mirror of
https://github.com/nextcloud/all-in-one.git
synced 2026-05-22 11:20:13 +00:00
Compare commits
3 Commits
copilot/de
...
copilot/in
| Author | SHA1 | Date | |
|---|---|---|---|
|
b0ab901b31 | ||
|
|
d58db9438e | ||
|
|
877968d8e5 |
2
.github/workflows/helm-release.yml
vendored
2
.github/workflows/helm-release.yml
vendored
@@ -16,7 +16,7 @@ jobs:
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
|
||||
- name: Turnstyle
|
||||
uses: softprops/turnstyle@e15e934b3f69ee283ba389ea05c8886baa656d93 # v2
|
||||
uses: softprops/turnstyle@e565d2d86403c5d23533937e95980570545e5586 # v2
|
||||
with:
|
||||
continue-after-seconds: 180
|
||||
env:
|
||||
|
||||
2
.github/workflows/playwright-on-push.yml
vendored
2
.github/workflows/playwright-on-push.yml
vendored
@@ -30,7 +30,7 @@ jobs:
|
||||
steps:
|
||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
|
||||
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
|
||||
- uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
|
||||
with:
|
||||
node-version: lts/*
|
||||
|
||||
|
||||
@@ -15,7 +15,7 @@ jobs:
|
||||
steps:
|
||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
|
||||
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
|
||||
- uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
|
||||
with:
|
||||
node-version: lts/*
|
||||
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
}
|
||||
|
||||
log {
|
||||
level ERROR
|
||||
level {$CADDY_LOG_LEVEL}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
FROM caddy:2.11.3-alpine AS caddy
|
||||
FROM caddy:2.11.2-alpine AS caddy
|
||||
|
||||
# From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
|
||||
FROM httpd:2.4.67-alpine3.23
|
||||
FROM httpd:2.4.66-alpine3.23
|
||||
|
||||
COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
|
||||
|
||||
|
||||
@@ -9,6 +9,8 @@ if [ -z "$NC_DOMAIN" ]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
CADDY_LOG_LEVEL="$(echo "$AIO_LOG_LEVEL" | tr '[:lower:]' '[:upper:]')"
|
||||
export CADDY_LOG_LEVEL
|
||||
if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
|
||||
export SUPERVISORD_STDOUT=/dev/stdout
|
||||
else
|
||||
|
||||
@@ -4,9 +4,6 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
|
||||
set -x
|
||||
fi
|
||||
|
||||
# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
|
||||
AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
|
||||
|
||||
if [ "$AIO_LOG_LEVEL" = "warn" ]; then
|
||||
BORG_LOG_LEVEL_FLAG="--warning"
|
||||
else
|
||||
|
||||
@@ -4,13 +4,8 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
|
||||
set -x
|
||||
fi
|
||||
|
||||
# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
|
||||
AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
|
||||
|
||||
if [ "$AIO_LOG_LEVEL" = "warn" ]; then
|
||||
COLLABORA_LOG_LEVEL="warning"
|
||||
elif [ "$AIO_LOG_LEVEL" = "info" ]; then
|
||||
COLLABORA_LOG_LEVEL="notice"
|
||||
else
|
||||
COLLABORA_LOG_LEVEL="$AIO_LOG_LEVEL"
|
||||
fi
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
FROM haproxy:3.3.10-alpine
|
||||
FROM haproxy:3.3.7-alpine
|
||||
|
||||
# hadolint ignore=DL3002
|
||||
USER root
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
# Probably from here https://github.com/elastic/dockerfiles/blob/9.3/elasticsearch/Dockerfile
|
||||
FROM elasticsearch:9.4.1
|
||||
FROM elasticsearch:9.3.3
|
||||
|
||||
USER root
|
||||
|
||||
|
||||
@@ -4,9 +4,6 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
|
||||
set -x
|
||||
fi
|
||||
|
||||
# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
|
||||
AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
|
||||
|
||||
ELASTIC_LOG_LEVEL="$(echo "$AIO_LOG_LEVEL" | tr '[:lower:]' '[:upper:]')"
|
||||
|
||||
exec env "logger.level=$ELASTIC_LOG_LEVEL" /usr/local/bin/docker-entrypoint.sh "$@"
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
FROM golang:1.26.3-alpine3.23 AS go
|
||||
FROM golang:1.26.2-alpine3.23 AS go
|
||||
|
||||
ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
|
||||
ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
|
||||
|
||||
RUN set -ex; \
|
||||
apk upgrade --no-cache -a; \
|
||||
|
||||
@@ -4,15 +4,11 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
|
||||
set -x
|
||||
fi
|
||||
|
||||
# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
|
||||
AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
|
||||
|
||||
GOLANG_LOG="$(case "$AIO_LOG_LEVEL" in
|
||||
debug) printf 'info' ;;
|
||||
info) printf 'info' ;;
|
||||
warn) printf 'warning' ;;
|
||||
error) printf 'error' ;;
|
||||
*) printf 'warning' ;;
|
||||
esac)"
|
||||
export GOLANG_LOG
|
||||
if [ "$AIO_LOG_LEVEL" = "debug" ]; then
|
||||
|
||||
@@ -1,17 +1,17 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
# Docker CLI is a requirement
|
||||
FROM docker:29.4.3-cli AS docker
|
||||
FROM docker:29.4.1-cli AS docker
|
||||
|
||||
ARG CADDY_REMOTE_HOST_HASH=e80a9931765a8dbcbb47db415863387f0df0e1b3
|
||||
ARG CADDY_REMOTE_HOST_HASH=b21775afa730ffb52a24ddff310c8a6d1fd37276
|
||||
|
||||
# Caddy is a requirement
|
||||
FROM caddy:2.11.3-builder-alpine AS caddy
|
||||
FROM caddy:2.11.2-builder-alpine AS caddy
|
||||
RUN set -ex; \
|
||||
xcaddy build --with github.com/muety/caddy-remote-host@"$CADDY_REMOTE_HOST_HASH"; \
|
||||
/usr/bin/caddy list-modules
|
||||
|
||||
# From https://github.com/docker-library/php/blob/master/8.5/alpine3.23/fpm/Dockerfile
|
||||
FROM php:8.5.6-fpm-alpine3.23
|
||||
FROM php:8.5.5-fpm-alpine3.23
|
||||
|
||||
EXPOSE 80
|
||||
EXPOSE 8080
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
}
|
||||
|
||||
log {
|
||||
level ERROR
|
||||
level {$CADDY_LOG_LEVEL}
|
||||
# We need to exclude the remote-host plugin from logging as it would spam the logs
|
||||
# See https://github.com/nextcloud/all-in-one/pull/7006#issuecomment-4003238239
|
||||
exclude http.matchers.remote_host
|
||||
|
||||
@@ -59,15 +59,6 @@ fi
|
||||
|
||||
# Wait for watchtower to stop
|
||||
if [ "$AUTOMATIC_UPDATES" = 1 ]; then
|
||||
# Give Docker time to register the container as running before checking for it.
|
||||
# Without this, there is a race condition where the check below runs before watchtower
|
||||
# appears in `docker ps`, causing the script to skip the wait and continue with
|
||||
# the potentially outdated mastercontainer code while watchtower is still updating it.
|
||||
count=0
|
||||
while ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$" && [ "$count" -lt 12 ]; do
|
||||
sleep 5
|
||||
count=$((count + 1))
|
||||
done
|
||||
if ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; then
|
||||
echo "Something seems to be wrong: Watchtower should be started at this step."
|
||||
fi
|
||||
|
||||
@@ -18,9 +18,9 @@ header {
|
||||
Referrer-Policy "no-referrer" # Tells the browser to never sent a Referer header. See https://developer.mozilla.org/de/docs/Web/HTTP/Reference/Headers/Referrer-Policy
|
||||
X-Robots-Tag "noindex, nofollow" # Tells web crawlers to not index this page. See https://developer.mozilla.org/de/docs/Web/HTTP/Reference/Headers/X-Robots-Tag
|
||||
Origin-Agent-Cluster "?1" # Isolates AIO from other same site pages. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Origin-Agent-Cluster
|
||||
Cross-Origin-Opener-Policy "same-origin" # AIO does not use any popup, still we can isolate its BCG if it is opened as a pop up by another page. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Opener-Policy
|
||||
Cross-Origin-Embedder-Policy "require-corp" # Harder rules for cross origin embeds. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Embedder-Policy
|
||||
Cross-Origin-Resource-Policy "same-origin" # Only allow the same origin to load resources. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cross-Origin_Resource_Policy
|
||||
Cross-Origin-Opener-Policy "same-origin"; # AIO does not use any popup, still we can isolate its BCG if it is opened as a pop up by another page. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Opener-Policy
|
||||
Cross-Origin-Embedder-Policy "require-corp"; # Harder rules for cross origin embeds. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Embedder-Policy
|
||||
Cross-Origin-Resource-Policy "same-origin"; # Only allow the same origin to load resources. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cross-Origin_Resource_Policy
|
||||
|
||||
# Permissions-Policy disables browser features that AIO does not use. Since there is no "deny all" option, all known features need to be listed explicitly. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy
|
||||
Permissions-Policy "accelerometer=(), ambient-light-sensor=(), aria-notify=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), captured-surface-control=(), ch-ua-high-entropy-values=(), compute-pressure=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), display-capture=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), local-network=(), local-network-access=(), loopback-network=(), magnetometer=(), microphone=(), midi=(), on-device-speech-recognition=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), private-state-token-redemption=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), summarizer=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=()"
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
}
|
||||
|
||||
log {
|
||||
level ERROR
|
||||
level {$CADDY_LOG_LEVEL}
|
||||
# We need to exclude the remote-host plugin from logging as it would spam the logs
|
||||
# See https://github.com/nextcloud/all-in-one/pull/7006#issuecomment-4003238239
|
||||
exclude http.matchers.remote_host
|
||||
|
||||
@@ -338,7 +338,7 @@ else
|
||||
fi
|
||||
|
||||
# Log level logics
|
||||
if [ -n "$AIO_LOG_LEVEL" ] && ! echo "$AIO_LOG_LEVEL" | grep -q "^debug$\|^info$\|^warn$\|^error$"; then
|
||||
if [ -n "$AIO_LOG_LEVEL" ] && ! grep -q "^debug$\|^info$\|^warn$\|^error$"; then
|
||||
print_red "AIO_LOG_LEVEL must be one of 'debug', 'info', 'warn' or 'error'.
|
||||
It is set to '$AIO_LOG_LEVEL'".
|
||||
exit 1
|
||||
@@ -347,11 +347,13 @@ if [ -z "$AIO_LOG_LEVEL" ]; then
|
||||
export AIO_LOG_LEVEL="warn"
|
||||
fi
|
||||
|
||||
CADDY_LOG_LEVEL="$(echo "$AIO_LOG_LEVEL" | tr '[:lower:]' '[:upper:]')"
|
||||
if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
|
||||
export SUPERVISORD_STDOUT=/dev/stdout
|
||||
else
|
||||
export SUPERVISORD_STDOUT=NONE
|
||||
fi
|
||||
export CADDY_LOG_LEVEL
|
||||
|
||||
# Check if ghcr.io is reachable
|
||||
# Solves issues like https://github.com/nextcloud/all-in-one/discussions/5268
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
FROM php:8.3.31-fpm-alpine3.23
|
||||
FROM php:8.3.30-fpm-alpine3.23
|
||||
|
||||
ENV PHP_MEMORY_LIMIT=512M
|
||||
ENV PHP_UPLOAD_LIMIT=16G
|
||||
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
|
||||
ENV REDIS_DB_INDEX=0
|
||||
|
||||
# AIO settings start # Do not remove or change this line!
|
||||
ENV NEXTCLOUD_VERSION=33.0.3
|
||||
ENV NEXTCLOUD_VERSION=33.0.2
|
||||
ENV AIO_TOKEN=123456
|
||||
ENV AIO_URL=localhost
|
||||
# AIO settings end # Do not remove or change this line!
|
||||
|
||||
@@ -14,9 +14,6 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
|
||||
set -x
|
||||
fi
|
||||
|
||||
# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
|
||||
AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
|
||||
|
||||
run_upgrade_if_needed_due_to_app_update() {
|
||||
if php /var/www/html/occ status | grep maintenance | grep -q true; then
|
||||
php /var/www/html/occ maintenance:mode --off
|
||||
@@ -32,7 +29,6 @@ NEXTCLOUD_LOG_LEVEL="$(case "$AIO_LOG_LEVEL" in
|
||||
info) printf '1' ;;
|
||||
warn) printf '2' ;;
|
||||
error) printf '3' ;;
|
||||
*) printf '2' ;;
|
||||
esac)"
|
||||
export NEXTCLOUD_LOG_LEVEL
|
||||
|
||||
@@ -675,7 +671,6 @@ fi
|
||||
# Adjusting log files to be stored on a volume
|
||||
echo "Adjusting log files..."
|
||||
php /var/www/html/occ config:system:set upgrade.cli-upgrade-link --value="https://github.com/nextcloud/all-in-one/discussions/2726"
|
||||
php /var/www/html/occ config:system:set loglevel --value="$NEXTCLOUD_LOG_LEVEL" --type=integer
|
||||
if [ "$NEXTCLOUD_LOG_TYPE" = "errorlog" ]; then
|
||||
php /var/www/html/occ config:system:set log_type --value="errorlog"
|
||||
php /var/www/html/occ config:system:set log_type_audit --value="errorlog"
|
||||
|
||||
@@ -4,9 +4,6 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
|
||||
set -x
|
||||
fi
|
||||
|
||||
# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
|
||||
AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
|
||||
|
||||
export RUST_LOG="$AIO_LOG_LEVEL"
|
||||
|
||||
if [ -z "$NEXTCLOUD_HOST" ]; then
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
# From https://github.com/docker-library/postgres/blob/master/18/alpine3.23/Dockerfile
|
||||
FROM postgres:18.4-alpine
|
||||
FROM postgres:18.3-alpine
|
||||
|
||||
ENV PGDATA=/var/lib/postgresql/data
|
||||
|
||||
@@ -14,7 +14,6 @@ RUN set -ex; \
|
||||
bash \
|
||||
openssl \
|
||||
shadow \
|
||||
netcat-openbsd \
|
||||
grep; \
|
||||
\
|
||||
# We need to use the same gid and uid as on old installations
|
||||
|
||||
@@ -6,9 +6,6 @@ fi
|
||||
|
||||
test -f "/mnt/data/backup-is-running" && exit 0
|
||||
|
||||
# If database import is running, do not continue with the health check
|
||||
if nc -z 127.0.0.1 11000; then
|
||||
exit 0
|
||||
fi
|
||||
PGPASSWORD="$POSTGRES_PASSWORD" psql -h 127.0.0.1 -p 11000 -U "oc_$POSTGRES_USER" -d "$POSTGRES_DB" -c "select now()" && exit 0
|
||||
|
||||
PGPASSWORD="$POSTGRES_PASSWORD" psql -h 127.0.0.1 -p 5432 -U "oc_$POSTGRES_USER" -d "$POSTGRES_DB" -c "select now()" || exit 1
|
||||
|
||||
@@ -4,15 +4,11 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
|
||||
set -x
|
||||
fi
|
||||
|
||||
# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
|
||||
AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
|
||||
|
||||
POSTGRES_LOG_MIN_MESSAGES="$(case "$AIO_LOG_LEVEL" in
|
||||
debug) printf 'debug1' ;;
|
||||
info) printf 'info' ;;
|
||||
warn) printf 'warning' ;;
|
||||
error) printf 'error' ;;
|
||||
*) printf 'warning' ;;
|
||||
esac)"
|
||||
export POSTGRES_LOG_MIN_MESSAGES
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
# From https://github.com/redis/docker-library-redis/blob/release/8.2/alpine/Dockerfile
|
||||
FROM redis:8.6.3-alpine
|
||||
FROM redis:8.6.2-alpine
|
||||
|
||||
COPY --chmod=775 start.sh /start.sh
|
||||
|
||||
|
||||
@@ -4,14 +4,8 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
|
||||
set -x
|
||||
fi
|
||||
|
||||
# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
|
||||
AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
|
||||
|
||||
# Redis only supports [debug, verbose, notice, warning, nothing] as log level
|
||||
if [ "$AIO_LOG_LEVEL" = "warn" ] || [ "$AIO_LOG_LEVEL" = "error" ]; then
|
||||
if [ "$AIO_LOG_LEVEL" = "warn" ]; then
|
||||
REDIS_LOG_LEVEL="warning"
|
||||
elif [ "$AIO_LOG_LEVEL" = "info" ]; then
|
||||
REDIS_LOG_LEVEL="notice"
|
||||
else
|
||||
REDIS_LOG_LEVEL="$AIO_LOG_LEVEL"
|
||||
fi
|
||||
|
||||
@@ -1,11 +1,11 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
FROM python:3.14.5-alpine3.23
|
||||
FROM python:3.14.3-alpine3.23
|
||||
|
||||
COPY --chmod=775 start.sh /start.sh
|
||||
COPY --chmod=775 healthcheck.sh /healthcheck.sh
|
||||
|
||||
ENV RECORDING_VERSION=v0.2.1
|
||||
ENV ALLOW_ALL=false \
|
||||
ENV RECORDING_VERSION=v0.2.1 \
|
||||
ALLOW_ALL=false \
|
||||
HPB_PROTOCOL=https \
|
||||
NC_PROTOCOL=https \
|
||||
SKIP_VERIFY=false \
|
||||
|
||||
@@ -4,15 +4,11 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
|
||||
set -x
|
||||
fi
|
||||
|
||||
# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
|
||||
AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
|
||||
|
||||
TALK_RECORDING_LOG_LEVEL="$(case "$AIO_LOG_LEVEL" in
|
||||
debug) printf '10' ;;
|
||||
info) printf '20' ;;
|
||||
warn) printf '30' ;;
|
||||
error) printf '40' ;;
|
||||
*) printf '30' ;;
|
||||
esac)"
|
||||
export TALK_RECORDING_LOG_LEVEL
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
FROM nats:2.14.0-scratch AS nats
|
||||
FROM nats:2.12.8-scratch AS nats
|
||||
FROM eturnal/eturnal:1.12.2-alpine AS eturnal
|
||||
FROM strukturag/nextcloud-spreed-signaling:2.1.1 AS signaling
|
||||
FROM alpine:3.23.4 AS janus
|
||||
|
||||
@@ -4,9 +4,6 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
|
||||
set -x
|
||||
fi
|
||||
|
||||
# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
|
||||
AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
|
||||
|
||||
if [ "$AIO_LOG_LEVEL" = "warn" ]; then
|
||||
ETURNAL_LOG_LEVEL="warning"
|
||||
else
|
||||
@@ -18,7 +15,6 @@ JANUS_LOG_LEVEL="$(case "$AIO_LOG_LEVEL" in
|
||||
info) printf '4' ;;
|
||||
warn) printf '3' ;;
|
||||
error) printf '1' ;;
|
||||
*) printf '3' ;;
|
||||
esac)"
|
||||
export JANUS_LOG_LEVEL
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
FROM golang:1.26.3-alpine3.23 AS go
|
||||
FROM golang:1.26.2-alpine3.23 AS go
|
||||
|
||||
ENV WATCHTOWER_COMMIT_HASH=652c89577076f6bc6f2af4465217589641216ee3
|
||||
|
||||
|
||||
@@ -4,9 +4,6 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
|
||||
set -x
|
||||
fi
|
||||
|
||||
# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
|
||||
AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
|
||||
|
||||
# Check if socket is available and readable
|
||||
if ! [ -e "/var/run/docker.sock" ]; then
|
||||
echo "Docker socket is not available. Cannot continue."
|
||||
|
||||
@@ -4,9 +4,6 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
|
||||
set -x
|
||||
fi
|
||||
|
||||
# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
|
||||
AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
|
||||
|
||||
export LOG_LEVEL="$AIO_LOG_LEVEL"
|
||||
|
||||
# Only start container if nextcloud is accessible
|
||||
|
||||
@@ -39,7 +39,6 @@ services:
|
||||
- COLLABORA_HOST=nextcloud-aio-collabora
|
||||
- TALK_HOST=nextcloud-aio-talk
|
||||
- APACHE_PORT
|
||||
- AIO_LOG_LEVEL
|
||||
- ONLYOFFICE_HOST=nextcloud-aio-onlyoffice
|
||||
- TZ=${TIMEZONE}
|
||||
- APACHE_MAX_SIZE
|
||||
@@ -81,7 +80,6 @@ services:
|
||||
- POSTGRES_PASSWORD=${DATABASE_PASSWORD}
|
||||
- POSTGRES_DB=nextcloud_database
|
||||
- POSTGRES_USER=nextcloud
|
||||
- AIO_LOG_LEVEL
|
||||
- TZ=${TIMEZONE}
|
||||
- PGTZ=${TIMEZONE}
|
||||
stop_grace_period: 1800s
|
||||
@@ -151,7 +149,6 @@ services:
|
||||
- TURN_SECRET
|
||||
- SIGNALING_SECRET
|
||||
- ONLYOFFICE_SECRET
|
||||
- AIO_LOG_LEVEL
|
||||
- NEXTCLOUD_MOUNT
|
||||
- CLAMAV_ENABLED
|
||||
- CLAMAV_HOST=nextcloud-aio-clamav
|
||||
@@ -210,7 +207,6 @@ services:
|
||||
- nextcloud_aio_nextcloud:/var/www/html:ro
|
||||
environment:
|
||||
- NEXTCLOUD_HOST=nextcloud-aio-nextcloud
|
||||
- AIO_LOG_LEVEL
|
||||
- TZ=${TIMEZONE}
|
||||
restart: unless-stopped
|
||||
read_only: true
|
||||
@@ -232,7 +228,6 @@ services:
|
||||
- "6379"
|
||||
environment:
|
||||
- REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
|
||||
- AIO_LOG_LEVEL
|
||||
- TZ=${TIMEZONE}
|
||||
volumes:
|
||||
- nextcloud_aio_redis:/data:rw
|
||||
@@ -256,9 +251,8 @@ services:
|
||||
- "9980"
|
||||
environment:
|
||||
- aliasgroup1=https://${NC_DOMAIN}:443,http://nextcloud-aio-apache.nextcloud-aio:23973
|
||||
- extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
|
||||
- extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
|
||||
- dictionaries=${COLLABORA_DICTIONARIES}
|
||||
- AIO_LOG_LEVEL
|
||||
- TZ=${TIMEZONE}
|
||||
- server_name=${NC_DOMAIN}
|
||||
- DONT_GEN_SSL_CERT=1
|
||||
@@ -299,7 +293,6 @@ services:
|
||||
- TALK_HOST=nextcloud-aio-talk
|
||||
- TURN_SECRET
|
||||
- SIGNALING_SECRET
|
||||
- AIO_LOG_LEVEL
|
||||
- TZ=${TIMEZONE}
|
||||
- TALK_PORT
|
||||
- INTERNAL_SECRET=${TALK_INTERNAL_SECRET}
|
||||
@@ -332,7 +325,6 @@ services:
|
||||
- "1234"
|
||||
environment:
|
||||
- NC_DOMAIN
|
||||
- AIO_LOG_LEVEL
|
||||
- TZ=${TIMEZONE}
|
||||
- RECORDING_SECRET
|
||||
- INTERNAL_SECRET=${TALK_INTERNAL_SECRET}
|
||||
@@ -362,7 +354,6 @@ services:
|
||||
expose:
|
||||
- "3310"
|
||||
environment:
|
||||
- AIO_LOG_LEVEL
|
||||
- TZ=${TIMEZONE}
|
||||
- MAX_SIZE=${NEXTCLOUD_UPLOAD_LIMIT}
|
||||
volumes:
|
||||
@@ -393,8 +384,6 @@ services:
|
||||
expose:
|
||||
- "80"
|
||||
environment:
|
||||
- AIO_LOG_LEVEL
|
||||
- LOG_LEVEL=${AIO_LOG_LEVEL}
|
||||
- TZ=${TIMEZONE}
|
||||
- JWT_ENABLED=true
|
||||
- JWT_HEADER=AuthorizationJwt
|
||||
@@ -421,7 +410,6 @@ services:
|
||||
expose:
|
||||
- "9000"
|
||||
environment:
|
||||
- AIO_LOG_LEVEL
|
||||
- TZ=${TIMEZONE}
|
||||
- IMAGINARY_SECRET
|
||||
restart: unless-stopped
|
||||
@@ -448,12 +436,12 @@ services:
|
||||
expose:
|
||||
- "9200"
|
||||
environment:
|
||||
- AIO_LOG_LEVEL
|
||||
- TZ=${TIMEZONE}
|
||||
- ES_JAVA_OPTS=${FULLTEXTSEARCH_JAVA_OPTIONS}
|
||||
- bootstrap.memory_lock=false
|
||||
- cluster.name=nextcloud-aio
|
||||
- discovery.type=single-node
|
||||
- logger.level=WARN
|
||||
- http.port=9200
|
||||
- xpack.license.self_generated.type=basic
|
||||
- xpack.security.enabled=false
|
||||
@@ -485,7 +473,6 @@ services:
|
||||
tmpfs:
|
||||
- /tmp
|
||||
environment:
|
||||
- AIO_LOG_LEVEL
|
||||
- TZ=${TIMEZONE}
|
||||
- NEXTCLOUD_URL=https://${NC_DOMAIN}
|
||||
- JWT_SECRET_KEY=${WHITEBOARD_SECRET}
|
||||
|
||||
@@ -21,11 +21,11 @@ TALK_ENABLED="no" # Setting this to "yes" (with quotes) enables the opt
|
||||
TALK_RECORDING_ENABLED="no" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
|
||||
WHITEBOARD_ENABLED="no" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
|
||||
|
||||
AIO_LOG_LEVEL=warn # Allows to adjust the global AIO log level. Valid values are debug, info, warn and error.
|
||||
APACHE_IP_BINDING=0.0.0.0 # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) and if that is running on the same host and using localhost to connect
|
||||
APACHE_MAX_SIZE=17179869184 # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
|
||||
APACHE_PORT=443 # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else).
|
||||
ADDITIONAL_COLLABORA_OPTIONS=['--o:security.seccomp=true'] # You can add additional collabora options here by using the array syntax.
|
||||
AIO_LOG_LEVEL=warn # Allows to adjust the global AIO log level. Valid values are debug, info, warn and error.
|
||||
COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru" # You can change this in order to enable other dictionaries for collabora
|
||||
FULLTEXTSEARCH_JAVA_OPTIONS="-Xms512M -Xmx512M" # Allows to adjust the fulltextsearch java options.
|
||||
INSTALL_LATEST_MAJOR=no # Setting this to yes will install the latest Major Nextcloud version upon the first installation
|
||||
|
||||
@@ -100,7 +100,7 @@ sed -i 's|NC_DOMAIN=|NC_DOMAIN=yourdomain.com # TODO! Needs to be chang
|
||||
sed -i 's|NEXTCLOUD_PASSWORD=|NEXTCLOUD_PASSWORD= # TODO! This is the password of the initially created Nextcloud admin with username "admin".|' sample.conf
|
||||
sed -i 's|TIMEZONE=|TIMEZONE=Europe/Berlin # TODO! This is the timezone that your containers will use.|' sample.conf
|
||||
sed -i 's|COLLABORA_SECCOMP_POLICY=|COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true # Changing the value to false allows to disable the seccomp feature of the Collabora container.|' sample.conf
|
||||
sed -i 's|AIO_LOG_LEVEL=|AIO_LOG_LEVEL=warn # Allows to adjust the global AIO log level. Valid values are debug, info, warn and error.|' sample.conf
|
||||
sed -i 's|AIO_LOG_LEVEL=|AIO_LOG_LEVEL=warning # Allows to adjust the global AIO log level. Valid values are debug, info, warn and error.|' sample.conf
|
||||
sed -i 's|FULLTEXTSEARCH_JAVA_OPTIONS=|FULLTEXTSEARCH_JAVA_OPTIONS="-Xms512M -Xmx512M" # Allows to adjust the fulltextsearch java options.|' sample.conf
|
||||
sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes" # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. You can also disable apps by using a hyphen in front of them. E.g. "-app_api"|' sample.conf
|
||||
sed -i 's|NEXTCLOUD_ADDITIONAL_APKS=|NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.|' sample.conf
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
name: nextcloud-aio-helm-chart
|
||||
description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
|
||||
version: 13.0.3-1
|
||||
version: 12.9.2
|
||||
apiVersion: v2
|
||||
keywords:
|
||||
- latest
|
||||
|
||||
@@ -37,8 +37,6 @@ spec:
|
||||
- env:
|
||||
- name: ADDITIONAL_TRUSTED_DOMAIN
|
||||
value: "{{ .Values.ADDITIONAL_TRUSTED_DOMAIN }}"
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: APACHE_HOST
|
||||
value: nextcloud-aio-apache
|
||||
- name: APACHE_MAX_SIZE
|
||||
@@ -65,7 +63,7 @@ spec:
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
- name: WHITEBOARD_HOST
|
||||
value: nextcloud-aio-whiteboard
|
||||
image: ghcr.io/nextcloud-releases/aio-apache:20260513_090235
|
||||
image: ghcr.io/nextcloud-releases/aio-apache:20260409_094910
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -36,7 +36,7 @@ spec:
|
||||
{{- end }}
|
||||
initContainers:
|
||||
- name: init-subpath
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260513_090235
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910
|
||||
command:
|
||||
- mkdir
|
||||
- "-p"
|
||||
@@ -55,13 +55,11 @@ spec:
|
||||
{{- end }}
|
||||
containers:
|
||||
- env:
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: MAX_SIZE
|
||||
value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-clamav:20260513_090235
|
||||
image: ghcr.io/nextcloud-releases/aio-clamav:20260409_094910
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -23,8 +23,6 @@ spec:
|
||||
containers:
|
||||
- args: {{ .Values.ADDITIONAL_COLLABORA_OPTIONS | default list | toJson }}
|
||||
env:
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: DONT_GEN_SSL_CERT
|
||||
value: "1"
|
||||
- name: TZ
|
||||
@@ -34,13 +32,13 @@ spec:
|
||||
- name: dictionaries
|
||||
value: "{{ .Values.COLLABORA_DICTIONARIES }}"
|
||||
- name: extra_params
|
||||
value: --o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
|
||||
value: --o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
|
||||
- name: server_name
|
||||
value: "{{ .Values.NC_DOMAIN }}"
|
||||
{{- if contains "--o:support_key=" (join " " (.Values.ADDITIONAL_COLLABORA_OPTIONS | default list)) }}
|
||||
image: ghcr.io/nextcloud-releases/aio-collabora-online:20260513_090235
|
||||
image: ghcr.io/nextcloud-releases/aio-collabora-online:20260409_094910
|
||||
{{- else }}
|
||||
image: ghcr.io/nextcloud-releases/aio-collabora:20260513_090235
|
||||
image: ghcr.io/nextcloud-releases/aio-collabora:20260409_094910
|
||||
{{- end }}
|
||||
readinessProbe:
|
||||
exec:
|
||||
|
||||
@@ -35,7 +35,7 @@ spec:
|
||||
{{- end }}
|
||||
initContainers:
|
||||
- name: init-subpath
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260513_090235
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910
|
||||
command:
|
||||
- mkdir
|
||||
- "-p"
|
||||
@@ -54,8 +54,6 @@ spec:
|
||||
{{- end }}
|
||||
containers:
|
||||
- env:
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: PGTZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
- name: POSTGRES_DB
|
||||
@@ -66,7 +64,7 @@ spec:
|
||||
value: nextcloud
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-postgresql:20260513_090235
|
||||
image: ghcr.io/nextcloud-releases/aio-postgresql:20260409_094910
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -24,7 +24,7 @@ spec:
|
||||
spec:
|
||||
initContainers:
|
||||
- name: init-volumes
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260513_090235
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910
|
||||
command:
|
||||
- chmod
|
||||
- "777"
|
||||
@@ -34,8 +34,6 @@ spec:
|
||||
mountPath: /nextcloud-aio-elasticsearch
|
||||
containers:
|
||||
- env:
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: ES_JAVA_OPTS
|
||||
value: "{{ .Values.FULLTEXTSEARCH_JAVA_OPTIONS | default "-Xms512M -Xmx512M" }}"
|
||||
- name: FULLTEXTSEARCH_PASSWORD
|
||||
@@ -50,17 +48,13 @@ spec:
|
||||
value: single-node
|
||||
- name: http.port
|
||||
value: "9200"
|
||||
- name: indices.fielddata.cache.size
|
||||
value: 20%
|
||||
- name: indices.memory.index_buffer_size
|
||||
value: 20%
|
||||
- name: thread_pool.write.queue_size
|
||||
value: "1000"
|
||||
- name: logger.level
|
||||
value: WARN
|
||||
- name: xpack.license.self_generated.type
|
||||
value: basic
|
||||
- name: xpack.security.enabled
|
||||
value: "false"
|
||||
image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20260513_090235
|
||||
image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20260409_094910
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -34,13 +34,11 @@ spec:
|
||||
{{- end }}
|
||||
containers:
|
||||
- env:
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: IMAGINARY_SECRET
|
||||
value: "{{ .Values.IMAGINARY_SECRET }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-imaginary:20260513_090235
|
||||
image: ghcr.io/nextcloud-releases/aio-imaginary:20260409_094910
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -38,7 +38,7 @@ spec:
|
||||
# AIO settings start # Do not remove or change this line!
|
||||
initContainers:
|
||||
- name: init-volumes
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260513_090235
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910
|
||||
command:
|
||||
- chmod
|
||||
- "777"
|
||||
@@ -92,8 +92,6 @@ spec:
|
||||
value: "{{ .Values.NEXTCLOUD_PASSWORD }}"
|
||||
- name: ADMIN_USER
|
||||
value: admin
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: APACHE_HOST
|
||||
value: nextcloud-aio-apache
|
||||
- name: APACHE_PORT
|
||||
@@ -192,7 +190,7 @@ spec:
|
||||
value: "{{ .Values.WHITEBOARD_ENABLED }}"
|
||||
- name: WHITEBOARD_SECRET
|
||||
value: "{{ .Values.WHITEBOARD_SECRET }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-nextcloud:20260513_090235
|
||||
image: ghcr.io/nextcloud-releases/aio-nextcloud:20260409_094910
|
||||
{{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
|
||||
securityContext:
|
||||
# The items below only work in container context
|
||||
|
||||
@@ -35,13 +35,11 @@ spec:
|
||||
{{- end }}
|
||||
containers:
|
||||
- env:
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: NEXTCLOUD_HOST
|
||||
value: nextcloud-aio-nextcloud
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-notify-push:20260513_090235
|
||||
image: ghcr.io/nextcloud-releases/aio-notify-push:20260409_094910
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -24,7 +24,7 @@ spec:
|
||||
spec:
|
||||
initContainers:
|
||||
- name: init-volumes
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260513_090235
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910
|
||||
command:
|
||||
- chmod
|
||||
- "777"
|
||||
@@ -34,19 +34,15 @@ spec:
|
||||
mountPath: /nextcloud-aio-onlyoffice
|
||||
containers:
|
||||
- env:
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: JWT_ENABLED
|
||||
value: "true"
|
||||
- name: JWT_HEADER
|
||||
value: AuthorizationJwt
|
||||
- name: JWT_SECRET
|
||||
value: "{{ .Values.ONLYOFFICE_SECRET }}"
|
||||
- name: LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-onlyoffice:20260513_090235
|
||||
image: ghcr.io/nextcloud-releases/aio-onlyoffice:20260409_094910
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -35,13 +35,11 @@ spec:
|
||||
{{- end }}
|
||||
containers:
|
||||
- env:
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: REDIS_HOST_PASSWORD
|
||||
value: "{{ .Values.REDIS_PASSWORD }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-redis:20260513_090235
|
||||
image: ghcr.io/nextcloud-releases/aio-redis:20260409_094910
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -40,8 +40,6 @@ spec:
|
||||
value: "{{ .Values.TALK_MAX_STREAM_BITRATE }}"
|
||||
- name: TALK_MAX_SCREEN_BITRATE
|
||||
value: "{{ .Values.TALK_MAX_SCREEN_BITRATE }}"
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: INTERNAL_SECRET
|
||||
value: "{{ .Values.TALK_INTERNAL_SECRET }}"
|
||||
- name: NC_DOMAIN
|
||||
@@ -56,7 +54,7 @@ spec:
|
||||
value: "{{ .Values.TURN_SECRET }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-talk:20260513_090235
|
||||
image: ghcr.io/nextcloud-releases/aio-talk:20260409_094910
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -36,8 +36,6 @@ spec:
|
||||
{{- end }}
|
||||
containers:
|
||||
- env:
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: INTERNAL_SECRET
|
||||
value: "{{ .Values.TALK_INTERNAL_SECRET }}"
|
||||
- name: NC_DOMAIN
|
||||
@@ -46,7 +44,7 @@ spec:
|
||||
value: "{{ .Values.RECORDING_SECRET }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-talk-recording:20260513_090235
|
||||
image: ghcr.io/nextcloud-releases/aio-talk-recording:20260409_094910
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -34,8 +34,6 @@ spec:
|
||||
{{- end }}
|
||||
containers:
|
||||
- env:
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: BACKUP_DIR
|
||||
value: /tmp
|
||||
- name: JWT_SECRET_KEY
|
||||
@@ -52,7 +50,7 @@ spec:
|
||||
value: redis
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-whiteboard:20260513_090235
|
||||
image: ghcr.io/nextcloud-releases/aio-whiteboard:20260409_094910
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -21,7 +21,6 @@ TALK_ENABLED: "no" # Setting this to "yes" (with quotes) enables the op
|
||||
TALK_RECORDING_ENABLED: "no" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
|
||||
WHITEBOARD_ENABLED: "no" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
|
||||
|
||||
AIO_LOG_LEVEL: warn # Allows to adjust the global AIO log level. Valid values are debug, info, warn and error.
|
||||
APACHE_MAX_SIZE: "17179869184" # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
|
||||
APACHE_PORT: 443 # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else).
|
||||
ADDITIONAL_COLLABORA_OPTIONS: ['--o:security.seccomp=true'] # You can add additional collabora options here by using the array syntax.
|
||||
@@ -32,7 +31,7 @@ NEXTCLOUD_ADDITIONAL_APKS: imagemagick # This allows to add additional pa
|
||||
NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.
|
||||
NEXTCLOUD_MAX_TIME: 3600 # This allows to change the upload time limit of the Nextcloud container
|
||||
NEXTCLOUD_MEMORY_LIMIT: 512M # This allows to change the PHP memory limit of the Nextcloud container
|
||||
NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. You can also disable apps by using a hyphen in front of them. E.g. -app_api
|
||||
NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
|
||||
NEXTCLOUD_TRUSTED_CACERTS_DIR: # Setting this to any value allows to automatically import root certificates into the Nextcloud container
|
||||
NEXTCLOUD_UPLOAD_LIMIT: 16G # This allows to change the upload limit of the Nextcloud container
|
||||
REMOVE_DISABLED_APPS: "yes" # Setting this to "no" keep Nextcloud apps that are disabled via their switch and not uninstall them if they should be installed in Nextcloud.
|
||||
|
||||
120
php/composer.lock
generated
120
php/composer.lock
generated
@@ -448,16 +448,16 @@
|
||||
},
|
||||
{
|
||||
"name": "laravel/serializable-closure",
|
||||
"version": "v2.0.13",
|
||||
"version": "v2.0.12",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/laravel/serializable-closure.git",
|
||||
"reference": "b566ee0dd251f3c4078bed003a7ce015f5ea6dce"
|
||||
"reference": "a6abb4e54f6fcd3138120b9ad497f0bd146f9919"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/laravel/serializable-closure/zipball/b566ee0dd251f3c4078bed003a7ce015f5ea6dce",
|
||||
"reference": "b566ee0dd251f3c4078bed003a7ce015f5ea6dce",
|
||||
"url": "https://api.github.com/repos/laravel/serializable-closure/zipball/a6abb4e54f6fcd3138120b9ad497f0bd146f9919",
|
||||
"reference": "a6abb4e54f6fcd3138120b9ad497f0bd146f9919",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -505,7 +505,7 @@
|
||||
"issues": "https://github.com/laravel/serializable-closure/issues",
|
||||
"source": "https://github.com/laravel/serializable-closure"
|
||||
},
|
||||
"time": "2026-04-16T14:03:50+00:00"
|
||||
"time": "2026-04-14T13:33:34+00:00"
|
||||
},
|
||||
{
|
||||
"name": "nikic/fast-route",
|
||||
@@ -1465,16 +1465,16 @@
|
||||
},
|
||||
{
|
||||
"name": "symfony/deprecation-contracts",
|
||||
"version": "v3.7.0",
|
||||
"version": "v3.6.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/symfony/deprecation-contracts.git",
|
||||
"reference": "50f59d1f3ca46d41ac911f97a78626b6756af35b"
|
||||
"reference": "63afe740e99a13ba87ec199bb07bbdee937a5b62"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/50f59d1f3ca46d41ac911f97a78626b6756af35b",
|
||||
"reference": "50f59d1f3ca46d41ac911f97a78626b6756af35b",
|
||||
"url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/63afe740e99a13ba87ec199bb07bbdee937a5b62",
|
||||
"reference": "63afe740e99a13ba87ec199bb07bbdee937a5b62",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -1487,7 +1487,7 @@
|
||||
"name": "symfony/contracts"
|
||||
},
|
||||
"branch-alias": {
|
||||
"dev-main": "3.7-dev"
|
||||
"dev-main": "3.6-dev"
|
||||
}
|
||||
},
|
||||
"autoload": {
|
||||
@@ -1512,7 +1512,7 @@
|
||||
"description": "A generic function and convention to trigger deprecation notices",
|
||||
"homepage": "https://symfony.com",
|
||||
"support": {
|
||||
"source": "https://github.com/symfony/deprecation-contracts/tree/v3.7.0"
|
||||
"source": "https://github.com/symfony/deprecation-contracts/tree/v3.6.0"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -1523,16 +1523,12 @@
|
||||
"url": "https://github.com/fabpot",
|
||||
"type": "github"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/nicolas-grekas",
|
||||
"type": "github"
|
||||
},
|
||||
{
|
||||
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
|
||||
"type": "tidelift"
|
||||
}
|
||||
],
|
||||
"time": "2026-04-13T15:52:40+00:00"
|
||||
"time": "2024-09-25T14:21:43+00:00"
|
||||
},
|
||||
{
|
||||
"name": "symfony/polyfill-ctype",
|
||||
@@ -2176,16 +2172,16 @@
|
||||
},
|
||||
{
|
||||
"name": "amphp/parallel",
|
||||
"version": "v2.3.4",
|
||||
"version": "v2.3.3",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/amphp/parallel.git",
|
||||
"reference": "3ad45d1cff1bfbfe832c79671e6a4a1017dd9921"
|
||||
"reference": "296b521137a54d3a02425b464e5aee4c93db2c60"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/amphp/parallel/zipball/3ad45d1cff1bfbfe832c79671e6a4a1017dd9921",
|
||||
"reference": "3ad45d1cff1bfbfe832c79671e6a4a1017dd9921",
|
||||
"url": "https://api.github.com/repos/amphp/parallel/zipball/296b521137a54d3a02425b464e5aee4c93db2c60",
|
||||
"reference": "296b521137a54d3a02425b464e5aee4c93db2c60",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -2205,7 +2201,7 @@
|
||||
"amphp/php-cs-fixer-config": "^2",
|
||||
"amphp/phpunit-util": "^3",
|
||||
"phpunit/phpunit": "^9",
|
||||
"psalm/phar": "6.16.1"
|
||||
"psalm/phar": "^5.18"
|
||||
},
|
||||
"type": "library",
|
||||
"autoload": {
|
||||
@@ -2248,7 +2244,7 @@
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/amphp/parallel/issues",
|
||||
"source": "https://github.com/amphp/parallel/tree/v2.3.4"
|
||||
"source": "https://github.com/amphp/parallel/tree/v2.3.3"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -2256,7 +2252,7 @@
|
||||
"type": "github"
|
||||
}
|
||||
],
|
||||
"time": "2026-05-06T19:26:51+00:00"
|
||||
"time": "2025-11-15T06:23:42+00:00"
|
||||
},
|
||||
{
|
||||
"name": "amphp/parser",
|
||||
@@ -2322,16 +2318,16 @@
|
||||
},
|
||||
{
|
||||
"name": "amphp/pipeline",
|
||||
"version": "v1.2.4",
|
||||
"version": "v1.2.3",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/amphp/pipeline.git",
|
||||
"reference": "a044733e080940d1483f56caff0c412ad6982776"
|
||||
"reference": "7b52598c2e9105ebcddf247fc523161581930367"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/amphp/pipeline/zipball/a044733e080940d1483f56caff0c412ad6982776",
|
||||
"reference": "a044733e080940d1483f56caff0c412ad6982776",
|
||||
"url": "https://api.github.com/repos/amphp/pipeline/zipball/7b52598c2e9105ebcddf247fc523161581930367",
|
||||
"reference": "7b52598c2e9105ebcddf247fc523161581930367",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -2343,7 +2339,7 @@
|
||||
"amphp/php-cs-fixer-config": "^2",
|
||||
"amphp/phpunit-util": "^3",
|
||||
"phpunit/phpunit": "^9",
|
||||
"psalm/phar": "6.16.1"
|
||||
"psalm/phar": "^5.18"
|
||||
},
|
||||
"type": "library",
|
||||
"autoload": {
|
||||
@@ -2377,7 +2373,7 @@
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/amphp/pipeline/issues",
|
||||
"source": "https://github.com/amphp/pipeline/tree/v1.2.4"
|
||||
"source": "https://github.com/amphp/pipeline/tree/v1.2.3"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -2385,7 +2381,7 @@
|
||||
"type": "github"
|
||||
}
|
||||
],
|
||||
"time": "2026-05-06T05:37:57+00:00"
|
||||
"time": "2025-03-16T16:33:53+00:00"
|
||||
},
|
||||
{
|
||||
"name": "amphp/process",
|
||||
@@ -3847,16 +3843,16 @@
|
||||
},
|
||||
{
|
||||
"name": "sebastian/diff",
|
||||
"version": "8.2.1",
|
||||
"version": "8.1.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/sebastianbergmann/diff.git",
|
||||
"reference": "cce1bb200e0062e72f9b85ccfe54d3fd38bbd044"
|
||||
"reference": "9c957d730257f49c873f3761674559bd90098a7d"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/cce1bb200e0062e72f9b85ccfe54d3fd38bbd044",
|
||||
"reference": "cce1bb200e0062e72f9b85ccfe54d3fd38bbd044",
|
||||
"url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/9c957d730257f49c873f3761674559bd90098a7d",
|
||||
"reference": "9c957d730257f49c873f3761674559bd90098a7d",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -3869,7 +3865,7 @@
|
||||
"type": "library",
|
||||
"extra": {
|
||||
"branch-alias": {
|
||||
"dev-main": "8.2-dev"
|
||||
"dev-main": "8.1-dev"
|
||||
}
|
||||
},
|
||||
"autoload": {
|
||||
@@ -3902,7 +3898,7 @@
|
||||
"support": {
|
||||
"issues": "https://github.com/sebastianbergmann/diff/issues",
|
||||
"security": "https://github.com/sebastianbergmann/diff/security/policy",
|
||||
"source": "https://github.com/sebastianbergmann/diff/tree/8.2.1"
|
||||
"source": "https://github.com/sebastianbergmann/diff/tree/8.1.0"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -3922,7 +3918,7 @@
|
||||
"type": "tidelift"
|
||||
}
|
||||
],
|
||||
"time": "2026-05-14T05:24:37+00:00"
|
||||
"time": "2026-04-05T12:02:33+00:00"
|
||||
},
|
||||
{
|
||||
"name": "spatie/array-to-xml",
|
||||
@@ -4052,16 +4048,16 @@
|
||||
},
|
||||
{
|
||||
"name": "symfony/console",
|
||||
"version": "v6.4.39",
|
||||
"version": "v6.4.36",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/symfony/console.git",
|
||||
"reference": "c132f1215fe4aa45b70173cc00ce9a755dd31ec5"
|
||||
"reference": "9f481cfb580db8bcecc9b2d4c63f3e13df022ad5"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/symfony/console/zipball/c132f1215fe4aa45b70173cc00ce9a755dd31ec5",
|
||||
"reference": "c132f1215fe4aa45b70173cc00ce9a755dd31ec5",
|
||||
"url": "https://api.github.com/repos/symfony/console/zipball/9f481cfb580db8bcecc9b2d4c63f3e13df022ad5",
|
||||
"reference": "9f481cfb580db8bcecc9b2d4c63f3e13df022ad5",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -4126,7 +4122,7 @@
|
||||
"terminal"
|
||||
],
|
||||
"support": {
|
||||
"source": "https://github.com/symfony/console/tree/v6.4.39"
|
||||
"source": "https://github.com/symfony/console/tree/v6.4.36"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -4146,20 +4142,20 @@
|
||||
"type": "tidelift"
|
||||
}
|
||||
],
|
||||
"time": "2026-05-12T06:50:03+00:00"
|
||||
"time": "2026-03-27T15:30:51+00:00"
|
||||
},
|
||||
{
|
||||
"name": "symfony/filesystem",
|
||||
"version": "v8.0.11",
|
||||
"version": "v8.0.8",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/symfony/filesystem.git",
|
||||
"reference": "224db910898ce1317b892a9a1338f1f8f17eb7c7"
|
||||
"reference": "66b769ae743ce2d13e435528fbef4af03d623e5a"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/symfony/filesystem/zipball/224db910898ce1317b892a9a1338f1f8f17eb7c7",
|
||||
"reference": "224db910898ce1317b892a9a1338f1f8f17eb7c7",
|
||||
"url": "https://api.github.com/repos/symfony/filesystem/zipball/66b769ae743ce2d13e435528fbef4af03d623e5a",
|
||||
"reference": "66b769ae743ce2d13e435528fbef4af03d623e5a",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -4196,7 +4192,7 @@
|
||||
"description": "Provides basic utilities for the filesystem",
|
||||
"homepage": "https://symfony.com",
|
||||
"support": {
|
||||
"source": "https://github.com/symfony/filesystem/tree/v8.0.11"
|
||||
"source": "https://github.com/symfony/filesystem/tree/v8.0.8"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -4216,7 +4212,7 @@
|
||||
"type": "tidelift"
|
||||
}
|
||||
],
|
||||
"time": "2026-05-11T16:39:47+00:00"
|
||||
"time": "2026-03-30T15:14:47+00:00"
|
||||
},
|
||||
{
|
||||
"name": "symfony/finder",
|
||||
@@ -4535,16 +4531,16 @@
|
||||
},
|
||||
{
|
||||
"name": "symfony/service-contracts",
|
||||
"version": "v3.7.0",
|
||||
"version": "v3.6.1",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/symfony/service-contracts.git",
|
||||
"reference": "d25d82433a80eba6aa0e6c24b61d7370d99e444a"
|
||||
"reference": "45112560a3ba2d715666a509a0bc9521d10b6c43"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/symfony/service-contracts/zipball/d25d82433a80eba6aa0e6c24b61d7370d99e444a",
|
||||
"reference": "d25d82433a80eba6aa0e6c24b61d7370d99e444a",
|
||||
"url": "https://api.github.com/repos/symfony/service-contracts/zipball/45112560a3ba2d715666a509a0bc9521d10b6c43",
|
||||
"reference": "45112560a3ba2d715666a509a0bc9521d10b6c43",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -4562,7 +4558,7 @@
|
||||
"name": "symfony/contracts"
|
||||
},
|
||||
"branch-alias": {
|
||||
"dev-main": "3.7-dev"
|
||||
"dev-main": "3.6-dev"
|
||||
}
|
||||
},
|
||||
"autoload": {
|
||||
@@ -4598,7 +4594,7 @@
|
||||
"standards"
|
||||
],
|
||||
"support": {
|
||||
"source": "https://github.com/symfony/service-contracts/tree/v3.7.0"
|
||||
"source": "https://github.com/symfony/service-contracts/tree/v3.6.1"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -4618,20 +4614,20 @@
|
||||
"type": "tidelift"
|
||||
}
|
||||
],
|
||||
"time": "2026-03-28T09:44:51+00:00"
|
||||
"time": "2025-07-15T11:30:57+00:00"
|
||||
},
|
||||
{
|
||||
"name": "symfony/string",
|
||||
"version": "v7.4.11",
|
||||
"version": "v7.4.8",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/symfony/string.git",
|
||||
"reference": "965f7306a43383d02c6aca1e3f3bd2f0ea5dee15"
|
||||
"reference": "114ac57257d75df748eda23dd003878080b8e688"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/symfony/string/zipball/965f7306a43383d02c6aca1e3f3bd2f0ea5dee15",
|
||||
"reference": "965f7306a43383d02c6aca1e3f3bd2f0ea5dee15",
|
||||
"url": "https://api.github.com/repos/symfony/string/zipball/114ac57257d75df748eda23dd003878080b8e688",
|
||||
"reference": "114ac57257d75df748eda23dd003878080b8e688",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -4689,7 +4685,7 @@
|
||||
"utf8"
|
||||
],
|
||||
"support": {
|
||||
"source": "https://github.com/symfony/string/tree/v7.4.11"
|
||||
"source": "https://github.com/symfony/string/tree/v7.4.8"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -4709,7 +4705,7 @@
|
||||
"type": "tidelift"
|
||||
}
|
||||
],
|
||||
"time": "2026-05-13T12:04:42+00:00"
|
||||
"time": "2026-03-24T13:12:05+00:00"
|
||||
},
|
||||
{
|
||||
"name": "vimeo/psalm",
|
||||
|
||||
@@ -892,6 +892,7 @@
|
||||
"environment": [
|
||||
"HP_SHARED_KEY=%HP_SHARED_KEY%",
|
||||
"NC_INSTANCE_URL=https://%NC_DOMAIN%",
|
||||
"HP_LOG_LEVEL=%COLLABORA_LOG_LEVEL%",
|
||||
"HP_FRP_DISABLE_TLS=true",
|
||||
"TZ=%TIMEZONE%"
|
||||
],
|
||||
|
||||
@@ -68,7 +68,7 @@ session_start([
|
||||
"use_strict_mode" => true, // Only allow initialized session IDs. See https://www.php.net/manual/en/session.configuration.php#ini.session.use-strict-mode
|
||||
"cookie_secure" => true, // Only send cookies over https (not http). See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#secure
|
||||
"cookie_httponly" => true, // Block the cookie from being read with js in the browser, will still be send for fetch request triggered by js. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#httponly
|
||||
"cookie_samesite" => "Lax", // Send the cookie with same-site requests and top-level cross-site navigations (e.g. redirect after token-based getlogin). "Strict" would block the session cookie on the redirect that follows a cross-site navigation, breaking the getlogin flow from Nextcloud's admin panel. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#samesitesamesite-value
|
||||
"cookie_samesite" => "Strict", // Only send the cookie with requests triggered by AIO itself. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#samesitesamesite-value
|
||||
]);
|
||||
|
||||
if ($wasAuthenticated) {
|
||||
|
||||
@@ -4,6 +4,10 @@ const observer = new MutationObserver((records) => {
|
||||
// function being present.
|
||||
if (node && typeof(node.scrollIntoView) === 'function') {
|
||||
node.scrollIntoView();
|
||||
if (node.classList.contains('progress-indicator')) {
|
||||
node.previousSibling.append('.');
|
||||
node.remove();
|
||||
}
|
||||
}
|
||||
});
|
||||
observer.observe(document, {childList: true, subtree: true});
|
||||
|
||||
@@ -410,6 +410,11 @@ readonly class DockerController {
|
||||
}
|
||||
|
||||
private function startStreamingResponse(Response $response) : Response {
|
||||
// Ensure the script keeps running even if the client connection drops (e.g. due to a
|
||||
// reverse proxy read timeout during a long image pull). Without this, PHP would abort
|
||||
// on the first write after the connection is gone, leaving only some containers started.
|
||||
ignore_user_abort(true);
|
||||
|
||||
$nonbufResp = $response
|
||||
->withBody(new NonBufferedBody())
|
||||
->withHeader('Content-Type', 'text/html; charset=utf-8')
|
||||
@@ -430,7 +435,14 @@ readonly class DockerController {
|
||||
// if it'll actually pull an image), but which should not need to know anything about the
|
||||
// wanted markup or formatting.
|
||||
$addToStreamingResponseBody = function (Container $container, string $message) use ($nonbufResp) : void {
|
||||
$nonbufResp->getBody()->write("<div>{$container->displayName}: {$message}</div>");
|
||||
// If the message is a single dot we treat it as a progress indicator and send a specific, empty
|
||||
// HTML element, which gets special treatment by the Javascript code.
|
||||
if ($message === '.') {
|
||||
$content = "<span class='progress-indicator'></span>";
|
||||
} else {
|
||||
$content = "<div>{$container->displayName}: {$message}</div>";
|
||||
}
|
||||
$nonbufResp->getBody()->write($content);
|
||||
};
|
||||
|
||||
return $addToStreamingResponseBody;
|
||||
|
||||
@@ -10,11 +10,15 @@ use AIO\ContainerDefinitionFetcher;
|
||||
use AIO\Data\ConfigurationManager;
|
||||
use AIO\Data\DataConst;
|
||||
use GuzzleHttp\Client;
|
||||
use GuzzleHttp\Psr7\Utils;
|
||||
use GuzzleHttp\Exception\RequestException;
|
||||
use http\Env\Response;
|
||||
|
||||
readonly class DockerActionManager {
|
||||
private const string API_VERSION = 'v1.44';
|
||||
private const int PULL_STREAM_READ_CHUNK_SIZE = 65536;
|
||||
private const int PULL_STREAM_MAX_BUFFER_SIZE = 1048576;
|
||||
private const int PULL_HEARTBEAT_INTERVAL_SECONDS = 5;
|
||||
private Client $guzzleClient;
|
||||
|
||||
public function __construct(
|
||||
@@ -560,10 +564,45 @@ readonly class DockerActionManager {
|
||||
$maxRetries = 3;
|
||||
for ($attempt = 1; $attempt <= $maxRetries; $attempt++) {
|
||||
try {
|
||||
$this->guzzleClient->post($url);
|
||||
// Use streaming so we can write heartbeat messages to the response while the
|
||||
// image is being pulled. Without this, a long pull produces no output and a
|
||||
// reverse proxy (nginx) can drop the connection after its read timeout expires.
|
||||
// Once the connection is gone, PHP aborts on the next write and all consecutive
|
||||
// containers are never started.
|
||||
// We have to specify the proxy again, since when streaming, Guzzle apparently doesn't use
|
||||
// libcurl and thus the curl option set when creating the client doesn't apply.
|
||||
$pullResponse = $this->guzzleClient->post($url, ['proxy' => 'unix:///var/run/docker.sock', 'stream' => true]);
|
||||
$pullBody = $pullResponse->getBody();
|
||||
$pullErrors = [];
|
||||
$lastHeartbeat = time();
|
||||
while (!$pullBody->eof()) {
|
||||
$line = Utils::readLine($pullBody);
|
||||
$event = json_decode($line, true);
|
||||
if (!is_array($event)) {
|
||||
continue;
|
||||
}
|
||||
if (isset($event['error'])) {
|
||||
$pullErrors[] = $event['error'];
|
||||
} elseif ($addToStreamingResponseBody !== null) {
|
||||
// Write a heartbeat at most once every 5 seconds so the reverse
|
||||
// proxy sees continuous data and does not close the connection.
|
||||
$now = time();
|
||||
$interval = time() - $lastHeartbeat;
|
||||
if ($interval >= self::PULL_HEARTBEAT_INTERVAL_SECONDS) {
|
||||
$addToStreamingResponseBody($container, ".");
|
||||
$lastHeartbeat = $now;
|
||||
}
|
||||
}
|
||||
}
|
||||
if ($pullErrors !== []) {
|
||||
throw new \Exception(implode('; ', $pullErrors));
|
||||
}
|
||||
break;
|
||||
} catch (RequestException $e) {
|
||||
$message = "Could not pull image " . $imageName . " (attempt $attempt/$maxRetries): " . $e->getResponse()?->getBody()->getContents();
|
||||
} catch (\Exception $e) {
|
||||
$errorDetails = $e instanceof RequestException
|
||||
? $e->getResponse()?->getBody()->getContents()
|
||||
: $e->getMessage();
|
||||
$message = "Could not pull image " . $imageName . " (attempt $attempt/$maxRetries): " . $errorDetails;
|
||||
if ($attempt === $maxRetries) {
|
||||
if ($imageIsThere === false) {
|
||||
throw new \Exception($message);
|
||||
|
||||
@@ -1 +1 @@
|
||||
13.0.3
|
||||
13.0.0
|
||||
|
||||
Reference in New Issue
Block a user