mirror of
https://github.com/nextcloud/all-in-one.git
synced 2026-05-21 19:00:33 +00:00
Compare commits
9 Commits
copilot/de
...
copilot/se
| Author | SHA1 | Date | |
|---|---|---|---|
|
bbafd6ff8c | ||
|
|
adcc41f401 | ||
|
|
68bb93a2c8 | ||
|
|
a415c76ad2 | ||
|
|
79e05f33cd | ||
|
|
ef58220c09 | ||
|
|
6a9e55a8de | ||
|
|
8356d0dadc | ||
|
|
3e72f06d32 |
2
.github/workflows/helm-release.yml
vendored
2
.github/workflows/helm-release.yml
vendored
@@ -16,7 +16,7 @@ jobs:
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
|
||||
- name: Turnstyle
|
||||
uses: softprops/turnstyle@e15e934b3f69ee283ba389ea05c8886baa656d93 # v2
|
||||
uses: softprops/turnstyle@e565d2d86403c5d23533937e95980570545e5586 # v2
|
||||
with:
|
||||
continue-after-seconds: 180
|
||||
env:
|
||||
|
||||
2
.github/workflows/playwright-on-push.yml
vendored
2
.github/workflows/playwright-on-push.yml
vendored
@@ -30,7 +30,7 @@ jobs:
|
||||
steps:
|
||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
|
||||
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
|
||||
- uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
|
||||
with:
|
||||
node-version: lts/*
|
||||
|
||||
|
||||
@@ -15,7 +15,7 @@ jobs:
|
||||
steps:
|
||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
|
||||
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
|
||||
- uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
|
||||
with:
|
||||
node-version: lts/*
|
||||
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
FROM caddy:2.11.3-alpine AS caddy
|
||||
FROM caddy:2.11.2-alpine AS caddy
|
||||
|
||||
# From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
|
||||
FROM httpd:2.4.67-alpine3.23
|
||||
FROM httpd:2.4.66-alpine3.23
|
||||
|
||||
COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
|
||||
|
||||
|
||||
@@ -4,9 +4,6 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
|
||||
set -x
|
||||
fi
|
||||
|
||||
# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
|
||||
AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
|
||||
|
||||
if [ "$AIO_LOG_LEVEL" = "warn" ]; then
|
||||
BORG_LOG_LEVEL_FLAG="--warning"
|
||||
else
|
||||
|
||||
@@ -4,9 +4,6 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
|
||||
set -x
|
||||
fi
|
||||
|
||||
# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
|
||||
AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
|
||||
|
||||
if [ "$AIO_LOG_LEVEL" = "warn" ]; then
|
||||
COLLABORA_LOG_LEVEL="warning"
|
||||
elif [ "$AIO_LOG_LEVEL" = "info" ]; then
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
FROM haproxy:3.3.10-alpine
|
||||
FROM haproxy:3.3.7-alpine
|
||||
|
||||
# hadolint ignore=DL3002
|
||||
USER root
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
# Probably from here https://github.com/elastic/dockerfiles/blob/9.3/elasticsearch/Dockerfile
|
||||
FROM elasticsearch:9.4.1
|
||||
FROM elasticsearch:9.3.3
|
||||
|
||||
USER root
|
||||
|
||||
|
||||
@@ -4,9 +4,6 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
|
||||
set -x
|
||||
fi
|
||||
|
||||
# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
|
||||
AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
|
||||
|
||||
ELASTIC_LOG_LEVEL="$(echo "$AIO_LOG_LEVEL" | tr '[:lower:]' '[:upper:]')"
|
||||
|
||||
exec env "logger.level=$ELASTIC_LOG_LEVEL" /usr/local/bin/docker-entrypoint.sh "$@"
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
FROM golang:1.26.3-alpine3.23 AS go
|
||||
FROM golang:1.26.2-alpine3.23 AS go
|
||||
|
||||
ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
|
||||
ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
|
||||
|
||||
RUN set -ex; \
|
||||
apk upgrade --no-cache -a; \
|
||||
|
||||
@@ -4,15 +4,11 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
|
||||
set -x
|
||||
fi
|
||||
|
||||
# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
|
||||
AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
|
||||
|
||||
GOLANG_LOG="$(case "$AIO_LOG_LEVEL" in
|
||||
debug) printf 'info' ;;
|
||||
info) printf 'info' ;;
|
||||
warn) printf 'warning' ;;
|
||||
error) printf 'error' ;;
|
||||
*) printf 'warning' ;;
|
||||
esac)"
|
||||
export GOLANG_LOG
|
||||
if [ "$AIO_LOG_LEVEL" = "debug" ]; then
|
||||
|
||||
@@ -1,17 +1,17 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
# Docker CLI is a requirement
|
||||
FROM docker:29.4.3-cli AS docker
|
||||
FROM docker:29.4.1-cli AS docker
|
||||
|
||||
ARG CADDY_REMOTE_HOST_HASH=e80a9931765a8dbcbb47db415863387f0df0e1b3
|
||||
ARG CADDY_REMOTE_HOST_HASH=b21775afa730ffb52a24ddff310c8a6d1fd37276
|
||||
|
||||
# Caddy is a requirement
|
||||
FROM caddy:2.11.3-builder-alpine AS caddy
|
||||
FROM caddy:2.11.2-builder-alpine AS caddy
|
||||
RUN set -ex; \
|
||||
xcaddy build --with github.com/muety/caddy-remote-host@"$CADDY_REMOTE_HOST_HASH"; \
|
||||
/usr/bin/caddy list-modules
|
||||
|
||||
# From https://github.com/docker-library/php/blob/master/8.5/alpine3.23/fpm/Dockerfile
|
||||
FROM php:8.5.6-fpm-alpine3.23
|
||||
FROM php:8.5.5-fpm-alpine3.23
|
||||
|
||||
EXPOSE 80
|
||||
EXPOSE 8080
|
||||
|
||||
@@ -59,15 +59,6 @@ fi
|
||||
|
||||
# Wait for watchtower to stop
|
||||
if [ "$AUTOMATIC_UPDATES" = 1 ]; then
|
||||
# Give Docker time to register the container as running before checking for it.
|
||||
# Without this, there is a race condition where the check below runs before watchtower
|
||||
# appears in `docker ps`, causing the script to skip the wait and continue with
|
||||
# the potentially outdated mastercontainer code while watchtower is still updating it.
|
||||
count=0
|
||||
while ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$" && [ "$count" -lt 12 ]; do
|
||||
sleep 5
|
||||
count=$((count + 1))
|
||||
done
|
||||
if ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; then
|
||||
echo "Something seems to be wrong: Watchtower should be started at this step."
|
||||
fi
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
FROM php:8.3.31-fpm-alpine3.23
|
||||
FROM php:8.3.30-fpm-alpine3.23
|
||||
|
||||
ENV PHP_MEMORY_LIMIT=512M
|
||||
ENV PHP_UPLOAD_LIMIT=16G
|
||||
|
||||
@@ -14,9 +14,6 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
|
||||
set -x
|
||||
fi
|
||||
|
||||
# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
|
||||
AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
|
||||
|
||||
run_upgrade_if_needed_due_to_app_update() {
|
||||
if php /var/www/html/occ status | grep maintenance | grep -q true; then
|
||||
php /var/www/html/occ maintenance:mode --off
|
||||
@@ -32,7 +29,6 @@ NEXTCLOUD_LOG_LEVEL="$(case "$AIO_LOG_LEVEL" in
|
||||
info) printf '1' ;;
|
||||
warn) printf '2' ;;
|
||||
error) printf '3' ;;
|
||||
*) printf '2' ;;
|
||||
esac)"
|
||||
export NEXTCLOUD_LOG_LEVEL
|
||||
|
||||
|
||||
@@ -4,9 +4,6 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
|
||||
set -x
|
||||
fi
|
||||
|
||||
# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
|
||||
AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
|
||||
|
||||
export RUST_LOG="$AIO_LOG_LEVEL"
|
||||
|
||||
if [ -z "$NEXTCLOUD_HOST" ]; then
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
# From https://github.com/docker-library/postgres/blob/master/18/alpine3.23/Dockerfile
|
||||
FROM postgres:18.4-alpine
|
||||
FROM postgres:18.3-alpine
|
||||
|
||||
ENV PGDATA=/var/lib/postgresql/data
|
||||
|
||||
|
||||
@@ -4,15 +4,11 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
|
||||
set -x
|
||||
fi
|
||||
|
||||
# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
|
||||
AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
|
||||
|
||||
POSTGRES_LOG_MIN_MESSAGES="$(case "$AIO_LOG_LEVEL" in
|
||||
debug) printf 'debug1' ;;
|
||||
info) printf 'info' ;;
|
||||
warn) printf 'warning' ;;
|
||||
error) printf 'error' ;;
|
||||
*) printf 'warning' ;;
|
||||
esac)"
|
||||
export POSTGRES_LOG_MIN_MESSAGES
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
# From https://github.com/redis/docker-library-redis/blob/release/8.2/alpine/Dockerfile
|
||||
FROM redis:8.6.3-alpine
|
||||
FROM redis:8.6.2-alpine
|
||||
|
||||
COPY --chmod=775 start.sh /start.sh
|
||||
|
||||
|
||||
@@ -4,9 +4,6 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
|
||||
set -x
|
||||
fi
|
||||
|
||||
# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
|
||||
AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
|
||||
|
||||
# Redis only supports [debug, verbose, notice, warning, nothing] as log level
|
||||
if [ "$AIO_LOG_LEVEL" = "warn" ] || [ "$AIO_LOG_LEVEL" = "error" ]; then
|
||||
REDIS_LOG_LEVEL="warning"
|
||||
|
||||
@@ -1,11 +1,11 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
FROM python:3.14.5-alpine3.23
|
||||
FROM python:3.14.3-alpine3.23
|
||||
|
||||
COPY --chmod=775 start.sh /start.sh
|
||||
COPY --chmod=775 healthcheck.sh /healthcheck.sh
|
||||
|
||||
ENV RECORDING_VERSION=v0.2.1
|
||||
ENV ALLOW_ALL=false \
|
||||
ENV RECORDING_VERSION=v0.2.1 \
|
||||
ALLOW_ALL=false \
|
||||
HPB_PROTOCOL=https \
|
||||
NC_PROTOCOL=https \
|
||||
SKIP_VERIFY=false \
|
||||
|
||||
@@ -4,15 +4,11 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
|
||||
set -x
|
||||
fi
|
||||
|
||||
# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
|
||||
AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
|
||||
|
||||
TALK_RECORDING_LOG_LEVEL="$(case "$AIO_LOG_LEVEL" in
|
||||
debug) printf '10' ;;
|
||||
info) printf '20' ;;
|
||||
warn) printf '30' ;;
|
||||
error) printf '40' ;;
|
||||
*) printf '30' ;;
|
||||
esac)"
|
||||
export TALK_RECORDING_LOG_LEVEL
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
FROM nats:2.14.0-scratch AS nats
|
||||
FROM nats:2.12.8-scratch AS nats
|
||||
FROM eturnal/eturnal:1.12.2-alpine AS eturnal
|
||||
FROM strukturag/nextcloud-spreed-signaling:2.1.1 AS signaling
|
||||
FROM alpine:3.23.4 AS janus
|
||||
|
||||
@@ -4,9 +4,6 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
|
||||
set -x
|
||||
fi
|
||||
|
||||
# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
|
||||
AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
|
||||
|
||||
if [ "$AIO_LOG_LEVEL" = "warn" ]; then
|
||||
ETURNAL_LOG_LEVEL="warning"
|
||||
else
|
||||
@@ -18,7 +15,6 @@ JANUS_LOG_LEVEL="$(case "$AIO_LOG_LEVEL" in
|
||||
info) printf '4' ;;
|
||||
warn) printf '3' ;;
|
||||
error) printf '1' ;;
|
||||
*) printf '3' ;;
|
||||
esac)"
|
||||
export JANUS_LOG_LEVEL
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
FROM golang:1.26.3-alpine3.23 AS go
|
||||
FROM golang:1.26.2-alpine3.23 AS go
|
||||
|
||||
ENV WATCHTOWER_COMMIT_HASH=652c89577076f6bc6f2af4465217589641216ee3
|
||||
|
||||
|
||||
@@ -4,9 +4,6 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
|
||||
set -x
|
||||
fi
|
||||
|
||||
# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
|
||||
AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
|
||||
|
||||
# Check if socket is available and readable
|
||||
if ! [ -e "/var/run/docker.sock" ]; then
|
||||
echo "Docker socket is not available. Cannot continue."
|
||||
|
||||
@@ -4,9 +4,6 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
|
||||
set -x
|
||||
fi
|
||||
|
||||
# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
|
||||
AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
|
||||
|
||||
export LOG_LEVEL="$AIO_LOG_LEVEL"
|
||||
|
||||
# Only start container if nextcloud is accessible
|
||||
|
||||
@@ -39,7 +39,6 @@ services:
|
||||
- COLLABORA_HOST=nextcloud-aio-collabora
|
||||
- TALK_HOST=nextcloud-aio-talk
|
||||
- APACHE_PORT
|
||||
- AIO_LOG_LEVEL
|
||||
- ONLYOFFICE_HOST=nextcloud-aio-onlyoffice
|
||||
- TZ=${TIMEZONE}
|
||||
- APACHE_MAX_SIZE
|
||||
@@ -81,7 +80,6 @@ services:
|
||||
- POSTGRES_PASSWORD=${DATABASE_PASSWORD}
|
||||
- POSTGRES_DB=nextcloud_database
|
||||
- POSTGRES_USER=nextcloud
|
||||
- AIO_LOG_LEVEL
|
||||
- TZ=${TIMEZONE}
|
||||
- PGTZ=${TIMEZONE}
|
||||
stop_grace_period: 1800s
|
||||
@@ -151,7 +149,6 @@ services:
|
||||
- TURN_SECRET
|
||||
- SIGNALING_SECRET
|
||||
- ONLYOFFICE_SECRET
|
||||
- AIO_LOG_LEVEL
|
||||
- NEXTCLOUD_MOUNT
|
||||
- CLAMAV_ENABLED
|
||||
- CLAMAV_HOST=nextcloud-aio-clamav
|
||||
@@ -210,7 +207,6 @@ services:
|
||||
- nextcloud_aio_nextcloud:/var/www/html:ro
|
||||
environment:
|
||||
- NEXTCLOUD_HOST=nextcloud-aio-nextcloud
|
||||
- AIO_LOG_LEVEL
|
||||
- TZ=${TIMEZONE}
|
||||
restart: unless-stopped
|
||||
read_only: true
|
||||
@@ -232,7 +228,6 @@ services:
|
||||
- "6379"
|
||||
environment:
|
||||
- REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
|
||||
- AIO_LOG_LEVEL
|
||||
- TZ=${TIMEZONE}
|
||||
volumes:
|
||||
- nextcloud_aio_redis:/data:rw
|
||||
@@ -256,9 +251,8 @@ services:
|
||||
- "9980"
|
||||
environment:
|
||||
- aliasgroup1=https://${NC_DOMAIN}:443,http://nextcloud-aio-apache.nextcloud-aio:23973
|
||||
- extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
|
||||
- extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
|
||||
- dictionaries=${COLLABORA_DICTIONARIES}
|
||||
- AIO_LOG_LEVEL
|
||||
- TZ=${TIMEZONE}
|
||||
- server_name=${NC_DOMAIN}
|
||||
- DONT_GEN_SSL_CERT=1
|
||||
@@ -299,7 +293,6 @@ services:
|
||||
- TALK_HOST=nextcloud-aio-talk
|
||||
- TURN_SECRET
|
||||
- SIGNALING_SECRET
|
||||
- AIO_LOG_LEVEL
|
||||
- TZ=${TIMEZONE}
|
||||
- TALK_PORT
|
||||
- INTERNAL_SECRET=${TALK_INTERNAL_SECRET}
|
||||
@@ -332,7 +325,6 @@ services:
|
||||
- "1234"
|
||||
environment:
|
||||
- NC_DOMAIN
|
||||
- AIO_LOG_LEVEL
|
||||
- TZ=${TIMEZONE}
|
||||
- RECORDING_SECRET
|
||||
- INTERNAL_SECRET=${TALK_INTERNAL_SECRET}
|
||||
@@ -362,7 +354,6 @@ services:
|
||||
expose:
|
||||
- "3310"
|
||||
environment:
|
||||
- AIO_LOG_LEVEL
|
||||
- TZ=${TIMEZONE}
|
||||
- MAX_SIZE=${NEXTCLOUD_UPLOAD_LIMIT}
|
||||
volumes:
|
||||
@@ -393,8 +384,6 @@ services:
|
||||
expose:
|
||||
- "80"
|
||||
environment:
|
||||
- AIO_LOG_LEVEL
|
||||
- LOG_LEVEL=${AIO_LOG_LEVEL}
|
||||
- TZ=${TIMEZONE}
|
||||
- JWT_ENABLED=true
|
||||
- JWT_HEADER=AuthorizationJwt
|
||||
@@ -421,7 +410,6 @@ services:
|
||||
expose:
|
||||
- "9000"
|
||||
environment:
|
||||
- AIO_LOG_LEVEL
|
||||
- TZ=${TIMEZONE}
|
||||
- IMAGINARY_SECRET
|
||||
restart: unless-stopped
|
||||
@@ -448,12 +436,12 @@ services:
|
||||
expose:
|
||||
- "9200"
|
||||
environment:
|
||||
- AIO_LOG_LEVEL
|
||||
- TZ=${TIMEZONE}
|
||||
- ES_JAVA_OPTS=${FULLTEXTSEARCH_JAVA_OPTIONS}
|
||||
- bootstrap.memory_lock=false
|
||||
- cluster.name=nextcloud-aio
|
||||
- discovery.type=single-node
|
||||
- logger.level=WARN
|
||||
- http.port=9200
|
||||
- xpack.license.self_generated.type=basic
|
||||
- xpack.security.enabled=false
|
||||
@@ -485,7 +473,6 @@ services:
|
||||
tmpfs:
|
||||
- /tmp
|
||||
environment:
|
||||
- AIO_LOG_LEVEL
|
||||
- TZ=${TIMEZONE}
|
||||
- NEXTCLOUD_URL=https://${NC_DOMAIN}
|
||||
- JWT_SECRET_KEY=${WHITEBOARD_SECRET}
|
||||
|
||||
@@ -21,11 +21,11 @@ TALK_ENABLED="no" # Setting this to "yes" (with quotes) enables the opt
|
||||
TALK_RECORDING_ENABLED="no" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
|
||||
WHITEBOARD_ENABLED="no" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
|
||||
|
||||
AIO_LOG_LEVEL=warn # Allows to adjust the global AIO log level. Valid values are debug, info, warn and error.
|
||||
APACHE_IP_BINDING=0.0.0.0 # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) and if that is running on the same host and using localhost to connect
|
||||
APACHE_MAX_SIZE=17179869184 # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
|
||||
APACHE_PORT=443 # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else).
|
||||
ADDITIONAL_COLLABORA_OPTIONS=['--o:security.seccomp=true'] # You can add additional collabora options here by using the array syntax.
|
||||
AIO_LOG_LEVEL=warn # Allows to adjust the global AIO log level. Valid values are debug, info, warn and error.
|
||||
COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru" # You can change this in order to enable other dictionaries for collabora
|
||||
FULLTEXTSEARCH_JAVA_OPTIONS="-Xms512M -Xmx512M" # Allows to adjust the fulltextsearch java options.
|
||||
INSTALL_LATEST_MAJOR=no # Setting this to yes will install the latest Major Nextcloud version upon the first installation
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
name: nextcloud-aio-helm-chart
|
||||
description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
|
||||
version: 13.0.3-1
|
||||
version: 12.9.2
|
||||
apiVersion: v2
|
||||
keywords:
|
||||
- latest
|
||||
|
||||
@@ -37,8 +37,6 @@ spec:
|
||||
- env:
|
||||
- name: ADDITIONAL_TRUSTED_DOMAIN
|
||||
value: "{{ .Values.ADDITIONAL_TRUSTED_DOMAIN }}"
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: APACHE_HOST
|
||||
value: nextcloud-aio-apache
|
||||
- name: APACHE_MAX_SIZE
|
||||
@@ -65,7 +63,7 @@ spec:
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
- name: WHITEBOARD_HOST
|
||||
value: nextcloud-aio-whiteboard
|
||||
image: ghcr.io/nextcloud-releases/aio-apache:20260513_090235
|
||||
image: ghcr.io/nextcloud-releases/aio-apache:20260409_094910
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -36,7 +36,7 @@ spec:
|
||||
{{- end }}
|
||||
initContainers:
|
||||
- name: init-subpath
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260513_090235
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910
|
||||
command:
|
||||
- mkdir
|
||||
- "-p"
|
||||
@@ -55,13 +55,11 @@ spec:
|
||||
{{- end }}
|
||||
containers:
|
||||
- env:
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: MAX_SIZE
|
||||
value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-clamav:20260513_090235
|
||||
image: ghcr.io/nextcloud-releases/aio-clamav:20260409_094910
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -23,8 +23,6 @@ spec:
|
||||
containers:
|
||||
- args: {{ .Values.ADDITIONAL_COLLABORA_OPTIONS | default list | toJson }}
|
||||
env:
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: DONT_GEN_SSL_CERT
|
||||
value: "1"
|
||||
- name: TZ
|
||||
@@ -34,13 +32,13 @@ spec:
|
||||
- name: dictionaries
|
||||
value: "{{ .Values.COLLABORA_DICTIONARIES }}"
|
||||
- name: extra_params
|
||||
value: --o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
|
||||
value: --o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
|
||||
- name: server_name
|
||||
value: "{{ .Values.NC_DOMAIN }}"
|
||||
{{- if contains "--o:support_key=" (join " " (.Values.ADDITIONAL_COLLABORA_OPTIONS | default list)) }}
|
||||
image: ghcr.io/nextcloud-releases/aio-collabora-online:20260513_090235
|
||||
image: ghcr.io/nextcloud-releases/aio-collabora-online:20260409_094910
|
||||
{{- else }}
|
||||
image: ghcr.io/nextcloud-releases/aio-collabora:20260513_090235
|
||||
image: ghcr.io/nextcloud-releases/aio-collabora:20260409_094910
|
||||
{{- end }}
|
||||
readinessProbe:
|
||||
exec:
|
||||
|
||||
@@ -35,7 +35,7 @@ spec:
|
||||
{{- end }}
|
||||
initContainers:
|
||||
- name: init-subpath
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260513_090235
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910
|
||||
command:
|
||||
- mkdir
|
||||
- "-p"
|
||||
@@ -54,8 +54,6 @@ spec:
|
||||
{{- end }}
|
||||
containers:
|
||||
- env:
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: PGTZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
- name: POSTGRES_DB
|
||||
@@ -66,7 +64,7 @@ spec:
|
||||
value: nextcloud
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-postgresql:20260513_090235
|
||||
image: ghcr.io/nextcloud-releases/aio-postgresql:20260409_094910
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -24,7 +24,7 @@ spec:
|
||||
spec:
|
||||
initContainers:
|
||||
- name: init-volumes
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260513_090235
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910
|
||||
command:
|
||||
- chmod
|
||||
- "777"
|
||||
@@ -34,8 +34,6 @@ spec:
|
||||
mountPath: /nextcloud-aio-elasticsearch
|
||||
containers:
|
||||
- env:
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: ES_JAVA_OPTS
|
||||
value: "{{ .Values.FULLTEXTSEARCH_JAVA_OPTIONS | default "-Xms512M -Xmx512M" }}"
|
||||
- name: FULLTEXTSEARCH_PASSWORD
|
||||
@@ -50,17 +48,13 @@ spec:
|
||||
value: single-node
|
||||
- name: http.port
|
||||
value: "9200"
|
||||
- name: indices.fielddata.cache.size
|
||||
value: 20%
|
||||
- name: indices.memory.index_buffer_size
|
||||
value: 20%
|
||||
- name: thread_pool.write.queue_size
|
||||
value: "1000"
|
||||
- name: logger.level
|
||||
value: WARN
|
||||
- name: xpack.license.self_generated.type
|
||||
value: basic
|
||||
- name: xpack.security.enabled
|
||||
value: "false"
|
||||
image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20260513_090235
|
||||
image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20260409_094910
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -34,13 +34,11 @@ spec:
|
||||
{{- end }}
|
||||
containers:
|
||||
- env:
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: IMAGINARY_SECRET
|
||||
value: "{{ .Values.IMAGINARY_SECRET }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-imaginary:20260513_090235
|
||||
image: ghcr.io/nextcloud-releases/aio-imaginary:20260409_094910
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -38,7 +38,7 @@ spec:
|
||||
# AIO settings start # Do not remove or change this line!
|
||||
initContainers:
|
||||
- name: init-volumes
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260513_090235
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910
|
||||
command:
|
||||
- chmod
|
||||
- "777"
|
||||
@@ -92,8 +92,6 @@ spec:
|
||||
value: "{{ .Values.NEXTCLOUD_PASSWORD }}"
|
||||
- name: ADMIN_USER
|
||||
value: admin
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: APACHE_HOST
|
||||
value: nextcloud-aio-apache
|
||||
- name: APACHE_PORT
|
||||
@@ -192,7 +190,7 @@ spec:
|
||||
value: "{{ .Values.WHITEBOARD_ENABLED }}"
|
||||
- name: WHITEBOARD_SECRET
|
||||
value: "{{ .Values.WHITEBOARD_SECRET }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-nextcloud:20260513_090235
|
||||
image: ghcr.io/nextcloud-releases/aio-nextcloud:20260409_094910
|
||||
{{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
|
||||
securityContext:
|
||||
# The items below only work in container context
|
||||
|
||||
@@ -35,13 +35,11 @@ spec:
|
||||
{{- end }}
|
||||
containers:
|
||||
- env:
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: NEXTCLOUD_HOST
|
||||
value: nextcloud-aio-nextcloud
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-notify-push:20260513_090235
|
||||
image: ghcr.io/nextcloud-releases/aio-notify-push:20260409_094910
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -24,7 +24,7 @@ spec:
|
||||
spec:
|
||||
initContainers:
|
||||
- name: init-volumes
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260513_090235
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910
|
||||
command:
|
||||
- chmod
|
||||
- "777"
|
||||
@@ -34,19 +34,15 @@ spec:
|
||||
mountPath: /nextcloud-aio-onlyoffice
|
||||
containers:
|
||||
- env:
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: JWT_ENABLED
|
||||
value: "true"
|
||||
- name: JWT_HEADER
|
||||
value: AuthorizationJwt
|
||||
- name: JWT_SECRET
|
||||
value: "{{ .Values.ONLYOFFICE_SECRET }}"
|
||||
- name: LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-onlyoffice:20260513_090235
|
||||
image: ghcr.io/nextcloud-releases/aio-onlyoffice:20260409_094910
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -35,13 +35,11 @@ spec:
|
||||
{{- end }}
|
||||
containers:
|
||||
- env:
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: REDIS_HOST_PASSWORD
|
||||
value: "{{ .Values.REDIS_PASSWORD }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-redis:20260513_090235
|
||||
image: ghcr.io/nextcloud-releases/aio-redis:20260409_094910
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -40,8 +40,6 @@ spec:
|
||||
value: "{{ .Values.TALK_MAX_STREAM_BITRATE }}"
|
||||
- name: TALK_MAX_SCREEN_BITRATE
|
||||
value: "{{ .Values.TALK_MAX_SCREEN_BITRATE }}"
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: INTERNAL_SECRET
|
||||
value: "{{ .Values.TALK_INTERNAL_SECRET }}"
|
||||
- name: NC_DOMAIN
|
||||
@@ -56,7 +54,7 @@ spec:
|
||||
value: "{{ .Values.TURN_SECRET }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-talk:20260513_090235
|
||||
image: ghcr.io/nextcloud-releases/aio-talk:20260409_094910
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -36,8 +36,6 @@ spec:
|
||||
{{- end }}
|
||||
containers:
|
||||
- env:
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: INTERNAL_SECRET
|
||||
value: "{{ .Values.TALK_INTERNAL_SECRET }}"
|
||||
- name: NC_DOMAIN
|
||||
@@ -46,7 +44,7 @@ spec:
|
||||
value: "{{ .Values.RECORDING_SECRET }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-talk-recording:20260513_090235
|
||||
image: ghcr.io/nextcloud-releases/aio-talk-recording:20260409_094910
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -34,8 +34,6 @@ spec:
|
||||
{{- end }}
|
||||
containers:
|
||||
- env:
|
||||
- name: AIO_LOG_LEVEL
|
||||
value: "{{ .Values.AIO_LOG_LEVEL }}"
|
||||
- name: BACKUP_DIR
|
||||
value: /tmp
|
||||
- name: JWT_SECRET_KEY
|
||||
@@ -52,7 +50,7 @@ spec:
|
||||
value: redis
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-whiteboard:20260513_090235
|
||||
image: ghcr.io/nextcloud-releases/aio-whiteboard:20260409_094910
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -21,7 +21,6 @@ TALK_ENABLED: "no" # Setting this to "yes" (with quotes) enables the op
|
||||
TALK_RECORDING_ENABLED: "no" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
|
||||
WHITEBOARD_ENABLED: "no" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
|
||||
|
||||
AIO_LOG_LEVEL: warn # Allows to adjust the global AIO log level. Valid values are debug, info, warn and error.
|
||||
APACHE_MAX_SIZE: "17179869184" # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
|
||||
APACHE_PORT: 443 # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else).
|
||||
ADDITIONAL_COLLABORA_OPTIONS: ['--o:security.seccomp=true'] # You can add additional collabora options here by using the array syntax.
|
||||
@@ -32,7 +31,7 @@ NEXTCLOUD_ADDITIONAL_APKS: imagemagick # This allows to add additional pa
|
||||
NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.
|
||||
NEXTCLOUD_MAX_TIME: 3600 # This allows to change the upload time limit of the Nextcloud container
|
||||
NEXTCLOUD_MEMORY_LIMIT: 512M # This allows to change the PHP memory limit of the Nextcloud container
|
||||
NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. You can also disable apps by using a hyphen in front of them. E.g. -app_api
|
||||
NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
|
||||
NEXTCLOUD_TRUSTED_CACERTS_DIR: # Setting this to any value allows to automatically import root certificates into the Nextcloud container
|
||||
NEXTCLOUD_UPLOAD_LIMIT: 16G # This allows to change the upload limit of the Nextcloud container
|
||||
REMOVE_DISABLED_APPS: "yes" # Setting this to "no" keep Nextcloud apps that are disabled via their switch and not uninstall them if they should be installed in Nextcloud.
|
||||
|
||||
120
php/composer.lock
generated
120
php/composer.lock
generated
@@ -448,16 +448,16 @@
|
||||
},
|
||||
{
|
||||
"name": "laravel/serializable-closure",
|
||||
"version": "v2.0.13",
|
||||
"version": "v2.0.12",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/laravel/serializable-closure.git",
|
||||
"reference": "b566ee0dd251f3c4078bed003a7ce015f5ea6dce"
|
||||
"reference": "a6abb4e54f6fcd3138120b9ad497f0bd146f9919"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/laravel/serializable-closure/zipball/b566ee0dd251f3c4078bed003a7ce015f5ea6dce",
|
||||
"reference": "b566ee0dd251f3c4078bed003a7ce015f5ea6dce",
|
||||
"url": "https://api.github.com/repos/laravel/serializable-closure/zipball/a6abb4e54f6fcd3138120b9ad497f0bd146f9919",
|
||||
"reference": "a6abb4e54f6fcd3138120b9ad497f0bd146f9919",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -505,7 +505,7 @@
|
||||
"issues": "https://github.com/laravel/serializable-closure/issues",
|
||||
"source": "https://github.com/laravel/serializable-closure"
|
||||
},
|
||||
"time": "2026-04-16T14:03:50+00:00"
|
||||
"time": "2026-04-14T13:33:34+00:00"
|
||||
},
|
||||
{
|
||||
"name": "nikic/fast-route",
|
||||
@@ -1465,16 +1465,16 @@
|
||||
},
|
||||
{
|
||||
"name": "symfony/deprecation-contracts",
|
||||
"version": "v3.7.0",
|
||||
"version": "v3.6.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/symfony/deprecation-contracts.git",
|
||||
"reference": "50f59d1f3ca46d41ac911f97a78626b6756af35b"
|
||||
"reference": "63afe740e99a13ba87ec199bb07bbdee937a5b62"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/50f59d1f3ca46d41ac911f97a78626b6756af35b",
|
||||
"reference": "50f59d1f3ca46d41ac911f97a78626b6756af35b",
|
||||
"url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/63afe740e99a13ba87ec199bb07bbdee937a5b62",
|
||||
"reference": "63afe740e99a13ba87ec199bb07bbdee937a5b62",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -1487,7 +1487,7 @@
|
||||
"name": "symfony/contracts"
|
||||
},
|
||||
"branch-alias": {
|
||||
"dev-main": "3.7-dev"
|
||||
"dev-main": "3.6-dev"
|
||||
}
|
||||
},
|
||||
"autoload": {
|
||||
@@ -1512,7 +1512,7 @@
|
||||
"description": "A generic function and convention to trigger deprecation notices",
|
||||
"homepage": "https://symfony.com",
|
||||
"support": {
|
||||
"source": "https://github.com/symfony/deprecation-contracts/tree/v3.7.0"
|
||||
"source": "https://github.com/symfony/deprecation-contracts/tree/v3.6.0"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -1523,16 +1523,12 @@
|
||||
"url": "https://github.com/fabpot",
|
||||
"type": "github"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/nicolas-grekas",
|
||||
"type": "github"
|
||||
},
|
||||
{
|
||||
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
|
||||
"type": "tidelift"
|
||||
}
|
||||
],
|
||||
"time": "2026-04-13T15:52:40+00:00"
|
||||
"time": "2024-09-25T14:21:43+00:00"
|
||||
},
|
||||
{
|
||||
"name": "symfony/polyfill-ctype",
|
||||
@@ -2176,16 +2172,16 @@
|
||||
},
|
||||
{
|
||||
"name": "amphp/parallel",
|
||||
"version": "v2.3.4",
|
||||
"version": "v2.3.3",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/amphp/parallel.git",
|
||||
"reference": "3ad45d1cff1bfbfe832c79671e6a4a1017dd9921"
|
||||
"reference": "296b521137a54d3a02425b464e5aee4c93db2c60"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/amphp/parallel/zipball/3ad45d1cff1bfbfe832c79671e6a4a1017dd9921",
|
||||
"reference": "3ad45d1cff1bfbfe832c79671e6a4a1017dd9921",
|
||||
"url": "https://api.github.com/repos/amphp/parallel/zipball/296b521137a54d3a02425b464e5aee4c93db2c60",
|
||||
"reference": "296b521137a54d3a02425b464e5aee4c93db2c60",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -2205,7 +2201,7 @@
|
||||
"amphp/php-cs-fixer-config": "^2",
|
||||
"amphp/phpunit-util": "^3",
|
||||
"phpunit/phpunit": "^9",
|
||||
"psalm/phar": "6.16.1"
|
||||
"psalm/phar": "^5.18"
|
||||
},
|
||||
"type": "library",
|
||||
"autoload": {
|
||||
@@ -2248,7 +2244,7 @@
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/amphp/parallel/issues",
|
||||
"source": "https://github.com/amphp/parallel/tree/v2.3.4"
|
||||
"source": "https://github.com/amphp/parallel/tree/v2.3.3"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -2256,7 +2252,7 @@
|
||||
"type": "github"
|
||||
}
|
||||
],
|
||||
"time": "2026-05-06T19:26:51+00:00"
|
||||
"time": "2025-11-15T06:23:42+00:00"
|
||||
},
|
||||
{
|
||||
"name": "amphp/parser",
|
||||
@@ -2322,16 +2318,16 @@
|
||||
},
|
||||
{
|
||||
"name": "amphp/pipeline",
|
||||
"version": "v1.2.4",
|
||||
"version": "v1.2.3",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/amphp/pipeline.git",
|
||||
"reference": "a044733e080940d1483f56caff0c412ad6982776"
|
||||
"reference": "7b52598c2e9105ebcddf247fc523161581930367"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/amphp/pipeline/zipball/a044733e080940d1483f56caff0c412ad6982776",
|
||||
"reference": "a044733e080940d1483f56caff0c412ad6982776",
|
||||
"url": "https://api.github.com/repos/amphp/pipeline/zipball/7b52598c2e9105ebcddf247fc523161581930367",
|
||||
"reference": "7b52598c2e9105ebcddf247fc523161581930367",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -2343,7 +2339,7 @@
|
||||
"amphp/php-cs-fixer-config": "^2",
|
||||
"amphp/phpunit-util": "^3",
|
||||
"phpunit/phpunit": "^9",
|
||||
"psalm/phar": "6.16.1"
|
||||
"psalm/phar": "^5.18"
|
||||
},
|
||||
"type": "library",
|
||||
"autoload": {
|
||||
@@ -2377,7 +2373,7 @@
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/amphp/pipeline/issues",
|
||||
"source": "https://github.com/amphp/pipeline/tree/v1.2.4"
|
||||
"source": "https://github.com/amphp/pipeline/tree/v1.2.3"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -2385,7 +2381,7 @@
|
||||
"type": "github"
|
||||
}
|
||||
],
|
||||
"time": "2026-05-06T05:37:57+00:00"
|
||||
"time": "2025-03-16T16:33:53+00:00"
|
||||
},
|
||||
{
|
||||
"name": "amphp/process",
|
||||
@@ -3847,16 +3843,16 @@
|
||||
},
|
||||
{
|
||||
"name": "sebastian/diff",
|
||||
"version": "8.2.1",
|
||||
"version": "8.1.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/sebastianbergmann/diff.git",
|
||||
"reference": "cce1bb200e0062e72f9b85ccfe54d3fd38bbd044"
|
||||
"reference": "9c957d730257f49c873f3761674559bd90098a7d"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/cce1bb200e0062e72f9b85ccfe54d3fd38bbd044",
|
||||
"reference": "cce1bb200e0062e72f9b85ccfe54d3fd38bbd044",
|
||||
"url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/9c957d730257f49c873f3761674559bd90098a7d",
|
||||
"reference": "9c957d730257f49c873f3761674559bd90098a7d",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -3869,7 +3865,7 @@
|
||||
"type": "library",
|
||||
"extra": {
|
||||
"branch-alias": {
|
||||
"dev-main": "8.2-dev"
|
||||
"dev-main": "8.1-dev"
|
||||
}
|
||||
},
|
||||
"autoload": {
|
||||
@@ -3902,7 +3898,7 @@
|
||||
"support": {
|
||||
"issues": "https://github.com/sebastianbergmann/diff/issues",
|
||||
"security": "https://github.com/sebastianbergmann/diff/security/policy",
|
||||
"source": "https://github.com/sebastianbergmann/diff/tree/8.2.1"
|
||||
"source": "https://github.com/sebastianbergmann/diff/tree/8.1.0"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -3922,7 +3918,7 @@
|
||||
"type": "tidelift"
|
||||
}
|
||||
],
|
||||
"time": "2026-05-14T05:24:37+00:00"
|
||||
"time": "2026-04-05T12:02:33+00:00"
|
||||
},
|
||||
{
|
||||
"name": "spatie/array-to-xml",
|
||||
@@ -4052,16 +4048,16 @@
|
||||
},
|
||||
{
|
||||
"name": "symfony/console",
|
||||
"version": "v6.4.39",
|
||||
"version": "v6.4.36",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/symfony/console.git",
|
||||
"reference": "c132f1215fe4aa45b70173cc00ce9a755dd31ec5"
|
||||
"reference": "9f481cfb580db8bcecc9b2d4c63f3e13df022ad5"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/symfony/console/zipball/c132f1215fe4aa45b70173cc00ce9a755dd31ec5",
|
||||
"reference": "c132f1215fe4aa45b70173cc00ce9a755dd31ec5",
|
||||
"url": "https://api.github.com/repos/symfony/console/zipball/9f481cfb580db8bcecc9b2d4c63f3e13df022ad5",
|
||||
"reference": "9f481cfb580db8bcecc9b2d4c63f3e13df022ad5",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -4126,7 +4122,7 @@
|
||||
"terminal"
|
||||
],
|
||||
"support": {
|
||||
"source": "https://github.com/symfony/console/tree/v6.4.39"
|
||||
"source": "https://github.com/symfony/console/tree/v6.4.36"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -4146,20 +4142,20 @@
|
||||
"type": "tidelift"
|
||||
}
|
||||
],
|
||||
"time": "2026-05-12T06:50:03+00:00"
|
||||
"time": "2026-03-27T15:30:51+00:00"
|
||||
},
|
||||
{
|
||||
"name": "symfony/filesystem",
|
||||
"version": "v8.0.11",
|
||||
"version": "v8.0.8",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/symfony/filesystem.git",
|
||||
"reference": "224db910898ce1317b892a9a1338f1f8f17eb7c7"
|
||||
"reference": "66b769ae743ce2d13e435528fbef4af03d623e5a"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/symfony/filesystem/zipball/224db910898ce1317b892a9a1338f1f8f17eb7c7",
|
||||
"reference": "224db910898ce1317b892a9a1338f1f8f17eb7c7",
|
||||
"url": "https://api.github.com/repos/symfony/filesystem/zipball/66b769ae743ce2d13e435528fbef4af03d623e5a",
|
||||
"reference": "66b769ae743ce2d13e435528fbef4af03d623e5a",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -4196,7 +4192,7 @@
|
||||
"description": "Provides basic utilities for the filesystem",
|
||||
"homepage": "https://symfony.com",
|
||||
"support": {
|
||||
"source": "https://github.com/symfony/filesystem/tree/v8.0.11"
|
||||
"source": "https://github.com/symfony/filesystem/tree/v8.0.8"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -4216,7 +4212,7 @@
|
||||
"type": "tidelift"
|
||||
}
|
||||
],
|
||||
"time": "2026-05-11T16:39:47+00:00"
|
||||
"time": "2026-03-30T15:14:47+00:00"
|
||||
},
|
||||
{
|
||||
"name": "symfony/finder",
|
||||
@@ -4535,16 +4531,16 @@
|
||||
},
|
||||
{
|
||||
"name": "symfony/service-contracts",
|
||||
"version": "v3.7.0",
|
||||
"version": "v3.6.1",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/symfony/service-contracts.git",
|
||||
"reference": "d25d82433a80eba6aa0e6c24b61d7370d99e444a"
|
||||
"reference": "45112560a3ba2d715666a509a0bc9521d10b6c43"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/symfony/service-contracts/zipball/d25d82433a80eba6aa0e6c24b61d7370d99e444a",
|
||||
"reference": "d25d82433a80eba6aa0e6c24b61d7370d99e444a",
|
||||
"url": "https://api.github.com/repos/symfony/service-contracts/zipball/45112560a3ba2d715666a509a0bc9521d10b6c43",
|
||||
"reference": "45112560a3ba2d715666a509a0bc9521d10b6c43",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -4562,7 +4558,7 @@
|
||||
"name": "symfony/contracts"
|
||||
},
|
||||
"branch-alias": {
|
||||
"dev-main": "3.7-dev"
|
||||
"dev-main": "3.6-dev"
|
||||
}
|
||||
},
|
||||
"autoload": {
|
||||
@@ -4598,7 +4594,7 @@
|
||||
"standards"
|
||||
],
|
||||
"support": {
|
||||
"source": "https://github.com/symfony/service-contracts/tree/v3.7.0"
|
||||
"source": "https://github.com/symfony/service-contracts/tree/v3.6.1"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -4618,20 +4614,20 @@
|
||||
"type": "tidelift"
|
||||
}
|
||||
],
|
||||
"time": "2026-03-28T09:44:51+00:00"
|
||||
"time": "2025-07-15T11:30:57+00:00"
|
||||
},
|
||||
{
|
||||
"name": "symfony/string",
|
||||
"version": "v7.4.11",
|
||||
"version": "v7.4.8",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/symfony/string.git",
|
||||
"reference": "965f7306a43383d02c6aca1e3f3bd2f0ea5dee15"
|
||||
"reference": "114ac57257d75df748eda23dd003878080b8e688"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/symfony/string/zipball/965f7306a43383d02c6aca1e3f3bd2f0ea5dee15",
|
||||
"reference": "965f7306a43383d02c6aca1e3f3bd2f0ea5dee15",
|
||||
"url": "https://api.github.com/repos/symfony/string/zipball/114ac57257d75df748eda23dd003878080b8e688",
|
||||
"reference": "114ac57257d75df748eda23dd003878080b8e688",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -4689,7 +4685,7 @@
|
||||
"utf8"
|
||||
],
|
||||
"support": {
|
||||
"source": "https://github.com/symfony/string/tree/v7.4.11"
|
||||
"source": "https://github.com/symfony/string/tree/v7.4.8"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -4709,7 +4705,7 @@
|
||||
"type": "tidelift"
|
||||
}
|
||||
],
|
||||
"time": "2026-05-13T12:04:42+00:00"
|
||||
"time": "2026-03-24T13:12:05+00:00"
|
||||
},
|
||||
{
|
||||
"name": "vimeo/psalm",
|
||||
|
||||
26
php/public/clean-history.js
Normal file
26
php/public/clean-history.js
Normal file
@@ -0,0 +1,26 @@
|
||||
// This script is loaded after a successful token-based login.
|
||||
// It replaces the browser's current history entry (stripping the token from the
|
||||
// URL) before navigating to the main AIO page, so the token is never left in
|
||||
// the browser history and cannot be accidentally exposed via the back-button.
|
||||
//
|
||||
// The target URL is passed via the script tag's data-target attribute.
|
||||
// document.currentScript is only available during synchronous script execution
|
||||
// (not with defer/async), so this script is loaded without those attributes.
|
||||
//
|
||||
// We replace with location.pathname only (no query string, no hash), which
|
||||
// intentionally strips the ?token=… parameter and any hash fragment from the
|
||||
// recorded history entry.
|
||||
|
||||
// Guard against environments where document.currentScript may be null.
|
||||
if (!document.currentScript) {
|
||||
window.location.replace('/');
|
||||
} else {
|
||||
const rawTarget = document.currentScript.dataset.target;
|
||||
|
||||
// Only accept the exact relative path we set server-side to prevent any
|
||||
// potential open-redirect via a manipulated data-target value.
|
||||
const target = rawTarget === '../../' ? rawTarget : '/';
|
||||
|
||||
history.replaceState(null, '', location.pathname);
|
||||
window.location.replace(target);
|
||||
}
|
||||
@@ -68,7 +68,7 @@ session_start([
|
||||
"use_strict_mode" => true, // Only allow initialized session IDs. See https://www.php.net/manual/en/session.configuration.php#ini.session.use-strict-mode
|
||||
"cookie_secure" => true, // Only send cookies over https (not http). See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#secure
|
||||
"cookie_httponly" => true, // Block the cookie from being read with js in the browser, will still be send for fetch request triggered by js. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#httponly
|
||||
"cookie_samesite" => "Lax", // Send the cookie with same-site requests and top-level cross-site navigations (e.g. redirect after token-based getlogin). "Strict" would block the session cookie on the redirect that follows a cross-site navigation, breaking the getlogin flow from Nextcloud's admin panel. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#samesitesamesite-value
|
||||
"cookie_samesite" => "Strict", // Only send the cookie with requests triggered by AIO itself. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#samesitesamesite-value
|
||||
]);
|
||||
|
||||
if ($wasAuthenticated) {
|
||||
@@ -181,7 +181,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
|
||||
'community_containers' => $configurationManager->listAvailableCommunityContainers(),
|
||||
'community_containers_enabled' => $configurationManager->aioCommunityContainers,
|
||||
'bypass_container_update' => $bypass_container_update,
|
||||
]);
|
||||
])->withHeader('Cache-Control', 'no-store');
|
||||
})->setName('profile');
|
||||
$app->get('/login', function (Request $request, Response $response, array $args) use ($container) {
|
||||
$view = Twig::fromRequest($request);
|
||||
@@ -209,7 +209,7 @@ $app->get('/setup', function (Request $request, Response $response, array $args)
|
||||
[
|
||||
'password' => $setup->Setup(),
|
||||
]
|
||||
);
|
||||
)->withHeader('Cache-Control', 'no-store');
|
||||
});
|
||||
$app->get('/log', function (Request $request, Response $response, array $args) use ($container) {
|
||||
$params = $request->getQueryParams();
|
||||
|
||||
@@ -339,7 +339,7 @@ readonly class DockerController {
|
||||
|
||||
$body = $nonbufResp->getBody();
|
||||
$addToStreamingResponseBody = function (string $message) use ($body) : void {
|
||||
$body->write("<div>$message</div>");
|
||||
$body->write('<div>' . htmlspecialchars($message, ENT_QUOTES | ENT_HTML5) . '</div>');
|
||||
};
|
||||
|
||||
$this->dockerActionManager->SystemPrune($addToStreamingResponseBody);
|
||||
@@ -430,7 +430,7 @@ readonly class DockerController {
|
||||
// if it'll actually pull an image), but which should not need to know anything about the
|
||||
// wanted markup or formatting.
|
||||
$addToStreamingResponseBody = function (Container $container, string $message) use ($nonbufResp) : void {
|
||||
$nonbufResp->getBody()->write("<div>{$container->displayName}: {$message}</div>");
|
||||
$nonbufResp->getBody()->write('<div>' . htmlspecialchars($container->displayName, ENT_QUOTES | ENT_HTML5) . ': ' . htmlspecialchars($message, ENT_QUOTES | ENT_HTML5) . '</div>');
|
||||
};
|
||||
|
||||
return $addToStreamingResponseBody;
|
||||
|
||||
@@ -39,7 +39,19 @@ readonly class LoginController {
|
||||
$token = $request->getQueryParams()['token'] ?? '';
|
||||
if($this->authManager->CheckToken($token)) {
|
||||
$this->authManager->SetAuthState(true);
|
||||
return $response->withHeader('Location', '../..')->withStatus(302);
|
||||
// Return a minimal HTML page that uses JavaScript to replace the browser's
|
||||
// current history entry (removing the token from it) before navigating to
|
||||
// the main AIO page. This prevents the token from remaining in browser history.
|
||||
// The script is served from 'self'; same-origin scripts are already trusted under
|
||||
// the 'script-src-elem self' CSP directive, so no SRI hash is needed here.
|
||||
$response->getBody()->write(
|
||||
'<!DOCTYPE html>' .
|
||||
'<html lang="en">' .
|
||||
'<head><script src="../../clean-history.js" data-target="../../"></script></head>' .
|
||||
'<body></body>' .
|
||||
'</html>'
|
||||
);
|
||||
return $response->withHeader('Content-Type', 'text/html; charset=utf-8')->withStatus(200);
|
||||
}
|
||||
|
||||
// Punish failed auth attempts with a delay, as a very simple means against bots.
|
||||
|
||||
@@ -1 +1 @@
|
||||
13.0.3
|
||||
13.0.1
|
||||
|
||||
Reference in New Issue
Block a user