daenamnu/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2026-05-30 07:20:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

mastercontainer updates deSEC IP directly; ddclient auto-configures from env vars

Browse Source 
Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/fc6803fd-5743-438d-86b8-068ce48b1411

Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2026-04-24 19:24:14 +00:00
committed by GitHub
parent f23d8276ff
commit 7c5abc978d
10 changed files with 110 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
php/src/Controller/DesecController.php
View File

@@ -49,7 +49,7 @@ readonly class DesecController {
// Register a free dedyn.io subdomain
$domain = $this->registerDesecDomain($token);
// Persist the credentials and auto-enable the companion community containers
// Persist the credentials and auto-enable caddy as the reverse proxy
$this->configurationManager->startTransaction();
$this->configurationManager->setDesecToken($token);
$this->configurationManager->desecEmail = $email;
@@ -57,10 +57,8 @@ readonly class DesecController {
$this->configurationManager->aioCommunityContainers,
fn(string $cc): bool => $cc !== '',
));
foreach (['caddy', 'ddclient'] as $cc) {
if (!in_array($cc, $enabled, true)) {
$enabled[] = $cc;
}
if (!in_array('caddy', $enabled, true)) {
$enabled[] = 'caddy';
}
$this->configurationManager->aioCommunityContainers = $enabled;
$this->configurationManager->commitTransaction();
@@ -69,6 +67,9 @@ readonly class DesecController {
// created and DNS propagation may not have completed yet.
$this->configurationManager->setDomain($domain, true);
// Perform the first DNS IP update so the record is populated immediately
$this->updateIpIfDesecDomain();
return $response->withStatus(201)->withHeader('Location', '.');
} catch (InvalidSettingConfigurationException $ex) {
$response->getBody()->write($ex->getMessage());
@@ -79,6 +80,36 @@ readonly class DesecController {
}
}
/**
* Updates the deSEC DNS A/AAAA record with the current public IP of this host.
* Uses deSEC's DynDNS2-compatible update endpoint, which auto-detects the requester's IP.
* Safe to call frequently; the endpoint returns "nochg" when the IP has not changed.
* Errors are logged but never thrown, so callers are not interrupted.
*/
public function updateIpIfDesecDomain(): void {
if (!$this->configurationManager->isDesecDomain()) {
return;
}
$domain = $this->configurationManager->domain;
$token = $this->configurationManager->getDesecToken();
try {
$res = $this->guzzleClient->get('https://update.dedyn.io/', [
'query' => ['hostname' => $domain],
'headers' => ['Authorization' => 'Token ' . $token],
]);
$status = trim($res->getBody()->getContents());
if (str_starts_with($status, 'good') || str_starts_with($status, 'nochg')) {
error_log('deSEC IP update for ' . $domain . ': ' . $status);
} else {
error_log('deSEC IP update for ' . $domain . ' returned unexpected response: ' . $status);
}
} catch (\Exception $e) {
error_log('Could not update deSEC DNS record for ' . $domain . ': ' . $e->getMessage());
}
}
/**
* Creates a new deSEC account and returns the API token from the response.
*

6
php/src/Controller/DockerController.php
View File

@@ -18,7 +18,8 @@ readonly class DockerController {
public function __construct(
private DockerActionManager $dockerActionManager,
private ContainerDefinitionFetcher $containerDefinitionFetcher,
private ConfigurationManager $configurationManager
private ConfigurationManager $configurationManager,
private DesecController $desecController,
) {
}
@@ -263,6 +264,9 @@ readonly class DockerController {
// Stop domaincheck since apache would not be able to start otherwise
$this->StopDomaincheckContainer();
// Refresh the deSEC DNS record with the current public IP before starting containers
$this->desecController->updateIpIfDesecDomain();
$id = self::TOP_CONTAINER;
$this->PerformRecursiveContainerStart($id, $pullImage, $addToStreamingResponseBody);

17
php/src/Cron/UpdateDesecIp.php Normal file
View File

@@ -0,0 +1,17 @@
<?php
declare(strict_types=1);
// increase memory limit to 2GB
ini_set('memory_limit', '2048M');
// Log whole log messages
ini_set('log_errors_max_len', '0');
require __DIR__ . '/../../vendor/autoload.php';
$container = \AIO\DependencyInjection::GetContainer();
/** @var \AIO\Controller\DesecController $desecController */
$desecController = $container->get(\AIO\Controller\DesecController::class);
$desecController->updateIpIfDesecDomain();

2
php/templates/containers.twig
View File

@@ -134,7 +134,7 @@
</details>
<details>
<summary>Don't have a domain? Get a free one from deSEC</summary>
<p><a target="_blank" href="https://desec.io">deSEC</a> offers free dynamic DNS subdomains under <strong>dedyn.io</strong>. AIO can register an account and a subdomain for you automatically. The <strong>ddclient</strong> and <strong>caddy</strong> community containers will be enabled so that your IP address is kept up to date and your traffic is routed through a reverse proxy.</p>
<p><a target="_blank" href="https://desec.io">deSEC</a> offers free dynamic DNS subdomains under <strong>dedyn.io</strong>. AIO can register an account and a subdomain for you automatically. The <strong>caddy</strong> community container will be enabled as a reverse proxy, and the mastercontainer will keep your DNS record up to date automatically. You can additionally enable the <strong>ddclient</strong> community container for continuous DNS monitoring between cron cycles.</p>
<p><strong>Requirements:</strong> Your server must be reachable from the internet (a public IP address is needed). Port 80 and 443 must be open/forwarded in your firewall/router.</p>
<p>Please enter your email address. A deSEC account and a random <em>subdomain.dedyn.io</em> domain will be created for you.</p>
<form method="POST" action="api/desec/register" class="xhr">

2
php/templates/includes/community-containers.twig
View File

@@ -2,7 +2,7 @@
<p>In this section you can enable or disable optional Community Containers that are not included by default in the main installation. These containers are provided by the community and can be useful for various purposes and are automatically integrated in AIOs backup solution and update mechanisms.</p>
<p><strong>⚠️ Caution: </strong>Community Containers are maintained by the community and not officially by Nextcloud. Some containers may not be compatible with your system, may not work as expected or may discontinue. Use them at your own risk. Please read the documentation for each container first before adding any as some are also incompatible between each other! Never add all of them at the same time!</p>
{% if is_desec_domain == true %}
<p> Your Nextcloud domain (<strong>{{ domain }}</strong>) was registered via deSEC. The <strong>caddy</strong> and <strong>ddclient</strong> community containers have been automatically enabled. Please follow the <a target="_blank" href="https://github.com/nextcloud/all-in-one/tree/main/community-containers/ddclient"><strong>ddclient documentation</strong></a> to finish configuring DNS updates for your domain.</p>
<p> Your Nextcloud domain (<strong>{{ domain }}</strong>) was registered via deSEC. The <strong>caddy</strong> community container has been automatically enabled as a reverse proxy. The mastercontainer keeps the DNS record up to date; you can optionally also enable the <strong>ddclient</strong> container for continuous DNS monitoring between cron cycles. Please see its <a target="_blank" href="https://github.com/nextcloud/all-in-one/tree/main/community-containers/ddclient"><strong>documentation</strong></a> for details.</p>
{% endif %}
{% if isAnyRunning == true %}
<p><strong>Please note:</strong> You can enable or disable the options below only when your containers are stopped.</p>