Added a disclaimer regarding the accuracy of the migration guide and clarified the use of a temporary Docker container for database conversion.
Signed-off-by: Simon L. <szaimen@e.mail.de>
- Fix return vs continue in CreateVolumes: using return caused all
subsequent volumes to be skipped when nextcloud_aio_nextcloud_datadir
or nextcloud_aio_backupdir appeared in the volume list
- Fix GetLogs parsing loop: the while loop checked $line before
reassigning it so the false sentinel from strtok was always processed,
appending a spurious extra empty line to the output
- Fix getRegisteredSecret unsafe array access: accessing
$this->secrets[$secretId] without isset() can trigger an undefined
array key warning; use isset() instead
- Remove redundant startTransaction() call in setDomain(): the method
called startTransaction() twice without an intervening commitTransaction(),
making the second call a no-op that was misleading
Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/19424687-dda1-4510-8f70-068c8d3efd41
Co-Authored-By: szaimen <42591237+szaimen@users.noreply.github.com>
Signed-off-by: Simon L. <szaimen@e.mail.de>
- Disable RDB persistence (--save "") since Redis is used as a pure
cache and lock store; snapshotting causes fork/CoW pressure and I/O spikes
- Set --maxmemory-policy allkeys-lru to enable LRU eviction and prevent
unbounded memory growth
- Enable lazyfree background deletions (--lazyfree-lazy-*) to move key
eviction, expiry, and DEL operations off the main event loop thread
- Enable active memory defragmentation (--activedefrag yes) for long-running
instances
- Increase background task frequency to --hz 15 for faster key expiry
- Add Transparent Huge Pages (THP) startup warning, consistent with the
existing vm.overcommit_memory check
- Refactor start.sh to build arguments via a bash array, avoiding eval
and safely handling the empty-string --save "" and the password argument
- Remove the pre-existing unreachable exec "$@" at the end of start.sh
- Add timeout and read_timeout (1.5s) to standalone Redis config in
redis.config.php to prevent PHP workers from hanging indefinitely
Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/e68c1986-419f-49b4-9cd0-c1f0efda0351
Co-Authored-By: Simon L. <szaimen@e.mail.de>
Co-Authored-By: szaimen <42591237+szaimen@users.noreply.github.com>
The session cookie was recently renamed from `PHPSESSID` to
`__Host-Http-PHPSESSID` (commit 3871179a). When watchtower updates the
mastercontainer, the browser still holds the old `PHPSESSID` cookie, but the
new code only looks for `__Host-Http-PHPSESSID`. The old cookie is ignored, a
fresh unauthenticated session is created, and the user is logged out.
Fix: before starting the new session in index.php, check if the old `PHPSESSID`
cookie exists and carries an authenticated session. If it does, destroy the old
session and mark the new one as authenticated via `SetAuthState(true)`.
Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/cba0ea31-e257-4ec1-82ae-dd66f0f34d98
---
refactor: address review comments - use constant for session key and activity interval
Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/cba0ea31-e257-4ec1-82ae-dd66f0f34d98
Co-Authored-By: szaimen <42591237+szaimen@users.noreply.github.com>
- Replace TCP-only nc healthcheck with HTTP cluster health API check via curl,
so the container is only marked healthy when ES is actually ready (not just
when the TCP port is open during startup)
- Add indices.fielddata.cache.size=20% to cap field-data cache and prevent
unbounded heap growth / OOM kills on large datasets
- Add indices.memory.index_buffer_size=20% to improve bulk indexing throughput
by buffering more data in memory before flushing to disk
- Add thread_pool.write.queue_size=1000 to avoid rejected indexing requests
when Nextcloud's background jobs submit many files simultaneously
Changes applied to: Containers/fulltextsearch/healthcheck.sh,
php/containers.json, manual-install/latest.yml
Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/a036678d-a9f5-4db3-8cc6-3e3d52f4e97f
Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>
This is a very simple means against bots, until we find the time to discuss
and implement something better.
Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
Previously it showed a lot of white space at the bottom, and the floating box
didn't stick. Both is now fixed.
AI-assistant: Copilot v1.0.7 (Claude Sonnet 4.6)
Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
isAnyUpdateAvailable is not necessarily synced with the PullImage
logic from DockerActionManager. This ensures no images are pulled
regardless of detection.
There's also a minor code improvement to avoid unnecessary interpolation.
Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com>
We want a display-name for all containers in the overlay-log, but still want
to exclude some containers from the list on top of the web UI.
Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
Address review feedback: use `mountpoint -q` instead of find to
detect mounted CA directory, add set -x/+x for debug logging,
broaden glob to accept any file extension, and add util-linux-misc
package to Dockerfile for the mountpoint command.
Signed-off-by: Tomas <16553087+michnovka@users.noreply.github.com>
The recording server uses a browser to join the call and records the
browser UI, which renders text like the display name of users or the
name of the Nextcloud instance. By default Firefox provides its own font
but, even if broad, it still has limited character coverage, so the
unsupported characters are shown as ".notdef" glyph (rectangular
boxes).
Fortunately Firefox also uses more complete fonts automatically when
they are available, so now the noto font, which seems to be the most
complete font available in Alpine Linux, is installed and used instead.
Note that "font-noto-cjk" provides regular and bold fonts, while
"font-noto-cjk-extra" provides all weights.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
When NEXTCLOUD_TRUSTED_CACERTS_DIR is set on the mastercontainer,
the custom CA certificates are now also mounted into the Talk container.
Since the Talk container runs with a read-only root filesystem,
update-ca-certificates cannot be used. Instead, the startup script
copies the system CA bundle to /tmp (tmpfs), appends any custom
certificates from /usr/local/share/ca-certificates/, and sets
SSL_CERT_FILE to point Go's TLS stack at the extended bundle.
This allows the signaling server to verify TLS connections to
Nextcloud instances that use private/internal CA certificates,
without requiring skipverify=true.
Signed-off-by: Tomas <16553087+michnovka@users.noreply.github.com>
Includes a button to disable the automatic reloading (useful when inspecting some lines in the middle).
Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
Clarify the retention policy adjustment instructions by mentioning to not include the '-a' or '--glob-archives' option.
I recently included in the retention policy env variable, and it lead to a pruning error due to the duplicate `-a` ... `--glob-archives` options. I added it because I didn't know that AIO already filtered archives in the borg repo during pruning, and I was worried that it would prune out other non-Nextcloud-AIO backups in the repo. I added a very similar glob myself, so just omitting what I added was the solution for my problem.
As an alternative to this edit, I was thinking that Nextcloud AIO's default filtering behavior could be clarified elsewhere is a positive way.
Two ideas:
1. Modify the start of the retention policy FAQ, like:
After a backup, AIO prunes your borg archives with the `--glob-archives '*_*-nextcloud-aio'` option, so that it does not affect archives unrelated to AIO. The built-in retention policy is `--keep-within=7d --keep-weekly=4 --keep-monthly=6`. [...]
2. Or perhaps, there can be another FAQ question about backups, like "Will Nextcloud AIO touch other backups in my borg repository?" or "Can I use my borg repository for backups unrelated to Nextcloud AIO?", with the answer:
No/Yes, AIO internally uses the borg `--glob-archives '*_*-nextcloud-aio'` option to only prune AIO archives, so Nextcloud AIO will not affect archives/backups unrelated to AIO. Be careful that other systems don't prune your AIO archives, however.
Signed-off-by: Thor Galle <thorgalle@gmail.com>
echo"It seems like the restore of the configuration.json was not done correctly. Something is wrong! (Most likely is the restore archive already incorrect)!"
# CSP limits which features can be used. By default we allow nothing and only allow required options. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy
# default-src 'none'; Allow nothing by default
# script-src-elem/style-src-elem 'self'; Only allow loading css/js files from same origin (AIO itself) while blocking all inline css/js
# img-src 'self'; Only allow loading images from same origin (from AIO itself)
# connect-src 'self'; Allow fetch to only connect same origin (to AIO itself)
# frame-src 'self'; Allow AIO to only embed itself "what can be embedded"
# base-uri 'none'; This does not fallback to default-src, AIO does not use the html base tag
# form-action 'self'; Html forms are only allowed to submit to AIO and not cross origin
# frame-ancestors 'self'; Only allow AIO itself to embed it self "who can embed"
# upgrade-insecure-requests; Upgrade all http embedings to https
# require-trusted-types-for 'script'; trusted-types 'none'; Blocks DOM changes via js
X-Content-Type-Options "nosniff" # This forces the browser to use the MIME type of the Content-Type header. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Content-Type-Options
X-Frame-Options "SAMEORIGIN" # Only allow AIO itself to embed itself, this is also enforced as part of the CSP frame-ancestors. See https://developer.mozilla.org/de/docs/Web/HTTP/Reference/Headers/X-Frame-Options
X-Permitted-Cross-Domain-Policies "none" # We block all cross origin request, including ones from Adobe Acrobat or Microsoft Silverlight and Adobe Flash Player. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control "off" # Tells the browser to not pre-fetch the DNS of linked pages. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-DNS-Prefetch-Control
Referrer-Policy "no-referrer" # Tells the browser to never sent a Referer header. See https://developer.mozilla.org/de/docs/Web/HTTP/Reference/Headers/Referrer-Policy
X-Robots-Tag "noindex, nofollow" # Tells web crawlers to not index this page. See https://developer.mozilla.org/de/docs/Web/HTTP/Reference/Headers/X-Robots-Tag
Origin-Agent-Cluster "?1" # Isolates AIO from other same site pages. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Origin-Agent-Cluster
Cross-Origin-Opener-Policy "same-origin"; # AIO does not use any popup, still we can isolate its BCG if it is opened as a pop up by another page. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Opener-Policy
Cross-Origin-Embedder-Policy "require-corp"; # Harder rules for cross origin embeds. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Embedder-Policy
Cross-Origin-Resource-Policy "same-origin"; # Only allow the same origin to load resources. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cross-Origin_Resource_Policy
# Permissions-Policy disables browser features that AIO does not use. Since there is no "deny all" option, all known features need to be listed explicitly. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy
print_red "It seems like you did not give the mastercontainer volume the correct name? (The 'nextcloud_aio_mastercontainer' volume was not found.)
Using a different name is not supported since the built-in backup solution will not work in that case!"
@@ -309,6 +312,26 @@ if [ -n "$AIO_COMMUNITY_CONTAINERS" ]; then
print_red "You've set AIO_COMMUNITY_CONTAINERS but the option was removed.
The community containers get managed via the AIO interface now."
fi
if[ -n "$NEXTCLOUD_ENABLE_DRI_DEVICE"];then
print_red "The environmental variable NEXTCLOUD_ENABLE_DRI_DEVICE is deprecated. Please mount the /dev/dri device into the mastercontainer instead and remove NEXTCLOUD_ENABLE_DRI_DEVICE. It will then be set automatically."
fi
# Automatically enable the /dev/dri device if it is mounted into the mastercontainer
# Sync this with max pm.max_children and MaxRequestWorkers
# 5000 connections is apparently the highest possible value with postgres so set it to that so that we don't run into a limit here.
# We don't actually expect so many connections but don't want to limit it artificially because people will report issues otherwise
# Also connections should usually be closed again after the process is done
# If we should actually exceed this limit, it is definitely a bug in Nextcloud server or some of its apps that does not close connections correctly and not a bug in AIO
sed -i "s|^max_connections =.*|max_connections = 5000|""/var/lib/postgresql/data/postgresql.conf"
sed -i "s|^max_connections =.*|max_connections = 5000|""$PGCONF"
# Do not log checkpoints
if grep -q "#log_checkpoints"/var/lib/postgresql/data/postgresql.conf;then
sed -i 's|#log_checkpoints.*|log_checkpoints = off|'/var/lib/postgresql/data/postgresql.conf
if grep -q "#log_checkpoints""$PGCONF";then
sed -i 's|#log_checkpoints.*|log_checkpoints = off|'"$PGCONF"
fi
# Closing idling connections automatically seems to break any logic so was reverted again to default where it is disabled
if grep -q "^idle_session_timeout"/var/lib/postgresql/data/postgresql.conf;then
sed -i 's|^idle_session_timeout.*|#idle_session_timeout|'/var/lib/postgresql/data/postgresql.conf
if grep -q "^idle_session_timeout""$PGCONF";then
sed -i 's|^idle_session_timeout.*|#idle_session_timeout|'"$PGCONF"
fi
# Increase shared_buffers from the 128MB default for better data caching
sed -i "s|^#shared_buffers = .*|shared_buffers = 256MB|""$PGCONF"
sed -i "s|^shared_buffers = .*|shared_buffers = 256MB|""$PGCONF"
# Hint to the query planner about available OS page cache (does not allocate memory)
sed -i "s|^#effective_cache_size = .*|effective_cache_size = 1GB|""$PGCONF"
sed -i "s|^effective_cache_size = .*|effective_cache_size = 1GB|""$PGCONF"
# Increase per-operation sort/hash memory to reduce disk spills for file listing and share queries.
# Note: this is allocated per sort/hash operation, not per connection, so the theoretical worst-case
# (max_connections × work_mem) is rarely approached in practice.
sed -i "s|^#work_mem = .*|work_mem = 16MB|""$PGCONF"
sed -i "s|^work_mem = .*|work_mem = 16MB|""$PGCONF"
# Increase memory for VACUUM, CREATE INDEX, and other maintenance operations
sed -i "s|^#maintenance_work_mem = .*|maintenance_work_mem = 256MB|""$PGCONF"
sed -i "s|^maintenance_work_mem = .*|maintenance_work_mem = 256MB|""$PGCONF"
# Increase WAL buffers to reduce WAL write latency under concurrent write load
sed -i "s|^#wal_buffers = .*|wal_buffers = 16MB|""$PGCONF"
sed -i "s|^wal_buffers = .*|wal_buffers = 16MB|""$PGCONF"
# Spread checkpoint I/O over a longer window to reduce spikes
sed -i "s|^#checkpoint_timeout = .*|checkpoint_timeout = 15min|""$PGCONF"
sed -i "s|^checkpoint_timeout = .*|checkpoint_timeout = 15min|""$PGCONF"
# Tune for SSD storage: random reads are nearly as fast as sequential reads
sed -i "s|^#random_page_cost = .*|random_page_cost = 1.1|""$PGCONF"
sed -i "s|^random_page_cost = .*|random_page_cost = 1.1|""$PGCONF"
# Allow the kernel to issue more concurrent I/O prefetch requests (suitable for SSDs)
sed -i "s|^#effective_io_concurrency = .*|effective_io_concurrency = 200|""$PGCONF"
sed -i "s|^effective_io_concurrency = .*|effective_io_concurrency = 200|""$PGCONF"
# Trigger autovacuum earlier on large Nextcloud tables (e.g. oc_filecache, oc_activity)
# to prevent table bloat accumulating before the default 20% threshold is reached
sed -i "s|^#autovacuum_vacuum_scale_factor = .*|autovacuum_vacuum_scale_factor = 0.05|""$PGCONF"
sed -i "s|^autovacuum_vacuum_scale_factor = .*|autovacuum_vacuum_scale_factor = 0.05|""$PGCONF"
sed -i "s|^#autovacuum_analyze_scale_factor = .*|autovacuum_analyze_scale_factor = 0.02|""$PGCONF"
sed -i "s|^autovacuum_analyze_scale_factor = .*|autovacuum_analyze_scale_factor = 0.02|""$PGCONF"
echo"listen: 127.0.0.1:4222"| tee /etc/nats.conf;\
# write_deadline: "10s" — without a write deadline, a lagging subscriber can stall the broker indefinitely, blocking all other signaling messages.
# max_payload: 8MB — the default is 1 MB; signaling payloads in large meetings (many participants, ICE candidates) can exceed this, causing dropped messages.
printf'listen: 127.0.0.1:4222\nwrite_deadline: "10s"\nmax_payload: 8MB\n'| tee /etc/nats.conf;\
# connectionsperhost: This is the HTTP keep-alive connection pool size from the signaling server to the Nextcloud backend.
# Under load (many concurrent calls joining/leaving simultaneously) a pool of 8 creates a queue bottleneck for backend authentication and session lookups, thus increasing to 32.
This container bundles caddy and auto-configures it for you. It also covers [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) by listening on `bw.$NC_DOMAIN`, if installed. It also covers [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart) by listening on `mail.$NC_DOMAIN`, if installed. It also covers [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) by listening on `media.$NC_DOMAIN`, if installed. It also covers [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) by listening on `ldap.$NC_DOMAIN`, if installed. It also covers [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb) by listening on `tables.$NC_DOMAIN`, if installed. It also covers [jellyseerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr) by listening on `requests.$NC_DOMAIN`, if installed. It also covers [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter) by listening on `metrics.$NC_DOMAIN`, if installed. It also covers [LocalAI](https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai) by listening on `ai.$NC_DOMAIN`, if installed.
This container bundles caddy and auto-configures it for you. It also covers [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) by listening on `bw.$NC_DOMAIN`, if installed. It also covers [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart) by listening on `mail.$NC_DOMAIN`, if installed. It also covers [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) by listening on `media.$NC_DOMAIN`, if installed. It also covers [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) by listening on `ldap.$NC_DOMAIN`, if installed. It also covers [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb) by listening on `tables.$NC_DOMAIN`, if installed. It also covers [seerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr) by listening on `requests.$NC_DOMAIN`, if installed. It also covers [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter) by listening on `metrics.$NC_DOMAIN`, if installed. It also covers [LocalAI](https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai) by listening on `ai.$NC_DOMAIN`, if installed.
### Notes
- This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
@@ -12,11 +12,12 @@ This container bundles caddy and auto-configures it for you. It also covers [vau
- If you want to use this with [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin), make sure that you point `media.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyfin.
- If you want to use this with [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap), make sure that you point `ldap.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for lldap.
- If you want to use this with [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb), make sure that you point `tables.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for nocodb.
- If you want to use this with [jellyseerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr), make sure that you point `requests.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyseerr.
- If you want to use this with [seerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr), make sure that you point `requests.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for seerr.
- If you want to use this with [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter), make sure that you point `metrics.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for nextcloud-exporter.
- If you want to use this with [local AI](https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai), make sure that you point `ai.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for local AI.
- After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!
- You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management
- You can add your own Caddy configurations in the folder `nextcloud-aio-caddy/caddy-imports` in the files app of the default `admin` user. You need to create that folder manually. These will be imported on container startup.
- You can alternatively add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup. **Please note:** If you do not have CLI access to the server use the previous option or run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management
- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
- If you want to remove the container again and revert back to the default, you need to disable the container via the AIO-interface and follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#8-removing-the-reverse-proxy
This container starts Glances, a web-based info-board, and auto-configures it for you.
> [!CAUTION]
> This container mounts the docker-socket from the host-system.
### Notes
- After adding and starting the container, you can directly visit http://ip.address.of.server:61208/ and access your new Glances instance!
- It is recommended to start this container only in home networks, because there is no built-in authentication. But you can do a http-auth with your proxy.
- In order to access your Glances outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md).
- The data of Glances will be automatically included in AIO's backup solution!
- See [here](https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers) how to add it to the AIO stack.
This container bundles Home Assistant and auto-configures it for you.
### Notes
- This container should only be run in home networks since Home Assistant is designed for local home automation.
- After adding and starting the container, you can visit `http://ip.address.of.this.server:8123` in order to set up your Home Assistant instance.
- The data of Home Assistant will be automatically included in AIOs backup solution!
- In order to access your Home Assistant outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md).
- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
This container bundles Jellyseerr and auto-configures it for you.
## Seerr
This container bundles Seerr and auto-configures it for you.
### Notes
- **Migration from Jellyseerr**: Jellyseer previously ran as the root user. With the migration to Seerr, the container now runs rootless with userid 1000, meaning that if you previously used Jellyseerr, Seerr will not be able to access the config files generated by the old Jellyseerr container. To migrate, execute the following steps: 1. stop all containers using the AIO-interface, 2. run `sudo docker run --rm -v nextcloud_aio_jellyseerr:/data alpine chown -R 1000:1000 /data`
- This container is only intended to be used inside home networks as it uses http for its management page by default.
- After adding and starting the container, you can directly visit `http://ip.address.of.server:5055` and access your new Jellyseerr instance, which can be used to manage Plex, Jellyfin, and Emby.
- In order to access your Jellyseerr outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) and [Jellyseerr's reverse proxy documentation.](https://docs.jellyseerr.dev/extending-jellyseerr/reverse-proxy), OR use the Caddy community container that will automatically configure requests.$NC_DOMAIN to redirect to your Jellyseerr. Note that it is recommended to [enable CSRF protection in Jellyseerr](https://docs.jellyseerr.dev/using-jellyseerr/settings/general#enable-csrf-protection) for added security if you plan to use Jellyseerr outside the local network, but make sure to read up on it and understand the caveats first.
- If you want to secure the installation with fail2ban, you might want to check out https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban. Note that [enabling the proxy support option in Jellyseerr](https://docs.jellyseerr.dev/using-jellyseerr/settings/general#enable-proxy-support) is required for this to work properly.
- The config of Jellyseerr will be automatically included in AIO's backup solution!
- After adding and starting the container, you can directly visit `http://ip.address.of.server:5055` and access your new Seerr instance, which can be used to manage Plex, Jellyfin, and Emby.
- In order to access your Seerr outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) and [Seerr's reverse proxy documentation.](https://docs.seerr.dev/extending-Seerr/reverse-proxy), OR use the Caddy community container that will automatically configure requests.$NC_DOMAIN to redirect to your Seerr. Note that it is recommended to [enable CSRF protection in Seerr](https://docs.seerr.dev/using-Seerr/settings/general#enable-csrf-protection) for added security if you plan to use Seerr outside the local network, but make sure to read up on it and understand the caveats first.
- If you want to secure the installation with fail2ban, you might want to check out https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban. Note that [enabling the proxy support option in Seerr](https://docs.seerr.dev/using-Seerr/settings/general#enable-proxy-support) is required for this to work properly.
- The config of Seerr will be automatically included in AIO's backup solution!
- See [here](https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers) how to add it to the AIO stack.
This container bundles a LanguageTool for Collabora which adds spell checking functionality to Collabora.
## LanguageTool for Nextcloud Office
This container bundles a LanguageTool for Nextcloud Office which adds spell checking functionality to Nextcloud Office.
### Notes
- Make sure to have collabora enabled via the AIO interface
- After adding this container via the AIO Interface, while all containers are still stopped, you need to scroll down to the `Additional Collabora options` section and enter `--o:languagetool.enabled=true --o:languagetool.base_url=http://nextcloud-aio-languagetool:8010/v2`.
- Make sure to have Nextcloud Office enabled via the AIO interface
- After adding this container via the AIO Interface, while all containers are still stopped, you need to scroll down to the `Additional Nextcloud Office options` section and enter `--o:languagetool.enabled=true --o:languagetool.base_url=http://nextcloud-aio-languagetool:8010/v2`.
- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
@@ -5,7 +5,6 @@ This container bundles Local AI and auto-configures it for you. It support hardw
Documentation is available on the container repository. This documentation is regularly updated and is intended to be as simple and detailed as possible. Thanks for all your feedback!
- See https://github.com/docjyJ/aio-local-ai-vulkan#getting-started for getting start with this container.
- See [this guide](https://github.com/nextcloud/all-in-one/discussions/5430) for how to improve AI task pickup speed
- Note that Nextcloud supports only one server for AI queries, so this container cannot be used at the same time as other AI containers.
- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
@@ -4,9 +4,65 @@ This directory features containers that are built for AIO which allows to add ad
## Disclaimers
All containers that are in this directory are community maintained so the responsibility is on the community to keep them updated and secure. There is no guarantee that this will be the case in the future.
Starting with v11 of AIO, the management of Community Containers is done via the AIO interface (it is the last section in the AIO interface, so only visible if you scroll down).
⚠️⚠️⚠️ Please review the folder for documentation on each of the containers before adding them! Not reviewing the documentation for each of them first might break starting the AIO containers because e.g. fail2ban only works on Linux and not on Docker Desktop! **Hint:** If the containers where running already, in order to actually start the added container, you need to click on `Stop containers` and the `Update and start containers` in order to actually start it.
⚠️⚠️⚠️ Please review the folder for documentation on each of the containers before adding them! Not reviewing the documentation for each of them first might break starting the AIO containers because some containers are not compatible with each other and more.
## How to add containers?
Simply submit a PR by creating a new folder in this directory: https://github.com/nextcloud/all-in-one/tree/main/community-containers with the name of your container. It must include a json file with the same name and with correct syntax and a readme.md with additional information. You might get inspired by caddy, fail2ban, local-ai, libretranslate, plex, pi-hole or vaultwarden (subfolders in this directory). For a full-blown example of the json file, see https://github.com/nextcloud/all-in-one/blob/main/php/containers.json. The json-schema that it validates against can be found here: https://github.com/nextcloud/all-in-one/blob/main/php/containers-schema.json.
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config# This line is not allowed to be changed as otherwise the built-in backup solution will not work
- /var/run/docker.sock:/var/run/docker.sock:ro# May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'WATCHTOWER_DOCKER_SOCKET_PATH'!
# devices: ["/dev/dri"] # Uncomment to enable hardware acceleration. ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don't add this as otherwise the mastercontainer will fail to start! See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud
network_mode:bridge# This adds the container to the same network as docker run would do. Comment this line and uncomment the line below and the networks section at the end of the file if you want to define a custom MTU size for the docker network
# networks: ["nextcloud-aio"]
ports:
- 80:80# Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
- 8080:8080# This is the AIO interface, served via https and self-signed certificate. See https://github.com/nextcloud/all-in-one#explanation-of-used-ports
- 8443:8443# Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
- "80:80"# Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
- "8080:8080"# This is the AIO interface, served via https and self-signed certificate. See https://github.com/nextcloud/all-in-one#explanation-of-used-ports
- "8443:8443"# Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
# security_opt: ["label:disable"] # Is needed when using SELinux. See https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled
# environment: # Is needed when using any of the options below
# AIO_DISABLE_BACKUP_SECTION: false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section
@@ -33,7 +34,6 @@ services:
# NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
# NEXTCLOUD_ADDITIONAL_APKS: imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container
# NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
# NEXTCLOUD_ENABLE_DRI_DEVICE: true # This allows to enable the /dev/dri device for containers that profit from it. ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don't set this to true as otherwise the Nextcloud container will fail to start! See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud
# NEXTCLOUD_ENABLE_NVIDIA_GPU: true # This allows to enable the NVIDIA runtime and GPU access for containers that profit from it. ⚠️⚠️⚠️ Warning: this only works if an NVIDIA gpu is installed on the server. See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud.
# NEXTCLOUD_KEEP_DISABLED_APPS: false # Setting this to true will keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed. See https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps
# SKIP_DOMAIN_VALIDATION: false # This should only be set to true if things are correctly configured. See https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation
**Please note:** Due to a bug in Collabora is the Collabora container currently in rootless mode not working. See https://github.com/CollaboraOnline/online/issues/2800. In that case, you need to run a separate Collabora instance on your own if you want to use this feature. The following flag will be useful https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps.
You can run AIO with docker rootless by following the steps below.
0. If docker is already installed, you should consider disabling it first: (`sudo systemctl disable --now docker.service docker.socket`)
@@ -9,7 +7,7 @@ You can run AIO with docker rootless by following the steps below.
1. If you need ipv6 support, you should enable it by following https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md.
1. Do not forget to set the mentioned environmental variables `PATH` and `DOCKER_HOST` and in best case add them to your `~/.bashrc` file as shown!
1. Also do not forget to run `loginctl enable-linger USERNAME` (and substitute USERNAME with the correct one) in order to make sure that user services are automatically started after every reboot.
1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`). If you require the correct source IP you must expose them via `/etc/sysctl.conf`, [see note below](#note-regarding-docker-network-driver).
1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/tips/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`). If you require the correct source IP you must expose them via `/etc/sysctl.conf`, [see note below](#note-regarding-docker-network-driver).
1. Use the official AIO startup command but use `--volume $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro` instead of `--volume /var/run/docker.sock:/var/run/docker.sock:ro` and also add `--env WATCHTOWER_DOCKER_SOCKET_PATH=$XDG_RUNTIME_DIR/docker.sock` to the initial container startup (which is needed for mastercontainer updates to work correctly). When you are using Portainer to deploy AIO, the variable `$XDG_RUNTIME_DIR` is not available. In this case, it is necessary to manually add the path (e.g. `/run/user/1000/docker.sock`) to the Docker compose file to replace the `$XDG_RUNTIME_DIR` variable. If you are not sure how to get the path, you can run on the host: `echo $XDG_RUNTIME_DIR`.
1. Now everything should work like without docker rootless. You can consider using docker-compose for this or running it behind a reverse proxy. Basically the only thing that needs to be adjusted always in the startup command or compose.yaml file (after installing docker rootles) are things that are mentioned in point 3.
1. ⚠️ **Important:** Please read through all notes below!
@@ -3,15 +3,23 @@ It is possible due to several reasons that you do not want or cannot open Nextcl
### Content
- [1. Tailscale](#1-tailscale)
- [2. The normal way](#2-the-normal-way)
- [3. Use the ACME DNS-challenge](#3-use-the-acme-dns-challenge)
- [4. Use Cloudflare](#4-use-cloudflare)
- [5. Buy a certificate and use that](#5-buy-a-certificate-and-use-that)
- [2. Pangolin](#2-pangolin)
- [3. The normal way](#3-the-normal-way)
- [4. Use the ACME DNS-challenge](#4-use-the-acme-dns-challenge)
- [5. Use Cloudflare](#5-use-cloudflare)
- [6. Buy a certificate and use that](#6-buy-a-certificate-and-use-that)
## 1. Tailscale
This is the recommended way. For a reverse proxy example guide for Tailscale, see this guide by [@Perseus333](https://github.com/Perseus333): https://github.com/nextcloud/all-in-one/discussions/6817
## 2. The normal way
## 2. Pangolin
[Pangolin](https://pangolin.net/) is an open-source, WireGuard-based remote access platform similar in concept to Tailscale. It uses the **Newt** connector to create outbound-only encrypted tunnels — no inbound ports need to be opened on your firewall. Pangolin handles TLS automatically, providing a valid certificate for your Nextcloud domain.
You can use either [Pangolin Cloud](https://app.pangolin.net/) (free tier available) or [self-host your own Pangolin server](https://docs.pangolin.net/self-host/quick-install) on a VPS. For private/local-only access, self-hosting Pangolin on a machine within your local network means that Nextcloud never needs to be exposed to the public internet.
For the reverse proxy configuration details and a step-by-step setup guide, see the [Pangolin section in the reverse proxy documentation](./reverse-proxy.md#pangolin).
## 3. The normal way
The normal way is the following:
1. Set up your domain correctly to point to your home network
1. Set up a reverse proxy by following the [reverse proxy documentation](./reverse-proxy.md) but only open port 80 (which is needed for the ACME challenge to work - however no real traffic will use this port).
@@ -21,12 +29,12 @@ The normal way is the following:
**Hint:** You may have a look at [this video](https://youtu.be/zk-y2wVkY4c) for a more complete but possibly outdated example.
## 3. Use the ACME DNS-challenge
## 4. Use the ACME DNS-challenge
You can alternatively use the ACME DNS-challenge to get a valid certificate for Nextcloud. Here is described how to set it up using an external caddy reverse proxy: https://github.com/nextcloud/all-in-one#how-to-get-nextcloud-running-using-the-acme-dns-challenge
## 4. Use Cloudflare
## 5. Use Cloudflare
If you do not have any control over the network, you may think about using Cloudflare Tunnel to get a valid certificate for your Nextcloud. However it will be opened to the public internet then. See https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-tunnel how to set this up.
## 5. Buy a certificate and use that
## 6. Buy a certificate and use that
If none of the above ways work for you, you may simply buy a certificate from an issuer for your domain. You then download the certificate onto your server, configure AIO in [reverse proxy mode](./reverse-proxy.md) and use the certificate for your domain in your reverse proxy config.
@@ -12,7 +12,7 @@ You can run the containers that are build for AIO with docker-compose. This come
- You lose the AIO interface
- You lose update notifications and automatic updates
- You lose all AIO backup and restore features
- You lose the built-in [Docker Socket Proxy container](https://github.com/nextcloud/docker-socket-proxy#readme) (needed for [Nextcloud App API](https://github.com/nextcloud/app_api#nextcloud-appapi))
- You lose the built-in [Docker Socket Proxy container](https://github.com/nextcloud/docker-socket-proxy#readme) and [HaRP container](https://github.com/nextcloud/HaRP) (needed for [Nextcloud App API](https://github.com/nextcloud/app_api#nextcloud-appapi))
- You lose all community containers: https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers
- **You need to know what you are doing, especially when modifying the compose.yaml file**
- For updating, you need to strictly follow the at the bottom described update routine
@@ -34,7 +34,7 @@ NEXTCLOUD_DATADIR=nextcloud_aio_nextcloud_data # You can change this to
NEXTCLOUD_MAX_TIME=3600 # This allows to change the upload time limit of the Nextcloud container
NEXTCLOUD_MEMORY_LIMIT=512M # This allows to change the PHP memory limit of the Nextcloud container
NEXTCLOUD_MOUNT=/mnt/ # This allows the Nextcloud container to access directories on the host. It must never be equal to the value of NEXTCLOUD_DATADIR!
NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes" # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes" # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. You can also disable apps by using a hyphen in front of them. E.g. "-app_api"
NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.
NEXTCLOUD_UPLOAD_LIMIT=16G # This allows to change the upload limit of the Nextcloud container
REMOVE_DISABLED_APPS=yes # Setting this to no keep Nextcloud apps that are disabled via their switch and not uninstall them if they should be installed in Nextcloud.
OUTPUT="$(echo"$OUTPUT"| jq '.services[] |= if has("depends_on") then .depends_on |= if contains(["nextcloud-aio-docker-socket-proxy"]) then del(.[index("nextcloud-aio-docker-socket-proxy")]) else . end else . end')"
OUTPUT="$(echo"$OUTPUT"| jq '.services[] |= if has("depends_on") then .depends_on |= if contains(["nextcloud-aio-harp"]) then del(.[index("nextcloud-aio-harp")]) else . end else . end')"
OUTPUT="$(echo"$OUTPUT"| jq '.services[] |= if has("depends_on") then .depends_on |= map({ (.): { "condition": "service_started", "required": false } }) else . end'| jq '.services[] |= if has("depends_on") then .depends_on |= reduce .[] as $item ({}; . + $item) else . end')"
sed -i '/DOCKER_SOCKET_PROXY_ENABLED/d' containers.yml
sed -i '/HARP_ENABLED/d' containers.yml
sed -i '/HP_SHARED_KEY/d' containers.yml
sed -i '/ADDITIONAL_TRUSTED_PROXY/d' containers.yml
sed -i '/TURN_DOMAIN/d' containers.yml
sed -i '/NC_AIO_VERSION/d' containers.yml
@@ -97,7 +101,7 @@ sed -i 's|NEXTCLOUD_PASSWORD=|NEXTCLOUD_PASSWORD= # TODO! This is the p
sed -i 's|TIMEZONE=|TIMEZONE=Europe/Berlin # TODO! This is the timezone that your containers will use.|' sample.conf
sed -i 's|COLLABORA_SECCOMP_POLICY=|COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true # Changing the value to false allows to disable the seccomp feature of the Collabora container.|' sample.conf
sed -i 's|FULLTEXTSEARCH_JAVA_OPTIONS=|FULLTEXTSEARCH_JAVA_OPTIONS="-Xms512M -Xmx512M" # Allows to adjust the fulltextsearch java options.|' sample.conf
sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes" # Allows to modify the Nextcloud apps that are installed on starting AIO the first time|' sample.conf
sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes" # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. You can also disable apps by using a hyphen in front of them. E.g. "-app_api"|' sample.conf
sed -i 's|NEXTCLOUD_ADDITIONAL_APKS=|NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.|' sample.conf
sed -i 's|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.|' sample.conf
sed -i 's|INSTALL_LATEST_MAJOR=|INSTALL_LATEST_MAJOR=no # Setting this to yes will install the latest Major Nextcloud version upon the first installation|' sample.conf
There are basically three ways how to migrate from an already existing Nextcloud installation to Nextcloud AIO (if you ran AIO on the former installation already, you can follow [these steps](https://github.com/nextcloud/all-in-one#how-to-migrate-from-aio-to-aio)):
1. Migrate only the files which is the easiest way (this excludes all calendar data for example)
1. Migrate the files and the database which is much more complicated (and doesn't work on former snap installations)
1. Migrate the files and the database which is much more complicated (with special handling required for former snap installations, see [below](#migrating-from-a-snap-installation))
1. Use the user_migration app that allows to migrate some of the user's data from a former instance to a new instance but needs to be done manually for each user
## Migrate only the files
@@ -21,7 +21,7 @@ The procedure for migrating only the files works like this:
1. If the restored data is older than any clients you want to continue to sync, for example if the server was down for a period of time during migration, you may want to take a look at [Synchronising with clients after migration](/migration.md#synchronising-with-clients-after-migration) below.
## Migrate the files and the database
**Please note**: this is much more complicated than migrating only the files and also not as failproof so be warned! Also, this will not work on former snap installations as the snap is read-only and thus you cannot install the necessary `pdo_pgsql` PHP extension. So if migratingfromsnap, you will need to use one of the other methods. However you could try to ask if the snaps maintainer could add this one small PHP extension to the snap here: https://github.com/nextcloud-snap/nextcloud-snap/issues which would allow for an easy migration.
**Please note**: this is much more complicated than migrating only the files and also not as failproof so be warned! If you are migrating from a snap installation, please first follow the [dedicated snap migration steps](#migrating-from-a-snap-installation) below, which show you how to perform the database conversion using a temporary Docker container. Once done, you can continue from step 5 of this guide.
The procedure for migrating the files and the database works like this:
1. Make sure that your old instance is on exactly the same version like the version used in Nextcloud AIO. (e.g. 23.0.0) You can find the used version here: [click here](https://github.com/nextcloud/all-in-one/search?l=Dockerfile&q=NEXTCLOUD_VERSION&type=). If not, simply upgrade your former installation to that version or wait until the version used in Nextcloud AIO got updated to the same version of your former installation or the other way around.
@@ -87,6 +87,130 @@ If not, feel free to restore the AIO instance from backup and start at step 8 ag
If the restored data is older than any clients you want to continue to sync, for example if the server was down for a period of time during migration, you may want to take a look at [Synchronising with clients after migration](/migration.md#synchronising-with-clients-after-migration) below.
### Migrating from a snap installation
**Disclaimer:** it might be possible that the guide below is not working 100% correctly, yet. Improvements to it are very welcome!
Since the Nextcloud snap is read-only, it is not possible to install the `pdo_pgsql` PHP extension inside the snap to perform the MySQL-to-PostgreSQL database conversion required by AIO. As a workaround, a temporary [nextcloud/docker](https://github.com/nextcloud/docker) container can be used as an intermediate environment that already includes `pdo_pgsql` and can convert the snap's MySQL database to PostgreSQL for you.
This procedure covers steps 1–3 of the regular migration above (version matching, app updates, and database conversion) and also produces the `database-dump.sql` needed for step 4. Once finished, continue from step 5 of the [Migrate the files and the database](#migrate-the-files-and-the-database) procedure above.
1. **Create a backup of the snap before doing anything else**, so you can restore the snap to its current state if anything goes wrong:
```
sudo snap save nextcloud
```
This creates a snapshot that can be restored later with `sudo snap restore <snapshot-id>`. The snapshot ID is shown in the output of `snap save`. You can also list existing snapshots with `snap saved`.
1. Note the exact Nextcloud version of your snap installation:
```
sudo nextcloud.occ -V
```
1. Make sure that this version matches exactly the version used in Nextcloud AIO. You can find the AIO version here: [click here](https://github.com/nextcloud/all-in-one/search?l=Dockerfile&q=NEXTCLOUD_VERSION&type=). If they do not match, upgrade your snap with `sudo snap refresh nextcloud --channel=<major-version>/stable` or wait for AIO to be updated to the same version.
1. Update all installed Nextcloud apps to their latest versions:
```
sudo nextcloud.occ app:update --all
```
1. Retrieve the necessary configuration values from the snap using `nextcloud.occ` and store them in environment variables. Do this **before** stopping the snap, as `nextcloud.occ` requires the snap services to be running:
1. Start a temporary PostgreSQL container as the migration target:
```
docker run -d \
--name postgres-migration \
--network nextcloud-migration \
-e POSTGRES_USER="$PG_USER" \
-e POSTGRES_PASSWORD="$PG_PASSWORD" \
-e POSTGRES_DB="$PG_DATABASE" \
postgres:16
```
1. Create a temporary config file for the migration container using the values retrieved in step 5:
```
cat > /tmp/migration-config.php << EOF
<?php
\$CONFIG = array(
'instanceid' => '$INSTANCEID',
'passwordsalt' => '$PASSWORDSALT',
'secret' => '$SECRET',
'dbtype' => 'mysql',
'dbname' => 'nextcloud',
'dbhost' => 'mysql-migration',
'dbport' => '',
'dbtableprefix' => '$TABLE_PREFIX',
'dbuser' => 'nextcloud',
'dbpassword' => '$MYSQL_PASSWORD',
'datadirectory' => '$SNAP_DATA',
'installed' => true,
);
EOF
```
1. Run a temporary nextcloud/docker container to convert the MySQL database to PostgreSQL. Note that the container image version must match the Nextcloud version you noted in step 2, and that `pdo_pgsql` is already included in the `nextcloud` Docker image:
**Please note:** The exact name of the database export file is important! (`database-dump.sql`)
1. Clean up the temporary containers and network:
```
docker rm -f mysql-migration postgres-migration
docker network rm nextcloud-migration
```
1. You now have a `~/database-dump.sql`. Continue from step 5 of the [Migrate the files and the database](#migrate-the-files-and-the-database) procedure above. When those steps ask for your old data directory path, use the `$SNAP_DATA` value noted in step 5 (typically `/var/snap/nextcloud/common`). If you have opened a new shell session since then, you can retrieve it again with `sudo nextcloud.occ config:system:get datadirectory` (requires the snap to be running) or read it directly from `/var/snap/nextcloud/current/nextcloud/config/config.php`.
1. Once you have verified that the migration to AIO was successful and everything is working correctly, you can permanently remove the Nextcloud snap from your system:
```
sudo snap remove --purge nextcloud
```
The `--purge` flag removes the snap along with all its saved snapshots and data. Omit it if you want to keep the snap snapshots as a fallback. **Only do this after you are fully satisfied that your AIO instance is working correctly**, as this action cannot be undone.
## Use the user_migration app
A new way since the Nextcloud update to 24 is to use the new [user_migration app](https://apps.nextcloud.com/apps/user_migration#app-gallery). It allows to export the most important data on one instance and import it on a different Nextcloud instance. For that, you need to install and enable the user_migration app on your old instance, trigger the export for the user, create the user on the new instance, log in with that user and import the archive that was created during the export. This then needs to be done for each user that you want to migrate.
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
