Initial import

Containers/mastercontainer/.idea/.gitignore

@@ -0,0 +1,8 @@
+# Default ignored files
+/shelf/
+/workspace.xml
+# Datasource local storage ignored files
+/dataSources/
+/dataSources.local.xml
+# Editor-based HTTP Client requests
+/httpRequests/

Containers/mastercontainer/.idea/mastercontainer.iml

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="JAVA_MODULE" version="4">
+  <component name="NewModuleRootManager" inherit-compiler-output="true">
+    <exclude-output />
+    <content url="file://$MODULE_DIR$" />
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+</module>

Containers/mastercontainer/.idea/misc.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectRootManager">
+    <output url="file://$PROJECT_DIR$/out" />
+  </component>
+</project>

Containers/mastercontainer/.idea/modules.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectModuleManager">
+    <modules>
+      <module fileurl="file://$PROJECT_DIR$/.idea/mastercontainer.iml" filepath="$PROJECT_DIR$/.idea/mastercontainer.iml" />
+    </modules>
+  </component>
+</project>

Containers/mastercontainer/.idea/vcs.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="VcsDirectoryMappings">
+    <mapping directory="$PROJECT_DIR$/../.." vcs="Git" />
+  </component>
+</project>

Containers/mastercontainer/Caddyfile

@@ -0,0 +1,16 @@
+{
+    auto_https disable_redirects
+
+    storage file_system {
+        root /mnt/docker-aio-config/caddy/
+    }
+}
+
+https://:8443 {
+
+    reverse_proxy localhost:8000
+
+    tls {
+        on_demand
+    }
+}

Containers/mastercontainer/Dockerfile

@@ -0,0 +1,88 @@
+# From https://github.com/docker-library/php/blob/master/8.0/buster/apache/Dockerfile
+FROM php:8.0-apache-bullseye
+
+EXPOSE 80
+# EXPOSE 8080
+EXPOSE 8443
+
+RUN mkdir -p /mnt/docker-aio-config/; \
+    chown www-data:www-data /mnt/docker-aio-config;
+
+VOLUME /mnt/docker-aio-config/
+
+RUN mkdir -p /var/www/docker-aio; \
+    chown -R www-data:www-data /var/www;
+
+WORKDIR /var/www/docker-aio
+
+RUN apt-get update; \
+    apt-get install -y --no-install-recommends \
+        git \
+        supervisor \
+        openssl \
+        sudo \
+    ; \
+    rm -rf /var/lib/apt/lists/*
+
+RUN curl "https://caddyserver.com/api/download?os=linux&arch=amd64" -o "/usr/bin/caddy" \
+    && chmod 0755 /usr/bin/caddy \
+    && /usr/bin/caddy version
+
+RUN cd /var/www/docker-aio; \
+    git clone git@github.com:nextcloud/all-in-one.git .; \
+    chown -R www-data:www-data ./; \
+    chmod 770 -R ./
+
+RUN mkdir -p /etc/apache2/certs && \
+    cd /etc/apache2/certs && \
+    openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=DE/ST=BE/L=Local/O=Dev/CN=nextcloud.local" -keyout ./ssl.key -out ./ssl.crt; \
+    chown www-data:www-data -R /etc/apache2/certs;
+
+COPY mastercontainer.conf /etc/apache2/sites-available/
+
+RUN a2enmod rewrite \
+    headers \
+    env \
+    mime \
+    dir \
+    authz_core \
+    proxy \
+    proxy_http \
+    ssl
+
+RUN rm /etc/apache2/ports.conf; \
+    sed -s -i -e "s/Include ports.conf//" /etc/apache2/apache2.conf; \
+    sed -i "/^Listen /d" /etc/apache2/apache2.conf
+
+RUN a2dissite 000-default && \
+    a2dissite default-ssl && \
+    a2ensite mastercontainer.conf && \
+    service apache2 restart
+
+RUN mkdir /var/log/supervisord; \
+    mkdir /var/run/supervisord; \
+    chown www-data:www-data /var/run/supervisord; \
+    chown www-data:www-data /var/log/supervisord;
+
+RUN mkdir -p /usr/src/php/ext/apcu && curl -fsSL https://pecl.php.net/get/apcu | tar xvz -C "/usr/src/php/ext/apcu" --strip 1 && docker-php-ext-install apcu
+
+COPY Caddyfile /
+COPY start.sh /usr/bin/
+COPY cron.sh /
+COPY supervisord.conf /
+RUN chmod +x /usr/bin/start.sh; \
+    chmod +r /supervisord.conf; \
+    chmod +r /Caddyfile; \
+    chmod +x /cron.sh
+
+# add docker group
+RUN groupadd -g 998 docker && \
+    usermod -aG docker www-data
+
+# Give root a random password
+RUN echo "root:$(openssl rand -base64 12)" | chpasswd
+
+USER www-data
+
+ENTRYPOINT ["start.sh"]
+CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]

Containers/mastercontainer/cron.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+set -eu
+
+while true; do
+    php /var/www/docker-aio/php/src/Cron/cron.php
+    sleep 1d
+done

Containers/mastercontainer/mastercontainer.conf

@@ -0,0 +1,45 @@
+Listen 8000
+Listen 8080
+
+CustomLog ${APACHE_LOG_DIR}/access.log combined
+ErrorLog ${APACHE_LOG_DIR}/error.log
+
+# Deny access to .ht files
+<Files ".ht*">
+    Require all denied
+</Files>
+
+# Http host
+<VirtualHost *:8000>
+    # PHP match
+    <FilesMatch "\.php$">
+        SetHandler application/x-httpd-php
+    </FilesMatch>
+    # Master dir
+    DocumentRoot /var/www/docker-aio/php/public/
+    <Directory /var/www/docker-aio/php/public/>
+        RewriteEngine On
+        RewriteCond %{REQUEST_FILENAME} !-f
+        RewriteRule ^ index.php [QSA,L]
+        Options Indexes FollowSymLinks
+        Require all granted
+        AllowOverride All
+        Options FollowSymLinks MultiViews
+        Satisfy Any
+        <IfModule mod_dav.c>
+            Dav off
+        </IfModule>
+    </Directory>
+</VirtualHost>
+
+# Https host
+<VirtualHost *:8080>
+    # Proxy to https
+    ProxyPass / http://localhost:8000/
+    ProxyPassReverse / http://localhost:8000/
+    # SSL
+    SSLCertificateKeyFile /etc/apache2/certs/ssl.key
+    SSLCertificateFile /etc/apache2/certs/ssl.crt
+    SSLEngine               on
+    SSLProtocol             -all +TLSv1.2 +TLSv1.3
+</VirtualHost>

Containers/mastercontainer/start.sh

@@ -0,0 +1,69 @@
+#!/bin/bash
+
+# Function to show text in green
+print_green() {
+    local TEXT="$1"
+    printf "%b%s%b\n" "\e[0;92m" "$TEXT" "\e[0m"
+}
+
+# Check if socket is available and readable
+if ! [ -a "/var/run/docker.sock" ]; then
+    echo "Docker socket is not available. Cannot continue."
+    exit 1
+elif ! test -r /var/run/docker.sock; then
+    echo "Docker socket is not readable by the www-data user. Cannot continue."
+    exit 1
+fi
+
+# Check if volume is writeable
+if ! [ -w /mnt/docker-aio-config ]; then
+    echo "/mnt/docker-aio-config is not writeable."
+    exit 1
+fi
+
+# Check if api version is supported
+API_VERSION_FILE="$(find ./ -name DockerActionManager.php | head -1)"
+API_VERSION="$(grep -oP 'const API_VERSION.*\;' "$API_VERSION_FILE" | grep -oP [0-9]+.[0-9]+ | head -1)"
+API_VERSION_NUMB="$(echo "$API_VERSION" | sed 's/\.//')"
+LOCAL_API_VERSION_NUMB="$(curl -s --unix-socket /var/run/docker.sock http://"$API_VERSION"/version | sed 's/,/\n/g' | grep ApiVersion | grep -oP [0-9]+.[0-9]+ | head -1 | sed 's/\.//')"
+if [ -n "$LOCAL_API_VERSION_NUMB" ] && [ -n "$API_VERSION_NUMB" ]; then
+    if ! [ "$LOCAL_API_VERSION_NUMB" -ge "$API_VERSION_NUMB" ]; then
+        echo "Docker v$API_VERSION is not supported by your docker engine. Cannot proceed."
+        exit 1
+    fi
+else
+    echo "LOCAL_API_VERSION_NUMB or API_VERSION_NUMB are not set correctly. Cannot check if the API version is supported."
+    sleep 10
+fi
+
+# Adjust data permissions
+mkdir -p /mnt/docker-aio-config/data/
+mkdir -p /mnt/docker-aio-config/session/
+
+# Adjust caddy permissions
+mkdir -p /mnt/docker-aio-config/caddy/
+
+# Adjust certs
+GENERATED_CERTS="/mnt/docker-aio-config/certs"
+TMP_CERTS="/etc/apache2/certs"
+mkdir -p "$GENERATED_CERTS"
+cd "$GENERATED_CERTS"
+if ! [ -f ./ssl.crt ] && ! [ -f ./ssl.key ]; then
+    openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=DE/ST=BE/L=Local/O=Dev/CN=nextcloud.local" -keyout ./ssl.key -out ./ssl.crt
+fi
+if [ -f ./ssl.crt ] && [ -f ./ssl.key ]; then
+    cd "$TMP_CERTS"
+    rm ./ssl.crt
+    rm ./ssl.key
+    cp "$GENERATED_CERTS/ssl.crt" ./
+    cp "$GENERATED_CERTS/ssl.key" ./
+fi
+
+print_green "Initial startup of Nextcloud All In One complete!
+You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
+E.g. https://internal.ip.of.this.server:8080
+
+If your server has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatially by opening the Nextcloud AIO Interface via:
+https://your-domain-that-points-to-this-server.tld:8443"
+
+exec "$@"

Containers/mastercontainer/supervisord.conf

@@ -0,0 +1,30 @@
+[supervisord]
+nodaemon=true
+nodaemon=true
+logfile=/var/log/supervisord/supervisord.log
+pidfile=/var/run/supervisord/supervisord.pid
+childlogdir=/var/log/supervisord/
+logfile_maxbytes=50MB                           
+logfile_backups=10                              
+loglevel=error
+
+[program:apache]
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+command=apache2-foreground
+
+[program:caddy]
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+command=/usr/bin/caddy run -config /Caddyfile
+
+[program:cron]
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+command=/cron.sh