From 67c153dc470d2e43dba2e4660955aceb102e44d4 Mon Sep 17 00:00:00 2001 From: GitHub Workflow Date: Thu, 28 Mar 2024 14:19:03 +0000 Subject: [PATCH] Repo-sync --- Containers/clamav/Dockerfile | 2 +- Containers/collabora/Dockerfile | 2 +- Containers/fulltextsearch/Dockerfile | 2 +- Containers/mastercontainer/Dockerfile | 4 +-- Containers/mastercontainer/start.sh | 3 +- Containers/nextcloud/Dockerfile | 12 +++++-- Containers/nextcloud/config/apps.config.php | 4 +-- Containers/nextcloud/config/redis.config.php | 1 + Containers/nextcloud/entrypoint.sh | 26 ++++++-------- Containers/talk/Dockerfile | 2 +- community-containers/readme.md | 4 +-- manual-install/latest.yml | 2 ++ manual-install/sample.conf | 1 + nextcloud-aio-helm-chart/Chart.yaml | 2 +- .../nextcloud-aio-apache-deployment.yaml | 6 +++- .../nextcloud-aio-clamav-deployment.yaml | 10 +++++- .../nextcloud-aio-collabora-deployment.yaml | 2 +- .../nextcloud-aio-database-deployment.yaml | 10 +++++- ...xtcloud-aio-fulltextsearch-deployment.yaml | 6 +++- .../nextcloud-aio-imaginary-deployment.yaml | 4 ++- .../nextcloud-aio-nextcloud-deployment.yaml | 12 ++++++- .../nextcloud-aio-notify-push-deployment.yaml | 6 +++- .../nextcloud-aio-onlyoffice-deployment.yaml | 6 +++- .../nextcloud-aio-redis-deployment.yaml | 6 +++- .../nextcloud-aio-talk-deployment.yaml | 2 +- ...xtcloud-aio-talk-recording-deployment.yaml | 2 +- nextcloud-aio-helm-chart/update-helm.sh | 34 +++++++++++++++++++ nextcloud-aio-helm-chart/values.yaml | 5 +++ php/psalm-baseline.xml | 2 +- php/src/Data/ConfigurationManager.php | 2 +- php/src/Docker/DockerActionManager.php | 2 +- php/templates/containers.twig | 6 ++-- readme.md | 6 ++-- reverse-proxy.md | 4 ++- 34 files changed, 149 insertions(+), 51 deletions(-) diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile index 7083b255..0c285dfe 100644 --- a/Containers/clamav/Dockerfile +++ b/Containers/clamav/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile -FROM clamav/clamav:1.3.0-41 +FROM clamav/clamav:1.3.0-44 COPY clamav.conf /tmp/clamav.conf diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile index e4c21a37..9069429b 100644 --- a/Containers/collabora/Dockerfile +++ b/Containers/collabora/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker -FROM collabora/code:23.05.9.3.1 +FROM collabora/code:23.05.10.1.1 USER root diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile index d1fe922f..3beeedfe 100644 --- a/Containers/fulltextsearch/Dockerfile +++ b/Containers/fulltextsearch/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile -FROM elasticsearch:8.12.2 +FROM elasticsearch:8.13.0 USER root diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index 7abe7348..ea48c16f 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -1,12 +1,12 @@ # syntax=docker/dockerfile:latest # Docker CLI is a requirement -FROM docker:25.0.3-cli as docker +FROM docker:25.0.5-cli as docker # Caddy is a requirement FROM caddy:2.7.6-alpine as caddy # From https://github.com/docker-library/php/blob/master/8.3/alpine3.19/fpm/Dockerfile -FROM php:8.3.3-fpm-alpine3.19 +FROM php:8.3.4-fpm-alpine3.19 EXPOSE 80 EXPOSE 8080 diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh index 986cf6e0..8ea80817 100644 --- a/Containers/mastercontainer/start.sh +++ b/Containers/mastercontainer/start.sh @@ -47,7 +47,7 @@ elif ! sudo -u www-data test -r /var/run/docker.sock; then echo "Trying to fix docker.sock permissions internally..." DOCKER_GROUP=$(stat -c '%G' /var/run/docker.sock) DOCKER_GROUP_ID=$(stat -c '%g' /var/run/docker.sock) - # Check if a group with the same group id of /var/run/docker.socket already exists in the container + # Check if a group with the same group name of /var/run/docker.socket already exists in the container if grep -q "^$DOCKER_GROUP:" /etc/group; then # If yes, add www-data to that group echo "Adding internal www-data to group $DOCKER_GROUP" @@ -344,6 +344,7 @@ fi print_green "Initial startup of Nextcloud All-in-One complete! You should be able to open the Nextcloud AIO Interface now on port 8080 of this server! E.g. https://internal.ip.of.this.server:8080 +⚠️ Important: do always use an ip-address if you access this port and not a domain as HSTS might block access to it later! If your server has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via: https://your-domain-that-points-to-this-server.tld:8443" diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 97869ea9..768a9300 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM php:8.2.16-fpm-alpine3.19 +FROM php:8.2.17-fpm-alpine3.19 ENV PHP_MEMORY_LIMIT 512M ENV PHP_UPLOAD_LIMIT 10G @@ -7,7 +7,7 @@ ENV PHP_MAX_TIME 3600 ENV SOURCE_LOCATION /usr/src/nextcloud # AIO settings start # Do not remove or change this line! -ENV NEXTCLOUD_VERSION 28.0.3 +ENV NEXTCLOUD_VERSION 28.0.4 ENV AIO_TOKEN 123456 ENV AIO_URL localhost COPY supervisord.conf /supervisord.conf @@ -117,6 +117,14 @@ RUN set -ex; \ echo 'max_input_time=${PHP_MAX_TIME}'; \ } > /usr/local/etc/php/conf.d/nextcloud.ini; \ \ + { \ + echo 'session.save_handler = redis'; \ + echo 'session.save_path = "tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}"'; \ + echo 'redis.session.locking_enabled = 1'; \ + echo 'redis.session.lock_retries = -1'; \ + echo 'redis.session.lock_wait_time = 10000'; \ + } > /usr/local/etc/php/conf.d/redis-session.ini; \ + \ mkdir -p /var/www/data; \ chown -R www-data:root /var/www; \ chmod -R g=u /var/www; \ diff --git a/Containers/nextcloud/config/apps.config.php b/Containers/nextcloud/config/apps.config.php index 32283588..cff5dadd 100644 --- a/Containers/nextcloud/config/apps.config.php +++ b/Containers/nextcloud/config/apps.config.php @@ -2,12 +2,12 @@ $CONFIG = array ( 'apps_paths' => array ( 0 => array ( - 'path' => OC::$SERVERROOT.'/apps', + 'path' => '/var/www/html/apps', 'url' => '/apps', 'writable' => false, ), 1 => array ( - 'path' => OC::$SERVERROOT.'/custom_apps', + 'path' => '/var/www/html/custom_apps', 'url' => '/custom_apps', 'writable' => true, ), diff --git a/Containers/nextcloud/config/redis.config.php b/Containers/nextcloud/config/redis.config.php index a5fde3c7..e51b3022 100644 --- a/Containers/nextcloud/config/redis.config.php +++ b/Containers/nextcloud/config/redis.config.php @@ -6,6 +6,7 @@ 'redis' => array( 'host' => getenv('REDIS_HOST'), 'password' => (string) getenv('REDIS_HOST_PASSWORD'), + // 'dbindex' => (int) getenv('REDIS_DB_INDEX'), ), ); diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh index 4b24d748..518a2219 100644 --- a/Containers/nextcloud/entrypoint.sh +++ b/Containers/nextcloud/entrypoint.sh @@ -19,17 +19,6 @@ run_upgrade_if_needed_due_to_app_update() { fi } -echo "Configuring Redis as session handler..." -cat << REDIS_CONF > /usr/local/etc/php/conf.d/redis-session.ini -session.save_handler = redis -session.save_path = "tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}" -redis.session.locking_enabled = 1 -redis.session.lock_retries = -1 -# redis.session.lock_wait_time is specified in microseconds. -# Wait 10ms before retrying the lock rather than the default 2ms. -redis.session.lock_wait_time = 10000 -REDIS_CONF - # Check permissions in ncdata touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" &>/dev/null if ! [ -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" ]; then @@ -550,6 +539,11 @@ php /var/www/html/occ config:app:set notify_push base_endpoint --value="https:// # Collabora if [ "$COLLABORA_ENABLED" = 'yes' ]; then + set -x + if [ "$COLLABORA_HOST" = "nextcloud-.*-collabora" ]; then + COLLABORA_HOST="$NC_DOMAIN" + fi + set +x if ! [ -d "/var/www/html/custom_apps/richdocuments" ]; then php /var/www/html/occ app:install richdocuments elif [ "$(php /var/www/html/occ config:app:get richdocuments enabled)" != "yes" ]; then @@ -557,10 +551,10 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then elif [ "$SKIP_UPDATE" != 1 ]; then php /var/www/html/occ app:update richdocuments fi - php /var/www/html/occ config:app:set richdocuments wopi_url --value="https://$NC_DOMAIN/" + php /var/www/html/occ config:app:set richdocuments wopi_url --value="https://$COLLABORA_HOST/" # Make collabora more save - COLLABORA_IPv4_ADDRESS="$(dig "$NC_DOMAIN" A +short +search | grep '^[0-9.]\+$' | sort | head -n1)" - COLLABORA_IPv6_ADDRESS="$(dig "$NC_DOMAIN" AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)" + COLLABORA_IPv4_ADDRESS="$(dig "$COLLABORA_HOST" A +short +search | grep '^[0-9.]\+$' | sort | head -n1)" + COLLABORA_IPv6_ADDRESS="$(dig "$COLLABORA_HOST" AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)" COLLABORA_ALLOW_LIST="$(php /var/www/html/occ config:app:get richdocuments wopi_allowlist)" if [ -n "$COLLABORA_IPv4_ADDRESS" ]; then if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$COLLABORA_IPv4_ADDRESS"; then @@ -571,7 +565,7 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then fi fi else - echo "Warning: No ipv4-address found for $NC_DOMAIN." + echo "Warning: No ipv4-address found for $COLLABORA_HOST." fi if [ -n "$COLLABORA_IPv6_ADDRESS" ]; then if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$COLLABORA_IPv6_ADDRESS"; then @@ -582,7 +576,7 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then fi fi else - echo "No ipv6-address found for $NC_DOMAIN." + echo "No ipv6-address found for $COLLABORA_HOST." fi if [ -n "$COLLABORA_ALLOW_LIST" ]; then PRIVATE_IP_RANGES='127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1' diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index dc3588bf..ad564324 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM nats:2.10.11-scratch as nats +FROM nats:2.10.12-scratch as nats FROM eturnal/eturnal:1.12.0 AS eturnal FROM strukturag/nextcloud-spreed-signaling:1.2.3 as signaling FROM alpine:3.19.1 as janus diff --git a/community-containers/readme.md b/community-containers/readme.md index d0328ef4..12bad7c0 100644 --- a/community-containers/readme.md +++ b/community-containers/readme.md @@ -9,13 +9,13 @@ All containers that are in this directory are community maintained so the respon ## How to use this? Before adding any additional container, make sure to create a backup via the AIO interface! -Afterwards, you might want to add additional community containers to the default AIO stack. You can do so by adding `--env AIO_COMMUNITY_CONTAINERS="container1 container2"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must match the folder names in this directory! ⚠️⚠️⚠️ Please review the folder for documentation on each of the containers before adding them! Not reviewing the documentation for each of them first might break starting the AIO containers because e.g. fail2ban only works on Linux and not on Docker Desktop! +Afterwards, you might want to add additional community containers to the default AIO stack. You can do so by adding `--env AIO_COMMUNITY_CONTAINERS="container1 container2"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must match the folder names in this directory! ⚠️⚠️⚠️ Please review the folder for documentation on each of the containers before adding them! Not reviewing the documentation for each of them first might break starting the AIO containers because e.g. fail2ban only works on Linux and not on Docker Desktop! **Hint:** If the containers where running already, in order to actually start the added container, you need to click on `Stop containers` and the `Update and start containers` in order to actually start it. ## How to add containers? Simply submit a PR by creating a new folder in this directory: https://github.com/nextcloud/all-in-one/tree/main/community-containers with the name of your container. It must include a json file with the same name and with correct syntax and a readme.md with additional information. You might get inspired by caddy, fail2ban, local-ai, libretranslate, plex, pi-hole or vaultwarden (subfolders in this directory). For a full-blown example of the json file, see https://github.com/nextcloud/all-in-one/blob/main/php/containers.json. The json-schema that it validates against can be found here: https://github.com/nextcloud/all-in-one/blob/main/php/containers-schema.json. ### Is there a list of ideas for new community containers? -Yes, see [this list](https://github.com/nextcloud/all-in-one/discussions/categories/ideas?discussions_q=is%3Aopen+category%3AIdeas+label%3A%22help+wanted%22) for already existing ideas for new community containers. Feel free to pick one up and add it to this folder by following the instructions above. +Yes, see [this list](https://github.com/nextcloud/all-in-one/discussions/categories/ideas?discussions_q=is%3Aopen+category%3AIdeas+label%3A%22help+wanted%22+sort%3Atop) for already existing ideas for new community containers. Feel free to pick one up and add it to this folder by following the instructions above. ## How to remove containers from AIOs stack? In some cases, you might want to remove some community containers from the AIO stack again. Here is how to do this. diff --git a/manual-install/latest.yml b/manual-install/latest.yml index b0ec690b..3481b555 100644 --- a/manual-install/latest.yml +++ b/manual-install/latest.yml @@ -149,6 +149,7 @@ services: - REMOVE_DISABLED_APPS=${REMOVE_DISABLED_APPS} - APACHE_PORT=${APACHE_PORT} - APACHE_IP_BINDING=${APACHE_IP_BINDING} + - IMAGINARY_SECRET=${IMAGINARY_SECRET} stop_grace_period: 600s restart: unless-stopped networks: @@ -322,6 +323,7 @@ services: - "9000" environment: - TZ=${TIMEZONE} + - IMAGINARY_SECRET=${IMAGINARY_SECRET} restart: unless-stopped cap_add: - SYS_NICE diff --git a/manual-install/sample.conf b/manual-install/sample.conf index c2c5ed76..e4fcff5f 100644 --- a/manual-install/sample.conf +++ b/manual-install/sample.conf @@ -1,5 +1,6 @@ DATABASE_PASSWORD= # TODO! This needs to be a unique and good password! FULLTEXTSEARCH_PASSWORD= # TODO! This needs to be a unique and good password! +IMAGINARY_SECRET= # TODO! This needs to be a unique and good password! NC_DOMAIN=yourdomain.com # TODO! Needs to be changed to the domain that you want to use for Nextcloud. NEXTCLOUD_PASSWORD= # TODO! This is the password of the initially created Nextcloud admin with username "admin". ONLYOFFICE_SECRET= # TODO! This needs to be a unique and good password! diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml index baa9ad85..d2555fe6 100755 --- a/nextcloud-aio-helm-chart/Chart.yaml +++ b/nextcloud-aio-helm-chart/Chart.yaml @@ -1,6 +1,6 @@ name: nextcloud-aio-helm-chart description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose -version: 7.13.1 +version: 8.0.0-1 apiVersion: v2 keywords: - latest diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml index 155eb5a8..661a5908 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml @@ -26,7 +26,11 @@ spec: spec: initContainers: - name: init-volumes + {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }} + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine" + {{- else }} image: alpine + {{- end }} command: - chmod - "777" @@ -61,7 +65,7 @@ spec: value: nextcloud-aio-talk - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-apache:20240308_092935-latest + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-apache:20240321_080708-latest" name: nextcloud-aio-apache ports: - containerPort: {{ .Values.APACHE_PORT }} diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml index 6f1426da..0d0f09c7 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml @@ -27,7 +27,11 @@ spec: spec: initContainers: - name: init-subpath + {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }} + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine" + {{- else }} image: alpine + {{- end }} command: - mkdir - "-p" @@ -37,7 +41,11 @@ spec: - name: nextcloud-aio-clamav mountPath: /nextcloud-aio-clamav - name: init-volumes + {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }} + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine" + {{- else }} image: alpine + {{- end }} command: - chown - 100:100 @@ -52,7 +60,7 @@ spec: value: "90" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-clamav:20240308_092935-latest + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-clamav:20240321_080708-latest" name: nextcloud-aio-clamav ports: - containerPort: 3310 diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml index 490810ca..24437097 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml @@ -37,7 +37,7 @@ spec: value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json - name: server_name value: "{{ .Values.NC_DOMAIN }}" - image: nextcloud/aio-collabora:20240308_092935-latest + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-collabora:20240321_080708-latest" name: nextcloud-aio-collabora ports: - containerPort: 9980 diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml index 2e7cf200..8ae5cd90 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml @@ -26,7 +26,11 @@ spec: spec: initContainers: - name: init-subpath + {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }} + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine" + {{- else }} image: alpine + {{- end }} command: - mkdir - "-p" @@ -39,7 +43,11 @@ spec: - name: nextcloud-aio-database mountPath: /nextcloud-aio-database - name: init-volumes + {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }} + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine" + {{- else }} image: alpine + {{- end }} command: - chown - 999:999 @@ -63,7 +71,7 @@ spec: value: nextcloud - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-postgresql:20240308_092935-latest + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-postgresql:20240321_080708-latest" name: nextcloud-aio-database ports: - containerPort: 5432 diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml index 7cecee06..49e58d01 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml @@ -27,7 +27,11 @@ spec: spec: initContainers: - name: init-volumes + {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }} + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine" + {{- else }} image: alpine + {{- end }} command: - chmod - "777" @@ -57,7 +61,7 @@ spec: value: basic - name: xpack.security.enabled value: "false" - image: nextcloud/aio-fulltextsearch:20240308_092935-latest + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-fulltextsearch:20240321_080708-latest" name: nextcloud-aio-fulltextsearch ports: - containerPort: 9200 diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml index f289a8f3..068349a9 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml @@ -25,9 +25,11 @@ spec: spec: containers: - env: + - name: IMAGINARY_SECRET + value: "{{ .Values.IMAGINARY_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-imaginary:20240308_092935-latest + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-imaginary:20240321_080708-latest" name: nextcloud-aio-imaginary ports: - containerPort: 9000 diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml index 8df1b622..204970e7 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml @@ -26,7 +26,11 @@ spec: spec: initContainers: - name: "delete-lost-found" + {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }} + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine" + {{- else }} image: alpine + {{- end }} command: - rm - "-rf" @@ -37,7 +41,11 @@ spec: - name: nextcloud-aio-nextcloud mountPath: /nextcloud-aio-nextcloud - name: init-volumes + {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }} + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine" + {{- else }} image: alpine + {{- end }} command: - chmod - "777" @@ -104,6 +112,8 @@ spec: value: "{{ .Values.IMAGINARY_ENABLED }}" - name: IMAGINARY_HOST value: nextcloud-aio-imaginary + - name: IMAGINARY_SECRET + value: "{{ .Values.IMAGINARY_SECRET }}" - name: INSTALL_LATEST_MAJOR value: "{{ .Values.INSTALL_LATEST_MAJOR }}" - name: NC_DOMAIN @@ -160,7 +170,7 @@ spec: value: "{{ .Values.TIMEZONE }}" - name: UPDATE_NEXTCLOUD_APPS value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}" - image: nextcloud/aio-nextcloud:20240308_092935-latest + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-nextcloud:20240321_080708-latest" name: nextcloud-aio-nextcloud ports: - containerPort: 9000 diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml index 9ac50221..d2ce79e3 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml @@ -26,7 +26,11 @@ spec: spec: initContainers: - name: init-volumes + {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }} + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine" + {{- else }} image: alpine + {{- end }} command: - chmod - "777" @@ -52,7 +56,7 @@ spec: value: nextcloud-aio-redis - name: REDIS_HOST_PASSWORD value: "{{ .Values.REDIS_PASSWORD }}" - image: nextcloud/aio-notify-push:20240308_092935-latest + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-notify-push:20240321_080708-latest" name: nextcloud-aio-notify-push ports: - containerPort: 7867 diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml index ff74f06d..0fb72534 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml @@ -27,7 +27,11 @@ spec: spec: initContainers: - name: init-volumes + {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }} + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine" + {{- else }} image: alpine + {{- end }} command: - chmod - "777" @@ -45,7 +49,7 @@ spec: value: "{{ .Values.ONLYOFFICE_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-onlyoffice:20240308_092935-latest + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-onlyoffice:20240321_080708-latest" name: nextcloud-aio-onlyoffice ports: - containerPort: 80 diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml index 2724b13b..388f0232 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml @@ -26,7 +26,11 @@ spec: spec: initContainers: - name: init-volumes + {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }} + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine" + {{- else }} image: alpine + {{- end }} command: - chmod - "777" @@ -40,7 +44,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-redis:20240308_092935-latest + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-redis:20240321_080708-latest" name: nextcloud-aio-redis ports: - containerPort: 6379 diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml index 343fc026..49456542 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml @@ -37,7 +37,7 @@ spec: value: "{{ .Values.TURN_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-talk:20240308_092935-latest + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk:20240321_080708-latest" name: nextcloud-aio-talk ports: - containerPort: {{ .Values.TALK_PORT }} diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml index d79b2df6..3bff1528 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml @@ -33,7 +33,7 @@ spec: value: "{{ .Values.RECORDING_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-talk-recording:20240308_092935-latest + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk-recording:20240321_080708-latest" name: nextcloud-aio-talk-recording ports: - containerPort: 1234 diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh index 2cd0b38e..1cf2327a 100755 --- a/nextcloud-aio-helm-chart/update-helm.sh +++ b/nextcloud-aio-helm-chart/update-helm.sh @@ -59,7 +59,11 @@ find ./ -name '*networkpolicy.yaml' -exec sed -i "s|manual-install-nextcloud-aio cat << EOL > /tmp/initcontainers initContainers: - name: init-volumes + {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }} + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine" + {{- else }} image: alpine + {{- end }} command: - chmod - "777" @@ -68,14 +72,22 @@ EOL cat << EOL > /tmp/initcontainers.database initContainers: - name: init-subpath + {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }} + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine" + {{- else }} image: alpine + {{- end }} command: - mkdir - "-p" - /nextcloud-aio-database/data volumeMountsInitContainer: - name: init-volumes + {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }} + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine" + {{- else }} image: alpine + {{- end }} command: - chown - 999:999 @@ -85,14 +97,22 @@ EOL cat << EOL > /tmp/initcontainers.clamav initContainers: - name: init-subpath + {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }} + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine" + {{- else }} image: alpine + {{- end }} command: - mkdir - "-p" - /nextcloud-aio-clamav/data volumeMountsInitContainer: - name: init-volumes + {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }} + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine" + {{- else }} image: alpine + {{- end }} command: - chown - 100:100 @@ -102,14 +122,22 @@ EOL cat << EOL > /tmp/initcontainers.nextcloud initContainers: - name: "delete-lost-found" + {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }} + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine" + {{- else }} image: alpine + {{- end }} command: - rm - "-rf" - "/nextcloud-aio-nextcloud/lost+found" volumeMountsInitRmLostFound: - name: init-volumes + {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }} + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine" + {{- else }} image: alpine + {{- end }} command: - chmod - "777" @@ -272,6 +300,8 @@ EOL # shellcheck disable=SC1083 find ./ -name '*apache-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional-apache.config" \{} \; +# shellcheck disable=SC1083 +find ./ -name '*deployment.yaml' -exec sed -i '/image: nextcloud/s/$/"/;s|image: nextcloud/|image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/|;' \{} \; cd ../ mkdir -p ../helm-chart/ @@ -326,6 +356,10 @@ SMTP_NAME: # (empty by default): The username for the authentication. SMTP_PASSWORD: # (empty by default): The password for the authentication. MAIL_FROM_ADDRESS: # (not set by default): Set the local-part for the 'from' field in the emails sent by Nextcloud. MAIL_DOMAIN: # (not set by default): Set a different domain for the emails than the domain where Nextcloud is installed. + +IMAGE_MIRROR_PREFIX: # Setting this allows you to pull Nextcloud images through a mirror registry. +NEXTCLOUD_IMAGE_ORG: nextcloud # Setting this allows you to change the image's org name in case a different image needs to be used e.g. for compliance reasons. +ALPINE_IMAGE_ORG: # Setting this allows you to change the image's org name in case a different image needs to be used e.g. for compliance reasons. ADDITIONAL_CONFIG mv /tmp/sample.conf ../helm-chart/values.yaml diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml index 16d7cd51..51440408 100755 --- a/nextcloud-aio-helm-chart/values.yaml +++ b/nextcloud-aio-helm-chart/values.yaml @@ -1,5 +1,6 @@ DATABASE_PASSWORD: # TODO! This needs to be a unique and good password! FULLTEXTSEARCH_PASSWORD: # TODO! This needs to be a unique and good password! +IMAGINARY_SECRET: # TODO! This needs to be a unique and good password! NC_DOMAIN: yourdomain.com # TODO! Needs to be changed to the domain that you want to use for Nextcloud. NEXTCLOUD_PASSWORD: # TODO! This is the password of the initially created Nextcloud admin with username admin. ONLYOFFICE_SECRET: # TODO! This needs to be a unique and good password! @@ -60,3 +61,7 @@ SMTP_NAME: # (empty by default): The username for the authentication. SMTP_PASSWORD: # (empty by default): The password for the authentication. MAIL_FROM_ADDRESS: # (not set by default): Set the local-part for the 'from' field in the emails sent by Nextcloud. MAIL_DOMAIN: # (not set by default): Set a different domain for the emails than the domain where Nextcloud is installed. + +IMAGE_MIRROR_PREFIX: # Setting this allows you to pull Nextcloud images through a mirror registry. +NEXTCLOUD_IMAGE_ORG: nextcloud # Setting this allows you to change the image's org name in case a different image needs to be used e.g. for compliance reasons. +ALPINE_IMAGE_ORG: # Setting this allows you to change the image's org name in case a different image needs to be used e.g. for compliance reasons. diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml index 9dba49fe..2771cd06 100644 --- a/php/psalm-baseline.xml +++ b/php/psalm-baseline.xml @@ -1,2 +1,2 @@ - + diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 3b3cba5d..c6a47537 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -742,7 +742,7 @@ public function SetAdditionalBackupDirectories(string $additionalBackupDirectori // Trim all unwanted chars on both sites $entry = trim($entry); if ($entry !== "") { - if (!preg_match("#^/[.0-1a-zA-Z/_-]+$#", $entry) && !preg_match("#^[.0-1a-zA-Z_-]+$#", $entry)) { + if (!preg_match("#^/[.0-9a-zA-Z/_-]+$#", $entry) && !preg_match("#^[.0-9a-zA-Z_-]+$#", $entry)) { throw new InvalidSettingConfigurationException("You entered unallowed characters! Problematic is " . $entry); } $validDirectories .= rtrim($entry, '/') . PHP_EOL; diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index ed4d7717..8a8b1ab2 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -879,7 +879,7 @@ private function ConnectContainerIdToNetwork(string $id, string $internalPort, s } catch (RequestException $e) { // 409 is undocumented and gets thrown if the network already exists. if ($e->getCode() !== 409) { - throw $e; + throw new \Exception("Could not create the nextcloud-aio network: " . $e->getMessage()); } } diff --git a/php/templates/containers.twig b/php/templates/containers.twig index ed1ad63c..a8d09147 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -16,7 +16,7 @@
-

Nextcloud AIO v8.0.0

+

Nextcloud AIO v8.1.0

{# Add 2nd tab warning #} @@ -153,7 +153,7 @@
{% endif %} - Choose the backup that you want to restore and click on the button below to restore the selected backup. This will restore the whole AIO instance from backup. Please not that the current AIO password will be kept and the AIO password not restored from backup!

+ Choose the backup that you want to restore and click on the button below to restore the selected backup. This will restore the whole AIO instance from backup. Please note that the current AIO password will be kept and the previous AIO password will not be restored from backup!

@@ -494,7 +494,7 @@ - +
{% endif %} diff --git a/readme.md b/readme.md index a4fb9e3f..babe5ee4 100644 --- a/readme.md +++ b/readme.md @@ -119,7 +119,8 @@ The following instructions are meant for installations without a web server or r Note: You may be interested in adjusting Nextcloud’s datadir to store the files in a different location than the default docker volume. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it. 3. After the initial startup, you should be able to open the Nextcloud AIO Interface now on port 8080 of this server.
-E.g. `https://ip.address.of.this.server:8080`

+E.g. `https://ip.address.of.this.server:8080`
+⚠️ **Important:** do always use an ip-address if you access this port and not a domain as HSTS might block access to it later! (It is also expected that this port uses a self-signed certificate due to security concerns which you need to accept in your browser)

If your firewall/router has port 80 and 8443 open/forwarded and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:
`https://your-domain-that-points-to-this-server.tld:8443` 4. Please do not forget to open port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container! @@ -143,7 +144,7 @@ Only those (if you access the Mastercontainer Interface internally via port 8080 - `3478/TCP` and `3478/UDP` for the Talk container ### Explanation of used ports: -- `8080/TCP`: Mastercontainer Interface with self-signed certificate (works always, also if only access via IP-address is possible, e.g. `https://ip.address.of.this.server:8080/`) +- `8080/TCP`: Mastercontainer Interface with self-signed certificate (works always, also if only access via IP-address is possible, e.g. `https://ip.address.of.this.server:8080/`) ⚠️ **Important:** do always use an ip-address if you access this port and not a domain as HSTS might block access to it later! (It is also expected that this port uses a self-signed certificate due to security concerns which you need to accept in your browser) - `80/TCP`: redirects to Nextcloud (is used for getting the certificate via ACME http-challenge for the Mastercontainer) - `8443/TCP`: Mastercontainer Interface with valid certificate (only works if port 80 and 8443 are open/forwarded in your firewall/router and you point a domain to your server. It generates a valid certificate then automatically and access via e.g. `https://public.domain.com:8443/` is possible.) - `443/TCP`: will be used by the Apache container later on and needs to be open/forwarded in your firewall/router @@ -386,6 +387,7 @@ Not directly but you have multiple options to achieve this: - Mount a network FS like SSHFS, SMB or NFS in the directory that you enter in AIO as backup directory - Use rsync or rclone for syncing the borg backup archive that AIO creates locally to a remote target (make sure to lock the backup archive correctly before starting the sync; search for "aio-lockfile"; you can find a local example script here: https://github.com/nextcloud/all-in-one#sync-the-backup-regularly-to-another-drive) - You can find a well written guide that uses rclone and e.g. BorgBase for remote backups here: https://github.com/nextcloud/all-in-one/discussions/2247 +- Here is another one that utilizes borgmatic and BorgBase for remote backups: https://github.com/nextcloud/all-in-one/discussions/4391 - create your own backup solution using a script and borg, borgmatic or any other to backup tool for backing up to a remote target (make sure to stop and start the AIO containers correctly following https://github.com/nextcloud/all-in-one#how-to-enable-automatic-updates-without-creating-a-backup-beforehand) --- diff --git a/reverse-proxy.md b/reverse-proxy.md index eb9c72bf..14aa18b6 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -699,7 +699,9 @@ Simply translate the docker run command into a docker-compose file. You can have Use this environment variable during the initial startup of the mastercontainer to make the apache container only listen on localhost: `--env APACHE_IP_BINDING=127.0.0.1`. **Attention:** This is only recommended to be set if you use `localhost` in your reverse proxy config to connect to your AIO instance. If you use an ip-address instead of localhost, you should set it to `0.0.0.0`. ## 4. Open the AIO interface. -After starting AIO, you should be able to access the AIO Interface via `https://ip.address.of.the.host:8080`. Enter your domain that you've entered in the reverse proxy config and you should be done. Please do not forget to open/forward port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container! +After starting AIO, you should be able to access the AIO Interface via `https://ip.address.of.the.host:8080`.
+⚠️ **Important:** do always use an ip-address if you access this port and not a domain as HSTS might block access to it later! (It is also expected that this port uses a self-signed certificate due to security concerns which you need to accept in your browser)
+Enter your domain in the AIO interface that you've used in the reverse proxy config and you should be done. Please do not forget to open/forward port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container! ## 5. Optional: get a valid certificate for the AIO interface