mirror of
https://github.com/nextcloud/all-in-one.git
synced 2026-05-21 10:50:10 +00:00
Compare commits
11 Commits
copilot/re
...
copilot/ad
| Author | SHA1 | Date | |
|---|---|---|---|
|
61518648f8 | ||
|
|
1c66647c9d | ||
|
|
c777cbaf45 | ||
|
|
1739ab0a7b | ||
|
|
7c8cabdb2d | ||
|
|
7049448541 | ||
|
|
35dd0a2c00 | ||
|
|
fbe60b852c | ||
|
|
5782a01b7f | ||
|
|
46b325f2bd | ||
|
|
05f9fa0e25 |
2
.github/workflows/lint-yaml.yml
vendored
2
.github/workflows/lint-yaml.yml
vendored
@@ -36,7 +36,7 @@ jobs:
|
||||
line-length: warning
|
||||
|
||||
- name: Install the latest version of uv
|
||||
uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 # v7.3.1
|
||||
uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0
|
||||
|
||||
- name: Check GitHub actions
|
||||
run: uvx zizmor --min-severity medium .github/workflows/*.yml
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
}
|
||||
|
||||
https://{$ADDITIONAL_TRUSTED_DOMAIN}:443,
|
||||
http://{$APACHE_HOST}:23973, # For Collabora callback and WOPI requests, see containers.json
|
||||
http://{$APACHE_HOST}.nextcloud-aio:23973, # For Collabora callback and WOPI requests, see containers.json
|
||||
{$PROTOCOL}://{$NC_DOMAIN}:{$APACHE_PORT} {
|
||||
header -Server
|
||||
header -X-Powered-By
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
# From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
|
||||
FROM collabora/code:25.04.9.3.1
|
||||
FROM collabora/code:25.04.9.4.1
|
||||
|
||||
USER root
|
||||
ARG DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
@@ -17,7 +17,8 @@
|
||||
}
|
||||
|
||||
servers {
|
||||
protocols h1 h2 h2c
|
||||
# Only h1 is allowed as we prevent `ERR_NETWORK_CHANGED` from happening
|
||||
protocols h1
|
||||
}
|
||||
|
||||
on_demand_tls {
|
||||
@@ -39,7 +40,6 @@ https://:8443 {
|
||||
abort @denied
|
||||
|
||||
root * /var/www/docker-aio/php/public
|
||||
encode
|
||||
php_fastcgi unix//run/php.sock
|
||||
file_server
|
||||
|
||||
|
||||
@@ -13,7 +13,8 @@
|
||||
}
|
||||
|
||||
servers {
|
||||
protocols h1 h2
|
||||
# Only h1 is allowed as we prevent `ERR_NETWORK_CHANGED` from happening
|
||||
protocols h1
|
||||
}
|
||||
|
||||
skip_install_trust
|
||||
@@ -27,7 +28,6 @@ https://:8080 {
|
||||
abort @denied
|
||||
|
||||
root * /var/www/docker-aio/php/public
|
||||
encode
|
||||
php_fastcgi unix//run/php.sock
|
||||
file_server
|
||||
|
||||
|
||||
35
community-containers/bitwarden-lite/bitwarden-lite.json
Normal file
35
community-containers/bitwarden-lite/bitwarden-lite.json
Normal file
@@ -0,0 +1,35 @@
|
||||
{
|
||||
"aio_services_v1": [
|
||||
{
|
||||
"container_name": "nextcloud-aio-bitwarden-lite",
|
||||
"display_name": "Bitwarden Lite",
|
||||
"documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/bitwarden-lite",
|
||||
"image": "ghcr.io/bitwarden/lite",
|
||||
"image_tag": "latest",
|
||||
"internal_port": "8813",
|
||||
"restart": "unless-stopped",
|
||||
"ports": [
|
||||
{
|
||||
"ip_binding": "%APACHE_IP_BINDING%",
|
||||
"port_number": "8813",
|
||||
"protocol": "tcp"
|
||||
}
|
||||
],
|
||||
"environment": [
|
||||
"TZ=%TIMEZONE%",
|
||||
"ASPNETCORE_HTTP_PORTS=8813",
|
||||
"globalSettings__baseServiceUri__vault=https://bw.%NC_DOMAIN%"
|
||||
],
|
||||
"volumes": [
|
||||
{
|
||||
"source": "nextcloud_aio_bitwarden_lite",
|
||||
"destination": "/etc/bitwarden",
|
||||
"writeable": true
|
||||
}
|
||||
],
|
||||
"backup_volumes": [
|
||||
"nextcloud_aio_bitwarden_lite"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
17
community-containers/bitwarden-lite/readme.md
Normal file
17
community-containers/bitwarden-lite/readme.md
Normal file
@@ -0,0 +1,17 @@
|
||||
## Bitwarden Lite
|
||||
This container bundles Bitwarden Lite (the official Bitwarden unified self-hosted container) and auto-configures it for you.
|
||||
|
||||
### Notes
|
||||
- You need to configure a reverse proxy in order to run this container since Bitwarden Lite needs a dedicated (sub)domain! For that, you might have a look at https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy or follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md. You need to point the reverse proxy at port 8813 of this server.
|
||||
- Currently, only `bw.$NC_DOMAIN` is supported as subdomain! So if Nextcloud is using `your-domain.com`, Bitwarden Lite will use `bw.your-domain.com`. The reverse proxy and domain must be configured accordingly!
|
||||
- **This container is incompatible with the [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) community container since both use `bw.$NC_DOMAIN` as subdomain. Make sure that you do not enable both at the same time!**
|
||||
- If you want to secure the installation with fail2ban, you might want to check out https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban
|
||||
- The data of Bitwarden Lite will be automatically included in AIOs backup solution!
|
||||
- After adding and starting the container, you need to visit `https://bw.your-domain.com/admin` in order to log in with your admin email address. Note that the admin login requires a working SMTP/mail configuration since it sends a one-time-password to the admin email.
|
||||
- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
|
||||
|
||||
### Repository
|
||||
https://github.com/bitwarden/self-host
|
||||
|
||||
### Maintainer
|
||||
https://github.com/szaimen
|
||||
@@ -1,5 +1,5 @@
|
||||
## Caddy with geoblocking
|
||||
This container bundles caddy and auto-configures it for you. It also covers [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) by listening on `bw.$NC_DOMAIN`, if installed. It also covers [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart) by listening on `mail.$NC_DOMAIN`, if installed. It also covers [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) by listening on `media.$NC_DOMAIN`, if installed. It also covers [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) by listening on `ldap.$NC_DOMAIN`, if installed. It also covers [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb) by listening on `tables.$NC_DOMAIN`, if installed. It also covers [seerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr) by listening on `requests.$NC_DOMAIN`, if installed. It also covers [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter) by listening on `metrics.$NC_DOMAIN`, if installed. It also covers [LocalAI](https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai) by listening on `ai.$NC_DOMAIN`, if installed.
|
||||
This container bundles caddy and auto-configures it for you. It also covers [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) or [bitwarden-lite](https://github.com/nextcloud/all-in-one/tree/main/community-containers/bitwarden-lite) (mutually exclusive alternatives) by listening on `bw.$NC_DOMAIN`, if either is installed. It also covers [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart) by listening on `mail.$NC_DOMAIN`, if installed. It also covers [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) by listening on `media.$NC_DOMAIN`, if installed. It also covers [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) by listening on `ldap.$NC_DOMAIN`, if installed. It also covers [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb) by listening on `tables.$NC_DOMAIN`, if installed. It also covers [seerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr) by listening on `requests.$NC_DOMAIN`, if installed. It also covers [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter) by listening on `metrics.$NC_DOMAIN`, if installed. It also covers [LocalAI](https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai) by listening on `ai.$NC_DOMAIN`, if installed.
|
||||
|
||||
### Notes
|
||||
- This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
|
||||
@@ -8,6 +8,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau
|
||||
- Starting with AIO v12, you can also limit vaultwarden, stalwart and lldap to certain ip-addresses. You can do so by creating a `allowed-IPs-vaultwarden.txt`, `allowed-IPs-stalwart.txt`, or `allowed-IPs-lldap.txt` file in the `nextcloud-aio-caddy` directory of your admin user and adding the ip-addresses in these files.
|
||||
- The container also supports the proxy protocol inside caddy. That means that you can run a supported web server in front of port 443/tcp and use the proxy protocol. You can enable this by configuring the `APACHE_IP_BINDING` environmental variable for the mastercontainer and set it to an ip-address from which the protocol shall be accepted. ⚠️ Note that the initial domain validation will not work correctly if you want to use the proxy protocol. So make sure to skip the domain validation in that case. See the [documentation](https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation).
|
||||
- If you want to use this with [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden), make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
|
||||
- If you want to use this with [bitwarden-lite](https://github.com/nextcloud/all-in-one/tree/main/community-containers/bitwarden-lite), make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for bitwarden-lite.
|
||||
- If you want to use this with [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart), make sure that you point `mail.your-nc-domain.com` to your server using an A, AAAA or CNAME record so that caddy can get a certificate automatically for stalwart.
|
||||
- If you want to use this with [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin), make sure that you point `media.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyfin.
|
||||
- If you want to use this with [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap), make sure that you point `ldap.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for lldap.
|
||||
|
||||
@@ -35,6 +35,11 @@
|
||||
"source": "nextcloud_aio_jellyseerr",
|
||||
"destination": "/jellyseerr",
|
||||
"writeable": false
|
||||
},
|
||||
{
|
||||
"source": "nextcloud_aio_bitwarden_lite",
|
||||
"destination": "/bitwarden-lite",
|
||||
"writeable": false
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
## Fail2ban
|
||||
This container bundles fail2ban and auto-configures it for you in order to block ip-addresses automatically. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin, and https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr, if installed.
|
||||
This container bundles fail2ban and auto-configures it for you in order to block ip-addresses automatically. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, https://github.com/nextcloud/all-in-one/tree/main/community-containers/bitwarden-lite, https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin, and https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr, if installed.
|
||||
|
||||
### Notes
|
||||
- If you get an error like `"ip6tables v1.8.9 (legacy): can't initialize ip6tables table filter': Table does not exist (do you need to insmod?)"`, you need to enable ip6tables on your host via `sudo modprobe ip6table_filter`.
|
||||
|
||||
@@ -2,6 +2,7 @@
|
||||
This container bundles vaultwarden and auto-configures it for you.
|
||||
|
||||
### Notes
|
||||
- **This container is incompatible with the [bitwarden-lite](https://github.com/nextcloud/all-in-one/tree/main/community-containers/bitwarden-lite) community container since both use `bw.$NC_DOMAIN` as subdomain. Make sure that you do not enable both at the same time!**
|
||||
- You need to configure a reverse proxy in order to run this container since vaultwarden needs a dedicated (sub)domain! For that, you might have a look at https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy or follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md and https://github.com/dani-garcia/vaultwarden/wiki/Proxy-examples. You need to point the reverse proxy at port 8812 of this server.
|
||||
- Currently, only `bw.$NC_DOMAIN` is supported as subdomain! So if Nextcloud is using `your-domain.com`, vaultwarden will use `bw.your-domain.com`. The reverse proxy and domain must be configured accordingly!
|
||||
- If you want to secure the installation with fail2ban, you might want to check out https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban
|
||||
|
||||
@@ -379,7 +379,7 @@
|
||||
],
|
||||
"internal_port": "9980",
|
||||
"environment": [
|
||||
"aliasgroup1=https://%NC_DOMAIN%:443,http://nextcloud-aio-apache:23973",
|
||||
"aliasgroup1=https://%NC_DOMAIN%:443,http://nextcloud-aio-apache.nextcloud-aio:23973",
|
||||
"extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
|
||||
"dictionaries=%COLLABORA_DICTIONARIES%",
|
||||
"TZ=%TIMEZONE%",
|
||||
@@ -389,7 +389,7 @@
|
||||
"restart": "unless-stopped",
|
||||
"nextcloud_exec_commands": [
|
||||
"echo 'Activating Collabora config...'",
|
||||
"php /var/www/html/occ richdocuments:activate-config --wopi-url='http://nextcloud-aio-apache:23973' --callback-url='http://nextcloud-aio-apache:23973'"
|
||||
"php /var/www/html/occ richdocuments:activate-config --wopi-url='http://nextcloud-aio-apache.nextcloud-aio:23973' --callback-url='http://nextcloud-aio-apache.nextcloud-aio:23973'"
|
||||
],
|
||||
"profiles": [
|
||||
"collabora"
|
||||
|
||||
@@ -353,6 +353,9 @@
|
||||
<input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
|
||||
<input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
|
||||
<input id="base_path" type="hidden" name="base_path" value="">
|
||||
{% if bypass_container_update == true %}
|
||||
<input type="hidden" name="bypass_container_update" value="true">
|
||||
{% endif %}
|
||||
<input type="submit" value="Start containers" />
|
||||
</form>
|
||||
{% else %}
|
||||
@@ -361,7 +364,7 @@
|
||||
<input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
|
||||
<input id="base_path" type="hidden" name="base_path" value="">
|
||||
{% if bypass_container_update == true %}
|
||||
<input type="hidden" name="bypass_container_update" value="{{bypass_container_update}}">
|
||||
<input type="hidden" name="bypass_container_update" value="true">
|
||||
{% endif %}
|
||||
<input class="button " type="submit" value="Start and update containers" onclick="return confirm('Start and update containers? You should consider creating a backup first.')" />
|
||||
</form>
|
||||
|
||||
0
php/tests/tests/initial-setup.spec.js
Normal file → Executable file
0
php/tests/tests/initial-setup.spec.js
Normal file → Executable file
0
php/tests/tests/restore-instance.spec.js
Normal file → Executable file
0
php/tests/tests/restore-instance.spec.js
Normal file → Executable file
@@ -169,8 +169,8 @@ The process to run Nextcloud AIO behind a reverse proxy has three required steps
|
||||
|
||||
The reverse-proxy container needs to be connected to the nextcloud containers. This can be achieved one of these 3 ways:
|
||||
1. Utilize host networking instead of docker bridge networking: Specify `--network host` option (or `network_mode: host` for docker-compose) as setting for the reverse proxy container to connect it to the host network. If you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy manually. With this setup, the default sample configurations with reverse-proxy pointing to `localhost:$APACHE_PORT` should work directly.
|
||||
1. Connect nextcloud's external-facing containers to the reverse-proxy's docker network by specifying env variable APACHE_ADDITIONAL_NETWORK. With this setup, the reverse proxy can utilize Docker bridge network's DNS name resolution to access nextcloud at `http://nextcloud-aio-apache:$APACHE_PORT`. ⚠️⚠️⚠️ Note, the specified network must already exist before Nextcloud AIO is started. Otherwise it will fail to start the container because the network is not existing.
|
||||
1. Connect the reverse-proxy container to the `nextcloud-aio` network by specifying it as a secondary (external) network for the reverse proxy container. With this setup also, the reverse proxy can utilize Docker bridge network's DNS name resolution to access nextcloud at `http://nextcloud-aio-apache:$APACHE_PORT` .
|
||||
1. Connect nextcloud's external-facing containers to the reverse-proxy's docker network by specifying env variable APACHE_ADDITIONAL_NETWORK. With this setup, the reverse proxy can utilize Docker bridge network's DNS name resolution to access nextcloud at `http://nextcloud-aio-apache.nextcloud-aio:$APACHE_PORT`. ⚠️⚠️⚠️ Note, the specified network must already exist before Nextcloud AIO is started. Otherwise it will fail to start the container because the network is not existing.
|
||||
1. Connect the reverse-proxy container to the `nextcloud-aio` network by specifying it as a secondary (external) network for the reverse proxy container. With this setup also, the reverse proxy can utilize Docker bridge network's DNS name resolution to access nextcloud at `http://nextcloud-aio-apache.nextcloud-aio:$APACHE_PORT` .
|
||||
|
||||
</details>
|
||||
|
||||
|
||||
Reference in New Issue
Block a user