mirror of
https://github.com/nextcloud/all-in-one.git
synced 2026-05-21 10:50:10 +00:00
Compare commits
2 Commits
copilot/fi
...
copilot/re
| Author | SHA1 | Date | |
|---|---|---|---|
|
6a88b33138 | ||
|
|
f921ed7e4c |
2
.github/workflows/lint-yaml.yml
vendored
2
.github/workflows/lint-yaml.yml
vendored
@@ -36,7 +36,7 @@ jobs:
|
||||
line-length: warning
|
||||
|
||||
- name: Install the latest version of uv
|
||||
uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0
|
||||
uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 # v7.3.1
|
||||
|
||||
- name: Check GitHub actions
|
||||
run: uvx zizmor --min-severity medium .github/workflows/*.yml
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
}
|
||||
|
||||
https://{$ADDITIONAL_TRUSTED_DOMAIN}:443,
|
||||
http://{$APACHE_HOST}.nextcloud-aio:23973, # For Collabora callback and WOPI requests, see containers.json
|
||||
http://{$APACHE_HOST}:23973, # For Collabora callback and WOPI requests, see containers.json
|
||||
{$PROTOCOL}://{$NC_DOMAIN}:{$APACHE_PORT} {
|
||||
header -Server
|
||||
header -X-Powered-By
|
||||
@@ -74,9 +74,6 @@ http://{$APACHE_HOST}.nextcloud-aio:23973, # For Collabora callback and WOPI req
|
||||
# TLS options
|
||||
tls {
|
||||
issuer acme {
|
||||
profile shortlived
|
||||
# Disable HTTP challenge because that would require port 80, which we don't get (it's exposed to the mastercontainer).
|
||||
# This container by default only exposes port 443 if not configured otherwise via APACHE_PORT.
|
||||
disable_http_challenge
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
# From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
|
||||
FROM collabora/code:25.04.9.4.1
|
||||
FROM collabora/code:25.04.9.3.1
|
||||
|
||||
USER root
|
||||
ARG DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
# Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
|
||||
FROM elasticsearch:8.19.14
|
||||
FROM elasticsearch:8.19.13
|
||||
|
||||
USER root
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
FROM golang:1.26.2-alpine3.23 AS go
|
||||
FROM golang:1.26.1-alpine3.23 AS go
|
||||
|
||||
ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
# Docker CLI is a requirement
|
||||
FROM docker:29.4.0-cli AS docker
|
||||
FROM docker:29.3.0-cli AS docker
|
||||
|
||||
ARG CADDY_REMOTE_HOST_HASH=b21775afa730ffb52a24ddff310c8a6d1fd37276
|
||||
|
||||
@@ -11,7 +11,7 @@ RUN set -ex; \
|
||||
/usr/bin/caddy list-modules
|
||||
|
||||
# From https://github.com/docker-library/php/blob/master/8.5/alpine3.23/fpm/Dockerfile
|
||||
FROM php:8.5.5-fpm-alpine3.23
|
||||
FROM php:8.5.4-fpm-alpine3.23
|
||||
|
||||
EXPOSE 80
|
||||
EXPOSE 8080
|
||||
|
||||
@@ -17,8 +17,7 @@
|
||||
}
|
||||
|
||||
servers {
|
||||
# Only h1 is allowed as we prevent `ERR_NETWORK_CHANGED` from happening
|
||||
protocols h1
|
||||
protocols h1 h2 h2c
|
||||
}
|
||||
|
||||
on_demand_tls {
|
||||
@@ -40,13 +39,13 @@ https://:8443 {
|
||||
abort @denied
|
||||
|
||||
root * /var/www/docker-aio/php/public
|
||||
encode
|
||||
php_fastcgi unix//run/php.sock
|
||||
file_server
|
||||
|
||||
tls {
|
||||
on_demand
|
||||
issuer acme {
|
||||
profile shortlived
|
||||
disable_tlsalpn_challenge
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,11 +1,8 @@
|
||||
{
|
||||
admin off
|
||||
|
||||
# auto_https will be handled manually in acme.Caddyfile
|
||||
auto_https disable_redirects
|
||||
|
||||
storage file_system {
|
||||
root /mnt/docker-aio-config/caddy-internal/
|
||||
root /mnt/docker-aio-config/caddy/
|
||||
}
|
||||
|
||||
log {
|
||||
@@ -16,8 +13,7 @@
|
||||
}
|
||||
|
||||
servers {
|
||||
# Only h1 is allowed as we prevent `ERR_NETWORK_CHANGED` from happening
|
||||
protocols h1
|
||||
protocols h1 h2
|
||||
}
|
||||
|
||||
skip_install_trust
|
||||
@@ -31,6 +27,7 @@ https://:8080 {
|
||||
abort @denied
|
||||
|
||||
root * /var/www/docker-aio/php/public
|
||||
encode
|
||||
php_fastcgi unix//run/php.sock
|
||||
file_server
|
||||
|
||||
|
||||
@@ -364,7 +364,6 @@ fi
|
||||
mkdir -p /mnt/docker-aio-config/data/
|
||||
mkdir -p /mnt/docker-aio-config/session/
|
||||
mkdir -p /mnt/docker-aio-config/caddy/
|
||||
mkdir -p /mnt/docker-aio-config/caddy-internal/
|
||||
|
||||
# Adjust permissions for all instances
|
||||
chmod 770 -R /mnt/docker-aio-config
|
||||
@@ -372,7 +371,6 @@ chmod 777 /mnt/docker-aio-config
|
||||
chown www-data:www-data -R /mnt/docker-aio-config/data/
|
||||
chown www-data:www-data -R /mnt/docker-aio-config/session/
|
||||
chown www-data:www-data -R /mnt/docker-aio-config/caddy/
|
||||
chown www-data:www-data -R /mnt/docker-aio-config/caddy-internal/
|
||||
|
||||
print_green "Initial startup of Nextcloud All-in-One complete!
|
||||
You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
|
||||
|
||||
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
|
||||
ENV REDIS_DB_INDEX=0
|
||||
|
||||
# AIO settings start # Do not remove or change this line!
|
||||
ENV NEXTCLOUD_VERSION=32.0.8
|
||||
ENV NEXTCLOUD_VERSION=32.0.6
|
||||
ENV AIO_TOKEN=123456
|
||||
ENV AIO_URL=localhost
|
||||
# AIO settings end # Do not remove or change this line!
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
# From https://github.com/redis/docker-library-redis/blob/release/8.2/alpine/Dockerfile
|
||||
FROM redis:8.6.2-alpine
|
||||
FROM redis:8.6.1-alpine
|
||||
|
||||
COPY --chmod=775 start.sh /start.sh
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
FROM nats:2.12.6-scratch AS nats
|
||||
FROM nats:2.12.5-scratch AS nats
|
||||
FROM eturnal/eturnal:1.12.2-alpine AS eturnal
|
||||
FROM strukturag/nextcloud-spreed-signaling:2.1.1 AS signaling
|
||||
FROM alpine:3.23.3 AS janus
|
||||
|
||||
@@ -1,13 +1,13 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
FROM golang:1.26.2-alpine3.23 AS go
|
||||
FROM golang:1.26.1-alpine3.23 AS go
|
||||
|
||||
ENV WATCHTOWER_COMMIT_HASH=652c89577076f6bc6f2af4465217589641216ee3
|
||||
ENV WATCHTOWER_COMMIT_HASH=5a33e3c0aa3b2770c648a114b4a9d32e0a5b55ba
|
||||
|
||||
RUN set -ex; \
|
||||
apk upgrade --no-cache -a; \
|
||||
apk add --no-cache \
|
||||
build-base; \
|
||||
go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.16.1
|
||||
go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.14.4
|
||||
|
||||
FROM alpine:3.23.3
|
||||
|
||||
|
||||
@@ -16,8 +16,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau
|
||||
- If you want to use this with [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter), make sure that you point `metrics.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for nextcloud-exporter.
|
||||
- If you want to use this with [local AI](https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai), make sure that you point `ai.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for local AI.
|
||||
- After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!
|
||||
- You can add your own Caddy configurations in the folder `nextcloud-aio-caddy/caddy-imports` in the files app of the default `admin` user. You need to create that folder manually. These will be imported on container startup.
|
||||
- You can alternatively add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup. **Please note:** If you do not have CLI access to the server use the previous option or run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management
|
||||
- You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management
|
||||
- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
|
||||
- If you want to remove the container again and revert back to the default, you need to disable the container via the AIO-interface and follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#8-removing-the-reverse-proxy
|
||||
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
"display_name": "Prometheus Nextcloud Exporter",
|
||||
"documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter",
|
||||
"image": "ghcr.io/xperimental/nextcloud-exporter",
|
||||
"image_tag": "0.9.1",
|
||||
"image_tag": "0.9.0",
|
||||
"internal_port": "9205",
|
||||
"restart": "unless-stopped",
|
||||
"ports": [
|
||||
|
||||
@@ -54,9 +54,6 @@
|
||||
"ui_secret": "SMBSERVER_PASSWORD",
|
||||
"backup_volumes": [
|
||||
"nextcloud_aio_smbserver"
|
||||
],
|
||||
"nextcloud_exec_commands": [
|
||||
"php /var/www/html/occ config:system:set filesystem_check_changes --value=1 --type=integer"
|
||||
]
|
||||
}
|
||||
]
|
||||
|
||||
@@ -9,7 +9,7 @@ You can run AIO with docker rootless by following the steps below.
|
||||
1. If you need ipv6 support, you should enable it by following https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md.
|
||||
1. Do not forget to set the mentioned environmental variables `PATH` and `DOCKER_HOST` and in best case add them to your `~/.bashrc` file as shown!
|
||||
1. Also do not forget to run `loginctl enable-linger USERNAME` (and substitute USERNAME with the correct one) in order to make sure that user services are automatically started after every reboot.
|
||||
1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/tips/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`). If you require the correct source IP you must expose them via `/etc/sysctl.conf`, [see note below](#note-regarding-docker-network-driver).
|
||||
1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`). If you require the correct source IP you must expose them via `/etc/sysctl.conf`, [see note below](#note-regarding-docker-network-driver).
|
||||
1. Use the official AIO startup command but use `--volume $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro` instead of `--volume /var/run/docker.sock:/var/run/docker.sock:ro` and also add `--env WATCHTOWER_DOCKER_SOCKET_PATH=$XDG_RUNTIME_DIR/docker.sock` to the initial container startup (which is needed for mastercontainer updates to work correctly). When you are using Portainer to deploy AIO, the variable `$XDG_RUNTIME_DIR` is not available. In this case, it is necessary to manually add the path (e.g. `/run/user/1000/docker.sock`) to the Docker compose file to replace the `$XDG_RUNTIME_DIR` variable. If you are not sure how to get the path, you can run on the host: `echo $XDG_RUNTIME_DIR`.
|
||||
1. Now everything should work like without docker rootless. You can consider using docker-compose for this or running it behind a reverse proxy. Basically the only thing that needs to be adjusted always in the startup command or compose.yaml file (after installing docker rootles) are things that are mentioned in point 3.
|
||||
1. ⚠️ **Important:** Please read through all notes below!
|
||||
|
||||
@@ -249,8 +249,8 @@ services:
|
||||
expose:
|
||||
- "9980"
|
||||
environment:
|
||||
- aliasgroup1=https://${NC_DOMAIN}:443,http://nextcloud-aio-apache.nextcloud-aio:23973
|
||||
- extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
|
||||
- aliasgroup1=https://${NC_DOMAIN}:443,http://nextcloud-aio-apache:23973
|
||||
- extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
|
||||
- dictionaries=${COLLABORA_DICTIONARIES}
|
||||
- TZ=${TIMEZONE}
|
||||
- server_name=${NC_DOMAIN}
|
||||
@@ -259,6 +259,7 @@ services:
|
||||
profiles:
|
||||
- collabora
|
||||
cap_add:
|
||||
- MKNOD
|
||||
- SYS_ADMIN
|
||||
- SYS_CHROOT
|
||||
- FOWNER
|
||||
@@ -282,8 +283,6 @@ services:
|
||||
- ${TALK_PORT}:${TALK_PORT}/udp
|
||||
expose:
|
||||
- "8081"
|
||||
volumes:
|
||||
- ${NEXTCLOUD_TRUSTED_CACERTS_DIR}:/usr/local/share/ca-certificates:ro
|
||||
environment:
|
||||
- NC_DOMAIN
|
||||
- TALK_HOST=nextcloud-aio-talk
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
name: nextcloud-aio-helm-chart
|
||||
description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
|
||||
version: 12.9.2
|
||||
version: 12.8.0
|
||||
apiVersion: v2
|
||||
keywords:
|
||||
- latest
|
||||
|
||||
@@ -63,7 +63,7 @@ spec:
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
- name: WHITEBOARD_HOST
|
||||
value: nextcloud-aio-whiteboard
|
||||
image: ghcr.io/nextcloud-releases/aio-apache:20260409_094910
|
||||
image: ghcr.io/nextcloud-releases/aio-apache:20260306_081319
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -36,7 +36,7 @@ spec:
|
||||
{{- end }}
|
||||
initContainers:
|
||||
- name: init-subpath
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260306_081319
|
||||
command:
|
||||
- mkdir
|
||||
- "-p"
|
||||
@@ -59,7 +59,7 @@ spec:
|
||||
value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-clamav:20260409_094910
|
||||
image: ghcr.io/nextcloud-releases/aio-clamav:20260306_081319
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -28,17 +28,17 @@ spec:
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
- name: aliasgroup1
|
||||
value: https://{{ .Values.NC_DOMAIN }}:443,http://nextcloud-aio-apache.nextcloud-aio:23973
|
||||
value: https://{{ .Values.NC_DOMAIN }}:443,http://nextcloud-aio-apache:23973
|
||||
- name: dictionaries
|
||||
value: "{{ .Values.COLLABORA_DICTIONARIES }}"
|
||||
- name: extra_params
|
||||
value: --o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
|
||||
value: --o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
|
||||
- name: server_name
|
||||
value: "{{ .Values.NC_DOMAIN }}"
|
||||
{{- if contains "--o:support_key=" (join " " (.Values.ADDITIONAL_COLLABORA_OPTIONS | default list)) }}
|
||||
image: ghcr.io/nextcloud-releases/aio-collabora-online:20260409_094910
|
||||
image: ghcr.io/nextcloud-releases/aio-collabora-online:20260306_081319
|
||||
{{- else }}
|
||||
image: ghcr.io/nextcloud-releases/aio-collabora:20260409_094910
|
||||
image: ghcr.io/nextcloud-releases/aio-collabora:20260306_081319
|
||||
{{- end }}
|
||||
readinessProbe:
|
||||
exec:
|
||||
@@ -63,6 +63,7 @@ spec:
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- MKNOD
|
||||
- CAP_SYS_ADMIN
|
||||
- SYS_CHROOT
|
||||
- FOWNER
|
||||
|
||||
@@ -35,7 +35,7 @@ spec:
|
||||
{{- end }}
|
||||
initContainers:
|
||||
- name: init-subpath
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260306_081319
|
||||
command:
|
||||
- mkdir
|
||||
- "-p"
|
||||
@@ -64,7 +64,7 @@ spec:
|
||||
value: nextcloud
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-postgresql:20260409_094910
|
||||
image: ghcr.io/nextcloud-releases/aio-postgresql:20260306_081319
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -24,7 +24,7 @@ spec:
|
||||
spec:
|
||||
initContainers:
|
||||
- name: init-volumes
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260306_081319
|
||||
command:
|
||||
- chmod
|
||||
- "777"
|
||||
@@ -54,7 +54,7 @@ spec:
|
||||
value: basic
|
||||
- name: xpack.security.enabled
|
||||
value: "false"
|
||||
image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20260409_094910
|
||||
image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20260306_081319
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -38,7 +38,7 @@ spec:
|
||||
value: "{{ .Values.IMAGINARY_SECRET }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-imaginary:20260409_094910
|
||||
image: ghcr.io/nextcloud-releases/aio-imaginary:20260306_081319
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -38,7 +38,7 @@ spec:
|
||||
# AIO settings start # Do not remove or change this line!
|
||||
initContainers:
|
||||
- name: init-volumes
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260306_081319
|
||||
command:
|
||||
- chmod
|
||||
- "777"
|
||||
@@ -190,7 +190,7 @@ spec:
|
||||
value: "{{ .Values.WHITEBOARD_ENABLED }}"
|
||||
- name: WHITEBOARD_SECRET
|
||||
value: "{{ .Values.WHITEBOARD_SECRET }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-nextcloud:20260409_094910
|
||||
image: ghcr.io/nextcloud-releases/aio-nextcloud:20260306_081319
|
||||
{{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
|
||||
securityContext:
|
||||
# The items below only work in container context
|
||||
|
||||
@@ -39,7 +39,7 @@ spec:
|
||||
value: nextcloud-aio-nextcloud
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-notify-push:20260409_094910
|
||||
image: ghcr.io/nextcloud-releases/aio-notify-push:20260306_081319
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -24,7 +24,7 @@ spec:
|
||||
spec:
|
||||
initContainers:
|
||||
- name: init-volumes
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20260306_081319
|
||||
command:
|
||||
- chmod
|
||||
- "777"
|
||||
@@ -42,7 +42,7 @@ spec:
|
||||
value: "{{ .Values.ONLYOFFICE_SECRET }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-onlyoffice:20260409_094910
|
||||
image: ghcr.io/nextcloud-releases/aio-onlyoffice:20260306_081319
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -39,7 +39,7 @@ spec:
|
||||
value: "{{ .Values.REDIS_PASSWORD }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-redis:20260409_094910
|
||||
image: ghcr.io/nextcloud-releases/aio-redis:20260306_081319
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -13,8 +13,6 @@ spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
io.kompose.service: nextcloud-aio-talk
|
||||
strategy:
|
||||
type: Recreate
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
@@ -54,7 +52,7 @@ spec:
|
||||
value: "{{ .Values.TURN_SECRET }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-talk:20260409_094910
|
||||
image: ghcr.io/nextcloud-releases/aio-talk:20260306_081319
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
@@ -86,12 +84,4 @@ spec:
|
||||
{{- else }}
|
||||
drop: ["NET_RAW"]
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- mountPath: /usr/local/share/ca-certificates
|
||||
name: nextcloud-aio-nextcloud-trusted-cacerts
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: nextcloud-aio-nextcloud-trusted-cacerts
|
||||
persistentVolumeClaim:
|
||||
claimName: nextcloud-aio-nextcloud-trusted-cacerts
|
||||
{{- end }}
|
||||
|
||||
@@ -44,7 +44,7 @@ spec:
|
||||
value: "{{ .Values.RECORDING_SECRET }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-talk-recording:20260409_094910
|
||||
image: ghcr.io/nextcloud-releases/aio-talk-recording:20260306_081319
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -50,7 +50,7 @@ spec:
|
||||
value: redis
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-whiteboard:20260409_094910
|
||||
image: ghcr.io/nextcloud-releases/aio-whiteboard:20260306_081319
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
99
php/composer.lock
generated
99
php/composer.lock
generated
@@ -448,16 +448,16 @@
|
||||
},
|
||||
{
|
||||
"name": "laravel/serializable-closure",
|
||||
"version": "v2.0.11",
|
||||
"version": "v2.0.10",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/laravel/serializable-closure.git",
|
||||
"reference": "d1af40ac4a6ccc12bd062a7184f63c9995a63bdd"
|
||||
"reference": "870fc81d2f879903dfc5b60bf8a0f94a1609e669"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/laravel/serializable-closure/zipball/d1af40ac4a6ccc12bd062a7184f63c9995a63bdd",
|
||||
"reference": "d1af40ac4a6ccc12bd062a7184f63c9995a63bdd",
|
||||
"url": "https://api.github.com/repos/laravel/serializable-closure/zipball/870fc81d2f879903dfc5b60bf8a0f94a1609e669",
|
||||
"reference": "870fc81d2f879903dfc5b60bf8a0f94a1609e669",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -505,7 +505,7 @@
|
||||
"issues": "https://github.com/laravel/serializable-closure/issues",
|
||||
"source": "https://github.com/laravel/serializable-closure"
|
||||
},
|
||||
"time": "2026-04-07T13:32:18+00:00"
|
||||
"time": "2026-02-20T19:59:49+00:00"
|
||||
},
|
||||
{
|
||||
"name": "nikic/fast-route",
|
||||
@@ -2453,27 +2453,24 @@
|
||||
},
|
||||
{
|
||||
"name": "amphp/serialization",
|
||||
"version": "v1.1.0",
|
||||
"version": "v1.0.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/amphp/serialization.git",
|
||||
"reference": "fdf2834d78cebb0205fb2672676c1b1eb84371f0"
|
||||
"reference": "693e77b2fb0b266c3c7d622317f881de44ae94a1"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/amphp/serialization/zipball/fdf2834d78cebb0205fb2672676c1b1eb84371f0",
|
||||
"reference": "fdf2834d78cebb0205fb2672676c1b1eb84371f0",
|
||||
"url": "https://api.github.com/repos/amphp/serialization/zipball/693e77b2fb0b266c3c7d622317f881de44ae94a1",
|
||||
"reference": "693e77b2fb0b266c3c7d622317f881de44ae94a1",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"php": ">=7.4"
|
||||
"php": ">=7.1"
|
||||
},
|
||||
"require-dev": {
|
||||
"amphp/php-cs-fixer-config": "^2",
|
||||
"ext-json": "*",
|
||||
"ext-zlib": "*",
|
||||
"phpunit/phpunit": "^9",
|
||||
"psalm/phar": "6.16.1"
|
||||
"amphp/php-cs-fixer-config": "dev-master",
|
||||
"phpunit/phpunit": "^9 || ^8 || ^7"
|
||||
},
|
||||
"type": "library",
|
||||
"autoload": {
|
||||
@@ -2508,15 +2505,9 @@
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/amphp/serialization/issues",
|
||||
"source": "https://github.com/amphp/serialization/tree/v1.1.0"
|
||||
"source": "https://github.com/amphp/serialization/tree/master"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
"url": "https://github.com/amphp",
|
||||
"type": "github"
|
||||
}
|
||||
],
|
||||
"time": "2026-04-05T15:59:53+00:00"
|
||||
"time": "2020-03-25T21:39:07+00:00"
|
||||
},
|
||||
{
|
||||
"name": "amphp/socket",
|
||||
@@ -3843,16 +3834,16 @@
|
||||
},
|
||||
{
|
||||
"name": "sebastian/diff",
|
||||
"version": "8.1.0",
|
||||
"version": "8.0.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/sebastianbergmann/diff.git",
|
||||
"reference": "9c957d730257f49c873f3761674559bd90098a7d"
|
||||
"reference": "a2b6d09d7729ee87d605a439469f9dcc39be5ea3"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/9c957d730257f49c873f3761674559bd90098a7d",
|
||||
"reference": "9c957d730257f49c873f3761674559bd90098a7d",
|
||||
"url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/a2b6d09d7729ee87d605a439469f9dcc39be5ea3",
|
||||
"reference": "a2b6d09d7729ee87d605a439469f9dcc39be5ea3",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -3865,7 +3856,7 @@
|
||||
"type": "library",
|
||||
"extra": {
|
||||
"branch-alias": {
|
||||
"dev-main": "8.1-dev"
|
||||
"dev-main": "8.0-dev"
|
||||
}
|
||||
},
|
||||
"autoload": {
|
||||
@@ -3898,7 +3889,7 @@
|
||||
"support": {
|
||||
"issues": "https://github.com/sebastianbergmann/diff/issues",
|
||||
"security": "https://github.com/sebastianbergmann/diff/security/policy",
|
||||
"source": "https://github.com/sebastianbergmann/diff/tree/8.1.0"
|
||||
"source": "https://github.com/sebastianbergmann/diff/tree/8.0.0"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -3918,7 +3909,7 @@
|
||||
"type": "tidelift"
|
||||
}
|
||||
],
|
||||
"time": "2026-04-05T12:02:33+00:00"
|
||||
"time": "2026-02-06T04:42:27+00:00"
|
||||
},
|
||||
{
|
||||
"name": "spatie/array-to-xml",
|
||||
@@ -4048,16 +4039,16 @@
|
||||
},
|
||||
{
|
||||
"name": "symfony/console",
|
||||
"version": "v6.4.36",
|
||||
"version": "v6.4.35",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/symfony/console.git",
|
||||
"reference": "9f481cfb580db8bcecc9b2d4c63f3e13df022ad5"
|
||||
"reference": "49257c96304c508223815ee965c251e7c79e614e"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/symfony/console/zipball/9f481cfb580db8bcecc9b2d4c63f3e13df022ad5",
|
||||
"reference": "9f481cfb580db8bcecc9b2d4c63f3e13df022ad5",
|
||||
"url": "https://api.github.com/repos/symfony/console/zipball/49257c96304c508223815ee965c251e7c79e614e",
|
||||
"reference": "49257c96304c508223815ee965c251e7c79e614e",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -4122,7 +4113,7 @@
|
||||
"terminal"
|
||||
],
|
||||
"support": {
|
||||
"source": "https://github.com/symfony/console/tree/v6.4.36"
|
||||
"source": "https://github.com/symfony/console/tree/v6.4.35"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -4142,20 +4133,20 @@
|
||||
"type": "tidelift"
|
||||
}
|
||||
],
|
||||
"time": "2026-03-27T15:30:51+00:00"
|
||||
"time": "2026-03-06T13:31:08+00:00"
|
||||
},
|
||||
{
|
||||
"name": "symfony/filesystem",
|
||||
"version": "v8.0.8",
|
||||
"version": "v8.0.6",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/symfony/filesystem.git",
|
||||
"reference": "66b769ae743ce2d13e435528fbef4af03d623e5a"
|
||||
"reference": "7bf9162d7a0dff98d079b72948508fa48018a770"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/symfony/filesystem/zipball/66b769ae743ce2d13e435528fbef4af03d623e5a",
|
||||
"reference": "66b769ae743ce2d13e435528fbef4af03d623e5a",
|
||||
"url": "https://api.github.com/repos/symfony/filesystem/zipball/7bf9162d7a0dff98d079b72948508fa48018a770",
|
||||
"reference": "7bf9162d7a0dff98d079b72948508fa48018a770",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -4192,7 +4183,7 @@
|
||||
"description": "Provides basic utilities for the filesystem",
|
||||
"homepage": "https://symfony.com",
|
||||
"support": {
|
||||
"source": "https://github.com/symfony/filesystem/tree/v8.0.8"
|
||||
"source": "https://github.com/symfony/filesystem/tree/v8.0.6"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -4212,7 +4203,7 @@
|
||||
"type": "tidelift"
|
||||
}
|
||||
],
|
||||
"time": "2026-03-30T15:14:47+00:00"
|
||||
"time": "2026-02-25T16:59:43+00:00"
|
||||
},
|
||||
{
|
||||
"name": "symfony/finder",
|
||||
@@ -4618,16 +4609,16 @@
|
||||
},
|
||||
{
|
||||
"name": "symfony/string",
|
||||
"version": "v7.4.8",
|
||||
"version": "v7.4.6",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/symfony/string.git",
|
||||
"reference": "114ac57257d75df748eda23dd003878080b8e688"
|
||||
"reference": "9f209231affa85aa930a5e46e6eb03381424b30b"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/symfony/string/zipball/114ac57257d75df748eda23dd003878080b8e688",
|
||||
"reference": "114ac57257d75df748eda23dd003878080b8e688",
|
||||
"url": "https://api.github.com/repos/symfony/string/zipball/9f209231affa85aa930a5e46e6eb03381424b30b",
|
||||
"reference": "9f209231affa85aa930a5e46e6eb03381424b30b",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -4685,7 +4676,7 @@
|
||||
"utf8"
|
||||
],
|
||||
"support": {
|
||||
"source": "https://github.com/symfony/string/tree/v7.4.8"
|
||||
"source": "https://github.com/symfony/string/tree/v7.4.6"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -4705,7 +4696,7 @@
|
||||
"type": "tidelift"
|
||||
}
|
||||
],
|
||||
"time": "2026-03-24T13:12:05+00:00"
|
||||
"time": "2026-02-09T09:33:46+00:00"
|
||||
},
|
||||
{
|
||||
"name": "vimeo/psalm",
|
||||
@@ -4894,16 +4885,16 @@
|
||||
},
|
||||
{
|
||||
"name": "webmozart/assert",
|
||||
"version": "2.2.0",
|
||||
"version": "2.1.6",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/webmozarts/assert.git",
|
||||
"reference": "1b99650e7ffcad232624a260bc7fbdec2ffc407c"
|
||||
"reference": "ff31ad6efc62e66e518fbab1cde3453d389bcdc8"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/webmozarts/assert/zipball/1b99650e7ffcad232624a260bc7fbdec2ffc407c",
|
||||
"reference": "1b99650e7ffcad232624a260bc7fbdec2ffc407c",
|
||||
"url": "https://api.github.com/repos/webmozarts/assert/zipball/ff31ad6efc62e66e518fbab1cde3453d389bcdc8",
|
||||
"reference": "ff31ad6efc62e66e518fbab1cde3453d389bcdc8",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -4950,9 +4941,9 @@
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/webmozarts/assert/issues",
|
||||
"source": "https://github.com/webmozarts/assert/tree/2.2.0"
|
||||
"source": "https://github.com/webmozarts/assert/tree/2.1.6"
|
||||
},
|
||||
"time": "2026-04-09T16:54:47+00:00"
|
||||
"time": "2026-02-27T10:28:38+00:00"
|
||||
}
|
||||
],
|
||||
"aliases": [],
|
||||
|
||||
@@ -379,7 +379,7 @@
|
||||
],
|
||||
"internal_port": "9980",
|
||||
"environment": [
|
||||
"aliasgroup1=https://%NC_DOMAIN%:443,http://nextcloud-aio-apache.nextcloud-aio:23973",
|
||||
"aliasgroup1=https://%NC_DOMAIN%:443,http://nextcloud-aio-apache:23973",
|
||||
"extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
|
||||
"dictionaries=%COLLABORA_DICTIONARIES%",
|
||||
"TZ=%TIMEZONE%",
|
||||
@@ -389,7 +389,7 @@
|
||||
"restart": "unless-stopped",
|
||||
"nextcloud_exec_commands": [
|
||||
"echo 'Activating Collabora config...'",
|
||||
"php /var/www/html/occ richdocuments:activate-config --wopi-url='http://nextcloud-aio-apache.nextcloud-aio:23973' --callback-url='http://nextcloud-aio-apache.nextcloud-aio:23973'"
|
||||
"php /var/www/html/occ richdocuments:activate-config --wopi-url='http://nextcloud-aio-apache:23973' --callback-url='http://nextcloud-aio-apache:23973'"
|
||||
],
|
||||
"profiles": [
|
||||
"collabora"
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
window.addEventListener("load", function(event) {
|
||||
document.addEventListener("DOMContentLoaded", function(event) {
|
||||
if (document.hasFocus()) {
|
||||
// hide reload button if the site reloads automatically
|
||||
let list = document.getElementsByClassName("reload button");
|
||||
@@ -9,7 +9,7 @@ window.addEventListener("load", function(event) {
|
||||
|
||||
// set timeout for reload
|
||||
setTimeout(function(){
|
||||
window.location.reload(true);
|
||||
window.location.reload(1);
|
||||
}, 5000);
|
||||
} else {
|
||||
window.addEventListener("beforeunload", function() {
|
||||
|
||||
@@ -1,15 +0,0 @@
|
||||
document.addEventListener("DOMContentLoaded", () => {
|
||||
document.querySelectorAll('input[data-confirm]').forEach((element) => {
|
||||
element.addEventListener('click', (event) => {
|
||||
if (!confirm(element.dataset.confirm)) {
|
||||
event.preventDefault();
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
document.querySelectorAll('[data-stop-event-propagation="true"]').forEach((element) => {
|
||||
element.addEventListener('click', (event) => {
|
||||
event.stopPropagation();
|
||||
});
|
||||
});
|
||||
});
|
||||
@@ -121,8 +121,10 @@ document.addEventListener("DOMContentLoaded", function () {
|
||||
|
||||
function handleDockerSocketProxyWarning() {
|
||||
if (document.getElementById("docker-socket-proxy").checked) {
|
||||
alert('⚠️ The docker socket proxy container is deprecated. Please use the HaRP (High-availability Reverse Proxy for Nextcloud ExApps) instead!');
|
||||
document.getElementById("docker-socket-proxy").checked = false
|
||||
// TODO: remove the line below and uncomment the lines further down once https://github.com/nextcloud/app_api/pull/800 is included
|
||||
alert('⚠️ Warning! Enabling this container comes with possible Security problems since you are exposing the docker socket and all its privileges to the Nextcloud container. Enable this only if you are sure what you are doing!');
|
||||
// alert('⚠️ The docker socket proxy container is deprecated. Please use the HaRP (High-availability Reverse Proxy for Nextcloud ExApps) instead!');
|
||||
// document.getElementById("docker-socket-proxy").checked = false
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -36,11 +36,11 @@ function showPassword(id) {
|
||||
showError("Server error. Please check the mastercontainer logs for details. This page will reload after 10s automatically. Then you can check the mastercontainer logs.");
|
||||
// Reload after 10s since it is expected that the updated view is shown (e.g. after starting containers)
|
||||
setTimeout(function(){
|
||||
window.location.reload(true);
|
||||
window.location.reload(1);
|
||||
}, 10000);
|
||||
} else {
|
||||
// If the responose is not one of the above, we should reload to show the latest content
|
||||
window.location.reload(true);
|
||||
window.location.reload(1);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -84,7 +84,7 @@ function showPassword(id) {
|
||||
document.getElementById('overlay-log')?.classList.add('visible');
|
||||
// Reload the page after the response was fully loaded into the iframe.
|
||||
document.querySelector('iframe[name="overlay-log"]').addEventListener('load', () => {
|
||||
location.reload(true);
|
||||
location.reload();
|
||||
});
|
||||
};
|
||||
}
|
||||
|
||||
@@ -55,9 +55,6 @@ $twig->addExtension(new \AIO\Twig\CsrfExtension($container->get(Guard::class)));
|
||||
// Auth Middleware
|
||||
$app->add(new \AIO\Middleware\AuthMiddleware($container->get(\AIO\Auth\AuthManager::class)));
|
||||
|
||||
// Security Headers Middleware
|
||||
$app->add(new \AIO\Middleware\SecurityHeadersMiddleware());
|
||||
|
||||
// API
|
||||
$app->post('/api/docker/watchtower', AIO\Controller\DockerController::class . ':StartWatchtowerContainer');
|
||||
$app->get('/api/docker/getwatchtower', AIO\Controller\DockerController::class . ':StartWatchtowerContainer');
|
||||
|
||||
@@ -96,7 +96,7 @@ class LogViewer {
|
||||
}
|
||||
|
||||
scrollToBottom() {
|
||||
this.logElem.scrollTop = this.logElem.scrollHeight;
|
||||
window.scrollTo(0, document.body.scrollHeight);
|
||||
}
|
||||
|
||||
initAutoloadingControls() {
|
||||
|
||||
@@ -32,7 +32,4 @@ function setThemeIcon(theme) {
|
||||
setThemeToDOM(getSavedTheme());
|
||||
|
||||
// Apply theme when the page loads
|
||||
document.addEventListener('DOMContentLoaded', () => {
|
||||
setThemeIcon(getSavedTheme())
|
||||
document.querySelector('button#theme-toggle')?.addEventListener('click', toggleTheme);
|
||||
});
|
||||
document.addEventListener('DOMContentLoaded', () => setThemeIcon(getSavedTheme()));
|
||||
|
||||
@@ -26,7 +26,6 @@ readonly class AuthManager {
|
||||
public function SetAuthState(bool $isLoggedIn) : void {
|
||||
|
||||
if (!$this->IsAuthenticated() && $isLoggedIn === true) {
|
||||
session_regenerate_id(true);
|
||||
$date = new DateTime();
|
||||
$dateTime = $date->getTimestamp();
|
||||
$_SESSION['date_time'] = $dateTime;
|
||||
|
||||
@@ -28,9 +28,6 @@ readonly class LoginController {
|
||||
return $response->withHeader('Location', '.')->withStatus(201);
|
||||
}
|
||||
|
||||
// Punish failed auth attempts with a delay, as a very simple means against bots.
|
||||
sleep(5);
|
||||
|
||||
$response->getBody()->write("The password is incorrect.");
|
||||
return $response->withHeader('Location', '.')->withStatus(422);
|
||||
}
|
||||
@@ -42,9 +39,6 @@ readonly class LoginController {
|
||||
return $response->withHeader('Location', '../..')->withStatus(302);
|
||||
}
|
||||
|
||||
// Punish failed auth attempts with a delay, as a very simple means against bots.
|
||||
sleep(5);
|
||||
|
||||
return $response->withHeader('Location', '../..')->withStatus(302);
|
||||
}
|
||||
|
||||
|
||||
@@ -657,7 +657,7 @@ class ConfigurationManager
|
||||
throw new InvalidSettingConfigurationException("Please enter your current password.");
|
||||
}
|
||||
|
||||
if (!hash_equals($this->password, $currentPassword)) {
|
||||
if ($currentPassword !== $this->password) {
|
||||
throw new InvalidSettingConfigurationException("The entered current password is not correct.");
|
||||
}
|
||||
|
||||
|
||||
@@ -1,23 +0,0 @@
|
||||
<?php
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace AIO\Middleware;
|
||||
|
||||
use Psr\Http\Message\ResponseInterface;
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
use Psr\Http\Server\RequestHandlerInterface;
|
||||
|
||||
readonly class SecurityHeadersMiddleware {
|
||||
public function __invoke(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
|
||||
{
|
||||
$response = $handler->handle($request);
|
||||
return $response
|
||||
->withHeader('Content-Security-Policy', "default-src 'self'; base-uri 'self'; worker-src 'none'; object-src 'none'; upgrade-insecure-requests;")
|
||||
->withHeader('X-Content-Type-Options', 'nosniff')
|
||||
->withHeader('X-Frame-Options', 'DENY')
|
||||
->withHeader('X-Permitted-Cross-Domain-Policies', 'none')
|
||||
->withHeader('X-DNS-Prefetch-Control', 'off')
|
||||
->withHeader('Referrer-Policy', 'no-referrer')
|
||||
->withHeader('X-Robots-Tag', 'noindex, nofollow');
|
||||
}
|
||||
}
|
||||
@@ -27,8 +27,7 @@
|
||||
<script type="text/javascript" src="timezone.js"></script>
|
||||
|
||||
{# js for optional containers and additional containers forms #}
|
||||
<script type="text/javascript" src="containers-form-submit.js?v7"></script>
|
||||
<script type="text/javascript" src="click-handlers.js?v1"></script>
|
||||
<script type="text/javascript" src="containers-form-submit.js?v6"></script>
|
||||
|
||||
{% set hasBackupLocation = borg_backup_host_location or borg_remote_repo %}
|
||||
{% set isAnyRunning = false %}
|
||||
@@ -154,7 +153,7 @@
|
||||
<form method="POST" action="api/docker/backup-check-repair" target="overlay-log">
|
||||
<input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
|
||||
<input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
|
||||
<input type="submit" value="Check and repair backup integrity" data-confirm='Check and repair backup integrity? Are you sure that you want to check and repair the backup integrity? This should only be done after reading the mentioned documentation.'/>
|
||||
<input type="submit" value="Check and repair backup integrity" onclick="return confirm('Check and repair backup integrity? Are you sure that you want to check and repair the backup integrity? This should only be done after reading the mentioned documentation.')"/>
|
||||
</form>
|
||||
</details>
|
||||
{% endif %}
|
||||
@@ -179,7 +178,7 @@
|
||||
{% endfor %}
|
||||
</select><br>
|
||||
<input type="checkbox" id="restore-exclude-previews" name="restore-exclude-previews"><label for="restore-exclude-previews">Exclude previews from restore which will speed up the restore process but will trigger a scan of the preview folder as soon as the Nextcloud container starts the next time</label><br>
|
||||
<input type="submit" value="Restore selected backup" data-confirm='⚠️ Important: If the backup that you want to restore contained any community container, you need to restore the same backup a second time after this attempt so that the community container data is also correctly restored.'/>
|
||||
<input type="submit" value="Restore selected backup" onclick="return confirm('⚠️ Important: If the backup that you want to restore contained any community container, you need to restore the same backup a second time after this attempt so that the community container data is also correctly restored.')"/>
|
||||
</form>
|
||||
{% endif %}
|
||||
{% elseif borg_backup_mode == 'restore' %}
|
||||
@@ -354,9 +353,6 @@
|
||||
<input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
|
||||
<input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
|
||||
<input id="base_path" type="hidden" name="base_path" value="">
|
||||
{% if bypass_container_update == true %}
|
||||
<input type="hidden" name="bypass_container_update" value="true">
|
||||
{% endif %}
|
||||
<input type="submit" value="Start containers" />
|
||||
</form>
|
||||
{% else %}
|
||||
@@ -365,9 +361,9 @@
|
||||
<input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
|
||||
<input id="base_path" type="hidden" name="base_path" value="">
|
||||
{% if bypass_container_update == true %}
|
||||
<input type="hidden" name="bypass_container_update" value="true">
|
||||
<input type="hidden" name="bypass_container_update" value="{{bypass_container_update}}">
|
||||
{% endif %}
|
||||
<input class="button " type="submit" value="Start and update containers" data-confirm='Start and update containers? You should consider creating a backup first.' />
|
||||
<input class="button " type="submit" value="Start and update containers" onclick="return confirm('Start and update containers? You should consider creating a backup first.')" />
|
||||
</form>
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
@@ -414,7 +410,7 @@
|
||||
<form method="POST" action="api/docker/backup-check-repair" target="overlay-log">
|
||||
<input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
|
||||
<input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
|
||||
<input type="submit" value="Check and repair backup integrity" data-confirm='Check and repair backup integrity? Are you sure that you want to check and repair the backup integrity? This should only be done after reading the mentioned documentation.'/>
|
||||
<input type="submit" value="Check and repair backup integrity" onclick="return confirm('Check and repair backup integrity? Are you sure that you want to check and repair the backup integrity? This should only be done after reading the mentioned documentation.')"/>
|
||||
</form>
|
||||
</details>
|
||||
{% endif %}
|
||||
@@ -479,7 +475,7 @@
|
||||
<form method="POST" action="api/docker/backup" target="overlay-log">
|
||||
<input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
|
||||
<input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
|
||||
<input type="submit" value="Create backup" data-confirm='Create backup? Are you sure that you want to create a backup? This will stop all running containers and create the backup.' />
|
||||
<input type="submit" value="Create backup" onclick="return confirm('Create backup? Are you sure that you want to create a backup? This will stop all running containers and create the backup.')" />
|
||||
</form>
|
||||
|
||||
{% if has_backup_run_once == true %}
|
||||
@@ -491,7 +487,7 @@
|
||||
<form method="POST" action="api/docker/backup-check" target="overlay-log">
|
||||
<input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
|
||||
<input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
|
||||
<input type="submit" value="Check backup integrity" data-confirm='Check backup integrity? Are you sure that you want to check the backup? This can take a long time depending on the size of your backup.' />
|
||||
<input type="submit" value="Check backup integrity" onclick="return confirm('Check backup integrity? Are you sure that you want to check the backup? This can take a long time depending on the size of your backup.')" />
|
||||
</form>
|
||||
|
||||
<h3>Backup restore</h3>
|
||||
@@ -504,7 +500,7 @@
|
||||
<option value="{{ restore_time }}">{{ restore_time }} UTC</option>
|
||||
{% endfor %}
|
||||
</select>
|
||||
<input type="submit" value="Restore selected backup" data-confirm='Restore the selected backup? Are you sure that you want to restore the selected backup? This will stop all running containers and restore the selected backup. It is recommended to create a backup first. You might also want to check the backup integrity.' />
|
||||
<input type="submit" value="Restore selected backup" onclick="return confirm('Restore the selected backup? Are you sure that you want to restore the selected backup? This will stop all running containers and restore the selected backup. It is recommended to create a backup first. You might also want to check the backup integrity.')" />
|
||||
</form>
|
||||
|
||||
<h3>Update backup list</h3>
|
||||
@@ -571,7 +567,7 @@
|
||||
<input type="hidden" name="delete_borg_backup_location_vars" value="yes"/>
|
||||
<input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
|
||||
<input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
|
||||
<input type="submit" value="Reset backup location" data-confirm='Are you sure that you want to reset the backup location?' />
|
||||
<input type="submit" value="Reset backup location" onclick="return confirm('Are you sure that you want to reset the backup location?')" />
|
||||
</form>
|
||||
{% endif %}
|
||||
{% if has_backup_run_once == true %}
|
||||
@@ -617,7 +613,7 @@
|
||||
<input type="text" id="timezone" name="timezone" placeholder="Europe/Berlin" />
|
||||
<input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
|
||||
<input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
|
||||
<input type="submit" value="Submit timezone" data-confirm='Are you sure that this is a valid timezone? Please double check by following the wikipedia article and checking the correct column. If the timezone is not valid, it will break the startup since the database will not be correctly initialized and you will end up in a startup loop.' />
|
||||
<input type="submit" value="Submit timezone" onclick="return confirm('Are you sure that this is a valid timezone? Please double check by following the wikipedia article and checking the correct column. If the timezone is not valid, it will break the startup since the database will not be correctly initialized and you will end up in a startup loop.')" />
|
||||
</form>
|
||||
<p>You need to make sure that the timezone that you enter is valid. An example is <strong>Europe/Berlin</strong>. You can get valid values by looking at the 'TZ identifier' column of this list: <a target="_blank" href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"><strong>click here</strong></a>. The default is <strong>Etc/UTC</strong> if nothing is entered.</p>
|
||||
{% else %}
|
||||
@@ -636,7 +632,7 @@
|
||||
{% endif %}
|
||||
|
||||
{% if isApacheStarting == true or is_backup_container_running == true or isWatchtowerRunning == true or is_daily_backup_running == true %}
|
||||
<script type="text/javascript" src="automatic_reload.js?v2"></script>
|
||||
<script type="text/javascript" src="automatic_reload.js"></script>
|
||||
{% else %}
|
||||
<script type="text/javascript" src="before-unload.js"></script>
|
||||
{% endif %}
|
||||
|
||||
@@ -1 +1 @@
|
||||
12.9.2
|
||||
12.9.0
|
||||
|
||||
@@ -37,6 +37,6 @@
|
||||
</p>
|
||||
{% endfor %}
|
||||
|
||||
<input id="community-form-submit" type="submit" value="Save changes" data-confirm='Are you sure that you read the documentation of all community containers that you enabled? If no, please do not continue as this might break your instance!' />
|
||||
<input id="community-form-submit" type="submit" value="Save changes" onclick="return confirm('Are you sure that you read the documentation of all community containers that you enabled? If no, please do not continue as this might break your instance!')" />
|
||||
</form>
|
||||
</details>
|
||||
|
||||
@@ -41,7 +41,7 @@
|
||||
<li>Best support for legacy files</li>
|
||||
</ul>
|
||||
{% if isAnyRunning == false %}
|
||||
<a href="https://www.collaboraoffice.com/code/" target="_blank" class="office-learn-more" data-stop-event-propagation="true">
|
||||
<a href="https://www.collaboraoffice.com/code/" target="_blank" class="office-learn-more" onclick="event.stopPropagation();">
|
||||
Learn more
|
||||
<svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg" style="vertical-align: middle; margin-left: 4px;">
|
||||
<path d="M6 12L10 8L6 4" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
|
||||
@@ -76,7 +76,7 @@
|
||||
<li>Limited ODF compatibility</li>
|
||||
</ul>
|
||||
{% if isAnyRunning == false %}
|
||||
<a href="https://www.onlyoffice.com/" target="_blank" class="office-learn-more" data-stop-event-propagation="true">
|
||||
<a href="https://www.onlyoffice.com/" target="_blank" class="office-learn-more" onclick="event.stopPropagation();">
|
||||
Learn more
|
||||
<svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg" style="vertical-align: middle; margin-left: 4px;">
|
||||
<path d="M6 12L10 8L6 4" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
|
||||
@@ -198,6 +198,7 @@
|
||||
>
|
||||
<label for="docker-socket-proxy">Docker Socket Proxy (needed for <a target="_blank" href="https://github.com/cloud-py-api/app_api#nextcloud-appapi">Nextcloud App API</a>) ⚠️ The docker socket proxy container is deprecated. Please use the HaRP (High-availability Reverse Proxy for Nextcloud ExApps) instead!</label>
|
||||
</p>
|
||||
{#
|
||||
<p>
|
||||
<input
|
||||
type="checkbox"
|
||||
@@ -212,6 +213,7 @@
|
||||
>
|
||||
<label for="harp">HaRP (<a target="_blank" href="https://github.com/nextcloud/HaRP">High-availability Reverse Proxy</a> for Nextcloud ExApps)</label>
|
||||
</p>
|
||||
#}
|
||||
<p>
|
||||
<input
|
||||
type="checkbox"
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<title>AIO</title>
|
||||
<link rel="stylesheet" href="style.css?v9" media="all" />
|
||||
<link rel="icon" href="img/favicon.png">
|
||||
<script type="text/javascript" src="forms.js?v2"></script>
|
||||
<script type="text/javascript" src="forms.js?v1"></script>
|
||||
<script type="text/javascript" src="toggle-dark-mode.js?v1"></script>
|
||||
</head>
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
<div class="loader"></div>
|
||||
<iframe name="overlay-log" id="overlay-log"></iframe>
|
||||
</div>
|
||||
<button id="theme-toggle">
|
||||
<button id="theme-toggle" onclick="toggleTheme()">
|
||||
<span id="theme-icon"></span>
|
||||
</button>
|
||||
</body>
|
||||
|
||||
@@ -3,25 +3,15 @@
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0"/>
|
||||
<link rel="stylesheet" href="style.css">
|
||||
<style>
|
||||
html, body {
|
||||
height: 100%;
|
||||
overflow: hidden;
|
||||
padding: 0;
|
||||
margin: 0;
|
||||
}
|
||||
pre {
|
||||
height: 100%;
|
||||
overflow: auto;
|
||||
margin: 0;
|
||||
body {
|
||||
padding: 1rem;
|
||||
box-sizing: border-box;
|
||||
}
|
||||
#floating-box {
|
||||
position: fixed;
|
||||
position: sticky;
|
||||
top: 1rem;
|
||||
float: right;
|
||||
right: 1rem;
|
||||
max-width: calc(100vw - 2rem);
|
||||
z-index: 10;
|
||||
width: 20rem;
|
||||
display: flex;
|
||||
justify-content: end;
|
||||
align-items: center;
|
||||
@@ -53,7 +43,7 @@
|
||||
transition: opacity 1s, display 1s allow-discrete;
|
||||
}
|
||||
</style>
|
||||
<script src="log-view.js?v1"></script>
|
||||
<script src="log-view.js"></script>
|
||||
</head>
|
||||
<body data-container-id="{{ id }}">
|
||||
<div id="floating-box">
|
||||
|
||||
0
php/tests/tests/initial-setup.spec.js
Executable file → Normal file
0
php/tests/tests/initial-setup.spec.js
Executable file → Normal file
0
php/tests/tests/restore-instance.spec.js
Executable file → Normal file
0
php/tests/tests/restore-instance.spec.js
Executable file → Normal file
@@ -151,7 +151,7 @@ sudo docker run \
|
||||
- `--sig-proxy=false` — prevents Ctrl+C in the attached terminal from stopping the container.
|
||||
- `--name nextcloud-aio-mastercontainer` — the container name. Do not change this name; mastercontainer updates rely on it.
|
||||
- `--restart always` — ensures the container restarts automatically with the Docker daemon.
|
||||
- `--publish 80:80` — publishes container port 80 on host port 80 (used for ACME http-challenge when obtaining certificates, used for for the AIO-interface running inside the mastercontainer). Not required if you run AIO behind a reverse proxy.
|
||||
- `--publish 80:80` — publishes container port 80 on host port 80 (used for ACME http-challenge when obtaining certificates). Not required if you run AIO behind a reverse proxy.
|
||||
- `--publish 8080:8080` — publishes the AIO interface (self-signed certificate) on host port 8080. You may map a different host port if 8080 is in use (e.g. `--publish 8081:8080`).
|
||||
- `--publish 8443:8443` — publishes the AIO interface with a valid certificate on host port 8443 (requires ports 80 and 8443 to be reachable and a domain pointing to your server). Not required if you run AIO behind a reverse proxy.
|
||||
- `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` — stores mastercontainer configuration in the named Docker volume. Do not change this volume name; built-in backups depend on it.
|
||||
@@ -703,7 +703,7 @@ Simply run the following command: `sudo docker exec --user www-data nextcloud-ai
|
||||
See [multiple-instances.md](./multiple-instances.md) for some documentation on this.
|
||||
|
||||
### Bruteforce protection FAQ
|
||||
Nextcloud features a built-in bruteforce protection which may get triggered and will block an ip-address or disable a user. You can unblock an ip-address by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ security:bruteforce:reset <ip-address>` and enable a disabled user by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ user:enable <name of user>`. See https://docs.nextcloud.com/server/latest/admin_manual/occ_command.html#security-commands-label for further information. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management
|
||||
Nextcloud features a built-in bruteforce protection which may get triggered and will block an ip-address or disable a user. You can unblock an ip-address by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ security:bruteforce:reset <ip-address>` and enable a disabled user by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ user:enable <name of user>`. See https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html#security for further information. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management
|
||||
|
||||
### How to switch the channel?
|
||||
You can switch to a different channel like e.g. the beta channel or from the beta channel back to the latest channel by stopping the mastercontainer, removing it (no data will be lost) and recreating the container using the same command that you used initially to create the mastercontainer. You simply need to change the last line `ghcr.io/nextcloud-releases/all-in-one:latest` to `ghcr.io/nextcloud-releases/all-in-one:beta` and vice versa. ⚠️ In some rare occurrences, you might need to run `docker pull ghcr.io/nextcloud-releases/all-in-one:latest` or `docker pull ghcr.io/nextcloud-releases/all-in-one:beta` first before being able to use the image.
|
||||
|
||||
803
reverse-proxy.md
803
reverse-proxy.md
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user