From e6ce772e5f1f09b8537cda7bc39b2407a462d58d Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 12 May 2026 10:54:34 +0000 Subject: [PATCH] fix: set oom_score_adj to -1000 and document in all docker run commands Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/40122d48-db6c-4993-a220-40597fcf8262 Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com> --- compose.yaml | 2 +- develop.md | 1 + multiple-instances.md | 1 + php/README.md | 1 + readme.md | 3 +++ reverse-proxy.md | 3 +++ 6 files changed, 10 insertions(+), 1 deletion(-) diff --git a/compose.yaml b/compose.yaml index 132b5d8c..36b3f969 100644 --- a/compose.yaml +++ b/compose.yaml @@ -4,7 +4,7 @@ services: image: ghcr.io/nextcloud-releases/all-in-one:latest # This is the container image used. You can switch to ghcr.io/nextcloud-releases/all-in-one:beta if you want to help testing new releases. See https://github.com/nextcloud/all-in-one#how-to-switch-the-channel init: true # This setting makes sure that signals from main process inside the container are correctly forwarded to children. See https://docs.docker.com/reference/compose-file/services/#init restart: always # This makes sure that the container starts always together with the host OS. See https://docs.docker.com/reference/compose-file/services/#restart - oom_score_adj: -500 # This makes the Linux OOM killer significantly less likely to kill the mastercontainer, keeping the AIO interface accessible even under memory pressure. The range is -1000 (never kill) to 1000 (kill first); -500 provides strong protection while still allowing the OOM killer to act on this container as a last resort if it were to run out of control. + oom_score_adj: -1000 # This instructs the Linux OOM killer to never kill the mastercontainer, keeping the AIO interface accessible even under memory pressure. -1000 is the minimum value and means "never kill". See https://docs.kernel.org/admin-guide/cgroup-v1/memory.html container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly volumes: - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work diff --git a/develop.md b/develop.md index c4543078..91e277fa 100644 --- a/develop.md +++ b/develop.md @@ -6,6 +6,7 @@ sudo docker run \ --sig-proxy=false \ --name nextcloud-aio-mastercontainer \ --restart always \ +--oom-score-adj -1000 \ --publish 80:80 \ --publish 8080:8080 \ --publish 8443:8443 \ diff --git a/multiple-instances.md b/multiple-instances.md index a0822739..c38a2354 100644 --- a/multiple-instances.md +++ b/multiple-instances.md @@ -143,6 +143,7 @@ apt install --no-install-recommends qemu-system qemu-utils libvirt-clients libvi --sig-proxy=false \ --name nextcloud-aio-mastercontainer \ --restart always \ + --oom-score-adj -1000 \ --publish 8080:8080 \ --env APACHE_PORT=11000 \ --env APACHE_IP_BINDING=0.0.0.0 \ diff --git a/php/README.md b/php/README.md index af824818..ec7a66cb 100644 --- a/php/README.md +++ b/php/README.md @@ -32,6 +32,7 @@ Here is a command to quickly launch a container : docker run \ --rm \ --name nextcloud-aio-mastercontainer \ +--oom-score-adj -1000 \ --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \ --volume /var/run/docker.sock:/var/run/docker.sock \ ghcr.io/nextcloud-releases/all-in-one:latest diff --git a/readme.md b/readme.md index 0666472e..81ce995e 100644 --- a/readme.md +++ b/readme.md @@ -199,6 +199,7 @@ sudo docker run \ --sig-proxy=false \ --name nextcloud-aio-mastercontainer \ --restart always \ + --oom-score-adj -1000 \ --publish 80:80 \ --publish 8080:8080 \ --publish 8443:8443 \ @@ -215,6 +216,7 @@ sudo docker run \ - `--sig-proxy=false` — prevents Ctrl+C in the attached terminal from stopping the container. - `--name nextcloud-aio-mastercontainer` — the container name. Do not change this name; mastercontainer updates rely on it. - `--restart always` — ensures the container restarts automatically with the Docker daemon. + - `--oom-score-adj -1000` — instructs the Linux OOM killer to never kill the mastercontainer, keeping the AIO interface accessible even under memory pressure. `-1000` is the minimum value meaning "never kill". - `--publish 80:80` — publishes container port 80 on host port 80 (used for ACME http-challenge when obtaining certificates, used for for the AIO-interface running inside the mastercontainer). Not required if you run AIO behind a reverse proxy. - `--publish 8080:8080` — publishes the AIO interface (self-signed certificate) on host port 8080. You may map a different host port if 8080 is in use (e.g. `--publish 8081:8080`). - `--publish 8443:8443` — publishes the AIO interface with a valid certificate on host port 8443 (requires ports 80 and 8443 to be reachable and a domain pointing to your server). Not required if you run AIO behind a reverse proxy. @@ -700,6 +702,7 @@ docker run ^ --sig-proxy=false ^ --name nextcloud-aio-mastercontainer ^ --restart always ^ +--oom-score-adj -1000 ^ --publish 80:80 ^ --publish 8080:8080 ^ --publish 8443:8443 ^ diff --git a/reverse-proxy.md b/reverse-proxy.md index ea81c844..8eaefe97 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -1104,6 +1104,7 @@ sudo docker run \ --sig-proxy=false \ --name nextcloud-aio-mastercontainer \ --restart always \ +--oom-score-adj -1000 \ --publish 8080:8080 \ --env APACHE_PORT=11000 \ --env APACHE_IP_BINDING=0.0.0.0 \ @@ -1123,6 +1124,7 @@ ghcr.io/nextcloud-releases/all-in-one:latest - `--sig-proxy=false` This option allows to exit the container shell that gets attached automatically when using `docker run` by using `[CTRL] + [C]` without shutting down the container. - `--name nextcloud-aio-mastercontainer` This is the name of the container. This line is not allowed to be changed, since mastercontainer updates would fail. - `--restart always` This is the "restart policy". `always` means that the container should always get started with the Docker daemon. See the Docker documentation for further detail about restart policies: https://docs.docker.com/config/containers/start-containers-automatically/ +- `--oom-score-adj -1000` This instructs the Linux OOM killer to never kill the mastercontainer, keeping the AIO interface accessible even under memory pressure. `-1000` is the minimum value meaning "never kill". - `--publish 8080:8080` This means that port 8080 of the container should get published on the host using port 8080. This port is used for the AIO interface and uses a self-signed certificate by default. You can also use a different host port if port 8080 is already used on your host, for example `--publish 8081:8080` (only the first port can be changed for the host, the second port is for the container and must remain at 8080). - `--env APACHE_PORT=11000` This is the port that is published on the host that runs Docker and Nextcloud AIO at which the reverse proxy should point at. - `--env APACHE_IP_BINDING=0.0.0.0` This can be modified to allow access to the published port on the host only from certain ip-addresses. [See this documentation](#3-limit-the-access-to-the-apache-container) @@ -1153,6 +1155,7 @@ docker run ^ --sig-proxy=false ^ --name nextcloud-aio-mastercontainer ^ --restart always ^ +--oom-score-adj -1000 ^ --publish 8080:8080 ^ --env APACHE_PORT=11000 ^ --env APACHE_IP_BINDING=0.0.0.0 ^