mirror of
https://github.com/nextcloud/all-in-one.git
synced 2026-05-22 11:20:13 +00:00
Compare commits
2 Commits
copilot/ad
...
copilot/re
| Author | SHA1 | Date | |
|---|---|---|---|
|
6a88b33138 | ||
|
|
f921ed7e4c |
2
.github/workflows/lint-yaml.yml
vendored
2
.github/workflows/lint-yaml.yml
vendored
@@ -36,7 +36,7 @@ jobs:
|
||||
line-length: warning
|
||||
|
||||
- name: Install the latest version of uv
|
||||
uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0
|
||||
uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 # v7.3.1
|
||||
|
||||
- name: Check GitHub actions
|
||||
run: uvx zizmor --min-severity medium .github/workflows/*.yml
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
}
|
||||
|
||||
https://{$ADDITIONAL_TRUSTED_DOMAIN}:443,
|
||||
http://{$APACHE_HOST}.nextcloud-aio:23973, # For Collabora callback and WOPI requests, see containers.json
|
||||
http://{$APACHE_HOST}:23973, # For Collabora callback and WOPI requests, see containers.json
|
||||
{$PROTOCOL}://{$NC_DOMAIN}:{$APACHE_PORT} {
|
||||
header -Server
|
||||
header -X-Powered-By
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
# From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
|
||||
FROM collabora/code:25.04.9.4.1
|
||||
FROM collabora/code:25.04.9.3.1
|
||||
|
||||
USER root
|
||||
ARG DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
@@ -17,8 +17,7 @@
|
||||
}
|
||||
|
||||
servers {
|
||||
# Only h1 is allowed as we prevent `ERR_NETWORK_CHANGED` from happening
|
||||
protocols h1
|
||||
protocols h1 h2 h2c
|
||||
}
|
||||
|
||||
on_demand_tls {
|
||||
@@ -40,6 +39,7 @@ https://:8443 {
|
||||
abort @denied
|
||||
|
||||
root * /var/www/docker-aio/php/public
|
||||
encode
|
||||
php_fastcgi unix//run/php.sock
|
||||
file_server
|
||||
|
||||
|
||||
@@ -13,8 +13,7 @@
|
||||
}
|
||||
|
||||
servers {
|
||||
# Only h1 is allowed as we prevent `ERR_NETWORK_CHANGED` from happening
|
||||
protocols h1
|
||||
protocols h1 h2
|
||||
}
|
||||
|
||||
skip_install_trust
|
||||
@@ -28,6 +27,7 @@ https://:8080 {
|
||||
abort @denied
|
||||
|
||||
root * /var/www/docker-aio/php/public
|
||||
encode
|
||||
php_fastcgi unix//run/php.sock
|
||||
file_server
|
||||
|
||||
|
||||
@@ -1,35 +0,0 @@
|
||||
{
|
||||
"aio_services_v1": [
|
||||
{
|
||||
"container_name": "nextcloud-aio-bitwarden-lite",
|
||||
"display_name": "Bitwarden Lite",
|
||||
"documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/bitwarden-lite",
|
||||
"image": "ghcr.io/bitwarden/lite",
|
||||
"image_tag": "latest",
|
||||
"internal_port": "8813",
|
||||
"restart": "unless-stopped",
|
||||
"ports": [
|
||||
{
|
||||
"ip_binding": "%APACHE_IP_BINDING%",
|
||||
"port_number": "8813",
|
||||
"protocol": "tcp"
|
||||
}
|
||||
],
|
||||
"environment": [
|
||||
"TZ=%TIMEZONE%",
|
||||
"ASPNETCORE_HTTP_PORTS=8813",
|
||||
"globalSettings__baseServiceUri__vault=https://bw.%NC_DOMAIN%"
|
||||
],
|
||||
"volumes": [
|
||||
{
|
||||
"source": "nextcloud_aio_bitwarden_lite",
|
||||
"destination": "/etc/bitwarden",
|
||||
"writeable": true
|
||||
}
|
||||
],
|
||||
"backup_volumes": [
|
||||
"nextcloud_aio_bitwarden_lite"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
@@ -1,17 +0,0 @@
|
||||
## Bitwarden Lite
|
||||
This container bundles Bitwarden Lite (the official Bitwarden unified self-hosted container) and auto-configures it for you.
|
||||
|
||||
### Notes
|
||||
- You need to configure a reverse proxy in order to run this container since Bitwarden Lite needs a dedicated (sub)domain! For that, you might have a look at https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy or follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md. You need to point the reverse proxy at port 8813 of this server.
|
||||
- Currently, only `bw.$NC_DOMAIN` is supported as subdomain! So if Nextcloud is using `your-domain.com`, Bitwarden Lite will use `bw.your-domain.com`. The reverse proxy and domain must be configured accordingly!
|
||||
- **This container is incompatible with the [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) community container since both use `bw.$NC_DOMAIN` as subdomain. Make sure that you do not enable both at the same time!**
|
||||
- If you want to secure the installation with fail2ban, you might want to check out https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban
|
||||
- The data of Bitwarden Lite will be automatically included in AIOs backup solution!
|
||||
- After adding and starting the container, you need to visit `https://bw.your-domain.com/admin` in order to log in with your admin email address. Note that the admin login requires a working SMTP/mail configuration since it sends a one-time-password to the admin email.
|
||||
- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
|
||||
|
||||
### Repository
|
||||
https://github.com/bitwarden/self-host
|
||||
|
||||
### Maintainer
|
||||
https://github.com/szaimen
|
||||
@@ -1,5 +1,5 @@
|
||||
## Caddy with geoblocking
|
||||
This container bundles caddy and auto-configures it for you. It also covers [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) or [bitwarden-lite](https://github.com/nextcloud/all-in-one/tree/main/community-containers/bitwarden-lite) (mutually exclusive alternatives) by listening on `bw.$NC_DOMAIN`, if either is installed. It also covers [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart) by listening on `mail.$NC_DOMAIN`, if installed. It also covers [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) by listening on `media.$NC_DOMAIN`, if installed. It also covers [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) by listening on `ldap.$NC_DOMAIN`, if installed. It also covers [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb) by listening on `tables.$NC_DOMAIN`, if installed. It also covers [seerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr) by listening on `requests.$NC_DOMAIN`, if installed. It also covers [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter) by listening on `metrics.$NC_DOMAIN`, if installed. It also covers [LocalAI](https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai) by listening on `ai.$NC_DOMAIN`, if installed.
|
||||
This container bundles caddy and auto-configures it for you. It also covers [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) by listening on `bw.$NC_DOMAIN`, if installed. It also covers [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart) by listening on `mail.$NC_DOMAIN`, if installed. It also covers [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) by listening on `media.$NC_DOMAIN`, if installed. It also covers [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) by listening on `ldap.$NC_DOMAIN`, if installed. It also covers [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb) by listening on `tables.$NC_DOMAIN`, if installed. It also covers [seerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr) by listening on `requests.$NC_DOMAIN`, if installed. It also covers [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter) by listening on `metrics.$NC_DOMAIN`, if installed. It also covers [LocalAI](https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai) by listening on `ai.$NC_DOMAIN`, if installed.
|
||||
|
||||
### Notes
|
||||
- This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
|
||||
@@ -8,7 +8,6 @@ This container bundles caddy and auto-configures it for you. It also covers [vau
|
||||
- Starting with AIO v12, you can also limit vaultwarden, stalwart and lldap to certain ip-addresses. You can do so by creating a `allowed-IPs-vaultwarden.txt`, `allowed-IPs-stalwart.txt`, or `allowed-IPs-lldap.txt` file in the `nextcloud-aio-caddy` directory of your admin user and adding the ip-addresses in these files.
|
||||
- The container also supports the proxy protocol inside caddy. That means that you can run a supported web server in front of port 443/tcp and use the proxy protocol. You can enable this by configuring the `APACHE_IP_BINDING` environmental variable for the mastercontainer and set it to an ip-address from which the protocol shall be accepted. ⚠️ Note that the initial domain validation will not work correctly if you want to use the proxy protocol. So make sure to skip the domain validation in that case. See the [documentation](https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation).
|
||||
- If you want to use this with [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden), make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
|
||||
- If you want to use this with [bitwarden-lite](https://github.com/nextcloud/all-in-one/tree/main/community-containers/bitwarden-lite), make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for bitwarden-lite.
|
||||
- If you want to use this with [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart), make sure that you point `mail.your-nc-domain.com` to your server using an A, AAAA or CNAME record so that caddy can get a certificate automatically for stalwart.
|
||||
- If you want to use this with [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin), make sure that you point `media.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyfin.
|
||||
- If you want to use this with [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap), make sure that you point `ldap.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for lldap.
|
||||
|
||||
@@ -35,11 +35,6 @@
|
||||
"source": "nextcloud_aio_jellyseerr",
|
||||
"destination": "/jellyseerr",
|
||||
"writeable": false
|
||||
},
|
||||
{
|
||||
"source": "nextcloud_aio_bitwarden_lite",
|
||||
"destination": "/bitwarden-lite",
|
||||
"writeable": false
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
## Fail2ban
|
||||
This container bundles fail2ban and auto-configures it for you in order to block ip-addresses automatically. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, https://github.com/nextcloud/all-in-one/tree/main/community-containers/bitwarden-lite, https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin, and https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr, if installed.
|
||||
This container bundles fail2ban and auto-configures it for you in order to block ip-addresses automatically. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin, and https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr, if installed.
|
||||
|
||||
### Notes
|
||||
- If you get an error like `"ip6tables v1.8.9 (legacy): can't initialize ip6tables table filter': Table does not exist (do you need to insmod?)"`, you need to enable ip6tables on your host via `sudo modprobe ip6table_filter`.
|
||||
|
||||
@@ -2,7 +2,6 @@
|
||||
This container bundles vaultwarden and auto-configures it for you.
|
||||
|
||||
### Notes
|
||||
- **This container is incompatible with the [bitwarden-lite](https://github.com/nextcloud/all-in-one/tree/main/community-containers/bitwarden-lite) community container since both use `bw.$NC_DOMAIN` as subdomain. Make sure that you do not enable both at the same time!**
|
||||
- You need to configure a reverse proxy in order to run this container since vaultwarden needs a dedicated (sub)domain! For that, you might have a look at https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy or follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md and https://github.com/dani-garcia/vaultwarden/wiki/Proxy-examples. You need to point the reverse proxy at port 8812 of this server.
|
||||
- Currently, only `bw.$NC_DOMAIN` is supported as subdomain! So if Nextcloud is using `your-domain.com`, vaultwarden will use `bw.your-domain.com`. The reverse proxy and domain must be configured accordingly!
|
||||
- If you want to secure the installation with fail2ban, you might want to check out https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban
|
||||
|
||||
@@ -379,7 +379,7 @@
|
||||
],
|
||||
"internal_port": "9980",
|
||||
"environment": [
|
||||
"aliasgroup1=https://%NC_DOMAIN%:443,http://nextcloud-aio-apache.nextcloud-aio:23973",
|
||||
"aliasgroup1=https://%NC_DOMAIN%:443,http://nextcloud-aio-apache:23973",
|
||||
"extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
|
||||
"dictionaries=%COLLABORA_DICTIONARIES%",
|
||||
"TZ=%TIMEZONE%",
|
||||
@@ -389,7 +389,7 @@
|
||||
"restart": "unless-stopped",
|
||||
"nextcloud_exec_commands": [
|
||||
"echo 'Activating Collabora config...'",
|
||||
"php /var/www/html/occ richdocuments:activate-config --wopi-url='http://nextcloud-aio-apache.nextcloud-aio:23973' --callback-url='http://nextcloud-aio-apache.nextcloud-aio:23973'"
|
||||
"php /var/www/html/occ richdocuments:activate-config --wopi-url='http://nextcloud-aio-apache:23973' --callback-url='http://nextcloud-aio-apache:23973'"
|
||||
],
|
||||
"profiles": [
|
||||
"collabora"
|
||||
|
||||
@@ -353,9 +353,6 @@
|
||||
<input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
|
||||
<input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
|
||||
<input id="base_path" type="hidden" name="base_path" value="">
|
||||
{% if bypass_container_update == true %}
|
||||
<input type="hidden" name="bypass_container_update" value="true">
|
||||
{% endif %}
|
||||
<input type="submit" value="Start containers" />
|
||||
</form>
|
||||
{% else %}
|
||||
@@ -364,7 +361,7 @@
|
||||
<input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
|
||||
<input id="base_path" type="hidden" name="base_path" value="">
|
||||
{% if bypass_container_update == true %}
|
||||
<input type="hidden" name="bypass_container_update" value="true">
|
||||
<input type="hidden" name="bypass_container_update" value="{{bypass_container_update}}">
|
||||
{% endif %}
|
||||
<input class="button " type="submit" value="Start and update containers" onclick="return confirm('Start and update containers? You should consider creating a backup first.')" />
|
||||
</form>
|
||||
|
||||
0
php/tests/tests/initial-setup.spec.js
Executable file → Normal file
0
php/tests/tests/initial-setup.spec.js
Executable file → Normal file
0
php/tests/tests/restore-instance.spec.js
Executable file → Normal file
0
php/tests/tests/restore-instance.spec.js
Executable file → Normal file
803
reverse-proxy.md
803
reverse-proxy.md
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user