mirror of
https://github.com/nextcloud/all-in-one.git
synced 2026-05-21 19:00:33 +00:00
Compare commits
52 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
7e56c912f7 | ||
|
|
562b55b872 | ||
|
|
43a51c2a29 | ||
|
|
d2820644a0 | ||
|
|
73e4ea26ab | ||
|
|
2c573b2e24 | ||
|
|
68b5b770c7 | ||
|
|
5dbcf17e45 | ||
|
|
1accb8f568 | ||
|
|
9029991668 | ||
|
|
fe957f10f4 | ||
|
|
a27f51abdc | ||
|
|
2ab19cf79e | ||
|
|
d30af69ad9 | ||
|
|
31162a29d8 | ||
|
|
00c41624ea | ||
|
|
533c270d06 | ||
|
|
69cf646c85 | ||
|
|
3c26a3bed1 | ||
|
|
a88ab04bb6 | ||
|
|
aea0af5344 | ||
|
|
3c7adc3be5 | ||
|
|
85431fe60d | ||
|
|
25a2bd3efc | ||
|
|
d68a0c0e96 | ||
|
|
d9ff3ac548 | ||
|
|
f918d058a8 | ||
|
|
4ccde49448 | ||
|
|
a47eb2352d | ||
|
|
51b001f194 | ||
|
|
2e1f9819ff | ||
|
|
49bcef5df7 | ||
|
|
24c3f301ed | ||
|
|
3efbaeb158 | ||
|
|
ddf561b404 | ||
|
|
9a70fa4ddc | ||
|
|
5c1bf53011 | ||
|
|
8a9c5ae973 | ||
|
|
3496815879 | ||
|
|
bc90f47d7a | ||
|
|
8327b9aaa0 | ||
|
|
8656f58009 | ||
|
|
786f6ce2af | ||
|
|
be4e2e2afb | ||
|
|
bb66445cf7 | ||
|
|
e9fcd554cb | ||
|
|
00f7e2f749 | ||
|
|
9458650f8b | ||
|
|
85c606b09b | ||
|
|
07b603ae74 | ||
|
|
ce6e9411f5 | ||
|
|
354c642f75 |
2
.github/workflows/json-validator.yml
vendored
2
.github/workflows/json-validator.yml
vendored
@@ -30,6 +30,6 @@ jobs:
|
||||
for file in "${JSON_FILES[@]}"; do
|
||||
json validate --schema-file=php/containers-schema.json --document-file="$file" 2>&1 | tee -a ./json-validator.log
|
||||
done
|
||||
if grep -q "document does not validate with schema." ./json-validator.log; then
|
||||
if grep -q "document does not validate with schema.\|invalid JSONFile" ./json-validator.log; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
@@ -28,7 +28,6 @@ jobs:
|
||||
run: |
|
||||
set -x
|
||||
cd php
|
||||
composer global require wapmorgan/php-deprecation-detector dev-master
|
||||
composer install
|
||||
composer run php-deprecation-detector | tee -i ./phpdd.log
|
||||
if grep "Total issues:" ./phpdd.log; then
|
||||
|
||||
3
.github/workflows/psalm-update-baseline.yml
vendored
3
.github/workflows/psalm-update-baseline.yml
vendored
@@ -23,9 +23,8 @@ jobs:
|
||||
run: |
|
||||
set -x
|
||||
cd php
|
||||
composer global require vimeo/psalm --prefer-dist --no-progress --dev
|
||||
composer install
|
||||
composer run psalm -- --monochrome --no-progress --output-format=text --update-baseline
|
||||
composer run psalm:update-baseline
|
||||
git clean -f lib/composer
|
||||
git checkout composer.json composer.lock lib/composer
|
||||
continue-on-error: true
|
||||
|
||||
1
.github/workflows/psalm.yml
vendored
1
.github/workflows/psalm.yml
vendored
@@ -42,6 +42,5 @@ jobs:
|
||||
run: |
|
||||
set -x
|
||||
cd php
|
||||
composer global require vimeo/psalm --prefer-dist --no-progress --dev
|
||||
composer install
|
||||
composer run psalm
|
||||
|
||||
6
.github/workflows/twig-lint.yml
vendored
6
.github/workflows/twig-lint.yml
vendored
@@ -13,7 +13,7 @@ on:
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
concurrency:
|
||||
concurrency:
|
||||
group: lint-twig-${{ github.head_ref || github.run_id }}
|
||||
cancel-in-progress: true
|
||||
|
||||
@@ -36,7 +36,5 @@ jobs:
|
||||
- name: twig lint
|
||||
run: |
|
||||
cd php
|
||||
composer require sserbin/twig-linter:@dev --no-progress --dev
|
||||
composer install
|
||||
chmod +x ./vendor/bin/twig-linter
|
||||
./vendor/bin/twig-linter lint ./templates
|
||||
composer run lint:twig
|
||||
|
||||
11
.gitignore
vendored
11
.gitignore
vendored
@@ -1,8 +1,13 @@
|
||||
.DS_Store
|
||||
/php/data/containers.json
|
||||
/php/data/configuration.json
|
||||
/php/data/backupsecret.json
|
||||
.idea/
|
||||
*.iml
|
||||
|
||||
/php/data/*
|
||||
/php/session/*
|
||||
!/php/data/.gitkeep
|
||||
!/php/session/.gitkeep
|
||||
/php/vendor
|
||||
|
||||
/manual-install/*.conf
|
||||
!/manual-install/sample.conf
|
||||
/manual-install/docker-compose.yml
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
FROM caddy:2.8.4-alpine AS caddy
|
||||
|
||||
# From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
|
||||
FROM httpd:2.4.61-alpine3.20
|
||||
FROM httpd:2.4.62-alpine3.20
|
||||
|
||||
COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
FROM alpine:3.20.1
|
||||
FROM alpine:3.20.2
|
||||
|
||||
RUN set -ex; \
|
||||
\
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
# Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile
|
||||
FROM clamav/clamav:1.3.1-60
|
||||
FROM clamav/clamav:1.3.1-61
|
||||
|
||||
COPY clamav.conf /clamav.conf
|
||||
COPY --chmod=775 start.script /start.script
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
FROM alpine:3.20.1
|
||||
FROM alpine:3.20.2
|
||||
RUN set -ex; \
|
||||
apk upgrade --no-cache -a; \
|
||||
apk add --no-cache bash lighttpd netcat-openbsd; \
|
||||
|
||||
@@ -13,7 +13,7 @@ RUN set -ex; \
|
||||
build-base; \
|
||||
go install github.com/h2non/imaginary@"$IMAGINARY_HASH";
|
||||
|
||||
FROM alpine:3.20.1
|
||||
FROM alpine:3.20.2
|
||||
RUN set -ex; \
|
||||
apk upgrade --no-cache -a; \
|
||||
apk add --no-cache \
|
||||
|
||||
8
Containers/mastercontainer/.idea/.gitignore
generated
vendored
8
Containers/mastercontainer/.idea/.gitignore
generated
vendored
@@ -1,8 +0,0 @@
|
||||
# Default ignored files
|
||||
/shelf/
|
||||
/workspace.xml
|
||||
# Datasource local storage ignored files
|
||||
/dataSources/
|
||||
/dataSources.local.xml
|
||||
# Editor-based HTTP Client requests
|
||||
/httpRequests/
|
||||
@@ -1,9 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<module type="JAVA_MODULE" version="4">
|
||||
<component name="NewModuleRootManager" inherit-compiler-output="true">
|
||||
<exclude-output />
|
||||
<content url="file://$MODULE_DIR$" />
|
||||
<orderEntry type="inheritedJdk" />
|
||||
<orderEntry type="sourceFolder" forTests="false" />
|
||||
</component>
|
||||
</module>
|
||||
6
Containers/mastercontainer/.idea/misc.xml
generated
6
Containers/mastercontainer/.idea/misc.xml
generated
@@ -1,6 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<project version="4">
|
||||
<component name="ProjectRootManager">
|
||||
<output url="file://$PROJECT_DIR$/out" />
|
||||
</component>
|
||||
</project>
|
||||
8
Containers/mastercontainer/.idea/modules.xml
generated
8
Containers/mastercontainer/.idea/modules.xml
generated
@@ -1,8 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<project version="4">
|
||||
<component name="ProjectModuleManager">
|
||||
<modules>
|
||||
<module fileurl="file://$PROJECT_DIR$/.idea/mastercontainer.iml" filepath="$PROJECT_DIR$/.idea/mastercontainer.iml" />
|
||||
</modules>
|
||||
</component>
|
||||
</project>
|
||||
6
Containers/mastercontainer/.idea/vcs.xml
generated
6
Containers/mastercontainer/.idea/vcs.xml
generated
@@ -1,6 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<project version="4">
|
||||
<component name="VcsDirectoryMappings">
|
||||
<mapping directory="$PROJECT_DIR$/../.." vcs="Git" />
|
||||
</component>
|
||||
</project>
|
||||
@@ -1,6 +1,6 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
# Docker CLI is a requirement
|
||||
FROM docker:27.0.3-cli AS docker
|
||||
FROM docker:27.1.1-cli AS docker
|
||||
|
||||
# Caddy is a requirement
|
||||
FROM caddy:2.8.4-alpine AS caddy
|
||||
|
||||
@@ -295,7 +295,6 @@ DATADIR_PERMISSION_CONF
|
||||
php /var/www/html/occ app:disable updatenotification
|
||||
rm -rf /var/www/html/apps/updatenotification
|
||||
php /var/www/html/occ app:enable nextcloud-aio --force
|
||||
php /var/www/html/occ db:add-missing-indices
|
||||
php /var/www/html/occ db:add-missing-columns
|
||||
php /var/www/html/occ db:add-missing-primary-keys
|
||||
yes | php /var/www/html/occ db:convert-filecache-bigint
|
||||
@@ -423,12 +422,12 @@ DATADIR_PERMISSION_CONF
|
||||
# Apply optimization
|
||||
echo "Doing some optimizations..."
|
||||
php /var/www/html/occ maintenance:repair
|
||||
php /var/www/html/occ db:add-missing-indices
|
||||
php /var/www/html/occ db:add-missing-columns
|
||||
php /var/www/html/occ db:add-missing-primary-keys
|
||||
yes | php /var/www/html/occ db:convert-filecache-bigint
|
||||
php /var/www/html/occ maintenance:mimetype:update-js
|
||||
php /var/www/html/occ maintenance:mimetype:update-db
|
||||
if [ "$NEXTCLOUD_SKIP_DATABASE_OPTIMIZATION" != yes ]; then
|
||||
php /var/www/html/occ db:add-missing-indices
|
||||
php /var/www/html/occ db:add-missing-columns
|
||||
php /var/www/html/occ db:add-missing-primary-keys
|
||||
yes | php /var/www/html/occ db:convert-filecache-bigint
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
@@ -504,9 +503,10 @@ if [ -n "$SERVERINFO_TOKEN" ] && [ -z "$(php /var/www/html/occ config:app:get se
|
||||
php /var/www/html/occ config:app:set serverinfo token --value="$SERVERINFO_TOKEN"
|
||||
fi
|
||||
# Set maintenance window so that no warning is shown in the admin overview
|
||||
if [ -z "$(php /var/www/html/occ config:system:get maintenance_window_start)" ]; then
|
||||
php /var/www/html/occ config:system:set maintenance_window_start --type=int --value=100
|
||||
if [ -z "$NEXTCLOUD_MAINTENANCE_WINDOW" ]; then
|
||||
NEXTCLOUD_MAINTENANCE_WINDOW=100
|
||||
fi
|
||||
php /var/www/html/occ config:system:set maintenance_window_start --type=int --value="$NEXTCLOUD_MAINTENANCE_WINDOW"
|
||||
|
||||
# Apply network settings
|
||||
echo "Applying network settings..."
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# syntax=docker/dockerfile:latest
|
||||
FROM alpine:3.20.1
|
||||
FROM alpine:3.20.2
|
||||
|
||||
COPY --chmod=775 start.sh /start.sh
|
||||
COPY --chmod=775 healthcheck.sh /healthcheck.sh
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
FROM nats:2.10.18-scratch AS nats
|
||||
FROM eturnal/eturnal:1.12.0 AS eturnal
|
||||
FROM strukturag/nextcloud-spreed-signaling:1.3.2 AS signaling
|
||||
FROM alpine:3.20.1 AS janus
|
||||
FROM alpine:3.20.2 AS janus
|
||||
|
||||
ARG JANUS_VERSION=v0.14.3
|
||||
WORKDIR /src
|
||||
@@ -34,7 +34,7 @@ RUN set -ex; \
|
||||
make configs; \
|
||||
rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample
|
||||
|
||||
FROM alpine:3.20.1
|
||||
FROM alpine:3.20.2
|
||||
ENV ETURNAL_ETC_DIR="/conf"
|
||||
COPY --from=janus --chmod=777 --chown=1000:1000 /usr/local /usr/local
|
||||
COPY --from=eturnal --chmod=777 --chown=1000:1000 /opt/eturnal /opt/eturnal
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
# From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
|
||||
FROM containrrr/watchtower:1.7.1 AS watchtower
|
||||
|
||||
FROM alpine:3.20.1
|
||||
FROM alpine:3.20.2
|
||||
|
||||
RUN apk upgrade --no-cache -a; \
|
||||
apk add --no-cache bash
|
||||
|
||||
@@ -9,11 +9,29 @@ You can run AIO with docker rootless by following the steps below.
|
||||
1. If you need ipv6 support, you should enable it by following https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md.
|
||||
1. Do not forget to set the mentioned environmental variables `PATH` and `DOCKER_HOST` and in best case add them to your `~/.bashrc` file as shown!
|
||||
1. Also do not forget to run `loginctl enable-linger USERNAME` (and substitute USERNAME with the correct one) in order to make sure that user services are automatically started after every reboot.
|
||||
1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`)
|
||||
1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`). If you require the correct source IP you must expose them via `/etc/sysctl.conf`, [see note below](#note-regarding-docker-network-driver).
|
||||
1. Use the official AIO startup command but use `--volume $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro` instead of `--volume /var/run/docker.sock:/var/run/docker.sock:ro` and also add `--env WATCHTOWER_DOCKER_SOCKET_PATH=$XDG_RUNTIME_DIR/docker.sock` to the initial container startup (which is needed for mastercontainer updates to work correctly). When you are using Portainer to deploy AIO, the variable `$XDG_RUNTIME_DIR` is not available. In this case, it is necessary to manually add the path (e.g. `/run/user/1000/docker.sock`) to the Docker compose file to replace the `$XDG_RUNTIME_DIR` variable. If you are not sure how to get the path, you can run on the host: `echo $XDG_RUNTIME_DIR`.
|
||||
|
||||
1. Now everything should work like without docker rootless. You can consider using docker-compose for this or running it behind a reverse proxy. Basically the only thing that needs to be adjusted always in the startup command or compose.yaml file (after installing docker rootles) are things that are mentioned in point 3.
|
||||
1. ⚠️ **Important:** Please read through all notes below!
|
||||
|
||||
**Please note:** All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. E.g. with `sudo chown -R USERNAME:GROUPNAME /mnt/backup`. The same applies when changing Nextcloud's datadir. E.g. `sudo chown -R USERNAME:GROUPNAME /mnt/ncdata`. When you want to use the NEXTCLOUD_MOUNT option for local external storage, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value).
|
||||
### Note regarding sudo in the documentation
|
||||
Almost all commands in this project's documentation use `sudo docker ...`. Since `sudo` is not needed in case of docker rootless, you simply remove `sudo` from the commands and they should work.
|
||||
|
||||
⚠️ **Additional note:** Almost all commands in this project's documentation use `sudo docker ...`. Since `sudo` is not needed in case of docker rootless, you simply remove `sudo` from the commands and they should work.
|
||||
### Note regarding permissions
|
||||
All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. E.g. with `sudo chown -R USERNAME:GROUPNAME /mnt/backup`. The same applies when changing Nextcloud's datadir. E.g. `sudo chown -R USERNAME:GROUPNAME /mnt/ncdata`. When you want to use the NEXTCLOUD_MOUNT option for local external storage, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value).
|
||||
|
||||
### Note regarding docker network driver
|
||||
By default rootless docker uses the `slirp4netns` IP driver and the `builtin` port driver. As mentioned in [the documentation](https://docs.docker.com/engine/security/rootless/#networking-errors), this combination doesn't provide "Source IP propagation". This means that Apache and Nextcloud will see all connections as coming from the docker gateway (e.g 172.19.0.1), which can lead to the Nextcloud brute force protection blocking all connection attempts. To expose the correct source IP, you will need to configure docker to also use `slirp4netns` as the port driver (see also [this guide](https://rootlesscontaine.rs/getting-started/docker/#changing-the-port-forwarder)).
|
||||
As stated in the documentation, this change will likely lead to decreased network throughput. You should test this by trying to transfer a large file after completing your setup and revert back to the `builtin` port driver if the throughput is too slow.
|
||||
* Add `net.ipv4.ip_unprivileged_port_start=80` to `/etc/sysctl.conf`. Editing this file requires root privileges. (using capabilities doesn't work here; see [this issue](https://github.com/rootless-containers/slirp4netns/issues/251#issuecomment-761415404)).
|
||||
* Run `sudo sysctl --system` to propagate the change.
|
||||
* Create `~/.config/systemd/user/docker.service.d/override.conf`
|
||||
with the following content:
|
||||
```
|
||||
[Service]
|
||||
Environment="DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER=slirp4netns"
|
||||
```
|
||||
* Restart the docker daemon
|
||||
```
|
||||
systemctl --user restart docker
|
||||
```
|
||||
@@ -1,6 +1,6 @@
|
||||
name: nextcloud-aio-helm-chart
|
||||
description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
|
||||
version: 9.2.0
|
||||
version: 9.3.0
|
||||
apiVersion: v2
|
||||
keywords:
|
||||
- latest
|
||||
|
||||
@@ -25,7 +25,7 @@ Then run:
|
||||
|
||||
```
|
||||
helm repo add nextcloud-aio https://nextcloud.github.io/all-in-one/
|
||||
helm install my-release nextcloud-aio/nextcloud-aio-helm-chart -f values.yaml
|
||||
helm install nextcloud-aio nextcloud-aio/nextcloud-aio-helm-chart -f values.yaml
|
||||
```
|
||||
|
||||
And after a while, everything should be set up.
|
||||
|
||||
@@ -66,7 +66,7 @@ spec:
|
||||
value: nextcloud-aio-talk
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-apache:20240718_063028"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-apache:20240725_074330"
|
||||
name: nextcloud-aio-apache
|
||||
ports:
|
||||
- containerPort: {{ .Values.APACHE_PORT }}
|
||||
|
||||
@@ -61,7 +61,7 @@ spec:
|
||||
value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-clamav:20240718_063028"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-clamav:20240725_074330"
|
||||
name: nextcloud-aio-clamav
|
||||
ports:
|
||||
- containerPort: 3310
|
||||
|
||||
@@ -36,7 +36,7 @@ spec:
|
||||
value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
|
||||
- name: server_name
|
||||
value: "{{ .Values.NC_DOMAIN }}"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-collabora:20240718_063028"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-collabora:20240725_074330"
|
||||
name: nextcloud-aio-collabora
|
||||
ports:
|
||||
- containerPort: 9980
|
||||
|
||||
@@ -70,7 +70,7 @@ spec:
|
||||
value: nextcloud
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-postgresql:20240718_063028"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-postgresql:20240725_074330"
|
||||
name: nextcloud-aio-database
|
||||
ports:
|
||||
- containerPort: 5432
|
||||
|
||||
@@ -60,7 +60,7 @@ spec:
|
||||
value: basic
|
||||
- name: xpack.security.enabled
|
||||
value: "false"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-fulltextsearch:20240718_063028"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-fulltextsearch:20240725_074330"
|
||||
name: nextcloud-aio-fulltextsearch
|
||||
ports:
|
||||
- containerPort: 9200
|
||||
|
||||
@@ -28,7 +28,7 @@ spec:
|
||||
value: "{{ .Values.IMAGINARY_SECRET }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-imaginary:20240718_063028"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-imaginary:20240725_074330"
|
||||
name: nextcloud-aio-imaginary
|
||||
ports:
|
||||
- containerPort: 9000
|
||||
|
||||
20
nextcloud-aio-helm-chart/templates/nextcloud-aio-networkpolicy.yaml
Executable file
20
nextcloud-aio-helm-chart/templates/nextcloud-aio-networkpolicy.yaml
Executable file
@@ -0,0 +1,20 @@
|
||||
{{- if eq .Values.NETWORK_POLICY_ENABLED "yes" }}
|
||||
# https://github.com/ahmetb/kubernetes-network-policy-recipes/blob/master/04-deny-traffic-from-other-namespaces.md
|
||||
kind: NetworkPolicy
|
||||
apiVersion: networking.k8s.io/v1
|
||||
metadata:
|
||||
namespace: "{{ .Values.NAMESPACE }}"
|
||||
name: nextcloud-aio-deny-from-other-namespaces
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
policyTypes:
|
||||
- Ingress
|
||||
- Egress
|
||||
ingress:
|
||||
- from:
|
||||
- podSelector: {}
|
||||
egress:
|
||||
- to:
|
||||
- podSelector: {}
|
||||
{{- end }}
|
||||
@@ -175,7 +175,7 @@ spec:
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
- name: UPDATE_NEXTCLOUD_APPS
|
||||
value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-nextcloud:20240718_063028"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-nextcloud:20240725_074330"
|
||||
name: nextcloud-aio-nextcloud
|
||||
ports:
|
||||
- containerPort: 9000
|
||||
|
||||
@@ -57,7 +57,7 @@ spec:
|
||||
value: nextcloud-aio-redis
|
||||
- name: REDIS_HOST_PASSWORD
|
||||
value: "{{ .Values.REDIS_PASSWORD }}"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-notify-push:20240718_063028"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-notify-push:20240725_074330"
|
||||
name: nextcloud-aio-notify-push
|
||||
ports:
|
||||
- containerPort: 7867
|
||||
|
||||
@@ -48,7 +48,7 @@ spec:
|
||||
value: "{{ .Values.ONLYOFFICE_SECRET }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-onlyoffice:20240718_063028"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-onlyoffice:20240725_074330"
|
||||
name: nextcloud-aio-onlyoffice
|
||||
ports:
|
||||
- containerPort: 80
|
||||
|
||||
@@ -43,7 +43,7 @@ spec:
|
||||
value: "{{ .Values.REDIS_PASSWORD }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-redis:20240718_063028"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-redis:20240725_074330"
|
||||
name: nextcloud-aio-redis
|
||||
ports:
|
||||
- containerPort: 6379
|
||||
|
||||
@@ -42,7 +42,7 @@ spec:
|
||||
value: "{{ .Values.TURN_SECRET }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk:20240718_063028"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk:20240725_074330"
|
||||
name: nextcloud-aio-talk
|
||||
ports:
|
||||
- containerPort: {{ .Values.TALK_PORT }}
|
||||
|
||||
@@ -32,7 +32,7 @@ spec:
|
||||
value: "{{ .Values.RECORDING_SECRET }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk-recording:20240718_063028"
|
||||
image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk-recording:20240725_074330"
|
||||
name: nextcloud-aio-talk-recording
|
||||
ports:
|
||||
- containerPort: 1234
|
||||
|
||||
@@ -290,6 +290,8 @@ cat << EOL > /tmp/additional.config
|
||||
value: "{{ .Values.SERVERINFO_TOKEN }}"
|
||||
- name: NEXTCLOUD_DEFAULT_QUOTA
|
||||
value: "{{ .Values.NEXTCLOUD_DEFAULT_QUOTA }}"
|
||||
- name: NEXTCLOUD_MAINTENANCE_WINDOW
|
||||
value: "{{ .Values.NEXTCLOUD_MAINTENANCE_WINDOW }}"
|
||||
EOL
|
||||
# shellcheck disable=SC1083
|
||||
find ./ -name '*nextcloud-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional.config" \{} \;
|
||||
@@ -315,6 +317,29 @@ find ./ -name '*talk-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additiona
|
||||
# shellcheck disable=SC1083
|
||||
find ./ -name '*deployment.yaml' -exec sed -i '/image: nextcloud/s/$/"/;s|image: nextcloud/|image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/|;' \{} \;
|
||||
|
||||
cat << EOL > templates/nextcloud-aio-networkpolicy.yaml
|
||||
{{- if eq .Values.NETWORK_POLICY_ENABLED "yes" }}
|
||||
# https://github.com/ahmetb/kubernetes-network-policy-recipes/blob/master/04-deny-traffic-from-other-namespaces.md
|
||||
kind: NetworkPolicy
|
||||
apiVersion: networking.k8s.io/v1
|
||||
metadata:
|
||||
namespace: "{{ .Values.NAMESPACE }}"
|
||||
name: nextcloud-aio-deny-from-other-namespaces
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
policyTypes:
|
||||
- Ingress
|
||||
- Egress
|
||||
ingress:
|
||||
- from:
|
||||
- podSelector: {}
|
||||
egress:
|
||||
- to:
|
||||
- podSelector: {}
|
||||
{{- end }}
|
||||
EOL
|
||||
|
||||
cd ../
|
||||
mkdir -p ../helm-chart/
|
||||
rm latest/Chart.yaml
|
||||
@@ -355,12 +380,14 @@ cat << ADDITIONAL_CONFIG >> /tmp/sample.conf
|
||||
|
||||
NAMESPACE: default # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster
|
||||
NAMESPACE_DISABLED: "no" # By setting this to "yes", you can disabled the creation of the namespace so that you can use a pre-created one
|
||||
NETWORK_POLICY_ENABLED: "no" # By setting this to "yes", you can enable a network policy that limits network access to the same namespace. ⚠️ Attention: this breaks if you use an ingress!!! So it should be disabled if you do so!
|
||||
SUBSCRIPTION_KEY: # This allows to set the Nextcloud Enterprise key via ENV
|
||||
SERVERINFO_TOKEN: # This allows to set the serverinfo app token for monitoring your Nextcloud via the serverinfo app
|
||||
APPS_ALLOWLIST: # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments'
|
||||
ADDITIONAL_TRUSTED_PROXY: # Allows to add one additional ip-address to Nextcloud's trusted proxies and to the Office WOPI-allowlist automatically. Set it e.g. like this: 'your.public.ip-address'. You can also use an ip-range here.
|
||||
ADDITIONAL_TRUSTED_DOMAIN: # Allows to add one domain to Nextcloud's trusted domains and also generates a certificate automatically for it
|
||||
NEXTCLOUD_DEFAULT_QUOTA: "10 GB" # Allows to adjust the default quota that will be taken into account in Nextcloud for new users. Setting it to "unlimited" will set it to unlimited
|
||||
NEXTCLOUD_MAINTENANCE_WINDOW: # Allows to define the maintenance window for Nextcloud. See https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/background_jobs_configuration.html#parameters for possible values
|
||||
SMTP_HOST: # (empty by default): The hostname of the SMTP server.
|
||||
SMTP_SECURE: # (empty by default): Set to 'ssl' to use SSL, or 'tls' to use STARTTLS.
|
||||
SMTP_PORT: # (default: '465' for SSL and '25' for non-secure connections): Optional port for the SMTP connection. Use '587' for an alternative port for STARTTLS.
|
||||
|
||||
@@ -49,6 +49,7 @@ REDIS_STORAGE_SIZE: 1Gi # You can change the size of the redis volume that
|
||||
|
||||
NAMESPACE: default # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster
|
||||
NAMESPACE_DISABLED: "no" # By setting this to "yes", you can disabled the creation of the namespace so that you can use a pre-created one
|
||||
NETWORK_POLICY_ENABLED: "no" # By setting this to "yes", you can enable a network policy that limits network access to the same namespace. ⚠️ Attention: this breaks if you use an ingress!!! So it should be disabled if you do so!
|
||||
SUBSCRIPTION_KEY: # This allows to set the Nextcloud Enterprise key via ENV
|
||||
SERVERINFO_TOKEN: # This allows to set the serverinfo app token for monitoring your Nextcloud via the serverinfo app
|
||||
APPS_ALLOWLIST: # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments'
|
||||
|
||||
3
php/.gitignore
vendored
3
php/.gitignore
vendored
@@ -1,3 +0,0 @@
|
||||
/php/data/configuration.json
|
||||
/php/data/containers.json
|
||||
|
||||
8
php/.idea/.gitignore
generated
vendored
8
php/.idea/.gitignore
generated
vendored
@@ -1,8 +0,0 @@
|
||||
# Default ignored files
|
||||
/shelf/
|
||||
/workspace.xml
|
||||
# Datasource local storage ignored files
|
||||
/dataSources/
|
||||
/dataSources.local.xml
|
||||
# Editor-based HTTP Client requests
|
||||
/httpRequests/
|
||||
34
php/.idea/aio.iml
generated
34
php/.idea/aio.iml
generated
@@ -1,34 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<module type="WEB_MODULE" version="4">
|
||||
<component name="NewModuleRootManager">
|
||||
<content url="file://$MODULE_DIR$">
|
||||
<sourceFolder url="file://$MODULE_DIR$/src" isTestSource="false" packagePrefix="AIO\" />
|
||||
<excludeFolder url="file://$MODULE_DIR$/vendor/psr/http-server-middleware" />
|
||||
<excludeFolder url="file://$MODULE_DIR$/vendor/guzzlehttp/psr7" />
|
||||
<excludeFolder url="file://$MODULE_DIR$/vendor/psr/log" />
|
||||
<excludeFolder url="file://$MODULE_DIR$/vendor/guzzlehttp/guzzle" />
|
||||
<excludeFolder url="file://$MODULE_DIR$/vendor/psr/http-client" />
|
||||
<excludeFolder url="file://$MODULE_DIR$/vendor/psr/http-message" />
|
||||
<excludeFolder url="file://$MODULE_DIR$/vendor/guzzlehttp/promises" />
|
||||
<excludeFolder url="file://$MODULE_DIR$/vendor/psr/http-factory" />
|
||||
<excludeFolder url="file://$MODULE_DIR$/vendor/psr/container" />
|
||||
<excludeFolder url="file://$MODULE_DIR$/vendor/http-interop/http-factory-guzzle" />
|
||||
<excludeFolder url="file://$MODULE_DIR$/vendor/psr/http-server-handler" />
|
||||
<excludeFolder url="file://$MODULE_DIR$/vendor/slim/slim" />
|
||||
<excludeFolder url="file://$MODULE_DIR$/vendor/ralouphie/getallheaders" />
|
||||
<excludeFolder url="file://$MODULE_DIR$/vendor/nikic/fast-route" />
|
||||
<excludeFolder url="file://$MODULE_DIR$/vendor/composer" />
|
||||
<excludeFolder url="file://$MODULE_DIR$/vendor/opis/closure" />
|
||||
<excludeFolder url="file://$MODULE_DIR$/vendor/php-di/slim-bridge" />
|
||||
<excludeFolder url="file://$MODULE_DIR$/vendor/php-di/invoker" />
|
||||
<excludeFolder url="file://$MODULE_DIR$/vendor/php-di/php-di" />
|
||||
<excludeFolder url="file://$MODULE_DIR$/vendor/php-di/phpdoc-reader" />
|
||||
<excludeFolder url="file://$MODULE_DIR$/vendor/slim/twig-view" />
|
||||
<excludeFolder url="file://$MODULE_DIR$/vendor/symfony/polyfill-mbstring" />
|
||||
<excludeFolder url="file://$MODULE_DIR$/vendor/twig/twig" />
|
||||
<excludeFolder url="file://$MODULE_DIR$/vendor/symfony/polyfill-ctype" />
|
||||
</content>
|
||||
<orderEntry type="inheritedJdk" />
|
||||
<orderEntry type="sourceFolder" forTests="false" />
|
||||
</component>
|
||||
</module>
|
||||
8
php/.idea/modules.xml
generated
8
php/.idea/modules.xml
generated
@@ -1,8 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<project version="4">
|
||||
<component name="ProjectModuleManager">
|
||||
<modules>
|
||||
<module fileurl="file://$PROJECT_DIR$/.idea/aio.iml" filepath="$PROJECT_DIR$/.idea/aio.iml" />
|
||||
</modules>
|
||||
</component>
|
||||
</project>
|
||||
34
php/.idea/php.xml
generated
34
php/.idea/php.xml
generated
@@ -1,34 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<project version="4">
|
||||
<component name="PhpIncludePathManager">
|
||||
<include_path>
|
||||
<path value="$PROJECT_DIR$/vendor/psr/http-server-middleware" />
|
||||
<path value="$PROJECT_DIR$/vendor/guzzlehttp/psr7" />
|
||||
<path value="$PROJECT_DIR$/vendor/psr/log" />
|
||||
<path value="$PROJECT_DIR$/vendor/guzzlehttp/guzzle" />
|
||||
<path value="$PROJECT_DIR$/vendor/psr/http-client" />
|
||||
<path value="$PROJECT_DIR$/vendor/psr/http-message" />
|
||||
<path value="$PROJECT_DIR$/vendor/guzzlehttp/promises" />
|
||||
<path value="$PROJECT_DIR$/vendor/psr/http-factory" />
|
||||
<path value="$PROJECT_DIR$/vendor/psr/container" />
|
||||
<path value="$PROJECT_DIR$/vendor/http-interop/http-factory-guzzle" />
|
||||
<path value="$PROJECT_DIR$/vendor/psr/http-server-handler" />
|
||||
<path value="$PROJECT_DIR$/vendor/slim/slim" />
|
||||
<path value="$PROJECT_DIR$/vendor/ralouphie/getallheaders" />
|
||||
<path value="$PROJECT_DIR$/vendor/nikic/fast-route" />
|
||||
<path value="$PROJECT_DIR$/vendor/composer" />
|
||||
<path value="$PROJECT_DIR$/vendor/opis/closure" />
|
||||
<path value="$PROJECT_DIR$/vendor/php-di/slim-bridge" />
|
||||
<path value="$PROJECT_DIR$/vendor/php-di/invoker" />
|
||||
<path value="$PROJECT_DIR$/vendor/php-di/php-di" />
|
||||
<path value="$PROJECT_DIR$/vendor/php-di/phpdoc-reader" />
|
||||
<path value="$PROJECT_DIR$/vendor/slim/twig-view" />
|
||||
<path value="$PROJECT_DIR$/vendor/symfony/polyfill-mbstring" />
|
||||
<path value="$PROJECT_DIR$/vendor/twig/twig" />
|
||||
<path value="$PROJECT_DIR$/vendor/symfony/polyfill-ctype" />
|
||||
</include_path>
|
||||
</component>
|
||||
<component name="PhpProjectSharedConfiguration" php_language_level="7.4">
|
||||
<option name="suggestChangeDefaultLanguageLevel" value="false" />
|
||||
</component>
|
||||
</project>
|
||||
6
php/.idea/vcs.xml
generated
6
php/.idea/vcs.xml
generated
@@ -1,6 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<project version="4">
|
||||
<component name="VcsDirectoryMappings">
|
||||
<mapping directory="$PROJECT_DIR$/.." vcs="Git" />
|
||||
</component>
|
||||
</project>
|
||||
@@ -4,13 +4,60 @@ This is the code for the PHP Docker controller.
|
||||
|
||||
## How to run
|
||||
|
||||
Running this locally requires Docker Engine on the same machine.
|
||||
If this is the case, just execute the following command:
|
||||
Running this locally requires :
|
||||
|
||||
```
|
||||
composer install --no-dev
|
||||
cd public/
|
||||
php -S 0.0.0.0:8080
|
||||
### 1. Install the development environment
|
||||
|
||||
This project uses Composer as dependency management software. It is very similar to NPM.
|
||||
The command to install all dependencies is:
|
||||
|
||||
```bash
|
||||
composer install
|
||||
```
|
||||
|
||||
You can then access the web interface at `localhost:8080`.
|
||||
### 2. Access to docker socket
|
||||
|
||||
The `root` user has all privileges including access to the Docker socket.
|
||||
But **it is not recommended to launch the local instance with full privileges**, consider the docker group for docker access without being `root`.
|
||||
See https://docs.docker.com/engine/install/linux-postinstall/#manage-docker-as-a-non-root-user
|
||||
|
||||
### 3. Run a `nextcloud-aio-mastercontainer` container
|
||||
|
||||
This application manages containers, including its own container.
|
||||
So you need to run a `nextcloud-aio-mastercontainer` container for the application to work properly.
|
||||
|
||||
Here is a command to quickly launch a container :
|
||||
|
||||
```bash
|
||||
docker run \
|
||||
--rm \
|
||||
--name nextcloud-aio-mastercontainer \
|
||||
--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
|
||||
nextcloud/all-in-one:latest
|
||||
```
|
||||
|
||||
### 4. Start your server
|
||||
|
||||
With this command you will launch the server:
|
||||
|
||||
```bash
|
||||
# Make sure to launch this command with a user having access to the docker socket.
|
||||
SKIP_DOMAIN_VALIDATION=true composer run dev
|
||||
```
|
||||
|
||||
You can then access the web interface at http://localhost:8080.
|
||||
|
||||
Note: You can restart the server by preceding the command with other environment variables.
|
||||
|
||||
## Composer routine
|
||||
|
||||
| Command | Description |
|
||||
|-----------------------------------------|----------------------------------------|
|
||||
| `composer run dev` | Starts the development server |
|
||||
| `composer run psalm` | Run Psalm static analysis |
|
||||
| `composer run psalm:update-baseline` | Run Psalm with `--update-baseline` arg |
|
||||
| `composer run lint` | Run PHP Syntax check |
|
||||
| `composer run lint:twig` | Run Twig Syntax check |
|
||||
| `composer run php-deprecation-detector` | Run PHP Deprecation Detector |
|
||||
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"autoload": {
|
||||
"psr-4": {
|
||||
"psr-4": {
|
||||
"AIO\\": ["src/"]
|
||||
}
|
||||
},
|
||||
@@ -18,10 +18,20 @@
|
||||
"slim/csrf": "^1.3",
|
||||
"ext-apcu": "*"
|
||||
},
|
||||
"require-dev": {
|
||||
"sserbin/twig-linter": "@dev",
|
||||
"vimeo/psalm": "^5.25",
|
||||
"wapmorgan/php-deprecation-detector": "dev-master"
|
||||
},
|
||||
"scripts": {
|
||||
"dev": [
|
||||
"Composer\\Config::disableProcessTimeout",
|
||||
"php -S localhost:8080 -t public"
|
||||
],
|
||||
"psalm": "psalm --threads=1",
|
||||
"psalm:update-baseline": "psalm --threads=1 --update-baseline",
|
||||
"lint": "find . -name \\*.php -not -path './vendor/*' -exec php -l {} \\;",
|
||||
"php-deprecation-detector": "find . -name \\*.php -not -path './vendor/*' -exec phpdd scan {} -n -t 8.3 \\;"
|
||||
"psalm:update-baseline": "psalm --threads=1 --monochrome --no-progress --output-format=text --update-baseline",
|
||||
"lint": "php -l src/*.php src/**/*.php public/index.php",
|
||||
"lint:twig": "twig-linter lint ./templates",
|
||||
"php-deprecation-detector": "phpdd scan -n -t 8.3 src/*.php src/**/*.php public/index.php"
|
||||
}
|
||||
}
|
||||
|
||||
2049
php/composer.lock
generated
2049
php/composer.lock
generated
File diff suppressed because it is too large
Load Diff
@@ -16,7 +16,7 @@
|
||||
</header>
|
||||
|
||||
<div class="content">
|
||||
<h1>Nextcloud AIO v9.3.0</h1>
|
||||
<h1>Nextcloud AIO v9.4.0</h1>
|
||||
|
||||
{# Add 2nd tab warning #}
|
||||
<script type="text/javascript" src="second-tab-warning.js"></script>
|
||||
|
||||
@@ -629,7 +629,7 @@ By default, the Nextcloud container is confined and cannot access directories on
|
||||
|
||||
After using this option, please make sure to apply the correct permissions to the directories that you want to use in Nextcloud. E.g. `sudo chown -R 33:0 /mnt/your-drive-mountpoint` and `sudo chmod -R 750 /mnt/your-drive-mountpoint` should make it work on Linux when you have used `--env NEXTCLOUD_MOUNT="/mnt/"`. On Windows you could do this e.g. with `docker exec -it nextcloud-aio-nextcloud chown -R 33:0 /run/desktop/mnt/host/d/your-folder/` and `docker exec -it nextcloud-aio-nextcloud chmod -R 750 /run/desktop/mnt/host/d/your-folder/`.
|
||||
|
||||
You can then navigate to the apps management page, activate the external storage app, navigate to `https://your-nc-domain.com/settings/admin/externalstorages` and add a local external storage directory that will be accessible inside the container at the same place that you've entered. E.g. `/mnt/your-drive-mountpoint` will be mounted to `/mnt/your-drive-mountpoint` inside the container, etc.
|
||||
You can then navigate to `https://your-nc-domain.com/settings/apps/disabled`, activate the external storage app, navigate to `https://your-nc-domain.com/settings/admin/externalstorages` and add a local external storage directory that will be accessible inside the container at the same place that you've entered. E.g. `/mnt/your-drive-mountpoint` will be mounted to `/mnt/your-drive-mountpoint` inside the container, etc.
|
||||
|
||||
Be aware though that these locations will not be covered by the built-in backup solution - but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# Reverse Proxy Documentation
|
||||
|
||||
**Note:** The maintainers of AIO noticed that this documentation is not easy. All contributions that improve this are very welcome!
|
||||
**Note:** The maintainers of AIO noticed that this documentation could be improved to make it easier to follow. All contributions that improve this are very welcome!
|
||||
|
||||
A [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) is basically a web server that enables computers on the internet to access a service in a [private subnet](https://en.wikipedia.org/wiki/Private_network).
|
||||
|
||||
|
||||
Reference in New Issue
Block a user