daenamnu/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2026-05-21 10:50:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
b5dad7927aa706d34793ac312aa0d6399c806bf1
nextcloud/manual-install/latest.yml
copilot-swe-agent[bot] b5dad7927a perf(fulltextsearch): improve elasticsearch healthcheck and add performance tuning settings 
- Replace TCP-only nc healthcheck with HTTP cluster health API check via curl,
  so the container is only marked healthy when ES is actually ready (not just
  when the TCP port is open during startup)
- Add indices.fielddata.cache.size=20% to cap field-data cache and prevent
  unbounded heap growth / OOM kills on large datasets
- Add indices.memory.index_buffer_size=20% to improve bulk indexing throughput
  by buffering more data in memory before flushing to disk
- Add thread_pool.write.queue_size=1000 to avoid rejected indexing requests
  when Nextcloud's background jobs submit many files simultaneously

Changes applied to: Containers/fulltextsearch/healthcheck.sh,
php/containers.json, manual-install/latest.yml

Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/a036678d-a9f5-4db3-8cc6-3e3d52f4e97f

Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>
2026-04-17 15:35:13 +00:00

512 lines
13 KiB
YAML
Raw Blame History

services:
nextcloud-aio-apache:
depends_on:
nextcloud-aio-onlyoffice:
condition: service_started
required: false
nextcloud-aio-collabora:
condition: service_started
required: false
nextcloud-aio-talk:
condition: service_started
required: false
nextcloud-aio-notify-push:
condition: service_started
required: false
nextcloud-aio-whiteboard:
condition: service_started
required: false
nextcloud-aio-nextcloud:
condition: service_started
required: false
image: ghcr.io/nextcloud-releases/aio-apache:latest
user: "33"
init: true
healthcheck:
start_period: 0s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 3
ports:
- ${APACHE_IP_BINDING}:${APACHE_PORT}:${APACHE_PORT}/tcp
- ${APACHE_IP_BINDING}:${APACHE_PORT}:${APACHE_PORT}/udp
environment:
- NC_DOMAIN
- NEXTCLOUD_HOST=nextcloud-aio-nextcloud
- APACHE_HOST=nextcloud-aio-apache
- COLLABORA_HOST=nextcloud-aio-collabora
- TALK_HOST=nextcloud-aio-talk
- APACHE_PORT
- ONLYOFFICE_HOST=nextcloud-aio-onlyoffice
- TZ=${TIMEZONE}
- APACHE_MAX_SIZE
- APACHE_MAX_TIME=${NEXTCLOUD_MAX_TIME}
- NOTIFY_PUSH_HOST=nextcloud-aio-notify-push
- WHITEBOARD_HOST=nextcloud-aio-whiteboard
- HARP_HOST=nextcloud-aio-harp
volumes:
- nextcloud_aio_nextcloud:/var/www/html:ro
- nextcloud_aio_apache:/mnt/data:rw
restart: unless-stopped
read_only: true
tmpfs:
- /var/log/supervisord
- /var/run/supervisord
- /usr/local/apache2/logs
- /tmp
- /home/www-data
cap_drop:
- NET_RAW
nextcloud-aio-database:
image: ghcr.io/nextcloud-releases/aio-postgresql:latest
user: "999"
init: true
healthcheck:
start_period: 0s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 3
expose:
- "5432"
volumes:
- nextcloud_aio_database:/var/lib/postgresql/data:rw
- nextcloud_aio_database_dump:/mnt/data:rw
environment:
- POSTGRES_PASSWORD=${DATABASE_PASSWORD}
- POSTGRES_DB=nextcloud_database
- POSTGRES_USER=nextcloud
- TZ=${TIMEZONE}
- PGTZ=${TIMEZONE}
stop_grace_period: 1800s
restart: unless-stopped
shm_size: 268435456
read_only: true
tmpfs:
- /var/run/postgresql
cap_drop:
- NET_RAW
nextcloud-aio-nextcloud:
depends_on:
nextcloud-aio-database:
condition: service_started
required: false
nextcloud-aio-redis:
condition: service_started
required: false
nextcloud-aio-clamav:
condition: service_started
required: false
nextcloud-aio-fulltextsearch:
condition: service_started
required: false
nextcloud-aio-talk-recording:
condition: service_started
required: false
nextcloud-aio-imaginary:
condition: service_started
required: false
image: ghcr.io/nextcloud-releases/aio-nextcloud:latest
init: true
healthcheck:
start_period: 0s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 3
expose:
- "9000"
- "9001"
volumes:
- nextcloud_aio_nextcloud:/var/www/html:rw
- ${NEXTCLOUD_DATADIR}:/mnt/ncdata:rw
- ${NEXTCLOUD_MOUNT}:${NEXTCLOUD_MOUNT}:rw
- ${NEXTCLOUD_TRUSTED_CACERTS_DIR}:/usr/local/share/ca-certificates:ro
environment:
- NEXTCLOUD_HOST=nextcloud-aio-nextcloud
- POSTGRES_HOST=nextcloud-aio-database
- POSTGRES_PORT=5432
- POSTGRES_PASSWORD=${DATABASE_PASSWORD}
- POSTGRES_DB=nextcloud_database
- POSTGRES_USER=nextcloud
- REDIS_HOST=nextcloud-aio-redis
- REDIS_PORT=6379
- REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
- APACHE_HOST=nextcloud-aio-apache
- APACHE_PORT
- NC_DOMAIN
- ADMIN_USER=admin
- ADMIN_PASSWORD=${NEXTCLOUD_PASSWORD}
- NEXTCLOUD_DATA_DIR=/mnt/ncdata
- OVERWRITEHOST=${NC_DOMAIN}
- OVERWRITEPROTOCOL=https
- TURN_SECRET
- SIGNALING_SECRET
- ONLYOFFICE_SECRET
- NEXTCLOUD_MOUNT
- CLAMAV_ENABLED
- CLAMAV_HOST=nextcloud-aio-clamav
- ONLYOFFICE_ENABLED
- COLLABORA_ENABLED
- COLLABORA_HOST=nextcloud-aio-collabora
- TALK_ENABLED
- ONLYOFFICE_HOST=nextcloud-aio-onlyoffice
- UPDATE_NEXTCLOUD_APPS
- TZ=${TIMEZONE}
- TALK_PORT
- IMAGINARY_ENABLED
- IMAGINARY_HOST=nextcloud-aio-imaginary
- PHP_UPLOAD_LIMIT=${NEXTCLOUD_UPLOAD_LIMIT}
- PHP_MEMORY_LIMIT=${NEXTCLOUD_MEMORY_LIMIT}
- FULLTEXTSEARCH_ENABLED
- FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch
- FULLTEXTSEARCH_PROTOCOL=http
- FULLTEXTSEARCH_PORT=9200
- FULLTEXTSEARCH_USER=elastic
- FULLTEXTSEARCH_INDEX=nextcloud-aio
- PHP_MAX_TIME=${NEXTCLOUD_MAX_TIME}
- TRUSTED_CACERTS_DIR=${NEXTCLOUD_TRUSTED_CACERTS_DIR}
- STARTUP_APPS=${NEXTCLOUD_STARTUP_APPS}
- ADDITIONAL_APKS=${NEXTCLOUD_ADDITIONAL_APKS}
- ADDITIONAL_PHP_EXTENSIONS=${NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS}
- INSTALL_LATEST_MAJOR
- TALK_RECORDING_ENABLED
- RECORDING_SECRET
- TALK_RECORDING_HOST=nextcloud-aio-talk-recording
- FULLTEXTSEARCH_PASSWORD
- REMOVE_DISABLED_APPS
- IMAGINARY_SECRET
- WHITEBOARD_SECRET
- WHITEBOARD_ENABLED
stop_grace_period: 600s
restart: unless-stopped
cap_drop:
- NET_RAW
nextcloud-aio-notify-push:
image: ghcr.io/nextcloud-releases/aio-notify-push:latest
user: "33"
init: true
healthcheck:
start_period: 0s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 3
expose:
- "7867"
volumes:
- nextcloud_aio_nextcloud:/var/www/html:ro
environment:
- NEXTCLOUD_HOST=nextcloud-aio-nextcloud
- TZ=${TIMEZONE}
restart: unless-stopped
read_only: true
cap_drop:
- NET_RAW
nextcloud-aio-redis:
image: ghcr.io/nextcloud-releases/aio-redis:latest
user: "999"
init: true
healthcheck:
start_period: 0s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 3
expose:
- "6379"
environment:
- REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
- TZ=${TIMEZONE}
volumes:
- nextcloud_aio_redis:/data:rw
restart: unless-stopped
read_only: true
cap_drop:
- NET_RAW
nextcloud-aio-collabora:
command: ${ADDITIONAL_COLLABORA_OPTIONS}
image: ghcr.io/nextcloud-releases/aio-collabora:latest
init: true
healthcheck:
start_period: 60s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 9
expose:
- "9980"
environment:
- aliasgroup1=https://${NC_DOMAIN}:443,http://nextcloud-aio-apache.nextcloud-aio:23973
- extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
- dictionaries=${COLLABORA_DICTIONARIES}
- TZ=${TIMEZONE}
- server_name=${NC_DOMAIN}
- DONT_GEN_SSL_CERT=1
restart: unless-stopped
profiles:
- collabora
cap_add:
- SYS_ADMIN
- SYS_CHROOT
- FOWNER
- CHOWN
cap_drop:
- NET_RAW
nextcloud-aio-talk:
image: ghcr.io/nextcloud-releases/aio-talk:latest
user: "1000"
init: true
healthcheck:
start_period: 0s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 3
ports:
- ${TALK_PORT}:${TALK_PORT}/tcp
- ${TALK_PORT}:${TALK_PORT}/udp
expose:
- "8081"
volumes:
- ${NEXTCLOUD_TRUSTED_CACERTS_DIR}:/usr/local/share/ca-certificates:ro
environment:
- NC_DOMAIN
- TALK_HOST=nextcloud-aio-talk
- TURN_SECRET
- SIGNALING_SECRET
- TZ=${TIMEZONE}
- TALK_PORT
- INTERNAL_SECRET=${TALK_INTERNAL_SECRET}
restart: unless-stopped
profiles:
- talk
- talk-recording
read_only: true
tmpfs:
- /var/log/supervisord
- /var/run/supervisord
- /opt/eturnal/run
- /conf
- /tmp
cap_drop:
- NET_RAW
nextcloud-aio-talk-recording:
image: ghcr.io/nextcloud-releases/aio-talk-recording:latest
user: "122"
init: true
healthcheck:
start_period: 0s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 3
expose:
- "1234"
environment:
- NC_DOMAIN
- TZ=${TIMEZONE}
- RECORDING_SECRET
- INTERNAL_SECRET=${TALK_INTERNAL_SECRET}
volumes:
- nextcloud_aio_talk_recording:/tmp:rw
shm_size: 2147483648
restart: unless-stopped
profiles:
- talk-recording
read_only: true
tmpfs:
- /conf
cap_drop:
- NET_RAW
nextcloud-aio-clamav:
image: ghcr.io/nextcloud-releases/aio-clamav:latest
user: "100"
init: false
healthcheck:
start_period: 60s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 9
expose:
- "3310"
environment:
- TZ=${TIMEZONE}
- MAX_SIZE=${NEXTCLOUD_UPLOAD_LIMIT}
volumes:
- nextcloud_aio_clamav:/var/lib/clamav:rw
restart: unless-stopped
profiles:
- clamav
read_only: true
tmpfs:
- /tmp
- /var/log/clamav
- /run/clamav
- /var/log/supervisord
- /var/run/supervisord
cap_drop:
- NET_RAW
nextcloud-aio-onlyoffice:
image: ghcr.io/nextcloud-releases/aio-onlyoffice:latest
init: true
healthcheck:
start_period: 60s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 9
expose:
- "80"
environment:
- TZ=${TIMEZONE}
- JWT_ENABLED=true
- JWT_HEADER=AuthorizationJwt
- JWT_SECRET=${ONLYOFFICE_SECRET}
volumes:
- nextcloud_aio_onlyoffice:/var/lib/onlyoffice:rw
restart: unless-stopped
profiles:
- onlyoffice
cap_drop:
- NET_RAW
nextcloud-aio-imaginary:
image: ghcr.io/nextcloud-releases/aio-imaginary:latest
user: "65534"
init: true
healthcheck:
start_period: 0s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 3
expose:
- "9000"
environment:
- TZ=${TIMEZONE}
- IMAGINARY_SECRET
restart: unless-stopped
cap_add:
- SYS_NICE
cap_drop:
- NET_RAW
profiles:
- imaginary
read_only: true
tmpfs:
- /tmp
nextcloud-aio-fulltextsearch:
image: ghcr.io/nextcloud-releases/aio-fulltextsearch:latest
init: false
healthcheck:
start_period: 60s
test: /healthcheck.sh
interval: 10s
timeout: 5s
start_interval: 5s
retries: 5
expose:
- "9200"
environment:
- TZ=${TIMEZONE}
- ES_JAVA_OPTS=${FULLTEXTSEARCH_JAVA_OPTIONS}
- bootstrap.memory_lock=false
- cluster.name=nextcloud-aio
- discovery.type=single-node
- logger.level=WARN
- http.port=9200
- xpack.license.self_generated.type=basic
- xpack.security.enabled=false
- indices.fielddata.cache.size=20%
- indices.memory.index_buffer_size=20%
- thread_pool.write.queue_size=1000
- FULLTEXTSEARCH_PASSWORD
volumes:
- nextcloud_aio_elasticsearch:/usr/share/elasticsearch/data:rw
restart: unless-stopped
profiles:
- fulltextsearch
cap_drop:
- NET_RAW
nextcloud-aio-whiteboard:
image: ghcr.io/nextcloud-releases/aio-whiteboard:latest
user: "65534"
init: true
healthcheck:
start_period: 0s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 3
expose:
- "3002"
tmpfs:
- /tmp
environment:
- TZ=${TIMEZONE}
- NEXTCLOUD_URL=https://${NC_DOMAIN}
- JWT_SECRET_KEY=${WHITEBOARD_SECRET}
- STORAGE_STRATEGY=redis
- REDIS_HOST=nextcloud-aio-redis
- REDIS_PORT=6379
- REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
- BACKUP_DIR=/tmp
restart: unless-stopped
profiles:
- whiteboard
read_only: true
cap_drop:
- NET_RAW
volumes:
nextcloud_aio_apache:
name: nextcloud_aio_apache
nextcloud_aio_clamav:
name: nextcloud_aio_clamav
nextcloud_aio_database:
name: nextcloud_aio_database
nextcloud_aio_database_dump:
name: nextcloud_aio_database_dump
nextcloud_aio_elasticsearch:
name: nextcloud_aio_elasticsearch
nextcloud_aio_nextcloud:
name: nextcloud_aio_nextcloud
nextcloud_aio_onlyoffice:
name: nextcloud_aio_onlyoffice
nextcloud_aio_redis:
name: nextcloud_aio_redis
nextcloud_aio_talk_recording:
name: nextcloud_aio_talk_recording
nextcloud_aio_nextcloud_data:
name: nextcloud_aio_nextcloud_data
networks:
default:
driver: bridge
Reference in New Issue View Git Blame Copy Permalink