mirror of
https://github.com/nextcloud/all-in-one.git
synced 2026-05-21 10:50:10 +00:00
Compare commits
19 Commits
arbitrary-
...
throttle-l
| Author | SHA1 | Date | |
|---|---|---|---|
|
dc32dd2954 | ||
|
|
bb4790ed3a | ||
|
|
b21b5535f2 | ||
|
|
75e18bb40a | ||
|
|
4591d112c3 | ||
|
|
250f5cbe37 | ||
|
|
c0cabcf73f | ||
|
|
7deafec42d | ||
|
|
a79b3475c4 | ||
|
|
aa670af518 | ||
|
|
960fe801df | ||
|
|
80c7e90ab4 | ||
|
|
bc9817873c | ||
|
|
cfea3ef7e6 | ||
|
|
3838c49834 | ||
|
|
188f0f89a0 | ||
|
|
ee41f1814f | ||
|
|
74693303a3 | ||
|
|
387b39099f |
@@ -1,6 +1,6 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
# Docker CLI is a requirement
|
||||
FROM docker:29.3.0-cli AS docker
|
||||
FROM docker:29.3.1-cli AS docker
|
||||
|
||||
ARG CADDY_REMOTE_HOST_HASH=b21775afa730ffb52a24ddff310c8a6d1fd37276
|
||||
|
||||
|
||||
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
|
||||
ENV REDIS_DB_INDEX=0
|
||||
|
||||
# AIO settings start # Do not remove or change this line!
|
||||
ENV NEXTCLOUD_VERSION=32.0.6
|
||||
ENV NEXTCLOUD_VERSION=32.0.7
|
||||
ENV AIO_TOKEN=123456
|
||||
ENV AIO_URL=localhost
|
||||
# AIO settings end # Do not remove or change this line!
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
# From https://github.com/redis/docker-library-redis/blob/release/8.2/alpine/Dockerfile
|
||||
FROM redis:8.6.1-alpine
|
||||
FROM redis:8.6.2-alpine
|
||||
|
||||
COPY --chmod=775 start.sh /start.sh
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
FROM nats:2.12.5-scratch AS nats
|
||||
FROM nats:2.12.6-scratch AS nats
|
||||
FROM eturnal/eturnal:1.12.2-alpine AS eturnal
|
||||
FROM strukturag/nextcloud-spreed-signaling:2.1.1 AS signaling
|
||||
FROM alpine:3.23.3 AS janus
|
||||
|
||||
@@ -54,6 +54,9 @@
|
||||
"ui_secret": "SMBSERVER_PASSWORD",
|
||||
"backup_volumes": [
|
||||
"nextcloud_aio_smbserver"
|
||||
],
|
||||
"nextcloud_exec_commands": [
|
||||
"php /var/www/html/occ config:system:set filesystem_check_changes --value=1 --type=integer"
|
||||
]
|
||||
}
|
||||
]
|
||||
|
||||
@@ -9,7 +9,7 @@ You can run AIO with docker rootless by following the steps below.
|
||||
1. If you need ipv6 support, you should enable it by following https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md.
|
||||
1. Do not forget to set the mentioned environmental variables `PATH` and `DOCKER_HOST` and in best case add them to your `~/.bashrc` file as shown!
|
||||
1. Also do not forget to run `loginctl enable-linger USERNAME` (and substitute USERNAME with the correct one) in order to make sure that user services are automatically started after every reboot.
|
||||
1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`). If you require the correct source IP you must expose them via `/etc/sysctl.conf`, [see note below](#note-regarding-docker-network-driver).
|
||||
1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/tips/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`). If you require the correct source IP you must expose them via `/etc/sysctl.conf`, [see note below](#note-regarding-docker-network-driver).
|
||||
1. Use the official AIO startup command but use `--volume $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro` instead of `--volume /var/run/docker.sock:/var/run/docker.sock:ro` and also add `--env WATCHTOWER_DOCKER_SOCKET_PATH=$XDG_RUNTIME_DIR/docker.sock` to the initial container startup (which is needed for mastercontainer updates to work correctly). When you are using Portainer to deploy AIO, the variable `$XDG_RUNTIME_DIR` is not available. In this case, it is necessary to manually add the path (e.g. `/run/user/1000/docker.sock`) to the Docker compose file to replace the `$XDG_RUNTIME_DIR` variable. If you are not sure how to get the path, you can run on the host: `echo $XDG_RUNTIME_DIR`.
|
||||
1. Now everything should work like without docker rootless. You can consider using docker-compose for this or running it behind a reverse proxy. Basically the only thing that needs to be adjusted always in the startup command or compose.yaml file (after installing docker rootles) are things that are mentioned in point 3.
|
||||
1. ⚠️ **Important:** Please read through all notes below!
|
||||
|
||||
@@ -121,10 +121,8 @@ document.addEventListener("DOMContentLoaded", function () {
|
||||
|
||||
function handleDockerSocketProxyWarning() {
|
||||
if (document.getElementById("docker-socket-proxy").checked) {
|
||||
// TODO: remove the line below and uncomment the lines further down once https://github.com/nextcloud/app_api/pull/800 is included
|
||||
alert('⚠️ Warning! Enabling this container comes with possible Security problems since you are exposing the docker socket and all its privileges to the Nextcloud container. Enable this only if you are sure what you are doing!');
|
||||
// alert('⚠️ The docker socket proxy container is deprecated. Please use the HaRP (High-availability Reverse Proxy for Nextcloud ExApps) instead!');
|
||||
// document.getElementById("docker-socket-proxy").checked = false
|
||||
alert('⚠️ The docker socket proxy container is deprecated. Please use the HaRP (High-availability Reverse Proxy for Nextcloud ExApps) instead!');
|
||||
document.getElementById("docker-socket-proxy").checked = false
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -29,6 +29,9 @@ function showPassword(id) {
|
||||
const xhr = e.target;
|
||||
if (xhr.status === 201) {
|
||||
window.location.replace(xhr.getResponseHeader('Location'));
|
||||
} else if ([422, 429].includes(xhr.status)) {
|
||||
disableSpinner()
|
||||
showError(xhr.response);
|
||||
} else if (xhr.status === 422) {
|
||||
disableSpinner()
|
||||
showError(xhr.response);
|
||||
|
||||
@@ -96,7 +96,7 @@ class LogViewer {
|
||||
}
|
||||
|
||||
scrollToBottom() {
|
||||
window.scrollTo(0, document.body.scrollHeight);
|
||||
this.logElem.scrollTop = this.logElem.scrollHeight;
|
||||
}
|
||||
|
||||
initAutoloadingControls() {
|
||||
|
||||
@@ -11,23 +11,52 @@ use Psr\Http\Message\ResponseInterface as Response;
|
||||
use Psr\Http\Message\ServerRequestInterface as Request;
|
||||
|
||||
readonly class LoginController {
|
||||
private const int MAX_LOGIN_ATTEMPTS_PER_TTL = 5;
|
||||
private const int LOGIN_COUNTER_TTL = 300;
|
||||
private const string RATE_LIMIT_CACHE_KEY = 'login_failed_attempts';
|
||||
|
||||
public function __construct(
|
||||
private AuthManager $authManager,
|
||||
private DockerActionManager $dockerActionManager,
|
||||
) {
|
||||
}
|
||||
|
||||
private function getFailedLoginCount() : int {
|
||||
$count = apcu_fetch(self::RATE_LIMIT_CACHE_KEY);
|
||||
return $count !== false ? (int)$count : 0;
|
||||
}
|
||||
|
||||
private function incrementFailedLoginCount() : void {
|
||||
if (!apcu_exists(self::RATE_LIMIT_CACHE_KEY)) {
|
||||
apcu_store(self::RATE_LIMIT_CACHE_KEY, 1, self::LOGIN_COUNTER_TTL);
|
||||
} else {
|
||||
apcu_inc(self::RATE_LIMIT_CACHE_KEY);
|
||||
}
|
||||
}
|
||||
|
||||
private function resetFailedLoginCount() : void {
|
||||
apcu_delete(self::RATE_LIMIT_CACHE_KEY);
|
||||
}
|
||||
|
||||
public function TryLogin(Request $request, Response $response, array $args) : Response {
|
||||
if (!$this->dockerActionManager->isLoginAllowed()) {
|
||||
$response->getBody()->write("The login is blocked since Nextcloud is running.");
|
||||
return $response->withHeader('Location', '.')->withStatus(422);
|
||||
}
|
||||
|
||||
if ($this->getFailedLoginCount() >= self::MAX_LOGIN_ATTEMPTS_PER_TTL) {
|
||||
$response->getBody()->write("Too many failed login attempts. Please try again in some minutes.");
|
||||
return $response->withHeader('Location', '.')->withStatus(429);
|
||||
}
|
||||
|
||||
$password = $request->getParsedBody()['password'] ?? '';
|
||||
if($this->authManager->CheckCredentials($password)) {
|
||||
$this->resetFailedLoginCount();
|
||||
$this->authManager->SetAuthState(true);
|
||||
return $response->withHeader('Location', '.')->withStatus(201);
|
||||
}
|
||||
|
||||
$this->incrementFailedLoginCount();
|
||||
$response->getBody()->write("The password is incorrect.");
|
||||
return $response->withHeader('Location', '.')->withStatus(422);
|
||||
}
|
||||
|
||||
@@ -27,7 +27,7 @@
|
||||
<script type="text/javascript" src="timezone.js"></script>
|
||||
|
||||
{# js for optional containers and additional containers forms #}
|
||||
<script type="text/javascript" src="containers-form-submit.js?v6"></script>
|
||||
<script type="text/javascript" src="containers-form-submit.js?v7"></script>
|
||||
|
||||
{% set hasBackupLocation = borg_backup_host_location or borg_remote_repo %}
|
||||
{% set isAnyRunning = false %}
|
||||
|
||||
@@ -1 +1 @@
|
||||
12.9.0
|
||||
12.9.1
|
||||
|
||||
@@ -198,7 +198,6 @@
|
||||
>
|
||||
<label for="docker-socket-proxy">Docker Socket Proxy (needed for <a target="_blank" href="https://github.com/cloud-py-api/app_api#nextcloud-appapi">Nextcloud App API</a>) ⚠️ The docker socket proxy container is deprecated. Please use the HaRP (High-availability Reverse Proxy for Nextcloud ExApps) instead!</label>
|
||||
</p>
|
||||
{#
|
||||
<p>
|
||||
<input
|
||||
type="checkbox"
|
||||
@@ -213,7 +212,6 @@
|
||||
>
|
||||
<label for="harp">HaRP (<a target="_blank" href="https://github.com/nextcloud/HaRP">High-availability Reverse Proxy</a> for Nextcloud ExApps)</label>
|
||||
</p>
|
||||
#}
|
||||
<p>
|
||||
<input
|
||||
type="checkbox"
|
||||
|
||||
@@ -3,15 +3,25 @@
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0"/>
|
||||
<link rel="stylesheet" href="style.css">
|
||||
<style>
|
||||
body {
|
||||
html, body {
|
||||
height: 100%;
|
||||
overflow: hidden;
|
||||
padding: 0;
|
||||
margin: 0;
|
||||
}
|
||||
pre {
|
||||
height: 100%;
|
||||
overflow: auto;
|
||||
margin: 0;
|
||||
padding: 1rem;
|
||||
box-sizing: border-box;
|
||||
}
|
||||
#floating-box {
|
||||
position: sticky;
|
||||
position: fixed;
|
||||
top: 1rem;
|
||||
float: right;
|
||||
right: 1rem;
|
||||
width: 20rem;
|
||||
max-width: calc(100vw - 2rem);
|
||||
z-index: 10;
|
||||
display: flex;
|
||||
justify-content: end;
|
||||
align-items: center;
|
||||
@@ -43,7 +53,7 @@
|
||||
transition: opacity 1s, display 1s allow-discrete;
|
||||
}
|
||||
</style>
|
||||
<script src="log-view.js"></script>
|
||||
<script src="log-view.js?v1"></script>
|
||||
</head>
|
||||
<body data-container-id="{{ id }}">
|
||||
<div id="floating-box">
|
||||
|
||||
Reference in New Issue
Block a user