eightball/all-in-one
1
0
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2025-12-19 22:16:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

aio-caddy: change to v3 and further adjustments

Browse source 
Signed-off-by: Simon L. <szaimen@e.mail.de>
This commit is contained in:
Simon L. 2025-06-15 14:11:23 +02:00
parent bf1df2f72e
commit 2d4d9d76d6
6 changed files with 22 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
community-containers/caddy/caddy.json
View file

@ -5,7 +5,7 @@
"display_name": "Caddy with geoblocking", "display_name": "Caddy with geoblocking",
"documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy", "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy",
"image": "ghcr.io/szaimen/aio-caddy", "image": "ghcr.io/szaimen/aio-caddy",
"image_tag": "v2", "image_tag": "v3",
"internal_port": "443", "internal_port": "443",
"restart": "unless-stopped", "restart": "unless-stopped",
"ports": [ "ports": [
@ -24,7 +24,9 @@
"TZ=%TIMEZONE%", "TZ=%TIMEZONE%",
"NC_DOMAIN=%NC_DOMAIN%", "NC_DOMAIN=%NC_DOMAIN%",
"APACHE_PORT=%APACHE_PORT%", "APACHE_PORT=%APACHE_PORT%",
"NEXTCLOUD_EXPORTER_CADDY_PASSWORD=%NEXTCLOUD_EXPORTER_CADDY_PASSWORD%" "NEXTCLOUD_EXPORTER_CADDY_PASSWORD=%NEXTCLOUD_EXPORTER_CADDY_PASSWORD%",
"turn_domain=turn.%NC_DOMAIN%",
"talk_port=443"
], ],
"volumes": [ "volumes": [
{ {

2
community-containers/caddy/readme.md
View file

@ -4,6 +4,8 @@ This container bundles caddy and auto-configures it for you. It also covers [vau
### Notes ### Notes
- This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time! - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
- Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO. - Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
- Starting with AIO v12, the Talk port that was usually exposed on port 3478 is now set to port 443 udp and tcp and reachable via `turn.your-nc-domain.com`. So instead of opening port 3478, you need to configure the mentioned subdomain by using a cname record.
- Starting with AIO v12, you can also limit vaultwarden, stalwart and lldap to certain ip-addresses. You can do so by creating a `allowed-IPs-vaultwarden.txt`, `allowed-IPs-stalwart.txt`, or `allowed-IPs-lldap.txt` file in the `nextcloud-aio-caddy` directory of your admin user and adding the ip-addresses in these files.
- If you want to use this with [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden), make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden. - If you want to use this with [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden), make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
- If you want to use this with [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart), make sure that you point `mail.your-nc-domain.com` to your server using an A, AAAA or CNAME record so that caddy can get a certificate automatically for stalwart. - If you want to use this with [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart), make sure that you point `mail.your-nc-domain.com` to your server using an A, AAAA or CNAME record so that caddy can get a certificate automatically for stalwart.
- If you want to use this with [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin), make sure that you point `media.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyfin. - If you want to use this with [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin), make sure that you point `media.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyfin.

1
manual-install/update-yaml.sh
View file

@ -46,6 +46,7 @@ sed -i '/AIO_TOKEN/d' containers.yml
sed -i '/AIO_URL/d' containers.yml sed -i '/AIO_URL/d' containers.yml
sed -i '/DOCKER_SOCKET_PROXY_ENABLED/d' containers.yml sed -i '/DOCKER_SOCKET_PROXY_ENABLED/d' containers.yml
sed -i '/ADDITIONAL_TRUSTED_PROXY/d' containers.yml sed -i '/ADDITIONAL_TRUSTED_PROXY/d' containers.yml
sed -i '/TURN_DOMAIN/d' containers.yml
TCP="$(grep -oP '[%A-Z0-9_]+/tcp' containers.yml | sort -u)" TCP="$(grep -oP '[%A-Z0-9_]+/tcp' containers.yml | sort -u)"
mapfile -t TCP <<< "$TCP" mapfile -t TCP <<< "$TCP"

1
php/containers.json
View file

@ -229,6 +229,7 @@
"UPDATE_NEXTCLOUD_APPS=%UPDATE_NEXTCLOUD_APPS%", "UPDATE_NEXTCLOUD_APPS=%UPDATE_NEXTCLOUD_APPS%",
"TZ=%TIMEZONE%", "TZ=%TIMEZONE%",
"TALK_PORT=%TALK_PORT%", "TALK_PORT=%TALK_PORT%",
"TURN_DOMAIN=%TURN_DOMAIN%",
"IMAGINARY_ENABLED=%IMAGINARY_ENABLED%", "IMAGINARY_ENABLED=%IMAGINARY_ENABLED%",
"IMAGINARY_HOST=nextcloud-aio-imaginary", "IMAGINARY_HOST=nextcloud-aio-imaginary",
"PHP_UPLOAD_LIMIT=%NEXTCLOUD_UPLOAD_LIMIT%", "PHP_UPLOAD_LIMIT=%NEXTCLOUD_UPLOAD_LIMIT%",

9
php/src/Data/ConfigurationManager.php
View file

@ -569,6 +569,15 @@ class ConfigurationManager
return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue); return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
} }
public function GetTurnDomain() : string {
$config = $this->GetConfig();
if(!isset($config['turn_domain'])) {
$config['turn_domain'] = '';
}
return $config['turn_domain'];
}
/** /**
* @throws InvalidSettingConfigurationException * @throws InvalidSettingConfigurationException
*/ */

5
php/src/Docker/DockerActionManager.php
View file

@ -283,6 +283,10 @@ readonly class DockerActionManager {
} }
} else if ($port === '%TALK_PORT%') { } else if ($port === '%TALK_PORT%') {
$port = $this->configurationManager->GetTalkPort(); $port = $this->configurationManager->GetTalkPort();
// Skip publishing talk port if it is set to the same value like the apache port
if ($port === $this->configurationManager->GetApachePort()) {
continue;
}
} }
$ipBinding = $value->ipBinding; $ipBinding = $value->ipBinding;
if ($ipBinding === '%APACHE_IP_BINDING%') { if ($ipBinding === '%APACHE_IP_BINDING%') {
@ -538,6 +542,7 @@ readonly class DockerActionManager {
'RESTORE_EXCLUDE_PREVIEWS' => $this->configurationManager->GetRestoreExcludePreviews(), 'RESTORE_EXCLUDE_PREVIEWS' => $this->configurationManager->GetRestoreExcludePreviews(),
'APACHE_PORT' => $this->configurationManager->GetApachePort(), 'APACHE_PORT' => $this->configurationManager->GetApachePort(),
'TALK_PORT' => $this->configurationManager->GetTalkPort(), 'TALK_PORT' => $this->configurationManager->GetTalkPort(),
'TURN_DOMAIN' => $this->configurationManager->GetTurnDomain(),
'NEXTCLOUD_MOUNT' => $this->configurationManager->GetNextcloudMount(), 'NEXTCLOUD_MOUNT' => $this->configurationManager->GetNextcloudMount(),
'BACKUP_RESTORE_PASSWORD' => $this->configurationManager->GetBorgRestorePassword(), 'BACKUP_RESTORE_PASSWORD' => $this->configurationManager->GetBorgRestorePassword(),
'CLAMAV_ENABLED' => $this->configurationManager->isClamavEnabled() ? 'yes' : '', 'CLAMAV_ENABLED' => $this->configurationManager->isClamavEnabled() ? 'yes' : '',