mirror of
https://github.com/nextcloud/all-in-one.git
synced 2026-05-21 19:00:33 +00:00
Compare commits
9 Commits
aio-depend
...
copilot/se
| Author | SHA1 | Date | |
|---|---|---|---|
|
bbafd6ff8c | ||
|
|
adcc41f401 | ||
|
|
68bb93a2c8 | ||
|
|
a415c76ad2 | ||
|
|
79e05f33cd | ||
|
|
ef58220c09 | ||
|
|
6a9e55a8de | ||
|
|
8356d0dadc | ||
|
|
3e72f06d32 |
@@ -1,20 +0,0 @@
|
||||
# https://editorconfig.org
|
||||
|
||||
# Tip: to find files violating the rules set out here, run `docker run --rm --volume=$PWD:/check mstruebing/editorconfig-checker`
|
||||
|
||||
root = true
|
||||
|
||||
[*]
|
||||
charset = utf-8
|
||||
end_of_line = lf
|
||||
indent_size = 4
|
||||
indent_style = space
|
||||
insert_final_newline = true
|
||||
trim_trailing_whitespace = true
|
||||
|
||||
[*.yaml]
|
||||
indent_size = 2
|
||||
|
||||
|
||||
[*.yml]
|
||||
indent_size = 2
|
||||
5
.github/workflows/helm-release.yml
vendored
5
.github/workflows/helm-release.yml
vendored
@@ -10,16 +10,13 @@ on:
|
||||
|
||||
jobs:
|
||||
release:
|
||||
# Do not run this workflow on forked repositories, as they might not have the `gh-pages` branch created, or might
|
||||
# want to use it for other purposes than publishing helm charts
|
||||
if: github.repository == 'nextcloud/all-in-one'
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
|
||||
- name: Turnstyle
|
||||
uses: softprops/turnstyle@e15e934b3f69ee283ba389ea05c8886baa656d93 # v2
|
||||
uses: softprops/turnstyle@e565d2d86403c5d23533937e95980570545e5586 # v2
|
||||
with:
|
||||
continue-after-seconds: 180
|
||||
env:
|
||||
|
||||
2
.github/workflows/playwright-on-push.yml
vendored
2
.github/workflows/playwright-on-push.yml
vendored
@@ -30,7 +30,7 @@ jobs:
|
||||
steps:
|
||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
|
||||
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
|
||||
- uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
|
||||
with:
|
||||
node-version: lts/*
|
||||
|
||||
|
||||
@@ -15,7 +15,7 @@ jobs:
|
||||
steps:
|
||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
|
||||
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
|
||||
- uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
|
||||
with:
|
||||
node-version: lts/*
|
||||
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
FROM caddy:2.11.3-alpine AS caddy
|
||||
FROM caddy:2.11.2-alpine AS caddy
|
||||
|
||||
# From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
|
||||
FROM httpd:2.4.67-alpine3.23
|
||||
FROM httpd:2.4.66-alpine3.23
|
||||
|
||||
COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
|
||||
|
||||
|
||||
@@ -9,6 +9,34 @@ Listen 8000
|
||||
ErrorLogFormat "[%t] [%l] [%E] [client: %{X-Forwarded-For}i] [%M] [%{User-Agent}i]"
|
||||
LogLevel ${AIO_LOG_LEVEL}
|
||||
|
||||
# KeepAlive On: allow the same TCP connection to carry multiple HTTP requests.
|
||||
# Without this each asset (JS, CSS, image) would require a full TCP handshake,
|
||||
# which is especially expensive on TLS connections and noticeably slows down
|
||||
# Nextcloud's login page and file manager that load dozens of resources at once.
|
||||
KeepAlive On
|
||||
# KeepAliveTimeout: close an idle keep-alive connection after 5 seconds.
|
||||
# A short timeout frees Apache worker threads quickly so they are available
|
||||
# for new requests; 5 s is long enough to cover the gap between requests
|
||||
# that a browser issues while rendering a page (typically < 1 s), yet short
|
||||
# enough to avoid holding threads open for idle or slow clients.
|
||||
KeepAliveTimeout 5
|
||||
# MaxKeepAliveRequests: allow at most 500 requests per persistent connection.
|
||||
# 100 (the Apache default) is too low for Nextcloud: the desktop and mobile
|
||||
# sync clients issue many small API calls (PROPFIND, GET, PUT, checksums …)
|
||||
# per sync cycle and routinely exceed 100 requests on a single connection.
|
||||
# Hitting the limit forces a new TCP/TLS handshake, adding latency and CPU
|
||||
# overhead. 500 gives sync clients enough headroom while still periodically
|
||||
# recycling threads to contain per-process memory growth.
|
||||
MaxKeepAliveRequests 500
|
||||
|
||||
# sendfile(2) is disabled because it bypasses Apache's output-filter chain: with
|
||||
# it enabled, mod_brotli is silently skipped for static files (JS, CSS, SVG),
|
||||
# negating the compression configured below. MMAP is also
|
||||
# disabled because files can be replaced by Nextcloud at any time and mmap'd
|
||||
# pages could serve stale data.
|
||||
EnableSendfile Off
|
||||
EnableMMAP Off
|
||||
|
||||
# PHP match
|
||||
<FilesMatch "\.php$">
|
||||
SetHandler "proxy:fcgi://${NEXTCLOUD_HOST}:9000"
|
||||
@@ -17,12 +45,17 @@ Listen 8000
|
||||
<Proxy "fcgi://${NEXTCLOUD_HOST}:9000" flushpackets=on>
|
||||
</Proxy>
|
||||
|
||||
# Compress JS, CSS and SVG responses with Brotli.
|
||||
# Compress JS, CSS and SVG responses with Brotli (quality 4 gives good
|
||||
# compression with reasonable CPU cost; the default of 0 barely compresses).
|
||||
# Other plain-text files are already compressed by Nextcloud itself.
|
||||
# No deflate fallback is needed: every browser that Nextcloud supports
|
||||
# (Chrome 49+, Firefox 44+, Safari 11+, Edge 15+ — all from 2016-2017)
|
||||
# supports Brotli. Internet Explorer, the only browser that never gained
|
||||
# Brotli support, was dropped by Nextcloud with NC15 (2019).
|
||||
# Desktop and mobile sync clients never request JS/CSS/SVG assets.
|
||||
<IfModule mod_brotli.c>
|
||||
AddOutputFilterByType BROTLI_COMPRESS text/javascript application/javascript application/x-javascript text/css image/svg+xml
|
||||
BrotliCompressionQuality 0
|
||||
BrotliCompressionQuality 4
|
||||
</IfModule>
|
||||
|
||||
# Nextcloud dir
|
||||
|
||||
@@ -12,7 +12,7 @@ loglevel=%(ENV_AIO_LOG_LEVEL)s
|
||||
stdout_logfile=%(ENV_SUPERVISORD_STDOUT)s
|
||||
stderr_logfile=/dev/stderr
|
||||
stderr_logfile_maxbytes=0
|
||||
command=httpd -DFOREGROUND
|
||||
command=apachectl -DFOREGROUND
|
||||
|
||||
[program:caddy]
|
||||
stdout_logfile=/dev/stdout
|
||||
|
||||
@@ -31,5 +31,4 @@ LABEL com.centurylinklabs.watchtower.enable="false" \
|
||||
org.opencontainers.image.source="https://github.com/nextcloud/all-in-one" \
|
||||
org.opencontainers.image.vendor="Nextcloud" \
|
||||
org.opencontainers.image.documentation="https://github.com/nextcloud/all-in-one/blob/main/readme.md"
|
||||
ENV BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6" \
|
||||
AIO_LOG_LEVEL="warn"
|
||||
ENV BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6"
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
FROM haproxy:3.3.10-alpine
|
||||
FROM haproxy:3.3.7-alpine
|
||||
|
||||
# hadolint ignore=DL3002
|
||||
USER root
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
# Probably from here https://github.com/elastic/dockerfiles/blob/9.3/elasticsearch/Dockerfile
|
||||
FROM elasticsearch:9.4.1
|
||||
FROM elasticsearch:9.3.3
|
||||
|
||||
USER root
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
FROM golang:1.26.3-alpine3.23 AS go
|
||||
FROM golang:1.26.2-alpine3.23 AS go
|
||||
|
||||
ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
|
||||
ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
|
||||
|
||||
RUN set -ex; \
|
||||
apk upgrade --no-cache -a; \
|
||||
|
||||
@@ -1,17 +1,17 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
# Docker CLI is a requirement
|
||||
FROM docker:29.5.1-cli AS docker
|
||||
FROM docker:29.4.1-cli AS docker
|
||||
|
||||
ARG CADDY_REMOTE_HOST_HASH=e80a9931765a8dbcbb47db415863387f0df0e1b3
|
||||
ARG CADDY_REMOTE_HOST_HASH=b21775afa730ffb52a24ddff310c8a6d1fd37276
|
||||
|
||||
# Caddy is a requirement
|
||||
FROM caddy:2.11.3-builder-alpine AS caddy
|
||||
FROM caddy:2.11.2-builder-alpine AS caddy
|
||||
RUN set -ex; \
|
||||
xcaddy build --with github.com/muety/caddy-remote-host@"$CADDY_REMOTE_HOST_HASH"; \
|
||||
/usr/bin/caddy list-modules
|
||||
|
||||
# From https://github.com/docker-library/php/blob/master/8.5/alpine3.23/fpm/Dockerfile
|
||||
FROM php:8.5.6-fpm-alpine3.23
|
||||
FROM php:8.5.5-fpm-alpine3.23
|
||||
|
||||
EXPOSE 80
|
||||
EXPOSE 8080
|
||||
|
||||
@@ -54,7 +54,7 @@ stdout_logfile_maxbytes=0
|
||||
stderr_logfile=/dev/stderr
|
||||
stderr_logfile_maxbytes=0
|
||||
command=/session-deduplicator.sh
|
||||
user=www-data
|
||||
user=root
|
||||
|
||||
[program:domain-validator]
|
||||
# Logging is disabled as otherwise all attempts will be logged which spams the logs
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
FROM php:8.3.31-fpm-alpine3.23
|
||||
FROM php:8.3.30-fpm-alpine3.23
|
||||
|
||||
ENV PHP_MEMORY_LIMIT=512M
|
||||
ENV PHP_UPLOAD_LIMIT=16G
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
<?php
|
||||
$CONFIG = array (
|
||||
'serverid' => hexdec(hash('xxh32', gethostname()) & 0x1FF,
|
||||
'serverid' => crc32(gethostname()) % 512,
|
||||
);
|
||||
|
||||
@@ -28,7 +28,7 @@ elif [ "$CPU_ARCH" != "x86_64" ]; then
|
||||
fi
|
||||
|
||||
# Add warning
|
||||
if ! [ -f /var/www/html/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push ] && ! [ -f /var/www/html/apps/notify_push/bin/"$CPU_ARCH"/notify_push ]; then
|
||||
if ! [ -f /var/www/html/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push ]; then
|
||||
echo "The notify_push binary was not found."
|
||||
echo "Most likely is DNS resolution not working correctly."
|
||||
echo "You can try to fix this by configuring a DNS server globally in dockers daemon.json."
|
||||
@@ -42,24 +42,9 @@ if ! [ -f /var/www/html/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push ] &&
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Logic for ipv6 disabled servers
|
||||
BIND="::"
|
||||
if grep -q "1" /sys/module/ipv6/parameters/disable \
|
||||
|| grep -q "1" /proc/sys/net/ipv6/conf/all/disable_ipv6 \
|
||||
|| grep -q "1" /proc/sys/net/ipv6/conf/default/disable_ipv6; then
|
||||
BIND="0.0.0.0"
|
||||
fi
|
||||
export BIND
|
||||
|
||||
echo "notify-push was started"
|
||||
|
||||
|
||||
if [ -f /var/www/html/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push ]; then
|
||||
PUSH_PATH="/var/www/html/custom_apps/notify_push/bin/$CPU_ARCH/notify_push"
|
||||
else
|
||||
PUSH_PATH="/var/www/html/apps/notify_push/bin/$CPU_ARCH/notify_push"
|
||||
fi
|
||||
# Run it
|
||||
exec "$PUSH_PATH" \
|
||||
exec /var/www/html/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push \
|
||||
--port 7867 \
|
||||
/var/www/html/config/config.php
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
# From https://github.com/docker-library/postgres/blob/master/18/alpine3.23/Dockerfile
|
||||
FROM postgres:18.4-alpine
|
||||
FROM postgres:18.3-alpine
|
||||
|
||||
ENV PGDATA=/var/lib/postgresql/data
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
# From https://github.com/redis/docker-library-redis/blob/release/8.2/alpine/Dockerfile
|
||||
FROM redis:8.6.3-alpine
|
||||
FROM redis:8.6.2-alpine
|
||||
|
||||
COPY --chmod=775 start.sh /start.sh
|
||||
|
||||
|
||||
@@ -1,11 +1,11 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
FROM python:3.14.5-alpine3.23
|
||||
FROM python:3.14.3-alpine3.23
|
||||
|
||||
COPY --chmod=775 start.sh /start.sh
|
||||
COPY --chmod=775 healthcheck.sh /healthcheck.sh
|
||||
|
||||
ENV RECORDING_VERSION=v0.2.1
|
||||
ENV ALLOW_ALL=false \
|
||||
ENV RECORDING_VERSION=v0.2.1 \
|
||||
ALLOW_ALL=false \
|
||||
HPB_PROTOCOL=https \
|
||||
NC_PROTOCOL=https \
|
||||
SKIP_VERIFY=false \
|
||||
@@ -35,9 +35,6 @@ RUN set -ex; \
|
||||
build-base \
|
||||
linux-headers \
|
||||
geckodriver; \
|
||||
if [ "$(apk --print-arch)" = "x86_64" ]; then \
|
||||
apk add --no-cache intel-media-driver; \
|
||||
fi; \
|
||||
useradd -d /tmp --system recording -u 122; \
|
||||
# Give root a random password
|
||||
echo "root:$(openssl rand -base64 12)" | chpasswd; \
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
FROM nats:2.14.1-scratch AS nats
|
||||
FROM nats:2.12.8-scratch AS nats
|
||||
FROM eturnal/eturnal:1.12.2-alpine AS eturnal
|
||||
FROM strukturag/nextcloud-spreed-signaling:2.1.1 AS signaling
|
||||
FROM alpine:3.23.4 AS janus
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
FROM golang:1.26.3-alpine3.23 AS go
|
||||
FROM golang:1.26.2-alpine3.23 AS go
|
||||
|
||||
ENV WATCHTOWER_COMMIT_HASH=652c89577076f6bc6f2af4465217589641216ee3
|
||||
|
||||
@@ -22,8 +22,6 @@ COPY --chmod=775 start.sh /start.sh
|
||||
# hadolint ignore=DL3002
|
||||
USER root
|
||||
|
||||
ENV AIO_LOG_LEVEL="warn"
|
||||
|
||||
ENTRYPOINT ["/start.sh"]
|
||||
LABEL com.centurylinklabs.watchtower.enable="false" \
|
||||
wud.watch="false" \
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
# Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile
|
||||
FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.8
|
||||
FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.7
|
||||
|
||||
USER root
|
||||
RUN set -ex; \
|
||||
|
||||
@@ -1,12 +1,19 @@
|
||||
# https://editorconfig.org
|
||||
|
||||
# note: the files in ./composer actually use 4 spaces instead of tabs
|
||||
|
||||
root = true
|
||||
|
||||
[*]
|
||||
charset = utf-8
|
||||
end_of_line = lf
|
||||
indent_size = 4
|
||||
indent_style = tab
|
||||
insert_final_newline = true
|
||||
trim_trailing_whitespace = true
|
||||
|
||||
[*.feature]
|
||||
indent_size = 2
|
||||
indent_style = space
|
||||
|
||||
[*.yml]
|
||||
indent_size = 2
|
||||
indent_style = space
|
||||
|
||||
@@ -1,10 +1,7 @@
|
||||
# AIO app for Nextcloud
|
||||
|
||||
This folder contains a Nextcloud app, which will be automatically installed within the Nextcloud instance.
|
||||
It adds a link to the admin settings page that gives access to the AIO interface.
|
||||
|
||||
## How to develop the app?
|
||||
|
||||
Please note that in order to check if an app is already downloaded Nextcloud will look for a folder with the same name as the app.
|
||||
Please note that in order to check if an app is already downloaded
|
||||
Nextcloud will look for a folder with the same name as the app.
|
||||
|
||||
Therefore you need to add the app to one of the app directories naming the directory `nextcloud-aio`.
|
||||
Therefore you need to add the app to one of the app directories
|
||||
naming the directory `nextcloud-aio`.
|
||||
|
||||
@@ -6,8 +6,6 @@ This container bundles Home Assistant and auto-configures it for you.
|
||||
- After adding and starting the container, you can visit `http://ip.address.of.this.server:8123` in order to set up your Home Assistant instance.
|
||||
- The data of Home Assistant will be automatically included in AIOs backup solution!
|
||||
- In order to access your Home Assistant outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md).
|
||||
- And to allow the traffic from the reverse proxy to be accepted by Home Assistant, follow [these instructions](https://www.home-assistant.io/integrations/http/#reverse-proxies) from the Home Assistant documentation.
|
||||
- Or, to use the Caddy with geoblocking community container, follow the following instruction to add your own Caddyfile, to use it for Home Assistant: https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy#notes
|
||||
- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
|
||||
|
||||
### Repository
|
||||
|
||||
@@ -4,8 +4,8 @@
|
||||
"container_name": "nextcloud-aio-lldap",
|
||||
"display_name": "Light LDAP implementation",
|
||||
"documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap",
|
||||
"image": "ghcr.io/lldap/lldap",
|
||||
"image_tag": "latest-alpine",
|
||||
"image": "lldap/lldap",
|
||||
"image_tag": "v0-alpine",
|
||||
"internal_port": "17170",
|
||||
"restart": "unless-stopped",
|
||||
"ports": [
|
||||
|
||||
@@ -1,9 +1,6 @@
|
||||
## Minio
|
||||
This container bundles minio s3 storage and auto-configures it for you.
|
||||
|
||||
> [!CAUTION]
|
||||
> The Minio upstream project is no longer maintained. The container should still work in its current form...
|
||||
|
||||
>[!WARNING]
|
||||
> Enabling this container will remove access to all the files formerly written to the data directory.
|
||||
> So only enable this on a clean instance directly after installing AIO.
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
name: nextcloud-aio # Add the container to the same compose project to which all the sibling containers are added automatically
|
||||
name: nextcloud-aio # Add the container to the same compose project like all the sibling containers are added to automatically.
|
||||
services:
|
||||
nextcloud-aio-mastercontainer:
|
||||
image: ghcr.io/nextcloud-releases/all-in-one:latest # This is the container image used. You can switch to ghcr.io/nextcloud-releases/all-in-one:beta if you want to help testing new releases. See https://github.com/nextcloud/all-in-one#how-to-switch-the-channel
|
||||
@@ -15,10 +15,10 @@ services:
|
||||
- "80:80" # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
|
||||
- "8080:8080" # This is the AIO interface, served via https and self-signed certificate. See https://github.com/nextcloud/all-in-one#explanation-of-used-ports
|
||||
- "8443:8443" # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
|
||||
# security_opt: ["label:disable"] # Needed when using SELinux. See https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled
|
||||
# environment: # This line is needed (has to be uncommented) when using any of the options below
|
||||
# security_opt: ["label:disable"] # Is needed when using SELinux. See https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled
|
||||
# environment: # Is needed when using any of the options below
|
||||
# AIO_DISABLE_BACKUP_SECTION: false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section
|
||||
# APACHE_PORT: 11000 # Needed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
|
||||
# APACHE_PORT: 11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
|
||||
# APACHE_IP_BINDING: 127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
|
||||
# APACHE_ADDITIONAL_NETWORK: frontend_net # (Optional) Connect the apache container to an additional docker network. Needed when behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) running in a different docker network on same server. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
|
||||
# BORG_RETENTION_POLICY: --keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy
|
||||
|
||||
@@ -39,13 +39,13 @@ services:
|
||||
- COLLABORA_HOST=nextcloud-aio-collabora
|
||||
- TALK_HOST=nextcloud-aio-talk
|
||||
- APACHE_PORT
|
||||
- AIO_LOG_LEVEL
|
||||
- ONLYOFFICE_HOST=nextcloud-aio-onlyoffice
|
||||
- TZ=${TIMEZONE}
|
||||
- APACHE_MAX_SIZE
|
||||
- APACHE_MAX_TIME=${NEXTCLOUD_MAX_TIME}
|
||||
- NOTIFY_PUSH_HOST=nextcloud-aio-notify-push
|
||||
- WHITEBOARD_HOST=nextcloud-aio-whiteboard
|
||||
- HARP_HOST=nextcloud-aio-harp
|
||||
volumes:
|
||||
- nextcloud_aio_nextcloud:/var/www/html:ro
|
||||
- nextcloud_aio_apache:/mnt/data:rw
|
||||
@@ -80,7 +80,6 @@ services:
|
||||
- POSTGRES_PASSWORD=${DATABASE_PASSWORD}
|
||||
- POSTGRES_DB=nextcloud_database
|
||||
- POSTGRES_USER=nextcloud
|
||||
- AIO_LOG_LEVEL
|
||||
- TZ=${TIMEZONE}
|
||||
- PGTZ=${TIMEZONE}
|
||||
stop_grace_period: 1800s
|
||||
@@ -150,7 +149,6 @@ services:
|
||||
- TURN_SECRET
|
||||
- SIGNALING_SECRET
|
||||
- ONLYOFFICE_SECRET
|
||||
- AIO_LOG_LEVEL
|
||||
- NEXTCLOUD_MOUNT
|
||||
- CLAMAV_ENABLED
|
||||
- CLAMAV_HOST=nextcloud-aio-clamav
|
||||
@@ -209,7 +207,6 @@ services:
|
||||
- nextcloud_aio_nextcloud:/var/www/html:ro
|
||||
environment:
|
||||
- NEXTCLOUD_HOST=nextcloud-aio-nextcloud
|
||||
- AIO_LOG_LEVEL
|
||||
- TZ=${TIMEZONE}
|
||||
restart: unless-stopped
|
||||
read_only: true
|
||||
@@ -231,7 +228,6 @@ services:
|
||||
- "6379"
|
||||
environment:
|
||||
- REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
|
||||
- AIO_LOG_LEVEL
|
||||
- TZ=${TIMEZONE}
|
||||
volumes:
|
||||
- nextcloud_aio_redis:/data:rw
|
||||
@@ -255,9 +251,8 @@ services:
|
||||
- "9980"
|
||||
environment:
|
||||
- aliasgroup1=https://${NC_DOMAIN}:443,http://nextcloud-aio-apache.nextcloud-aio:23973
|
||||
- extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
|
||||
- extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
|
||||
- dictionaries=${COLLABORA_DICTIONARIES}
|
||||
- AIO_LOG_LEVEL
|
||||
- TZ=${TIMEZONE}
|
||||
- server_name=${NC_DOMAIN}
|
||||
- DONT_GEN_SSL_CERT=1
|
||||
@@ -298,7 +293,6 @@ services:
|
||||
- TALK_HOST=nextcloud-aio-talk
|
||||
- TURN_SECRET
|
||||
- SIGNALING_SECRET
|
||||
- AIO_LOG_LEVEL
|
||||
- TZ=${TIMEZONE}
|
||||
- TALK_PORT
|
||||
- INTERNAL_SECRET=${TALK_INTERNAL_SECRET}
|
||||
@@ -331,7 +325,6 @@ services:
|
||||
- "1234"
|
||||
environment:
|
||||
- NC_DOMAIN
|
||||
- AIO_LOG_LEVEL
|
||||
- TZ=${TIMEZONE}
|
||||
- RECORDING_SECRET
|
||||
- INTERNAL_SECRET=${TALK_INTERNAL_SECRET}
|
||||
@@ -361,7 +354,6 @@ services:
|
||||
expose:
|
||||
- "3310"
|
||||
environment:
|
||||
- AIO_LOG_LEVEL
|
||||
- TZ=${TIMEZONE}
|
||||
- MAX_SIZE=${NEXTCLOUD_UPLOAD_LIMIT}
|
||||
volumes:
|
||||
@@ -392,8 +384,6 @@ services:
|
||||
expose:
|
||||
- "80"
|
||||
environment:
|
||||
- AIO_LOG_LEVEL
|
||||
- LOG_LEVEL=${AIO_LOG_LEVEL}
|
||||
- TZ=${TIMEZONE}
|
||||
- JWT_ENABLED=true
|
||||
- JWT_HEADER=AuthorizationJwt
|
||||
@@ -420,7 +410,6 @@ services:
|
||||
expose:
|
||||
- "9000"
|
||||
environment:
|
||||
- AIO_LOG_LEVEL
|
||||
- TZ=${TIMEZONE}
|
||||
- IMAGINARY_SECRET
|
||||
restart: unless-stopped
|
||||
@@ -447,12 +436,12 @@ services:
|
||||
expose:
|
||||
- "9200"
|
||||
environment:
|
||||
- AIO_LOG_LEVEL
|
||||
- TZ=${TIMEZONE}
|
||||
- ES_JAVA_OPTS=${FULLTEXTSEARCH_JAVA_OPTIONS}
|
||||
- bootstrap.memory_lock=false
|
||||
- cluster.name=nextcloud-aio
|
||||
- discovery.type=single-node
|
||||
- logger.level=WARN
|
||||
- http.port=9200
|
||||
- xpack.license.self_generated.type=basic
|
||||
- xpack.security.enabled=false
|
||||
@@ -484,7 +473,6 @@ services:
|
||||
tmpfs:
|
||||
- /tmp
|
||||
environment:
|
||||
- AIO_LOG_LEVEL
|
||||
- TZ=${TIMEZONE}
|
||||
- NEXTCLOUD_URL=https://${NC_DOMAIN}
|
||||
- JWT_SECRET_KEY=${WHITEBOARD_SECRET}
|
||||
|
||||
@@ -21,11 +21,11 @@ TALK_ENABLED="no" # Setting this to "yes" (with quotes) enables the opt
|
||||
TALK_RECORDING_ENABLED="no" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
|
||||
WHITEBOARD_ENABLED="no" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
|
||||
|
||||
AIO_LOG_LEVEL=warn # Allows to adjust the global AIO log level. Valid values are debug, info, warn and error.
|
||||
APACHE_IP_BINDING=0.0.0.0 # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) and if that is running on the same host and using localhost to connect
|
||||
APACHE_MAX_SIZE=17179869184 # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
|
||||
APACHE_PORT=443 # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else).
|
||||
ADDITIONAL_COLLABORA_OPTIONS=['--o:security.seccomp=true'] # You can add additional collabora options here by using the array syntax.
|
||||
AIO_LOG_LEVEL=warn # Allows to adjust the global AIO log level. Valid values are debug, info, warn and error.
|
||||
COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru" # You can change this in order to enable other dictionaries for collabora
|
||||
FULLTEXTSEARCH_JAVA_OPTIONS="-Xms512M -Xmx512M" # Allows to adjust the fulltextsearch java options.
|
||||
INSTALL_LATEST_MAJOR=no # Setting this to yes will install the latest Major Nextcloud version upon the first installation
|
||||
|
||||
@@ -48,7 +48,6 @@ sed -i '/AIO_TOKEN/d' containers.yml
|
||||
sed -i '/AIO_URL/d' containers.yml
|
||||
sed -i '/DOCKER_SOCKET_PROXY_ENABLED/d' containers.yml
|
||||
sed -i '/HARP_ENABLED/d' containers.yml
|
||||
sed -i '/HARP_HOST/d' containers.yml
|
||||
sed -i '/HP_SHARED_KEY/d' containers.yml
|
||||
sed -i '/ADDITIONAL_TRUSTED_PROXY/d' containers.yml
|
||||
sed -i '/TURN_DOMAIN/d' containers.yml
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
name: nextcloud-aio-helm-chart
|
||||
description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
|
||||
version: 13.0.4
|
||||
version: 12.9.2
|
||||
apiVersion: v2
|
||||
keywords:
|
||||
- latest
|
||||
|
||||
@@ -37,8 +37,6 @@ spec:
|
||||
- env:
|
||||
- name: ADDITIONAL_TRUSTED_DOMAIN
|
||||
value: "{{ .Values.ADDITIONAL_TRUSTED_DOMAIN }}"
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: APACHE_HOST
|
||||
value: nextcloud-aio-apache
|
||||
- name: APACHE_MAX_SIZE
|
||||
@@ -65,7 +63,7 @@ spec:
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
- name: WHITEBOARD_HOST
|
||||
value: nextcloud-aio-whiteboard
|
||||
image: ghcr.io/nextcloud-releases/aio-apache:20260515_145717
|
||||
image: ghcr.io/nextcloud-releases/aio-apache:20260409_094910
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -36,7 +36,7 @@ spec:
|
||||
{{- end }}
|
||||
initContainers:
|
||||
- name: init-subpath
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260515_145717
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910
|
||||
command:
|
||||
- mkdir
|
||||
- "-p"
|
||||
@@ -55,13 +55,11 @@ spec:
|
||||
{{- end }}
|
||||
containers:
|
||||
- env:
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: MAX_SIZE
|
||||
value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-clamav:20260515_145717
|
||||
image: ghcr.io/nextcloud-releases/aio-clamav:20260409_094910
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -23,8 +23,6 @@ spec:
|
||||
containers:
|
||||
- args: {{ .Values.ADDITIONAL_COLLABORA_OPTIONS | default list | toJson }}
|
||||
env:
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: DONT_GEN_SSL_CERT
|
||||
value: "1"
|
||||
- name: TZ
|
||||
@@ -34,13 +32,13 @@ spec:
|
||||
- name: dictionaries
|
||||
value: "{{ .Values.COLLABORA_DICTIONARIES }}"
|
||||
- name: extra_params
|
||||
value: --o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
|
||||
value: --o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
|
||||
- name: server_name
|
||||
value: "{{ .Values.NC_DOMAIN }}"
|
||||
{{- if contains "--o:support_key=" (join " " (.Values.ADDITIONAL_COLLABORA_OPTIONS | default list)) }}
|
||||
image: ghcr.io/nextcloud-releases/aio-collabora-online:20260515_145717
|
||||
image: ghcr.io/nextcloud-releases/aio-collabora-online:20260409_094910
|
||||
{{- else }}
|
||||
image: ghcr.io/nextcloud-releases/aio-collabora:20260515_145717
|
||||
image: ghcr.io/nextcloud-releases/aio-collabora:20260409_094910
|
||||
{{- end }}
|
||||
readinessProbe:
|
||||
exec:
|
||||
|
||||
@@ -35,7 +35,7 @@ spec:
|
||||
{{- end }}
|
||||
initContainers:
|
||||
- name: init-subpath
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260515_145717
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910
|
||||
command:
|
||||
- mkdir
|
||||
- "-p"
|
||||
@@ -54,8 +54,6 @@ spec:
|
||||
{{- end }}
|
||||
containers:
|
||||
- env:
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: PGTZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
- name: POSTGRES_DB
|
||||
@@ -66,7 +64,7 @@ spec:
|
||||
value: nextcloud
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-postgresql:20260515_145717
|
||||
image: ghcr.io/nextcloud-releases/aio-postgresql:20260409_094910
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -24,7 +24,7 @@ spec:
|
||||
spec:
|
||||
initContainers:
|
||||
- name: init-volumes
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260515_145717
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910
|
||||
command:
|
||||
- chmod
|
||||
- "777"
|
||||
@@ -34,8 +34,6 @@ spec:
|
||||
mountPath: /nextcloud-aio-elasticsearch
|
||||
containers:
|
||||
- env:
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: ES_JAVA_OPTS
|
||||
value: "{{ .Values.FULLTEXTSEARCH_JAVA_OPTIONS | default "-Xms512M -Xmx512M" }}"
|
||||
- name: FULLTEXTSEARCH_PASSWORD
|
||||
@@ -50,17 +48,13 @@ spec:
|
||||
value: single-node
|
||||
- name: http.port
|
||||
value: "9200"
|
||||
- name: indices.fielddata.cache.size
|
||||
value: 20%
|
||||
- name: indices.memory.index_buffer_size
|
||||
value: 20%
|
||||
- name: thread_pool.write.queue_size
|
||||
value: "1000"
|
||||
- name: logger.level
|
||||
value: WARN
|
||||
- name: xpack.license.self_generated.type
|
||||
value: basic
|
||||
- name: xpack.security.enabled
|
||||
value: "false"
|
||||
image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20260515_145717
|
||||
image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20260409_094910
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -34,13 +34,11 @@ spec:
|
||||
{{- end }}
|
||||
containers:
|
||||
- env:
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: IMAGINARY_SECRET
|
||||
value: "{{ .Values.IMAGINARY_SECRET }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-imaginary:20260515_145717
|
||||
image: ghcr.io/nextcloud-releases/aio-imaginary:20260409_094910
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -38,7 +38,7 @@ spec:
|
||||
# AIO settings start # Do not remove or change this line!
|
||||
initContainers:
|
||||
- name: init-volumes
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260515_145717
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910
|
||||
command:
|
||||
- chmod
|
||||
- "777"
|
||||
@@ -92,8 +92,6 @@ spec:
|
||||
value: "{{ .Values.NEXTCLOUD_PASSWORD }}"
|
||||
- name: ADMIN_USER
|
||||
value: admin
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: APACHE_HOST
|
||||
value: nextcloud-aio-apache
|
||||
- name: APACHE_PORT
|
||||
@@ -192,7 +190,7 @@ spec:
|
||||
value: "{{ .Values.WHITEBOARD_ENABLED }}"
|
||||
- name: WHITEBOARD_SECRET
|
||||
value: "{{ .Values.WHITEBOARD_SECRET }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-nextcloud:20260515_145717
|
||||
image: ghcr.io/nextcloud-releases/aio-nextcloud:20260409_094910
|
||||
{{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
|
||||
securityContext:
|
||||
# The items below only work in container context
|
||||
|
||||
@@ -35,13 +35,11 @@ spec:
|
||||
{{- end }}
|
||||
containers:
|
||||
- env:
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: NEXTCLOUD_HOST
|
||||
value: nextcloud-aio-nextcloud
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-notify-push:20260515_145717
|
||||
image: ghcr.io/nextcloud-releases/aio-notify-push:20260409_094910
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -24,7 +24,7 @@ spec:
|
||||
spec:
|
||||
initContainers:
|
||||
- name: init-volumes
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260515_145717
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910
|
||||
command:
|
||||
- chmod
|
||||
- "777"
|
||||
@@ -34,19 +34,15 @@ spec:
|
||||
mountPath: /nextcloud-aio-onlyoffice
|
||||
containers:
|
||||
- env:
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: JWT_ENABLED
|
||||
value: "true"
|
||||
- name: JWT_HEADER
|
||||
value: AuthorizationJwt
|
||||
- name: JWT_SECRET
|
||||
value: "{{ .Values.ONLYOFFICE_SECRET }}"
|
||||
- name: LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-onlyoffice:20260515_145717
|
||||
image: ghcr.io/nextcloud-releases/aio-onlyoffice:20260409_094910
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -35,13 +35,11 @@ spec:
|
||||
{{- end }}
|
||||
containers:
|
||||
- env:
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: REDIS_HOST_PASSWORD
|
||||
value: "{{ .Values.REDIS_PASSWORD }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-redis:20260515_145717
|
||||
image: ghcr.io/nextcloud-releases/aio-redis:20260409_094910
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -40,8 +40,6 @@ spec:
|
||||
value: "{{ .Values.TALK_MAX_STREAM_BITRATE }}"
|
||||
- name: TALK_MAX_SCREEN_BITRATE
|
||||
value: "{{ .Values.TALK_MAX_SCREEN_BITRATE }}"
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: INTERNAL_SECRET
|
||||
value: "{{ .Values.TALK_INTERNAL_SECRET }}"
|
||||
- name: NC_DOMAIN
|
||||
@@ -56,7 +54,7 @@ spec:
|
||||
value: "{{ .Values.TURN_SECRET }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-talk:20260515_145717
|
||||
image: ghcr.io/nextcloud-releases/aio-talk:20260409_094910
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -36,8 +36,6 @@ spec:
|
||||
{{- end }}
|
||||
containers:
|
||||
- env:
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: INTERNAL_SECRET
|
||||
value: "{{ .Values.TALK_INTERNAL_SECRET }}"
|
||||
- name: NC_DOMAIN
|
||||
@@ -46,7 +44,7 @@ spec:
|
||||
value: "{{ .Values.RECORDING_SECRET }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-talk-recording:20260515_145717
|
||||
image: ghcr.io/nextcloud-releases/aio-talk-recording:20260409_094910
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -34,8 +34,6 @@ spec:
|
||||
{{- end }}
|
||||
containers:
|
||||
- env:
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: BACKUP_DIR
|
||||
value: /tmp
|
||||
- name: JWT_SECRET_KEY
|
||||
@@ -52,7 +50,7 @@ spec:
|
||||
value: redis
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-whiteboard:20260515_145717
|
||||
image: ghcr.io/nextcloud-releases/aio-whiteboard:20260409_094910
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -21,7 +21,6 @@ TALK_ENABLED: "no" # Setting this to "yes" (with quotes) enables the op
|
||||
TALK_RECORDING_ENABLED: "no" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
|
||||
WHITEBOARD_ENABLED: "no" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
|
||||
|
||||
AIO_LOG_LEVEL: warn # Allows to adjust the global AIO log level. Valid values are debug, info, warn and error.
|
||||
APACHE_MAX_SIZE: "17179869184" # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
|
||||
APACHE_PORT: 443 # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else).
|
||||
ADDITIONAL_COLLABORA_OPTIONS: ['--o:security.seccomp=true'] # You can add additional collabora options here by using the array syntax.
|
||||
@@ -32,7 +31,7 @@ NEXTCLOUD_ADDITIONAL_APKS: imagemagick # This allows to add additional pa
|
||||
NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.
|
||||
NEXTCLOUD_MAX_TIME: 3600 # This allows to change the upload time limit of the Nextcloud container
|
||||
NEXTCLOUD_MEMORY_LIMIT: 512M # This allows to change the PHP memory limit of the Nextcloud container
|
||||
NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. You can also disable apps by using a hyphen in front of them. E.g. -app_api
|
||||
NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
|
||||
NEXTCLOUD_TRUSTED_CACERTS_DIR: # Setting this to any value allows to automatically import root certificates into the Nextcloud container
|
||||
NEXTCLOUD_UPLOAD_LIMIT: 16G # This allows to change the upload limit of the Nextcloud container
|
||||
REMOVE_DISABLED_APPS: "yes" # Setting this to "no" keep Nextcloud apps that are disabled via their switch and not uninstall them if they should be installed in Nextcloud.
|
||||
|
||||
207
php/composer.lock
generated
207
php/composer.lock
generated
@@ -64,16 +64,16 @@
|
||||
},
|
||||
{
|
||||
"name": "guzzlehttp/guzzle",
|
||||
"version": "7.10.3",
|
||||
"version": "7.10.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/guzzle/guzzle.git",
|
||||
"reference": "47ba23c7a55247e2e1b7407aca90e9bbed0d9d86"
|
||||
"reference": "b51ac707cfa420b7bfd4e4d5e510ba8008e822b4"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/guzzle/guzzle/zipball/47ba23c7a55247e2e1b7407aca90e9bbed0d9d86",
|
||||
"reference": "47ba23c7a55247e2e1b7407aca90e9bbed0d9d86",
|
||||
"url": "https://api.github.com/repos/guzzle/guzzle/zipball/b51ac707cfa420b7bfd4e4d5e510ba8008e822b4",
|
||||
"reference": "b51ac707cfa420b7bfd4e4d5e510ba8008e822b4",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -91,9 +91,8 @@
|
||||
"bamarni/composer-bin-plugin": "^1.8.2",
|
||||
"ext-curl": "*",
|
||||
"guzzle/client-integration-tests": "3.0.2",
|
||||
"guzzlehttp/test-server": "^0.3.2",
|
||||
"php-http/message-factory": "^1.1",
|
||||
"phpunit/phpunit": "^8.5.52 || ^9.6.34",
|
||||
"phpunit/phpunit": "^8.5.39 || ^9.6.20",
|
||||
"psr/log": "^1.1 || ^2.0 || ^3.0"
|
||||
},
|
||||
"suggest": {
|
||||
@@ -171,7 +170,7 @@
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/guzzle/guzzle/issues",
|
||||
"source": "https://github.com/guzzle/guzzle/tree/7.10.3"
|
||||
"source": "https://github.com/guzzle/guzzle/tree/7.10.0"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -187,20 +186,20 @@
|
||||
"type": "tidelift"
|
||||
}
|
||||
],
|
||||
"time": "2026-05-20T22:59:19+00:00"
|
||||
"time": "2025-08-23T22:36:01+00:00"
|
||||
},
|
||||
{
|
||||
"name": "guzzlehttp/promises",
|
||||
"version": "2.4.1",
|
||||
"version": "2.3.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/guzzle/promises.git",
|
||||
"reference": "09e8a212562fb1fb6a512c4156ed71525969d6c2"
|
||||
"reference": "481557b130ef3790cf82b713667b43030dc9c957"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/guzzle/promises/zipball/09e8a212562fb1fb6a512c4156ed71525969d6c2",
|
||||
"reference": "09e8a212562fb1fb6a512c4156ed71525969d6c2",
|
||||
"url": "https://api.github.com/repos/guzzle/promises/zipball/481557b130ef3790cf82b713667b43030dc9c957",
|
||||
"reference": "481557b130ef3790cf82b713667b43030dc9c957",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -208,7 +207,7 @@
|
||||
},
|
||||
"require-dev": {
|
||||
"bamarni/composer-bin-plugin": "^1.8.2",
|
||||
"phpunit/phpunit": "^8.5.52 || ^9.6.34"
|
||||
"phpunit/phpunit": "^8.5.44 || ^9.6.25"
|
||||
},
|
||||
"type": "library",
|
||||
"extra": {
|
||||
@@ -254,7 +253,7 @@
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/guzzle/promises/issues",
|
||||
"source": "https://github.com/guzzle/promises/tree/2.4.1"
|
||||
"source": "https://github.com/guzzle/promises/tree/2.3.0"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -270,20 +269,20 @@
|
||||
"type": "tidelift"
|
||||
}
|
||||
],
|
||||
"time": "2026-05-20T22:57:30+00:00"
|
||||
"time": "2025-08-22T14:34:08+00:00"
|
||||
},
|
||||
{
|
||||
"name": "guzzlehttp/psr7",
|
||||
"version": "2.10.1",
|
||||
"version": "2.9.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/guzzle/psr7.git",
|
||||
"reference": "73ab136360b5dfd858006eae9795e8fe43c80361"
|
||||
"reference": "7d0ed42f28e42d61352a7a79de682e5e67fec884"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/guzzle/psr7/zipball/73ab136360b5dfd858006eae9795e8fe43c80361",
|
||||
"reference": "73ab136360b5dfd858006eae9795e8fe43c80361",
|
||||
"url": "https://api.github.com/repos/guzzle/psr7/zipball/7d0ed42f28e42d61352a7a79de682e5e67fec884",
|
||||
"reference": "7d0ed42f28e42d61352a7a79de682e5e67fec884",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -298,9 +297,9 @@
|
||||
},
|
||||
"require-dev": {
|
||||
"bamarni/composer-bin-plugin": "^1.8.2",
|
||||
"http-interop/http-factory-tests": "1.1.0",
|
||||
"http-interop/http-factory-tests": "0.9.0",
|
||||
"jshttp/mime-db": "1.54.0.1",
|
||||
"phpunit/phpunit": "^8.5.52 || ^9.6.34"
|
||||
"phpunit/phpunit": "^8.5.44 || ^9.6.25"
|
||||
},
|
||||
"suggest": {
|
||||
"laminas/laminas-httphandlerrunner": "Emit PSR-7 responses"
|
||||
@@ -371,7 +370,7 @@
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/guzzle/psr7/issues",
|
||||
"source": "https://github.com/guzzle/psr7/tree/2.10.1"
|
||||
"source": "https://github.com/guzzle/psr7/tree/2.9.0"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -387,7 +386,7 @@
|
||||
"type": "tidelift"
|
||||
}
|
||||
],
|
||||
"time": "2026-05-20T09:27:36+00:00"
|
||||
"time": "2026-03-10T16:41:02+00:00"
|
||||
},
|
||||
{
|
||||
"name": "http-interop/http-factory-guzzle",
|
||||
@@ -449,16 +448,16 @@
|
||||
},
|
||||
{
|
||||
"name": "laravel/serializable-closure",
|
||||
"version": "v2.0.13",
|
||||
"version": "v2.0.12",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/laravel/serializable-closure.git",
|
||||
"reference": "b566ee0dd251f3c4078bed003a7ce015f5ea6dce"
|
||||
"reference": "a6abb4e54f6fcd3138120b9ad497f0bd146f9919"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/laravel/serializable-closure/zipball/b566ee0dd251f3c4078bed003a7ce015f5ea6dce",
|
||||
"reference": "b566ee0dd251f3c4078bed003a7ce015f5ea6dce",
|
||||
"url": "https://api.github.com/repos/laravel/serializable-closure/zipball/a6abb4e54f6fcd3138120b9ad497f0bd146f9919",
|
||||
"reference": "a6abb4e54f6fcd3138120b9ad497f0bd146f9919",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -506,7 +505,7 @@
|
||||
"issues": "https://github.com/laravel/serializable-closure/issues",
|
||||
"source": "https://github.com/laravel/serializable-closure"
|
||||
},
|
||||
"time": "2026-04-16T14:03:50+00:00"
|
||||
"time": "2026-04-14T13:33:34+00:00"
|
||||
},
|
||||
{
|
||||
"name": "nikic/fast-route",
|
||||
@@ -1466,16 +1465,16 @@
|
||||
},
|
||||
{
|
||||
"name": "symfony/deprecation-contracts",
|
||||
"version": "v3.7.0",
|
||||
"version": "v3.6.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/symfony/deprecation-contracts.git",
|
||||
"reference": "50f59d1f3ca46d41ac911f97a78626b6756af35b"
|
||||
"reference": "63afe740e99a13ba87ec199bb07bbdee937a5b62"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/50f59d1f3ca46d41ac911f97a78626b6756af35b",
|
||||
"reference": "50f59d1f3ca46d41ac911f97a78626b6756af35b",
|
||||
"url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/63afe740e99a13ba87ec199bb07bbdee937a5b62",
|
||||
"reference": "63afe740e99a13ba87ec199bb07bbdee937a5b62",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -1488,7 +1487,7 @@
|
||||
"name": "symfony/contracts"
|
||||
},
|
||||
"branch-alias": {
|
||||
"dev-main": "3.7-dev"
|
||||
"dev-main": "3.6-dev"
|
||||
}
|
||||
},
|
||||
"autoload": {
|
||||
@@ -1513,7 +1512,7 @@
|
||||
"description": "A generic function and convention to trigger deprecation notices",
|
||||
"homepage": "https://symfony.com",
|
||||
"support": {
|
||||
"source": "https://github.com/symfony/deprecation-contracts/tree/v3.7.0"
|
||||
"source": "https://github.com/symfony/deprecation-contracts/tree/v3.6.0"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -1524,16 +1523,12 @@
|
||||
"url": "https://github.com/fabpot",
|
||||
"type": "github"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/nicolas-grekas",
|
||||
"type": "github"
|
||||
},
|
||||
{
|
||||
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
|
||||
"type": "tidelift"
|
||||
}
|
||||
],
|
||||
"time": "2026-04-13T15:52:40+00:00"
|
||||
"time": "2024-09-25T14:21:43+00:00"
|
||||
},
|
||||
{
|
||||
"name": "symfony/polyfill-ctype",
|
||||
@@ -1785,16 +1780,16 @@
|
||||
},
|
||||
{
|
||||
"name": "twig/twig",
|
||||
"version": "v3.26.0",
|
||||
"version": "v3.24.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/twigphp/Twig.git",
|
||||
"reference": "1fcae487b180d78e6351f4e0afa91f9eab96a2bc"
|
||||
"reference": "a6769aefb305efef849dc25c9fd1653358c148f0"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/twigphp/Twig/zipball/1fcae487b180d78e6351f4e0afa91f9eab96a2bc",
|
||||
"reference": "1fcae487b180d78e6351f4e0afa91f9eab96a2bc",
|
||||
"url": "https://api.github.com/repos/twigphp/Twig/zipball/a6769aefb305efef849dc25c9fd1653358c148f0",
|
||||
"reference": "a6769aefb305efef849dc25c9fd1653358c148f0",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -1849,7 +1844,7 @@
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/twigphp/Twig/issues",
|
||||
"source": "https://github.com/twigphp/Twig/tree/v3.26.0"
|
||||
"source": "https://github.com/twigphp/Twig/tree/v3.24.0"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -1861,7 +1856,7 @@
|
||||
"type": "tidelift"
|
||||
}
|
||||
],
|
||||
"time": "2026-05-20T07:31:59+00:00"
|
||||
"time": "2026-03-17T21:31:11+00:00"
|
||||
}
|
||||
],
|
||||
"packages-dev": [
|
||||
@@ -2177,16 +2172,16 @@
|
||||
},
|
||||
{
|
||||
"name": "amphp/parallel",
|
||||
"version": "v2.4.0",
|
||||
"version": "v2.3.3",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/amphp/parallel.git",
|
||||
"reference": "37f5b2754fadc229c00f9416bd68fb8d04529a81"
|
||||
"reference": "296b521137a54d3a02425b464e5aee4c93db2c60"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/amphp/parallel/zipball/37f5b2754fadc229c00f9416bd68fb8d04529a81",
|
||||
"reference": "37f5b2754fadc229c00f9416bd68fb8d04529a81",
|
||||
"url": "https://api.github.com/repos/amphp/parallel/zipball/296b521137a54d3a02425b464e5aee4c93db2c60",
|
||||
"reference": "296b521137a54d3a02425b464e5aee4c93db2c60",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -2206,7 +2201,7 @@
|
||||
"amphp/php-cs-fixer-config": "^2",
|
||||
"amphp/phpunit-util": "^3",
|
||||
"phpunit/phpunit": "^9",
|
||||
"psalm/phar": "6.16.1"
|
||||
"psalm/phar": "^5.18"
|
||||
},
|
||||
"type": "library",
|
||||
"autoload": {
|
||||
@@ -2249,7 +2244,7 @@
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/amphp/parallel/issues",
|
||||
"source": "https://github.com/amphp/parallel/tree/v2.4.0"
|
||||
"source": "https://github.com/amphp/parallel/tree/v2.3.3"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -2257,7 +2252,7 @@
|
||||
"type": "github"
|
||||
}
|
||||
],
|
||||
"time": "2026-05-16T16:54:01+00:00"
|
||||
"time": "2025-11-15T06:23:42+00:00"
|
||||
},
|
||||
{
|
||||
"name": "amphp/parser",
|
||||
@@ -2323,16 +2318,16 @@
|
||||
},
|
||||
{
|
||||
"name": "amphp/pipeline",
|
||||
"version": "v1.2.4",
|
||||
"version": "v1.2.3",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/amphp/pipeline.git",
|
||||
"reference": "a044733e080940d1483f56caff0c412ad6982776"
|
||||
"reference": "7b52598c2e9105ebcddf247fc523161581930367"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/amphp/pipeline/zipball/a044733e080940d1483f56caff0c412ad6982776",
|
||||
"reference": "a044733e080940d1483f56caff0c412ad6982776",
|
||||
"url": "https://api.github.com/repos/amphp/pipeline/zipball/7b52598c2e9105ebcddf247fc523161581930367",
|
||||
"reference": "7b52598c2e9105ebcddf247fc523161581930367",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -2344,7 +2339,7 @@
|
||||
"amphp/php-cs-fixer-config": "^2",
|
||||
"amphp/phpunit-util": "^3",
|
||||
"phpunit/phpunit": "^9",
|
||||
"psalm/phar": "6.16.1"
|
||||
"psalm/phar": "^5.18"
|
||||
},
|
||||
"type": "library",
|
||||
"autoload": {
|
||||
@@ -2378,7 +2373,7 @@
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/amphp/pipeline/issues",
|
||||
"source": "https://github.com/amphp/pipeline/tree/v1.2.4"
|
||||
"source": "https://github.com/amphp/pipeline/tree/v1.2.3"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -2386,7 +2381,7 @@
|
||||
"type": "github"
|
||||
}
|
||||
],
|
||||
"time": "2026-05-06T05:37:57+00:00"
|
||||
"time": "2025-03-16T16:33:53+00:00"
|
||||
},
|
||||
{
|
||||
"name": "amphp/process",
|
||||
@@ -3776,16 +3771,16 @@
|
||||
},
|
||||
{
|
||||
"name": "revolt/event-loop",
|
||||
"version": "v1.0.9",
|
||||
"version": "v1.0.8",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/revoltphp/event-loop.git",
|
||||
"reference": "44061cf513e53c6200372fc935ac42271566295d"
|
||||
"reference": "b6fc06dce8e9b523c9946138fa5e62181934f91c"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/revoltphp/event-loop/zipball/44061cf513e53c6200372fc935ac42271566295d",
|
||||
"reference": "44061cf513e53c6200372fc935ac42271566295d",
|
||||
"url": "https://api.github.com/repos/revoltphp/event-loop/zipball/b6fc06dce8e9b523c9946138fa5e62181934f91c",
|
||||
"reference": "b6fc06dce8e9b523c9946138fa5e62181934f91c",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -3795,7 +3790,7 @@
|
||||
"ext-json": "*",
|
||||
"jetbrains/phpstorm-stubs": "^2019.3",
|
||||
"phpunit/phpunit": "^9",
|
||||
"psalm/phar": "6.16.*"
|
||||
"psalm/phar": "^5.15"
|
||||
},
|
||||
"type": "library",
|
||||
"extra": {
|
||||
@@ -3842,22 +3837,22 @@
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/revoltphp/event-loop/issues",
|
||||
"source": "https://github.com/revoltphp/event-loop/tree/v1.0.9"
|
||||
"source": "https://github.com/revoltphp/event-loop/tree/v1.0.8"
|
||||
},
|
||||
"time": "2026-05-16T17:55:38+00:00"
|
||||
"time": "2025-08-27T21:33:23+00:00"
|
||||
},
|
||||
{
|
||||
"name": "sebastian/diff",
|
||||
"version": "8.3.0",
|
||||
"version": "8.1.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/sebastianbergmann/diff.git",
|
||||
"reference": "b36d33b6e796513de7cb7df053afb3f55eefcd47"
|
||||
"reference": "9c957d730257f49c873f3761674559bd90098a7d"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/b36d33b6e796513de7cb7df053afb3f55eefcd47",
|
||||
"reference": "b36d33b6e796513de7cb7df053afb3f55eefcd47",
|
||||
"url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/9c957d730257f49c873f3761674559bd90098a7d",
|
||||
"reference": "9c957d730257f49c873f3761674559bd90098a7d",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -3870,7 +3865,7 @@
|
||||
"type": "library",
|
||||
"extra": {
|
||||
"branch-alias": {
|
||||
"dev-main": "8.3-dev"
|
||||
"dev-main": "8.1-dev"
|
||||
}
|
||||
},
|
||||
"autoload": {
|
||||
@@ -3903,7 +3898,7 @@
|
||||
"support": {
|
||||
"issues": "https://github.com/sebastianbergmann/diff/issues",
|
||||
"security": "https://github.com/sebastianbergmann/diff/security/policy",
|
||||
"source": "https://github.com/sebastianbergmann/diff/tree/8.3.0"
|
||||
"source": "https://github.com/sebastianbergmann/diff/tree/8.1.0"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -3923,7 +3918,7 @@
|
||||
"type": "tidelift"
|
||||
}
|
||||
],
|
||||
"time": "2026-05-15T04:58:09+00:00"
|
||||
"time": "2026-04-05T12:02:33+00:00"
|
||||
},
|
||||
{
|
||||
"name": "spatie/array-to-xml",
|
||||
@@ -4053,16 +4048,16 @@
|
||||
},
|
||||
{
|
||||
"name": "symfony/console",
|
||||
"version": "v6.4.39",
|
||||
"version": "v6.4.36",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/symfony/console.git",
|
||||
"reference": "c132f1215fe4aa45b70173cc00ce9a755dd31ec5"
|
||||
"reference": "9f481cfb580db8bcecc9b2d4c63f3e13df022ad5"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/symfony/console/zipball/c132f1215fe4aa45b70173cc00ce9a755dd31ec5",
|
||||
"reference": "c132f1215fe4aa45b70173cc00ce9a755dd31ec5",
|
||||
"url": "https://api.github.com/repos/symfony/console/zipball/9f481cfb580db8bcecc9b2d4c63f3e13df022ad5",
|
||||
"reference": "9f481cfb580db8bcecc9b2d4c63f3e13df022ad5",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -4127,7 +4122,7 @@
|
||||
"terminal"
|
||||
],
|
||||
"support": {
|
||||
"source": "https://github.com/symfony/console/tree/v6.4.39"
|
||||
"source": "https://github.com/symfony/console/tree/v6.4.36"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -4147,20 +4142,20 @@
|
||||
"type": "tidelift"
|
||||
}
|
||||
],
|
||||
"time": "2026-05-12T06:50:03+00:00"
|
||||
"time": "2026-03-27T15:30:51+00:00"
|
||||
},
|
||||
{
|
||||
"name": "symfony/filesystem",
|
||||
"version": "v8.0.11",
|
||||
"version": "v8.0.8",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/symfony/filesystem.git",
|
||||
"reference": "224db910898ce1317b892a9a1338f1f8f17eb7c7"
|
||||
"reference": "66b769ae743ce2d13e435528fbef4af03d623e5a"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/symfony/filesystem/zipball/224db910898ce1317b892a9a1338f1f8f17eb7c7",
|
||||
"reference": "224db910898ce1317b892a9a1338f1f8f17eb7c7",
|
||||
"url": "https://api.github.com/repos/symfony/filesystem/zipball/66b769ae743ce2d13e435528fbef4af03d623e5a",
|
||||
"reference": "66b769ae743ce2d13e435528fbef4af03d623e5a",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -4197,7 +4192,7 @@
|
||||
"description": "Provides basic utilities for the filesystem",
|
||||
"homepage": "https://symfony.com",
|
||||
"support": {
|
||||
"source": "https://github.com/symfony/filesystem/tree/v8.0.11"
|
||||
"source": "https://github.com/symfony/filesystem/tree/v8.0.8"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -4217,7 +4212,7 @@
|
||||
"type": "tidelift"
|
||||
}
|
||||
],
|
||||
"time": "2026-05-11T16:39:47+00:00"
|
||||
"time": "2026-03-30T15:14:47+00:00"
|
||||
},
|
||||
{
|
||||
"name": "symfony/finder",
|
||||
@@ -4536,16 +4531,16 @@
|
||||
},
|
||||
{
|
||||
"name": "symfony/service-contracts",
|
||||
"version": "v3.7.0",
|
||||
"version": "v3.6.1",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/symfony/service-contracts.git",
|
||||
"reference": "d25d82433a80eba6aa0e6c24b61d7370d99e444a"
|
||||
"reference": "45112560a3ba2d715666a509a0bc9521d10b6c43"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/symfony/service-contracts/zipball/d25d82433a80eba6aa0e6c24b61d7370d99e444a",
|
||||
"reference": "d25d82433a80eba6aa0e6c24b61d7370d99e444a",
|
||||
"url": "https://api.github.com/repos/symfony/service-contracts/zipball/45112560a3ba2d715666a509a0bc9521d10b6c43",
|
||||
"reference": "45112560a3ba2d715666a509a0bc9521d10b6c43",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -4563,7 +4558,7 @@
|
||||
"name": "symfony/contracts"
|
||||
},
|
||||
"branch-alias": {
|
||||
"dev-main": "3.7-dev"
|
||||
"dev-main": "3.6-dev"
|
||||
}
|
||||
},
|
||||
"autoload": {
|
||||
@@ -4599,7 +4594,7 @@
|
||||
"standards"
|
||||
],
|
||||
"support": {
|
||||
"source": "https://github.com/symfony/service-contracts/tree/v3.7.0"
|
||||
"source": "https://github.com/symfony/service-contracts/tree/v3.6.1"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -4619,20 +4614,20 @@
|
||||
"type": "tidelift"
|
||||
}
|
||||
],
|
||||
"time": "2026-03-28T09:44:51+00:00"
|
||||
"time": "2025-07-15T11:30:57+00:00"
|
||||
},
|
||||
{
|
||||
"name": "symfony/string",
|
||||
"version": "v7.4.11",
|
||||
"version": "v7.4.8",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/symfony/string.git",
|
||||
"reference": "965f7306a43383d02c6aca1e3f3bd2f0ea5dee15"
|
||||
"reference": "114ac57257d75df748eda23dd003878080b8e688"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/symfony/string/zipball/965f7306a43383d02c6aca1e3f3bd2f0ea5dee15",
|
||||
"reference": "965f7306a43383d02c6aca1e3f3bd2f0ea5dee15",
|
||||
"url": "https://api.github.com/repos/symfony/string/zipball/114ac57257d75df748eda23dd003878080b8e688",
|
||||
"reference": "114ac57257d75df748eda23dd003878080b8e688",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -4690,7 +4685,7 @@
|
||||
"utf8"
|
||||
],
|
||||
"support": {
|
||||
"source": "https://github.com/symfony/string/tree/v7.4.11"
|
||||
"source": "https://github.com/symfony/string/tree/v7.4.8"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -4710,7 +4705,7 @@
|
||||
"type": "tidelift"
|
||||
}
|
||||
],
|
||||
"time": "2026-05-13T12:04:42+00:00"
|
||||
"time": "2026-03-24T13:12:05+00:00"
|
||||
},
|
||||
{
|
||||
"name": "vimeo/psalm",
|
||||
@@ -4899,16 +4894,16 @@
|
||||
},
|
||||
{
|
||||
"name": "webmozart/assert",
|
||||
"version": "2.4.0",
|
||||
"version": "2.3.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/webmozarts/assert.git",
|
||||
"reference": "9007ea6f45ecf352a9422b36644e4bfc039b9155"
|
||||
"reference": "eb0d790f735ba6cff25c683a85a1da0eadeff9e4"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/webmozarts/assert/zipball/9007ea6f45ecf352a9422b36644e4bfc039b9155",
|
||||
"reference": "9007ea6f45ecf352a9422b36644e4bfc039b9155",
|
||||
"url": "https://api.github.com/repos/webmozarts/assert/zipball/eb0d790f735ba6cff25c683a85a1da0eadeff9e4",
|
||||
"reference": "eb0d790f735ba6cff25c683a85a1da0eadeff9e4",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -4924,11 +4919,7 @@
|
||||
},
|
||||
"type": "library",
|
||||
"extra": {
|
||||
"psalm": {
|
||||
"pluginClass": "Webmozart\\Assert\\PsalmPlugin"
|
||||
},
|
||||
"branch-alias": {
|
||||
"dev-master": "2.0-dev",
|
||||
"dev-feature/2-0": "2.0-dev"
|
||||
}
|
||||
},
|
||||
@@ -4959,9 +4950,9 @@
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/webmozarts/assert/issues",
|
||||
"source": "https://github.com/webmozarts/assert/tree/2.4.0"
|
||||
"source": "https://github.com/webmozarts/assert/tree/2.3.0"
|
||||
},
|
||||
"time": "2026-05-20T13:07:01+00:00"
|
||||
"time": "2026-04-11T10:33:05+00:00"
|
||||
}
|
||||
],
|
||||
"aliases": [],
|
||||
|
||||
@@ -1,29 +1,29 @@
|
||||
<?xml version="1.0"?>
|
||||
<psalm
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="https://getpsalm.org/schema/config"
|
||||
xsi:schemaLocation="https://getpsalm.org/schema/config vendor/vimeo/psalm/config.xsd"
|
||||
errorBaseline="psalm-baseline.xml"
|
||||
findUnusedBaselineEntry="true"
|
||||
findUnusedCode="false"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="https://getpsalm.org/schema/config"
|
||||
xsi:schemaLocation="https://getpsalm.org/schema/config vendor/vimeo/psalm/config.xsd"
|
||||
errorBaseline="psalm-baseline.xml"
|
||||
findUnusedBaselineEntry="true"
|
||||
findUnusedCode="false"
|
||||
>
|
||||
<projectFiles>
|
||||
<directory name="templates"/>
|
||||
<directory name="src"/>
|
||||
<file name="public/index.php"/>
|
||||
<ignoreFiles>
|
||||
<directory name="vendor" />
|
||||
</ignoreFiles>
|
||||
</projectFiles>
|
||||
<extraFiles>
|
||||
<directory name="vendor" />
|
||||
</extraFiles>
|
||||
<issueHandlers>
|
||||
<ClassMustBeFinal errorLevel="suppress" />
|
||||
<projectFiles>
|
||||
<directory name="templates"/>
|
||||
<directory name="src"/>
|
||||
<file name="public/index.php"/>
|
||||
<ignoreFiles>
|
||||
<directory name="vendor" />
|
||||
</ignoreFiles>
|
||||
</projectFiles>
|
||||
<extraFiles>
|
||||
<directory name="vendor" />
|
||||
</extraFiles>
|
||||
<issueHandlers>
|
||||
<ClassMustBeFinal errorLevel="suppress" />
|
||||
<MissingConstructor>
|
||||
<errorLevel type="suppress">
|
||||
<file name="src/Data/ConfigurationManager.php" /> <!-- We're using property hooks with virtual properties in that file, which Psalm wrongly complains about. See <https://github.com/vimeo/psalm/issues/11435>. -->
|
||||
</errorLevel>
|
||||
</MissingConstructor>
|
||||
</issueHandlers>
|
||||
</issueHandlers>
|
||||
</psalm>
|
||||
|
||||
26
php/public/clean-history.js
Normal file
26
php/public/clean-history.js
Normal file
@@ -0,0 +1,26 @@
|
||||
// This script is loaded after a successful token-based login.
|
||||
// It replaces the browser's current history entry (stripping the token from the
|
||||
// URL) before navigating to the main AIO page, so the token is never left in
|
||||
// the browser history and cannot be accidentally exposed via the back-button.
|
||||
//
|
||||
// The target URL is passed via the script tag's data-target attribute.
|
||||
// document.currentScript is only available during synchronous script execution
|
||||
// (not with defer/async), so this script is loaded without those attributes.
|
||||
//
|
||||
// We replace with location.pathname only (no query string, no hash), which
|
||||
// intentionally strips the ?token=… parameter and any hash fragment from the
|
||||
// recorded history entry.
|
||||
|
||||
// Guard against environments where document.currentScript may be null.
|
||||
if (!document.currentScript) {
|
||||
window.location.replace('/');
|
||||
} else {
|
||||
const rawTarget = document.currentScript.dataset.target;
|
||||
|
||||
// Only accept the exact relative path we set server-side to prevent any
|
||||
// potential open-redirect via a manipulated data-target value.
|
||||
const target = rawTarget === '../../' ? rawTarget : '/';
|
||||
|
||||
history.replaceState(null, '', location.pathname);
|
||||
window.location.replace(target);
|
||||
}
|
||||
@@ -68,7 +68,7 @@ session_start([
|
||||
"use_strict_mode" => true, // Only allow initialized session IDs. See https://www.php.net/manual/en/session.configuration.php#ini.session.use-strict-mode
|
||||
"cookie_secure" => true, // Only send cookies over https (not http). See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#secure
|
||||
"cookie_httponly" => true, // Block the cookie from being read with js in the browser, will still be send for fetch request triggered by js. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#httponly
|
||||
"cookie_samesite" => "Lax", // Send the cookie with same-site requests and top-level cross-site navigations (e.g. redirect after token-based getlogin). "Strict" would block the session cookie on the redirect that follows a cross-site navigation, breaking the getlogin flow from Nextcloud's admin panel. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#samesitesamesite-value
|
||||
"cookie_samesite" => "Strict", // Only send the cookie with requests triggered by AIO itself. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#samesitesamesite-value
|
||||
]);
|
||||
|
||||
if ($wasAuthenticated) {
|
||||
@@ -181,7 +181,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
|
||||
'community_containers' => $configurationManager->listAvailableCommunityContainers(),
|
||||
'community_containers_enabled' => $configurationManager->aioCommunityContainers,
|
||||
'bypass_container_update' => $bypass_container_update,
|
||||
]);
|
||||
])->withHeader('Cache-Control', 'no-store');
|
||||
})->setName('profile');
|
||||
$app->get('/login', function (Request $request, Response $response, array $args) use ($container) {
|
||||
$view = Twig::fromRequest($request);
|
||||
@@ -209,7 +209,7 @@ $app->get('/setup', function (Request $request, Response $response, array $args)
|
||||
[
|
||||
'password' => $setup->Setup(),
|
||||
]
|
||||
);
|
||||
)->withHeader('Cache-Control', 'no-store');
|
||||
});
|
||||
$app->get('/log', function (Request $request, Response $response, array $args) use ($container) {
|
||||
$params = $request->getQueryParams();
|
||||
@@ -245,7 +245,6 @@ $app->get('/', function (\Psr\Http\Message\RequestInterface $request, Response $
|
||||
}
|
||||
});
|
||||
|
||||
// Default error handler
|
||||
$errorMiddleware = $app->addErrorMiddleware(false, true, true);
|
||||
|
||||
// Set a custom Not Found handler, which doesn't pollute the app output with 404 errors.
|
||||
@@ -255,17 +254,6 @@ $errorMiddleware->setErrorHandler(
|
||||
$response = $app->getResponseFactory()->createResponse();
|
||||
$response->getBody()->write('Not Found');
|
||||
return $response->withStatus(404);
|
||||
}
|
||||
);
|
||||
|
||||
// Set another custom error handler, which doesn't pollute the app output with 405 errors.
|
||||
$errorMiddleware->setErrorHandler(
|
||||
\Slim\Exception\HttpMethodNotAllowedException::class,
|
||||
function (Request $request, Throwable $exception, bool $displayErrorDetails) use ($app) {
|
||||
$response = $app->getResponseFactory()->createResponse();
|
||||
$response->getBody()->write('Method not allowed');
|
||||
return $response->withStatus(405);
|
||||
}
|
||||
);
|
||||
});
|
||||
|
||||
$app->run();
|
||||
|
||||
@@ -339,7 +339,7 @@ readonly class DockerController {
|
||||
|
||||
$body = $nonbufResp->getBody();
|
||||
$addToStreamingResponseBody = function (string $message) use ($body) : void {
|
||||
$body->write("<div>$message</div>");
|
||||
$body->write('<div>' . htmlspecialchars($message, ENT_QUOTES | ENT_HTML5) . '</div>');
|
||||
};
|
||||
|
||||
$this->dockerActionManager->SystemPrune($addToStreamingResponseBody);
|
||||
@@ -430,7 +430,7 @@ readonly class DockerController {
|
||||
// if it'll actually pull an image), but which should not need to know anything about the
|
||||
// wanted markup or formatting.
|
||||
$addToStreamingResponseBody = function (Container $container, string $message) use ($nonbufResp) : void {
|
||||
$nonbufResp->getBody()->write("<div>{$container->displayName}: {$message}</div>");
|
||||
$nonbufResp->getBody()->write('<div>' . htmlspecialchars($container->displayName, ENT_QUOTES | ENT_HTML5) . ': ' . htmlspecialchars($message, ENT_QUOTES | ENT_HTML5) . '</div>');
|
||||
};
|
||||
|
||||
return $addToStreamingResponseBody;
|
||||
|
||||
@@ -39,7 +39,19 @@ readonly class LoginController {
|
||||
$token = $request->getQueryParams()['token'] ?? '';
|
||||
if($this->authManager->CheckToken($token)) {
|
||||
$this->authManager->SetAuthState(true);
|
||||
return $response->withHeader('Location', '../..')->withStatus(302);
|
||||
// Return a minimal HTML page that uses JavaScript to replace the browser's
|
||||
// current history entry (removing the token from it) before navigating to
|
||||
// the main AIO page. This prevents the token from remaining in browser history.
|
||||
// The script is served from 'self'; same-origin scripts are already trusted under
|
||||
// the 'script-src-elem self' CSP directive, so no SRI hash is needed here.
|
||||
$response->getBody()->write(
|
||||
'<!DOCTYPE html>' .
|
||||
'<html lang="en">' .
|
||||
'<head><script src="../../clean-history.js" data-target="../../"></script></head>' .
|
||||
'<body></body>' .
|
||||
'</html>'
|
||||
);
|
||||
return $response->withHeader('Content-Type', 'text/html; charset=utf-8')->withStatus(200);
|
||||
}
|
||||
|
||||
// Punish failed auth attempts with a delay, as a very simple means against bots.
|
||||
|
||||
@@ -1 +1 @@
|
||||
13.0.4
|
||||
13.0.1
|
||||
|
||||
@@ -1,11 +1,9 @@
|
||||
<html lang="en">
|
||||
<head>
|
||||
<title>AIO</title>
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0"/>
|
||||
<link rel="stylesheet" href="style.css">
|
||||
<link rel="stylesheet" href="logs.css">
|
||||
<link rel="icon" href="img/favicon.png">
|
||||
<script src="log-load.js?v1"></script>
|
||||
<script src="log-view.js?v1"></script>
|
||||
</head>
|
||||
<body data-container-id="{{ id }}">
|
||||
<div id="floating-box">
|
||||
|
||||
Reference in New Issue
Block a user