mirror of
https://github.com/nextcloud/all-in-one.git
synced 2026-05-21 10:50:10 +00:00
Compare commits
67 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
9f6f396447 | ||
|
|
d7d352ebdd | ||
|
|
94880e1e98 | ||
|
|
f45121defa | ||
|
|
b9fbb5cfe9 | ||
|
|
44646615dd | ||
|
|
40450c27f0 | ||
|
|
90e9791008 | ||
|
|
590012ae38 | ||
|
|
a05269c773 | ||
|
|
0b31db1b21 | ||
|
|
fe018904b1 | ||
|
|
43c16a086f | ||
|
|
c9ec673634 | ||
|
|
17fcc24c9a | ||
|
|
d181a8c266 | ||
|
|
ce43fe96a9 | ||
|
|
e7b587f73d | ||
|
|
0f89c6eaed | ||
|
|
03f9288388 | ||
|
|
e8dc3692a0 | ||
|
|
ab670a19df | ||
|
|
f001c6f955 | ||
|
|
55d6971668 | ||
|
|
10698d7df0 | ||
|
|
e422e0861f | ||
|
|
a6f2a3c76d | ||
|
|
4d84146b2d | ||
|
|
5f97e7e2ee | ||
|
|
1e54b1849c | ||
|
|
5cf4501742 | ||
|
|
6ca4cdc636 | ||
|
|
1871517ccc | ||
|
|
051871f67a | ||
|
|
9a9fb8bc8b | ||
|
|
727a94aa9b | ||
|
|
265bd44830 | ||
|
|
74f622b7d8 | ||
|
|
f9386388d6 | ||
|
|
2b169779a9 | ||
|
|
2cf1fd5e7e | ||
|
|
44e8c836ed | ||
|
|
9d5f9ca0a5 | ||
|
|
6f43d79d67 | ||
|
|
1abdc32fda | ||
|
|
faf94f0cee | ||
|
|
33eb9c99ea | ||
|
|
dac6b57e0a | ||
|
|
b961792d68 | ||
|
|
c91c0b9867 | ||
|
|
976aca9139 | ||
|
|
02d9e3a3c5 | ||
|
|
a00310f4e4 | ||
|
|
03dbbdd111 | ||
|
|
ac43b433c8 | ||
|
|
172330b938 | ||
|
|
3ad6d672c3 | ||
|
|
fd2cb11e40 | ||
|
|
31fa780f29 | ||
|
|
4dac111b9f | ||
|
|
5b3658c6a0 | ||
|
|
f9e78ba35e | ||
|
|
810dec4a96 | ||
|
|
48d891d390 | ||
|
|
bf103b9061 | ||
|
|
257b9217f8 | ||
|
|
a9a6aa51dc |
4
.github/workflows/helm-release.yml
vendored
4
.github/workflows/helm-release.yml
vendored
@@ -36,6 +36,10 @@ jobs:
|
||||
with:
|
||||
version: v3.6.3
|
||||
|
||||
- name: Run Helm Lint
|
||||
run: |
|
||||
helm lint ./nextcloud-aio-helm-chart
|
||||
|
||||
- name: Run chart-releaser
|
||||
uses: helm/chart-releaser-action@v1.6.0
|
||||
with:
|
||||
|
||||
19
.github/workflows/lint-helm.yml
vendored
19
.github/workflows/lint-helm.yml
vendored
@@ -1,4 +1,4 @@
|
||||
name: Lint and Test Charts
|
||||
name: Lint Helm Charts
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
@@ -8,7 +8,7 @@ on:
|
||||
|
||||
jobs:
|
||||
lint-helm:
|
||||
runs-on: ubuntu-22.04
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
@@ -20,16 +20,5 @@ jobs:
|
||||
with:
|
||||
version: v3.11.1
|
||||
|
||||
- name: Set up chart-testing
|
||||
uses: helm/chart-testing-action@v2.6.1
|
||||
|
||||
- name: Run chart-testing (lint)
|
||||
id: lint
|
||||
run: ct lint --target-branch ${{ github.event.repository.default_branch }} --debug --chart-dirs nextcloud-aio-helm-chart
|
||||
|
||||
- name: Create kind cluster
|
||||
uses: helm/kind-action@v1.9.0
|
||||
|
||||
- name: Run chart-testing (install)
|
||||
id: install
|
||||
run: ct install --target-branch ${{ github.event.repository.default_branch }} --debug --chart-dirs nextcloud-aio-helm-chart
|
||||
- name: Lint charts
|
||||
run: helm lint nextcloud-aio-helm-chart
|
||||
|
||||
8
.github/workflows/lint-php.yml
vendored
8
.github/workflows/lint-php.yml
vendored
@@ -33,10 +33,10 @@ jobs:
|
||||
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4 # v3.5.2
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
|
||||
- name: Set up php ${{ matrix.php-versions }}
|
||||
uses: shivammathur/setup-php@c5fc0d8281aba02c7fda07d3a70cc5371548067d # v2
|
||||
uses: shivammathur/setup-php@a4e22b60bbb9c1021113f2860347b0759f66fe5d # v2
|
||||
with:
|
||||
php-version: ${{ matrix.php-versions }}
|
||||
coverage: none
|
||||
@@ -47,10 +47,10 @@ jobs:
|
||||
- name: Lint
|
||||
run: cd php && composer run lint
|
||||
|
||||
php-lint-summary:
|
||||
summary:
|
||||
permissions:
|
||||
contents: none
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-latest-low
|
||||
needs: php-lint
|
||||
|
||||
if: always()
|
||||
|
||||
6
.github/workflows/psalm.yml
vendored
6
.github/workflows/psalm.yml
vendored
@@ -23,13 +23,13 @@ jobs:
|
||||
static-analysis:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
name: Nextcloud
|
||||
name: static-psalm-analysis
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4 # v3.5.2
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
|
||||
- name: Set up php
|
||||
uses: shivammathur/setup-php@c5fc0d8281aba02c7fda07d3a70cc5371548067d # v2
|
||||
uses: shivammathur/setup-php@a4e22b60bbb9c1021113f2860347b0759f66fe5d # v2
|
||||
with:
|
||||
php-version: 8.3
|
||||
extensions: apcu
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
# Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
|
||||
FROM clamav/clamav:1.3.0-41
|
||||
FROM clamav/clamav:1.3.0-44
|
||||
|
||||
COPY clamav.conf /tmp/clamav.conf
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
# From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
|
||||
FROM collabora/code:23.05.9.3.1
|
||||
FROM collabora/code:23.05.10.1.1
|
||||
|
||||
USER root
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
# Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
|
||||
FROM elasticsearch:8.12.2
|
||||
FROM elasticsearch:8.13.0
|
||||
|
||||
USER root
|
||||
|
||||
|
||||
@@ -1,12 +1,12 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
# Docker CLI is a requirement
|
||||
FROM docker:25.0.3-cli as docker
|
||||
FROM docker:25.0.5-cli as docker
|
||||
|
||||
# Caddy is a requirement
|
||||
FROM caddy:2.7.6-alpine as caddy
|
||||
|
||||
# From https://github.com/docker-library/php/blob/master/8.3/alpine3.19/fpm/Dockerfile
|
||||
FROM php:8.3.3-fpm-alpine3.19
|
||||
FROM php:8.3.4-fpm-alpine3.19
|
||||
|
||||
EXPOSE 80
|
||||
EXPOSE 8080
|
||||
|
||||
@@ -47,7 +47,7 @@ elif ! sudo -u www-data test -r /var/run/docker.sock; then
|
||||
echo "Trying to fix docker.sock permissions internally..."
|
||||
DOCKER_GROUP=$(stat -c '%G' /var/run/docker.sock)
|
||||
DOCKER_GROUP_ID=$(stat -c '%g' /var/run/docker.sock)
|
||||
# Check if a group with the same group id of /var/run/docker.socket already exists in the container
|
||||
# Check if a group with the same group name of /var/run/docker.socket already exists in the container
|
||||
if grep -q "^$DOCKER_GROUP:" /etc/group; then
|
||||
# If yes, add www-data to that group
|
||||
echo "Adding internal www-data to group $DOCKER_GROUP"
|
||||
@@ -344,6 +344,7 @@ fi
|
||||
print_green "Initial startup of Nextcloud All-in-One complete!
|
||||
You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
|
||||
E.g. https://internal.ip.of.this.server:8080
|
||||
⚠️ Important: do always use an ip-address if you access this port and not a domain as HSTS might block access to it later!
|
||||
|
||||
If your server has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:
|
||||
https://your-domain-that-points-to-this-server.tld:8443"
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
FROM php:8.2.16-fpm-alpine3.19
|
||||
FROM php:8.2.17-fpm-alpine3.19
|
||||
|
||||
ENV PHP_MEMORY_LIMIT 512M
|
||||
ENV PHP_UPLOAD_LIMIT 10G
|
||||
@@ -7,7 +7,7 @@ ENV PHP_MAX_TIME 3600
|
||||
ENV SOURCE_LOCATION /usr/src/nextcloud
|
||||
|
||||
# AIO settings start # Do not remove or change this line!
|
||||
ENV NEXTCLOUD_VERSION 28.0.3
|
||||
ENV NEXTCLOUD_VERSION 28.0.4
|
||||
ENV AIO_TOKEN 123456
|
||||
ENV AIO_URL localhost
|
||||
COPY supervisord.conf /supervisord.conf
|
||||
@@ -117,6 +117,14 @@ RUN set -ex; \
|
||||
echo 'max_input_time=${PHP_MAX_TIME}'; \
|
||||
} > /usr/local/etc/php/conf.d/nextcloud.ini; \
|
||||
\
|
||||
{ \
|
||||
echo 'session.save_handler = redis'; \
|
||||
echo 'session.save_path = "tcp://${REDIS_HOST}:6379?auth=${REDIS_HOST_PASSWORD}"'; \
|
||||
echo 'redis.session.locking_enabled = 1'; \
|
||||
echo 'redis.session.lock_retries = -1'; \
|
||||
echo 'redis.session.lock_wait_time = 10000'; \
|
||||
} > /usr/local/etc/php/conf.d/redis-session.ini; \
|
||||
\
|
||||
mkdir -p /var/www/data; \
|
||||
chown -R www-data:root /var/www; \
|
||||
chmod -R g=u /var/www; \
|
||||
|
||||
@@ -2,12 +2,12 @@
|
||||
$CONFIG = array (
|
||||
'apps_paths' => array (
|
||||
0 => array (
|
||||
'path' => OC::$SERVERROOT.'/apps',
|
||||
'path' => '/var/www/html/apps',
|
||||
'url' => '/apps',
|
||||
'writable' => false,
|
||||
),
|
||||
1 => array (
|
||||
'path' => OC::$SERVERROOT.'/custom_apps',
|
||||
'path' => '/var/www/html/custom_apps',
|
||||
'url' => '/custom_apps',
|
||||
'writable' => true,
|
||||
),
|
||||
|
||||
@@ -6,6 +6,7 @@ if (getenv('REDIS_HOST')) {
|
||||
'redis' => array(
|
||||
'host' => getenv('REDIS_HOST'),
|
||||
'password' => (string) getenv('REDIS_HOST_PASSWORD'),
|
||||
// 'dbindex' => (int) getenv('REDIS_DB_INDEX'),
|
||||
),
|
||||
);
|
||||
|
||||
|
||||
@@ -19,17 +19,6 @@ run_upgrade_if_needed_due_to_app_update() {
|
||||
fi
|
||||
}
|
||||
|
||||
echo "Configuring Redis as session handler..."
|
||||
cat << REDIS_CONF > /usr/local/etc/php/conf.d/redis-session.ini
|
||||
session.save_handler = redis
|
||||
session.save_path = "tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}"
|
||||
redis.session.locking_enabled = 1
|
||||
redis.session.lock_retries = -1
|
||||
# redis.session.lock_wait_time is specified in microseconds.
|
||||
# Wait 10ms before retrying the lock rather than the default 2ms.
|
||||
redis.session.lock_wait_time = 10000
|
||||
REDIS_CONF
|
||||
|
||||
# Check permissions in ncdata
|
||||
touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" &>/dev/null
|
||||
if ! [ -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" ]; then
|
||||
@@ -550,6 +539,11 @@ php /var/www/html/occ config:app:set notify_push base_endpoint --value="https://
|
||||
|
||||
# Collabora
|
||||
if [ "$COLLABORA_ENABLED" = 'yes' ]; then
|
||||
set -x
|
||||
if echo "$COLLABORA_HOST" | grep -q "nextcloud-.*-collabora"; then
|
||||
COLLABORA_HOST="$NC_DOMAIN"
|
||||
fi
|
||||
set +x
|
||||
if ! [ -d "/var/www/html/custom_apps/richdocuments" ]; then
|
||||
php /var/www/html/occ app:install richdocuments
|
||||
elif [ "$(php /var/www/html/occ config:app:get richdocuments enabled)" != "yes" ]; then
|
||||
@@ -557,10 +551,10 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
|
||||
elif [ "$SKIP_UPDATE" != 1 ]; then
|
||||
php /var/www/html/occ app:update richdocuments
|
||||
fi
|
||||
php /var/www/html/occ config:app:set richdocuments wopi_url --value="https://$NC_DOMAIN/"
|
||||
php /var/www/html/occ config:app:set richdocuments wopi_url --value="https://$COLLABORA_HOST/"
|
||||
# Make collabora more save
|
||||
COLLABORA_IPv4_ADDRESS="$(dig "$NC_DOMAIN" A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
|
||||
COLLABORA_IPv6_ADDRESS="$(dig "$NC_DOMAIN" AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
|
||||
COLLABORA_IPv4_ADDRESS="$(dig "$COLLABORA_HOST" A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
|
||||
COLLABORA_IPv6_ADDRESS="$(dig "$COLLABORA_HOST" AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
|
||||
COLLABORA_ALLOW_LIST="$(php /var/www/html/occ config:app:get richdocuments wopi_allowlist)"
|
||||
if [ -n "$COLLABORA_IPv4_ADDRESS" ]; then
|
||||
if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$COLLABORA_IPv4_ADDRESS"; then
|
||||
@@ -571,7 +565,7 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
|
||||
fi
|
||||
fi
|
||||
else
|
||||
echo "Warning: No ipv4-address found for $NC_DOMAIN."
|
||||
echo "Warning: No ipv4-address found for $COLLABORA_HOST."
|
||||
fi
|
||||
if [ -n "$COLLABORA_IPv6_ADDRESS" ]; then
|
||||
if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$COLLABORA_IPv6_ADDRESS"; then
|
||||
@@ -582,7 +576,7 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
|
||||
fi
|
||||
fi
|
||||
else
|
||||
echo "No ipv6-address found for $NC_DOMAIN."
|
||||
echo "No ipv6-address found for $COLLABORA_HOST."
|
||||
fi
|
||||
if [ -n "$COLLABORA_ALLOW_LIST" ]; then
|
||||
PRIVATE_IP_RANGES='127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1'
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
FROM nats:2.10.11-scratch as nats
|
||||
FROM nats:2.10.12-scratch as nats
|
||||
FROM eturnal/eturnal:1.12.0 AS eturnal
|
||||
FROM strukturag/nextcloud-spreed-signaling:1.2.3 as signaling
|
||||
FROM alpine:3.19.1 as janus
|
||||
|
||||
@@ -9,13 +9,13 @@ All containers that are in this directory are community maintained so the respon
|
||||
## How to use this?
|
||||
Before adding any additional container, make sure to create a backup via the AIO interface!
|
||||
|
||||
Afterwards, you might want to add additional community containers to the default AIO stack. You can do so by adding `--env AIO_COMMUNITY_CONTAINERS="container1 container2"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must match the folder names in this directory! ⚠️⚠️⚠️ Please review the folder for documentation on each of the containers before adding them! Not reviewing the documentation for each of them first might break starting the AIO containers because e.g. fail2ban only works on Linux and not on Docker Desktop!
|
||||
Afterwards, you might want to add additional community containers to the default AIO stack. You can do so by adding `--env AIO_COMMUNITY_CONTAINERS="container1 container2"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must match the folder names in this directory! ⚠️⚠️⚠️ Please review the folder for documentation on each of the containers before adding them! Not reviewing the documentation for each of them first might break starting the AIO containers because e.g. fail2ban only works on Linux and not on Docker Desktop! **Hint:** If the containers where running already, in order to actually start the added container, you need to click on `Stop containers` and the `Update and start containers` in order to actually start it.
|
||||
|
||||
## How to add containers?
|
||||
Simply submit a PR by creating a new folder in this directory: https://github.com/nextcloud/all-in-one/tree/main/community-containers with the name of your container. It must include a json file with the same name and with correct syntax and a readme.md with additional information. You might get inspired by caddy, fail2ban, local-ai, libretranslate, plex, pi-hole or vaultwarden (subfolders in this directory). For a full-blown example of the json file, see https://github.com/nextcloud/all-in-one/blob/main/php/containers.json. The json-schema that it validates against can be found here: https://github.com/nextcloud/all-in-one/blob/main/php/containers-schema.json.
|
||||
|
||||
### Is there a list of ideas for new community containers?
|
||||
Yes, see [this list](https://github.com/nextcloud/all-in-one/discussions/categories/ideas?discussions_q=is%3Aopen+category%3AIdeas+label%3A%22help+wanted%22) for already existing ideas for new community containers. Feel free to pick one up and add it to this folder by following the instructions above.
|
||||
Yes, see [this list](https://github.com/nextcloud/all-in-one/discussions/categories/ideas?discussions_q=is%3Aopen+category%3AIdeas+label%3A%22help+wanted%22+sort%3Atop) for already existing ideas for new community containers. Feel free to pick one up and add it to this folder by following the instructions above.
|
||||
|
||||
## How to remove containers from AIOs stack?
|
||||
In some cases, you might want to remove some community containers from the AIO stack again. Here is how to do this.
|
||||
|
||||
@@ -149,6 +149,7 @@ services:
|
||||
- REMOVE_DISABLED_APPS=${REMOVE_DISABLED_APPS}
|
||||
- APACHE_PORT=${APACHE_PORT}
|
||||
- APACHE_IP_BINDING=${APACHE_IP_BINDING}
|
||||
- IMAGINARY_SECRET=${IMAGINARY_SECRET}
|
||||
stop_grace_period: 600s
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
@@ -322,6 +323,7 @@ services:
|
||||
- "9000"
|
||||
environment:
|
||||
- TZ=${TIMEZONE}
|
||||
- IMAGINARY_SECRET=${IMAGINARY_SECRET}
|
||||
restart: unless-stopped
|
||||
cap_add:
|
||||
- SYS_NICE
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
DATABASE_PASSWORD= # TODO! This needs to be a unique and good password!
|
||||
FULLTEXTSEARCH_PASSWORD= # TODO! This needs to be a unique and good password!
|
||||
IMAGINARY_SECRET= # TODO! This needs to be a unique and good password!
|
||||
NC_DOMAIN=yourdomain.com # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
|
||||
NEXTCLOUD_PASSWORD= # TODO! This is the password of the initially created Nextcloud admin with username "admin".
|
||||
ONLYOFFICE_SECRET= # TODO! This needs to be a unique and good password!
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
name: nextcloud-aio-helm-chart
|
||||
description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
|
||||
version: 7.13.1
|
||||
version: 8.0.0-1
|
||||
apiVersion: v2
|
||||
keywords:
|
||||
- latest
|
||||
|
||||
@@ -26,7 +26,11 @@ spec:
|
||||
spec:
|
||||
initContainers:
|
||||
- name: init-volumes
|
||||
{{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
|
||||
{{- else }}
|
||||
image: alpine
|
||||
{{- end }}
|
||||
command:
|
||||
- chmod
|
||||
- "777"
|
||||
@@ -61,7 +65,7 @@ spec:
|
||||
value: nextcloud-aio-talk
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: nextcloud/aio-apache:20240308_092935-latest
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-apache:20240321_080708-latest"
|
||||
name: nextcloud-aio-apache
|
||||
ports:
|
||||
- containerPort: {{ .Values.APACHE_PORT }}
|
||||
|
||||
@@ -27,7 +27,11 @@ spec:
|
||||
spec:
|
||||
initContainers:
|
||||
- name: init-subpath
|
||||
{{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
|
||||
{{- else }}
|
||||
image: alpine
|
||||
{{- end }}
|
||||
command:
|
||||
- mkdir
|
||||
- "-p"
|
||||
@@ -37,7 +41,11 @@ spec:
|
||||
- name: nextcloud-aio-clamav
|
||||
mountPath: /nextcloud-aio-clamav
|
||||
- name: init-volumes
|
||||
{{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
|
||||
{{- else }}
|
||||
image: alpine
|
||||
{{- end }}
|
||||
command:
|
||||
- chown
|
||||
- 100:100
|
||||
@@ -52,7 +60,7 @@ spec:
|
||||
value: "90"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: nextcloud/aio-clamav:20240308_092935-latest
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-clamav:20240321_080708-latest"
|
||||
name: nextcloud-aio-clamav
|
||||
ports:
|
||||
- containerPort: 3310
|
||||
|
||||
@@ -37,7 +37,7 @@ spec:
|
||||
value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
|
||||
- name: server_name
|
||||
value: "{{ .Values.NC_DOMAIN }}"
|
||||
image: nextcloud/aio-collabora:20240308_092935-latest
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-collabora:20240321_080708-latest"
|
||||
name: nextcloud-aio-collabora
|
||||
ports:
|
||||
- containerPort: 9980
|
||||
|
||||
@@ -26,7 +26,11 @@ spec:
|
||||
spec:
|
||||
initContainers:
|
||||
- name: init-subpath
|
||||
{{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
|
||||
{{- else }}
|
||||
image: alpine
|
||||
{{- end }}
|
||||
command:
|
||||
- mkdir
|
||||
- "-p"
|
||||
@@ -39,7 +43,11 @@ spec:
|
||||
- name: nextcloud-aio-database
|
||||
mountPath: /nextcloud-aio-database
|
||||
- name: init-volumes
|
||||
{{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
|
||||
{{- else }}
|
||||
image: alpine
|
||||
{{- end }}
|
||||
command:
|
||||
- chown
|
||||
- 999:999
|
||||
@@ -63,7 +71,7 @@ spec:
|
||||
value: nextcloud
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: nextcloud/aio-postgresql:20240308_092935-latest
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-postgresql:20240321_080708-latest"
|
||||
name: nextcloud-aio-database
|
||||
ports:
|
||||
- containerPort: 5432
|
||||
|
||||
@@ -27,7 +27,11 @@ spec:
|
||||
spec:
|
||||
initContainers:
|
||||
- name: init-volumes
|
||||
{{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
|
||||
{{- else }}
|
||||
image: alpine
|
||||
{{- end }}
|
||||
command:
|
||||
- chmod
|
||||
- "777"
|
||||
@@ -57,7 +61,7 @@ spec:
|
||||
value: basic
|
||||
- name: xpack.security.enabled
|
||||
value: "false"
|
||||
image: nextcloud/aio-fulltextsearch:20240308_092935-latest
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-fulltextsearch:20240321_080708-latest"
|
||||
name: nextcloud-aio-fulltextsearch
|
||||
ports:
|
||||
- containerPort: 9200
|
||||
|
||||
@@ -25,9 +25,11 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- env:
|
||||
- name: IMAGINARY_SECRET
|
||||
value: "{{ .Values.IMAGINARY_SECRET }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: nextcloud/aio-imaginary:20240308_092935-latest
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-imaginary:20240321_080708-latest"
|
||||
name: nextcloud-aio-imaginary
|
||||
ports:
|
||||
- containerPort: 9000
|
||||
|
||||
@@ -26,7 +26,11 @@ spec:
|
||||
spec:
|
||||
initContainers:
|
||||
- name: "delete-lost-found"
|
||||
{{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
|
||||
{{- else }}
|
||||
image: alpine
|
||||
{{- end }}
|
||||
command:
|
||||
- rm
|
||||
- "-rf"
|
||||
@@ -37,7 +41,11 @@ spec:
|
||||
- name: nextcloud-aio-nextcloud
|
||||
mountPath: /nextcloud-aio-nextcloud
|
||||
- name: init-volumes
|
||||
{{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
|
||||
{{- else }}
|
||||
image: alpine
|
||||
{{- end }}
|
||||
command:
|
||||
- chmod
|
||||
- "777"
|
||||
@@ -104,6 +112,8 @@ spec:
|
||||
value: "{{ .Values.IMAGINARY_ENABLED }}"
|
||||
- name: IMAGINARY_HOST
|
||||
value: nextcloud-aio-imaginary
|
||||
- name: IMAGINARY_SECRET
|
||||
value: "{{ .Values.IMAGINARY_SECRET }}"
|
||||
- name: INSTALL_LATEST_MAJOR
|
||||
value: "{{ .Values.INSTALL_LATEST_MAJOR }}"
|
||||
- name: NC_DOMAIN
|
||||
@@ -160,7 +170,7 @@ spec:
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
- name: UPDATE_NEXTCLOUD_APPS
|
||||
value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
|
||||
image: nextcloud/aio-nextcloud:20240308_092935-latest
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-nextcloud:20240321_080708-latest"
|
||||
name: nextcloud-aio-nextcloud
|
||||
ports:
|
||||
- containerPort: 9000
|
||||
|
||||
@@ -26,7 +26,11 @@ spec:
|
||||
spec:
|
||||
initContainers:
|
||||
- name: init-volumes
|
||||
{{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
|
||||
{{- else }}
|
||||
image: alpine
|
||||
{{- end }}
|
||||
command:
|
||||
- chmod
|
||||
- "777"
|
||||
@@ -52,7 +56,7 @@ spec:
|
||||
value: nextcloud-aio-redis
|
||||
- name: REDIS_HOST_PASSWORD
|
||||
value: "{{ .Values.REDIS_PASSWORD }}"
|
||||
image: nextcloud/aio-notify-push:20240308_092935-latest
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-notify-push:20240321_080708-latest"
|
||||
name: nextcloud-aio-notify-push
|
||||
ports:
|
||||
- containerPort: 7867
|
||||
|
||||
@@ -27,7 +27,11 @@ spec:
|
||||
spec:
|
||||
initContainers:
|
||||
- name: init-volumes
|
||||
{{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
|
||||
{{- else }}
|
||||
image: alpine
|
||||
{{- end }}
|
||||
command:
|
||||
- chmod
|
||||
- "777"
|
||||
@@ -45,7 +49,7 @@ spec:
|
||||
value: "{{ .Values.ONLYOFFICE_SECRET }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: nextcloud/aio-onlyoffice:20240308_092935-latest
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-onlyoffice:20240321_080708-latest"
|
||||
name: nextcloud-aio-onlyoffice
|
||||
ports:
|
||||
- containerPort: 80
|
||||
|
||||
@@ -26,7 +26,11 @@ spec:
|
||||
spec:
|
||||
initContainers:
|
||||
- name: init-volumes
|
||||
{{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
|
||||
{{- else }}
|
||||
image: alpine
|
||||
{{- end }}
|
||||
command:
|
||||
- chmod
|
||||
- "777"
|
||||
@@ -40,7 +44,7 @@ spec:
|
||||
value: "{{ .Values.REDIS_PASSWORD }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: nextcloud/aio-redis:20240308_092935-latest
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-redis:20240321_080708-latest"
|
||||
name: nextcloud-aio-redis
|
||||
ports:
|
||||
- containerPort: 6379
|
||||
|
||||
@@ -37,7 +37,7 @@ spec:
|
||||
value: "{{ .Values.TURN_SECRET }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: nextcloud/aio-talk:20240308_092935-latest
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk:20240321_080708-latest"
|
||||
name: nextcloud-aio-talk
|
||||
ports:
|
||||
- containerPort: {{ .Values.TALK_PORT }}
|
||||
|
||||
@@ -33,7 +33,7 @@ spec:
|
||||
value: "{{ .Values.RECORDING_SECRET }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: nextcloud/aio-talk-recording:20240308_092935-latest
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk-recording:20240321_080708-latest"
|
||||
name: nextcloud-aio-talk-recording
|
||||
ports:
|
||||
- containerPort: 1234
|
||||
|
||||
@@ -59,7 +59,11 @@ find ./ -name '*networkpolicy.yaml' -exec sed -i "s|manual-install-nextcloud-aio
|
||||
cat << EOL > /tmp/initcontainers
|
||||
initContainers:
|
||||
- name: init-volumes
|
||||
{{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
|
||||
{{- else }}
|
||||
image: alpine
|
||||
{{- end }}
|
||||
command:
|
||||
- chmod
|
||||
- "777"
|
||||
@@ -68,14 +72,22 @@ EOL
|
||||
cat << EOL > /tmp/initcontainers.database
|
||||
initContainers:
|
||||
- name: init-subpath
|
||||
{{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
|
||||
{{- else }}
|
||||
image: alpine
|
||||
{{- end }}
|
||||
command:
|
||||
- mkdir
|
||||
- "-p"
|
||||
- /nextcloud-aio-database/data
|
||||
volumeMountsInitContainer:
|
||||
- name: init-volumes
|
||||
{{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
|
||||
{{- else }}
|
||||
image: alpine
|
||||
{{- end }}
|
||||
command:
|
||||
- chown
|
||||
- 999:999
|
||||
@@ -85,14 +97,22 @@ EOL
|
||||
cat << EOL > /tmp/initcontainers.clamav
|
||||
initContainers:
|
||||
- name: init-subpath
|
||||
{{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
|
||||
{{- else }}
|
||||
image: alpine
|
||||
{{- end }}
|
||||
command:
|
||||
- mkdir
|
||||
- "-p"
|
||||
- /nextcloud-aio-clamav/data
|
||||
volumeMountsInitContainer:
|
||||
- name: init-volumes
|
||||
{{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
|
||||
{{- else }}
|
||||
image: alpine
|
||||
{{- end }}
|
||||
command:
|
||||
- chown
|
||||
- 100:100
|
||||
@@ -102,14 +122,22 @@ EOL
|
||||
cat << EOL > /tmp/initcontainers.nextcloud
|
||||
initContainers:
|
||||
- name: "delete-lost-found"
|
||||
{{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
|
||||
{{- else }}
|
||||
image: alpine
|
||||
{{- end }}
|
||||
command:
|
||||
- rm
|
||||
- "-rf"
|
||||
- "/nextcloud-aio-nextcloud/lost+found"
|
||||
volumeMountsInitRmLostFound:
|
||||
- name: init-volumes
|
||||
{{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
|
||||
{{- else }}
|
||||
image: alpine
|
||||
{{- end }}
|
||||
command:
|
||||
- chmod
|
||||
- "777"
|
||||
@@ -272,6 +300,8 @@ EOL
|
||||
# shellcheck disable=SC1083
|
||||
find ./ -name '*apache-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional-apache.config" \{} \;
|
||||
|
||||
# shellcheck disable=SC1083
|
||||
find ./ -name '*deployment.yaml' -exec sed -i '/image: nextcloud/s/$/"/;s|image: nextcloud/|image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/|;' \{} \;
|
||||
|
||||
cd ../
|
||||
mkdir -p ../helm-chart/
|
||||
@@ -326,6 +356,10 @@ SMTP_NAME: # (empty by default): The username for the authentication.
|
||||
SMTP_PASSWORD: # (empty by default): The password for the authentication.
|
||||
MAIL_FROM_ADDRESS: # (not set by default): Set the local-part for the 'from' field in the emails sent by Nextcloud.
|
||||
MAIL_DOMAIN: # (not set by default): Set a different domain for the emails than the domain where Nextcloud is installed.
|
||||
|
||||
IMAGE_MIRROR_PREFIX: # Setting this allows you to pull Nextcloud images through a mirror registry.
|
||||
NEXTCLOUD_IMAGE_ORG: nextcloud # Setting this allows you to change the image's org name in case a different image needs to be used e.g. for compliance reasons.
|
||||
ALPINE_IMAGE_ORG: # Setting this allows you to change the image's org name in case a different image needs to be used e.g. for compliance reasons.
|
||||
ADDITIONAL_CONFIG
|
||||
|
||||
mv /tmp/sample.conf ../helm-chart/values.yaml
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
DATABASE_PASSWORD: # TODO! This needs to be a unique and good password!
|
||||
FULLTEXTSEARCH_PASSWORD: # TODO! This needs to be a unique and good password!
|
||||
IMAGINARY_SECRET: # TODO! This needs to be a unique and good password!
|
||||
NC_DOMAIN: yourdomain.com # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
|
||||
NEXTCLOUD_PASSWORD: # TODO! This is the password of the initially created Nextcloud admin with username admin.
|
||||
ONLYOFFICE_SECRET: # TODO! This needs to be a unique and good password!
|
||||
@@ -60,3 +61,7 @@ SMTP_NAME: # (empty by default): The username for the authentication.
|
||||
SMTP_PASSWORD: # (empty by default): The password for the authentication.
|
||||
MAIL_FROM_ADDRESS: # (not set by default): Set the local-part for the 'from' field in the emails sent by Nextcloud.
|
||||
MAIL_DOMAIN: # (not set by default): Set a different domain for the emails than the domain where Nextcloud is installed.
|
||||
|
||||
IMAGE_MIRROR_PREFIX: # Setting this allows you to pull Nextcloud images through a mirror registry.
|
||||
NEXTCLOUD_IMAGE_ORG: nextcloud # Setting this allows you to change the image's org name in case a different image needs to be used e.g. for compliance reasons.
|
||||
ALPINE_IMAGE_ORG: # Setting this allows you to change the image's org name in case a different image needs to be used e.g. for compliance reasons.
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<files psalm-version="5.22.2@d768d914152dbbf3486c36398802f74e80cfde48"/>
|
||||
<files psalm-version="5.23.1@8471a896ccea3526b26d082f4461eeea467f10a4"/>
|
||||
|
||||
@@ -742,7 +742,7 @@ class ConfigurationManager
|
||||
// Trim all unwanted chars on both sites
|
||||
$entry = trim($entry);
|
||||
if ($entry !== "") {
|
||||
if (!preg_match("#^/[.0-1a-zA-Z/_-]+$#", $entry) && !preg_match("#^[.0-1a-zA-Z_-]+$#", $entry)) {
|
||||
if (!preg_match("#^/[.0-9a-zA-Z/_-]+$#", $entry) && !preg_match("#^[.0-9a-zA-Z_-]+$#", $entry)) {
|
||||
throw new InvalidSettingConfigurationException("You entered unallowed characters! Problematic is " . $entry);
|
||||
}
|
||||
$validDirectories .= rtrim($entry, '/') . PHP_EOL;
|
||||
|
||||
@@ -879,7 +879,7 @@ class DockerActionManager
|
||||
} catch (RequestException $e) {
|
||||
// 409 is undocumented and gets thrown if the network already exists.
|
||||
if ($e->getCode() !== 409) {
|
||||
throw $e;
|
||||
throw new \Exception("Could not create the nextcloud-aio network: " . $e->getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -16,7 +16,7 @@
|
||||
</header>
|
||||
|
||||
<div class="content">
|
||||
<h1>Nextcloud AIO v8.0.0</h1>
|
||||
<h1>Nextcloud AIO v8.1.0</h1>
|
||||
|
||||
{# Add 2nd tab warning #}
|
||||
<script type="text/javascript" src="second-tab-warning.js"></script>
|
||||
@@ -153,7 +153,7 @@
|
||||
<input class="button" type="submit" value="Check backup integrity"/><br/>
|
||||
</form>
|
||||
{% endif %}
|
||||
Choose the backup that you want to restore and click on the button below to restore the selected backup. This will restore the whole AIO instance from backup. Please not that the current AIO password will be kept and the AIO password not restored from backup!<br><br>
|
||||
Choose the backup that you want to restore and click on the button below to restore the selected backup. This will restore the whole AIO instance from backup. Please note that the current AIO password will be kept and the previous AIO password will not be restored from backup!<br><br>
|
||||
<form method="POST" action="/api/docker/restore" class="xhr" id="restore_selection">
|
||||
<input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
|
||||
<input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
|
||||
@@ -494,7 +494,7 @@
|
||||
<input type="hidden" name="delete_daily_backup_time" value="yes"/>
|
||||
<input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
|
||||
<input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
|
||||
<input class="button" type="submit" value="Disable daily backups" />
|
||||
<input class="button" type="submit" value="Disable or change daily backups" />
|
||||
</form>
|
||||
{% endif %}
|
||||
|
||||
|
||||
@@ -119,7 +119,8 @@ The following instructions are meant for installations without a web server or r
|
||||
Note: You may be interested in adjusting Nextcloud’s datadir to store the files in a different location than the default docker volume. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it.
|
||||
|
||||
3. After the initial startup, you should be able to open the Nextcloud AIO Interface now on port 8080 of this server.<br>
|
||||
E.g. `https://ip.address.of.this.server:8080`<br><br>
|
||||
E.g. `https://ip.address.of.this.server:8080`<br>
|
||||
⚠️ **Important:** do always use an ip-address if you access this port and not a domain as HSTS might block access to it later! (It is also expected that this port uses a self-signed certificate due to security concerns which you need to accept in your browser)<br><br>
|
||||
If your firewall/router has port 80 and 8443 open/forwarded and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:<br>
|
||||
`https://your-domain-that-points-to-this-server.tld:8443`
|
||||
4. Please do not forget to open port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container!
|
||||
@@ -143,7 +144,7 @@ Only those (if you access the Mastercontainer Interface internally via port 8080
|
||||
- `3478/TCP` and `3478/UDP` for the Talk container
|
||||
|
||||
### Explanation of used ports:
|
||||
- `8080/TCP`: Mastercontainer Interface with self-signed certificate (works always, also if only access via IP-address is possible, e.g. `https://ip.address.of.this.server:8080/`)
|
||||
- `8080/TCP`: Mastercontainer Interface with self-signed certificate (works always, also if only access via IP-address is possible, e.g. `https://ip.address.of.this.server:8080/`) ⚠️ **Important:** do always use an ip-address if you access this port and not a domain as HSTS might block access to it later! (It is also expected that this port uses a self-signed certificate due to security concerns which you need to accept in your browser)
|
||||
- `80/TCP`: redirects to Nextcloud (is used for getting the certificate via ACME http-challenge for the Mastercontainer)
|
||||
- `8443/TCP`: Mastercontainer Interface with valid certificate (only works if port 80 and 8443 are open/forwarded in your firewall/router and you point a domain to your server. It generates a valid certificate then automatically and access via e.g. `https://public.domain.com:8443/` is possible.)
|
||||
- `443/TCP`: will be used by the Apache container later on and needs to be open/forwarded in your firewall/router
|
||||
@@ -386,6 +387,7 @@ Not directly but you have multiple options to achieve this:
|
||||
- Mount a network FS like SSHFS, SMB or NFS in the directory that you enter in AIO as backup directory
|
||||
- Use rsync or rclone for syncing the borg backup archive that AIO creates locally to a remote target (make sure to lock the backup archive correctly before starting the sync; search for "aio-lockfile"; you can find a local example script here: https://github.com/nextcloud/all-in-one#sync-the-backup-regularly-to-another-drive)
|
||||
- You can find a well written guide that uses rclone and e.g. BorgBase for remote backups here: https://github.com/nextcloud/all-in-one/discussions/2247
|
||||
- Here is another one that utilizes borgmatic and BorgBase for remote backups: https://github.com/nextcloud/all-in-one/discussions/4391
|
||||
- create your own backup solution using a script and borg, borgmatic or any other to backup tool for backing up to a remote target (make sure to stop and start the AIO containers correctly following https://github.com/nextcloud/all-in-one#how-to-enable-automatic-updates-without-creating-a-backup-beforehand)
|
||||
|
||||
---
|
||||
|
||||
@@ -699,7 +699,9 @@ Simply translate the docker run command into a docker-compose file. You can have
|
||||
Use this environment variable during the initial startup of the mastercontainer to make the apache container only listen on localhost: `--env APACHE_IP_BINDING=127.0.0.1`. **Attention:** This is only recommended to be set if you use `localhost` in your reverse proxy config to connect to your AIO instance. If you use an ip-address instead of localhost, you should set it to `0.0.0.0`.
|
||||
|
||||
## 4. Open the AIO interface.
|
||||
After starting AIO, you should be able to access the AIO Interface via `https://ip.address.of.the.host:8080`. Enter your domain that you've entered in the reverse proxy config and you should be done. Please do not forget to open/forward port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container!
|
||||
After starting AIO, you should be able to access the AIO Interface via `https://ip.address.of.the.host:8080`.<br>
|
||||
⚠️ **Important:** do always use an ip-address if you access this port and not a domain as HSTS might block access to it later! (It is also expected that this port uses a self-signed certificate due to security concerns which you need to accept in your browser)<br>
|
||||
Enter your domain in the AIO interface that you've used in the reverse proxy config and you should be done. Please do not forget to open/forward port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container!
|
||||
|
||||
## 5. Optional: get a valid certificate for the AIO interface
|
||||
|
||||
|
||||
Reference in New Issue
Block a user