Merge pull request #4783 from nextcloud/enh/noid/add-daily-backup-note

aio interface: add hint what to do if daily backup gets stuck

Containers/apache/Caddyfile

@@ -53,11 +53,11 @@ https://{$ADDITIONAL_TRUSTED_DOMAIN}:443,
 
     # Nextcloud
     route {
-        rewrite /.well-known/carddav /remote.php/dav/
-        rewrite /.well-known/caldav /remote.php/dav/
         header Strict-Transport-Security max-age=31536000;
-        reverse_proxy localhost:8000
+        reverse_proxy 127.0.0.1:8000
     }
+    redir /.well-known/carddav /remote.php/dav/ 301
+    redir /.well-known/caldav /remote.php/dav/ 301
 
     # TLS options
     tls {

Containers/apache/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM caddy:2.7.6-alpine as caddy
+FROM caddy:2.8.4-alpine as caddy
 
 FROM httpd:2.4.59-alpine3.19
 

Containers/apache/healthcheck.sh

@@ -1,8 +1,8 @@
 #!/bin/bash
 
 nc -z "$NEXTCLOUD_HOST" 9000 || exit 0
-nc -z localhost 8000 || exit 1
-nc -z localhost "$APACHE_PORT" || exit 1
+nc -z 127.0.0.1 8000 || exit 1
+nc -z 127.0.0.1 "$APACHE_PORT" || exit 1
 if ! nc -z "$NC_DOMAIN" 443; then
     echo "Could not reach $NC_DOMAIN on port 443."
     exit 1

Containers/clamav/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.3.1-53
+FROM clamav/clamav:1.3.1-54
 
 COPY clamav.conf /tmp/clamav.conf
 

Containers/collabora/Dockerfile

@@ -17,5 +17,5 @@ RUN set -ex; \
 
 USER 100
 
-HEALTHCHECK CMD nc -z localhost 9980 || exit 1
+HEALTHCHECK CMD nc -z 127.0.0.1 9980 || exit 1
 LABEL com.centurylinklabs.watchtower.enable="false"

Containers/docker-socket-proxy/healthcheck.sh

@@ -1,4 +1,4 @@
 #!/bin/bash
 
 nc -z "$NEXTCLOUD_HOST" 9001 || exit 0
-nc -z localhost 2375 || exit 1
+nc -z 127.0.0.1 2375 || exit 1

Containers/domaincheck/Dockerfile

@@ -16,5 +16,5 @@ COPY --chmod=775 start.sh /start.sh
 USER www-data
 ENTRYPOINT ["/start.sh"]
 
-HEALTHCHECK CMD nc -z localhost $APACHE_PORT || exit 1
+HEALTHCHECK CMD nc -z 127.0.0.1 $APACHE_PORT || exit 1
 LABEL com.centurylinklabs.watchtower.enable="false"

Containers/fulltextsearch/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.13.4
+FROM elasticsearch:8.14.0
 
 USER root
 
@@ -19,5 +19,5 @@ RUN set -ex; \
 
 USER 1000:0
 
-HEALTHCHECK CMD nc -z localhost 9200 || exit 1
+HEALTHCHECK CMD nc -z 127.0.0.1 9200 || exit 1
 LABEL com.centurylinklabs.watchtower.enable="false"

Containers/imaginary/Dockerfile

@@ -38,5 +38,5 @@ USER nobody
 ENV MALLOC_ARENA_MAX=2
 ENTRYPOINT ["/start.sh"]
 
-HEALTHCHECK CMD nc -z localhost "$PORT" || exit 1
+HEALTHCHECK CMD nc -z 127.0.0.1 "$PORT" || exit 1
 LABEL com.centurylinklabs.watchtower.enable="false"

Containers/mastercontainer/Caddyfile

@@ -16,7 +16,7 @@
     }
 
     on_demand_tls {
-        ask http://localhost:9876/
+        ask http://127.0.0.1:9876/
     }
 }
 
@@ -26,7 +26,7 @@ http://:80 {
 
 https://:8443 {
 
-    reverse_proxy localhost:8000
+    reverse_proxy 127.0.0.1:8000
 
     tls {
         on_demand

Containers/mastercontainer/Dockerfile

@@ -1,9 +1,9 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:26.1.3-cli as docker
+FROM docker:26.1.4-cli as docker
 
 # Caddy is a requirement
-FROM caddy:2.7.6-alpine as caddy
+FROM caddy:2.8.4-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.3/alpine3.19/fpm/Dockerfile
 FROM php:8.3.7-fpm-alpine3.19

Containers/mastercontainer/healthcheck.sh

@@ -1,10 +1,10 @@
 #!/bin/bash
 
 if [ -f "/mnt/docker-aio-config/data/configuration.json" ]; then
-    nc -z localhost 80 || exit 1
-    nc -z localhost 8000 || exit 1
-    nc -z localhost 8080 || exit 1
-    nc -z localhost 8443 || exit 1
-    nc -z localhost 9000 || exit 1
-    nc -z localhost 9876 || exit 1
+    nc -z 127.0.0.1 80 || exit 1
+    nc -z 127.0.0.1 8000 || exit 1
+    nc -z 127.0.0.1 8080 || exit 1
+    nc -z 127.0.0.1 8443 || exit 1
+    nc -z 127.0.0.1 9000 || exit 1
+    nc -z 127.0.0.1 9876 || exit 1
 fi

Containers/mastercontainer/mastercontainer.conf

@@ -19,7 +19,7 @@ Listen 8080
 
     # PHP match
     <FilesMatch "\.php$">
-        SetHandler "proxy:fcgi://localhost:9000"
+        SetHandler "proxy:fcgi://127.0.0.1:9000"
     </FilesMatch>
     # Master dir
     DocumentRoot /var/www/docker-aio/php/public/
@@ -41,8 +41,8 @@ Listen 8080
 # Https host
 <VirtualHost *:8080>
     # Proxy to https
-    ProxyPass / http://localhost:8000/
-    ProxyPassReverse / http://localhost:8000/
+    ProxyPass / http://127.0.0.1:8000/
+    ProxyPassReverse / http://127.0.0.1:8000/
     ProxyPreserveHost On
     # SSL
     SSLCertificateKeyFile /etc/apache2/certs/ssl.key

Containers/nextcloud/Dockerfile

@@ -7,7 +7,7 @@ ENV PHP_MAX_TIME 3600
 ENV SOURCE_LOCATION /usr/src/nextcloud
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION 28.0.6
+ENV NEXTCLOUD_VERSION 29.0.2
 ENV AIO_TOKEN 123456
 ENV AIO_URL localhost
 # AIO settings end # Do not remove or change this line!
@@ -118,6 +118,7 @@ RUN set -ex; \
         echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \
         echo 'max_execution_time=${PHP_MAX_TIME}'; \
         echo 'max_input_time=${PHP_MAX_TIME}'; \
+        echo 'default_socket_timeout=600'; \
     } > /usr/local/etc/php/conf.d/nextcloud.ini; \
     \
     { \

Containers/nextcloud/healthcheck.sh

@@ -10,6 +10,6 @@ fi
 # shellcheck disable=SC2153
 nc -z "$POSTGRES_HOST" "$POSTGRES_PORT" || exit 0
 
-if ! nc -z localhost 9000; then
+if ! nc -z 127.0.0.1 9000; then
     exit 1
 fi

Containers/notify-push/healthcheck.sh

@@ -4,4 +4,4 @@ if ! nc -z "$NEXTCLOUD_HOST" 9001; then
     exit 0
 fi
 
-nc -z localhost 7867 || exit 1
+nc -z 127.0.0.1 7867 || exit 1

Containers/onlyoffice/Dockerfile

@@ -4,5 +4,5 @@ FROM onlyoffice/documentserver:8.0.1.1
 
 # USER root is probably used
 
-HEALTHCHECK CMD nc -z localhost 80 || exit 1
+HEALTHCHECK CMD nc -z 127.0.0.1 80 || exit 1
 LABEL com.centurylinklabs.watchtower.enable="false"

Containers/postgresql/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/docker-library/postgres/blob/master/15/alpine/Dockerfile
-FROM postgres:15.7-alpine
+FROM postgres:16.3-alpine
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

Containers/postgresql/healthcheck.sh

@@ -2,4 +2,4 @@
 
 test -f "/mnt/data/backup-is-running" && exit 0
 
-psql -d "postgresql://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@localhost:5432/$POSTGRES_DB" -c "select now()" || exit 1
+psql -d "postgresql://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@127.0.0.1:5432/$POSTGRES_DB" -c "select now()" || exit 1

Containers/postgresql/start.sh

@@ -85,7 +85,7 @@ if ( [ -f "$DATADIR/PG_VERSION" ] && [ "$PG_MAJOR" != "$(cat "$DATADIR/PG_VERSIO
     exec docker-entrypoint.sh postgres &
 
     # Wait for creation
-    while ! psql -d "postgresql://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@localhost:11000/$POSTGRES_DB" -c "select now()"; do
+    while ! psql -d "postgresql://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@127.0.0.1:11000/$POSTGRES_DB" -c "select now()"; do
         echo "Waiting for the database to start."
         sleep 5
     done

Containers/talk-recording/Dockerfile

@@ -54,5 +54,5 @@ USER recording
 ENTRYPOINT ["/start.sh"]
 CMD ["python", "-m", "nextcloud.talk.recording", "--config", "/conf/recording.conf"]
 
-HEALTHCHECK CMD nc -z localhost 1234 || exit 1
+HEALTHCHECK CMD nc -z 127.0.0.1 1234 || exit 1
 LABEL com.centurylinklabs.watchtower.enable="false"

Containers/talk/healthcheck.sh

@@ -1,11 +1,7 @@
 #!/bin/bash
 
-nc -z localhost 8081 || exit 1
-nc -z localhost 8188 || exit 1
-nc -z localhost 4222 || exit 1
-nc -z localhost "$TALK_PORT" || exit 1
+nc -z 127.0.0.1 8081 || exit 1
+nc -z 127.0.0.1 8188 || exit 1
+nc -z 127.0.0.1 4222 || exit 1
+nc -z 127.0.0.1 "$TALK_PORT" || exit 1
 eturnalctl status || exit 1
-if ! nc -z "$NC_DOMAIN" "$TALK_PORT"; then
-    echo "Could not reach $NC_DOMAIN on port $TALK_PORT."
-    exit 1
-fi

app/appinfo/info.xml

@@ -5,7 +5,7 @@
 	<name>Nextcloud All-in-One</name>
 	<summary>Provides a login link for admins.</summary>
 	<description>Add a link to the admin settings that gives access to the Nextcloud All-in-One admin interface</description>
-	<version>0.5.0</version>
+	<version>0.6.0</version>
 	<licence>agpl</licence>
 	<author>Azul</author>
 	<namespace>AllInOne</namespace>
@@ -13,7 +13,7 @@
 	<category>monitoring</category>
 	<bugs>https://github.com/nextcloud/all-in-one/issues</bugs>
 	<dependencies>
-		<nextcloud min-version="27" max-version="28"/>
+		<nextcloud min-version="28" max-version="29"/>
 	</dependencies>
 
 	<settings>

community-containers/facerecognition/facerecognition.json

@@ -10,10 +10,11 @@
             "restart": "unless-stopped",
             "environment": [
                 "TZ=%TIMEZONE%",
-                "API_KEY=some-super-secret-api-key"
+                "API_KEY=some-super-secret-api-key",
+                "FACE_MODEL=3"
             ],
             "aio_variables": [
-                "nextcloud_memory_limit=4096M"
+                "nextcloud_memory_limit=2048M"
             ],
             "nextcloud_exec_commands": [
                 "php /var/www/html/occ app:install facerecognition",
@@ -21,7 +22,7 @@
                 "php /var/www/html/occ config:system:set facerecognition.external_model_url --value nextcloud-aio-facerecognition:5000",
                 "php /var/www/html/occ config:system:set facerecognition.external_model_api_key --value some-super-secret-api-key",
                 "php /var/www/html/occ face:setup -m 5",
-                "php /var/www/html/occ face:setup -M 4G",
+                "php /var/www/html/occ face:setup -M 1G",
                 "php /var/www/html/occ config:app:set facerecognition analysis_image_area --value 4320000",
                 "php /var/www/html/occ config:system:set enabledFaceRecognitionMimetype 0 --value image/jpeg",
                 "php /var/www/html/occ config:system:set enabledFaceRecognitionMimetype 1 --value image/png",

community-containers/stalwart/readme.md

@@ -15,7 +15,7 @@ This container bundles stalwart mail server and auto-configures it for you.
 - You need to configure a reverse proxy in order to run this container since stalwart needs a dedicated (sub)domain! For that, you might have a look at https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy.
 - Currently, only `mail.$NC_DOMAIN` is supported as subdomain! So if Nextcloud is using `your-domain.com`, Stalwart will use `mail.your-domain.com`.
 - The data of Stalwart will be automatically included in AIOs backup solution!
-- After adding and starting the container, you need to run `docker logs nextcloud-aio-stalwart` to obtain the system administrator account and password. With this information, you can log in to the web interface at `https://mail.your-domain.com/login`
+- After adding and starting the container, you need to run `docker inspect nextcloud-aio-stalwart  | grep STALWART_USER_PASS` to obtain the system administrator password (username: `admin`). With this information, you can log in to the web interface at `https://mail.your-domain.com/login`
 - See https://stalw.art/docs/install/docker/ for next steps.
 - Additionally, you might want to install and configure [snappymail](https://apps.nextcloud.com/apps/snappymail) or [mail](https://apps.nextcloud.com/apps/mail) inside Nextcloud in order to use your mail accounts for sending and retrieving mails.
 - See https://stalw.art/docs/faq for further faq and docs on the project

community-containers/stalwart/stalwart.json

@@ -47,7 +47,11 @@
             ],
             "environment": [
                 "TZ=%TIMEZONE%",
-                "NC_DOMAIN=%NC_DOMAIN%"
+                "NC_DOMAIN=%NC_DOMAIN%",
+                "STALWART_USER_PASS=%STALWART_USER_PASS%"
+            ],
+            "secrets": [
+                "STALWART_USER_PASS"
             ],
             "volumes": [
                 {

php/src/Docker/DockerActionManager.php

@@ -44,7 +44,7 @@ class DockerActionManager
     }
 
     private function BuildApiUrl(string $url) : string {
-        return sprintf('http://localhost/%s/%s', self::API_VERSION, $url);
+        return sprintf('http://127.0.0.1/%s/%s', self::API_VERSION, $url);
     }
 
     private function BuildImageName(Container $container) : string {
@@ -223,12 +223,12 @@ class DockerActionManager
     public function CreateContainer(Container $container) : void {
         $volumes = [];
         foreach ($container->GetVolumes()->GetVolumes() as $volume) {
-            // NEXTCLOUD_MOUNT gets added via bind-mount later on
-            if ($container->GetIdentifier() === 'nextcloud-aio-nextcloud') {
-                if ($volume->name === $this->configurationManager->GetNextcloudMount()) {
-                    continue;
-                }
-            }
+            // // NEXTCLOUD_MOUNT gets added via bind-mount later on
+            // if ($container->GetIdentifier() === 'nextcloud-aio-nextcloud') {
+            //     if ($volume->name === $this->configurationManager->GetNextcloudMount()) {
+            //         continue;
+            //     }
+            // }
 
             $volumeEntry = $volume->name . ':' . $volume->mountPoint;
             if ($volume->isWritable) {
@@ -560,14 +560,14 @@ class DockerActionManager
         } elseif ($container->GetIdentifier() === 'nextcloud-aio-talk') {
             // This is needed due to a bug in libwebsockets which cannot handle unlimited ulimits
             $requestBody['HostConfig']['Ulimits'] = [["Name" => "nofile", "Hard" => 200000, "Soft" => 200000]];
-        // Special things for the nextcloud container which should not be exposed in the containers.json
-        } elseif ($container->GetIdentifier() === 'nextcloud-aio-nextcloud') {
-            foreach ($container->GetVolumes()->GetVolumes() as $volume) {
-                if ($volume->name !== $this->configurationManager->GetNextcloudMount()) {
-                    continue;
-                }
-                $mounts[] = ["Type" => "bind", "Source" => $volume->name, "Target" => $volume->mountPoint, "ReadOnly" => !$volume->isWritable, "BindOptions" => [ "Propagation" => "rshared"]];
-            }
+        // // Special things for the nextcloud container which should not be exposed in the containers.json
+        // } elseif ($container->GetIdentifier() === 'nextcloud-aio-nextcloud') {
+        //     foreach ($container->GetVolumes()->GetVolumes() as $volume) {
+        //         if ($volume->name !== $this->configurationManager->GetNextcloudMount()) {
+        //             continue;
+        //         }
+        //         $mounts[] = ["Type" => "bind", "Source" => $volume->name, "Target" => $volume->mountPoint, "ReadOnly" => !$volume->isWritable, "BindOptions" => [ "Propagation" => "rshared"]];
+        //     }
         // Special things for the caddy community container
         } elseif ($container->GetIdentifier() === 'nextcloud-aio-caddy') {
             $requestBody['HostConfig']['ExtraHosts'] = ['host.docker.internal:host-gateway'];

php/templates/containers.twig

@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v8.3.0</h1>
+        <h1>Nextcloud AIO v9.0.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>
@@ -31,7 +31,7 @@
         {% set isBackupOrRestoreRunning = false %}
         {% set isApacheStarting = false %}
         {# Setting newMajorVersion to '' will hide corresponding options/elements, can be set to an integer like 26 in order to show corresponding elements. If set, also increase installLatestMajor in https://github.com/nextcloud/all-in-one/blob/main/php/src/Controller/DockerController.php #}
-        {% set newMajorVersion = 29 %}
+        {% set newMajorVersion = '' %}
 
         {% if is_backup_container_running == true %}
             {% if borg_backup_mode == 'backup' or borg_backup_mode == 'restore' %}
@@ -70,7 +70,8 @@
             {% elseif automatic_updates == true %}
                 The whole process can take a while as your containers will be updated.<br /><br />
             {% endif %}
-            <a href="" class="button reload">Reload ↻</a><br/>
+            <a href="" class="button reload">Reload ↻</a><br/><br/>
+            If the daily bacckup should be stuck somehow, you can make it unstuck by running <strong>sudo docker exec nextcloud-aio-mastercontainer rm /mnt/docker-aio-config/data/daily_backup_running</strong> and afterwards reloading this interface.<br /><br />
         {% elseif isWatchtowerRunning == true %}
             <span class="status running"></span> Mastercontainer update currently running. Once the update is complete the mastercontainer will restart, making it unavailable for a moment. Please wait until it's done. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower" target="_blank" rel="noopener">Logs</a>)<br /><br />
             <a href="" class="button reload">Reload ↻</a><br/>

readme.md

@@ -310,10 +310,13 @@ You can switch to a different channel like e.g. the beta channel or from the bet
 ### How to update the containers?
 If we push new containers to `latest`, you will see in the AIO interface below the `containers` section that new container updates were found. In this case, just press `Stop containers` and `Start and update containers` in order to update the containers. The mastercontainer has its own update procedure though. See below. And don't forget to back up the current state of your instance using the built-in backup solution before starting the containers again! Otherwise you won't be able to restore your instance easily if something should break during the update. 
 
-If a new `Mastercontainer` update was found, you'll see an additional section below the `containers` section which shows that a mastercontainer update is available. If so, you can simply press on the button to update the container.
+If a new `mastercontainer` update was found, you'll see a note below the `Stop containers` button that allows to show the changelog. If you click that button and the containers are stopped, you will see a new button that allows to update the mastercontainer. After doing so and after the update is gone through, you will have the  option again to `Start and update containers`. It is recommended to create a backup before clicking the `Start and update containers` button.
 
 Additionally, there is a cronjob that runs once a day that checks for container and mastercontainer updates and sends a notification to all Nextcloud admins if a new update was found.
 
+#### How often are update notifications sent?
+AIO ships its own update notifications implementation. It checks if container updates are available. If so, it sends a notification with the title `Container updates available!` on saturdays to Nextcloud users that are part of the `admin` group. If the Nextcloud container image should be older than 90 days (~3 months) and thus badly outdated, AIO sends a notification to all Nextcloud users with the title `AIO is outdated!`. Thus admins should make sure to update the container images at least once every 3 months in order to make sure that the instance gets all security bugfixes as soon as possible.
+
 ### How to easily log in to the AIO interface?
 If your Nextcloud is running and you are logged in as admin in your Nextcloud, you can easily log in to the AIO interface by opening `https://yourdomain.tld/settings/admin/overview` which will show a button on top that enables you to log in to the AIO interface by just clicking on this button. **Note:** You can change the domain/ip-address/port of the button by simply stopping the containers, visiting the AIO interface from the correct and desired domain/ip-address/port and clicking once on `Start containers`.