Caddy sets X-Forwarded-Host by default in reverse_proxy blocks.
The explicit header_up is unnecessary.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: James Manuel <moodyjmz@users.noreply.github.com>
EuroOffice nginx maps $http_x_forwarded_prefix to construct SDK asset
URLs (e.g. /eurooffice/sdkjs/...). Without this header the prefix is
empty and the browser requests /sdkjs/... which Caddy routes to
Nextcloud → 404.
Send X-Forwarded-Prefix as a separate header instead of appending the
path to X-Forwarded-Host (as the OnlyOffice block does), matching
EuroOffice nginx expectations.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: James Manuel <moodyjmz@users.noreply.github.com>
Fixes two issues from #8089:
- Add background-color to overlay-log so the container is visible
before text starts appearing
- Use monospace font in overlay iframe content for better log readability
- Bump CSS cache version to v12
- Enable xpack.security in Elasticsearch (was explicitly disabled)
- Add ELASTIC_PASSWORD env var so the built-in elastic user gets the password
- Disable HTTP SSL to keep plain HTTP while still enforcing basic auth
- Disable transport SSL (single-node setup)
- Update healthcheck to authenticate with elastic credentials
The session-deduplicator only touches files under /mnt/docker-aio-config/session/, which is already owned by www-data, so running it as root grants more privilege than it needs. Dropping to www-data reduces the number of root-owned processes in the mastercontainer and follows least-privilege for the supervisord program set.
The helm-release workflow fails on forks because they don't have
a gh-pages branch set up for Helm chart publication. Add a
conditional check to only run this workflow on the upstream
nextcloud/all-in-one repository.
Fixes#8128
- Add request_terminate_timeout = PHP_MAX_TIME in start.sh: without this
(default 0 = disabled) workers blocked on a slow DB query, stalled Redis
connection, or hung syscall are never reaped. Over time they fill
pm.max_children and Apache returns 502 Bad Gateway to the reverse proxy.
- Set pm.process_idle_timeout = 300s in Dockerfile: the upstream default of
10 s kills all idle workers after a brief quiet period. The next request
burst must then wait for fresh PHP-FPM forks; on a loaded host that
spawn latency can push Apache past its FastCGI deadline and produce a 502.
300 s keeps a warm pool through normal desktop-sync polling cycles.
- Add a dedicated 502 troubleshooting subsection to reverse-proxy.md
documenting the six most common causes (proxy timeout, worker exhaustion,
stuck workers, Redis session lock contention, container cold start, Caddy
cert renewal) with actionable diagnostics.
Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/2fd7a6d1-bfdb-4f26-a8d0-cd54a7307999
Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>
Added a disclaimer regarding the accuracy of the migration guide and clarified the use of a temporary Docker container for database conversion.
Signed-off-by: Simon L. <szaimen@e.mail.de>
- Fix return vs continue in CreateVolumes: using return caused all
subsequent volumes to be skipped when nextcloud_aio_nextcloud_datadir
or nextcloud_aio_backupdir appeared in the volume list
- Fix GetLogs parsing loop: the while loop checked $line before
reassigning it so the false sentinel from strtok was always processed,
appending a spurious extra empty line to the output
- Fix getRegisteredSecret unsafe array access: accessing
$this->secrets[$secretId] without isset() can trigger an undefined
array key warning; use isset() instead
- Remove redundant startTransaction() call in setDomain(): the method
called startTransaction() twice without an intervening commitTransaction(),
making the second call a no-op that was misleading
Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/19424687-dda1-4510-8f70-068c8d3efd41
Co-Authored-By: szaimen <42591237+szaimen@users.noreply.github.com>
Signed-off-by: Simon L. <szaimen@e.mail.de>
- Disable RDB persistence (--save "") since Redis is used as a pure
cache and lock store; snapshotting causes fork/CoW pressure and I/O spikes
- Set --maxmemory-policy allkeys-lru to enable LRU eviction and prevent
unbounded memory growth
- Enable lazyfree background deletions (--lazyfree-lazy-*) to move key
eviction, expiry, and DEL operations off the main event loop thread
- Enable active memory defragmentation (--activedefrag yes) for long-running
instances
- Increase background task frequency to --hz 15 for faster key expiry
- Add Transparent Huge Pages (THP) startup warning, consistent with the
existing vm.overcommit_memory check
- Refactor start.sh to build arguments via a bash array, avoiding eval
and safely handling the empty-string --save "" and the password argument
- Remove the pre-existing unreachable exec "$@" at the end of start.sh
- Add timeout and read_timeout (1.5s) to standalone Redis config in
redis.config.php to prevent PHP workers from hanging indefinitely
Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/e68c1986-419f-49b4-9cd0-c1f0efda0351
Co-Authored-By: Simon L. <szaimen@e.mail.de>
Co-Authored-By: szaimen <42591237+szaimen@users.noreply.github.com>
The session cookie was recently renamed from `PHPSESSID` to
`__Host-Http-PHPSESSID` (commit 3871179a). When watchtower updates the
mastercontainer, the browser still holds the old `PHPSESSID` cookie, but the
new code only looks for `__Host-Http-PHPSESSID`. The old cookie is ignored, a
fresh unauthenticated session is created, and the user is logged out.
Fix: before starting the new session in index.php, check if the old `PHPSESSID`
cookie exists and carries an authenticated session. If it does, destroy the old
session and mark the new one as authenticated via `SetAuthState(true)`.
Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/cba0ea31-e257-4ec1-82ae-dd66f0f34d98
---
refactor: address review comments - use constant for session key and activity interval
Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/cba0ea31-e257-4ec1-82ae-dd66f0f34d98
Co-Authored-By: szaimen <42591237+szaimen@users.noreply.github.com>
- Replace TCP-only nc healthcheck with HTTP cluster health API check via curl,
so the container is only marked healthy when ES is actually ready (not just
when the TCP port is open during startup)
- Add indices.fielddata.cache.size=20% to cap field-data cache and prevent
unbounded heap growth / OOM kills on large datasets
- Add indices.memory.index_buffer_size=20% to improve bulk indexing throughput
by buffering more data in memory before flushing to disk
- Add thread_pool.write.queue_size=1000 to avoid rejected indexing requests
when Nextcloud's background jobs submit many files simultaneously
Changes applied to: Containers/fulltextsearch/healthcheck.sh,
php/containers.json, manual-install/latest.yml
Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/a036678d-a9f5-4db3-8cc6-3e3d52f4e97f
Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>
- Before sending a pull request that fixes a security issue please report it via our HackerOne page (https://hackerone.com/nextcloud) following our security policy (https://nextcloud.com/security/). This allows us to coordinate the fix and release without potentially exposing all Nextcloud servers and users in the meantime.
-->
<!-- Please check the below checkmarks if applicable -->
- [ ] The PR was tested and verified that it works locally
- [ ] The PR was completely or partially created with AI
- SPDX-FileCopyrightText: 2026 Nextcloud GmbH and Nextcloud contributors
- SPDX-License-Identifier: AGPL-3.0-or-later
-->
# Agent Guidelines for Nextcloud All-in-one
This file provides instructions for AI coding agents (Claude Code, GitHub Copilot, Cursor, Windsurf, and others) operating on this repository. Read it before generating any code, commits, or pull requests.
---
## Nextcloud Contribution Policy
All contributions generated or assisted by this agent must fully comply with:
- **[AI Contribution Policy](https://github.com/nextcloud/.github/blob/master/AI_POLICY.md)** - the primary reference for AI-specific rules, covering disclosure, author accountability, communication, security, licensing, code quality, and autonomous agent behavior.
- **[Contribution Guidelines](https://github.com/nextcloud/.github/blob/master/CONTRIBUTING.md)** - covering testing requirements, the Developer Certificate of Origin (DCO), license headers, conventional commits, and translations. These apply in full to all contributions regardless of how they were produced.
### What this agent must always do
- Add an `Assisted-by: AGENT_NAME:MODEL_VERSION` git trailer to every commit containing AI-assisted content.
- Ensure every pull request includes a disclosure of AI tool use in the PR description.
- Produce focused, scoped pull requests that address exactly one concern. Do not touch unrelated files or introduce incidental refactors.
- Verify all dependencies against actual package registries before suggesting them. Do not use hallucinated or unverified package names.
- Explicitly inform the contributor when any action they are about to take, or have taken, would violate the AI Contribution Policy or the Contribution Guidelines. Do not silently proceed. State which rule is at risk and what the contributor should do instead.
- Warn the contributor if a pull request is growing too large. A PR approaching several thousand lines of changed code is a signal that it should be split into smaller, focused PRs. Suggest a logical split before the PR is opened, not after.
- Recommend opening a ticket for discussion before starting implementation whenever a feature or change is sufficiently complex - for example when it touches multiple subsystems, requires architectural decisions, or the right approach is not yet clear. A ticket allows maintainers and the contributor to align on direction before code is written, avoiding wasted effort on a PR that may be rejected or require fundamental rework.
### What this agent must never do
- Open issues, submit pull requests, post review comments, or send security reports autonomously. Every contribution must be reviewed and submitted by a human.
- Add `Signed-off-by` tags to commits. Only the human contributor can certify the Developer Certificate of Origin.
- Generate or submit security reports without independent human verification. Report verified vulnerabilities via [HackerOne](https://hackerone.com/nextcloud), not as GitHub issues.
- Write PR descriptions, review comments, or issue reports on behalf of the contributor. These must be in the contributor's own words.
- Submit code that has not been reviewed and cleaned up by the contributor. Dead code, redundant logic, excessive comments, and unrelated changes must be removed before submission.
---
## Repository-Specific Requirements
### Commit format
Use [Conventional Commits](https://www.conventionalcommits.org) for all commit messages:
The scope should match the affected component or app (e.g. `files_sharing`, `core`, `encryption`).
Example:
```
feat(files_sharing): allow sharing with contacts
Assisted-by: ClaudeCode:claude-sonnet-4-6
```
### Tests
- Every changed or added code segment must be covered by unit tests. Pull requests without tests for new or modified logic will not be accepted.
- In areas where unit testing is currently difficult, refactoring to enable testability is encouraged alongside the bug fix.
- New features must be manually tested on a live Nextcloud instance by the human contributor before submission. Providing test steps for an agent to execute is not a substitute.
### Developer Certificate of Origin (DCO)
The project uses the DCO as an additional safeguard. Only the human contributor may add the `Signed-off-by` trailer - agents must not add it:
```
Signed-off-by: Random J Developer <random@developer.example.org>
```
Contributors can sign automatically with `git commit -s` after configuring `user.name` and `user.email`.
### License headers
Every new file must include the correct SPDX license header. For AGPL-3.0-or-later (the default for this repository):
```php
/**
* SPDX-FileCopyrightText: <year> <name>
* SPDX-License-Identifier: AGPL-3.0-or-later
*/
```
See [HowToApplyALicense.md](https://github.com/nextcloud/server/blob/master/contribute/HowToApplyALicense.md) for details on per-language formats. AI-generated code must not include material from sources incompatible with AGPL-3.0-or-later.
### Security
- Do not open GitHub issues for potential vulnerabilities. Report them via [HackerOne](https://hackerone.com/nextcloud) following the [security policy](https://nextcloud.com/security/).
- AI-generated security reports must be independently verified by the human contributor before submission.
- Manually verify all access control logic, authentication patterns, and dependency names - AI tools are known to hallucinate package names and reproduce vulnerable patterns.
### Scope of this repository
This repository covers the Nextcloud all-in-one and all its included containers and features. Issues and changes for other components belong in their respective repositories under the [Nextcloud GitHub organization](https://github.com/nextcloud/).
- SPDX-FileCopyrightText: 2026 Nextcloud GmbH and Nextcloud contributors
- SPDX-License-Identifier: MIT
-->
# AI Contribution Policy
This document provides guidance for AI tools and developers using AI assistance when contributing to Nextcloud. It applies to all repositories under the [Nextcloud GitHub organization](https://github.com/nextcloud/), including the server, clients, apps, and the community app ecosystem.
This policy complements the existing [Contribution Guidelines](CONTRIBUTING.md). The requirements around testing, the Developer Certificate of Origin, license headers, and security reporting described there continue to apply in full - this document addresses how they extend to AI-assisted contributions.
---
## Requirements
### Disclosure
Every pull request containing AI-assisted code, documentation, or tests must declare this in the PR description. PRs found to have undisclosed AI use might be closed.
For full traceability at the commit level, each commit containing AI-assisted content must include an `Assisted-by:` git trailer:
```
Assisted-by: AGENT_NAME:MODEL_VERSION
```
The agent name and model version identify the AI tool. Basic development tools such as git, compilers, editors, and static analyzers are not listed - these are standard parts of any development workflow regardless of AI involvement.
The PR description disclosure explains how AI was used; the commit trailer ensures that provenance is permanently recorded in version history and available to future contributors, auditors, and tooling.
Examples:
```
Assisted-by: Devstral:devstral-small-2507
Assisted-by: ClaudeCode:claude-sonnet-4-6
Assisted-by: Qwen:qwen3-coder-32b
Assisted-by: Copilot:gpt-4o
```
### Author Accountability
The contributor is the legal and moral author of every line they submit. If a reviewer asks "why does this work this way?" and the answer is "the AI wrote it," the PR will be closed. This applies to code, comments, documentation, and tests alike. You must be able to explain, defend, and modify any content you submit.
### Human-Written Communication
Issues, PR descriptions, and review comments must be in the contributor's own words. Translation assistance and grammar/spelling help are acceptable exceptions and do not need to be disclosed - the intent of this rule is to ensure that the ideas, reasoning, and decisions in community communication come from the contributor.
This requirement extends through the entire review process. Contributors must respond to reviewer questions and implement requested changes themselves. Passing maintainer feedback into an AI and posting whatever comes out is not an acceptable substitute for genuine engagement. If a contributor cannot explain or implement a requested change because they do not understand their own submission, the PR will be closed.
### Security and Dependency Scrutiny
AI tools hallucinate package names, produce subtly broken access controls, and may reproduce vulnerable patterns from their training data. Contributors must manually verify all dependencies, access control logic, authentication patterns, and security implications in AI-generated code before submitting - the risk of undetected errors is higher than with hand-written code and warrants extra care.
For general security requirements applicable to all contributions, see the [Contribution Guidelines](CONTRIBUTING.md). Security vulnerabilities must be reported via [HackerOne](https://hackerone.com/nextcloud) following Nextcloud's [security policy](https://nextcloud.com/security/), not via public issues. AI-generated security reports must be independently verified before submission; unverified reports might be closed without response.
### No Autonomous Agent Submissions
AI agents must not open issues, submit pull requests, post review comments, or send security reports autonomously. Every contribution must be composed, reviewed, and submitted by a human. This includes agentic workflows where an AI browses the codebase, plans changes across multiple files, and generates commits - the human contributor remains responsible for reviewing all output before anything is submitted.
AI agents must not add `Signed-off-by` tags: only humans can legally certify the [Developer Certificate of Origin](https://github.com/nextcloud/server/blob/master/contribute/developer-certificate-of-origin).
### Licensing and Copyright Compliance
Contributors must ensure AI-generated code contains no material from sources incompatible with the license of the repository or app they are contributing to. Each Nextcloud repository and app carries its own license - contributors are responsible for knowing which applies. For guidance on license headers, see [HowToApplyALicense.md](https://github.com/nextcloud/server/blob/master/contribute/HowToApplyALicense.md).
The applicable test has three parts: the AI tool's terms must permit open-source use of its output; no third-party copyrighted material may be reproduced; and any included material must use a compatible open-source license. If generated code appears identical or suspiciously similar to code from an incompatible source, it must be removed or replaced with an original implementation. Ignorance of AI-generated provenance is not a defense.
### Code Quality and Cleanup
AI output must be cleaned before submission. Dead code, redundant logic, excessive comments, inconsistent style, unused variables, structural drift, and unrelated file changes must all be removed. Submitting large AI code blobs without meaningful oversight - sometimes called "vibe coding" or "prompt dumping" - is prohibited.
Signs of a disallowed submission include: large unreviewed AI blobs; obvious mechanical mistakes a human would fix in minutes; code that has clearly never been executed; and pull requests that shift debugging and cleanup work onto maintainers rather than the contributor. As required by the [Contribution Guidelines](CONTRIBUTING.md), all changed and added code must be unit tested - AI-generated code is not exempt from this requirement.
New features must be tested on a live Nextcloud instance by the contributor before submission. Providing test instructions for an AI agent to execute is not a substitute for human testing.
---
## Guidelines
### Focused and Scoped Pull Requests
A pull request should address exactly one thing. AI-generated code frequently drifts in scope due to imprecise prompting, touching unrelated files or introducing incidental refactors. If a PR description does not match its diff, that is a signal the contributor did not review their own changes. Large changes must be broken into multiple focused commits or separate PRs.
### Maintainer Discretion
Maintainers have unreviewable authority to close AI-assisted contributions for quality, complexity, scope, or community-fit reasons. A contribution that costs reviewers more time than it returns value to the project is extractive and will be closed, regardless of how many rounds of review it has already received. The golden rule applies: a contribution should be worth more to the project than the time it takes to review.
---
## Scope and Updates
This policy applies to all contributions to repositories and apps under the Nextcloud GitHub organization, by all contributors. It will be reviewed and updated as AI tooling, open-source best practices, and applicable law evolve. Suggested changes are welcome via pull requests.
SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors
SPDX-License-Identifier: MIT
-->
## Submitting issues
If you have questions about how to install or use Nextcloud, please direct these to our [forum][forum].
### Guidelines
* Please search the existing issues first, it's likely that your issue was already reported or even fixed.
- Go to one of the repositories, click "issues" and type any word in the top search/command bar.
- More info on [search syntax within github](https://help.github.com/articles/searching-issues)
* __SECURITY__: Report any potential security bug to us via [our HackerOne page](https://hackerone.com/nextcloud) following our [security policy](https://nextcloud.com/security/) instead of filing an issue in our bug tracker.
* The issues in other components should be reported in their respective repositories: You will find them in our [GitHub Organization](https://github.com/nextcloud/)
* Report the issue using one of our templates, they include all the information we need to track down the issue.
Help us to maximize the effort we can spend fixing issues and adding new features, by not reporting duplicate issues.
[forum]: https://help.nextcloud.com/
## Contributing to Source Code
Thanks for wanting to contribute source code to Nextcloud. That's great!
Please read the [Developer Manuals][devmanual] to learn how to create your first application or how to test the Nextcloud code.
### AI-assisted contributions
Nextcloud allows contributions made with the help of AI tools. You are the author of everything you submit - AI assistance does not change that responsibility.
* **Disclosure:** Declare AI tool use in the PR description and add an `Assisted-by: AGENT_NAME:MODEL_VERSION` git trailer to each affected commit.
* **Accountability:** You must be able to explain, defend, and modify every line you submit. If a reviewer asks why something works a certain way, "the AI wrote it" is not an answer.
* **Communication:** PR descriptions, review comments, and issue reports must be written in your own words. This applies throughout the review process - passing reviewer feedback to an AI and posting whatever comes out is not acceptable.
* **Quality:** AI output must be quality assured by the human, i.e. reviewed, cleaned up, and tested before submission. New features must be tested on a live instance by you, not by an agent. Code that has never been executed, or that shifts debugging work onto maintainers, will not be accepted.
* **Licensing:** Ensure AI-generated code contains no material incompatible with the license of the repository you are contributing to.
For the full policy including autonomous agent rules, security reports, and beginner issues, read the [AI Contribution Policy][aipolicy].
### Tests
In order to constantly increase the quality of our software we can no longer accept pull request which submit un-tested code.
It is a must have that changed and added code segments are unit tested.
In some areas unit testing is hard (aka almost impossible) as of today - in these areas refactoring WHILE fixing a bug is encouraged to enable unit testing.
### Sign your work
We use the Developer Certificate of Origin (DCO) as a additional safeguard
for the Nextcloud project. This is a well established and widely used
mechanism to assure contributors have confirmed their right to license
if ! borg"$BORG_LOG_LEVEL_FLAG" info > /dev/null;then
echo"Borg can't get info from the repo it created. Something is wrong."
exit1
fi
@@ -216,9 +220,9 @@ if [ "$BORG_MODE" = backup ]; then
# Create the backup
echo"Starting the backup..."
get_start_time
if ! borg create "${BORG_OPTS[@]}""${BORG_INCLUDE[@]}""${BORG_EXCLUDE[@]}""::$CURRENT_DATE-nextcloud-aio""/nextcloud_aio_volumes/" --exclude-from /borg_excludes;then
if ! borg"$BORG_LOG_LEVEL_FLAG" create "${BORG_OPTS[@]}""${BORG_INCLUDE[@]}""${BORG_EXCLUDE[@]}""::$CURRENT_DATE-nextcloud-aio""/nextcloud_aio_volumes/" --exclude-from /borg_excludes;then
echo"Deleting the failed backup archive..."
borg delete --stats "::$CURRENT_DATE-nextcloud-aio"
# CSP limits which features can be used. By default we allow nothing and only allow required options. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy
# default-src 'none'; Allow nothing by default
# script-src-elem/style-src-elem 'self'; Only allow loading css/js files from same origin (AIO itself) while blocking all inline css/js
# img-src 'self'; Only allow loading images from same origin (from AIO itself)
# connect-src 'self'; Allow fetch to only connect same origin (to AIO itself)
# frame-src 'self'; Allow AIO to only embed itself "what can be embedded"
# base-uri 'none'; This does not fallback to default-src, AIO does not use the html base tag
# form-action 'self'; Html forms are only allowed to submit to AIO and not cross origin
# frame-ancestors 'self'; Only allow AIO itself to embed it self "who can embed"
# upgrade-insecure-requests; Upgrade all http embedings to https
# require-trusted-types-for 'script'; trusted-types 'none'; Blocks DOM changes via js
X-Content-Type-Options"nosniff" # This forces the browser to use the MIME type of the Content-Type header. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Content-Type-Options
X-Frame-Options"SAMEORIGIN" # Only allow AIO itself to embed itself, this is also enforced as part of the CSP frame-ancestors. See https://developer.mozilla.org/de/docs/Web/HTTP/Reference/Headers/X-Frame-Options
X-Permitted-Cross-Domain-Policies"none" # We block all cross origin request, including ones from Adobe Acrobat or Microsoft Silverlight and Adobe Flash Player. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control"off" # Tells the browser to not pre-fetch the DNS of linked pages. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-DNS-Prefetch-Control
Referrer-Policy"no-referrer" # Tells the browser to never sent a Referer header. See https://developer.mozilla.org/de/docs/Web/HTTP/Reference/Headers/Referrer-Policy
X-Robots-Tag"noindex,nofollow" # Tells web crawlers to not index this page. See https://developer.mozilla.org/de/docs/Web/HTTP/Reference/Headers/X-Robots-Tag
Origin-Agent-Cluster"?1" # Isolates AIO from other same site pages. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Origin-Agent-Cluster
Cross-Origin-Opener-Policy"same-origin" # AIO does not use any popup, still we can isolate its BCG if it is opened as a pop up by another page. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Opener-Policy
Cross-Origin-Embedder-Policy"require-corp" # Harder rules for cross origin embeds. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Embedder-Policy
Cross-Origin-Resource-Policy"same-origin" # Only allow the same origin to load resources. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cross-Origin_Resource_Policy
# Permissions-Policy disables browser features that AIO does not use. Since there is no "deny all" option, all known features need to be listed explicitly. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy
print_red "It seems like you did not attach the 'nextcloud_aio_mastercontainer' volume to the mastercontainer?
This is not supported since the built-in backup solution will not work in that case!"
exit1
@@ -312,6 +316,42 @@ if [ -n "$AIO_COMMUNITY_CONTAINERS" ]; then
print_red "You've set AIO_COMMUNITY_CONTAINERS but the option was removed.
The community containers get managed via the AIO interface now."
fi
if[ -n "$NEXTCLOUD_ENABLE_DRI_DEVICE"];then
print_red "The environmental variable NEXTCLOUD_ENABLE_DRI_DEVICE is deprecated. Please mount the /dev/dri device into the mastercontainer instead and remove NEXTCLOUD_ENABLE_DRI_DEVICE. It will then be set automatically."
fi
# Automatically enable the /dev/dri device if it is mounted into the mastercontainer
# Sync this with max pm.max_children and MaxRequestWorkers
# 5000 connections is apparently the highest possible value with postgres so set it to that so that we don't run into a limit here.
# We don't actually expect so many connections but don't want to limit it artificially because people will report issues otherwise
# Also connections should usually be closed again after the process is done
# If we should actually exceed this limit, it is definitely a bug in Nextcloud server or some of its apps that does not close connections correctly and not a bug in AIO
sed -i "s|^max_connections =.*|max_connections = 5000|""/var/lib/postgresql/data/postgresql.conf"
sed -i "s|^max_connections =.*|max_connections = 5000|""$PGCONF"
# Do not log checkpoints
if grep -q "#log_checkpoints"/var/lib/postgresql/data/postgresql.conf;then
sed -i 's|#log_checkpoints.*|log_checkpoints = off|'/var/lib/postgresql/data/postgresql.conf
if grep -q "#log_checkpoints""$PGCONF";then
sed -i 's|#log_checkpoints.*|log_checkpoints = off|'"$PGCONF"
fi
# Set log level
sed -i "s|^#\?log_min_messages.*|log_min_messages = $PG_LOG_LEVEL|""/var/lib/postgresql/data/postgresql.conf"
if grep -q "^#\?log_min_messages" /var/lib/postgresql/data/postgresql.conf;then
sed -i "s|^#\?log_min_messages.*|log_min_messages = $POSTGRES_LOG_MIN_MESSAGES|" /var/lib/postgresql/data/postgresql.conf
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Simon L.