mirror of
https://github.com/nextcloud/all-in-one.git
synced 2026-05-22 19:30:11 +00:00
Compare commits
1 Commits
alan/dev-s
...
throttle-l
| Author | SHA1 | Date | |
|---|---|---|---|
|
dc32dd2954 |
@@ -1,11 +1,8 @@
|
||||
{
|
||||
admin off
|
||||
|
||||
# auto_https will be handled manually in acme.Caddyfile
|
||||
auto_https disable_redirects
|
||||
|
||||
storage file_system {
|
||||
root /mnt/docker-aio-config/caddy-internal/
|
||||
root /mnt/docker-aio-config/caddy/
|
||||
}
|
||||
|
||||
log {
|
||||
|
||||
@@ -364,7 +364,6 @@ fi
|
||||
mkdir -p /mnt/docker-aio-config/data/
|
||||
mkdir -p /mnt/docker-aio-config/session/
|
||||
mkdir -p /mnt/docker-aio-config/caddy/
|
||||
mkdir -p /mnt/docker-aio-config/caddy-internal/
|
||||
|
||||
# Adjust permissions for all instances
|
||||
chmod 770 -R /mnt/docker-aio-config
|
||||
@@ -372,7 +371,6 @@ chmod 777 /mnt/docker-aio-config
|
||||
chown www-data:www-data -R /mnt/docker-aio-config/data/
|
||||
chown www-data:www-data -R /mnt/docker-aio-config/session/
|
||||
chown www-data:www-data -R /mnt/docker-aio-config/caddy/
|
||||
chown www-data:www-data -R /mnt/docker-aio-config/caddy-internal/
|
||||
|
||||
print_green "Initial startup of Nextcloud All-in-One complete!
|
||||
You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
|
||||
|
||||
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
|
||||
ENV REDIS_DB_INDEX=0
|
||||
|
||||
# AIO settings start # Do not remove or change this line!
|
||||
ENV NEXTCLOUD_VERSION=32.0.8
|
||||
ENV NEXTCLOUD_VERSION=32.0.7
|
||||
ENV AIO_TOKEN=123456
|
||||
ENV AIO_URL=localhost
|
||||
# AIO settings end # Do not remove or change this line!
|
||||
|
||||
36
php/composer.lock
generated
36
php/composer.lock
generated
@@ -4039,16 +4039,16 @@
|
||||
},
|
||||
{
|
||||
"name": "symfony/console",
|
||||
"version": "v6.4.36",
|
||||
"version": "v6.4.35",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/symfony/console.git",
|
||||
"reference": "9f481cfb580db8bcecc9b2d4c63f3e13df022ad5"
|
||||
"reference": "49257c96304c508223815ee965c251e7c79e614e"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/symfony/console/zipball/9f481cfb580db8bcecc9b2d4c63f3e13df022ad5",
|
||||
"reference": "9f481cfb580db8bcecc9b2d4c63f3e13df022ad5",
|
||||
"url": "https://api.github.com/repos/symfony/console/zipball/49257c96304c508223815ee965c251e7c79e614e",
|
||||
"reference": "49257c96304c508223815ee965c251e7c79e614e",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -4113,7 +4113,7 @@
|
||||
"terminal"
|
||||
],
|
||||
"support": {
|
||||
"source": "https://github.com/symfony/console/tree/v6.4.36"
|
||||
"source": "https://github.com/symfony/console/tree/v6.4.35"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -4133,20 +4133,20 @@
|
||||
"type": "tidelift"
|
||||
}
|
||||
],
|
||||
"time": "2026-03-27T15:30:51+00:00"
|
||||
"time": "2026-03-06T13:31:08+00:00"
|
||||
},
|
||||
{
|
||||
"name": "symfony/filesystem",
|
||||
"version": "v8.0.8",
|
||||
"version": "v8.0.6",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/symfony/filesystem.git",
|
||||
"reference": "66b769ae743ce2d13e435528fbef4af03d623e5a"
|
||||
"reference": "7bf9162d7a0dff98d079b72948508fa48018a770"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/symfony/filesystem/zipball/66b769ae743ce2d13e435528fbef4af03d623e5a",
|
||||
"reference": "66b769ae743ce2d13e435528fbef4af03d623e5a",
|
||||
"url": "https://api.github.com/repos/symfony/filesystem/zipball/7bf9162d7a0dff98d079b72948508fa48018a770",
|
||||
"reference": "7bf9162d7a0dff98d079b72948508fa48018a770",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -4183,7 +4183,7 @@
|
||||
"description": "Provides basic utilities for the filesystem",
|
||||
"homepage": "https://symfony.com",
|
||||
"support": {
|
||||
"source": "https://github.com/symfony/filesystem/tree/v8.0.8"
|
||||
"source": "https://github.com/symfony/filesystem/tree/v8.0.6"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -4203,7 +4203,7 @@
|
||||
"type": "tidelift"
|
||||
}
|
||||
],
|
||||
"time": "2026-03-30T15:14:47+00:00"
|
||||
"time": "2026-02-25T16:59:43+00:00"
|
||||
},
|
||||
{
|
||||
"name": "symfony/finder",
|
||||
@@ -4609,16 +4609,16 @@
|
||||
},
|
||||
{
|
||||
"name": "symfony/string",
|
||||
"version": "v7.4.8",
|
||||
"version": "v7.4.6",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/symfony/string.git",
|
||||
"reference": "114ac57257d75df748eda23dd003878080b8e688"
|
||||
"reference": "9f209231affa85aa930a5e46e6eb03381424b30b"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/symfony/string/zipball/114ac57257d75df748eda23dd003878080b8e688",
|
||||
"reference": "114ac57257d75df748eda23dd003878080b8e688",
|
||||
"url": "https://api.github.com/repos/symfony/string/zipball/9f209231affa85aa930a5e46e6eb03381424b30b",
|
||||
"reference": "9f209231affa85aa930a5e46e6eb03381424b30b",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -4676,7 +4676,7 @@
|
||||
"utf8"
|
||||
],
|
||||
"support": {
|
||||
"source": "https://github.com/symfony/string/tree/v7.4.8"
|
||||
"source": "https://github.com/symfony/string/tree/v7.4.6"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -4696,7 +4696,7 @@
|
||||
"type": "tidelift"
|
||||
}
|
||||
],
|
||||
"time": "2026-03-24T13:12:05+00:00"
|
||||
"time": "2026-02-09T09:33:46+00:00"
|
||||
},
|
||||
{
|
||||
"name": "vimeo/psalm",
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
window.addEventListener("load", function(event) {
|
||||
document.addEventListener("DOMContentLoaded", function(event) {
|
||||
if (document.hasFocus()) {
|
||||
// hide reload button if the site reloads automatically
|
||||
let list = document.getElementsByClassName("reload button");
|
||||
|
||||
@@ -29,6 +29,9 @@ function showPassword(id) {
|
||||
const xhr = e.target;
|
||||
if (xhr.status === 201) {
|
||||
window.location.replace(xhr.getResponseHeader('Location'));
|
||||
} else if ([422, 429].includes(xhr.status)) {
|
||||
disableSpinner()
|
||||
showError(xhr.response);
|
||||
} else if (xhr.status === 422) {
|
||||
disableSpinner()
|
||||
showError(xhr.response);
|
||||
|
||||
@@ -26,7 +26,6 @@ readonly class AuthManager {
|
||||
public function SetAuthState(bool $isLoggedIn) : void {
|
||||
|
||||
if (!$this->IsAuthenticated() && $isLoggedIn === true) {
|
||||
session_regenerate_id(true);
|
||||
$date = new DateTime();
|
||||
$dateTime = $date->getTimestamp();
|
||||
$_SESSION['date_time'] = $dateTime;
|
||||
|
||||
@@ -11,23 +11,52 @@ use Psr\Http\Message\ResponseInterface as Response;
|
||||
use Psr\Http\Message\ServerRequestInterface as Request;
|
||||
|
||||
readonly class LoginController {
|
||||
private const int MAX_LOGIN_ATTEMPTS_PER_TTL = 5;
|
||||
private const int LOGIN_COUNTER_TTL = 300;
|
||||
private const string RATE_LIMIT_CACHE_KEY = 'login_failed_attempts';
|
||||
|
||||
public function __construct(
|
||||
private AuthManager $authManager,
|
||||
private DockerActionManager $dockerActionManager,
|
||||
) {
|
||||
}
|
||||
|
||||
private function getFailedLoginCount() : int {
|
||||
$count = apcu_fetch(self::RATE_LIMIT_CACHE_KEY);
|
||||
return $count !== false ? (int)$count : 0;
|
||||
}
|
||||
|
||||
private function incrementFailedLoginCount() : void {
|
||||
if (!apcu_exists(self::RATE_LIMIT_CACHE_KEY)) {
|
||||
apcu_store(self::RATE_LIMIT_CACHE_KEY, 1, self::LOGIN_COUNTER_TTL);
|
||||
} else {
|
||||
apcu_inc(self::RATE_LIMIT_CACHE_KEY);
|
||||
}
|
||||
}
|
||||
|
||||
private function resetFailedLoginCount() : void {
|
||||
apcu_delete(self::RATE_LIMIT_CACHE_KEY);
|
||||
}
|
||||
|
||||
public function TryLogin(Request $request, Response $response, array $args) : Response {
|
||||
if (!$this->dockerActionManager->isLoginAllowed()) {
|
||||
$response->getBody()->write("The login is blocked since Nextcloud is running.");
|
||||
return $response->withHeader('Location', '.')->withStatus(422);
|
||||
}
|
||||
|
||||
if ($this->getFailedLoginCount() >= self::MAX_LOGIN_ATTEMPTS_PER_TTL) {
|
||||
$response->getBody()->write("Too many failed login attempts. Please try again in some minutes.");
|
||||
return $response->withHeader('Location', '.')->withStatus(429);
|
||||
}
|
||||
|
||||
$password = $request->getParsedBody()['password'] ?? '';
|
||||
if($this->authManager->CheckCredentials($password)) {
|
||||
$this->resetFailedLoginCount();
|
||||
$this->authManager->SetAuthState(true);
|
||||
return $response->withHeader('Location', '.')->withStatus(201);
|
||||
}
|
||||
|
||||
$this->incrementFailedLoginCount();
|
||||
$response->getBody()->write("The password is incorrect.");
|
||||
return $response->withHeader('Location', '.')->withStatus(422);
|
||||
}
|
||||
|
||||
@@ -657,7 +657,7 @@ class ConfigurationManager
|
||||
throw new InvalidSettingConfigurationException("Please enter your current password.");
|
||||
}
|
||||
|
||||
if (!hash_equals($this->password, $currentPassword)) {
|
||||
if ($currentPassword !== $this->password) {
|
||||
throw new InvalidSettingConfigurationException("The entered current password is not correct.");
|
||||
}
|
||||
|
||||
|
||||
@@ -635,7 +635,7 @@
|
||||
{% endif %}
|
||||
|
||||
{% if isApacheStarting == true or is_backup_container_running == true or isWatchtowerRunning == true or is_daily_backup_running == true %}
|
||||
<script type="text/javascript" src="automatic_reload.js?v1"></script>
|
||||
<script type="text/javascript" src="automatic_reload.js"></script>
|
||||
{% else %}
|
||||
<script type="text/javascript" src="before-unload.js"></script>
|
||||
{% endif %}
|
||||
|
||||
@@ -151,7 +151,7 @@ sudo docker run \
|
||||
- `--sig-proxy=false` — prevents Ctrl+C in the attached terminal from stopping the container.
|
||||
- `--name nextcloud-aio-mastercontainer` — the container name. Do not change this name; mastercontainer updates rely on it.
|
||||
- `--restart always` — ensures the container restarts automatically with the Docker daemon.
|
||||
- `--publish 80:80` — publishes container port 80 on host port 80 (used for ACME http-challenge when obtaining certificates, used for for the AIO-interface running inside the mastercontainer). Not required if you run AIO behind a reverse proxy.
|
||||
- `--publish 80:80` — publishes container port 80 on host port 80 (used for ACME http-challenge when obtaining certificates). Not required if you run AIO behind a reverse proxy.
|
||||
- `--publish 8080:8080` — publishes the AIO interface (self-signed certificate) on host port 8080. You may map a different host port if 8080 is in use (e.g. `--publish 8081:8080`).
|
||||
- `--publish 8443:8443` — publishes the AIO interface with a valid certificate on host port 8443 (requires ports 80 and 8443 to be reachable and a domain pointing to your server). Not required if you run AIO behind a reverse proxy.
|
||||
- `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` — stores mastercontainer configuration in the named Docker volume. Do not change this volume name; built-in backups depend on it.
|
||||
|
||||
@@ -1,47 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
VARIANT="develop"
|
||||
CONTAINERS=()
|
||||
|
||||
# Parse flags first
|
||||
while [[ $# -gt 0 && $1 == --* ]]; do
|
||||
case $1 in
|
||||
--variant)
|
||||
VARIANT="$2"
|
||||
shift 2
|
||||
;;
|
||||
*)
|
||||
echo "Unknown option: $1"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
# Remaining arguments are containers
|
||||
CONTAINERS=("$@")
|
||||
|
||||
if [ ${#CONTAINERS[@]} -eq 0 ]; then
|
||||
echo "Usage: $0 [--variant develop|beta] <container1> [container2] [container3] ..."
|
||||
echo "Example: $0 --variant beta apache mastercontainer"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Change to project root
|
||||
cd "$(dirname "$0")/.." || exit 1
|
||||
|
||||
for container in "${CONTAINERS[@]}"; do
|
||||
if [[ $container == "mastercontainer" ]]; then
|
||||
TAG="all-in-one"
|
||||
else
|
||||
TAG="aio-$container"
|
||||
fi
|
||||
|
||||
if [[ $container == "mastercontainer" || $container == "nextcloud" ]]; then
|
||||
CONTEXT="."
|
||||
else
|
||||
CONTEXT="Containers/$container"
|
||||
fi
|
||||
|
||||
docker buildx build --file Containers/$container/Dockerfile --tag ghcr.io/nextcloud-releases/"$TAG":"$VARIANT" --load $CONTEXT
|
||||
done
|
||||
|
||||
Reference in New Issue
Block a user