mirror of
https://github.com/nextcloud/all-in-one.git
synced 2026-05-21 10:50:10 +00:00
Compare commits
55 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
bcdb692dd1 | ||
|
|
ac7c7b19d8 | ||
|
|
d8de7e0765 | ||
|
|
cf8d3dd437 | ||
|
|
3eb3a9ff9f | ||
|
|
73b4c2d3ea | ||
|
|
d7a174615c | ||
|
|
e2f92a30c6 | ||
|
|
e28aef0c6a | ||
|
|
8a0c495d4d | ||
|
|
70eefd1f0d | ||
|
|
457644dc52 | ||
|
|
3f22ec8b4d | ||
|
|
85e3172d7f | ||
|
|
c9f2d260f1 | ||
|
|
6506594155 | ||
|
|
491693f402 | ||
|
|
2c546fd5be | ||
|
|
9e8cab8eec | ||
|
|
d686d3eae0 | ||
|
|
7c9cbdc121 | ||
|
|
f8457a2830 | ||
|
|
6a86209451 | ||
|
|
ea5219f40d | ||
|
|
f2154bf2b7 | ||
|
|
fc1d8e0b32 | ||
|
|
9e9e991cb6 | ||
|
|
c2444912b8 | ||
|
|
e85c43d075 | ||
|
|
66851eda8f | ||
|
|
93bd1ce2ee | ||
|
|
c3d3a29c6b | ||
|
|
cad3b0968a | ||
|
|
a2585fffe4 | ||
|
|
b8930bc577 | ||
|
|
e0a7ca3656 | ||
|
|
dfc2d9798e | ||
|
|
403cc5cae7 | ||
|
|
f4e471e002 | ||
|
|
a8ac8a8c00 | ||
|
|
ef4835fcef | ||
|
|
00293d3ac0 | ||
|
|
7058cf2090 | ||
|
|
342a3b8b8f | ||
|
|
98a32b1ccf | ||
|
|
78db980b2f | ||
|
|
31ca661345 | ||
|
|
e97aa44fe4 | ||
|
|
f97bfc7dd1 | ||
|
|
758bc8b3ff | ||
|
|
5ab67cea1e | ||
|
|
4fd365764c | ||
|
|
a57185a34b | ||
|
|
60399acbc7 | ||
|
|
6d2d054328 |
@@ -3,6 +3,7 @@ FROM alpine:3.17.2
|
||||
RUN set -ex; \
|
||||
\
|
||||
apk add --no-cache \
|
||||
util-linux-misc \
|
||||
bash \
|
||||
borgbackup \
|
||||
rsync \
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
|
||||
FROM collabora/code:22.05.10.1.1
|
||||
FROM collabora/code:22.05.10.2.1
|
||||
|
||||
USER root
|
||||
|
||||
|
||||
@@ -11,10 +11,5 @@ RUN set -ex; \
|
||||
; \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
COPY start.sh /
|
||||
|
||||
RUN chmod +x /start.sh
|
||||
ENTRYPOINT ["/bin/tini", "--", "/start.sh"]
|
||||
|
||||
HEALTHCHECK CMD nc -z localhost 9200 || exit 1
|
||||
LABEL com.centurylinklabs.watchtower.monitor-only="true"
|
||||
|
||||
@@ -1,18 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Only start container if database is accessible (needed for backup to work correctly)
|
||||
while ! nc -z "$POSTGRES_HOST" 5432; do
|
||||
echo "Waiting for database to start..."
|
||||
sleep 5
|
||||
done
|
||||
|
||||
# Show wiki if vm.max_map_count is too low
|
||||
if [ "$(sysctl -n vm.max_map_count)" -le 65530 ]; then
|
||||
echo "max_map_count is too low and needs to be adjusted."
|
||||
echo "See https://github.com/nextcloud/all-in-one/discussions/1775 how to change max_map_count"
|
||||
fi
|
||||
|
||||
# Run initial entrypoint
|
||||
/usr/local/bin/docker-entrypoint.sh
|
||||
|
||||
exec "$@"
|
||||
@@ -18,16 +18,13 @@ EXPOSE 80
|
||||
EXPOSE 8080
|
||||
EXPOSE 8443
|
||||
|
||||
RUN mkdir -p /mnt/docker-aio-config/;
|
||||
|
||||
VOLUME /mnt/docker-aio-config/
|
||||
|
||||
RUN mkdir -p /var/www/docker-aio;
|
||||
|
||||
WORKDIR /var/www/docker-aio
|
||||
|
||||
RUN set -ex; \
|
||||
apk add --no-cache \
|
||||
util-linux-misc \
|
||||
ca-certificates \
|
||||
wget \
|
||||
tzdata \
|
||||
|
||||
@@ -47,8 +47,13 @@ while true; do
|
||||
# Remove sessions older than 24h
|
||||
find "/mnt/docker-aio-config/session/" -mindepth 1 -mmin +1440 -delete
|
||||
|
||||
# Remove nextcloud-aio-domaincheck container
|
||||
if sudo -u www-data docker ps --format "{{.Names}}" --filter "status=exited" | grep -q "^nextcloud-aio-domaincheck$"; then
|
||||
sudo -u www-data docker container remove nextcloud-aio-domaincheck
|
||||
fi
|
||||
|
||||
# Remove dangling images
|
||||
sudo -u www-data docker image prune -f
|
||||
sudo -u www-data docker image prune --force
|
||||
|
||||
# Wait 60s so that the whole loop will not be executed again
|
||||
sleep 60
|
||||
|
||||
@@ -38,9 +38,10 @@ if [ "$AUTOMATIC_UPDATES" = 1 ]; then
|
||||
fi
|
||||
|
||||
# Wait for watchtower to stop
|
||||
if [ "$AUTOMATIC_UPDATES" = 1 ] && ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; then
|
||||
echo "Something seems to be wrong: Watchtower should be started at this step."
|
||||
else
|
||||
if [ "$AUTOMATIC_UPDATES" = 1 ]; then
|
||||
if ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; then
|
||||
echo "Something seems to be wrong: Watchtower should be started at this step."
|
||||
fi
|
||||
while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; do
|
||||
echo "Waiting for watchtower to stop"
|
||||
sleep 30
|
||||
@@ -58,6 +59,13 @@ fi
|
||||
if [ "$DAILY_BACKUP" = 1 ]; then
|
||||
echo "Creating daily backup..."
|
||||
sudo -u www-data php /var/www/docker-aio/php/src/Cron/CreateBackup.php
|
||||
if ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-borgbackup$"; then
|
||||
echo "Something seems to be wrong: the borg container should be started at this step."
|
||||
fi
|
||||
while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-borgbackup$"; do
|
||||
echo "Waiting for backup container to stop"
|
||||
sleep 30
|
||||
done
|
||||
fi
|
||||
|
||||
# Execute backup check
|
||||
|
||||
@@ -116,7 +116,7 @@ RUN { \
|
||||
|
||||
VOLUME /var/www/html
|
||||
|
||||
ENV NEXTCLOUD_VERSION 25.0.3
|
||||
ENV NEXTCLOUD_VERSION 25.0.4
|
||||
|
||||
RUN set -ex; \
|
||||
apk add --no-cache --virtual .fetch-deps \
|
||||
|
||||
@@ -215,19 +215,21 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
|
||||
# Try to force generation of appdata dir:
|
||||
php /var/www/html/occ maintenance:repair
|
||||
|
||||
max_retries=10
|
||||
try=0
|
||||
while [ -z "$(find "$NEXTCLOUD_DATA_DIR/" -maxdepth 1 -mindepth 1 -type d -name "appdata_*")" ] && [ "$try" -lt "$max_retries" ]; do
|
||||
echo "Waiting for appdata to become available..."
|
||||
try=$((try+1))
|
||||
sleep 10s
|
||||
done
|
||||
if [ -z "$OBJECTSTORE_S3_BUCKET" ] && [ -z "$OBJECTSTORE_SWIFT_URL" ]; then
|
||||
max_retries=10
|
||||
try=0
|
||||
while [ -z "$(find "$NEXTCLOUD_DATA_DIR/" -maxdepth 1 -mindepth 1 -type d -name "appdata_*")" ] && [ "$try" -lt "$max_retries" ]; do
|
||||
echo "Waiting for appdata to become available..."
|
||||
try=$((try+1))
|
||||
sleep 10s
|
||||
done
|
||||
|
||||
if [ "$try" -ge "$max_retries" ]; then
|
||||
echo "Installation of Nextcloud failed!"
|
||||
echo "Install errors: $(cat /var/www/html/data/nextcloud.log)"
|
||||
touch "$NEXTCLOUD_DATA_DIR/install.failed"
|
||||
exit 1
|
||||
if [ "$try" -ge "$max_retries" ]; then
|
||||
echo "Installation of Nextcloud failed!"
|
||||
echo "Install errors: $(cat /var/www/html/data/nextcloud.log)"
|
||||
touch "$NEXTCLOUD_DATA_DIR/install.failed"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
# unset admin password
|
||||
@@ -357,18 +359,18 @@ else
|
||||
SKIP_UPDATE=1
|
||||
fi
|
||||
|
||||
# Check if appdata is present
|
||||
# If not, something broke (e.g. changing ncdatadir after aio was first started)
|
||||
if [ -z "$(find "$NEXTCLOUD_DATA_DIR/" -maxdepth 1 -mindepth 1 -type d -name "appdata_*")" ]; then
|
||||
echo "Appdata is not present. Did you maybe change the datadir after aio was first started?"
|
||||
echo "See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir"
|
||||
echo "In the datadir was found:"
|
||||
ls -la "$NEXTCLOUD_DATA_DIR/"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Configure tempdirectory
|
||||
if [ -z "$OBJECTSTORE_S3_BUCKET" ] && [ -z "$OBJECTSTORE_SWIFT_URL" ]; then
|
||||
# Check if appdata is present
|
||||
# If not, something broke (e.g. changing ncdatadir after aio was first started)
|
||||
if [ -z "$(find "$NEXTCLOUD_DATA_DIR/" -maxdepth 1 -mindepth 1 -type d -name "appdata_*")" ]; then
|
||||
echo "Appdata is not present. Did you maybe change the datadir after aio was first started?"
|
||||
echo "See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir"
|
||||
echo "In the datadir was found:"
|
||||
ls -la "$NEXTCLOUD_DATA_DIR/"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Configure tempdirectory
|
||||
mkdir -p "$NEXTCLOUD_DATA_DIR/tmp/"
|
||||
if ! grep -q upload_tmp_dir /usr/local/etc/php/conf.d/nextcloud.ini; then
|
||||
echo "upload_tmp_dir = $NEXTCLOUD_DATA_DIR/tmp/" >> /usr/local/etc/php/conf.d/nextcloud.ini
|
||||
@@ -439,10 +441,10 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
|
||||
php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true
|
||||
# Make collabora more save
|
||||
COLLABORA_IPv4_ADDRESS="$(echo "<?php echo gethostbyname('$NC_DOMAIN');" | php | head -1)"
|
||||
COLLABORA_IPv6_Address="<?php \$record = dns_get_record('$NC_DOMAIN', DNS_AAAA);"
|
||||
COLLABORA_IPv6_ADDRESS="<?php \$record = dns_get_record('$NC_DOMAIN', DNS_AAAA);"
|
||||
# shellcheck disable=SC2016
|
||||
COLLABORA_IPv6_Address+='if (!empty($record)) {echo $record[0]["ipv6"];}'
|
||||
COLLABORA_IPv6_Address="$(echo "$COLLABORA_IPv6_Address" | php | head -1)"
|
||||
COLLABORA_IPv6_ADDRESS+='if (!empty($record)) {echo $record[0]["ipv6"];}'
|
||||
COLLABORA_IPv6_ADDRESS="$(echo "$COLLABORA_IPv6_ADDRESS" | php | head -1)"
|
||||
COLLABORA_ALLOW_LIST="$(php /var/www/html/occ config:app:get richdocuments wopi_allowlist)"
|
||||
if [ -n "$COLLABORA_IPv4_ADDRESS" ]; then
|
||||
if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$COLLABORA_IPv4_ADDRESS"; then
|
||||
|
||||
@@ -17,10 +17,11 @@ if [ -f "/var/www/html/config/config.php" ]; then
|
||||
echo "Waiting for the database to start..."
|
||||
sleep 5
|
||||
done
|
||||
if [ "$POSTGRES_USER" = "oc_nextcloud" ] && echo "$POSTGRES_PASSWORD" | grep -q '^[a-z0-9]\+$'; then
|
||||
# this was introduced with https://github.com/nextcloud/all-in-one/pull/218
|
||||
if [ "$POSTGRES_USER" = "oc_nextcloud" ] && [ "$POSTGRES_DB" = "nextcloud_database" ] && echo "$POSTGRES_PASSWORD" | grep -q '^[a-z0-9]\+$'; then
|
||||
# This was introduced with https://github.com/nextcloud/all-in-one/pull/218
|
||||
sed -i "s|'dbuser'.*=>.*$|'dbuser' => '$POSTGRES_USER',|" /var/www/html/config/config.php
|
||||
sed -i "s|'dbpassword'.*=>.*$|'dbpassword' => '$POSTGRES_PASSWORD',|" /var/www/html/config/config.php
|
||||
sed -i "s|'db_name'.*=>.*$|'db_name' => '$POSTGRES_DB',|" /var/www/html/config/config.php
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
@@ -10,6 +10,7 @@ RUN set -ex; \
|
||||
curl \
|
||||
ca-certificates \
|
||||
netcat \
|
||||
dnsutils \
|
||||
; \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
|
||||
@@ -7,15 +7,16 @@ if [ -z "$NC_DOMAIN" ]; then
|
||||
elif [ -z "$TURN_SECRET" ]; then
|
||||
echo "You need to provide the TURN_SECRET."
|
||||
exit 1
|
||||
elif [ -z "$JANUS_API_KEY" ]; then
|
||||
echo "You need to provide the JANUS_API_KEY."
|
||||
exit 1
|
||||
elif [ -z "$SIGNALING_SECRET" ]; then
|
||||
echo "You need to provide the SIGNALING_SECRET."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Turn: https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf
|
||||
set -x
|
||||
IPv4_ADDRESS="$(dig nextcloud-aio-talk A +short)"
|
||||
set +x
|
||||
|
||||
# Turn
|
||||
cat << TURN_CONF > "/etc/turnserver.conf"
|
||||
listening-port=$TALK_PORT
|
||||
fingerprint
|
||||
@@ -32,18 +33,26 @@ pidfile=/var/tmp/turnserver.pid
|
||||
no-tls
|
||||
no-dtls
|
||||
userdb=/var/lib/turn/turndb
|
||||
# Based on https://nextcloud-talk.readthedocs.io/en/latest/TURN/#turn-server-and-internal-networks
|
||||
allowed-peer-ip=$IPv4_ADDRESS
|
||||
denied-peer-ip=0.0.0.0-0.255.255.255
|
||||
denied-peer-ip=10.0.0.0-10.255.255.255
|
||||
denied-peer-ip=100.64.0.0-100.127.255.255
|
||||
denied-peer-ip=127.0.0.0-127.255.255.255
|
||||
denied-peer-ip=169.254.0.0-169.254.255.255
|
||||
denied-peer-ip=172.16.0.0-172.31.255.255
|
||||
denied-peer-ip=192.0.0.0-192.0.0.255
|
||||
denied-peer-ip=192.0.2.0-192.0.2.255
|
||||
denied-peer-ip=192.88.99.0-192.88.99.255
|
||||
denied-peer-ip=192.168.0.0-192.168.255.255
|
||||
denied-peer-ip=198.18.0.0-198.19.255.255
|
||||
denied-peer-ip=198.51.100.0-198.51.100.255
|
||||
denied-peer-ip=203.0.113.0-203.0.113.255
|
||||
denied-peer-ip=240.0.0.0-255.255.255.255
|
||||
TURN_CONF
|
||||
|
||||
# Janus
|
||||
set -x
|
||||
sed -i "s|#turn_rest_api_key.*|turn_rest_api_key = \"$JANUS_API_KEY\"|" /etc/janus/janus.jcfg
|
||||
sed -i "s|#full_trickle.*|full_trickle = true|g" /etc/janus/janus.jcfg
|
||||
sed -i 's|#stun_server.*|stun_server = "127.0.0.1"|g' /etc/janus/janus.jcfg
|
||||
sed -i "s|#stun_port.*|stun_port = $TALK_PORT|g" /etc/janus/janus.jcfg
|
||||
sed -i "s|#turn_port.*|turn_port = $TALK_PORT|g" /etc/janus/janus.jcfg
|
||||
sed -i 's|#turn_server.*|turn_server = "127.0.0.1"|g' /etc/janus/janus.jcfg
|
||||
sed -i 's|#turn_type .*|turn_type = "udp"|g' /etc/janus/janus.jcfg
|
||||
sed -i 's|#ice_ignore_list .*|ice_ignore_list = "udp"|g' /etc/janus/janus.jcfg
|
||||
sed -i 's|#interface.*|interface = "lo"|g' /etc/janus/janus.transport.websockets.jcfg
|
||||
sed -i 's|#ws_interface.*|ws_interface = "lo"|g' /etc/janus/janus.transport.websockets.jcfg
|
||||
sed -i 's|certfile =|#certfile =|g' /etc/janus/janus.transport.mqtt.jcfg
|
||||
@@ -81,11 +90,6 @@ url = nats://127.0.0.1:4222
|
||||
[mcu]
|
||||
type = janus
|
||||
url = ws://127.0.0.1:8188
|
||||
|
||||
[turn]
|
||||
apikey = ${JANUS_API_KEY}
|
||||
secret = ${TURN_SECRET}
|
||||
servers = turn:$NC_DOMAIN:$TALK_PORT?transport=tcp,turn:$NC_DOMAIN:$TALK_PORT?transport=udp
|
||||
SIGNALING_CONF
|
||||
|
||||
exec "$@"
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
name: Nextcloud AIO Helm Chart
|
||||
description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
|
||||
version: 4.3.4
|
||||
version: 4.4.1
|
||||
apiVersion: v2
|
||||
keywords:
|
||||
- latest
|
||||
|
||||
@@ -54,7 +54,7 @@ spec:
|
||||
value: nextcloud-aio-talk
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: nextcloud/aio-apache:20230216_152733-latest
|
||||
image: nextcloud/aio-apache:20230223_085216-latest
|
||||
name: nextcloud-aio-apache
|
||||
ports:
|
||||
- containerPort: {{ .Values.APACHE_PORT }}
|
||||
|
||||
@@ -38,7 +38,7 @@ spec:
|
||||
value: "90"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: nextcloud/aio-clamav:20230216_152733-latest
|
||||
image: nextcloud/aio-clamav:20230223_085216-latest
|
||||
name: nextcloud-aio-clamav
|
||||
ports:
|
||||
- containerPort: 3310
|
||||
|
||||
@@ -44,7 +44,7 @@ spec:
|
||||
value: --o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
|
||||
- name: server_name
|
||||
value: "{{ .Values.NC_DOMAIN }}"
|
||||
image: nextcloud/aio-collabora:20230216_152733-latest
|
||||
image: nextcloud/aio-collabora:20230223_085216-latest
|
||||
name: nextcloud-aio-collabora
|
||||
ports:
|
||||
- containerPort: 9980
|
||||
|
||||
@@ -46,7 +46,7 @@ spec:
|
||||
value: nextcloud
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: nextcloud/aio-postgresql:20230216_152733-latest
|
||||
image: nextcloud/aio-postgresql:20230223_085216-latest
|
||||
name: nextcloud-aio-database
|
||||
ports:
|
||||
- containerPort: 5432
|
||||
|
||||
@@ -42,7 +42,7 @@ spec:
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
- name: discovery.type
|
||||
value: single-node
|
||||
image: nextcloud/aio-fulltextsearch:20230216_152733-latest
|
||||
image: nextcloud/aio-fulltextsearch:20230223_085216-latest
|
||||
name: nextcloud-aio-fulltextsearch
|
||||
ports:
|
||||
- containerPort: 9200
|
||||
|
||||
@@ -26,7 +26,7 @@ spec:
|
||||
- env:
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: nextcloud/aio-imaginary:20230216_152733-latest
|
||||
image: nextcloud/aio-imaginary:20230223_085216-latest
|
||||
name: nextcloud-aio-imaginary
|
||||
ports:
|
||||
- containerPort: 9000
|
||||
|
||||
@@ -112,7 +112,7 @@ spec:
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
- name: UPDATE_NEXTCLOUD_APPS
|
||||
value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
|
||||
image: nextcloud/aio-nextcloud:20230216_152733-latest
|
||||
image: nextcloud/aio-nextcloud:20230223_085216-latest
|
||||
name: nextcloud-aio-nextcloud
|
||||
ports:
|
||||
- containerPort: 9000
|
||||
|
||||
@@ -42,7 +42,7 @@ spec:
|
||||
value: "{{ .Values.ONLYOFFICE_SECRET }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: nextcloud/aio-onlyoffice:20230216_152733-latest
|
||||
image: nextcloud/aio-onlyoffice:20230223_085216-latest
|
||||
name: nextcloud-aio-onlyoffice
|
||||
ports:
|
||||
- containerPort: 80
|
||||
|
||||
@@ -37,7 +37,7 @@ spec:
|
||||
value: "{{ .Values.REDIS_PASSWORD }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: nextcloud/aio-redis:20230216_152733-latest
|
||||
image: nextcloud/aio-redis:20230223_085216-latest
|
||||
name: nextcloud-aio-redis
|
||||
ports:
|
||||
- containerPort: 6379
|
||||
|
||||
@@ -36,7 +36,7 @@ spec:
|
||||
value: "{{ .Values.TURN_SECRET }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: nextcloud/aio-talk:20230216_152733-latest
|
||||
image: nextcloud/aio-talk:20230223_085216-latest
|
||||
name: nextcloud-aio-talk
|
||||
ports:
|
||||
- containerPort: {{ .Values.TALK_PORT }}
|
||||
|
||||
@@ -141,7 +141,7 @@ find ./ \( -not -name '*service.yaml' -name '*.yaml' \) -exec sed -i "/^status:/
|
||||
find ./ \( -not -name '*persistentvolumeclaim.yaml' -name '*.yaml' \) -exec sed -i "/resources:/d" \{} \;
|
||||
# shellcheck disable=SC1083
|
||||
find ./ -name '*.yaml' -exec sed -i "/creationTimestamp: null/d" \{} \;
|
||||
VOLUMES="$(find ./ -name '*persistentvolumeclaim.yaml' | sed 's|-persistentvolumeclaim.yaml||g;s|.*nextcloud-aio-||g')"
|
||||
VOLUMES="$(find ./ -name '*persistentvolumeclaim.yaml' | sed 's|-persistentvolumeclaim.yaml||g;s|.*nextcloud-aio-||g' | sort)"
|
||||
mapfile -t VOLUMES <<< "$VOLUMES"
|
||||
for variable in "${VOLUMES[@]}"; do
|
||||
name="$(echo "$variable" | sed 's|-|_|g' | tr '[:lower:]' '[:upper:]')_STORAGE_SIZE"
|
||||
|
||||
@@ -29,14 +29,14 @@ TIMEZONE: Europe/Berlin # TODO! This is the timezone that your containe
|
||||
TURN_SECRET: # TODO! This needs to be a unique and good password!
|
||||
UPDATE_NEXTCLOUD_APPS: no # When setting to yes (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.
|
||||
STORAGE_CLASS: # By setting this, you can adjust the storage class for your volumes
|
||||
ELASTICSEARCH_STORAGE_SIZE: 1Gi # You can change the size of the elasticsearch volume that default to 1Gi with this value
|
||||
NEXTCLOUD_TRUSTED_CACERTS_STORAGE_SIZE: 1Gi # You can change the size of the nextcloud-trusted-cacerts volume that default to 1Gi with this value
|
||||
COLLABORA_FONTS_STORAGE_SIZE: 1Gi # You can change the size of the collabora-fonts volume that default to 1Gi with this value
|
||||
ONLYOFFICE_STORAGE_SIZE: 1Gi # You can change the size of the onlyoffice volume that default to 1Gi with this value
|
||||
CLAMAV_STORAGE_SIZE: 1Gi # You can change the size of the clamav volume that default to 1Gi with this value
|
||||
DATABASE_DUMP_STORAGE_SIZE: 1Gi # You can change the size of the database-dump volume that default to 1Gi with this value
|
||||
NEXTCLOUD_DATA_STORAGE_SIZE: 1Gi # You can change the size of the nextcloud-data volume that default to 1Gi with this value
|
||||
NEXTCLOUD_STORAGE_SIZE: 1Gi # You can change the size of the nextcloud volume that default to 1Gi with this value
|
||||
REDIS_STORAGE_SIZE: 1Gi # You can change the size of the redis volume that default to 1Gi with this value
|
||||
DATABASE_STORAGE_SIZE: 1Gi # You can change the size of the database volume that default to 1Gi with this value
|
||||
APACHE_STORAGE_SIZE: 1Gi # You can change the size of the apache volume that default to 1Gi with this value
|
||||
CLAMAV_STORAGE_SIZE: 1Gi # You can change the size of the clamav volume that default to 1Gi with this value
|
||||
COLLABORA_FONTS_STORAGE_SIZE: 1Gi # You can change the size of the collabora-fonts volume that default to 1Gi with this value
|
||||
DATABASE_STORAGE_SIZE: 1Gi # You can change the size of the database volume that default to 1Gi with this value
|
||||
DATABASE_DUMP_STORAGE_SIZE: 1Gi # You can change the size of the database-dump volume that default to 1Gi with this value
|
||||
ELASTICSEARCH_STORAGE_SIZE: 1Gi # You can change the size of the elasticsearch volume that default to 1Gi with this value
|
||||
NEXTCLOUD_STORAGE_SIZE: 1Gi # You can change the size of the nextcloud volume that default to 1Gi with this value
|
||||
NEXTCLOUD_DATA_STORAGE_SIZE: 1Gi # You can change the size of the nextcloud-data volume that default to 1Gi with this value
|
||||
NEXTCLOUD_TRUSTED_CACERTS_STORAGE_SIZE: 1Gi # You can change the size of the nextcloud-trusted-cacerts volume that default to 1Gi with this value
|
||||
ONLYOFFICE_STORAGE_SIZE: 1Gi # You can change the size of the onlyoffice volume that default to 1Gi with this value
|
||||
REDIS_STORAGE_SIZE: 1Gi # You can change the size of the redis volume that default to 1Gi with this value
|
||||
|
||||
@@ -240,14 +240,12 @@
|
||||
"NC_DOMAIN=%NC_DOMAIN%",
|
||||
"TURN_SECRET=%TURN_SECRET%",
|
||||
"SIGNALING_SECRET=%SIGNALING_SECRET%",
|
||||
"JANUS_API_KEY=%JANUS_API_KEY%",
|
||||
"TZ=%TIMEZONE%",
|
||||
"TALK_PORT=%TALK_PORT%"
|
||||
],
|
||||
"secrets": [
|
||||
"TURN_SECRET",
|
||||
"SIGNALING_SECRET",
|
||||
"JANUS_API_KEY"
|
||||
"SIGNALING_SECRET"
|
||||
],
|
||||
"restart": "unless-stopped"
|
||||
},
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<files psalm-version="5.6.0@e784128902dfe01d489c4123d69918a9f3c1eac5"/>
|
||||
<files psalm-version="5.7.5@5390c212bab06ee230c8720c2e9c54b823db00c8"/>
|
||||
|
||||
@@ -663,7 +663,8 @@ class DockerActionManager
|
||||
'Driver' => 'bridge',
|
||||
'Internal' => false,
|
||||
'Options' => [
|
||||
'com.docker.network.bridge.enable_icc' => 'true'
|
||||
'com.docker.network.bridge.enable_icc' => 'true',
|
||||
'com.docker.network.bridge.enable_ip_masquerade' => 'true'
|
||||
]
|
||||
]
|
||||
]
|
||||
|
||||
@@ -16,7 +16,7 @@
|
||||
</header>
|
||||
|
||||
<div class="content">
|
||||
<h1>Nextcloud AIO v4.4.1</h1>
|
||||
<h1>Nextcloud AIO v4.5.0</h1>
|
||||
|
||||
{# Add 2nd tab warning #}
|
||||
<script type="text/javascript" src="second-tab-warning.js"></script>
|
||||
@@ -24,14 +24,10 @@
|
||||
{% set isAnyRunning = false %}
|
||||
{% set isAnyRestarting = false %}
|
||||
{% set isWatchtowerRunning = false %}
|
||||
{% set isRestoreRunning = false %}
|
||||
{% set isBackupOrRestoreRunning = false %}
|
||||
{% set isApacheStarting = false %}
|
||||
|
||||
{% if is_backup_container_running == true %}
|
||||
{% if borg_backup_mode == 'restore' %}
|
||||
{% set isRestoreRunning = true %}
|
||||
{% endif %}
|
||||
{% if borg_backup_mode == 'backup' or borg_backup_mode == 'restore' %}
|
||||
{% set isBackupOrRestoreRunning = true %}
|
||||
{% endif %}
|
||||
@@ -249,7 +245,7 @@
|
||||
|
||||
{% if has_update_available == true %}
|
||||
{% if is_mastercontainer_update_available == false %}
|
||||
⚠️ Container updates are available. Click on 'Stop Containers' and 'Start Containers' to update them. You should consider creating a backup first.<br><br>
|
||||
⚠️ Container updates are available. Click on <b>Stop Containers</b> and <b>Start Containers</b> to update them. You should consider creating a backup first.<br><br>
|
||||
{% endif %}
|
||||
{% else %}
|
||||
{% if is_mastercontainer_update_available == false %}
|
||||
@@ -277,10 +273,8 @@
|
||||
</form>
|
||||
{% endif %}
|
||||
{% else %}
|
||||
{% if isRestoreRunning == true %}
|
||||
Restore currently running. Cannot start the containers until that's done.<br /><br />
|
||||
{% elseif has_update_available == true and isBackupOrRestoreRunning == true %}
|
||||
Restore or Backup currently running and container update available. Cannot start the containers until that's done.<br /><br />
|
||||
{% if isBackupOrRestoreRunning == true %}
|
||||
Restore or Backup currently running. Cannot start the containers until that's done.<br /><br />
|
||||
{% else %}
|
||||
{% if was_start_button_clicked == false %}
|
||||
Clicking on the button below will download all docker containers and start them. This can take a lot of time depending on your internect connection. Since the overall size is a few GB, this will take around 5-10 min or more. So be aware and patient!<br><br>
|
||||
|
||||
15
readme.md
15
readme.md
@@ -18,8 +18,7 @@ The following instructions are meant for installations without a web server or r
|
||||
curl -fsSL get.docker.com | sudo sh
|
||||
```
|
||||
1. If you need ipv6 support, you should enable it by following https://docs.docker.com/config/daemon/ipv6/.
|
||||
2. Run the command below in order to start the container:<br><br>
|
||||
(For people that cannot use ports 80 and/or 443 on this server e.g. because it is already taken by a different web server, please follow the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) because port 443 is used by this project and opened on the host by default even though it does not look like this is the case. Otherwise please run the command below!)
|
||||
2. Run the command below in order to start the container:
|
||||
```
|
||||
# For Linux and without a web server or reverse proxy (like Apache, Nginx and else) already in place:
|
||||
sudo docker run \
|
||||
@@ -49,6 +48,8 @@ The following instructions are meant for installations without a web server or r
|
||||
- Further options can be set using environment variables, for example `-e NEXTCLOUD_DATADIR="/mnt/ncdata"` (This is an example for Linux. See [this](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) for other OS' and for an explanation of what this value does. This specific one needs to be specified upon the first startup if you want to change it to a specific path instead of the default Docker volume). To see explanations and examples for further variables (like changing the location of Nextcloud's datadir or mounting some locations as external storage into the Nextcloud container), read through this readme and look at the docker-compose file: https://github.com/nextcloud/all-in-one/blob/main/docker-compose.yml
|
||||
</details>
|
||||
|
||||
Note: You may be interested in adjusting Nextcloud’s datadir to store the files in a different location than the default docker volume. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it.
|
||||
|
||||
3. After the initial startup, you should be able to open the Nextcloud AIO Interface now on port 8080 of this server.<br>
|
||||
E.g. `https://ip.address.of.this.server:8080`<br><br>
|
||||
If your firewall/router has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:<br>
|
||||
@@ -62,6 +63,11 @@ Nextcloud AIO is inspired by projects like Portainer that manage the docker daem
|
||||
### Are reverse proxies supported?
|
||||
Yes. Please refer to the following documentation on this: [reverse-proxy.md](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md)
|
||||
|
||||
### Which CPU architectures are supported?
|
||||
You can check this on Linux by running: `uname -m`
|
||||
- x86_64/x64/amd64
|
||||
- aarch64/arm64/armv8 (Note: ClamAV is currently not supported on this CPU architecture)
|
||||
|
||||
### Which ports are mandatory to be open in your firewall/router?
|
||||
Only those (if you access the Mastercontainer Interface internally via port 8080):
|
||||
- `443/TCP` for the Apache container
|
||||
@@ -141,7 +147,7 @@ Although it does not seems like it is the case but from AIO perspective a Cloudf
|
||||
In general recommended VPS are those that are KVM/non-virtualized as Docker should work best on them.
|
||||
|
||||
### Note on storage options
|
||||
- SD-cards are discrecommended for AIO since they cripple the performance and they are not meant for many write operations which is needed for the database and other parts
|
||||
- SD-cards are disrecommended for AIO since they cripple the performance and they are not meant for many write operations which is needed for the database and other parts
|
||||
- SSD storage is recommended
|
||||
- HDD storage should work as well but is of course much slower than SSD storage
|
||||
|
||||
@@ -166,6 +172,7 @@ No and it will not be added. Please use a dedicated domain for Nextcloud and set
|
||||
### How can I access Nextcloud locally?
|
||||
The recommended way is to set up a local dns-server like a pi-hole and set up a custom dns-record for that domain that points to the internal ip-adddress of your server that runs Nextcloud AIO. Below are some guides:
|
||||
- https://www.howtogeek.com/devops/how-to-run-your-own-dns-server-on-your-local-network/
|
||||
- https://help.nextcloud.com/t/need-help-to-configure-internal-access/156075/6
|
||||
- https://howchoo.com/pi/pi-hole-setup together with https://docs.callitkarma.me/posts/PiHole-Local-DNS/
|
||||
- https://dockerlabs.collabnix.com/intermediate/networking/Configuring_DNS.html
|
||||
|
||||
@@ -418,7 +425,7 @@ Afterwards apply the correct permissions with `sudo chown root:root /root/backup
|
||||
### How to stop/start/update containers or trigger the daily backup from a script externally?
|
||||
You can do so by running the `/daily-backup.sh` script that is stored in the mastercontainer. It accepts the following environmental varilables:
|
||||
- `AUTOMATIC_UPDATES` if set to `1`, it will automatically stop the containers, update them and start them including the mastercontainer. If the mastercontainer gets updated, this script's execution will stop as soon as the mastercontainer gets stopped. You can then wait until it is started again and run the script with this flag again in order to update all containers correctly afterwards.
|
||||
- `DAILY_BACKUP` if set to `1`, it will automatically stop the containers and create a backup. If you want to start them again afterwards, you may have a look at the `START_CONTAINERS` option. Please be aware that this option is non-blocking if `START_CONTAINERS` and `AUTOMATIC_UPDATES` is not enabled at the same time which means that the backup check is not done when the process is finished since it only start the borgbackup container with the correct configuration.
|
||||
- `DAILY_BACKUP` if set to `1`, it will automatically stop the containers and create a backup. If you want to start them again afterwards, you may have a look at the `START_CONTAINERS` option.
|
||||
- `START_CONTAINERS` if set to `1`, it will automatically start the containers without updating them.
|
||||
- `STOP_CONTAINERS` if set to `1`, it will automatically stop the containers.
|
||||
- `CHECK_BACKUP` if set to `1`, it will start the backup check. This is not allowed to be enabled at the same time like `DAILY_BACKUP`. Please be aware that this option is non-blocking which means that the backup check is not done when the process is finished since it only start the borgbackup container with the correct configuration.
|
||||
|
||||
@@ -9,7 +9,7 @@ In order to run Nextcloud behind a web server or reverse proxy (like Apache, Ngi
|
||||
**Attention:** The process to run Nextcloud behind a reverse proxy consists of at least steps 1, 2 and 4:
|
||||
1. **Configure the reverse proxy! See [point 1](#1-add-this-to-your-reverse-proxy-config)**
|
||||
1. **Use the in this document provided startup command! See [point 2](#2-use-this-startup-command)**
|
||||
1. Optional: If the reverse proxy is installed on the same host, you should limit the apache container to only listen on localhost. See [point 3](#3-if-the-reverse-proxy-is-installed-on-the-same-host-you-should-configure-the-apache-container-to-only-listen-on-localhost)
|
||||
1. Optional: If the reverse proxy is installed on the same host and in the host network, you should limit the apache container to only listen on localhost. See [point 3](#3-limit-the-access-to-the-apache-container)
|
||||
1. **Open the AIO interface. See [point 4](#4-open-the-aio-interface)**
|
||||
1. Optional: Get a valid certificate for the AIO interface! See [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface)
|
||||
1. Optional: How to debug things? See [point 6](#6-how-to-debug-things)
|
||||
@@ -48,7 +48,10 @@ Add this as a new Apache site config:
|
||||
RewriteEngine On
|
||||
ProxyPreserveHost On
|
||||
AllowEncodedSlashes NoDecode
|
||||
|
||||
ProxyPass / http://localhost:11000/ nocanon
|
||||
ProxyPassReverse / http://localhost:11000/
|
||||
|
||||
RewriteCond %{HTTP:Upgrade} websocket [NC]
|
||||
RewriteCond %{HTTP:Connection} upgrade [NC]
|
||||
RewriteCond %{THE_REQUEST} "^[a-zA-Z]+ /(.*) HTTP/\d+(\.\d+)?$"
|
||||
@@ -475,12 +478,15 @@ sudo docker run \
|
||||
--restart always \
|
||||
--publish 8080:8080 \
|
||||
-e APACHE_PORT=11000 \
|
||||
-e APACHE_IP_BINDING=0.0.0.0 \
|
||||
--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
|
||||
--volume /var/run/docker.sock:/var/run/docker.sock:ro \
|
||||
nextcloud/all-in-one:latest
|
||||
```
|
||||
|
||||
You should also think about limiting the apache container to listen only on localhost in case the reverse proxy is running on the same host and if localhost is used, by providing an additional environmental variable to this docker run command. See [point 3](#3-if-the-reverse-proxy-is-installed-on-the-same-host-you-should-configure-the-apache-container-to-only-listen-on-localhost).
|
||||
Note: You may be interested in adjusting Nextcloud’s datadir to store the files in a different location than the default docker volume. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it.
|
||||
|
||||
You should also think about limiting the apache container to listen only on localhost in case the reverse proxy is running on the same host and in the host network, by providing an additional environmental variable to this docker run command. See [point 3](#3-limit-the-access-to-the-apache-container).
|
||||
|
||||
On macOS see https://github.com/nextcloud/all-in-one#how-to-run-aio-on-macos.
|
||||
|
||||
@@ -495,6 +501,7 @@ docker run ^
|
||||
--restart always ^
|
||||
--publish 8080:8080 ^
|
||||
-e APACHE_PORT=11000 ^
|
||||
-e APACHE_IP_BINDING=0.0.0.0 ^
|
||||
--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config ^
|
||||
--volume //var/run/docker.sock:/var/run/docker.sock:ro ^
|
||||
nextcloud/all-in-one:latest
|
||||
@@ -510,9 +517,9 @@ On Synology DSM see https://github.com/nextcloud/all-in-one#how-to-run-aio-on-sy
|
||||
|
||||
Simply translate the docker run command into a docker-compose file. You can have a look at [this file](https://github.com/nextcloud/all-in-one/blob/main/docker-compose.yml) for some inspiration but you will need to modify it either way. You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
|
||||
|
||||
## 3. If the reverse proxy is installed on the same host, you should configure the apache container to only listen on localhost.
|
||||
## 3. Limit the access to the apache container
|
||||
|
||||
Use this envorinmental variable during the initial startup of the mastercontainer to make the apache container only listen on localhost: `-e APACHE_IP_BINDING=127.0.0.1`. **Attention:** This is only recommended to be set if you use `localhost` in your reverse proxy config to connect to your AIO instance. If you use an ip-address, you can either simply skip this step or set it to `0.0.0.0` if you are unsure what the correct value is.
|
||||
Use this envorinmental variable during the initial startup of the mastercontainer to make the apache container only listen on localhost: `-e APACHE_IP_BINDING=127.0.0.1`. **Attention:** This is only recommended to be set if you use `localhost` in your reverse proxy config to connect to your AIO instance. If you use an ip-address instead of localhost, you should set it to `0.0.0.0`.
|
||||
|
||||
## 4. Open the AIO interface.
|
||||
After starting AIO, you should be able to access the AIO Interface via `https://ip.address.of.the.host:8080`. Enter your domain that you've entered in the reverse proxy config and you should be done. Please do not forget to open port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container!
|
||||
|
||||
Reference in New Issue
Block a user