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml index cfe316e6..5b7820fe 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + {{- if eq .Values.WHITEBOARD_ENABLED "yes" }} apiVersion: apps/v1 kind: Deployment diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml index 299f1ec3..dc62ddbf 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + {{- if eq .Values.WHITEBOARD_ENABLED "yes" }} apiVersion: v1 kind: Service diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh index 808f2c12..390e2433 100755 --- a/nextcloud-aio-helm-chart/update-helm.sh +++ b/nextcloud-aio-helm-chart/update-helm.sh @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + #!/bin/bash [ -z "$1" ] && { echo "Error: Docker tag is not specified. Usage: ./nextcloud-aio-helm-chart/update-helm.sh "; exit 2; } diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml index 7d7afcd3..3e71f939 100755 --- a/nextcloud-aio-helm-chart/values.yaml +++ b/nextcloud-aio-helm-chart/values.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + DATABASE_PASSWORD: # TODO! This needs to be a unique and good password! FULLTEXTSEARCH_PASSWORD: # TODO! This needs to be a unique and good password! IMAGINARY_SECRET: # TODO! This needs to be a unique and good password! diff --git a/php/README.md b/php/README.md index af824818..2b752420 100644 --- a/php/README.md +++ b/php/README.md @@ -1,3 +1,8 @@ + + # PHP Docker Controller This is the code for the PHP Docker controller. diff --git a/php/domain-validator.php b/php/domain-validator.php index 55fb110f..8b049ebd 100644 --- a/php/domain-validator.php +++ b/php/domain-validator.php @@ -1,6 +1,10 @@ + diff --git a/php/psalm.xml b/php/psalm.xml index 576d82d2..ceda1538 100644 --- a/php/psalm.xml +++ b/php/psalm.xml @@ -1,4 +1,8 @@ + { document.querySelectorAll('input[data-confirm]').forEach((element) => { element.addEventListener('click', (event) => { diff --git a/php/public/containers-form-submit.js b/php/public/containers-form-submit.js index 778430cb..bdf5c31d 100644 --- a/php/public/containers-form-submit.js +++ b/php/public/containers-form-submit.js @@ -1,3 +1,6 @@ +// SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors +// SPDX-License-Identifier: AGPL-3.0-or-later + document.addEventListener("DOMContentLoaded", function () { // Don't run if the expected form isn't present. if (document.getElementById('options-form') === null) { diff --git a/php/public/disable-containers.js b/php/public/disable-containers.js index 41c5cfe1..034a71a3 100644 --- a/php/public/disable-containers.js +++ b/php/public/disable-containers.js @@ -1,3 +1,6 @@ +// SPDX-FileCopyrightText: 2026 Nextcloud GmbH and Nextcloud contributors +// SPDX-License-Identifier: AGPL-3.0-or-later + document.addEventListener("DOMContentLoaded", function(event) { // Clamav let clamav = document.getElementById("clamav"); diff --git a/php/public/forms.js b/php/public/forms.js index b37fdcdb..b7e76bfa 100644 --- a/php/public/forms.js +++ b/php/public/forms.js @@ -1,3 +1,6 @@ +// SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors +// SPDX-License-Identifier: AGPL-3.0-or-later + "use strict"; (function (){ diff --git a/php/public/img/collabora.svg b/php/public/img/collabora.svg index eb032cdd..b7c24a39 100644 --- a/php/public/img/collabora.svg +++ b/php/public/img/collabora.svg @@ -1,3 +1,5 @@ + + diff --git a/php/public/img/nextcloud-logo.svg b/php/public/img/nextcloud-logo.svg index 94b07449..84056c4f 100644 --- a/php/public/img/nextcloud-logo.svg +++ b/php/public/img/nextcloud-logo.svg @@ -1,3 +1,5 @@ + +
  • diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 8faa4474..37d40ff2 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -1,3 +1,8 @@ + + {% extends "layout.twig" %} {% block body %} diff --git a/php/templates/includes/aio-config.twig b/php/templates/includes/aio-config.twig index fbb70230..7612a061 100644 --- a/php/templates/includes/aio-config.twig +++ b/php/templates/includes/aio-config.twig @@ -1,3 +1,8 @@ + +
    Click here to view the current AIO config and documentation links {% if was_start_button_clicked == true %} diff --git a/php/templates/includes/aio-version.twig b/php/templates/includes/aio-version.twig index 2cb4f2f6..a47763b4 100644 --- a/php/templates/includes/aio-version.twig +++ b/php/templates/includes/aio-version.twig @@ -1 +1,6 @@ + + 13.0.3 diff --git a/php/templates/includes/backup-dirs.twig b/php/templates/includes/backup-dirs.twig index 390bf69c..005762e6 100644 --- a/php/templates/includes/backup-dirs.twig +++ b/php/templates/includes/backup-dirs.twig @@ -1,3 +1,8 @@ + +

    The folder path that you enter must start with / and must not end with /.

    An example for Linux is /mnt/backup.

    On Synology it could be /volume1/docker/nextcloud/backup.

    diff --git a/php/templates/includes/community-containers.twig b/php/templates/includes/community-containers.twig index da1dd26d..0b2598b3 100644 --- a/php/templates/includes/community-containers.twig +++ b/php/templates/includes/community-containers.twig @@ -1,3 +1,8 @@ + +

    Community Containers

    In this section you can enable or disable optional Community Containers that are not included by default in the main installation. These containers are provided by the community and can be useful for various purposes and are automatically integrated in AIOs backup solution and update mechanisms.

    ⚠️ Caution: Community Containers are maintained by the community and not officially by Nextcloud. Some containers may not be compatible with your system, may not work as expected or may discontinue. Use them at your own risk. Please read the documentation for each container first before adding any as some are also incompatible between each other! Never add all of them at the same time!

    diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig index b93ef57f..dc5ad2a3 100644 --- a/php/templates/includes/optional-containers.twig +++ b/php/templates/includes/optional-containers.twig @@ -1,3 +1,8 @@ + +

    Optional containers

    In this section you can enable or disable optional containers.

    {% if isAnyRunning == true %} diff --git a/php/templates/layout.twig b/php/templates/layout.twig index 15ec70f6..bf51ebfd 100644 --- a/php/templates/layout.twig +++ b/php/templates/layout.twig @@ -1,3 +1,8 @@ + + diff --git a/php/templates/log.twig b/php/templates/log.twig index 297498fc..92e07398 100644 --- a/php/templates/log.twig +++ b/php/templates/log.twig @@ -1,3 +1,8 @@ + + diff --git a/php/templates/login.twig b/php/templates/login.twig index 74c29bef..807a37c3 100644 --- a/php/templates/login.twig +++ b/php/templates/login.twig @@ -1,3 +1,8 @@ + + {% extends "layout.twig" %} {% block body %} diff --git a/php/templates/setup.twig b/php/templates/setup.twig index 7cc9227a..7d8c2719 100644 --- a/php/templates/setup.twig +++ b/php/templates/setup.twig @@ -1,3 +1,8 @@ + + {% extends "layout.twig" %} {% block body %} diff --git a/php/tests/.gitignore b/php/tests/.gitignore index 58786aac..edbf4718 100644 --- a/php/tests/.gitignore +++ b/php/tests/.gitignore @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + # Playwright node_modules/ diff --git a/php/tests/playwright.config.js b/php/tests/playwright.config.js index 191a7f59..a1ce2e02 100644 --- a/php/tests/playwright.config.js +++ b/php/tests/playwright.config.js @@ -1,3 +1,6 @@ +// SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors +// SPDX-License-Identifier: AGPL-3.0-or-later + import { defineConfig, devices } from '@playwright/test' /** diff --git a/php/tests/tests/initial-setup.spec.js b/php/tests/tests/initial-setup.spec.js index 1f21f011..d143bba0 100755 --- a/php/tests/tests/initial-setup.spec.js +++ b/php/tests/tests/initial-setup.spec.js @@ -1,3 +1,6 @@ +// SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors +// SPDX-License-Identifier: AGPL-3.0-or-later + import { test, expect } from '@playwright/test'; import { writeFileSync } from 'node:fs' diff --git a/php/tests/tests/restore-instance.spec.js b/php/tests/tests/restore-instance.spec.js index 696a4376..efaf5e53 100755 --- a/php/tests/tests/restore-instance.spec.js +++ b/php/tests/tests/restore-instance.spec.js @@ -1,3 +1,6 @@ +// SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors +// SPDX-License-Identifier: AGPL-3.0-or-later + import { test, expect } from '@playwright/test'; import { readFileSync } from 'node:fs'; diff --git a/readme.md b/readme.md index 0666472e..1a205fda 100644 --- a/readme.md +++ b/readme.md @@ -1,3 +1,8 @@ + + # Nextcloud All-in-One > [!NOTE] diff --git a/reverse-proxy.md b/reverse-proxy.md index ea81c844..3e049533 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -1,3 +1,8 @@ + + # Using a reverse proxy or secure tunnel to access Nextcloud AIO ## Introduction diff --git a/tests/QA/001-initial-setup.md b/tests/QA/001-initial-setup.md index 281a1201..fa3df422 100644 --- a/tests/QA/001-initial-setup.md +++ b/tests/QA/001-initial-setup.md @@ -1,10 +1,15 @@ -# Initial setup - -- [ ] Verify that after starting the test container, you can access the AIO interface using https://internal.ip.address:8080 -- [ ] After clicking the self-signed-certificate warning away, it should show the setup page with an explanation what AIO is and the initial passphrase and a button that contains a link to the AIO login page -- [ ] After copying the passphrase and clicking on this button, it should open a new tab with the login page -- [ ] The login page should show an input field that allows to enter the AIO passphrase and a `Log in` button -- [ ] After pasting the passphrase into the input field and clicking on this button, you should be logged in -- [ ] You should now see the containers page and you should see three sections: one general section which explains what AIO is, one `New AIO instance` section and one section that allows to restore the whole AIO instance from backup. - -You can now continue with [002-new-instance.md](./002-new-instance.md) or [010-restore-instance.md](./010-restore-instance.md). + + +# Initial setup + +- [ ] Verify that after starting the test container, you can access the AIO interface using https://internal.ip.address:8080 +- [ ] After clicking the self-signed-certificate warning away, it should show the setup page with an explanation what AIO is and the initial passphrase and a button that contains a link to the AIO login page +- [ ] After copying the passphrase and clicking on this button, it should open a new tab with the login page +- [ ] The login page should show an input field that allows to enter the AIO passphrase and a `Log in` button +- [ ] After pasting the passphrase into the input field and clicking on this button, you should be logged in +- [ ] You should now see the containers page and you should see three sections: one general section which explains what AIO is, one `New AIO instance` section and one section that allows to restore the whole AIO instance from backup. + +You can now continue with [002-new-instance.md](./002-new-instance.md) or [010-restore-instance.md](./010-restore-instance.md). diff --git a/tests/QA/002-new-instance.md b/tests/QA/002-new-instance.md index 306f48d9..2c25cdf9 100644 --- a/tests/QA/002-new-instance.md +++ b/tests/QA/002-new-instance.md @@ -1,31 +1,36 @@ -# New instance - -For the below to work, it is important that you have a domain that you point onto your testserver and open port 443 in your router/firewall. - -- [ ] The `New AIO instance` section should show an input field that allows to enter a domain that will be used for Nextcloud later on as well as a short explanation regarding dynamic DNS -- [ ] Now test a few examples in the input box: - - [ ] Entering `djfslkklk` should report that DNS config is not set or the domain is not in a valid format - - [ ] Entering `https://sdjflkjk.cpm` should report that this is not a valid domain - - [ ] Entering `10.0.0.1` should report that ip-addresses are not supported - - [ ] Entering `nextcloud.com` should report that the domain does not point to this server - - [ ] Entering the domain that does point to your server e.g. `yourdomain.com` should finally redirect you to the next screen (if you did not configure your domain yet or did not open port 443, it should report that to you) -- [ ] Now you should see a button `Start containers` and an explanation which points out that clicking on the button will start the containers and that this can take a long time. -- [ ] Below that you should see a section `Optional addons` which shows a checkbox list with addons that can be enabled or disabled. - - [ ] Collabora, Imaginary, Talk and Whiteboard should be enabled, the rest disabled - - [ ] Unchecking/Checking any of these should insert a button that allows to save the set config - - [ ] Checking OnlyOffice and Collabora at the same time should show a warning that this is not supported and should not saving the new config - - [ ] Recommended is to uncheck all options now - - [ ] Clicking on the save button should reload the page and activate the new config -- [ ] Clickig on the `Start containers` button should finally reveal a big spinning wheel that should block all elements on the side of being clicked. -- [ ] After waiting a few minutes, it should reload and show a new page - - [ ] On top of the page should be shown which channel you are running - - [ ] Below that, it should show that containers are currently starting - - [ ] Below that it should show a section with Containers: Apache, Database, Nextcloud and Redis and that your containers are up-to-date - - [ ] On the bottom should be the Optional addons section shown but with disabled checkboxes (not clickable) - - [ ] A automatic reload every 5s should happen until all Containers are started (as long as this window is focused) -- [ ] After waiting a bit longer it should instead of the advice that your containers are currently running show the initial Nextcloud credentials (username, password) and below that a button that allows to open the Nextcloud interface in a new tab -- [ ] Clicking on that button should open the Nextcloud interface in a new tab and you should be able to log in using the provided credentials -- [ ] Below the Containers section it should show a `Stop containers` button -- [ ] Below the Containers section and above the Optional Addons section, you should see a Backup and restore section and an AIO password change section - + + +# New instance + +For the below to work, it is important that you have a domain that you point onto your testserver and open port 443 in your router/firewall. + +- [ ] The `New AIO instance` section should show an input field that allows to enter a domain that will be used for Nextcloud later on as well as a short explanation regarding dynamic DNS +- [ ] Now test a few examples in the input box: + - [ ] Entering `djfslkklk` should report that DNS config is not set or the domain is not in a valid format + - [ ] Entering `https://sdjflkjk.cpm` should report that this is not a valid domain + - [ ] Entering `10.0.0.1` should report that ip-addresses are not supported + - [ ] Entering `nextcloud.com` should report that the domain does not point to this server + - [ ] Entering the domain that does point to your server e.g. `yourdomain.com` should finally redirect you to the next screen (if you did not configure your domain yet or did not open port 443, it should report that to you) +- [ ] Now you should see a button `Start containers` and an explanation which points out that clicking on the button will start the containers and that this can take a long time. +- [ ] Below that you should see a section `Optional addons` which shows a checkbox list with addons that can be enabled or disabled. + - [ ] Collabora, Imaginary, Talk and Whiteboard should be enabled, the rest disabled + - [ ] Unchecking/Checking any of these should insert a button that allows to save the set config + - [ ] Checking OnlyOffice and Collabora at the same time should show a warning that this is not supported and should not saving the new config + - [ ] Recommended is to uncheck all options now + - [ ] Clicking on the save button should reload the page and activate the new config +- [ ] Clickig on the `Start containers` button should finally reveal a big spinning wheel that should block all elements on the side of being clicked. +- [ ] After waiting a few minutes, it should reload and show a new page + - [ ] On top of the page should be shown which channel you are running + - [ ] Below that, it should show that containers are currently starting + - [ ] Below that it should show a section with Containers: Apache, Database, Nextcloud and Redis and that your containers are up-to-date + - [ ] On the bottom should be the Optional addons section shown but with disabled checkboxes (not clickable) + - [ ] A automatic reload every 5s should happen until all Containers are started (as long as this window is focused) +- [ ] After waiting a bit longer it should instead of the advice that your containers are currently running show the initial Nextcloud credentials (username, password) and below that a button that allows to open the Nextcloud interface in a new tab +- [ ] Clicking on that button should open the Nextcloud interface in a new tab and you should be able to log in using the provided credentials +- [ ] Below the Containers section it should show a `Stop containers` button +- [ ] Below the Containers section and above the Optional Addons section, you should see a Backup and restore section and an AIO password change section + You can now continue with [003-automatic-login.md](./003-automatic-login.md). \ No newline at end of file diff --git a/tests/QA/003-automatic-login.md b/tests/QA/003-automatic-login.md index 1d3a7fcd..ce780c99 100644 --- a/tests/QA/003-automatic-login.md +++ b/tests/QA/003-automatic-login.md @@ -1,8 +1,13 @@ -# Automatic login - -- [ ] After you log in to Nextcloud using the provided initial credentials, open https://yourdomain.com/settings/admin/overview -- [ ] There you should see a Nextcloud AIO section and a button that allows to log into the AIO interface. -- [ ] Clicking on this button should open the AIO interface in a new tab and should automatically log you in -- [ ] All sessions in other tabs that are currently open should be closed (you can verify by reloading all other AIO tabs) - + + +# Automatic login + +- [ ] After you log in to Nextcloud using the provided initial credentials, open https://yourdomain.com/settings/admin/overview +- [ ] There you should see a Nextcloud AIO section and a button that allows to log into the AIO interface. +- [ ] Clicking on this button should open the AIO interface in a new tab and should automatically log you in +- [ ] All sessions in other tabs that are currently open should be closed (you can verify by reloading all other AIO tabs) + You can now continue with [004-initial-backup.md](./004-initial-backup.md). \ No newline at end of file diff --git a/tests/QA/004-initial-backup.md b/tests/QA/004-initial-backup.md index b5b60ed5..b9e7a5dc 100644 --- a/tests/QA/004-initial-backup.md +++ b/tests/QA/004-initial-backup.md @@ -1,32 +1,37 @@ -# Initial backup - -- [ ] In the Backup and restore section, you should now see two input boxes where for one you should type in the path where the backup should get created and some explanation below or the other type in a remote ssh location -- [ ] First, check a local backup: - - [ ] Enter `/` which should send an error - - [ ] Enter `/mnt/` or `/media/` or `/host_mnt/` or `/var/backups/` should send an error as well - - [ ] Accepted should be `/mnt/backup`, `/media/backup`, `/host_mnt/c/backup` and `/var/backups`. - - [ ] The side should now reload - - [ ] In the Backup restore section you should now see a Backup information section with important info like the encryption password, the backup location and more. - - [ ] Also you should see a Backup creation section that contains a `Create backup` button. - - [ ] Clicking on the `Create backup` button should open a window prompt that allows to cancel the operation. - - [ ] Canceling should return to the website, confirming should reveal the big spinner again which should block the website again. - - [ ] After a while you should see the information that Backup container is currently running -- [ ] another option are remote backups via SSH using borgbackup. The remote borg repo URL must contain both `@` and `:`. The process works as follows: - 1. You enter a remote borg repo URL (e.g. `ssh://user@host:port/path/to/repo` or `user@host:/path/to/repo`). - 2. On the first connection attempt, a SSH key pair is generated automatically and the public key is displayed. - 3. You add the public key to the `~/.ssh/authorized_keys` file on the remote server so that AIO can connect to it. - 4. Once authorized, AIO can create and restore backups on the remote server. - - [ ] Enter `user` (no `@` and no `:`) which should send an error - - [ ] Enter `user@host` (no `:`) which should send an error - - [ ] Enter `userhost:/path` (no `@`) which should send an error - - [ ] Accepted should be `ssh://user@host:22/path/to/repo` or `user@host:/path/to/repo` - - [ ] Both a local backup location and a remote repo URL should not be accepted at the same time - - [ ] The page should now reload - - [ ] Now click on `Create backup` - - [ ] After the first failed backup attempt with a remote repo, the SSH public key for borg should be shown so it can be authorized on the remote server - - [ ] After authorizing the server on the remote, scroll down and click on `Create backup` again to create another backup. This time it should succeed. -- [ ] The initial Nextcloud credentials on top of the page that are visible when the containers are running should now be hidden in a details tag -- [ ] After a while and a few automatic reloads (as long as the side is focused), you should be redirected to the usual page and seen in the Backup and restore section that the last backup was successful. -- [ ] Below that you should see a details tag that allows to reveal all backup options - + + +# Initial backup + +- [ ] In the Backup and restore section, you should now see two input boxes where for one you should type in the path where the backup should get created and some explanation below or the other type in a remote ssh location +- [ ] First, check a local backup: + - [ ] Enter `/` which should send an error + - [ ] Enter `/mnt/` or `/media/` or `/host_mnt/` or `/var/backups/` should send an error as well + - [ ] Accepted should be `/mnt/backup`, `/media/backup`, `/host_mnt/c/backup` and `/var/backups`. + - [ ] The side should now reload + - [ ] In the Backup restore section you should now see a Backup information section with important info like the encryption password, the backup location and more. + - [ ] Also you should see a Backup creation section that contains a `Create backup` button. + - [ ] Clicking on the `Create backup` button should open a window prompt that allows to cancel the operation. + - [ ] Canceling should return to the website, confirming should reveal the big spinner again which should block the website again. + - [ ] After a while you should see the information that Backup container is currently running +- [ ] another option are remote backups via SSH using borgbackup. The remote borg repo URL must contain both `@` and `:`. The process works as follows: + 1. You enter a remote borg repo URL (e.g. `ssh://user@host:port/path/to/repo` or `user@host:/path/to/repo`). + 2. On the first connection attempt, a SSH key pair is generated automatically and the public key is displayed. + 3. You add the public key to the `~/.ssh/authorized_keys` file on the remote server so that AIO can connect to it. + 4. Once authorized, AIO can create and restore backups on the remote server. + - [ ] Enter `user` (no `@` and no `:`) which should send an error + - [ ] Enter `user@host` (no `:`) which should send an error + - [ ] Enter `userhost:/path` (no `@`) which should send an error + - [ ] Accepted should be `ssh://user@host:22/path/to/repo` or `user@host:/path/to/repo` + - [ ] Both a local backup location and a remote repo URL should not be accepted at the same time + - [ ] The page should now reload + - [ ] Now click on `Create backup` + - [ ] After the first failed backup attempt with a remote repo, the SSH public key for borg should be shown so it can be authorized on the remote server + - [ ] After authorizing the server on the remote, scroll down and click on `Create backup` again to create another backup. This time it should succeed. +- [ ] The initial Nextcloud credentials on top of the page that are visible when the containers are running should now be hidden in a details tag +- [ ] After a while and a few automatic reloads (as long as the side is focused), you should be redirected to the usual page and seen in the Backup and restore section that the last backup was successful. +- [ ] Below that you should see a details tag that allows to reveal all backup options + You can now continue with [020-backup-and-restore.md](.//020-backup-and-restore.md) \ No newline at end of file diff --git a/tests/QA/010-restore-instance.md b/tests/QA/010-restore-instance.md index d7561a9f..26e08ec1 100644 --- a/tests/QA/010-restore-instance.md +++ b/tests/QA/010-restore-instance.md @@ -1,36 +1,41 @@ -# Restore instance - -For the below to work, you need a backup archive of an AIO instance and the location on the test machine and the password for the backup archive. You can get one here: [backup-archive](./assets/backup-archive/) - -- [ ] The section that allows to restore the whole AIO instance from backup should show three input fields: one that allows to enter a location where the backup archive is located and one that allows to enter a remote ssh path and one that allows to enter password of the archive. It should also show a short explanation regarding the path requirements -- [ ] First, check restoring from a local backup location: - - [ ] Entering an incorrect path and/or password should let you continue and test your settings in the next step - - [ ] Clicking on the test button should after a reload bring you back to the initial screen where it should say that the test was unsuccessful. Also you should be able to have a look at the backup container logs for investigation what exactly failed. - - [ ] You should also now see the input boxes again where you can change the path and password, confirm it and bring you again to the screen where you can test your settings. - - [ ] Entering the correct path to the backup archive and the correct password here should: - - [ ] Should reload and should hide all options except the option to test the path and password - - [ ] After the test you should see the options to check the integrity of the backup and a list of backup archives that you can choose from to restore your instance - - [ ] Clicking on either option should show a window prompt that lets you cancel the operation - - [ ] Clicking on the integrity check option should check the integrity and report that the backup integrity is good after a while which should then only show the option to choose the backup archive that should be restored - - [ ] Choosing the restore option should finally restore your files. - - [ ] After waiting a while it should reload the page and should show the usual container interface again with the state of your containers (stopped) and the option to start and update the containers again. -- [ ] Next, check restoring from a remote backup location via SSH. The remote borg repo URL must contain both `@` and `:`. The restore process works as follows: - 1. You enter a remote borg repo URL (e.g. `ssh://user@host:port/path/to/repo` or `user@host:/path/to/repo`) and the backup password. - 2. On the first connection attempt, a SSH key pair is generated automatically and the public key is displayed. - 3. You add the public key to the `~/.ssh/authorized_keys` file on the remote server so that AIO can connect to it. - 4. Once authorized, AIO can list and restore backups from the remote server. - - [ ] Enter an invalid remote repo URL (e.g. `user` without `@` and `:`) which should send an error - - [ ] Enter a valid remote borg repo URL and the correct backup password: - - [ ] Should reload and should hide all options except the option to test the path and password - - [ ] After the first failed connection attempt, the SSH public key for borg should be shown so it can be authorized on the remote server - - [ ] After authorizing the key on the remote server, scroll down and click on the test button again. This time it should succeed and show the options to check the integrity and list backup archives - - [ ] After the test you should see the options to check the integrity of the backup and a list of backup archives that you can choose from to restore your instance - - [ ] Clicking on either option should show a window prompt that lets you cancel the operation - - [ ] Clicking on the integrity check option should check the integrity and report that the backup integrity is good after a while which should then only show the option to choose the backup archive that should be restored - - [ ] Choosing the restore option should finally restore your files. - - [ ] After waiting a while it should reload the page and should show the usual container interface again with the state of your containers (stopped) and the option to start and update the containers again. - -- [ ] Clicking on `Start and update containers` should show a window prompt that you should create a backup. Canceling should cancel the operation, confirming should reveal the big spinner again. -- [ ] After waiting a bit, all containers should be green and your instance should be fully functional again - + + +# Restore instance + +For the below to work, you need a backup archive of an AIO instance and the location on the test machine and the password for the backup archive. You can get one here: [backup-archive](./assets/backup-archive/) + +- [ ] The section that allows to restore the whole AIO instance from backup should show three input fields: one that allows to enter a location where the backup archive is located and one that allows to enter a remote ssh path and one that allows to enter password of the archive. It should also show a short explanation regarding the path requirements +- [ ] First, check restoring from a local backup location: + - [ ] Entering an incorrect path and/or password should let you continue and test your settings in the next step + - [ ] Clicking on the test button should after a reload bring you back to the initial screen where it should say that the test was unsuccessful. Also you should be able to have a look at the backup container logs for investigation what exactly failed. + - [ ] You should also now see the input boxes again where you can change the path and password, confirm it and bring you again to the screen where you can test your settings. + - [ ] Entering the correct path to the backup archive and the correct password here should: + - [ ] Should reload and should hide all options except the option to test the path and password + - [ ] After the test you should see the options to check the integrity of the backup and a list of backup archives that you can choose from to restore your instance + - [ ] Clicking on either option should show a window prompt that lets you cancel the operation + - [ ] Clicking on the integrity check option should check the integrity and report that the backup integrity is good after a while which should then only show the option to choose the backup archive that should be restored + - [ ] Choosing the restore option should finally restore your files. + - [ ] After waiting a while it should reload the page and should show the usual container interface again with the state of your containers (stopped) and the option to start and update the containers again. +- [ ] Next, check restoring from a remote backup location via SSH. The remote borg repo URL must contain both `@` and `:`. The restore process works as follows: + 1. You enter a remote borg repo URL (e.g. `ssh://user@host:port/path/to/repo` or `user@host:/path/to/repo`) and the backup password. + 2. On the first connection attempt, a SSH key pair is generated automatically and the public key is displayed. + 3. You add the public key to the `~/.ssh/authorized_keys` file on the remote server so that AIO can connect to it. + 4. Once authorized, AIO can list and restore backups from the remote server. + - [ ] Enter an invalid remote repo URL (e.g. `user` without `@` and `:`) which should send an error + - [ ] Enter a valid remote borg repo URL and the correct backup password: + - [ ] Should reload and should hide all options except the option to test the path and password + - [ ] After the first failed connection attempt, the SSH public key for borg should be shown so it can be authorized on the remote server + - [ ] After authorizing the key on the remote server, scroll down and click on the test button again. This time it should succeed and show the options to check the integrity and list backup archives + - [ ] After the test you should see the options to check the integrity of the backup and a list of backup archives that you can choose from to restore your instance + - [ ] Clicking on either option should show a window prompt that lets you cancel the operation + - [ ] Clicking on the integrity check option should check the integrity and report that the backup integrity is good after a while which should then only show the option to choose the backup archive that should be restored + - [ ] Choosing the restore option should finally restore your files. + - [ ] After waiting a while it should reload the page and should show the usual container interface again with the state of your containers (stopped) and the option to start and update the containers again. + +- [ ] Clicking on `Start and update containers` should show a window prompt that you should create a backup. Canceling should cancel the operation, confirming should reveal the big spinner again. +- [ ] After waiting a bit, all containers should be green and your instance should be fully functional again + You can now continue with [020-backup-and-restore.md](./020-backup-and-restore.md) \ No newline at end of file diff --git a/tests/QA/020-backup-and-restore.md b/tests/QA/020-backup-and-restore.md index ebee3ace..d217c345 100644 --- a/tests/QA/020-backup-and-restore.md +++ b/tests/QA/020-backup-and-restore.md @@ -1,12 +1,17 @@ -# Backup and restore - -- [ ] Expanding all backup options in the Backup and restore sectioin should reveal a Backup information section, Backup creation section, Backup check section, Backup restore section and a Daily backup section as well as a additional backup location section -- [ ] The backup restore section should list all available backup archives and list them from most recent to least recent. -- [ ] Clicking on either option of Create backup, Check backup integrity or Restore selected backup should run the corresponding action and report after a while in the last check, backup or restore was successful. -- [ ] Daily backup creatio should allow to enter a time in 24h format e.g. `04:00` should be accepted, `24:00` or `dfjlk` not. -- [ ] Submitting a time here should reload the page and reveal at the same place the option to delete the setting again. -- [ ] When the time of the automatic backup has come (you can test it by choosing a time that is e.g. only a minute away), it should automatically log you out (you can verify by reloading) and after you log in again you should see that the automatic backup is currently running. -- [ ] After a while you should see that your container are starting and in the Backup and restore section you should see that the backup was successful -- [ ] When entering additional backup directories, it should allow e.g. `/etc` and `nextcloud_aio_mastercontainer` but not `nextcloud/test`. Running a backup with this should back up these directories/volumes successfully. - + + +# Backup and restore + +- [ ] Expanding all backup options in the Backup and restore sectioin should reveal a Backup information section, Backup creation section, Backup check section, Backup restore section and a Daily backup section as well as a additional backup location section +- [ ] The backup restore section should list all available backup archives and list them from most recent to least recent. +- [ ] Clicking on either option of Create backup, Check backup integrity or Restore selected backup should run the corresponding action and report after a while in the last check, backup or restore was successful. +- [ ] Daily backup creatio should allow to enter a time in 24h format e.g. `04:00` should be accepted, `24:00` or `dfjlk` not. +- [ ] Submitting a time here should reload the page and reveal at the same place the option to delete the setting again. +- [ ] When the time of the automatic backup has come (you can test it by choosing a time that is e.g. only a minute away), it should automatically log you out (you can verify by reloading) and after you log in again you should see that the automatic backup is currently running. +- [ ] After a while you should see that your container are starting and in the Backup and restore section you should see that the backup was successful +- [ ] When entering additional backup directories, it should allow e.g. `/etc` and `nextcloud_aio_mastercontainer` but not `nextcloud/test`. Running a backup with this should back up these directories/volumes successfully. + You can now continue with [030-aio-password-change.md](./030-aio-password-change.md) \ No newline at end of file diff --git a/tests/QA/030-aio-password-change.md b/tests/QA/030-aio-password-change.md index 094af66e..5a5a3e1c 100644 --- a/tests/QA/030-aio-password-change.md +++ b/tests/QA/030-aio-password-change.md @@ -1,12 +1,17 @@ -# AIO passphrase change - -- [ ] In the AIO passphrase change section you should see two input fields. And below the requirements for a new passphrase -- [ ] When entering nothing it should report that you need to enter your current AIO passphrase -- [ ] When entering a false passphrase, it should report that to you -- [ ] After entering your current passphrase and leaving the new passphrase empty it should report that you need to enter a new passphrase -- [ ] After entering a new passphrase shorter than 24 characters or not allowed characters, it should report that the passphrase requirements are not met. -- [ ] `sdfjlksj` should not be accepted -- [ ] `jdsfklöjiroewoäsadjkfölk` should not be accepted -- [ ] `sdjlfj SDJFLK 32489 sdjklf` should be accepted, which should reload the page - + + +# AIO passphrase change + +- [ ] In the AIO passphrase change section you should see two input fields. And below the requirements for a new passphrase +- [ ] When entering nothing it should report that you need to enter your current AIO passphrase +- [ ] When entering a false passphrase, it should report that to you +- [ ] After entering your current passphrase and leaving the new passphrase empty it should report that you need to enter a new passphrase +- [ ] After entering a new passphrase shorter than 24 characters or not allowed characters, it should report that the passphrase requirements are not met. +- [ ] `sdfjlksj` should not be accepted +- [ ] `jdsfklöjiroewoäsadjkfölk` should not be accepted +- [ ] `sdjlfj SDJFLK 32489 sdjklf` should be accepted, which should reload the page + You can now continue with [040-login-behavior.md](./040-login-behavior.md) \ No newline at end of file diff --git a/tests/QA/040-login-behavior.md b/tests/QA/040-login-behavior.md index 9d52c046..d1f03d4b 100644 --- a/tests/QA/040-login-behavior.md +++ b/tests/QA/040-login-behavior.md @@ -1,7 +1,12 @@ -# Login behavior - -- [ ] When opening the AIO interface in a new tab while the apache container is running, it should report on the login page that Nextcloud is running and you should use the automatic login -- [ ] When the apache container is stopped, you should see here an input field that allows you to enter the AIO passphrase which should log you in -- [ ] Starting and stopping the containers multiple times should every time produce a new token that is used in the admin overview in Nextcloud as link in the button to log you into the AIO interface. (see [003-automatic-login.md](./003-automatic-login.md)) - + + +# Login behavior + +- [ ] When opening the AIO interface in a new tab while the apache container is running, it should report on the login page that Nextcloud is running and you should use the automatic login +- [ ] When the apache container is stopped, you should see here an input field that allows you to enter the AIO passphrase which should log you in +- [ ] Starting and stopping the containers multiple times should every time produce a new token that is used in the admin overview in Nextcloud as link in the button to log you into the AIO interface. (see [003-automatic-login.md](./003-automatic-login.md)) + You can now continue with [050-optional-addons.md](./050-optional-addons.md) \ No newline at end of file diff --git a/tests/QA/050-optional-addons.md b/tests/QA/050-optional-addons.md index e7d74f51..2dfa51aa 100644 --- a/tests/QA/050-optional-addons.md +++ b/tests/QA/050-optional-addons.md @@ -1,17 +1,22 @@ -# Optional addons - -- [ ] Close to the bottom of the page in the AIO interface, you should see the optional addons section -- [ ] You should be able to change optional addons when containers are stopped and not change them when containers are running -- [ ] Enabling either of the options should start a new container with the same or comparable name and should also list them in the containers section -- [ ] After all containers are started with the new config active, you should verify that the options were automatically activated/deactivated. - - [ ] ClamAV by trying to upload a testvirus to Nextcloud https://www.eicar.org/?page_id=3950 - - [ ] Collabora by trying to open a .docx or .odt file in Nextcloud - - [ ] Nextcloud Talk by opening the Talk app in Nextcloud, creating a new chat and trying to join a call in this chat. Also verifying in the settings that the HPB and turn server work. - - [ ] Imaginary by having a look if when uploading a new picture in Nextcloud, it adds some log entries to the container - - [ ] Fulltextsearch by trying to search for a heading inside a file in Nextcloud - - [ ] Talk-recording by starting a call and trying to record something -- [ ] When Collabora is enabled - - [ ] It should show below the Optional Addons section a section where you can change the dictionaries for collabora. `de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru` should be a valid setting. E.g. `de.De` not. If already set, it should show a button that allows to remove the setting again. - - [ ] Also, you should see an input field that allows to enter additional collabora options. E.g. `net.content_security_policy=false` should not be accepted, but `--o:net.content_security_policy="frame-ancestors *.example.com:*;"` should. - + + +# Optional addons + +- [ ] Close to the bottom of the page in the AIO interface, you should see the optional addons section +- [ ] You should be able to change optional addons when containers are stopped and not change them when containers are running +- [ ] Enabling either of the options should start a new container with the same or comparable name and should also list them in the containers section +- [ ] After all containers are started with the new config active, you should verify that the options were automatically activated/deactivated. + - [ ] ClamAV by trying to upload a testvirus to Nextcloud https://www.eicar.org/?page_id=3950 + - [ ] Collabora by trying to open a .docx or .odt file in Nextcloud + - [ ] Nextcloud Talk by opening the Talk app in Nextcloud, creating a new chat and trying to join a call in this chat. Also verifying in the settings that the HPB and turn server work. + - [ ] Imaginary by having a look if when uploading a new picture in Nextcloud, it adds some log entries to the container + - [ ] Fulltextsearch by trying to search for a heading inside a file in Nextcloud + - [ ] Talk-recording by starting a call and trying to record something +- [ ] When Collabora is enabled + - [ ] It should show below the Optional Addons section a section where you can change the dictionaries for collabora. `de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru` should be a valid setting. E.g. `de.De` not. If already set, it should show a button that allows to remove the setting again. + - [ ] Also, you should see an input field that allows to enter additional collabora options. E.g. `net.content_security_policy=false` should not be accepted, but `--o:net.content_security_policy="frame-ancestors *.example.com:*;"` should. + You can now continue with [055-community-containers.md](./055-community-containers.md) \ No newline at end of file diff --git a/tests/QA/055-community-containers.md b/tests/QA/055-community-containers.md index 430b5f2f..03d5b722 100644 --- a/tests/QA/055-community-containers.md +++ b/tests/QA/055-community-containers.md @@ -1,3 +1,8 @@ + + # Community Containers - [ ] At the very bottom of the page, there should be a Community Containers section diff --git a/tests/QA/060-environmental-variables.md b/tests/QA/060-environmental-variables.md index 0fed36c5..438da5a5 100644 --- a/tests/QA/060-environmental-variables.md +++ b/tests/QA/060-environmental-variables.md @@ -1,31 +1,36 @@ -# Environmental variables - -- [ ] When starting the mastercontainer with `--env APACHE_PORT=11000` on a clean instance, the domaincheck container should be started with that same port published. That makes sure that also the Apache container will use that port later on. Using a value here that is not a port will not allow the mastercontainer to start correctly. However `@INTERNAL` is also an allowed value which skips publishing the port on the host for internal usage inside a bridged network for example. -- [ ] When starting the mastercontainer with `--env APACHE_IP_BINDING=127.0.0.1` on a clean instance, the domaincheck container's apache port should only listen on localhost on the host. Using a value here that is not a number or dot will not allow the mastercontainer to start correctly. -- [ ] When starting the mastercontainer with `--env APACHE_ADDITIONAL_NETWORK=frontend_net` on a clean instance, the domaincheck and subsequently the apache containers should be connected to the specified `frontend_net` docker network, in addition to the default `nextcloud-aio` network. Specifying the network that doesn't already exist will not allow the mastercontainer to start correctly. -- [ ] When starting the mastercontainer with `--env TALK_PORT=3479` on a clean instance, the talk container should use this port later on. Using a value here that is not a port will not allow the mastercontainer to start correctly. Also it should stop if apache_port and talk_port are set to the same value. -- [ ] Make also sure that reverse proxies work by following https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#reverse-proxy-documentation and following [001-initial-setup.md](./001-initial-setup.md) and [002-new-instance.md](./002-new-instance.md) -- [ ] When starting the mastercontainer with `--env SKIP_DOMAIN_VALIDATION=true` on a clean instance, it should skip the domain verification. So it should accept any domain that you type in then. -- [ ] When starting the mastercontainer with `--env DOCKER_API_VERSION=1.44` it should use the mentioned docker API version internally for all requests -- [ ] When starting the mastercontainer with `--env AIO_LOG_LEVEL=info` on a clean instance, the resulting sibling containers should receive the propagated global log-level variable and the configured components should no longer use their default warning or error levels. This should at least be verified for the mastercontainer, Apache, Nextcloud, Redis and Talk containers. In addition, previously suppressed supervisord stdout or stderr logs should become visible for the affected components. -- [ ] When starting the mastercontainer with an invalid `AIO_LOG_LEVEL` value like `warning` or `verbose`, the container startup should fail with a message that only `debug`, `info`, `warn` and `error` are allowed. -- [ ] When starting the mastercontainer with `--env NEXTCLOUD_DATADIR="/mnt/testdata"` it should map that location from `/mnt/testdata` to `/mnt/ncdata` inside the Nextcloud container. Not having adjusted the permissions correctly before starting the Nextcloud container the first time will not allow the Nextcloud container to start correctly. See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir for allowed values. -- [ ] When starting the mastercontainer with `--env NEXTCLOUD_MOUNT="/mnt/"` it should map `/mnt/` to `/mnt/` inside the Nextcloud container. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host for allowed values. -- [ ] When starting the mastercontainer with `--env NEXTCLOUD_UPLOAD_LIMIT=11G` it should change Nextclouds upload limit to 11G. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud for allowed values. -- [ ] When starting the mastercontainer with `--env NEXTCLOUD_MEMORY_LIMIT=1024M` it should change Nextclouds PHP memory limit to 1024M. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud for allowed values. -- [ ] When starting the mastercontainer with `--env NEXTCLOUD_MAX_TIME=4000` it should change Nextclouds upload max time 4000s. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud for allowed values. -- [ ] When starting the mastercontainer with `--env BORG_RETENTION_POLICY="--keep-within=1d --keep-weekly=1 --keep-monthly=1"` it should change borgs retention policy to the defined one. This can be checked when creating a backup and looking at the logs. -- [ ] When starting the mastercontainer with `--env FULLTEXTSEARCH_JAVA_OPTIONS="-Xms1024M -Xmx1024M"` it should change Elasticsearchs `ES_JAVA_OPTS` options to the defined one. This can be checked by checking the `ES_JAVA_OPTS` variable for the nextcloud-aio-fulltextsearch container. -- [ ] When starting the mastercontainer with `--env WATCHTOWER_DOCKER_SOCKET_PATH="$XDG_RUNTIME_DIR/docker.sock"` it should map `$XDG_RUNTIME_DIR/docker.sock` to `/var/run/docker.sock` inside the watchtower container which allow to update the mastercontainer on docker rootless. -- [ ] When starting the mastercontainer with `--env AIO_DISABLE_BACKUP_SECTION=true` it should hide the backup section that gets shown after AIO is set up (everything of [020-backup-and-restore](./020-backup-and-restore.md)) and simply show that the backup section is disabled. -- [ ] When starting the mastercontainer with `--env NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts`, the resulting nextcloud container should trust all the Certification Authorities, whose certificates are included in the directory `/path/to/my/cacerts` on the host. -See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certification-authorities-ca -- [ ] When starting the mastercontainer with `--env COLLABORA_SECCOMP_DISABLED=true`, the resulting collabora container should have `--o:security.seccomp=false` applied to it. -- [ ] When starting the mastercontainer with `--env NEXTCLOUD_STARTUP_APPS=deck`, the resulting Nextcloud should have only installed the deck app and not the other apps that get installed by default. Default are `deck twofactor_totp tasks calendar contacts notes`. -- [ ] When starting the mastercontainer with `--env NEXTCLOUD_ADDITIONAL_APKS=zip`, the resulting Nextcloud container should have the zip package installed and not imagemagick. -- [ ] When starting the mastercontainer with `--env NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=inotify`, the resulting Nextcloud container should have the inotify extension installed and not the imagick extension. -- [ ] When mounting `/dev/dri` into the mastercontainer with `--device=/dev/dri`, the /dev/dri device mounted into all sibling containers that require it like talk-recording. (Only works if a `/dev/dri` device is present on the host) -- [ ] When starting the mastercontainer with `--env NEXTCLOUD_ENABLE_NVIDIA_GPU=true`, the resulting Nextcloud container should have the nvidia gpu device mounted into the container. (Only works if a Nvidia GPU and runtime is installed on the host) -- [ ] When starting the mastercontainer with `--env NEXTCLOUD_KEEP_DISABLED_APPS=true` it should keep apps in Nextcloud that are disabled in the AIO interface. For example if Collabora is disabled in the AIO interface and you install the richdocuments app in Nextcloud, a restart should not uninstall the richdocuments app in Nextcloud anymore. - -You can now continue with [070-timezone-change.md](./070-timezone-change.md) + + +# Environmental variables + +- [ ] When starting the mastercontainer with `--env APACHE_PORT=11000` on a clean instance, the domaincheck container should be started with that same port published. That makes sure that also the Apache container will use that port later on. Using a value here that is not a port will not allow the mastercontainer to start correctly. However `@INTERNAL` is also an allowed value which skips publishing the port on the host for internal usage inside a bridged network for example. +- [ ] When starting the mastercontainer with `--env APACHE_IP_BINDING=127.0.0.1` on a clean instance, the domaincheck container's apache port should only listen on localhost on the host. Using a value here that is not a number or dot will not allow the mastercontainer to start correctly. +- [ ] When starting the mastercontainer with `--env APACHE_ADDITIONAL_NETWORK=frontend_net` on a clean instance, the domaincheck and subsequently the apache containers should be connected to the specified `frontend_net` docker network, in addition to the default `nextcloud-aio` network. Specifying the network that doesn't already exist will not allow the mastercontainer to start correctly. +- [ ] When starting the mastercontainer with `--env TALK_PORT=3479` on a clean instance, the talk container should use this port later on. Using a value here that is not a port will not allow the mastercontainer to start correctly. Also it should stop if apache_port and talk_port are set to the same value. +- [ ] Make also sure that reverse proxies work by following https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#reverse-proxy-documentation and following [001-initial-setup.md](./001-initial-setup.md) and [002-new-instance.md](./002-new-instance.md) +- [ ] When starting the mastercontainer with `--env SKIP_DOMAIN_VALIDATION=true` on a clean instance, it should skip the domain verification. So it should accept any domain that you type in then. +- [ ] When starting the mastercontainer with `--env DOCKER_API_VERSION=1.44` it should use the mentioned docker API version internally for all requests +- [ ] When starting the mastercontainer with `--env AIO_LOG_LEVEL=info` on a clean instance, the resulting sibling containers should receive the propagated global log-level variable and the configured components should no longer use their default warning or error levels. This should at least be verified for the mastercontainer, Apache, Nextcloud, Redis and Talk containers. In addition, previously suppressed supervisord stdout or stderr logs should become visible for the affected components. +- [ ] When starting the mastercontainer with an invalid `AIO_LOG_LEVEL` value like `warning` or `verbose`, the container startup should fail with a message that only `debug`, `info`, `warn` and `error` are allowed. +- [ ] When starting the mastercontainer with `--env NEXTCLOUD_DATADIR="/mnt/testdata"` it should map that location from `/mnt/testdata` to `/mnt/ncdata` inside the Nextcloud container. Not having adjusted the permissions correctly before starting the Nextcloud container the first time will not allow the Nextcloud container to start correctly. See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir for allowed values. +- [ ] When starting the mastercontainer with `--env NEXTCLOUD_MOUNT="/mnt/"` it should map `/mnt/` to `/mnt/` inside the Nextcloud container. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host for allowed values. +- [ ] When starting the mastercontainer with `--env NEXTCLOUD_UPLOAD_LIMIT=11G` it should change Nextclouds upload limit to 11G. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud for allowed values. +- [ ] When starting the mastercontainer with `--env NEXTCLOUD_MEMORY_LIMIT=1024M` it should change Nextclouds PHP memory limit to 1024M. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud for allowed values. +- [ ] When starting the mastercontainer with `--env NEXTCLOUD_MAX_TIME=4000` it should change Nextclouds upload max time 4000s. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud for allowed values. +- [ ] When starting the mastercontainer with `--env BORG_RETENTION_POLICY="--keep-within=1d --keep-weekly=1 --keep-monthly=1"` it should change borgs retention policy to the defined one. This can be checked when creating a backup and looking at the logs. +- [ ] When starting the mastercontainer with `--env FULLTEXTSEARCH_JAVA_OPTIONS="-Xms1024M -Xmx1024M"` it should change Elasticsearchs `ES_JAVA_OPTS` options to the defined one. This can be checked by checking the `ES_JAVA_OPTS` variable for the nextcloud-aio-fulltextsearch container. +- [ ] When starting the mastercontainer with `--env WATCHTOWER_DOCKER_SOCKET_PATH="$XDG_RUNTIME_DIR/docker.sock"` it should map `$XDG_RUNTIME_DIR/docker.sock` to `/var/run/docker.sock` inside the watchtower container which allow to update the mastercontainer on docker rootless. +- [ ] When starting the mastercontainer with `--env AIO_DISABLE_BACKUP_SECTION=true` it should hide the backup section that gets shown after AIO is set up (everything of [020-backup-and-restore](./020-backup-and-restore.md)) and simply show that the backup section is disabled. +- [ ] When starting the mastercontainer with `--env NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts`, the resulting nextcloud container should trust all the Certification Authorities, whose certificates are included in the directory `/path/to/my/cacerts` on the host. +See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certification-authorities-ca +- [ ] When starting the mastercontainer with `--env COLLABORA_SECCOMP_DISABLED=true`, the resulting collabora container should have `--o:security.seccomp=false` applied to it. +- [ ] When starting the mastercontainer with `--env NEXTCLOUD_STARTUP_APPS=deck`, the resulting Nextcloud should have only installed the deck app and not the other apps that get installed by default. Default are `deck twofactor_totp tasks calendar contacts notes`. +- [ ] When starting the mastercontainer with `--env NEXTCLOUD_ADDITIONAL_APKS=zip`, the resulting Nextcloud container should have the zip package installed and not imagemagick. +- [ ] When starting the mastercontainer with `--env NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=inotify`, the resulting Nextcloud container should have the inotify extension installed and not the imagick extension. +- [ ] When mounting `/dev/dri` into the mastercontainer with `--device=/dev/dri`, the /dev/dri device mounted into all sibling containers that require it like talk-recording. (Only works if a `/dev/dri` device is present on the host) +- [ ] When starting the mastercontainer with `--env NEXTCLOUD_ENABLE_NVIDIA_GPU=true`, the resulting Nextcloud container should have the nvidia gpu device mounted into the container. (Only works if a Nvidia GPU and runtime is installed on the host) +- [ ] When starting the mastercontainer with `--env NEXTCLOUD_KEEP_DISABLED_APPS=true` it should keep apps in Nextcloud that are disabled in the AIO interface. For example if Collabora is disabled in the AIO interface and you install the richdocuments app in Nextcloud, a restart should not uninstall the richdocuments app in Nextcloud anymore. + +You can now continue with [070-timezone-change.md](./070-timezone-change.md) diff --git a/tests/QA/070-timezone-change.md b/tests/QA/070-timezone-change.md index d9ae9f59..b91c8a93 100644 --- a/tests/QA/070-timezone-change.md +++ b/tests/QA/070-timezone-change.md @@ -1,10 +1,15 @@ -# Timezone change - -- [ ] At the very bottom of the page you should see the timezone change section -- [ ] When the containers are stopped, you should be able to change it and set/reset it -- [ ] If not already set, it should show an input field where you can enter a timezone -- [ ] `Europe/Berlin` should be accepted, e.g. `Europe Berlin` not -- [ ] When it is set, it should show that it is set to which timezone and display a button that allows to reset it again which does this on a press -- [ ] When it is set, running `date` inside Nextcloud related containers should return the correct timezone - + + +# Timezone change + +- [ ] At the very bottom of the page you should see the timezone change section +- [ ] When the containers are stopped, you should be able to change it and set/reset it +- [ ] If not already set, it should show an input field where you can enter a timezone +- [ ] `Europe/Berlin` should be accepted, e.g. `Europe Berlin` not +- [ ] When it is set, it should show that it is set to which timezone and display a button that allows to reset it again which does this on a press +- [ ] When it is set, running `date` inside Nextcloud related containers should return the correct timezone + You can now continue with [080-daily-backup-script.md](./080-daily-backup-script.md) \ No newline at end of file diff --git a/tests/QA/080-daily-backup-script.md b/tests/QA/080-daily-backup-script.md index f1715079..d6748b7e 100644 --- a/tests/QA/080-daily-backup-script.md +++ b/tests/QA/080-daily-backup-script.md @@ -1,5 +1,10 @@ -# Daily backup script - -The script is delivered within the mastercontainer and allows to run a few things like daily backup and container updates from an external script. - -You can find the documentation on this here which needs to work as documented: https://github.com/nextcloud/all-in-one#how-to-stopstartupdate-containers-or-trigger-the-daily-backup-from-a-script-externally + + +# Daily backup script + +The script is delivered within the mastercontainer and allows to run a few things like daily backup and container updates from an external script. + +You can find the documentation on this here which needs to work as documented: https://github.com/nextcloud/all-in-one#how-to-stopstartupdate-containers-or-trigger-the-daily-backup-from-a-script-externally diff --git a/tests/QA/assets/backup-archive/readme.md b/tests/QA/assets/backup-archive/readme.md index 0c60abed..58695e52 100644 --- a/tests/QA/assets/backup-archive/readme.md +++ b/tests/QA/assets/backup-archive/readme.md @@ -1,4 +1,9 @@ -# Backup archive - -The backup archive was moved here because of Git LFS limitations: -https://cloud.nextcloud.com/s/m5DF3AjRs72kWKY + + +# Backup archive + +The backup archive was moved here because of Git LFS limitations: +https://cloud.nextcloud.com/s/m5DF3AjRs72kWKY diff --git a/tests/QA/readme.md b/tests/QA/readme.md index 93b5cccd..c7d669ed 100644 --- a/tests/QA/readme.md +++ b/tests/QA/readme.md @@ -1,7 +1,12 @@ -# QA test plans - -In this folder are manual test plans for QA located that allow to manually step through certain features and make sure that everything works as expected. - -For a test instance, you should make sure that all potentially breaking changes are merged, build new containers by following https://github.com/nextcloud/all-in-one/blob/main/develop.md#how-to-build-new-containers, stop a potential old instance, remove it and delete all volumes. Afterwards start a new clean test instance by following https://github.com/nextcloud/all-in-one/blob/main/develop.md#developer-channel. - -Best is to start testing with [001-initial-setup.md](./001-initial-setup.md). + + +# QA test plans + +In this folder are manual test plans for QA located that allow to manually step through certain features and make sure that everything works as expected. + +For a test instance, you should make sure that all potentially breaking changes are merged, build new containers by following https://github.com/nextcloud/all-in-one/blob/main/develop.md#how-to-build-new-containers, stop a potential old instance, remove it and delete all volumes. Afterwards start a new clean test instance by following https://github.com/nextcloud/all-in-one/blob/main/develop.md#developer-channel. + +Best is to start testing with [001-initial-setup.md](./001-initial-setup.md). diff --git a/zizmor.yml b/zizmor.yml index 6e7a9a2e..2b46cc1a 100644 --- a/zizmor.yml +++ b/zizmor.yml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + rules: excessive-permissions: disable: true