mirror of
https://github.com/nextcloud/all-in-one.git
synced 2026-05-21 10:50:10 +00:00
Compare commits
39 Commits
helm-chart
...
v10.8.0
| Author | SHA1 | Date | |
|---|---|---|---|
|
77dd56bade | ||
|
|
4b644d2fe7 | ||
|
|
b5132b14ff | ||
|
|
af4700d863 | ||
|
|
016dde1e47 | ||
|
|
e97d4b0a3e | ||
|
|
a6246f9544 | ||
|
|
04224e8745 | ||
|
|
be0a738e8c | ||
|
|
a0c8724d98 | ||
|
|
47df5053c8 | ||
|
|
113cd76c6a | ||
|
|
8d1a4653a0 | ||
|
|
a661b488c3 | ||
|
|
aa452b4613 | ||
|
|
fe310624ed | ||
|
|
405fc57bf4 | ||
|
|
0b02764897 | ||
|
|
945f1341fd | ||
|
|
5b6990dfbc | ||
|
|
9e95d96656 | ||
|
|
e6bf224a9a | ||
|
|
06b31c5680 | ||
|
|
53abc41cde | ||
|
|
30b9a05263 | ||
|
|
0615fe2250 | ||
|
|
37d6241550 | ||
|
|
5ab4a4da4e | ||
|
|
b0c191079d | ||
|
|
d21ade09d3 | ||
|
|
6bab6712ce | ||
|
|
b3261d908a | ||
|
|
f55ef08c73 | ||
|
|
88127f607b | ||
|
|
0a4eac4d4b | ||
|
|
4893a0dfc1 | ||
|
|
a7861f2dca | ||
|
|
bf4636e8d6 | ||
|
|
0e88a15edb |
@@ -1,28 +1,25 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
# Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile
|
||||
FROM clamav/clamav:1.4.2-28
|
||||
|
||||
COPY clamav.conf /clamav.conf
|
||||
COPY --chmod=775 start.script /start.script
|
||||
FROM alpine:3.21.3
|
||||
|
||||
RUN set -ex; \
|
||||
apk upgrade --no-cache -a; \
|
||||
apk add --no-cache tzdata bash; \
|
||||
mkdir -p /var/run/clamav /run/lock; \
|
||||
chown -R clamav:clamav /var/run/clamav /run/clamav /var/log/clamav /var/lock /run/lock; \
|
||||
chmod 777 -R /var/run/clamav /run/clamav /var/log/clamav /var/lock /run/lock /tmp; \
|
||||
sed -i "/^set -eu/r /start.script" /init-unprivileged; \
|
||||
rm /start.script; \
|
||||
grep -q 'clamd --foreground &' /init-unprivileged; \
|
||||
sed -i "s|clamd --foreground \&|clamd --foreground --config-file /tmp/clamd.conf \&|" /init-unprivileged; \
|
||||
cat /init-unprivileged
|
||||
apk add --no-cache tzdata clamav supervisor bash; \
|
||||
mkdir -p /run/clamav /var/log/supervisord /var/run/supervisord; \
|
||||
chmod 777 -R /run/clamav /var/log/clamav /var/log/supervisord /var/run/supervisord; \
|
||||
sed -i "s|#\?MaxDirectoryRecursion.*|MaxDirectoryRecursion 30|g" /etc/clamav/clamd.conf; \
|
||||
sed -i "s|#\?MaxFileSize.*|MaxFileSize 2G|g" /etc/clamav/clamd.conf; \
|
||||
sed -i "s|#\?PCREMaxFileSize.*|PCREMaxFileSize aio-placeholder|g" /etc/clamav/clamd.conf; \
|
||||
sed -i "s|#\?StreamMaxLength.*|StreamMaxLength aio-placeholder|g" /etc/clamav/clamd.conf; \
|
||||
sed -i "s|#\?TCPSocket|TCPSocket|g" /etc/clamav/clamd.conf; \
|
||||
freshclam --foreground --stdout
|
||||
|
||||
VOLUME /var/lib/clamav
|
||||
COPY --chmod=775 start.sh /start.sh
|
||||
COPY --chmod=775 healthcheck.sh /healthcheck.sh
|
||||
COPY --chmod=664 supervisord.conf /supervisord.conf
|
||||
|
||||
USER 100
|
||||
|
||||
VOLUME /var/lib/clamav
|
||||
ENTRYPOINT ["/start.sh"]
|
||||
CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
|
||||
LABEL com.centurylinklabs.watchtower.enable="false"
|
||||
|
||||
HEALTHCHECK --start-period=60s --retries=9 CMD clamdcheck.sh
|
||||
|
||||
ENTRYPOINT ["/init-unprivileged"]
|
||||
HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
|
||||
|
||||
@@ -1,5 +0,0 @@
|
||||
# AIO settings
|
||||
MaxDirectoryRecursion 30
|
||||
MaxFileSize 16G
|
||||
PCREMaxFileSize 16G
|
||||
StreamMaxLength 16G
|
||||
9
Containers/clamav/healthcheck.sh
Normal file
9
Containers/clamav/healthcheck.sh
Normal file
@@ -0,0 +1,9 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ "$(echo "PING" | nc 127.0.0.1 3310)" != "PONG" ]; then
|
||||
echo "ERROR: Unable to contact server"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "Clamd is up"
|
||||
exit 0
|
||||
@@ -1,4 +0,0 @@
|
||||
# Adjust settings
|
||||
cat /etc/clamav/clamd.conf > /tmp/clamd.conf
|
||||
CLAMAV_FILE="$(sed "s|16G|$MAX_SIZE|" /clamav.conf)"
|
||||
echo "$CLAMAV_FILE" >> /tmp/clamd.conf
|
||||
7
Containers/clamav/start.sh
Normal file
7
Containers/clamav/start.sh
Normal file
@@ -0,0 +1,7 @@
|
||||
#!/bin/bash
|
||||
|
||||
sed "s|aio-placeholder|$MAX_SIZE|" /etc/clamav/clamd.conf > /tmp/clamd.conf
|
||||
|
||||
echo "Clamav started"
|
||||
|
||||
exec "$@"
|
||||
23
Containers/clamav/supervisord.conf
Normal file
23
Containers/clamav/supervisord.conf
Normal file
@@ -0,0 +1,23 @@
|
||||
[supervisord]
|
||||
nodaemon=true
|
||||
nodaemon=true
|
||||
logfile=/var/log/supervisord/supervisord.log
|
||||
pidfile=/var/run/supervisord/supervisord.pid
|
||||
childlogdir=/var/log/supervisord/
|
||||
logfile_maxbytes=50MB
|
||||
logfile_backups=10
|
||||
loglevel=error
|
||||
|
||||
[program:freshclam]
|
||||
stdout_logfile=/dev/stdout
|
||||
stdout_logfile_maxbytes=0
|
||||
stderr_logfile=/dev/stderr
|
||||
stderr_logfile_maxbytes=0
|
||||
command=freshclam --foreground --stdout --daemon
|
||||
|
||||
[program:clamd]
|
||||
stdout_logfile=/dev/stdout
|
||||
stdout_logfile_maxbytes=0
|
||||
stderr_logfile=/dev/stderr
|
||||
stderr_logfile_maxbytes=0
|
||||
command=clamd --foreground --config-file=/tmp/clamd.conf
|
||||
@@ -1,6 +1,6 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
# Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
|
||||
FROM elasticsearch:8.17.2
|
||||
FROM elasticsearch:8.17.3
|
||||
|
||||
USER root
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
FROM golang:1.24.0-alpine3.21 AS go
|
||||
FROM golang:1.24.1-alpine3.21 AS go
|
||||
|
||||
ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
|
||||
|
||||
|
||||
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
|
||||
ENV REDIS_DB_INDEX=0
|
||||
|
||||
# AIO settings start # Do not remove or change this line!
|
||||
ENV NEXTCLOUD_VERSION=30.0.6
|
||||
ENV NEXTCLOUD_VERSION=30.0.7
|
||||
ENV AIO_TOKEN=123456
|
||||
ENV AIO_URL=localhost
|
||||
# AIO settings end # Do not remove or change this line!
|
||||
|
||||
@@ -60,8 +60,14 @@ elif [ "$DATABASE_TYPE" != postgres ] && [ "$DATABASE_TYPE" != mysql ]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Use the correct Postgres username
|
||||
if [ "$POSTGRES_USER" = nextcloud ]; then
|
||||
POSTGRES_USER="oc_$POSTGRES_USER"
|
||||
export POSTGRES_USER
|
||||
fi
|
||||
|
||||
# Set sensitive values as env
|
||||
export DATABASE_URL="$DATABASE_TYPE://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB"
|
||||
export DATABASE_URL="$DATABASE_TYPE://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB"
|
||||
export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX"
|
||||
|
||||
# Run it
|
||||
|
||||
@@ -4,7 +4,7 @@ FROM eturnal/eturnal:1.12.1 AS eturnal
|
||||
FROM strukturag/nextcloud-spreed-signaling:2.0.2 AS signaling
|
||||
FROM alpine:3.21.3 AS janus
|
||||
|
||||
ARG JANUS_VERSION=v1.3.0
|
||||
ARG JANUS_VERSION=v1.3.1
|
||||
WORKDIR /src
|
||||
RUN set -ex; \
|
||||
apk add --no-cache \
|
||||
|
||||
@@ -5,7 +5,8 @@ FROM ghcr.io/nextcloud-releases/whiteboard:v1.0.5
|
||||
USER root
|
||||
RUN set -ex; \
|
||||
apk upgrade --no-cache -a; \
|
||||
apk add --no-cache bash
|
||||
apk add --no-cache bash; \
|
||||
chmod 777 -R /tmp
|
||||
USER 65534
|
||||
|
||||
COPY --chmod=775 start.sh /start.sh
|
||||
|
||||
12
community-containers/helloworld/helloworld.json
Normal file
12
community-containers/helloworld/helloworld.json
Normal file
@@ -0,0 +1,12 @@
|
||||
{
|
||||
"aio_services_v1": [
|
||||
{
|
||||
"container_name": "nextcloud-aio-helloworld",
|
||||
"display_name": "Hello world",
|
||||
"documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/helloworld",
|
||||
"image": "ghcr.io/docjyj/aio-helloworld",
|
||||
"image_tag": "%AIO_CHANNEL%",
|
||||
"restart": "unless-stopped"
|
||||
}
|
||||
]
|
||||
}
|
||||
8
community-containers/helloworld/readme.md
Normal file
8
community-containers/helloworld/readme.md
Normal file
@@ -0,0 +1,8 @@
|
||||
## Hello World
|
||||
This container is a template for creating a community container.
|
||||
|
||||
### Repository
|
||||
https://github.com/docjyj/aio-helloworld
|
||||
|
||||
### Maintainer
|
||||
https://github.com/docjyj
|
||||
@@ -4,8 +4,8 @@
|
||||
"container_name": "nextcloud-aio-nocodb",
|
||||
"display_name": "NocoDB",
|
||||
"documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb",
|
||||
"image": "docjyj/aio-nocodb",
|
||||
"image_tag": "%AIO_CHANNEL%",
|
||||
"image": "nocodb/nocodb",
|
||||
"image_tag": "latest",
|
||||
"internal_port": "10028",
|
||||
"restart": "unless-stopped",
|
||||
"ports": [
|
||||
|
||||
@@ -22,7 +22,7 @@ This is an alternative of **Airtable**.
|
||||
- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
|
||||
|
||||
### Repository
|
||||
https://github.com/docjyJ/aio-nocodb
|
||||
https://github.com/nocodb/nocodb
|
||||
|
||||
### Maintainer
|
||||
https://github.com/docjyJ
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
"container_name": "nextcloud-aio-npmplus",
|
||||
"display_name": "NPMplus",
|
||||
"documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus",
|
||||
"image": "zoeyvid/npmplus",
|
||||
"image": "ghcr.io/zoeyvid/npmplus",
|
||||
"image_tag": "latest",
|
||||
"internal_port": "host",
|
||||
"restart": "unless-stopped",
|
||||
|
||||
15
community-containers/smbserver/readme.md
Normal file
15
community-containers/smbserver/readme.md
Normal file
@@ -0,0 +1,15 @@
|
||||
## SMB-server
|
||||
This container bundles an SMB-server and allows to configure it via a graphical shell script.
|
||||
|
||||
### Notes
|
||||
- This container should only be run in home networks
|
||||
- This container currently only works on amd64. See https://github.com/szaimen/aio-smbserver/issues/3
|
||||
- After adding and starting the container, you need to visit `https://internal.ip.of.server:5803` in order to log in with the `smbserver` user and the password that you can see next to the container in the AIO interface. (The web page uses a self-signed certificate, so you need to accept the warning). Then type in `bash /smbserver.sh` and you will see a graphical UI for configuring the smb-server interactively.
|
||||
- The config data of SMB-server will be automatically included in AIOs backup solution!
|
||||
- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
|
||||
|
||||
### Repository
|
||||
https://github.com/szaimen/aio-smbserver/
|
||||
|
||||
### Maintainer
|
||||
https://github.com/szaimen
|
||||
60
community-containers/smbserver/smbserver.json
Normal file
60
community-containers/smbserver/smbserver.json
Normal file
@@ -0,0 +1,60 @@
|
||||
{
|
||||
"aio_services_v1": [
|
||||
{
|
||||
"container_name": "nextcloud-aio-smbserver",
|
||||
"display_name": "SMB-server",
|
||||
"documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/smbserver",
|
||||
"image": "szaimen/aio-smbserver",
|
||||
"image_tag": "v1",
|
||||
"internal_port": "5803",
|
||||
"restart": "unless-stopped",
|
||||
"ports": [
|
||||
{
|
||||
"ip_binding": "",
|
||||
"port_number": "5803",
|
||||
"protocol": "tcp"
|
||||
},
|
||||
{
|
||||
"ip_binding": "",
|
||||
"port_number": "445",
|
||||
"protocol": "tcp"
|
||||
},
|
||||
{
|
||||
"ip_binding": "",
|
||||
"port_number": "139",
|
||||
"protocol": "tcp"
|
||||
}
|
||||
],
|
||||
"volumes": [
|
||||
{
|
||||
"source": "nextcloud_aio_smbserver",
|
||||
"destination": "/smbserver",
|
||||
"writeable": true
|
||||
},
|
||||
{
|
||||
"source": "%NEXTCLOUD_DATADIR%",
|
||||
"destination": "/mnt/ncdata",
|
||||
"writeable": true
|
||||
},
|
||||
{
|
||||
"source": "%NEXTCLOUD_MOUNT%",
|
||||
"destination": "/mnt",
|
||||
"writeable": true
|
||||
}
|
||||
],
|
||||
"environment": [
|
||||
"TZ=%TIMEZONE%",
|
||||
"WEB_AUTHENTICATION_USERNAME=smbserver",
|
||||
"WEB_AUTHENTICATION_PASSWORD=%SMBSERVER_PASSWORD%",
|
||||
"WEB_LISTENING_PORT=5803"
|
||||
],
|
||||
"secrets": [
|
||||
"SMBSERVER_PASSWORD"
|
||||
],
|
||||
"ui_secret": "SMBSERVER_PASSWORD",
|
||||
"backup_volumes": [
|
||||
"nextcloud_aio_smbserver"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
@@ -4,7 +4,7 @@
|
||||
"container_name": "nextcloud-aio-stalwart",
|
||||
"display_name": "Stalwart",
|
||||
"documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart",
|
||||
"image": "docjyj/aio-stalwart",
|
||||
"image": "ghcr.io/docjyj/aio-stalwart",
|
||||
"image_tag": "%AIO_CHANNEL%",
|
||||
"internal_port": "10003",
|
||||
"restart": "unless-stopped",
|
||||
|
||||
@@ -24,7 +24,7 @@ First, install docker and docker-compose (v2) if not already done. Then simply r
|
||||
git clone https://github.com/nextcloud/all-in-one.git
|
||||
cd all-in-one/manual-install
|
||||
```
|
||||
Then copy the sample.conf to default environment file, e.g. `cp sample.conf .env`, open the new conf file, e.g. with `nano .env`, edit all values that are marked with `# TODO!`, close and save the file. (Note: there is no clamav image for arm64).<br>
|
||||
Then copy the sample.conf to default environment file, e.g. `cp sample.conf .env`, open the new conf file, e.g. with `nano .env`, edit all values that are marked with `# TODO!`, close and save the file.<br>
|
||||
⚠️ **Warning**: Do not use the symbols `@` and `:` in your passwords. These symbols are used to build database connection strings. You will experience issues when using these symbols! Also please note that values inside the latest.yaml that are not exposed as variables are not officially supported to be changed. See for example [this report](https://github.com/nextcloud/all-in-one/issues/5612).
|
||||
|
||||
Now copy the provided yaml file to a compose.yaml file by running `cp latest.yml compose.yaml`.
|
||||
@@ -32,9 +32,9 @@ Now copy the provided yaml file to a compose.yaml file by running `cp latest.yml
|
||||
Now you should be ready to go with `sudo docker compose up`.
|
||||
|
||||
## Docker profiles
|
||||
The default profile of `latest.yml` only provide the minimum necessary services: nextcloud, database, redis and apache. To get optional services collabora, talk, whiteboard, talk-recording, clamav, imaginary or fulltextsearch use additional arguments for each of them, for example `--profile collabora`. (Note: there is no clamav image for arm64).
|
||||
The default profile of `latest.yml` only provide the minimum necessary services: nextcloud, database, redis and apache. To get optional services collabora, talk, whiteboard, talk-recording, clamav, imaginary or fulltextsearch use additional arguments for each of them, for example `--profile collabora`.
|
||||
|
||||
For a complete all-in-one with collabora use `sudo docker compose --profile collabora --profile talk --profile talk-recording --profile clamav --profile imaginary --profile fulltextsearch --profile whiteboard up`. (Note: there is no clamav image for arm64).
|
||||
For a complete all-in-one with collabora use `sudo docker compose --profile collabora --profile talk --profile talk-recording --profile clamav --profile imaginary --profile fulltextsearch --profile whiteboard up`.
|
||||
|
||||
## How to update?
|
||||
Since the AIO containers may change in the future, it is highly recommended to strictly follow the following procedure whenever you want to upgrade your containers.
|
||||
|
||||
@@ -75,7 +75,7 @@ do
|
||||
done
|
||||
|
||||
sed -i 's|_ENABLED=|_ENABLED="no" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.|' sample.conf
|
||||
sed -i 's|CLAMAV_ENABLED=no.*|CLAMAV_ENABLED="no" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically. Note: arm64 has no clamav support|' sample.conf
|
||||
sed -i 's|CLAMAV_ENABLED=no.*|CLAMAV_ENABLED="no" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.|' sample.conf
|
||||
sed -i 's|TALK_ENABLED=no|TALK_ENABLED="yes"|' sample.conf
|
||||
sed -i 's|COLLABORA_ENABLED=no|COLLABORA_ENABLED="yes"|' sample.conf
|
||||
sed -i 's|COLLABORA_DICTIONARIES=|COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru" # You can change this in order to enable other dictionaries for collabora|' sample.conf
|
||||
|
||||
14
php/composer.lock
generated
14
php/composer.lock
generated
@@ -557,16 +557,16 @@
|
||||
},
|
||||
{
|
||||
"name": "php-di/php-di",
|
||||
"version": "7.0.8",
|
||||
"version": "7.0.9",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/PHP-DI/PHP-DI.git",
|
||||
"reference": "98ddc81f8f768a2ad39e4cbe737285eaeabe577a"
|
||||
"reference": "d8480267f5cf239650debba704f3ecd15b638cde"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/98ddc81f8f768a2ad39e4cbe737285eaeabe577a",
|
||||
"reference": "98ddc81f8f768a2ad39e4cbe737285eaeabe577a",
|
||||
"url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/d8480267f5cf239650debba704f3ecd15b638cde",
|
||||
"reference": "d8480267f5cf239650debba704f3ecd15b638cde",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -583,7 +583,7 @@
|
||||
"friendsofphp/proxy-manager-lts": "^1",
|
||||
"mnapoli/phpunit-easymock": "^1.3",
|
||||
"phpunit/phpunit": "^9.6",
|
||||
"vimeo/psalm": "^4.6"
|
||||
"vimeo/psalm": "^5|^6"
|
||||
},
|
||||
"suggest": {
|
||||
"friendsofphp/proxy-manager-lts": "Install it if you want to use lazy injection (version ^1)"
|
||||
@@ -614,7 +614,7 @@
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/PHP-DI/PHP-DI/issues",
|
||||
"source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.8"
|
||||
"source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.9"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -626,7 +626,7 @@
|
||||
"type": "tidelift"
|
||||
}
|
||||
],
|
||||
"time": "2025-01-28T21:02:46+00:00"
|
||||
"time": "2025-02-28T12:46:35+00:00"
|
||||
},
|
||||
{
|
||||
"name": "php-di/slim-bridge",
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
"image": {
|
||||
"type": "string",
|
||||
"minLength": 1,
|
||||
"pattern": "^[a-z0-9/-]+$"
|
||||
"pattern": "^(ghcr.io/)?[a-z0-9/-]+$"
|
||||
},
|
||||
"expose": {
|
||||
"type": "array",
|
||||
|
||||
@@ -642,7 +642,7 @@
|
||||
"init": false,
|
||||
"healthcheck": {
|
||||
"start_period": "60s",
|
||||
"test": "clamdcheck.sh",
|
||||
"test": "/healthcheck.sh",
|
||||
"interval": "30s",
|
||||
"timeout": "30s",
|
||||
"start_interval": "5s",
|
||||
@@ -654,8 +654,7 @@
|
||||
"internal_port": "3310",
|
||||
"environment": [
|
||||
"TZ=%TIMEZONE%",
|
||||
"MAX_SIZE=%NEXTCLOUD_UPLOAD_LIMIT%",
|
||||
"CLAMD_STARTUP_TIMEOUT=90"
|
||||
"MAX_SIZE=%NEXTCLOUD_UPLOAD_LIMIT%"
|
||||
],
|
||||
"volumes": [
|
||||
{
|
||||
@@ -670,9 +669,11 @@
|
||||
],
|
||||
"read_only": true,
|
||||
"tmpfs": [
|
||||
"/var/lock",
|
||||
"/tmp",
|
||||
"/var/log/clamav",
|
||||
"/tmp"
|
||||
"/run/clamav",
|
||||
"/var/log/supervisord",
|
||||
"/var/run/supervisord"
|
||||
],
|
||||
"cap_drop": [
|
||||
"NET_RAW"
|
||||
|
||||
@@ -102,7 +102,6 @@ $app->get('/containers', function (Request $request, Response $response, array $
|
||||
'last_backup_time' => $configurationManager->GetLastBackupTime(),
|
||||
'backup_times' => $configurationManager->GetBackupTimes(),
|
||||
'current_channel' => $dockerActionManger->GetCurrentChannel(),
|
||||
'is_x64_platform' => $configurationManager->isx64Platform(),
|
||||
'is_clamav_enabled' => $configurationManager->isClamavEnabled(),
|
||||
'is_onlyoffice_enabled' => $configurationManager->isOnlyofficeEnabled(),
|
||||
'is_collabora_enabled' => $configurationManager->isCollaboraEnabled(),
|
||||
|
||||
@@ -132,7 +132,7 @@ class ConfigurationManager
|
||||
}
|
||||
}
|
||||
|
||||
public function isx64Platform() : bool {
|
||||
private function isx64Platform() : bool {
|
||||
if (php_uname('m') === 'x86_64') {
|
||||
return true;
|
||||
} else {
|
||||
@@ -140,11 +140,7 @@ class ConfigurationManager
|
||||
}
|
||||
}
|
||||
|
||||
public function isClamavEnabled() : bool {
|
||||
if (!$this->isx64Platform()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
public function isClamavEnabled() : bool {
|
||||
$config = $this->GetConfig();
|
||||
if (isset($config['isClamavEnabled']) && $config['isClamavEnabled'] === 1) {
|
||||
return true;
|
||||
|
||||
@@ -4,6 +4,7 @@ namespace AIO;
|
||||
|
||||
use AIO\Docker\DockerHubManager;
|
||||
use DI\Container;
|
||||
use AIO\Docker\GitHubContainerRegistryManager;
|
||||
|
||||
class DependencyInjection
|
||||
{
|
||||
@@ -15,6 +16,11 @@ class DependencyInjection
|
||||
new DockerHubManager()
|
||||
);
|
||||
|
||||
$container->set(
|
||||
GitHubContainerRegistryManager::class,
|
||||
new GitHubContainerRegistryManager()
|
||||
);
|
||||
|
||||
$container->set(
|
||||
\AIO\Data\ConfigurationManager::class,
|
||||
new \AIO\Data\ConfigurationManager()
|
||||
@@ -24,7 +30,8 @@ class DependencyInjection
|
||||
new \AIO\Docker\DockerActionManager(
|
||||
$container->get(\AIO\Data\ConfigurationManager::class),
|
||||
$container->get(\AIO\ContainerDefinitionFetcher::class),
|
||||
$container->get(DockerHubManager::class)
|
||||
$container->get(DockerHubManager::class),
|
||||
$container->get(GitHubContainerRegistryManager::class)
|
||||
)
|
||||
);
|
||||
$container->set(
|
||||
|
||||
@@ -3,12 +3,12 @@
|
||||
namespace AIO\Docker;
|
||||
|
||||
use AIO\Container\Container;
|
||||
use AIO\Container\VersionState;
|
||||
use AIO\Container\ContainerState;
|
||||
use AIO\Container\VersionState;
|
||||
use AIO\ContainerDefinitionFetcher;
|
||||
use AIO\Data\ConfigurationManager;
|
||||
use GuzzleHttp\Client;
|
||||
use GuzzleHttp\Exception\RequestException;
|
||||
use AIO\ContainerDefinitionFetcher;
|
||||
use http\Env\Response;
|
||||
|
||||
readonly class DockerActionManager {
|
||||
@@ -16,18 +16,19 @@ readonly class DockerActionManager {
|
||||
private Client $guzzleClient;
|
||||
|
||||
public function __construct(
|
||||
private ConfigurationManager $configurationManager,
|
||||
private ContainerDefinitionFetcher $containerDefinitionFetcher,
|
||||
private DockerHubManager $dockerHubManager
|
||||
private ConfigurationManager $configurationManager,
|
||||
private ContainerDefinitionFetcher $containerDefinitionFetcher,
|
||||
private DockerHubManager $dockerHubManager,
|
||||
private GitHubContainerRegistryManager $gitHubContainerRegistryManager
|
||||
) {
|
||||
$this->guzzleClient = new Client(['curl' => [CURLOPT_UNIX_SOCKET_PATH => '/var/run/docker.sock']]);
|
||||
}
|
||||
|
||||
private function BuildApiUrl(string $url) : string {
|
||||
private function BuildApiUrl(string $url): string {
|
||||
return sprintf('http://127.0.0.1/%s/%s', self::API_VERSION, $url);
|
||||
}
|
||||
|
||||
private function BuildImageName(Container $container) : string {
|
||||
private function BuildImageName(Container $container): string {
|
||||
$tag = $container->GetImageTag();
|
||||
if ($tag === '%AIO_CHANNEL%') {
|
||||
$tag = $this->GetCurrentChannel();
|
||||
@@ -35,8 +36,7 @@ readonly class DockerActionManager {
|
||||
return $container->GetContainerName() . ':' . $tag;
|
||||
}
|
||||
|
||||
public function GetContainerRunningState(Container $container) : ContainerState
|
||||
{
|
||||
public function GetContainerRunningState(Container $container): ContainerState {
|
||||
$url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($container->GetIdentifier())));
|
||||
try {
|
||||
$response = $this->guzzleClient->get($url);
|
||||
@@ -56,8 +56,7 @@ readonly class DockerActionManager {
|
||||
}
|
||||
}
|
||||
|
||||
public function GetContainerRestartingState(Container $container) : ContainerState
|
||||
{
|
||||
public function GetContainerRestartingState(Container $container): ContainerState {
|
||||
$url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($container->GetIdentifier())));
|
||||
try {
|
||||
$response = $this->guzzleClient->get($url);
|
||||
@@ -77,8 +76,7 @@ readonly class DockerActionManager {
|
||||
}
|
||||
}
|
||||
|
||||
public function GetContainerUpdateState(Container $container) : VersionState
|
||||
{
|
||||
public function GetContainerUpdateState(Container $container): VersionState {
|
||||
$tag = $container->GetImageTag();
|
||||
if ($tag === '%AIO_CHANNEL%') {
|
||||
$tag = $this->GetCurrentChannel();
|
||||
@@ -88,12 +86,12 @@ readonly class DockerActionManager {
|
||||
if ($runningDigests === null) {
|
||||
return VersionState::Different;
|
||||
}
|
||||
$remoteDigest = $this->dockerHubManager->GetLatestDigestOfTag($container->GetContainerName(), $tag);
|
||||
$remoteDigest = $this->GetLatestDigestOfTag($container->GetContainerName(), $tag);
|
||||
if ($remoteDigest === null) {
|
||||
return VersionState::Equal;
|
||||
}
|
||||
|
||||
foreach($runningDigests as $runningDigest) {
|
||||
foreach ($runningDigests as $runningDigest) {
|
||||
if ($runningDigest === $remoteDigest) {
|
||||
return VersionState::Equal;
|
||||
}
|
||||
@@ -101,8 +99,7 @@ readonly class DockerActionManager {
|
||||
return VersionState::Different;
|
||||
}
|
||||
|
||||
public function GetContainerStartingState(Container $container) : ContainerState
|
||||
{
|
||||
public function GetContainerStartingState(Container $container): ContainerState {
|
||||
$runningState = $this->GetContainerRunningState($container);
|
||||
if ($runningState === ContainerState::Stopped || $runningState === ContainerState::ImageDoesNotExist) {
|
||||
return $runningState;
|
||||
@@ -110,9 +107,9 @@ readonly class DockerActionManager {
|
||||
|
||||
$containerName = $container->GetIdentifier();
|
||||
$internalPort = $container->GetInternalPort();
|
||||
if($internalPort === '%APACHE_PORT%') {
|
||||
if ($internalPort === '%APACHE_PORT%') {
|
||||
$internalPort = $this->configurationManager->GetApachePort();
|
||||
} elseif($internalPort === '%TALK_PORT%') {
|
||||
} elseif ($internalPort === '%TALK_PORT%') {
|
||||
$internalPort = $this->configurationManager->GetTalkPort();
|
||||
}
|
||||
|
||||
@@ -129,7 +126,7 @@ readonly class DockerActionManager {
|
||||
}
|
||||
}
|
||||
|
||||
public function DeleteContainer(Container $container) : void {
|
||||
public function DeleteContainer(Container $container): void {
|
||||
$url = $this->BuildApiUrl(sprintf('containers/%s?v=true', urlencode($container->GetIdentifier())));
|
||||
try {
|
||||
$this->guzzleClient->delete($url);
|
||||
@@ -140,8 +137,7 @@ readonly class DockerActionManager {
|
||||
}
|
||||
}
|
||||
|
||||
public function GetLogs(string $id) : string
|
||||
{
|
||||
public function GetLogs(string $id): string {
|
||||
$url = $this->BuildApiUrl(
|
||||
sprintf(
|
||||
'containers/%s/logs?stdout=true&stderr=true×tamps=true',
|
||||
@@ -162,7 +158,7 @@ readonly class DockerActionManager {
|
||||
return $response;
|
||||
}
|
||||
|
||||
public function StartContainer(Container $container) : void {
|
||||
public function StartContainer(Container $container): void {
|
||||
$url = $this->BuildApiUrl(sprintf('containers/%s/start', urlencode($container->GetIdentifier())));
|
||||
try {
|
||||
$this->guzzleClient->post($url);
|
||||
@@ -171,10 +167,9 @@ readonly class DockerActionManager {
|
||||
}
|
||||
}
|
||||
|
||||
public function CreateVolumes(Container $container): void
|
||||
{
|
||||
public function CreateVolumes(Container $container): void {
|
||||
$url = $this->BuildApiUrl('volumes/create');
|
||||
foreach($container->GetVolumes()->GetVolumes() as $volume) {
|
||||
foreach ($container->GetVolumes()->GetVolumes() as $volume) {
|
||||
$forbiddenChars = [
|
||||
'/',
|
||||
];
|
||||
@@ -184,7 +179,7 @@ readonly class DockerActionManager {
|
||||
}
|
||||
|
||||
$firstChar = substr($volume->name, 0, 1);
|
||||
if(!in_array($firstChar, $forbiddenChars)) {
|
||||
if (!in_array($firstChar, $forbiddenChars)) {
|
||||
$this->guzzleClient->request(
|
||||
'POST',
|
||||
$url,
|
||||
@@ -198,7 +193,7 @@ readonly class DockerActionManager {
|
||||
}
|
||||
}
|
||||
|
||||
public function CreateContainer(Container $container) : void {
|
||||
public function CreateContainer(Container $container): void {
|
||||
$volumes = [];
|
||||
foreach ($container->GetVolumes()->GetVolumes() as $volume) {
|
||||
// // NEXTCLOUD_MOUNT gets added via bind-mount later on
|
||||
@@ -226,12 +221,12 @@ readonly class DockerActionManager {
|
||||
$requestBody['HostConfig']['Binds'] = $volumes;
|
||||
}
|
||||
|
||||
foreach($container->GetSecrets() as $secret) {
|
||||
foreach ($container->GetSecrets() as $secret) {
|
||||
$this->configurationManager->GetAndGenerateSecret($secret);
|
||||
}
|
||||
|
||||
$aioVariables = $container->GetAioVariables()->GetVariables();
|
||||
foreach($aioVariables as $variable) {
|
||||
foreach ($aioVariables as $variable) {
|
||||
$config = $this->configurationManager->GetConfig();
|
||||
$variableArray = explode('=', $variable);
|
||||
$config[$variableArray[0]] = $variableArray[1];
|
||||
@@ -244,7 +239,7 @@ readonly class DockerActionManager {
|
||||
if ($container->GetIdentifier() === 'nextcloud-aio-nextcloud') {
|
||||
$envs[] = $this->GetAllNextcloudExecCommands();
|
||||
}
|
||||
foreach($envs as $key => $env) {
|
||||
foreach ($envs as $key => $env) {
|
||||
// TODO: This whole block below is a hack and needs to get reworked in order to support multiple substitutions per line by default for all envs
|
||||
if (str_starts_with($env, 'extra_params=')) {
|
||||
$env = str_replace('%COLLABORA_SECCOMP_POLICY%', $this->configurationManager->GetCollaboraSeccompPolicy(), $env);
|
||||
@@ -256,12 +251,12 @@ readonly class DockerActionManager {
|
||||
// Original implementation
|
||||
$patterns = ['/%(.*)%/'];
|
||||
|
||||
if(preg_match($patterns[0], $env, $out) === 1) {
|
||||
if (preg_match($patterns[0], $env, $out) === 1) {
|
||||
$replacements = array();
|
||||
|
||||
if($out[1] === 'NC_DOMAIN') {
|
||||
if ($out[1] === 'NC_DOMAIN') {
|
||||
$replacements[1] = $this->configurationManager->GetDomain();
|
||||
} elseif($out[1] === 'NC_BASE_DN') {
|
||||
} elseif ($out[1] === 'NC_BASE_DN') {
|
||||
$replacements[1] = $this->configurationManager->GetBaseDN();
|
||||
} elseif ($out[1] === 'AIO_TOKEN') {
|
||||
$replacements[1] = $this->configurationManager->GetToken();
|
||||
@@ -391,10 +386,10 @@ readonly class DockerActionManager {
|
||||
} else {
|
||||
$replacements[1] = '';
|
||||
}
|
||||
// Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then)
|
||||
// Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then)
|
||||
} elseif ($out[1] === 'AIO_DATABASE_HOST') {
|
||||
$replacements[1] = gethostbyname('nextcloud-aio-database');
|
||||
// Allow to get local ip-address of caddy container and add it to trusted proxies automatically
|
||||
// Allow to get local ip-address of caddy container and add it to trusted proxies automatically
|
||||
} elseif ($out[1] === 'CADDY_IP_ADDRESS') {
|
||||
$replacements[1] = '';
|
||||
$communityContainers = $this->configurationManager->GetEnabledCommunityContainers();
|
||||
@@ -419,7 +414,7 @@ readonly class DockerActionManager {
|
||||
}
|
||||
}
|
||||
|
||||
if(count($envs) > 0) {
|
||||
if (count($envs) > 0) {
|
||||
$requestBody['Env'] = $envs;
|
||||
}
|
||||
|
||||
@@ -429,7 +424,7 @@ readonly class DockerActionManager {
|
||||
|
||||
$exposedPorts = [];
|
||||
if ($container->GetInternalPort() !== 'host') {
|
||||
foreach($container->GetPorts()->GetPorts() as $value) {
|
||||
foreach ($container->GetPorts()->GetPorts() as $value) {
|
||||
$port = $value->port;
|
||||
$protocol = $value->protocol;
|
||||
if ($port === '%APACHE_PORT%') {
|
||||
@@ -449,7 +444,7 @@ readonly class DockerActionManager {
|
||||
$requestBody['HostConfig']['NetworkMode'] = 'host';
|
||||
}
|
||||
|
||||
if(count($exposedPorts) > 0) {
|
||||
if (count($exposedPorts) > 0) {
|
||||
$requestBody['ExposedPorts'] = $exposedPorts;
|
||||
foreach ($container->GetPorts()->GetPorts() as $value) {
|
||||
$port = $value->port;
|
||||
@@ -474,16 +469,16 @@ readonly class DockerActionManager {
|
||||
$portWithProtocol = $port . '/' . $protocol;
|
||||
$requestBody['HostConfig']['PortBindings'][$portWithProtocol] = [
|
||||
[
|
||||
'HostPort' => $port,
|
||||
'HostIp' => $ipBinding,
|
||||
'HostPort' => $port,
|
||||
'HostIp' => $ipBinding,
|
||||
]
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
$devices = [];
|
||||
foreach($container->GetDevices() as $device) {
|
||||
if ($device === '/dev/dri' && ! $this->configurationManager->isDriDeviceEnabled()) {
|
||||
foreach ($container->GetDevices() as $device) {
|
||||
if ($device === '/dev/dri' && !$this->configurationManager->isDriDeviceEnabled()) {
|
||||
continue;
|
||||
}
|
||||
$devices[] = ["PathOnHost" => $device, "PathInContainer" => $device, "CgroupPermissions" => "rwm"];
|
||||
@@ -510,7 +505,7 @@ readonly class DockerActionManager {
|
||||
}
|
||||
|
||||
$tmpfs = [];
|
||||
foreach($container->GetTmpfs() as $tmp) {
|
||||
foreach ($container->GetTmpfs() as $tmp) {
|
||||
$mode = "";
|
||||
if (str_contains($tmp, ':')) {
|
||||
$mode = explode(':', $tmp)[1];
|
||||
@@ -519,7 +514,7 @@ readonly class DockerActionManager {
|
||||
$tmpfs[$tmp] = $mode;
|
||||
}
|
||||
if (count($tmpfs) > 0) {
|
||||
$requestBody['HostConfig']['Tmpfs'] = $tmpfs;
|
||||
$requestBody['HostConfig']['Tmpfs'] = $tmpfs;
|
||||
}
|
||||
|
||||
$requestBody['HostConfig']['Init'] = $container->GetInit();
|
||||
@@ -563,22 +558,22 @@ readonly class DockerActionManager {
|
||||
}
|
||||
}
|
||||
}
|
||||
// Special things for the talk container which should not be exposed in the containers.json
|
||||
// Special things for the talk container which should not be exposed in the containers.json
|
||||
} elseif ($container->GetIdentifier() === 'nextcloud-aio-talk') {
|
||||
// This is needed due to a bug in libwebsockets which cannot handle unlimited ulimits
|
||||
$requestBody['HostConfig']['Ulimits'] = [["Name" => "nofile", "Hard" => 200000, "Soft" => 200000]];
|
||||
// // Special things for the nextcloud container which should not be exposed in the containers.json
|
||||
// } elseif ($container->GetIdentifier() === 'nextcloud-aio-nextcloud') {
|
||||
// foreach ($container->GetVolumes()->GetVolumes() as $volume) {
|
||||
// if ($volume->name !== $this->configurationManager->GetNextcloudMount()) {
|
||||
// continue;
|
||||
// }
|
||||
// $mounts[] = ["Type" => "bind", "Source" => $volume->name, "Target" => $volume->mountPoint, "ReadOnly" => !$volume->isWritable, "BindOptions" => [ "Propagation" => "rshared"]];
|
||||
// }
|
||||
// Special things for the caddy community container
|
||||
// // Special things for the nextcloud container which should not be exposed in the containers.json
|
||||
// } elseif ($container->GetIdentifier() === 'nextcloud-aio-nextcloud') {
|
||||
// foreach ($container->GetVolumes()->GetVolumes() as $volume) {
|
||||
// if ($volume->name !== $this->configurationManager->GetNextcloudMount()) {
|
||||
// continue;
|
||||
// }
|
||||
// $mounts[] = ["Type" => "bind", "Source" => $volume->name, "Target" => $volume->mountPoint, "ReadOnly" => !$volume->isWritable, "BindOptions" => [ "Propagation" => "rshared"]];
|
||||
// }
|
||||
// Special things for the caddy community container
|
||||
} elseif ($container->GetIdentifier() === 'nextcloud-aio-caddy') {
|
||||
$requestBody['HostConfig']['ExtraHosts'] = ['host.docker.internal:host-gateway'];
|
||||
// Special things for the collabora container which should not be exposed in the containers.json
|
||||
// Special things for the collabora container which should not be exposed in the containers.json
|
||||
} elseif ($container->GetIdentifier() === 'nextcloud-aio-collabora') {
|
||||
if ($this->configurationManager->GetAdditionalCollaboraOptions() !== '') {
|
||||
$requestBody['Cmd'] = [$this->configurationManager->GetAdditionalCollaboraOptions()];
|
||||
@@ -604,13 +599,13 @@ readonly class DockerActionManager {
|
||||
|
||||
}
|
||||
|
||||
public function isDockerHubReachable(Container $container) : bool {
|
||||
public function isDockerHubReachable(Container $container): bool {
|
||||
$tag = $container->GetImageTag();
|
||||
if ($tag === '%AIO_CHANNEL%') {
|
||||
$tag = $this->GetCurrentChannel();
|
||||
}
|
||||
|
||||
$remoteDigest = $this->dockerHubManager->GetLatestDigestOfTag($container->GetContainerName(), $tag);
|
||||
$remoteDigest = $this->GetLatestDigestOfTag($container->GetContainerName(), $tag);
|
||||
|
||||
if ($remoteDigest === null) {
|
||||
return false;
|
||||
@@ -619,8 +614,7 @@ readonly class DockerActionManager {
|
||||
}
|
||||
}
|
||||
|
||||
public function PullImage(Container $container) : void
|
||||
{
|
||||
public function PullImage(Container $container): void {
|
||||
$imageName = $this->BuildImageName($container);
|
||||
$encodedImageName = urlencode($imageName);
|
||||
$url = $this->BuildApiUrl(sprintf('images/create?fromImage=%s', $encodedImageName));
|
||||
@@ -643,8 +637,7 @@ readonly class DockerActionManager {
|
||||
}
|
||||
}
|
||||
|
||||
private function isContainerUpdateAvailable(string $id) : string
|
||||
{
|
||||
private function isContainerUpdateAvailable(string $id): string {
|
||||
$container = $this->containerDefinitionFetcher->GetContainerById($id);
|
||||
|
||||
$updateAvailable = "";
|
||||
@@ -657,7 +650,7 @@ readonly class DockerActionManager {
|
||||
return $updateAvailable;
|
||||
}
|
||||
|
||||
public function isAnyUpdateAvailable() : bool {
|
||||
public function isAnyUpdateAvailable(): bool {
|
||||
// return early if instance is not installed
|
||||
if (!$this->configurationManager->wasStartButtonClicked()) {
|
||||
return false;
|
||||
@@ -671,8 +664,7 @@ readonly class DockerActionManager {
|
||||
}
|
||||
}
|
||||
|
||||
private function getBackupVolumes(string $id) : string
|
||||
{
|
||||
private function getBackupVolumes(string $id): string {
|
||||
$container = $this->containerDefinitionFetcher->GetContainerById($id);
|
||||
|
||||
$backupVolumes = '';
|
||||
@@ -685,14 +677,13 @@ readonly class DockerActionManager {
|
||||
return $backupVolumes;
|
||||
}
|
||||
|
||||
private function getAllBackupVolumes() : array {
|
||||
private function getAllBackupVolumes(): array {
|
||||
$id = 'nextcloud-aio-apache';
|
||||
$backupVolumesArray = explode(' ', $this->getBackupVolumes($id));
|
||||
return array_unique($backupVolumesArray);
|
||||
}
|
||||
|
||||
private function GetNextcloudExecCommands(string $id) : string
|
||||
{
|
||||
private function GetNextcloudExecCommands(string $id): string {
|
||||
$container = $this->containerDefinitionFetcher->GetContainerById($id);
|
||||
|
||||
$nextcloudExecCommands = '';
|
||||
@@ -705,13 +696,12 @@ readonly class DockerActionManager {
|
||||
return $nextcloudExecCommands;
|
||||
}
|
||||
|
||||
private function GetAllNextcloudExecCommands() : string
|
||||
{
|
||||
private function GetAllNextcloudExecCommands(): string {
|
||||
$id = 'nextcloud-aio-apache';
|
||||
return 'NEXTCLOUD_EXEC_COMMANDS=' . $this->GetNextcloudExecCommands($id);
|
||||
}
|
||||
|
||||
private function GetRepoDigestsOfContainer(string $containerName) : ?array {
|
||||
private function GetRepoDigestsOfContainer(string $containerName): ?array {
|
||||
try {
|
||||
$containerUrl = $this->BuildApiUrl(sprintf('containers/%s/json', $containerName));
|
||||
$containerOutput = json_decode($this->guzzleClient->get($containerUrl)->getBody()->getContents(), true);
|
||||
@@ -732,7 +722,7 @@ readonly class DockerActionManager {
|
||||
|
||||
$repoDigestArray = [];
|
||||
$oneDigestGiven = false;
|
||||
foreach($imageOutput['RepoDigests'] as $repoDigest) {
|
||||
foreach ($imageOutput['RepoDigests'] as $repoDigest) {
|
||||
$digestPosition = strpos($repoDigest, '@');
|
||||
if ($digestPosition === false) {
|
||||
error_log('Somehow the RepoDigest of ' . $containerName . ' does not contain a @.');
|
||||
@@ -752,10 +742,10 @@ readonly class DockerActionManager {
|
||||
}
|
||||
}
|
||||
|
||||
public function GetCurrentChannel() : string {
|
||||
public function GetCurrentChannel(): string {
|
||||
$cacheKey = 'aio-ChannelName';
|
||||
$channelName = apcu_fetch($cacheKey);
|
||||
if($channelName !== false && is_string($channelName)) {
|
||||
if ($channelName !== false && is_string($channelName)) {
|
||||
return $channelName;
|
||||
}
|
||||
|
||||
@@ -765,7 +755,7 @@ readonly class DockerActionManager {
|
||||
$output = json_decode($this->guzzleClient->get($url)->getBody()->getContents(), true);
|
||||
$containerChecksum = $output['Image'];
|
||||
$tagArray = explode(':', $output['Config']['Image']);
|
||||
if (count($tagArray) === 2) {
|
||||
if (count($tagArray) === 2) {
|
||||
$tag = $tagArray[1];
|
||||
} else {
|
||||
error_log("No tag was found when getting the current channel. You probably did not follow the documentation correctly. Changing the channel to the default 'latest'.");
|
||||
@@ -780,8 +770,7 @@ readonly class DockerActionManager {
|
||||
return 'latest';
|
||||
}
|
||||
|
||||
public function IsMastercontainerUpdateAvailable() : bool
|
||||
{
|
||||
public function IsMastercontainerUpdateAvailable(): bool {
|
||||
$imageName = 'nextcloud/all-in-one';
|
||||
$containerName = 'nextcloud-aio-mastercontainer';
|
||||
|
||||
@@ -791,7 +780,7 @@ readonly class DockerActionManager {
|
||||
if ($runningDigests === null) {
|
||||
return true;
|
||||
}
|
||||
$remoteDigest = $this->dockerHubManager->GetLatestDigestOfTag($imageName, $tag);
|
||||
$remoteDigest = $this->GetLatestDigestOfTag($imageName, $tag);
|
||||
if ($remoteDigest === null) {
|
||||
return false;
|
||||
}
|
||||
@@ -804,8 +793,7 @@ readonly class DockerActionManager {
|
||||
return true;
|
||||
}
|
||||
|
||||
public function sendNotification(Container $container, string $subject, string $message, string $file = '/notify.sh') : void
|
||||
{
|
||||
public function sendNotification(Container $container, string $subject, string $message, string $file = '/notify.sh'): void {
|
||||
if ($this->GetContainerStartingState($container) === ContainerState::Running) {
|
||||
|
||||
$containerName = $container->GetIdentifier();
|
||||
@@ -849,8 +837,7 @@ readonly class DockerActionManager {
|
||||
}
|
||||
}
|
||||
|
||||
private function DisconnectContainerFromBridgeNetwork(string $id) : void
|
||||
{
|
||||
private function DisconnectContainerFromBridgeNetwork(string $id): void {
|
||||
|
||||
$url = $this->BuildApiUrl(
|
||||
sprintf('networks/%s/disconnect', 'bridge')
|
||||
@@ -870,8 +857,7 @@ readonly class DockerActionManager {
|
||||
}
|
||||
}
|
||||
|
||||
private function ConnectContainerIdToNetwork(string $id, string $internalPort, string $network = 'nextcloud-aio', bool $createNetwork = true, string $alias = '') : void
|
||||
{
|
||||
private function ConnectContainerIdToNetwork(string $id, string $internalPort, string $network = 'nextcloud-aio', bool $createNetwork = true, string $alias = ''): void {
|
||||
if ($internalPort === 'host') {
|
||||
return;
|
||||
}
|
||||
@@ -902,9 +888,9 @@ readonly class DockerActionManager {
|
||||
$url = $this->BuildApiUrl(
|
||||
sprintf('networks/%s/connect', $network)
|
||||
);
|
||||
$jsonPayload = [ 'Container' => $id ];
|
||||
if ($alias !== '' ) {
|
||||
$jsonPayload['EndpointConfig'] = ['Aliases' => [ $alias ]];
|
||||
$jsonPayload = ['Container' => $id];
|
||||
if ($alias !== '') {
|
||||
$jsonPayload['EndpointConfig'] = ['Aliases' => [$alias]];
|
||||
}
|
||||
|
||||
try {
|
||||
@@ -923,15 +909,13 @@ readonly class DockerActionManager {
|
||||
}
|
||||
}
|
||||
|
||||
public function ConnectMasterContainerToNetwork() : void
|
||||
{
|
||||
public function ConnectMasterContainerToNetwork(): void {
|
||||
$this->ConnectContainerIdToNetwork('nextcloud-aio-mastercontainer', '');
|
||||
// Don't disconnect here since it slows down the initial login by a lot. Is getting done during cron.sh instead.
|
||||
// $this->DisconnectContainerFromBridgeNetwork('nextcloud-aio-mastercontainer');
|
||||
}
|
||||
|
||||
public function ConnectContainerToNetwork(Container $container) : void
|
||||
{
|
||||
public function ConnectContainerToNetwork(Container $container): void {
|
||||
// Add a secondary alias for domaincheck container, to keep it as similar to actual apache controller as possible.
|
||||
// If a reverse-proxy is relying on container name as hostname this allows it to operate as usual and still validate the domain
|
||||
// The domaincheck container and apache container are never supposed to be active at the same time because they use the same APACHE_PORT anyway, so this doesn't add any new constraints.
|
||||
@@ -947,7 +931,7 @@ readonly class DockerActionManager {
|
||||
}
|
||||
}
|
||||
|
||||
public function StopContainer(Container $container) : void {
|
||||
public function StopContainer(Container $container): void {
|
||||
$url = $this->BuildApiUrl(sprintf('containers/%s/stop?t=%s', urlencode($container->GetIdentifier()), $container->GetMaxShutdownTime()));
|
||||
try {
|
||||
$this->guzzleClient->post($url);
|
||||
@@ -958,8 +942,7 @@ readonly class DockerActionManager {
|
||||
}
|
||||
}
|
||||
|
||||
public function GetBackupcontainerExitCode() : int
|
||||
{
|
||||
public function GetBackupcontainerExitCode(): int {
|
||||
$containerName = 'nextcloud-aio-borgbackup';
|
||||
$url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($containerName)));
|
||||
try {
|
||||
@@ -981,8 +964,7 @@ readonly class DockerActionManager {
|
||||
}
|
||||
}
|
||||
|
||||
public function GetDatabasecontainerExitCode() : int
|
||||
{
|
||||
public function GetDatabasecontainerExitCode(): int {
|
||||
$containerName = 'nextcloud-aio-database';
|
||||
$url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($containerName)));
|
||||
try {
|
||||
@@ -1004,7 +986,7 @@ readonly class DockerActionManager {
|
||||
}
|
||||
}
|
||||
|
||||
public function isLoginAllowed() : bool {
|
||||
public function isLoginAllowed(): bool {
|
||||
$id = 'nextcloud-aio-apache';
|
||||
$apacheContainer = $this->containerDefinitionFetcher->GetContainerById($id);
|
||||
if ($this->GetContainerStartingState($apacheContainer) === ContainerState::Running) {
|
||||
@@ -1013,7 +995,7 @@ readonly class DockerActionManager {
|
||||
return true;
|
||||
}
|
||||
|
||||
public function isBackupContainerRunning() : bool {
|
||||
public function isBackupContainerRunning(): bool {
|
||||
$id = 'nextcloud-aio-borgbackup';
|
||||
$backupContainer = $this->containerDefinitionFetcher->GetContainerById($id);
|
||||
if ($this->GetContainerRunningState($backupContainer) === ContainerState::Running) {
|
||||
@@ -1022,7 +1004,7 @@ readonly class DockerActionManager {
|
||||
return false;
|
||||
}
|
||||
|
||||
private function GetCreatedTimeOfNextcloudImage() : ?string {
|
||||
private function GetCreatedTimeOfNextcloudImage(): ?string {
|
||||
$imageName = 'nextcloud/aio-nextcloud' . ':' . $this->GetCurrentChannel();
|
||||
try {
|
||||
$imageUrl = $this->BuildApiUrl(sprintf('images/%s/json', $imageName));
|
||||
@@ -1039,11 +1021,11 @@ readonly class DockerActionManager {
|
||||
}
|
||||
}
|
||||
|
||||
public function GetAndGenerateSecretWrapper(string $secretId) : string {
|
||||
public function GetAndGenerateSecretWrapper(string $secretId): string {
|
||||
return $this->configurationManager->GetAndGenerateSecret($secretId);
|
||||
}
|
||||
|
||||
public function isNextcloudImageOutdated() : bool {
|
||||
public function isNextcloudImageOutdated(): bool {
|
||||
$createdTime = $this->GetCreatedTimeOfNextcloudImage();
|
||||
|
||||
if ($createdTime === null) {
|
||||
@@ -1057,4 +1039,13 @@ readonly class DockerActionManager {
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
public function GetLatestDigestOfTag(string $imageName, string $tag): ?string {
|
||||
$prefix = 'ghcr.io/';
|
||||
if (str_starts_with($imageName, $prefix)) {
|
||||
return $this->gitHubContainerRegistryManager->GetLatestDigestOfTag(str_replace($prefix, '', $imageName), $tag);
|
||||
} else {
|
||||
return $this->dockerHubManager->GetLatestDigestOfTag($imageName, $tag);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
62
php/src/Docker/GitHubContainerRegistryManager.php
Normal file
62
php/src/Docker/GitHubContainerRegistryManager.php
Normal file
@@ -0,0 +1,62 @@
|
||||
<?php
|
||||
|
||||
|
||||
namespace AIO\Docker;
|
||||
|
||||
use GuzzleHttp\Client;
|
||||
|
||||
readonly class GitHubContainerRegistryManager
|
||||
{
|
||||
private Client $guzzleClient;
|
||||
|
||||
public function __construct()
|
||||
{
|
||||
$this->guzzleClient = new Client();
|
||||
}
|
||||
|
||||
public function GetLatestDigestOfTag(string $name, string $tag): ?string
|
||||
{
|
||||
$cacheKey = 'ghcr-manifest-' . $name . $tag;
|
||||
|
||||
$cachedVersion = apcu_fetch($cacheKey);
|
||||
if ($cachedVersion !== false && is_string($cachedVersion)) {
|
||||
return $cachedVersion;
|
||||
}
|
||||
|
||||
// If one of the links below should ever become outdated, we can still upgrade the mastercontainer via the webinterface manually by opening '/api/docker/getwatchtower'
|
||||
|
||||
try {
|
||||
$authTokenRequest = $this->guzzleClient->request(
|
||||
'GET',
|
||||
'https://ghcr.io/token?scope=repository:' . $name . ':pull'
|
||||
);
|
||||
$body = $authTokenRequest->getBody()->getContents();
|
||||
$decodedBody = json_decode($body, true);
|
||||
if (isset($decodedBody['token'])) {
|
||||
$authToken = $decodedBody['token'];
|
||||
$manifestRequest = $this->guzzleClient->request(
|
||||
'HEAD',
|
||||
'https://ghcr.io/v2/' . $name . '/manifests/' . $tag,
|
||||
[
|
||||
'headers' => [
|
||||
'Accept' => 'application/vnd.oci.image.index.v1+json,application/vnd.docker.distribution.manifest.list.v2+json,application/vnd.docker.distribution.manifest.v2+json',
|
||||
'Authorization' => 'Bearer ' . $authToken,
|
||||
],
|
||||
]
|
||||
);
|
||||
$responseHeaders = $manifestRequest->getHeader('docker-content-digest');
|
||||
if (count($responseHeaders) === 1) {
|
||||
$latestVersion = $responseHeaders[0];
|
||||
apcu_add($cacheKey, $latestVersion, 600);
|
||||
return $latestVersion;
|
||||
}
|
||||
}
|
||||
|
||||
error_log('Could not get digest of container ' . $name . ':' . $tag);
|
||||
return null;
|
||||
} catch (\Exception $e) {
|
||||
error_log('Could not get digest of container ' . $name . ':' . $tag . ' ' . $e->getMessage());
|
||||
return null;
|
||||
}
|
||||
}
|
||||
}
|
||||
27
php/templates/components/container-state.twig
Normal file
27
php/templates/components/container-state.twig
Normal file
@@ -0,0 +1,27 @@
|
||||
{# @var c \App\Containers\Container #}
|
||||
<li>
|
||||
<span>
|
||||
{% if c.GetStartingState().value == 'starting' %}
|
||||
<span class="status running"></span>
|
||||
{{ c.GetDisplayName() }}
|
||||
(<a href="/api/docker/logs?id={{ c.GetIdentifier() }}" target="_blank">Starting</a>)
|
||||
{% elseif c.GetRunningState().value == 'running' %}
|
||||
<span class="status success"></span>
|
||||
{{ c.GetDisplayName() }}
|
||||
(<a href="/api/docker/logs?id={{ c.GetIdentifier() }}" target="_blank">Running</a>)
|
||||
{% else %}
|
||||
<span class="status error"></span>
|
||||
{{ c.GetDisplayName() }}
|
||||
(<a href="/api/docker/logs?id={{ c.GetIdentifier() }}" target="_blank">Stopped</a>)
|
||||
{% endif %}
|
||||
{% if c.GetDocumentation() != '' %}
|
||||
(<a target="_blank" href="{{ c.GetDocumentation() }}">docs</a>)
|
||||
{% endif %}
|
||||
</span>
|
||||
{% if c.GetUiSecret() != '' %}
|
||||
<details>
|
||||
<summary>Show password for {{ c.GetDisplayName() }}</summary>
|
||||
<input type="text" value="{{ c.GetUiSecret() }}" readonly>
|
||||
</details>
|
||||
{% endif %}
|
||||
</li>
|
||||
@@ -17,7 +17,7 @@
|
||||
|
||||
<div class="container">
|
||||
<main>
|
||||
<h1>Nextcloud AIO v10.7.0</h1>
|
||||
<h1>Nextcloud AIO v10.8.0</h1>
|
||||
|
||||
{# Add 2nd tab warning #}
|
||||
<script type="text/javascript" src="second-tab-warning.js"></script>
|
||||
@@ -275,39 +275,7 @@
|
||||
{# @var containers \AIO\Container\Container[] #}
|
||||
{% for container in containers %}
|
||||
{% if container.GetDisplayName() != '' %}
|
||||
<li>
|
||||
{% if container.GetStartingState().value == 'starting' %}
|
||||
<span class="status running"></span>
|
||||
<span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}" target="_blank">Starting</a>)
|
||||
{% if container.GetDocumentation() != '' %}
|
||||
(<a target="_blank" href="{{ container.GetDocumentation() }}">docs</a>)
|
||||
{% endif %}
|
||||
{% if container.GetUiSecret() != '' %}
|
||||
(password: {{ container.GetUiSecret() }})
|
||||
{% endif %}
|
||||
</span>
|
||||
{% elseif container.GetRunningState().value == 'running' %}
|
||||
<span class="status success"></span>
|
||||
<span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}" target="_blank">Running</a>)
|
||||
{% if container.GetDocumentation() != '' %}
|
||||
(<a target="_blank" href="{{ container.GetDocumentation() }}">docs</a>)
|
||||
{% endif %}
|
||||
{% if container.GetUiSecret() != '' %}
|
||||
(password: {{ container.GetUiSecret() }})
|
||||
{% endif %}
|
||||
</span>
|
||||
{% else %}
|
||||
<span class="status error"></span>
|
||||
<span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}" target="_blank">Stopped</a>)
|
||||
{% if container.GetDocumentation() != '' %}
|
||||
(<a target="_blank" href="{{ container.GetDocumentation() }}">docs</a>)
|
||||
{% endif %}
|
||||
{% if container.GetUiSecret() != '' %}
|
||||
(password: {{ container.GetUiSecret() }})
|
||||
{% endif %}
|
||||
</span>
|
||||
{% endif %}
|
||||
</li>
|
||||
{% include 'components/container-state.twig' with {'c': container} only %}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
</ul>
|
||||
|
||||
@@ -21,7 +21,7 @@
|
||||
data-initial-state="false"
|
||||
{% endif %}
|
||||
>
|
||||
<label for="clamav">ClamAV (Antivirus backend for Nextcloud, only supported on x86_64, needs ~1GB additional RAM)</label>
|
||||
<label for="clamav">ClamAV (Antivirus backend for Nextcloud, needs ~1GB additional RAM)</label>
|
||||
</p>
|
||||
<p>
|
||||
<input
|
||||
@@ -146,10 +146,8 @@
|
||||
<script type="text/javascript" src="options-form-submit.js?v3"></script>
|
||||
</form>
|
||||
<p><strong>Minimal system requirements:</strong> When any optional container is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV, Nextcloud Talk Recording-server or Fulltextsearch, at least 3GB RAM are required. For Talk Recording-server additional 2 vCPUs are required. When enabling everything, at least 5GB RAM and a quad-core CPU are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advice and recommendations see <strong><a target="_blank" href="https://github.com/nextcloud/all-in-one/discussions/1335">this documentation</a></strong></p>
|
||||
{% if isAnyRunning == true or is_x64_platform == false %}
|
||||
<script type="text/javascript" src="disable-clamav.js"></script>
|
||||
{% endif %}
|
||||
{% if isAnyRunning == true %}
|
||||
<script type="text/javascript" src="disable-clamav.js"></script>
|
||||
<script type="text/javascript" src="disable-docker-socket-proxy.js"></script>
|
||||
<script type="text/javascript" src="disable-talk.js"></script>
|
||||
<script type="text/javascript" src="disable-collabora.js"></script>
|
||||
|
||||
@@ -351,7 +351,7 @@ If you get an error during the domain validation which states that your ip-addre
|
||||
### Which CPU architectures are supported?
|
||||
You can check this on Linux by running: `uname -m`
|
||||
- x86_64/x64/amd64
|
||||
- aarch64/arm64/armv8 (Note: ClamAV is currently not supported on this CPU architecture)
|
||||
- aarch64/arm64/armv8
|
||||
|
||||
### Disrecommended VPS providers
|
||||
- *Older* Strato VPS using Virtuozzo caused problems though ones from Q3 2023 and later should work.
|
||||
|
||||
@@ -478,12 +478,16 @@ Second, see these screenshots for a working config:
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
<!--  -->
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
`proxy_set_header Accept-Encoding $http_accept_encoding;`
|
||||
|
||||
⚠️ **Please note:** Nextcloud will complain that X-XXS-Protection is set to the wrong value, this is intended by NPMplus. <br>
|
||||
⚠️ **Please note:** look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user