mirror of
https://github.com/nextcloud/all-in-one.git
synced 2026-05-21 10:50:10 +00:00
Compare commits
13 Commits
v8.1.0
...
helm-chart
| Author | SHA1 | Date | |
|---|---|---|---|
|
638155759a | ||
|
|
9a4e7e6abd | ||
|
|
e433bc27fe | ||
|
|
c452c39181 | ||
|
|
1a2299260b | ||
|
|
bbf826659d | ||
|
|
6530c5afc3 | ||
|
|
6f8b06294e | ||
|
|
1bfedfa82d | ||
|
|
913394073b | ||
|
|
fc0fde93b5 | ||
|
|
9736a77f10 | ||
|
|
5b44bb5964 |
@@ -56,6 +56,10 @@ TURN_CONF
|
||||
# Remove empty lines so that the config is not invalid
|
||||
sed -i '/""/d' /conf/eturnal.yml
|
||||
|
||||
if [ -z "$TALK_MAX_STREAM_BITRATE" ]; then
|
||||
TALK_MAX_STREAM_BITRATE=1048576
|
||||
fi
|
||||
|
||||
# Signling
|
||||
cat << SIGNALING_CONF > "/conf/signaling.conf"
|
||||
[http]
|
||||
@@ -80,6 +84,7 @@ connectionsperhost = 8
|
||||
[backend-1]
|
||||
url = https://${NC_DOMAIN}
|
||||
secret = ${SIGNALING_SECRET}
|
||||
maxstreambitrate = ${TALK_MAX_STREAM_BITRATE}
|
||||
|
||||
[nats]
|
||||
url = nats://127.0.0.1:4222
|
||||
@@ -87,6 +92,7 @@ url = nats://127.0.0.1:4222
|
||||
[mcu]
|
||||
type = janus
|
||||
url = ws://127.0.0.1:8188
|
||||
maxstreambitrate = ${TALK_MAX_STREAM_BITRATE}
|
||||
SIGNALING_CONF
|
||||
|
||||
exec "$@"
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
## Caddy with geoblocking
|
||||
This container bundles caddy and auto-configures it for you. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden by listening on `bw.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart by listening on `mail.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin by listening on `media.$NC_DOMAIN`, if installed.
|
||||
This container bundles caddy and auto-configures it for you. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden by listening on `bw.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart by listening on `mail.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin by listening on `media.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap by listening on `ldap.$NC_DOMAIN`, if installed.
|
||||
|
||||
### Notes
|
||||
- This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
|
||||
|
||||
@@ -4,6 +4,7 @@ This container bundles fail2ban and auto-configures it for you in order to block
|
||||
### Notes
|
||||
- This is not working on Docker Desktop since it needs `network_mode: host` in order to work correctly.
|
||||
- If you get an error like `"ip6tables v1.8.9 (legacy): can't initialize ip6tables table filter': Table does not exist (do you need to insmod?)"`, you need to enable ip6tables on your host via `sudo modprobe ip6table_filter`.
|
||||
- If you get an error like `stderr: 'iptables: No chain/target/match by that name.'` and `stderr: 'ip6tables: No chain/target/match by that name.'`, you need to follow https://github.com/szaimen/aio-fail2ban/issues/9#issuecomment-2026898790 in order to resolve this.
|
||||
- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
|
||||
|
||||
### Repository
|
||||
|
||||
@@ -5,8 +5,10 @@ This container bundles Jellyfin and auto-configures it for you.
|
||||
- This container is incompatible with the [Plex](https://github.com/nextcloud/all-in-one/tree/main/community-containers/plex) community container. So make sure that you do not enable both at the same time!
|
||||
- This container does not work on Docker Desktop since it needs `network_mode: host` in order to work correctly.
|
||||
- After adding and starting the container, you can directly visit http://ip.address.of.server:8096/ and access your new Jellyfin instance!
|
||||
- This container should usually only be run in home networks as it exposes unencrypted services like DLNA by default which can be disabld via the web interface though.
|
||||
- In order to access your Jellyfin outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) and [Jellyfin's networking documentation](https://jellyfin.org/docs/general/networking/#running-jellyfin-behind-a-reverse-proxy), OR use the [Caddy](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy) community container that will automatically configure `media.$NC_DOMAIN` to redirect to your Jellyfin.
|
||||
- ⚠️ After the initial start, Jellyfin shows a configuration page to set up the root password, etc. **Be careful to initialize your Jellyfin before adding the DNS record.**
|
||||
- If you have a firewall like ufw configured, you might need to open all Jellyfin ports in there first in order to make it work. Especially port 8096 is important!
|
||||
- The data of Jellyfin will be automatically included in AIO's backup solution!
|
||||
- See [here](https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers) how to add it to the AIO stack.
|
||||
|
||||
|
||||
46
community-containers/lldap/lldap.json
Normal file
46
community-containers/lldap/lldap.json
Normal file
@@ -0,0 +1,46 @@
|
||||
{
|
||||
"aio_services_v1": [
|
||||
{
|
||||
"container_name": "nextcloud-aio-lldap",
|
||||
"display_name": "Light LDAP implementation",
|
||||
"documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap",
|
||||
"image": "lldap/lldap",
|
||||
"image_tag": "v0-alpine",
|
||||
"internal_port": "17170",
|
||||
"restart": "unless-stopped",
|
||||
"ports": [
|
||||
{
|
||||
"ip_binding": "%APACHE_IP_BINDING%",
|
||||
"port_number": "17170",
|
||||
"protocol": "tcp"
|
||||
}
|
||||
],
|
||||
"environment": [
|
||||
"TZ=%TIMEZONE%",
|
||||
"UID=65534",
|
||||
"GID=65534",
|
||||
"LLDAP_JWT_SECRET=%LLDAP_JWT_SECRET%",
|
||||
"LLDAP_LDAP_USER_PASS=%LLDAP_LDAP_USER_PASS%",
|
||||
"LLDAP_LDAP_BASE_DN=%NC_BASE_DN%"
|
||||
],
|
||||
"secrets": [
|
||||
"LLDAP_JWT_SECRET",
|
||||
"LLDAP_LDAP_USER_PASS"
|
||||
],
|
||||
"volumes": [
|
||||
{
|
||||
"source": "nextcloud_aio_lldap",
|
||||
"destination": "/data",
|
||||
"writeable": true
|
||||
}
|
||||
],
|
||||
"backup_volumes": [
|
||||
"nextcloud_aio_lldap"
|
||||
],
|
||||
"nextcloud_exec_commands": [
|
||||
"php /var/www/html/occ app:install user_ldap",
|
||||
"php /var/www/html/occ app:enable user_ldap"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
70
community-containers/lldap/readme.md
Normal file
70
community-containers/lldap/readme.md
Normal file
@@ -0,0 +1,70 @@
|
||||
## Light LDAP server
|
||||
This container bundles LLDAP server and auto-configures your nextcloud instance for you.
|
||||
|
||||
### Notes
|
||||
- In order to access your LLDAP web interface outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) OR use the [Caddy](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy) community container that will automatically configure `ldap.$NC_DOMAIN` to redirect to your Lldap. You need to point the reverse proxy at port 17170 of this server.
|
||||
- After adding and starting the container, you can log in to the lldap web interface by using the password that you can retrieve via `sudo docker inspect nextcloud-aio-lldap | grep LLDAP_JWT_SECRET`.
|
||||
- Also, you need to run the following script one time in order to activate the ldap config in nextcloud so that Nextcloud uses lldap as user backend. You can see a [nextcloud example configuration provide by LLDAP](https://github.com/lldap/lldap/blob/main/example_configs/nextcloud.md)<br>
|
||||
First, you need to retrieve the LLDAP admin password via `sudo docker inspect nextcloud-aio-lldap | grep LLDAP_LDAP_USER_PASS`. This will be used later on which you need to type in or copy and paste.
|
||||
```bash
|
||||
# Now go into the container
|
||||
sudo docker exec --user www-data -it nextcloud-aio-nextcloud bash
|
||||
```
|
||||
Now inside the container:
|
||||
```bash
|
||||
# Get Base
|
||||
BASE_DN="dc=${NC_DOMAIN//./,dc=}"
|
||||
|
||||
# Create a new empty ldap config
|
||||
CONF_NAME=$(php /var/www/html/occ ldap:create-empty-config -p)
|
||||
|
||||
# Set the ldap password
|
||||
php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapAgentPassword "<your-password>"
|
||||
|
||||
# Set the ldap config
|
||||
php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapAgentName "uid=ro_admin,ou=people,$BASE_DN"
|
||||
php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapBase "$BASE_DN"
|
||||
php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapBaseGroups "$BASE_DN"
|
||||
php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapBaseUsers "$BASE_DN"
|
||||
php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapCacheTTL 600
|
||||
php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapConfigurationActive 1
|
||||
php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapEmailAttribute "mail"
|
||||
php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapExperiencedAdmin 0
|
||||
php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGidNumber "gidNumber"
|
||||
php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGroupDisplayName "cn"
|
||||
php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGroupFilter "(&(objectclass=groupOfUniqueNames))"
|
||||
php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGroupFilterGroups ""
|
||||
php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGroupFilterMode 0
|
||||
php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGroupFilterObjectclass "groupOfUniqueNames"
|
||||
php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGroupMemberAssocAttr "uniqueMember"
|
||||
php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapHost "nextcloud-aio-lldap"
|
||||
php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapLoginFilterAttributes "uid"
|
||||
php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapLoginFilterEmail 0
|
||||
php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapLoginFilterUsername 1
|
||||
php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapMatchingRuleInChainState "unknown"
|
||||
php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapNestedGroups 0
|
||||
php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapPagingSize 500
|
||||
php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapPort 3890
|
||||
php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapTLS 0
|
||||
php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUserAvatarRule "default"
|
||||
php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUserDisplayName "displayname"
|
||||
php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUserFilter "(&(objectClass=person)(uid=%uid))"
|
||||
php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUserFilterMode 1
|
||||
php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUserFilterObjectclass "person"
|
||||
php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUuidGroupAttribute "auto"
|
||||
php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUuidUserAttribute "auto"
|
||||
php /var/www/html/occ ldap:set-config "$CONF_NAME" turnOnPasswordChange 0
|
||||
|
||||
# Test the ldap config
|
||||
php /var/www/html/occ ldap:test-config "$NAME"
|
||||
|
||||
# Exit the container shell
|
||||
exit
|
||||
```
|
||||
- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
|
||||
|
||||
### Repository
|
||||
https://github.com/lldap/lldap
|
||||
|
||||
### Maintainer
|
||||
https://github.com/docjyj
|
||||
@@ -5,6 +5,7 @@ This container bundles Plex and auto-configures it for you.
|
||||
- This container is incompatible with the [Jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) community container. So make sure that you do not enable both at the same time!
|
||||
- This is not working on arm64 since Plex does only provide x64 docker images.
|
||||
- This is not working on Docker Desktop since it needs `network_mode: host` in order to work correctly.
|
||||
- This container should usually only be run in home networks as it exposes unencrypted services like DLNA by default which can be disabld via the web interface though.
|
||||
- If you have a firewall like ufw configured, you might need to open all Plex ports in there first in order to make it work. Especially port 32400 is important!
|
||||
- After adding and starting the container, you need to visit http://ip.address.of.server:32400/manage in order to claim your server with a plex account
|
||||
- The data of Plex will be automatically included in AIOs backup solution!
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
name: nextcloud-aio-helm-chart
|
||||
description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
|
||||
version: 8.0.0-1
|
||||
version: 8.2.0-dev
|
||||
apiVersion: v2
|
||||
keywords:
|
||||
- latest
|
||||
|
||||
@@ -65,7 +65,7 @@ spec:
|
||||
value: nextcloud-aio-talk
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-apache:20240321_080708-latest"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-apache:20240404_082330-latest"
|
||||
name: nextcloud-aio-apache
|
||||
ports:
|
||||
- containerPort: {{ .Values.APACHE_PORT }}
|
||||
|
||||
@@ -60,7 +60,7 @@ spec:
|
||||
value: "90"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-clamav:20240321_080708-latest"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-clamav:20240404_082330-latest"
|
||||
name: nextcloud-aio-clamav
|
||||
ports:
|
||||
- containerPort: 3310
|
||||
|
||||
@@ -37,7 +37,7 @@ spec:
|
||||
value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
|
||||
- name: server_name
|
||||
value: "{{ .Values.NC_DOMAIN }}"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-collabora:20240321_080708-latest"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-collabora:20240404_082330-latest"
|
||||
name: nextcloud-aio-collabora
|
||||
ports:
|
||||
- containerPort: 9980
|
||||
|
||||
@@ -71,7 +71,7 @@ spec:
|
||||
value: nextcloud
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-postgresql:20240321_080708-latest"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-postgresql:20240404_082330-latest"
|
||||
name: nextcloud-aio-database
|
||||
ports:
|
||||
- containerPort: 5432
|
||||
|
||||
@@ -61,7 +61,7 @@ spec:
|
||||
value: basic
|
||||
- name: xpack.security.enabled
|
||||
value: "false"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-fulltextsearch:20240321_080708-latest"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-fulltextsearch:20240404_082330-latest"
|
||||
name: nextcloud-aio-fulltextsearch
|
||||
ports:
|
||||
- containerPort: 9200
|
||||
|
||||
@@ -29,7 +29,7 @@ spec:
|
||||
value: "{{ .Values.IMAGINARY_SECRET }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-imaginary:20240321_080708-latest"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-imaginary:20240404_082330-latest"
|
||||
name: nextcloud-aio-imaginary
|
||||
ports:
|
||||
- containerPort: 9000
|
||||
|
||||
@@ -170,7 +170,7 @@ spec:
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
- name: UPDATE_NEXTCLOUD_APPS
|
||||
value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-nextcloud:20240321_080708-latest"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-nextcloud:20240404_082330-latest"
|
||||
name: nextcloud-aio-nextcloud
|
||||
ports:
|
||||
- containerPort: 9000
|
||||
|
||||
@@ -56,7 +56,7 @@ spec:
|
||||
value: nextcloud-aio-redis
|
||||
- name: REDIS_HOST_PASSWORD
|
||||
value: "{{ .Values.REDIS_PASSWORD }}"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-notify-push:20240321_080708-latest"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-notify-push:20240404_082330-latest"
|
||||
name: nextcloud-aio-notify-push
|
||||
ports:
|
||||
- containerPort: 7867
|
||||
|
||||
@@ -49,7 +49,7 @@ spec:
|
||||
value: "{{ .Values.ONLYOFFICE_SECRET }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-onlyoffice:20240321_080708-latest"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-onlyoffice:20240404_082330-latest"
|
||||
name: nextcloud-aio-onlyoffice
|
||||
ports:
|
||||
- containerPort: 80
|
||||
|
||||
@@ -44,7 +44,7 @@ spec:
|
||||
value: "{{ .Values.REDIS_PASSWORD }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-redis:20240321_080708-latest"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-redis:20240404_082330-latest"
|
||||
name: nextcloud-aio-redis
|
||||
ports:
|
||||
- containerPort: 6379
|
||||
|
||||
@@ -25,6 +25,8 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- env:
|
||||
- name: TALK_MAX_STREAM_BITRATE
|
||||
value: "{{ .Values.TALK_MAX_STREAM_BITRATE }}"
|
||||
- name: INTERNAL_SECRET
|
||||
value: "{{ .Values.TALK_INTERNAL_SECRET }}"
|
||||
- name: NC_DOMAIN
|
||||
@@ -37,7 +39,8 @@ spec:
|
||||
value: "{{ .Values.TURN_SECRET }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk:20240321_080708-latest"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk:develop"
|
||||
imagePullPolicy: Always
|
||||
name: nextcloud-aio-talk
|
||||
ports:
|
||||
- containerPort: {{ .Values.TALK_PORT }}
|
||||
|
||||
@@ -33,7 +33,7 @@ spec:
|
||||
value: "{{ .Values.RECORDING_SECRET }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk-recording:20240321_080708-latest"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk-recording:20240404_082330-latest"
|
||||
name: nextcloud-aio-talk-recording
|
||||
ports:
|
||||
- containerPort: 1234
|
||||
|
||||
@@ -300,6 +300,14 @@ EOL
|
||||
# shellcheck disable=SC1083
|
||||
find ./ -name '*apache-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional-apache.config" \{} \;
|
||||
|
||||
# Additional config
|
||||
cat << EOL > /tmp/additional-talk.config
|
||||
- name: TALK_MAX_STREAM_BITRATE
|
||||
value: "{{ .Values.TALK_MAX_STREAM_BITRATE }}"
|
||||
EOL
|
||||
# shellcheck disable=SC1083
|
||||
find ./ -name '*talk-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional-talk.config" \{} \;
|
||||
|
||||
# shellcheck disable=SC1083
|
||||
find ./ -name '*deployment.yaml' -exec sed -i '/image: nextcloud/s/$/"/;s|image: nextcloud/|image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/|;' \{} \;
|
||||
|
||||
@@ -356,6 +364,7 @@ SMTP_NAME: # (empty by default): The username for the authentication.
|
||||
SMTP_PASSWORD: # (empty by default): The password for the authentication.
|
||||
MAIL_FROM_ADDRESS: # (not set by default): Set the local-part for the 'from' field in the emails sent by Nextcloud.
|
||||
MAIL_DOMAIN: # (not set by default): Set a different domain for the emails than the domain where Nextcloud is installed.
|
||||
TALK_MAX_STREAM_BITRATE: "1048576" # This allows to adjust the max stream bitrate of the talk hpb
|
||||
|
||||
IMAGE_MIRROR_PREFIX: # Setting this allows you to pull Nextcloud images through a mirror registry.
|
||||
NEXTCLOUD_IMAGE_ORG: nextcloud # Setting this allows you to change the image's org name in case a different image needs to be used e.g. for compliance reasons.
|
||||
|
||||
@@ -61,6 +61,7 @@ SMTP_NAME: # (empty by default): The username for the authentication.
|
||||
SMTP_PASSWORD: # (empty by default): The password for the authentication.
|
||||
MAIL_FROM_ADDRESS: # (not set by default): Set the local-part for the 'from' field in the emails sent by Nextcloud.
|
||||
MAIL_DOMAIN: # (not set by default): Set a different domain for the emails than the domain where Nextcloud is installed.
|
||||
TALK_MAX_STREAM_BITRATE: "1048576" # This allows to adjust the max stream bitrate of the talk hpb
|
||||
|
||||
IMAGE_MIRROR_PREFIX: # Setting this allows you to pull Nextcloud images through a mirror registry.
|
||||
NEXTCLOUD_IMAGE_ORG: nextcloud # Setting this allows you to change the image's org name in case a different image needs to be used e.g. for compliance reasons.
|
||||
|
||||
@@ -386,6 +386,14 @@ class ConfigurationManager
|
||||
return $config['domain'];
|
||||
}
|
||||
|
||||
public function GetBaseDN() : string {
|
||||
$domain = $this->GetDomain();
|
||||
if ($domain === "") {
|
||||
return "";
|
||||
}
|
||||
return 'dc=' . implode(',dc=', explode('.', $domain));
|
||||
}
|
||||
|
||||
public function GetBackupMode() : string {
|
||||
$config = $this->GetConfig();
|
||||
if(!isset($config['backup-mode'])) {
|
||||
|
||||
@@ -283,6 +283,8 @@ class DockerActionManager
|
||||
|
||||
if($out[1] === 'NC_DOMAIN') {
|
||||
$replacements[1] = $this->configurationManager->GetDomain();
|
||||
} elseif($out[1] === 'NC_BASE_DN') {
|
||||
$replacements[1] = $this->configurationManager->GetBaseDN();
|
||||
} elseif ($out[1] === 'AIO_TOKEN') {
|
||||
$replacements[1] = $this->configurationManager->GetToken();
|
||||
} elseif ($out[1] === 'BORGBACKUP_MODE') {
|
||||
|
||||
@@ -709,7 +709,7 @@ All users see a set of [default files and folders](https://docs.nextcloud.com/se
|
||||
You can configure your server to block certain ip-addresses using fail2ban as bruteforce protection. Here is how to set it up: https://docs.nextcloud.com/server/stable/admin_manual/installation/harden_server.html#setup-fail2ban. The logpath of AIO is by default `/var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/data/nextcloud.log`. Do not forget to add `chain=DOCKER-USER` to your nextcloud jail config (`nextcloud.local`) otherwise the nextcloud service running on docker will still be accessible even if the IP is banned. Also, you may change the blocked ports to cover all AIO ports: by default `80,443,8080,8443,3478` (see [this](https://github.com/nextcloud/all-in-one#explanation-of-used-ports)). Apart from that there is now a community container that can be added to the AIO stack: https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban
|
||||
|
||||
### LDAP
|
||||
It is possible to connect to an existing LDAP server. You need to make sure that the LDAP server is reachable from the Nextcloud container. Then you can enable the LDAP app and configure LDAP in Nextcloud manually. If you don't have a LDAP server yet, recommended is to use this docker container: https://hub.docker.com/r/nitnelave/lldap. Make sure here as well that Nextcloud can talk to the LDAP server. The easiest way is by adding the LDAP docker container to the docker network `nextcloud-aio`. Then you can connect to the LDAP container by its name from the Nextcloud container. Apart from that there is now a way for the community to add containers: https://github.com/nextcloud/all-in-one/discussions/406#discussioncomment-7133555
|
||||
It is possible to connect to an existing LDAP server. You need to make sure that the LDAP server is reachable from the Nextcloud container. Then you can enable the LDAP app and configure LDAP in Nextcloud manually. If you don't have a LDAP server yet, recommended is to use this docker container: https://hub.docker.com/r/nitnelave/lldap. Make sure here as well that Nextcloud can talk to the LDAP server. The easiest way is by adding the LDAP docker container to the docker network `nextcloud-aio`. Then you can connect to the LDAP container by its name from the Nextcloud container. There is now a community container which allows to easily add LLDAP to AIO: https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap
|
||||
|
||||
### Netdata
|
||||
Netdata allows you to monitor your server using a GUI. You can install it by following https://learn.netdata.cloud/docs/agent/packaging/docker#create-a-new-netdata-agent-container. Apart from that there is now a way for the community to add containers: https://github.com/nextcloud/all-in-one/discussions/392#discussioncomment-7133563
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
# Reverse Proxy Documentation
|
||||
|
||||
**Note:** The maintainers of AIO noticed that this documentation is not easy. All contributions that improve this are very welcome!
|
||||
|
||||
A [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) is basically a web server that enables computers on the internet to access a service in a [private subnet](https://en.wikipedia.org/wiki/Private_network).
|
||||
|
||||
**Please note:** Publishing the AIO interface with a valid certificate to the public internet is **not** the goal of this documentation! Instead, the main goal is to publish Nextcloud with a valid certificate to the public internet which is **not** running inside the mastercontainer but in a different container! If you need a valid certificate for the AIO interface, see [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface).
|
||||
@@ -102,6 +104,10 @@ Add this as a new Apache site config:
|
||||
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
|
||||
SSLHonorCipherOrder off
|
||||
SSLSessionTickets off
|
||||
|
||||
# If running apache on a subdomain (eg. nextcloud.example.com) of a domain that already has an wildcard ssl certificate from certbot on this machine,
|
||||
# the <your-nc-domain> in the below lines should be replaced with just the domain (eg. example.com), not the subdomain.
|
||||
# In this case the subdomain should already be secured without additional actions
|
||||
SSLCertificateFile /etc/letsencrypt/live/<your-nc-domain>/fullchain.pem
|
||||
SSLCertificateKeyFile /etc/letsencrypt/live/<your-nc-domain>/privkey.pem
|
||||
|
||||
@@ -357,6 +363,9 @@ server {
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
}
|
||||
|
||||
# If running nginx on a subdomain (eg. nextcloud.example.com) of a domain that already has an wildcard ssl certificate from certbot on this machine,
|
||||
# the <your-nc-domain> in the below lines should be replaced with just the domain (eg. example.com), not the subdomain.
|
||||
# In this case the subdomain should already be secured without additional actions
|
||||
ssl_certificate /etc/letsencrypt/live/<your-nc-domain>/fullchain.pem; # managed by certbot on host machine
|
||||
ssl_certificate_key /etc/letsencrypt/live/<your-nc-domain>/privkey.pem; # managed by certbot on host machine
|
||||
|
||||
|
||||
Reference in New Issue
Block a user