Currently the README section that describes how to change the custom
skeleton directory does not explain why an administrator may wish to
do this. This addition to the documentation provides context: a custom
skeleton directory is created to change the default files and folders
that ship with Nextcloud.
Signed-off-by: J Hackman <gene@preciouschicken.com>
Just a very little typo that confused me while I was reading documentation yesterday. I assume this was what the title wanted to convey?
Signed-off-by: Aytsuqi <141279848+Aytsuqi@users.noreply.github.com>
Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then)
Signed-off-by: Simon L <szaimen@e.mail.de>
Add information about synchronizing after migration. There maybe issues if the server has been offline for a while and a user reconnects clients for synchronization.
Signed-off-by: Lance <Gero3977@gmail.com>
Running a proxy manager directly on the host or in a container leads to different adaption of the example configurations. The description for this is simplified and more structured now. Additional the steps are written once and referenced per example configuration.
Signed-off-by: Marvin von Papen <79196690+MarvvanPal@users.noreply.github.com>
Remove suggestion to use Backup Nextcloud App as the app is no longer maintained, stable, or reliably works.
Signed-off-by: Seth Deegan <jayandseth@gmail.com>
dockerfilelint "$file" --config ./ | tee -a ./dockerfilelint.log
# DL3018 warning: Pin versions in apk add. Instead of `apk add <package>` use `apk add <package>=<version>`
# DL4006 warning: Set the SHELL option -o pipefail before RUN with a pipe in it. If you are using /bin/sh in an alpine image or if your shell is symlinked to busybox then consider explicitly setting your SHELL to /bin/ash, or disable this check
hadolint "$file" --ignore DL3018 --ignore DL4006 | tee -a ./hadolint.log
done
if grep "^Issues: [0-9]" ./dockerfilelint.log; then
if grep -q "DL[0-9]\+\|SC[0-9]\+" ./hadolint.log; then
echo"Afterwards a restart of docker should automatically resolve this."
echo"Additionally, make sure to disable VPN software that might be running on your server"
echo"Also check your firewall if it blocks connections to github"
echo"If it should still not work afterwards, feel free to create a new thread at https://github.com/nextcloud/all-in-one/discussions/new?category=questions and post the Nextcloud container logs there."
echo"The database initialization failed. Most likely was a wrong timezone selected."
echo"The selected timezone is '$TZ'."
echo"Please check if it is in 'TZ database name' column of the timezone list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"
echo"Please check if it is in the 'TZ identifier' column of the timezone list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"
echo"For further clues on what went wrong, look at the logs above."
echo"You might start again from scratch by following https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance and selecting a proper timezone."
sed -i "s|^max_connections =.*|max_connections = $MAX_CONNECTIONS|""/var/lib/postgresql/data/postgresql.conf"
fi
echo"Setting postgres values..."
# Modify conf
# Sync this with max pm.max_children and MaxRequestWorkers
# 5000 connections is apparently the highest possible value with postgres so set it to that so that we don't run into a limit here.
# We don't actually expect so many connections but don't want to limit it artificially because people will report issues otherwise
# Also connections should usually be closed again after the process is done
# If we should actually exceed this limit, it is definitely a bug in Nextcloud server or some of its apps that does not close connections correctly and not a bug in AIO
sed -i "s|^max_connections =.*|max_connections = 5000|""/var/lib/postgresql/data/postgresql.conf"
# Do not log checkpoints
if grep -q "#log_checkpoints" /var/lib/postgresql/data/postgresql.conf;then
sed -i 's|#log_checkpoints.*|log_checkpoints = off|' /var/lib/postgresql/data/postgresql.conf
fi
# Closing idling connections automatically seems to break any logic so was reverted again to default where it is disabled
if grep -q "^idle_session_timeout" /var/lib/postgresql/data/postgresql.conf;then
sed -i 's|^idle_session_timeout.*|#idle_session_timeout|' /var/lib/postgresql/data/postgresql.conf
fi
fi
do_database_dump(){
set -x
rm -f "$DUMP_FILE.temp"
touch "$DUMP_DIR/export.failed"
if pg_dump --username "$POSTGRES_USER""$POSTGRES_DB" > "$DUMP_FILE.temp";then
rm -f "$DUMP_FILE"
mv "$DUMP_FILE.temp""$DUMP_FILE"
pg_ctl stop -m fast
rm "$DUMP_DIR/export.failed"
echo'Database dump successful!'
set +x
exit0
else
pg_ctl stop -m fast
echo"Database dump unsuccessful!"
set +x
exit1
fi
}
# Catch docker stop attempts
trap'true' SIGINT SIGTERM
trapdo_database_dump SIGINT SIGTERM
# Start the database
exec docker-entrypoint.sh postgres &
wait$!
# Continue with shutdown procedure: do database dump, etc.
rm -f "$DUMP_FILE.temp"
touch "$DUMP_DIR/export.failed"
if pg_dump --username "$POSTGRES_USER""$POSTGRES_DB" > "$DUMP_FILE.temp";then
This container bundles caddy and auto-configures it for you. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden by listening on `bw.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart by listening on `mail.$NC_DOMAIN`, if installed.
### Notes
- This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
- Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart, make sure that you point `mail.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for stalwart.
- After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!
- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
This container bundles DLNA server for your Nextcloud files to be accessible by the clients in your local network. Simply run the container and look for a new media server `nextcloud-aio` in your local network.
### Notes
- This container will work only if the Nextcloud installation is in your home network, it is not suitable for installations on remote servers.
- This is not working with Docker Desktop since it requires the `host` networking mode in docker, and it doesn't really share the host's network interfaces in this system
- If you have a firewall like ufw configured, you might need to open at least port 9999 TCP and 1900 UDP first in order to make it work.
- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
This container bundles the external model of facerecognition and auto-configures it for you.
### Notes
- This container needs imaginary in order to analyze modern file format images. Make sure to enable imaginary in the AIO interface before adding this container.
- Facerecognition is by default disabled for all users, if you want to enable facerecognition for all users, you can run the following before adding this container:
- If facerecognition shall analyze shared files & folders (`sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:app:set facerecognition handle_shared_files --value true`), groupfolders (`sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:app:set facerecognition handle_group_files --value true`) and/or external storages (`sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:app:set facerecognition handle_external_files --value true`) in Nextcloud, you need to enable support for it manually first by running the mentioned commands before adding this container. See https://github.com/matiasdelellis/facerecognition/wiki/Settings#hidden-settings for further notes on each of these settings.
- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
This container bundles fail2ban and auto-configures it for you in order to block ip-addresses automatically. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, if installed.
### Notes
- This is not working on Docker Desktop since it needs `network_mode: host` in order to work correctly.
- If you get an error like `"ip6tables v1.8.9 (legacy): can't initialize ip6tables table filter': Table does not exist (do you need to insmod?)"`, you need to enable ip6tables on your host via `sudo modprobe ip6table_filter`.
- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
This container bundles Local AI and auto-configures it for you.
### Notes
- Make sure to have enough storage space available. This container alone needs ~14GB storage on x64, on arm64 only ~4GB. Every model that you add to `models.yaml` will of course use additional space which adds up quite fast.
- After the container was started the first time, you should see a new `nextcloud-aio-local-ai` folder when you open the files app with the default `admin` user. In there you should see a `models.yaml` config file. You can now add models in there. Please refer [here](https://github.com/go-skynet/model-gallery/blob/main/index.yaml) where you can get further urls that you can put in there. Afterwards restart all containers from the AIO interface and the models should automatically get downloaded by the local-ai container and activated.
- Example for content of `models.yaml` (if you add all of them, it takes around 10GB additional space):
```yaml
# Stable Diffusion in NCNN with c++, supported txt2img and img2img
- Additionally after doing so, you might want to enable or disable specific features for your models in the integration_openai settings: `https://your-nc-domain.com/settings/admin/connected-accounts`
- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
This container bundles the hardware-transcoding container of memories and auto-configures it for you.
### Notes
- In order to actually enable the hardware transcoding, you need to add the following flag to AIO apart from adding this container: https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud
- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
This container contains a fork of the Nginx Proxy Manager, which is a WebUI for nginx. It will also automatically create a config and cert for AIO.
### Notes
- This container is incompatible with the [caddy](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy) community container. So make sure that you do not enable both at the same time!
- Only works on linux since it uses network mode host
- You can ignore the NPM configuration of the reverse-proxy.md. The NPMplus fork already contains the changes of the advanced tab.
- Make sure that no other service is using port `443 (tcp/upd)` or `81 (tcp)` on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep "443\|81"` before installing AIO.
- Please change the default login data first, after you can read inside the logs that the default config for AIO is created and there are no errors.
- After the container was started the first time, please check the logs for errors. Then you can open NPMplus on `https://<ip>:81` and change the password.
- The default password is `iArhP1j7p1P6TA92FA2FMbbUGYqwcYzxC4AVEe12Wbi94FY9gNN62aKyF1shrvG4NycjjX9KfmDQiwkLZH1ZDR9xMjiG2QmoHXi` and the default email is `admin@example.com`
- If you want to use NPMplus behind a domain and outside localhost just create a new proxy host inside the NPMplus which proxies to `https`, `127.0.0.1` and port `81` - all other settings should be the same as for the AIO host.
- If you want to set env options from this [compose.yaml](https://github.com/ZoeyVid/NPMplus/blob/develop/compose.yaml), please set them inside the `.env` file which you can find in the `nextcloud_aio_npmplus` volume
- The data (certs, configs, etc.) of NPMplus will be automatically included in AIOs backup solution!
- **Important:** you always need to enable https for your hosts, since `DISABLE_HTTP` is set to true
- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
This container bundles pi-hole and auto-configures it for you.
### Notes
- You should not run this container on a public VPS! It is only intended to run in home networks!
- Make sure that no dns server is already running by checking with `sudo netstat -tulpn | grep 53`. Otherwise the container will not be able to start!
- The DHCP functionality of Pi-hole has been disabled!
- The data of pi-hole will be automatically included in AIOs backup solution!
- After adding and starting the container, you can visit `http://ip.address.of.this.server:8573` in order to log in with the admin key that you can retrieve when running `sudo docker inspect nextcloud-aio-pihole | grep WEBPASSWORD`. There you can configure the pi-hole setup. Also you can add local dns records.
- You can configure your home network now to use pi-hole as its dns server by configuring your router.
- Additionally, you can configure the docker daemon to use that by editing `/etc/docker/daemon.json` and adding ` { "dns" : [ "ip.address.of.this.server" , "8.8.8.8" ] } `.
- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
This container bundles Plex and auto-configures it for you.
### Notes
- This is not working on arm64 since Plex does only provide x64 docker images.
- This is not working on Docker Desktop since it needs `network_mode: host` in order to work correctly.
- If you have a firewall like ufw configured, you might need to open all Plex ports in there first in order to make it work. Especially port 32400 is important!
- After adding and starting the container, you need to visit http://ip.address.of.server:32400/manage in order to claim your server with a plex account
- The data of Plex will be automatically included in AIOs backup solution!
- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
This directory features containers that are built for AIO which allows to add additional functionality very easily.
## Disclaimers
⚠️ This is currently beta and not stable yet!
All containers that are in this directory are community maintained so the responsibility is on the community to keep them updated and secure. There is no guarantee that this will be the case in the future.
## How to use this?
Before adding any additional container, make sure to create a backup via the AIO interface!
Afterwards, you might want to add additional community containers to the default AIO stack. You can do so by adding `--env AIO_COMMUNITY_CONTAINERS="container1 container2"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must match the folder names in this directory! ⚠️⚠️⚠️ Please review the folder for documentation on each of the containers before adding them! Not reviewing the documentation for each of them first might break starting the AIO containers because e.g. fail2ban only works on Linux and not on Docker Desktop!
## How to add containers?
Simply submit a PR by creating a new folder in this directory: https://github.com/nextcloud/all-in-one/tree/main/community-containers with the name of your container. It must include a json file with the same name and with correct syntax and a readme.md with additional information. You might get inspired by caddy, fail2ban, local-ai, libretranslate, plex, pi-hole or vaultwarden (subfolders in this directory). For a full-blown example of the json file, see https://github.com/nextcloud/all-in-one/blob/main/php/containers.json. The json-schema that it validates against can be found here: https://github.com/nextcloud/all-in-one/blob/main/php/containers-schema.json.
### Is there a list of ideas for new community containers?
Yes, see [this list](https://github.com/nextcloud/all-in-one/discussions/categories/ideas?discussions_q=is%3Aopen+category%3AIdeas+label%3A%22help+wanted%22) for already existing ideas for new community containers. Feel free to pick one up and add it to this folder by following the instructions above.
## How to remove containers from AIOs stack?
In some cases, you might want to remove some community containers from the AIO stack again. Here is how to do this.
First, do a backup from the AIO interface in order to save the current state. Do not start the containers again afterwards! Now simply recreate the mastercontainer and remove any container from the `--env AIO_COMMUNITY_CONTAINERS="container1 container2"` that you do not actually need. If you want to remove all, simply use `--env AIO_COMMUNITY_CONTAINERS=" "`.
After removing the containers, there might be some data left on your server that you might want to remove. You can get rid of the data by first running `sudo docker rm nextcloud-aio-container1`, (adjust `container1` accordingly) per community-container that you removed. Then run `sudo docker image prune -a` in order to remove all images that are not used anymore. As last step you can get rid of persistent data of these containers that is stored in volumes. You can check if there is some by running `sudo docker volume ls` and look for any volume that matches the ones that you removed. If so, you can remove them with `sudo docker volume rm nextcloud_aio_volume-id` (of course you need to adjust the `volume-id`).
This container bundles stalwart mail server and auto-configures it for you.
### Notes
- This is only intended to run on a VPS with static ip-address.
- Check with `sudo netstat -tulpn` that no other service is using port 25, 143, 465, 587, 993 nor 4190 yet as otherwise the container will fail to start.
- You need to configure a reverse proxy in order to run this container since stalwart needs a dedicated (sub)domain! For that, you might have a look at https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy.
- Currently, only `mail.$NC_DOMAIN` is supported as subdomain! So if Nextcloud is using `your-domain.com`, Stalwart will use `mail.your-domain.com`.
- The data of Stalwart will be automatically included in AIOs backup solution!
- After adding and starting the container, you need to run `sudo docker exec -it nextcloud-aio-stalwart configure.sh` and follow https://stalw.art/docs/install/docker/#choose-where-to-store-your-data (1. choose `Local disk using Maildir`, 2. choose `No, create a new directory for me` (or select LDAP if you have an LDAP server), 3. type in your `$NC_DOMAIN` as `domain name` and `mail.$NC_DOMAIN` as `server hostname`. 4. add `DKIM, SPF and DMARC` as advised to your DNS config, 5. Take note of the administrator credentials, 6. Now the config script should exit and automatically restart the container and enable your config.
- See https://stalw.art/docs/directory/types/memory/ how you can easily create new user accounts. (Alternatively see https://stalw.art/docs/directory/types/ldap if you have an LDAP server). You can edit the config file with `sudo docker exec -it nextcloud-aio-stalwart vi /opt/stalwart-mail/etc/config.toml`. Also, you might want to enable logging to stdout so that you can see the stalwart logs in your container logs via `sudo docker exec -it nextcloud-aio-stalwart vi /opt/stalwart-mail/etc/common/tracing.toml` (you need to restart the container afterwards with `sudo docker restart nextcloud-aio-stalwart` in order to apply the settings).
- Afterwards, you can visit the basic admin settings in `https://your-nc-domain.com/settings/admin` and add the your mail server for outgoing mails there.
- Additionally, you might want to install and configure [snappymail](https://apps.nextcloud.com/apps/snappymail) or [mail](https://apps.nextcloud.com/apps/mail) inside Nextcloud in order to use your mail accounts for sending and retrieving mails.
- See https://stalw.art/docs/faq for further faq and docs on the project
- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
This container bundles vaultwarden and auto-configures it for you.
### Notes
- You need to configure a reverse proxy in order to run this container since vaultwarden needs a dedicated (sub)domain! For that, you might have a look at https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy or follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md and https://github.com/dani-garcia/vaultwarden/wiki/Proxy-examples. You need to point the reverse proxy at port 8812 of this server.
- Currently, only `bw.$NC_DOMAIN` is supported as subdomain! So if Nextcloud is using `your-domain.com`, vaultwarden will use `bw.your-domain.com`. The reverse proxy and domain must be configured accordingly!
- If you want to secure the installation with fail2ban, you might want to check out https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban
- The data of Vaultwarden will be automatically included in AIOs backup solution!
- After adding and starting the container, you need to visit `https://bw.your-domain.com/admin` in order to log in with the admin key that you can retrieve when running `sudo docker inspect nextcloud-aio-vaultwarden | grep ADMIN_TOKEN`. There you can configure smtp first and then invite users via mail. After this is done, you might disable the admin panel via the reverse proxy by blocking connections to the subdirectory.
- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
# - NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container
# - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
# - NEXTCLOUD_ENABLE_DRI_DEVICE=true # This allows to enable the /dev/dri device in the Nextcloud container. ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don't set this to true as otherwise the Nextcloud container will fail to start! See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud
# - NEXTCLOUD_KEEP_DISABLED_APPS=false # Setting this to true will keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed. See https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps
# - TALK_PORT=3478 # This allows to adjust the port that the talk container is using. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port
# - WATCHTOWER_DOCKER_SOCKET_PATH=/var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
# networks: # Is needed when you want to create the nextcloud-aio network with ipv6-support using this file, see the network config at the bottom of the file
# - nextcloud-aio # Is needed when you want to create the nextcloud-aio network with ipv6-support using this file, see the network config at the bottom of the file
# # Uncomment the following line when using SELinux
# security_opt: ["label:disable"]
# # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
# # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
@@ -46,7 +49,7 @@ services:
# - ./sites:/srv
# network_mode: "host"
volumes:
volumes:# If you want to store the data on a different drive, see https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive
nextcloud_aio_mastercontainer:
name:nextcloud_aio_mastercontainer# This line is not allowed to be changed as otherwise the built-in backup solution will not work
**Please note:** Due to a bug in Collabora is the Collabora container currently in rootless mode not working. See https://github.com/CollaboraOnline/online/issues/2800. In that case, you need to run a separate Collabora instance on your own if you want to use this feature. The following flag will be useful https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps.
You can run AIO with docker rootless by following the steps below.
0. If docker is already installed, you should consider disabling it first: (`sudo systemctl disable --now docker.service docker.socket`)
1. Install docker rootless by following the official documentation: https://docs.docker.com/engine/security/rootless/#install. The easiest way is installing it **Without packages** (`curl -fsSL https://get.docker.com/rootless | sh`). Further limitations, distribution specific hints, etc. are discussed on the same site. Also do not forget to enable the systemd service, which may not be enabled always by default. See https://docs.docker.com/engine/security/rootless/#usage. (`systemctl --user enable docker`)
1. If you need ipv6 support, you should enable it by following https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md.
1. Do not forget to set the mentioned environmental variables and in best case add them to your `~/.bashrc` file as shown!
1. Do not forget to set the mentioned environmental variables`PATH` and `DOCKER_HOST` and in best case add them to your `~/.bashrc` file as shown!
1. Also do not forget to run `loginctl enable-linger USERNAME` (and substitute USERNAME with the correct one) in order to make sure that user services are automatically started after every reboot.
1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`)
1. Use the official AIO startup command but use `--volume $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro` instead of `--volume /var/run/docker.sock:/var/run/docker.sock:ro` and also add `--env WATCHTOWER_DOCKER_SOCKET_PATH=$XDG_RUNTIME_DIR/docker.sock` to the initial container startup (which is needed for mastercontainer updates to work correctly).
1. Use the official AIO startup command but use `--volume $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro` instead of `--volume /var/run/docker.sock:/var/run/docker.sock:ro` and also add `--env WATCHTOWER_DOCKER_SOCKET_PATH=$XDG_RUNTIME_DIR/docker.sock` to the initial container startup (which is needed for mastercontainer updates to work correctly). When you are using Portainer to deploy AIO, the variable `$XDG_RUNTIME_DIR` is not available. In this case, it is necessary to manually add the path (e.g. `/run/user/1000/docker.sock`) to the Docker compose file to replace the `$XDG_RUNTIME_DIR` variable. If you are not sure how to get the path, you can run on the host: `echo $XDG_RUNTIME_DIR`.
1. Now everything should work like without docker rootless. You can consider using docker-compose for this or running it behind a reverse proxy. Basically the only thing that needs to be adjusted always in the startup command or compose.yaml file (after installing docker rootles) are things that are mentioned in point 3.
**Please note:** All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. E.g. with `sudo chown -R USERNAME:GROUPNAME /mnt/backup`. The same applies when changing Nextcloud's datadir. E.g. `sudo chown -R USERNAME:GROUPNAME /mnt/ncdata`. When you want to use the NEXTCLOUD_MOUNT option for local external storage, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value).
DATABASE_PASSWORD= # TODO! This needs to be a unique and good password!
FULLTEXTSEARCH_PASSWORD= # TODO! This needs to be a unique and good password!
NC_DOMAIN=yourdomain.com # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
NEXTCLOUD_PASSWORD= # TODO! This is the password of the initially created Nextcloud admin with username "admin".
ONLYOFFICE_SECRET= # TODO! This needs to be a unique and good password!
@@ -32,6 +33,7 @@ NEXTCLOUD_MOUNT=/mnt/ # This allows the Nextcloud container to access d
NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes" # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.
NEXTCLOUD_UPLOAD_LIMIT=10G # This allows to change the upload limit of the Nextcloud container
REMOVE_DISABLED_APPS=yes # Setting this to no keep Nextcloud apps that are disabled via their switch and not uninstall them if they should be installed in Nextcloud.
TALK_PORT=3478 # This allows to adjust the port that the talk container is using.
UPDATE_NEXTCLOUD_APPS="no" # When setting to "yes" (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.
IPV6_NETWORK=fd12:3456:789a:2::/64 # IPv6 subnet to use
sed -i '/stop_grace_period:/s/$/s/' containers.yml
sed -i '/: \[\]/d' containers.yml
sed -i 's|- source: |- |' containers.yml
@@ -90,6 +92,7 @@ sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS="deck twofactor_totp ta
sed -i 's|NEXTCLOUD_ADDITIONAL_APKS=|NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.|' sample.conf
sed -i 's|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.|' sample.conf
sed -i 's|INSTALL_LATEST_MAJOR=|INSTALL_LATEST_MAJOR=no # Setting this to yes will install the latest Major Nextcloud version upon the first installation|' sample.conf
sed -i 's|REMOVE_DISABLED_APPS=|REMOVE_DISABLED_APPS=yes # Setting this to no keep Nextcloud apps that are disabled via their switch and not uninstall them if they should be installed in Nextcloud.|' sample.conf
sed -i 's|=$|= # TODO! This needs to be a unique and good password!|' sample.conf
echo'IPV6_NETWORK=fd12:3456:789a:2::/64 # IPv6 subnet to use' >> sample.conf
@@ -18,6 +18,7 @@ The procedure for migrating only the files works like this:
1. Next, run `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chown -R 33:0 /mnt/ncdata/` and `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chmod -R 750 /mnt/ncdata/` to apply the correct permissions. (Or if `NEXTCLOUD_DATADIR` was provided, apply `chown -R 33:0` and `chmod -R 750` to the chosen path.)
1. Start the containers again and wait until all containers are running
1. Run `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan-app-data && sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan --all` in order to scan all files in the datadirectory.
1. If the restored data is older than any clients you want to continue to sync, for example if the server was down for a period of time during migration, you may want to take a look at [Synchronising with clients after migration](/migration.md#synchronising-with-clients-after-migration) below.
## Migrate the files and the database
**Please note**: this is much more complicated than migrating only the files and also not as failproof so be warned! Also, this will not work on former snap installations as the snap is read-only and thus you cannot install the necessary `pdo_pgsql` PHP extension. So if migrating from snap, you will need to use one of the other methods. However you could try to ask if the snaps maintainer could add this one small PHP extension to the snap here: https://github.com/nextcloud-snap/nextcloud-snap/issues which would allow for an easy migration.
@@ -84,5 +85,21 @@ The procedure for migrating the files and the database works like this:
Now the whole Nextcloud instance should work again.<br>
If not, feel free to restore the AIO instance from backup and start at step 8 again.
If the restored data is older than any clients you want to continue to sync, for example if the server was down for a period of time during migration, you may want to take a look at [Synchronising with clients after migration](/migration.md#synchronising-with-clients-after-migration) below.
## Use the user_migration app
A new way since the Nextcloud update to 24 is to use the new [user_migration app](https://apps.nextcloud.com/apps/user_migration#app-gallery). It allows to export the most important data on one instance and import it on a different Nextcloud instance. For that, you need to install and enable the user_migration app on your old instance, trigger the export for the user, create the user on the new instance, log in with that user and import the archive that was created during the export. This then needs to be done for each user that you want to migrate.
If the restored data is older than any clients you want to continue to sync, for example if the server was down for a period of time during migration, you may want to take a look at [Synchronising with clients after migration](/migration.md#synchronising-with-clients-after-migration) below.
# Synchronising with clients after migration
#### From https://docs.nextcloud.com/server/latest/admin_manual/maintenance/restore.html#synchronising-with-clients-after-data-recovery
By default the Nextcloud server is considered the authoritative source for the data. If the data on the server and the client differs clients will default to fetching the data from the server.
If the recovered backup is outdated the state of the clients may be more up to date than the state of the server. In this case also make sure to run `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ maintenance:data-fingerprint` command afterwards. It changes the logic of the synchronisation algorithm to try an recover as much data as possible. Files missing on the server are therefore recovered from the clients and in case of different content the users will be asked.
>[!Note]
>The usage of maintenance:data-fingerprint can cause conflict dialogues and difficulties deleting files on the client. Therefore it’s only recommended to prevent dataloss if the backup was outdated.
If you are running multiple application servers you will need to make sure the config files are synced between them so that the updated data-fingerprint is applied on all instances.
@@ -7,7 +7,7 @@ Below is described more in detail how the the second way works.
## Run multiple AIO instances on the same server with docker rootless
1. Create as many linux users as you need first. The easiest way is to use `sudo adduser` and follow the setup for that. Make sure to create a strong unique password for each of them and write it down!
1. Log in as each of the users e.g. by opening a new SSH connection and install docker rootless for each of them by following step 0-4 of the [docker rootless documentation](./docker-rootless.md).
1. Log in as each of the users by opening a new SSH connection as the user and install docker rootless for each of them by following step 0-1 and 3-4 of the [docker rootless documentation](./docker-rootless.md) (you can skip step 2 in this case).
1. Then install AIO in reverse proxy mode by using the command that is descriebed in step 2 and 3 of the [reverse proxy documentation](./reverse-proxy.md) but use a different `APACHE_PORT` and [`TALK_PORT`](https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port) for each instance as otherwise it will bug out. Also make sure to adjust the docker socket and `WATCHTOWER_DOCKER_SOCKET_PATH` correctly for each of them by following step 6 of the [docker rootless documentation](./docker-rootless.md). Additionally, modify `--publish 8080:8080` to a different port for each container, e.g. `8081:8080` as otherwise it will not work.<br>
**⚠️ Please note:** If you want to adjust the `NEXTCLOUD_DATADIR`, make sure to apply the correct permissions to the chosen path as documented at the bottom of the [docker rootless documentation](./docker-rootless.md). Also for the built-in backup to work, the target path needs to have the correct permissions as documented there, too.
1. Now install your webserver of choice on the host system. It is recommended to use caddy for this as it is by far the easiest solution. You can do so by following https://caddyserver.com/docs/install#debian-ubuntu-raspbian or below. (It needs to be installed directly on the host or on a different server in the same network).
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
