mirror of
https://github.com/nextcloud/all-in-one.git
synced 2026-05-21 19:00:33 +00:00
Compare commits
25 Commits
v10.9.0
...
Anvil5465-
| Author | SHA1 | Date | |
|---|---|---|---|
|
1d5b39b98a | ||
|
|
25c580bca3 | ||
|
|
80920778fb | ||
|
|
d3ac48f352 | ||
|
|
13e9829a85 | ||
|
|
7cb96aed74 | ||
|
|
ecb2e1ad87 | ||
|
|
378346c9c1 | ||
|
|
edbdac6af4 | ||
|
|
a4fa22ec22 | ||
|
|
fa87a5ca6a | ||
|
|
c65eb16a15 | ||
|
|
3dffd46e8b | ||
|
|
7f76f622e1 | ||
|
|
ac2c97a08e | ||
|
|
d5c195aa0c | ||
|
|
5d090018f9 | ||
|
|
b8d08fc77b | ||
|
|
4669ad430c | ||
|
|
348a08a720 | ||
|
|
167c2dc389 | ||
|
|
4c14fa9b13 | ||
|
|
9b8a9de565 | ||
|
|
b9a04858ca | ||
|
|
91e99dcba9 |
6
.github/workflows/playwright.yml
vendored
6
.github/workflows/playwright.yml
vendored
@@ -29,7 +29,7 @@ jobs:
|
||||
run: |
|
||||
docker rm --force nextcloud-aio-{mastercontainer,apache,notify-push,nextcloud,redis,database,domaincheck,whiteboard,imaginary,talk,collabora,borgbackup} || true
|
||||
docker volume rm nextcloud_aio_{mastercontainer,apache,database,database_dump,nextcloud,nextcloud_data,redis,backup_cache,elasticsearch} || true
|
||||
docker pull nextcloud/all-in-one:develop
|
||||
docker pull ghcr.io/nextcloud-releases/all-in-one:develop
|
||||
docker run \
|
||||
-d \
|
||||
--init \
|
||||
@@ -40,7 +40,7 @@ jobs:
|
||||
--volume /var/run/docker.sock:/var/run/docker.sock:ro \
|
||||
--env SKIP_DOMAIN_VALIDATION=true \
|
||||
--env APACHE_PORT=11000 \
|
||||
nextcloud/all-in-one:develop
|
||||
ghcr.io/nextcloud-releases/all-in-one:develop
|
||||
echo Waiting for 10 seconds for the development container to start ...
|
||||
sleep 10
|
||||
|
||||
@@ -61,7 +61,7 @@ jobs:
|
||||
--volume /var/run/docker.sock:/var/run/docker.sock:ro \
|
||||
--env SKIP_DOMAIN_VALIDATION=false \
|
||||
--env APACHE_PORT=11000 \
|
||||
nextcloud/all-in-one:develop
|
||||
ghcr.io/nextcloud-releases/all-in-one:develop
|
||||
echo Waiting for 10 seconds for the development container to start ...
|
||||
sleep 10
|
||||
|
||||
|
||||
5
.github/workflows/update-helm.yml
vendored
5
.github/workflows/update-helm.yml
vendored
@@ -14,8 +14,11 @@ jobs:
|
||||
uses: actions/checkout@v4
|
||||
- name: update helm chart
|
||||
run: |
|
||||
DOCKER_TAG="$(curl -L -s 'https://registry.hub.docker.com/v2/repositories/nextcloud/all-in-one/tags?page_size=1024' | jq '."results"[]["name"]' | sed 's|"||g' | grep '^20[0-9_]\+' | grep -v latest | sort -r | head -1)"
|
||||
set -x
|
||||
GHCR_TOKEN="$(curl https://ghcr.io/token?scope=repository:nextcloud-releases/nce-php-fpm-mgmt:pull | jq '.token' | sed 's|"||g')"
|
||||
DOCKER_TAG="$(curl -H "Authorization: Bearer ${GHCR_TOKEN}" -L -s 'https://ghcr.io/v2/nextcloud-releases/all-in-one/tags/list?page_size=1024' | jq '.tags' | sed 's|"||g;s|[[:space:]]||g' | grep '^20[0-9_]\+' | grep -v latest | sort -r | head -1)"
|
||||
export DOCKER_TAG
|
||||
set +x
|
||||
if [ -n "$DOCKER_TAG" ] && ! grep -q "$DOCKER_TAG" ./nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml; then
|
||||
sudo bash nextcloud-aio-helm-chart/update-helm.sh "$DOCKER_TAG"
|
||||
fi
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
FROM haproxy:3.1.5-alpine
|
||||
FROM haproxy:3.1.6-alpine
|
||||
|
||||
# hadolint ignore=DL3002
|
||||
USER root
|
||||
|
||||
@@ -13,7 +13,7 @@ frontend http
|
||||
bind :::2375 v4v6
|
||||
http-request deny unless { src 127.0.0.1 } || { src ::1 } || { src NC_IPV4_PLACEHOLDER } || { src NC_IPV6_PLACEHOLDER }
|
||||
# docker system _ping
|
||||
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/_ping } METH_GET
|
||||
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/_ping$ } METH_GET
|
||||
# container inspect: GET containers/%s/json
|
||||
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/json } METH_GET
|
||||
# container inspect: GET containers/%s/logs
|
||||
@@ -38,19 +38,19 @@ frontend http
|
||||
# ACL to deny if there are any binds
|
||||
acl binds_present req.body -m reg -i "\"HostConfig\"\s*:.*\"Binds\"\s*:"
|
||||
# ACL to restrict the type of Mounts to volume
|
||||
acl type_not_volume req.body -m reg -i "\"Mounts\":\s*\[[^\]]*(\"Type\":\s*\"(?!volume\b)\w+\"[^\]]*)+\]"
|
||||
acl type_not_volume req.body -m reg -i "\"Mounts\"\s*:\s*\[[^\]]*(\"Type\"\s*:\s*\"(?!volume\b)\w+\"[^\]]*)+\]"
|
||||
http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/create } nc_app_container_name !one_mount_volume binds_present type_not_volume METH_POST
|
||||
|
||||
# ACL to restrict container creation, that it has HostConfig.Privileged not set
|
||||
acl no_privileged_flag req.body -m reg -i "\"HostConfig\":\s?{[^}]*\"Privileged\""
|
||||
# ACL to restrict container creation, that it has HostConfig.Privileged(by searching for "Privileged" word in all payload)
|
||||
acl no_privileged_flag req.body -m reg -i "\"Privileged\""
|
||||
# ACL to allow mount volume with strict pattern for name: nc_app_[a-zA-Z0-9_.-]+_data
|
||||
acl nc_app_volume_data_only req.body -m reg -i "\"Mounts\":\s?\[\s?{[^}]*\"Source\":\s?\"nc_app_[a-zA-Z0-9_.-]+_data\""
|
||||
acl nc_app_volume_data_only req.body -m reg -i "\"Mounts\"\s*:\s*\[\s*{[^}]*\"Source\"\s*:\s*\"nc_app_[a-zA-Z0-9_.-]+_data\""
|
||||
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/create } nc_app_container_name !no_privileged_flag nc_app_volume_data_only METH_POST
|
||||
# end of container create
|
||||
|
||||
# volume create: POST volumes/create
|
||||
# restrict name
|
||||
acl nc_app_volume_data req.body -m reg -i "\"Name\":\s?\"nc_app_[a-zA-Z0-9_.-]+_data\""
|
||||
acl nc_app_volume_data req.body -m reg -i "\"Name\"\s*:\s*\"nc_app_[a-zA-Z0-9_.-]+_data\""
|
||||
# do not allow to use "device" word e.g., "--opt device=:/path/to/dir"
|
||||
acl volume_no_device req.body -m reg -i "\"device\""
|
||||
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/volumes/create } nc_app_volume_data !volume_no_device METH_POST
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
# Docker CLI is a requirement
|
||||
FROM docker:28.0.1-cli AS docker
|
||||
FROM docker:28.0.2-cli AS docker
|
||||
|
||||
# Caddy is a requirement
|
||||
FROM caddy:2.9.1-alpine AS caddy
|
||||
|
||||
@@ -283,10 +283,10 @@ if [ "$?" = 6 ]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Check if auth.docker.io is reachable
|
||||
# Check if ghcr.io is reachable
|
||||
# Solves issues like https://github.com/nextcloud/all-in-one/discussions/5268
|
||||
if ! curl https://auth.docker.io/token 2>&1 | grep -q token; then
|
||||
print_red "Could not reach https://auth.docker.io."
|
||||
if ! curl https://ghcr.io &>/dev/null; then
|
||||
print_red "Could not reach https://ghcr.io."
|
||||
echo "Most likely is something blocking access to it."
|
||||
echo "You should be able to fix this by using https://github.com/nextcloud/all-in-one/tree/main/manual-install"
|
||||
exit 1
|
||||
|
||||
@@ -142,7 +142,7 @@ RUN set -ex; \
|
||||
echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \
|
||||
echo 'max_execution_time=${PHP_MAX_TIME}'; \
|
||||
echo 'max_input_time=${PHP_MAX_TIME}'; \
|
||||
echo 'default_socket_timeout=600'; \
|
||||
echo 'default_socket_timeout=${PHP_MAX_TIME}'; \
|
||||
} > /usr/local/etc/php/conf.d/nextcloud.ini; \
|
||||
\
|
||||
{ \
|
||||
|
||||
@@ -535,6 +535,13 @@ php /var/www/html/occ config:system:set upgrade.cli-upgrade-link --value="https:
|
||||
php /var/www/html/occ config:system:set logfile --value="/var/www/html/data/nextcloud.log"
|
||||
php /var/www/html/occ config:app:set admin_audit logfile --value="/var/www/html/data/audit.log"
|
||||
php /var/www/html/occ config:system:set updatedirectory --value="/nc-updater"
|
||||
if [ -n "$NEXTCLOUD_SKELETON_DIRECTORY" ]; then
|
||||
if [ "$NEXTCLOUD_SKELETON_DIRECTORY" = "empty" ]; then
|
||||
php /var/www/html/occ config:system:set skeletondirectory --value=""
|
||||
else
|
||||
php /var/www/html/occ config:system:set skeletondirectory --value="$NEXTCLOUD_SKELETON_DIRECTORY"
|
||||
fi
|
||||
fi
|
||||
if [ -n "$SERVERINFO_TOKEN" ] && [ -z "$(php /var/www/html/occ config:app:get serverinfo token)" ]; then
|
||||
php /var/www/html/occ config:app:set serverinfo token --value="$SERVERINFO_TOKEN"
|
||||
fi
|
||||
|
||||
12
community-containers/mollysocket/readme.md
Normal file
12
community-containers/mollysocket/readme.md
Normal file
@@ -0,0 +1,12 @@
|
||||
## MollySocket
|
||||
This container bundles MollySocket and auto-configures it for you.
|
||||
|
||||
### Notes
|
||||
- This container is only intended to be used over https behind a reverse proxy. You can You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) OR use the Caddy community container that will automatically configure mollysocket.$NC_DOMAIN to redirect to your MollySocket.
|
||||
- See [here](https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers) how to add it to the AIO stack.
|
||||
|
||||
### Repository
|
||||
https://github.com/mollyim/mollysocket
|
||||
|
||||
### Maintainer
|
||||
https://github.com/Anvil5465
|
||||
@@ -11,7 +11,7 @@ sudo docker run \
|
||||
--publish 8443:8443 \
|
||||
--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
|
||||
--volume /var/run/docker.sock:/var/run/docker.sock:ro \
|
||||
nextcloud/all-in-one:develop
|
||||
ghcr.io/nextcloud-releases/all-in-one:develop
|
||||
```
|
||||
And you are done :)
|
||||
It will now also select the developer channel for all other containers automatically.
|
||||
@@ -19,6 +19,9 @@ It will now also select the developer channel for all other containers automatic
|
||||
## How to publish new releases?
|
||||
Simply use https://github.com/nextcloud/all-in-one/issues/180 as template.
|
||||
|
||||
## How to update existing instances to a new major Nextcloud version?
|
||||
Simply use https://github.com/nextcloud/all-in-one/issues/6198 as template.
|
||||
|
||||
## How to build new containers
|
||||
Go to https://github.com/nextcloud-releases/all-in-one/actions/workflows/repo-sync.yml and run the workflow that will first sync the repo and then build new container that automatically get published to `develop` and `develop-arm64`.
|
||||
|
||||
|
||||
@@ -341,7 +341,7 @@ services:
|
||||
init: false
|
||||
healthcheck:
|
||||
start_period: 60s
|
||||
test: clamdcheck.sh
|
||||
test: /healthcheck.sh
|
||||
interval: 30s
|
||||
timeout: 30s
|
||||
start_interval: 5s
|
||||
@@ -351,7 +351,6 @@ services:
|
||||
environment:
|
||||
- TZ=${TIMEZONE}
|
||||
- MAX_SIZE=${NEXTCLOUD_UPLOAD_LIMIT}
|
||||
- CLAMD_STARTUP_TIMEOUT=90
|
||||
volumes:
|
||||
- nextcloud_aio_clamav:/var/lib/clamav:rw
|
||||
restart: unless-stopped
|
||||
@@ -359,9 +358,11 @@ services:
|
||||
- clamav
|
||||
read_only: true
|
||||
tmpfs:
|
||||
- /var/lock
|
||||
- /var/log/clamav
|
||||
- /tmp
|
||||
- /var/log/clamav
|
||||
- /run/clamav
|
||||
- /var/log/supervisord
|
||||
- /var/run/supervisord
|
||||
cap_drop:
|
||||
- NET_RAW
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
name: nextcloud-aio-helm-chart
|
||||
description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
|
||||
version: 10.7.0
|
||||
version: 10.9.0
|
||||
apiVersion: v2
|
||||
keywords:
|
||||
- latest
|
||||
|
||||
@@ -61,7 +61,7 @@ spec:
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
- name: WHITEBOARD_HOST
|
||||
value: nextcloud-aio-whiteboard
|
||||
image: nextcloud/aio-apache:20250306_093458
|
||||
image: nextcloud/aio-apache:20250325_084656
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -55,17 +55,15 @@ spec:
|
||||
{{- end }}
|
||||
containers:
|
||||
- env:
|
||||
- name: CLAMD_STARTUP_TIMEOUT
|
||||
value: "90"
|
||||
- name: MAX_SIZE
|
||||
value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: nextcloud/aio-clamav:20250306_093458
|
||||
image: nextcloud/aio-clamav:20250325_084656
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
- clamdcheck.sh
|
||||
- /healthcheck.sh
|
||||
failureThreshold: 9
|
||||
initialDelaySeconds: 60
|
||||
periodSeconds: 30
|
||||
@@ -73,7 +71,7 @@ spec:
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
- clamdcheck.sh
|
||||
- /healthcheck.sh
|
||||
failureThreshold: 9
|
||||
initialDelaySeconds: 60
|
||||
periodSeconds: 30
|
||||
|
||||
@@ -35,7 +35,7 @@ spec:
|
||||
value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
|
||||
- name: server_name
|
||||
value: "{{ .Values.NC_DOMAIN }}"
|
||||
image: nextcloud/aio-collabora:20250306_093458
|
||||
image: nextcloud/aio-collabora:20250325_084656
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -64,7 +64,7 @@ spec:
|
||||
value: nextcloud
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: nextcloud/aio-postgresql:20250306_093458
|
||||
image: nextcloud/aio-postgresql:20250325_084656
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -54,7 +54,7 @@ spec:
|
||||
value: basic
|
||||
- name: xpack.security.enabled
|
||||
value: "false"
|
||||
image: nextcloud/aio-fulltextsearch:20250306_093458
|
||||
image: nextcloud/aio-fulltextsearch:20250325_084656
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -38,7 +38,7 @@ spec:
|
||||
value: "{{ .Values.IMAGINARY_SECRET }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: nextcloud/aio-imaginary:20250306_093458
|
||||
image: nextcloud/aio-imaginary:20250325_084656
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -180,7 +180,7 @@ spec:
|
||||
value: "{{ .Values.WHITEBOARD_ENABLED }}"
|
||||
- name: WHITEBOARD_SECRET
|
||||
value: "{{ .Values.WHITEBOARD_SECRET }}"
|
||||
image: nextcloud/aio-nextcloud:20250306_093458
|
||||
image: nextcloud/aio-nextcloud:20250325_084656
|
||||
{{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
|
||||
securityContext:
|
||||
# The items below only work in container context
|
||||
|
||||
@@ -55,7 +55,7 @@ spec:
|
||||
value: "{{ .Values.REDIS_PASSWORD }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: nextcloud/aio-notify-push:20250306_093458
|
||||
image: nextcloud/aio-notify-push:20250325_084656
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -42,7 +42,7 @@ spec:
|
||||
value: "{{ .Values.ONLYOFFICE_SECRET }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: nextcloud/aio-onlyoffice:20250306_093458
|
||||
image: nextcloud/aio-onlyoffice:20250325_084656
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -39,7 +39,7 @@ spec:
|
||||
value: "{{ .Values.REDIS_PASSWORD }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: nextcloud/aio-redis:20250306_093458
|
||||
image: nextcloud/aio-redis:20250325_084656
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -52,7 +52,7 @@ spec:
|
||||
value: "{{ .Values.TURN_SECRET }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: nextcloud/aio-talk:20250306_093458
|
||||
image: nextcloud/aio-talk:20250325_084656
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -44,7 +44,7 @@ spec:
|
||||
value: "{{ .Values.RECORDING_SECRET }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: nextcloud/aio-talk-recording:20250306_093458
|
||||
image: nextcloud/aio-talk-recording:20250325_084656
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -48,7 +48,7 @@ spec:
|
||||
value: redis
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: nextcloud/aio-whiteboard:20250306_093458
|
||||
image: nextcloud/aio-whiteboard:20250325_084656
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -302,6 +302,8 @@ cat << EOL > /tmp/additional.config
|
||||
value: "{{ .Values.SERVERINFO_TOKEN }}"
|
||||
- name: NEXTCLOUD_DEFAULT_QUOTA
|
||||
value: "{{ .Values.NEXTCLOUD_DEFAULT_QUOTA }}"
|
||||
- name: NEXTCLOUD_SKELETON_DIRECTORY
|
||||
value: "{{ .Values.NEXTCLOUD_SKELETON_DIRECTORY | default "" }}"
|
||||
- name: NEXTCLOUD_MAINTENANCE_WINDOW
|
||||
value: "{{ .Values.NEXTCLOUD_MAINTENANCE_WINDOW }}"
|
||||
EOL
|
||||
@@ -414,6 +416,7 @@ APPS_ALLOWLIST: # This allows to configure allowed apps that will be show
|
||||
ADDITIONAL_TRUSTED_PROXY: # Allows to add one additional ip-address to Nextcloud's trusted proxies and to the Office WOPI-allowlist automatically. Set it e.g. like this: 'your.public.ip-address'. You can also use an ip-range here.
|
||||
ADDITIONAL_TRUSTED_DOMAIN: # Allows to add one domain to Nextcloud's trusted domains and also generates a certificate automatically for it
|
||||
NEXTCLOUD_DEFAULT_QUOTA: "10 GB" # Allows to adjust the default quota that will be taken into account in Nextcloud for new users. Setting it to "unlimited" will set it to unlimited
|
||||
NEXTCLOUD_SKELETON_DIRECTORY: # Allows to adjust the sekeleton dir for Nextcloud. Setting it to "empty" will set the value to an empty string "" which will turn off the setting for new users in Nextcloud.
|
||||
NEXTCLOUD_MAINTENANCE_WINDOW: # Allows to define the maintenance window for Nextcloud. See https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/background_jobs_configuration.html#parameters for possible values
|
||||
SMTP_HOST: # (empty by default): The hostname of the SMTP server.
|
||||
SMTP_SECURE: # (empty by default): Set to 'ssl' to use SSL, or 'tls' to use STARTTLS.
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
"nextcloud-aio-whiteboard"
|
||||
],
|
||||
"display_name": "Apache",
|
||||
"image": "nextcloud/aio-apache",
|
||||
"image": "ghcr.io/nextcloud-releases/aio-apache",
|
||||
"user": "33",
|
||||
"init": true,
|
||||
"healthcheck": {
|
||||
@@ -84,7 +84,7 @@
|
||||
"container_name": "nextcloud-aio-database",
|
||||
"image_tag": "%AIO_CHANNEL%",
|
||||
"display_name": "Database",
|
||||
"image": "nextcloud/aio-postgresql",
|
||||
"image": "ghcr.io/nextcloud-releases/aio-postgresql",
|
||||
"user": "999",
|
||||
"init": true,
|
||||
"healthcheck": {
|
||||
@@ -149,7 +149,7 @@
|
||||
"nextcloud-aio-docker-socket-proxy"
|
||||
],
|
||||
"display_name": "Nextcloud",
|
||||
"image": "nextcloud/aio-nextcloud",
|
||||
"image": "ghcr.io/nextcloud-releases/aio-nextcloud",
|
||||
"init": true,
|
||||
"healthcheck": {
|
||||
"start_period": "0s",
|
||||
@@ -271,7 +271,7 @@
|
||||
"container_name": "nextcloud-aio-notify-push",
|
||||
"image_tag": "%AIO_CHANNEL%",
|
||||
"display_name": "Notify Push",
|
||||
"image": "nextcloud/aio-notify-push",
|
||||
"image": "ghcr.io/nextcloud-releases/aio-notify-push",
|
||||
"user": "33",
|
||||
"init": true,
|
||||
"healthcheck": {
|
||||
@@ -319,7 +319,7 @@
|
||||
"container_name": "nextcloud-aio-redis",
|
||||
"image_tag": "%AIO_CHANNEL%",
|
||||
"display_name": "Redis",
|
||||
"image": "nextcloud/aio-redis",
|
||||
"image": "ghcr.io/nextcloud-releases/aio-redis",
|
||||
"user": "999",
|
||||
"init": true,
|
||||
"healthcheck": {
|
||||
@@ -361,7 +361,7 @@
|
||||
"image_tag": "%AIO_CHANNEL%",
|
||||
"documentation": "https://github.com/nextcloud/all-in-one/discussions/1358",
|
||||
"display_name": "Collabora",
|
||||
"image": "nextcloud/aio-collabora",
|
||||
"image": "ghcr.io/nextcloud-releases/aio-collabora",
|
||||
"init": true,
|
||||
"healthcheck": {
|
||||
"start_period": "60s",
|
||||
@@ -404,7 +404,7 @@
|
||||
"image_tag": "%AIO_CHANNEL%",
|
||||
"documentation": "https://github.com/nextcloud/all-in-one/discussions/1358",
|
||||
"display_name": "Talk",
|
||||
"image": "nextcloud/aio-talk",
|
||||
"image": "ghcr.io/nextcloud-releases/aio-talk",
|
||||
"user": "1000",
|
||||
"init": true,
|
||||
"healthcheck": {
|
||||
@@ -466,7 +466,7 @@
|
||||
"container_name": "nextcloud-aio-talk-recording",
|
||||
"image_tag": "%AIO_CHANNEL%",
|
||||
"display_name": "Talk Recording",
|
||||
"image": "nextcloud/aio-talk-recording",
|
||||
"image": "ghcr.io/nextcloud-releases/aio-talk-recording",
|
||||
"user": "122",
|
||||
"init": true,
|
||||
"healthcheck": {
|
||||
@@ -518,7 +518,7 @@
|
||||
{
|
||||
"container_name": "nextcloud-aio-borgbackup",
|
||||
"image_tag": "%AIO_CHANNEL%",
|
||||
"image": "nextcloud/aio-borgbackup",
|
||||
"image": "ghcr.io/nextcloud-releases/aio-borgbackup",
|
||||
"init": true,
|
||||
"environment": [
|
||||
"BORG_REMOTE_REPO=%BORGBACKUP_REMOTE_REPO%",
|
||||
@@ -586,7 +586,7 @@
|
||||
{
|
||||
"container_name": "nextcloud-aio-watchtower",
|
||||
"image_tag": "%AIO_CHANNEL%",
|
||||
"image": "nextcloud/aio-watchtower",
|
||||
"image": "ghcr.io/nextcloud-releases/aio-watchtower",
|
||||
"init": true,
|
||||
"environment": [
|
||||
"CONTAINER_TO_UPDATE=nextcloud-aio-mastercontainer"
|
||||
@@ -606,7 +606,7 @@
|
||||
{
|
||||
"container_name": "nextcloud-aio-domaincheck",
|
||||
"image_tag": "%AIO_CHANNEL%",
|
||||
"image": "nextcloud/aio-domaincheck",
|
||||
"image": "ghcr.io/nextcloud-releases/aio-domaincheck",
|
||||
"init": true,
|
||||
"ports": [
|
||||
{
|
||||
@@ -637,7 +637,7 @@
|
||||
"container_name": "nextcloud-aio-clamav",
|
||||
"image_tag": "%AIO_CHANNEL%",
|
||||
"display_name": "ClamAV",
|
||||
"image": "nextcloud/aio-clamav",
|
||||
"image": "ghcr.io/nextcloud-releases/aio-clamav",
|
||||
"user": "100",
|
||||
"init": false,
|
||||
"healthcheck": {
|
||||
@@ -683,7 +683,7 @@
|
||||
"container_name": "nextcloud-aio-onlyoffice",
|
||||
"image_tag": "%AIO_CHANNEL%",
|
||||
"display_name": "OnlyOffice",
|
||||
"image": "nextcloud/aio-onlyoffice",
|
||||
"image": "ghcr.io/nextcloud-releases/aio-onlyoffice",
|
||||
"init": true,
|
||||
"healthcheck": {
|
||||
"start_period": "60s",
|
||||
@@ -729,7 +729,7 @@
|
||||
"container_name": "nextcloud-aio-imaginary",
|
||||
"image_tag": "%AIO_CHANNEL%",
|
||||
"display_name": "Imaginary",
|
||||
"image": "nextcloud/aio-imaginary",
|
||||
"image": "ghcr.io/nextcloud-releases/aio-imaginary",
|
||||
"user": "65534",
|
||||
"init": true,
|
||||
"healthcheck": {
|
||||
@@ -771,7 +771,7 @@
|
||||
"image_tag": "%AIO_CHANNEL%",
|
||||
"documentation": "https://github.com/nextcloud/all-in-one/discussions/1709",
|
||||
"display_name": "Fulltextsearch",
|
||||
"image": "nextcloud/aio-fulltextsearch",
|
||||
"image": "ghcr.io/nextcloud-releases/aio-fulltextsearch",
|
||||
"init": false,
|
||||
"healthcheck": {
|
||||
"start_period": "60s",
|
||||
@@ -819,7 +819,7 @@
|
||||
"container_name": "nextcloud-aio-docker-socket-proxy",
|
||||
"image_tag": "%AIO_CHANNEL%",
|
||||
"display_name": "Docker Socket Proxy",
|
||||
"image": "nextcloud/aio-docker-socket-proxy",
|
||||
"image": "ghcr.io/nextcloud-releases/aio-docker-socket-proxy",
|
||||
"init": true,
|
||||
"internal_port": "2375",
|
||||
"environment": [
|
||||
@@ -845,7 +845,7 @@
|
||||
"container_name": "nextcloud-aio-whiteboard",
|
||||
"image_tag": "%AIO_CHANNEL%",
|
||||
"display_name": "Whiteboard",
|
||||
"image": "nextcloud/aio-whiteboard",
|
||||
"image": "ghcr.io/nextcloud-releases/aio-whiteboard",
|
||||
"user": "65534",
|
||||
"init": true,
|
||||
"healthcheck": {
|
||||
|
||||
@@ -742,6 +742,33 @@ readonly class DockerActionManager {
|
||||
}
|
||||
}
|
||||
|
||||
private function GetCurrentImageName(): string {
|
||||
$cacheKey = 'aio-image-name';
|
||||
$imageName = apcu_fetch($cacheKey);
|
||||
if ($imageName !== false && is_string($imageName)) {
|
||||
return $imageName;
|
||||
}
|
||||
|
||||
$containerName = 'nextcloud-aio-mastercontainer';
|
||||
$url = $this->BuildApiUrl(sprintf('containers/%s/json', $containerName));
|
||||
try {
|
||||
$output = json_decode($this->guzzleClient->get($url)->getBody()->getContents(), true);
|
||||
$imageNameArray = explode(':', $output['Config']['Image']);
|
||||
if (count($imageNameArray) === 2) {
|
||||
$imageName = $imageNameArray[0];
|
||||
} else {
|
||||
error_log("No tag was found when getting the current channel. You probably did not follow the documentation correctly. Changing the imageName to the default " . $output['Config']['Image']);
|
||||
$imageName = $output['Config']['Image'];
|
||||
}
|
||||
apcu_add($cacheKey, $imageName);
|
||||
return $imageName;
|
||||
} catch (\Exception $e) {
|
||||
error_log('Could not get current imageName ' . $e->getMessage());
|
||||
}
|
||||
|
||||
return 'nextcloud/all-in-one';
|
||||
}
|
||||
|
||||
public function GetCurrentChannel(): string {
|
||||
$cacheKey = 'aio-ChannelName';
|
||||
$channelName = apcu_fetch($cacheKey);
|
||||
@@ -753,7 +780,6 @@ readonly class DockerActionManager {
|
||||
$url = $this->BuildApiUrl(sprintf('containers/%s/json', $containerName));
|
||||
try {
|
||||
$output = json_decode($this->guzzleClient->get($url)->getBody()->getContents(), true);
|
||||
$containerChecksum = $output['Image'];
|
||||
$tagArray = explode(':', $output['Config']['Image']);
|
||||
if (count($tagArray) === 2) {
|
||||
$tag = $tagArray[1];
|
||||
@@ -771,7 +797,7 @@ readonly class DockerActionManager {
|
||||
}
|
||||
|
||||
public function IsMastercontainerUpdateAvailable(): bool {
|
||||
$imageName = 'nextcloud/all-in-one';
|
||||
$imageName = $this->GetCurrentImageName();
|
||||
$containerName = 'nextcloud-aio-mastercontainer';
|
||||
|
||||
$tag = $this->GetCurrentChannel();
|
||||
|
||||
@@ -17,7 +17,7 @@
|
||||
|
||||
<div class="container">
|
||||
<main>
|
||||
<h1>Nextcloud AIO v10.9.0</h1>
|
||||
<h1>Nextcloud AIO v10.10.0</h1>
|
||||
|
||||
{# Add 2nd tab warning #}
|
||||
<script type="text/javascript" src="second-tab-warning.js"></script>
|
||||
|
||||
@@ -486,6 +486,9 @@ In certain situations you might want to keep Nextcloud apps that are disabled in
|
||||
> Doing this might cause unintended problems in Nextcloud if an app that requires an external dependency is still installed but the external dependency not for example.
|
||||
|
||||
### How to trust user-defined Certification Authorities (CA)?
|
||||
> [!NOTE]
|
||||
> Please note, that this feature is only intended to make LDAPS connections with self-signed certificates work. It will not make other interconnectivity between the different containers work, as they expect a valid publicly trusted certificate like one from Let's Encrypt.
|
||||
|
||||
For some applications it might be necessary to establish a secure connection to another host/server which is using a certificate issued by a Certification Authority that is not trusted out of the box. An example could be configuring LDAPS against a domain controller (Active Directory or Samba-based) of an organization.
|
||||
|
||||
You can make the Nextcloud container trust any Certification Authority by providing the environmental variable `NEXTCLOUD_TRUSTED_CACERTS_DIR` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). The value of the variables should be set to the absolute paths of the directory on the host, which contains one or more Certification Authorities certificates. You should use X.509 certificates, Base64 encoded. (Other formats may work but have not been tested!) All the certificates in the directory will be trusted.
|
||||
|
||||
Reference in New Issue
Block a user