increase to 2.1.1

Signed-off-by: szaimen <szaimen@e.mail.de>

Containers/apache/Dockerfile

@@ -46,6 +46,10 @@ RUN rm /etc/apache2/ports.conf; \
 RUN set -ex; \
     a2dissite 000-default && \
     a2dissite default-ssl && \
+    rm -f /etc/apache2/sites-enabled/000-default.conf && \
+    rm -f /etc/apache2/sites-enabled/default-ssl.conf && \
+    rm /etc/apache2/sites-available/000-default.conf && \
+    rm /etc/apache2/sites-available/default-ssl.conf && \
     a2ensite nextcloud.conf && \
     rm -rf /var/www/html/* && \
     chown www-data:www-data -R /var/log/apache2; \

Containers/apache/nextcloud.conf

@@ -1,5 +1,7 @@
 Listen 8000
 <VirtualHost *:8000>
+    ServerName localhost
+
     # Add error log
     CustomLog ${APACHE_LOG_DIR}/access.log combined
     ErrorLog ${APACHE_LOG_DIR}/error.log

Containers/mastercontainer/Dockerfile

@@ -5,7 +5,7 @@ FROM docker:20.10.21-dind-alpine3.16 as dind
 FROM caddy:2.6.2-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.0/bullseye/apache/Dockerfile
-FROM php:8.0.24-apache-bullseye
+FROM php:8.0.25-apache-bullseye
 
 EXPOSE 80
 EXPOSE 8080
@@ -52,7 +52,7 @@ RUN set -e && \
     cd ..; \
     rm -f /usr/local/bin/composer; \
     chmod 770 -R ./; \
-    chown www-data:www-data -R ./; \
+    chown www-data:www-data -R /var/www; \
     rm -r ./php/data; \
     rm -r ./php/session
 
@@ -76,8 +76,13 @@ RUN rm /etc/apache2/ports.conf; \
     sed -s -i -e "s/Include ports.conf//" /etc/apache2/apache2.conf; \
     sed -i "/^Listen /d" /etc/apache2/apache2.conf
 
-RUN a2dissite 000-default && \
+RUN set -ex; \
+    a2dissite 000-default && \
     a2dissite default-ssl && \
+    rm -f /etc/apache2/sites-enabled/000-default.conf && \
+    rm -f /etc/apache2/sites-enabled/default-ssl.conf && \
+    rm /etc/apache2/sites-available/000-default.conf && \
+    rm /etc/apache2/sites-available/default-ssl.conf && \
     a2ensite mastercontainer.conf
 
 RUN mkdir /var/log/supervisord; \

Containers/mastercontainer/mastercontainer.conf

@@ -11,6 +11,8 @@ ErrorLog ${APACHE_LOG_DIR}/error.log
 
 # Http host
 <VirtualHost *:8000>
+    ServerName localhost
+
     # PHP match
     <FilesMatch "\.php$">
         SetHandler application/x-httpd-php

Containers/mastercontainer/supervisord.conf

@@ -1,26 +1,28 @@
 [supervisord]
 nodaemon=true
-nodaemon=true
 logfile=/var/log/supervisord/supervisord.log
 pidfile=/var/run/supervisord/supervisord.pid
 childlogdir=/var/log/supervisord/
 logfile_maxbytes=50MB                           
 logfile_backups=10                 
 loglevel=error
+user=root
 
 [program:apache]
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
+# stdout_logfile=/dev/stdout
+# stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=apache2-foreground
+user=root
 
 [program:caddy]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=sudo -u www-data /usr/bin/caddy run --config /Caddyfile
+command=/usr/bin/caddy run --config /Caddyfile
+user=www-data
 
 [program:cron]
 stdout_logfile=/dev/stdout
@@ -35,6 +37,7 @@ stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=/backup-time-file-watcher.sh
+user=root
 
 [program:session-deduplicator]
 stdout_logfile=/dev/stdout
@@ -42,3 +45,4 @@ stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=/session-deduplicator.sh
+user=root

Containers/nextcloud/Dockerfile

@@ -1,5 +1,5 @@
 # From https://github.com/nextcloud/docker/blob/master/23/fpm-alpine/Dockerfile
-FROM php:8.0.24-fpm-alpine3.16
+FROM php:8.0.25-fpm-alpine3.16
 
 # Custom: change id of www-data user as it needs to be the same like on old installations
 RUN set -ex; \

Containers/nextcloud/notify.sh

@@ -1,23 +1,25 @@
 #!/bin/bash
 
 if [[ "$EUID" = 0 ]]; then
-    sudo -u www-data -s -E
+    COMMAND=(sudo -E -u www-data php /var/www/html/occ)
+else
+    COMMAND=(php /var/www/html/occ)
 fi
 
 SUBJECT="$1"
 MESSAGE="$2"
 
-if [ "$(php /var/www/html/occ config:app:get notifications enabled)" = "no" ]; then
+if [ "$("${COMMAND[@]}" config:app:get notifications enabled)" = "no" ]; then
     echo "Cannot send notification as notification app is not enabled."
     exit 1
 fi
 
 echo "Posting notifications to users that are admins..."
-NC_USERS=$(php /var/www/html/occ user:list | sed 's|^  - ||g' | sed 's|:.*||')
+NC_USERS=$("${COMMAND[@]}" user:list | sed 's|^  - ||g' | sed 's|:.*||')
 mapfile -t NC_USERS <<< "$NC_USERS"
 for user in "${NC_USERS[@]}"
 do
-    if php /var/www/html/occ user:info "$user" | cut -d "-" -f2 | grep -x -q " admin"
+    if "${COMMAND[@]}" user:info "$user" | cut -d "-" -f2 | grep -x -q " admin"
     then
         NC_ADMIN_USER+=("$user")
     fi
@@ -26,7 +28,7 @@ done
 for admin in "${NC_ADMIN_USER[@]}"
 do
     echo "Posting '$SUBJECT' to: $admin"
-    php /var/www/html/occ notification:generate "$admin" "$NC_DOMAIN: $SUBJECT" -l "$MESSAGE"
+    "${COMMAND[@]}" notification:generate "$admin" "$NC_DOMAIN: $SUBJECT" -l "$MESSAGE"
 done
 
 echo "Done!"

Containers/nextcloud/supervisord.conf

@@ -7,13 +7,15 @@ childlogdir=/var/log/supervisord/
 logfile_maxbytes=50MB                           ; maximum size of logfile before rotation
 logfile_backups=10                              ; number of backed up logfiles
 loglevel=error
+user=root
 
 [program:php-fpm]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
+# stderr_logfile=/dev/stderr
+# stderr_logfile_maxbytes=0
 command=php-fpm
+user=root
 
 [program:cron]
 stdout_logfile=/dev/stdout

php/psalm-baseline.xml

@@ -30,12 +30,6 @@
       <code>$args</code>
       <code>$args</code>
     </MissingParamType>
-    <PossiblyInvalidArrayAccess occurrences="1">
-      <code>$request-&gt;getParsedBody()['selected_restore_time']</code>
-    </PossiblyInvalidArrayAccess>
-    <PossiblyNullArrayAccess occurrences="1">
-      <code>$request-&gt;getParsedBody()['selected_restore_time']</code>
-    </PossiblyNullArrayAccess>
   </file>
   <file src="src/Controller/LoginController.php">
     <MissingParamType occurrences="3">
@@ -43,15 +37,6 @@
       <code>$args</code>
       <code>$args</code>
     </MissingParamType>
-    <PossiblyInvalidArrayAccess occurrences="1">
-      <code>$request-&gt;getParsedBody()['password']</code>
-    </PossiblyInvalidArrayAccess>
-    <PossiblyNullArgument occurrences="1">
-      <code>$password</code>
-    </PossiblyNullArgument>
-    <PossiblyNullArrayAccess occurrences="1">
-      <code>$request-&gt;getParsedBody()['password']</code>
-    </PossiblyNullArrayAccess>
   </file>
   <file src="src/Docker/DockerActionManager.php">
     <InvalidReturnType occurrences="1">
@@ -64,11 +49,6 @@
       <code>$container-&gt;GetInternalPorts() !== null</code>
     </RedundantCondition>
   </file>
-  <file src="src/Middleware/AuthMiddleware.php">
-    <UndefinedInterfaceMethod occurrences="1">
-      <code>withStatus</code>
-    </UndefinedInterfaceMethod>
-  </file>
   <file src="src/Twig/ClassExtension.php">
     <MissingParamType occurrences="1">
       <code>$object</code>

php/templates/containers.twig

@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v2.1.0</h1>
+        <h1>Nextcloud AIO v2.1.1</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

reverse-proxy.md

@@ -236,13 +236,29 @@ Of course you need to modify `<your-nc-domain>` to the domain on which you want
 Add this to you nginx config:
 
 ```
+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    '' close;
+}
+
 server {
-    listen 443 ssl;
+    listen 80;
+#    listen [::]:80;            # uncomment to use IPv6
+
+    if ($scheme = "http") {
+        return 301 https://$host$request_uri;
+    }
+
+    listen 443 ssl http2;
+#    listen [::]:443 ssl http2; # uncomment to use IPv6
+
     server_name <your-nc-domain>;
+
     location / {
         proxy_pass http://localhost:11000$request_uri;
-        proxy_set_header X-Real-IP $remote_addr;
+
         proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         client_max_body_size 0;
 
@@ -251,23 +267,20 @@ server {
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection $connection_upgrade;
     }
-    ssl_certificate /etc/letsencrypt/live/<your-nc-domain>/fullchain.pem; # managed by certbot on host machine
+
+    ssl_certificate /etc/letsencrypt/live/<your-nc-domain>/fullchain.pem;   # managed by certbot on host machine
     ssl_certificate_key /etc/letsencrypt/live/<your-nc-domain>/privkey.pem; # managed by certbot on host machine
+
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
+    ssl_session_tickets off;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;
 }
 
 ```
-and this to the http{...}-section in your nginx.conf:
-
-```
-    ##
-    # Connection header for WebSocket reverse proxy
-    ##
-    map $http_upgrade $connection_upgrade {
-        default upgrade;
-        ''      close;
-    }
-```
-(otherwise nginx will fail to start with a message saying the variable named connection_upgrade does not exist)
     
 Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)