eightball/all-in-one
1
0
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2026-02-16 02:30:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

Merge branch 'main' into patch-3

Browse source
This commit is contained in:
jameskimmel 2025-10-20 12:00:39 +02:00 committed by GitHub
commit 4bccdbe722
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
43 changed files with 278 additions and 137 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/helm-release.yml vendored
View file

@ -16,7 +16,7 @@ jobs:
uses: actions/checkout@v5 uses: actions/checkout@v5
- name: Turnstyle - name: Turnstyle
uses: softprops/turnstyle@858c58d647eeb05b1725a96ae3fc290230321af3 # v2 uses: softprops/turnstyle@9d692f15fa9f84928799bccac2dba6565e024bdf # v2
with: with:
continue-after-seconds: 180 continue-after-seconds: 180
env: env:

2
.github/workflows/playwright.yml vendored
View file

@ -15,7 +15,7 @@ jobs:
steps: steps:
- uses: actions/checkout@v5 - uses: actions/checkout@v5
- uses: actions/setup-node@v5 - uses: actions/setup-node@v6
with: with:
node-version: lts/* node-version: lts/*

2
Containers/alpine/Dockerfile
View file

@ -1,5 +1,5 @@
# syntax=docker/dockerfile:latest # syntax=docker/dockerfile:latest
FROM alpine:3.22.1 FROM alpine:3.22.2
RUN set -ex; \ RUN set -ex; \
apk upgrade --no-cache -a apk upgrade --no-cache -a

2
Containers/borgbackup/Dockerfile
View file

@ -1,5 +1,5 @@
# syntax=docker/dockerfile:latest # syntax=docker/dockerfile:latest
FROM alpine:3.22.1 FROM alpine:3.22.2
RUN set -ex; \ RUN set -ex; \
\ \

2
Containers/clamav/Dockerfile
View file

@ -1,5 +1,5 @@
# syntax=docker/dockerfile:latest # syntax=docker/dockerfile:latest
FROM alpine:3.22.1 FROM alpine:3.22.2
RUN set -ex; \ RUN set -ex; \
apk upgrade --no-cache -a; \ apk upgrade --no-cache -a; \

2
Containers/collabora/Dockerfile
View file

@ -1,6 +1,6 @@
# syntax=docker/dockerfile:latest # syntax=docker/dockerfile:latest
# From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
FROM collabora/code:25.04.6.1.1 FROM collabora/code:25.04.6.2.1
USER root USER root
ARG DEBIAN_FRONTEND=noninteractive ARG DEBIAN_FRONTEND=noninteractive

2
Containers/domaincheck/Dockerfile
View file

@ -1,5 +1,5 @@
# syntax=docker/dockerfile:latest # syntax=docker/dockerfile:latest
FROM alpine:3.22.1 FROM alpine:3.22.2
RUN set -ex; \ RUN set -ex; \
apk upgrade --no-cache -a; \ apk upgrade --no-cache -a; \
apk add --no-cache bash lighttpd netcat-openbsd; \ apk add --no-cache bash lighttpd netcat-openbsd; \

2
Containers/fulltextsearch/Dockerfile
View file

@ -1,6 +1,6 @@
# syntax=docker/dockerfile:latest # syntax=docker/dockerfile:latest
# Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
FROM elasticsearch:8.19.4 FROM elasticsearch:8.19.5
USER root USER root

4
Containers/imaginary/Dockerfile
View file

@ -1,5 +1,5 @@
# syntax=docker/dockerfile:latest # syntax=docker/dockerfile:latest
FROM golang:1.25.1-alpine3.22 AS go FROM golang:1.25.3-alpine3.22 AS go
ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3 ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
@ -14,7 +14,7 @@ RUN set -ex; \
build-base; \ build-base; \
go install github.com/h2non/imaginary@"$IMAGINARY_HASH"; go install github.com/h2non/imaginary@"$IMAGINARY_HASH";
FROM alpine:3.22.1 FROM alpine:3.22.2
RUN set -ex; \ RUN set -ex; \
apk upgrade --no-cache -a; \ apk upgrade --no-cache -a; \
apk add --no-cache \ apk add --no-cache \

2
Containers/mastercontainer/Dockerfile
View file

@ -1,6 +1,6 @@
# syntax=docker/dockerfile:latest # syntax=docker/dockerfile:latest
# Docker CLI is a requirement # Docker CLI is a requirement
FROM docker:28.5.0-cli AS docker FROM docker:28.5.1-cli AS docker
# Caddy is a requirement # Caddy is a requirement
FROM caddy:2.10.2-alpine AS caddy FROM caddy:2.10.2-alpine AS caddy

8
Containers/mastercontainer/mastercontainer.conf
View file

@ -1,5 +1,5 @@
Listen 8000 Listen 127.0.0.1:8000
Listen 8080 Listen 8080 https
# Deny access to .ht files # Deny access to .ht files
<Files ".ht*"> <Files ".ht*">
@ -7,8 +7,8 @@ Listen 8080
</Files> </Files>
# Http host # Http host
<VirtualHost *:8000> <VirtualHost 127.0.0.1:8000>
ServerName localhost ServerName 127.0.0.1
# Add error log # Add error log
CustomLog /proc/self/fd/1 proxy CustomLog /proc/self/fd/1 proxy

4
Containers/nextcloud/Dockerfile
View file

@ -84,7 +84,7 @@ RUN set -ex; \
# pecl will claim success even if one install fails, so we need to perform each install separately # pecl will claim success even if one install fails, so we need to perform each install separately
pecl install -o igbinary-3.2.16; \ pecl install -o igbinary-3.2.16; \
pecl install APCu-5.1.27; \ pecl install APCu-5.1.27; \
pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.3.0; \ pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.4.0; \
pecl install -oD 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.2.0; \ pecl install -oD 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.2.0; \
pecl install -o imagick-3.8.0; \ pecl install -o imagick-3.8.0; \
\ \
@ -132,7 +132,7 @@ RUN set -ex; \
echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \ echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \
echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \ echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \
echo 'max_execution_time=${PHP_MAX_TIME}'; \ echo 'max_execution_time=${PHP_MAX_TIME}'; \
echo 'max_input_time=${PHP_MAX_TIME}'; \ echo 'max_input_time=-1'; \
echo 'default_socket_timeout=${PHP_MAX_TIME}'; \ echo 'default_socket_timeout=${PHP_MAX_TIME}'; \
} > /usr/local/etc/php/conf.d/nextcloud.ini; \ } > /usr/local/etc/php/conf.d/nextcloud.ini; \
\ \

35
Containers/nextcloud/README.md Normal file
View file

@ -0,0 +1,35 @@
# Nextcloud All-in-One ``nextcloud`` Container
This folder contains the OCI/Docker container definition, along with associated resources and configuration files, for building the `nextcloud` container as part of the [Nextcloud All-in-One](https://github.com/nextcloud/all-in-one) project. This container hosts PHP and the Nextcloud Server application.
## Overview
The Nextcloud container provides the core Nextcloud application environment, including the necessary dependencies and configuration for seamless integration into the All-in-One stack. The container hosts:
- The PHP SAPI/backend (php-fpm)
- Nextcloud background jobs and scheduled tasks, which are handled via cron
- Miscellaneous minor support services specific to AIO's Nextcloud deployment (health and exec)
## Contents
- **Dockerfile**: Instructions for building the Nextcloud container image.
- **Entrypoint script**: The `start.sh` script is used for container initialization and runtime configuration before starting supervisord.
- **Nextcloud configuration files**: Specific to running in a containerized setting and/or within AIO.
- **Supervisor**: The `supervisord.conf` file defines the long-running services hosted within the container (php-fpm, cron, etc.).
## Usage
This container is intended to be used as part of the All-in-One deployment and is not meant to be used on its own. Among other requirements, it needs a web server container (which AIO provides in a dedicated Apache container). It is designed to be orchestrated by the [All-in-One mastercontainer](https://github.com/nextcloud/all-in-one/tree/main/Containers/mastercontainer) or used within an [AIO Manual Installation](https://github.com/nextcloud/all-in-one/tree/main/manual-install) or [AIO Helm chart](https://github.com/nextcloud/all-in-one/tree/main/nextcloud-aio-helm-chart).
## Documentation
- [Nextcloud All-in-One Documentation](https://github.com/nextcloud/all-in-one#readme)
- [Nextcloud Documentation](https://docs.nextcloud.com/)
## Contributing
Contributions are welcome! Please follow the Nextcloud project's guidelines and submit pull requests or issues via the main repository.
## License
This folder and its contents are licensed under the [GNU AGPLv3](https://www.gnu.org/licenses/agpl-3.0.html), in line with the rest of Nextcloud All-in-One.

207
Containers/nextcloud/entrypoint.sh
View file

@ -25,31 +25,34 @@ if [ "$DATABASE_TYPE" = postgres ]; then
export DATABASE_TYPE=pgsql export DATABASE_TYPE=pgsql
fi fi
# Only start container if redis is accessible # Only start container if Redis is accessible
# shellcheck disable=SC2153 # shellcheck disable=SC2153
while ! nc -z "$REDIS_HOST" "6379"; do while ! nc -z "$REDIS_HOST" "6379"; do
echo "Waiting for redis to start..." echo "Waiting for Redis to start..."
sleep 5 sleep 5
done done
# Check permissions in ncdata # Check permissions in ncdata
touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" test_file="$NEXTCLOUD_DATA_DIR/this-is-a-test-file"
if ! [ -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" ]; then touch "$test_file"
echo "The www-data user doesn't seem to have access rights in the datadir. if ! [ -f "$test_file" ]; then
Most likely are the files located on a drive that does not follow linux permissions. echo "The www-data user does not appear to have access rights to the data directory."
Please adjust the permissions like mentioned below. echo "It is possible that the files are on a filesystem that does not support standard Linux permissions,"
The found permissions are: echo "or the permissions simply need to be adjusted. Please change the permissions as described below."
$(stat -c "%u:%g %a" "$NEXTCLOUD_DATA_DIR") echo "Current permissions are:"
(userID:groupID permissions) stat -c "%u:%g %a" "$NEXTCLOUD_DATA_DIR"
but they should be: echo "(userID:groupID permissions)"
33:0 750 echo "They should be:"
(userID:groupID permissions) echo "33:0 750"
Also make sure that the parent directories on the host of the directory that you've chosen as datadir are publicly readable with e.g. 'sudo chmod +r /mnt' (adjust the command accordingly to your case) and the same for all subdirectories. echo "(userID:groupID permissions)"
Additionally, if you want to use a Fuse-mount as datadir, set 'allow_other' as additional mount option. echo "Also, ensure that all parent directories on the host of your chosen data directory are publicly readable."
For SMB/CIFS mounts as datadir, see https://github.com/nextcloud/all-in-one#can-i-use-a-cifssmb-share-as-nextclouds-datadir" echo "For example: sudo chmod +r /mnt (adjust this command as needed)."
echo "If you want to use a FUSE mount as the data directory, add 'allow_other' as an additional mount option."
echo "For SMB/CIFS mounts as the data directory, see:"
echo " https://github.com/nextcloud/all-in-one#can-i-use-a-cifssmb-share-as-nextclouds-datadir"
exit 1 exit 1
fi fi
rm "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" rm -f "$test_file"
if [ -f /var/www/html/version.php ]; then if [ -f /var/www/html/version.php ]; then
# shellcheck disable=SC2016 # shellcheck disable=SC2016
@ -71,26 +74,31 @@ fi
# Don't start the container if Nextcloud is not compatible with the PHP version # Don't start the container if Nextcloud is not compatible with the PHP version
if [ -f "/var/www/html/lib/versioncheck.php" ] && ! php /var/www/html/lib/versioncheck.php; then if [ -f "/var/www/html/lib/versioncheck.php" ] && ! php /var/www/html/lib/versioncheck.php; then
echo "It seems like your installed Nextcloud is not compatible with the by the container provided PHP version." echo "Your installed Nextcloud version is not compatible with the PHP version provided by this image."
echo "This most likely happened because you tried to restore an old Nextcloud version from backup that is not compatible with the PHP version that comes with the container." echo "This typically occurs when you restore an older Nextcloud backup that does not support the"
echo "Please try to restore a more recent backup which contains a Nextcloud version that is compatible with the PHP version that comes with the container." echo "PHP version included in this image."
echo "If you do not have a more recent backup, feel free to have a look at this documentation: https://github.com/nextcloud/all-in-one/blob/main/manual-upgrade.md" echo "Please restore a more recent backup that includes a compatible Nextcloud version."
echo "If you do not have a more recent backup, refer to the manual upgrade documentation:"
echo " https://github.com/nextcloud/all-in-one/blob/main/manual-upgrade.md"
exit 1 exit 1
fi fi
# Do not start the container if the last update failed # Do not start the container if the last update failed
if [ -f "$NEXTCLOUD_DATA_DIR/update.failed" ]; then if [ -f "$NEXTCLOUD_DATA_DIR/update.failed" ]; then
echo "The last Nextcloud update failed." echo "The last Nextcloud update failed."
echo "Please restore from backup and try again!" echo "Please restore from a backup and try again."
echo "If you do not have a backup in place, you can simply delete the update.failed file in the datadir which will allow the container to start again." echo "If you do not have a backup, you can delete the update.failed file in the data directory"
echo "to allow the container to start again."
exit 1 exit 1
fi fi
# Do not start the container if the install failed # Do not start the container if the install failed
if [ -f "$NEXTCLOUD_DATA_DIR/install.failed" ]; then if [ -f "$NEXTCLOUD_DATA_DIR/install.failed" ]; then
echo "The initial Nextcloud installation failed." echo "The initial Nextcloud installation failed."
echo "Please reset AIO properly and try again. For further clues what went wrong, check the logs above." echo "For more information about what went wrong, check the logs above."
echo "See https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance" echo "Please reset AIO properly and try again."
echo "See:"
echo " https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance"
exit 1 exit 1
fi fi
@ -143,7 +151,7 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
if [ "$installed_version" != "0.0.0.0" ]; then if [ "$installed_version" != "0.0.0.0" ]; then
# Check connection to appstore start # Do not remove or change this line! # Check connection to appstore start # Do not remove or change this line!
while true; do while true; do
echo -e "Checking connection to appstore" echo -e "Checking connection to the app store..."
APPSTORE_URL="https://apps.nextcloud.com/api/v1" APPSTORE_URL="https://apps.nextcloud.com/api/v1"
if grep -q appstoreurl /var/www/html/config/config.php; then if grep -q appstoreurl /var/www/html/config/config.php; then
set -x set -x
@ -154,10 +162,10 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
CURL_STATUS="$(curl -LI "$APPSTORE_URL"/apps.json -o /dev/null -w '%{http_code}\n' -s)" CURL_STATUS="$(curl -LI "$APPSTORE_URL"/apps.json -o /dev/null -w '%{http_code}\n' -s)"
if [[ "$CURL_STATUS" = "200" ]] if [[ "$CURL_STATUS" = "200" ]]
then then
echo "Appstore is reachable" echo "App store is reachable."
break break
else else
echo "Curl didn't produce a 200 status, is appstore reachable?" echo "Curl did not return a 200 status. Is the app store reachable?"
sleep 5 sleep 5
fi fi
done done
@ -167,21 +175,21 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
php /var/www/html/occ maintenance:mode --off php /var/www/html/occ maintenance:mode --off
echo "Getting and backing up the status of apps for later, this might take a while..." echo "Getting and backing up the status of apps for later; this might take a while..."
NC_APPS="$(find /var/www/html/custom_apps/ -type d -maxdepth 1 -mindepth 1 | sed 's|/var/www/html/custom_apps/||g')" NC_APPS="$(find /var/www/html/custom_apps/ -type d -maxdepth 1 -mindepth 1 | sed 's|/var/www/html/custom_apps/||g')"
if [ -z "$NC_APPS" ]; then if [ -z "$NC_APPS" ]; then
echo "No apps detected, aborting export of app status..." echo "No apps detected. Aborting export of app status..."
APPSTORAGE="no-export-done" APPSTORAGE="no-export-done"
else else
mapfile -t NC_APPS_ARRAY <<< "$NC_APPS" mapfile -t NC_APPS_ARRAY <<< "$NC_APPS"
declare -Ag APPSTORAGE declare -Ag APPSTORAGE
echo "Disabling apps before the update in order to make the update procedure more safe. This can take a while..." echo "Disabling apps before the update to make the update procedure safer. This can take a while..."
for app in "${NC_APPS_ARRAY[@]}"; do for app in "${NC_APPS_ARRAY[@]}"; do
if APPSTORAGE[$app]="$(php /var/www/html/occ config:app:get "$app" enabled)"; then if APPSTORAGE[$app]="$(php /var/www/html/occ config:app:get "$app" enabled)"; then
php /var/www/html/occ app:disable "$app" php /var/www/html/occ app:disable "$app"
else else
APPSTORAGE[$app]="" APPSTORAGE[$app]=""
echo "Not disabling $app because the occ command to get the enabled state was failing." echo "Not disabling $app because the occ command to get its enabled state failed."
fi fi
done done
fi fi
@ -195,8 +203,13 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
run_upgrade_if_needed_due_to_app_update run_upgrade_if_needed_due_to_app_update
fi fi
echo "Initializing nextcloud $image_version ..." echo "Initializing Nextcloud $image_version ..."
rsync -rlD --delete --exclude-from=/upgrade.exclude "$SOURCE_LOCATION/" /var/www/html/
# Copy over initial data from Nextcloud archive
rsync -rlD --delete \
--exclude-from=/upgrade.exclude \
"$SOURCE_LOCATION/" \
/var/www/html/
# Copy custom_apps from Nextcloud archive # Copy custom_apps from Nextcloud archive
if ! directory_empty "$SOURCE_LOCATION/custom_apps"; then if ! directory_empty "$SOURCE_LOCATION/custom_apps"; then
@ -204,22 +217,47 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
for app in "$SOURCE_LOCATION/custom_apps"/*; do for app in "$SOURCE_LOCATION/custom_apps"/*; do
app_id="$(basename "$app")" app_id="$(basename "$app")"
mkdir -p "/var/www/html/custom_apps/$app_id" mkdir -p "/var/www/html/custom_apps/$app_id"
rsync -rlD --delete --include "/$app_id/" --exclude '/*' "$SOURCE_LOCATION/custom_apps/" /var/www/html/custom_apps/ rsync -rlD --delete \
--include "/$app_id/" \
--exclude '/*' \
"$SOURCE_LOCATION/custom_apps/" \
/var/www/html/custom_apps/
done done
set +x set +x
fi fi
# Copy over initial data from Nextcloud archive # Copy these from Nextcloud archive if they don't exist yet (i.e. new install)
for dir in config data custom_apps themes; do for dir in config data custom_apps themes; do
if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
rsync -rlD --include "/$dir/" --exclude '/*' "$SOURCE_LOCATION/" /var/www/html/ rsync -rlD \
--include "/$dir/" \
--exclude '/*' \
"$SOURCE_LOCATION/" \
/var/www/html/
fi fi
done done
rsync -rlD --delete --include '/config/' --exclude '/*' --exclude '/config/CAN_INSTALL' --exclude '/config/config.sample.php' --exclude '/config/config.php' "$SOURCE_LOCATION/" /var/www/html/
rsync -rlD --include '/version.php' --exclude '/*' "$SOURCE_LOCATION/" /var/www/html/ rsync -rlD --delete \
--include '/config/' \
--exclude '/*' \
--exclude '/config/CAN_INSTALL' \
--exclude '/config/config.sample.php' \
--exclude '/config/config.php' \
"$SOURCE_LOCATION/" \
/var/www/html/
rsync -rlD \
--include '/version.php' \
--exclude '/*' \
"$SOURCE_LOCATION/" \
/var/www/html/
echo "Initializing finished" echo "Initializing finished"
#install ################
# Fresh Install
################
if [ "$installed_version" = "0.0.0.0" ]; then if [ "$installed_version" = "0.0.0.0" ]; then
echo "New Nextcloud instance." echo "New Nextcloud instance."
@ -233,13 +271,13 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
INSTALL_OPTIONS+=(--data-dir "$NEXTCLOUD_DATA_DIR") INSTALL_OPTIONS+=(--data-dir "$NEXTCLOUD_DATA_DIR")
fi fi
# We do our own permission check so the permission check is not needed # Skip the default permission check (we do our own)
cat << DATADIR_PERMISSION_CONF > /var/www/html/config/datadir.permission.config.php cat > /var/www/html/config/datadir.permission.config.php <<'EOF'
<?php <?php
\$CONFIG = array ( $CONFIG = array (
'check_data_directory_permissions' => false 'check_data_directory_permissions' => false
); );
DATADIR_PERMISSION_CONF EOF
# Write out postgres root cert # Write out postgres root cert
if [ -n "$NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES" ]; then if [ -n "$NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES" ]; then
@ -250,11 +288,20 @@ DATADIR_PERMISSION_CONF
echo "Installing with $DATABASE_TYPE database" echo "Installing with $DATABASE_TYPE database"
# Set a default value for POSTGRES_PORT # Set a default value for POSTGRES_PORT
if [ -z "$POSTGRES_PORT" ]; then if [ -z "$POSTGRES_PORT" ]; then
POSTGRES_PORT=5432 POSTGRES_PORT=5432
fi fi
# shellcheck disable=SC2153
INSTALL_OPTIONS+=(--database "$DATABASE_TYPE" --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST" --database-port "$POSTGRES_PORT")
# Add database options to INSTALL_OPTIONS
# shellcheck disable=SC2153
INSTALL_OPTIONS+=(
--database "$DATABASE_TYPE"
--database-name "$POSTGRES_DB"
--database-user "$POSTGRES_USER"
--database-pass "$POSTGRES_PASSWORD"
--database-host "$POSTGRES_HOST"
--database-port "$POSTGRES_PORT"
)
echo "Starting Nextcloud installation..." echo "Starting Nextcloud installation..."
if ! php /var/www/html/occ maintenance:install "${INSTALL_OPTIONS[@]}"; then if ! php /var/www/html/occ maintenance:install "${INSTALL_OPTIONS[@]}"; then
echo "Installation of Nextcloud failed!" echo "Installation of Nextcloud failed!"
@ -276,7 +323,7 @@ DATADIR_PERMISSION_CONF
if [ "$try" -ge "$max_retries" ]; then if [ "$try" -ge "$max_retries" ]; then
echo "Installation of Nextcloud failed!" echo "Installation of Nextcloud failed!"
echo "Install errors: $(cat /var/www/html/data/nextcloud.log)" echo "Installation errors: $(cat /var/www/html/data/nextcloud.log)"
touch "$NEXTCLOUD_DATA_DIR/install.failed" touch "$NEXTCLOUD_DATA_DIR/install.failed"
exit 1 exit 1
fi fi
@ -312,10 +359,12 @@ DATADIR_PERMISSION_CONF
installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
INSTALLED_MAJOR="${installed_version%%.*}" INSTALLED_MAJOR="${installed_version%%.*}"
IMAGE_MAJOR="${image_version%%.*}" IMAGE_MAJOR="${image_version%%.*}"
# If a valid upgrade path, trigger the Nextcloud built-in Updater
if ! [ "$INSTALLED_MAJOR" -gt "$IMAGE_MAJOR" ]; then if ! [ "$INSTALLED_MAJOR" -gt "$IMAGE_MAJOR" ]; then
php /var/www/html/updater/updater.phar --no-interaction --no-backup php /var/www/html/updater/updater.phar --no-interaction --no-backup
if ! php /var/www/html/occ -V || php /var/www/html/occ status | grep maintenance | grep -q 'true'; then if ! php /var/www/html/occ -V || php /var/www/html/occ status | grep maintenance | grep -q 'true'; then
echo "Installation of Nextcloud failed!" echo "Installation of Nextcloud failed!"
# TODO: Add a hint here about what to do / where to look / updater.log?
touch "$NEXTCLOUD_DATA_DIR/install.failed" touch "$NEXTCLOUD_DATA_DIR/install.failed"
exit 1 exit 1
fi fi
@ -392,11 +441,11 @@ DATADIR_PERMISSION_CONF
#upgrade #upgrade
else else
touch "$NEXTCLOUD_DATA_DIR/update.failed" touch "$NEXTCLOUD_DATA_DIR/update.failed"
echo "Upgrading nextcloud from $installed_version to $image_version..." echo "Upgrading Nextcloud from $installed_version to $image_version..."
php /var/www/html/occ config:system:delete integrity.check.disabled php /var/www/html/occ config:system:delete integrity.check.disabled
if ! php /var/www/html/occ upgrade || ! php /var/www/html/occ -V; then if ! php /var/www/html/occ upgrade || ! php /var/www/html/occ -V; then
echo "Upgrade failed. Please restore from backup." echo "Upgrade failed. Please restore from backup."
bash /notify.sh "Nextcloud update to $image_version failed!" "Please restore from backup!" bash /notify.sh "Nextcloud update to $image_version failed!" "Please restore from backup."
exit 1 exit 1
fi fi
@ -404,7 +453,7 @@ DATADIR_PERMISSION_CONF
installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
rm "$NEXTCLOUD_DATA_DIR/update.failed" rm "$NEXTCLOUD_DATA_DIR/update.failed"
bash /notify.sh "Nextcloud update to $image_version successful!" "Feel free to inspect the Nextcloud container logs for more info." bash /notify.sh "Nextcloud update to $image_version successful!" "You may inspect the Nextcloud container logs for more information."
php /var/www/html/occ app:update --all php /var/www/html/occ app:update --all
@ -412,7 +461,7 @@ DATADIR_PERMISSION_CONF
# Restore app status # Restore app status
if [ "${APPSTORAGE[0]}" != "no-export-done" ]; then if [ "${APPSTORAGE[0]}" != "no-export-done" ]; then
echo "Restoring the status of apps. This can take a while..." echo "Restoring app statuses. This may take a while..."
for app in "${!APPSTORAGE[@]}"; do for app in "${!APPSTORAGE[@]}"; do
if [ -n "${APPSTORAGE[$app]}" ]; then if [ -n "${APPSTORAGE[$app]}" ]; then
if [ "${APPSTORAGE[$app]}" != "no" ]; then if [ "${APPSTORAGE[$app]}" != "no" ]; then
@ -424,13 +473,13 @@ DATADIR_PERMISSION_CONF
php /var/www/html/occ maintenance:mode --off php /var/www/html/occ maintenance:mode --off
fi fi
run_upgrade_if_needed_due_to_app_update run_upgrade_if_needed_due_to_app_update
echo "The $app app could not get enabled. Probably because it is not compatible with the new Nextcloud version." echo "The $app app could not be re-enabled, probably because it is not compatible with the new Nextcloud version."
if [ "$app" = apporder ]; then if [ "$app" = apporder ]; then
CUSTOM_HINT="The apporder app was deprecated. A possible replacement is the side_menu app, aka 'Custom menu'." CUSTOM_HINT="The apporder app was deprecated. A possible replacement is the side_menu app, aka 'Custom menu'."
else else
CUSTOM_HINT="Most likely because it is not compatible with the new Nextcloud version." CUSTOM_HINT="Most likely, it is not compatible with the new Nextcloud version."
fi fi
bash /notify.sh "Could not enable the $app app after the Nextcloud update!" "$CUSTOM_HINT Feel free to look at the Nextcloud update logs and force-enable the app again from the app-store UI." bash /notify.sh "Could not re-enable the $app app after the Nextcloud update!" "$CUSTOM_HINT Feel free to review the Nextcloud update logs and force-enable the app again if you wish."
continue continue
fi fi
# Only restore the group settings, if the app was enabled (and is thus compatible with the new NC version) # Only restore the group settings, if the app was enabled (and is thus compatible with the new NC version)
@ -452,7 +501,7 @@ DATADIR_PERMISSION_CONF
php /var/www/html/occ config:app:set updatenotification notify_groups --value="[]" php /var/www/html/occ config:app:set updatenotification notify_groups --value="[]"
# Apply optimization # Apply optimization
echo "Doing some optimizations..." echo "Performing some optimizations..."
if [ "$NEXTCLOUD_SKIP_DATABASE_OPTIMIZATION" != yes ]; then if [ "$NEXTCLOUD_SKIP_DATABASE_OPTIMIZATION" != yes ]; then
php /var/www/html/occ maintenance:repair --include-expensive php /var/www/html/occ maintenance:repair --include-expensive
php /var/www/html/occ db:add-missing-indices php /var/www/html/occ db:add-missing-indices
@ -483,10 +532,10 @@ if [ -z "$OBJECTSTORE_S3_BUCKET" ] && [ -z "$OBJECTSTORE_SWIFT_URL" ]; then
# Check if appdata is present # Check if appdata is present
# If not, something broke (e.g. changing ncdatadir after aio was first started) # If not, something broke (e.g. changing ncdatadir after aio was first started)
if [ -z "$(find "$NEXTCLOUD_DATA_DIR/" -maxdepth 1 -mindepth 1 -type d -name "appdata_*")" ]; then if [ -z "$(find "$NEXTCLOUD_DATA_DIR/" -maxdepth 1 -mindepth 1 -type d -name "appdata_*")" ]; then
echo "Appdata is not present. Did you maybe change the datadir after the initial Nextcloud installation? This is not supported!" echo "Appdata is not present. Did you change the datadir after the initial Nextcloud installation? This is not supported!"
echo "See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir" echo "See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir"
echo "If you adjusted the datadir to be located on an external drive, make sure that the drive is still mounted!" echo "If you moved the datadir to an external drive, make sure that the drive is still mounted."
echo "In the datadir was found:" echo "The following was found in the datadir:"
ls -la "$NEXTCLOUD_DATA_DIR/" ls -la "$NEXTCLOUD_DATA_DIR/"
exit 1 exit 1
fi fi
@ -678,7 +727,7 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
fi fi
fi fi
else else
echo "Warning: No ipv4-address found for $COLLABORA_HOST." echo "Warning: No IPv4 address found for $COLLABORA_HOST."
fi fi
if [ -n "$COLLABORA_IPv6_ADDRESS" ]; then if [ -n "$COLLABORA_IPv6_ADDRESS" ]; then
if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$COLLABORA_IPv6_ADDRESS"; then if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$COLLABORA_IPv6_ADDRESS"; then
@ -689,7 +738,7 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
fi fi
fi fi
else else
echo "No ipv6-address found for $COLLABORA_HOST." echo "No IPv6 address found for $COLLABORA_HOST."
fi fi
if [ -n "$COLLABORA_ALLOW_LIST" ]; then if [ -n "$COLLABORA_ALLOW_LIST" ]; then
PRIVATE_IP_RANGES='127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1' PRIVATE_IP_RANGES='127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1'
@ -703,7 +752,7 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
fi fi
php /var/www/html/occ config:app:set richdocuments wopi_allowlist --value="$COLLABORA_ALLOW_LIST" php /var/www/html/occ config:app:set richdocuments wopi_allowlist --value="$COLLABORA_ALLOW_LIST"
else else
echo "Warning: wopi_allowlist is empty which should not be the case!" echo "Warning: wopi_allowlist is empty; this should not be the case!"
fi fi
else else
if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/richdocuments" ]; then if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/richdocuments" ]; then
@ -713,15 +762,20 @@ fi
# OnlyOffice # OnlyOffice
if [ "$ONLYOFFICE_ENABLED" = 'yes' ]; then if [ "$ONLYOFFICE_ENABLED" = 'yes' ]; then
# Determine OnlyOffice port based on host pattern
if echo "$ONLYOFFICE_HOST" | grep -q "nextcloud-.*-onlyoffice"; then if echo "$ONLYOFFICE_HOST" | grep -q "nextcloud-.*-onlyoffice"; then
ONLYOFFICE_PORT=80 ONLYOFFICE_PORT=80
else else
ONLYOFFICE_PORT=443 ONLYOFFICE_PORT=443
fi fi
# Wait for OnlyOffice to become available
while ! nc -z "$ONLYOFFICE_HOST" "$ONLYOFFICE_PORT"; do while ! nc -z "$ONLYOFFICE_HOST" "$ONLYOFFICE_PORT"; do
echo "waiting for OnlyOffice to become available..." echo "Waiting for OnlyOffice to become available..."
sleep 5 sleep 5
done done
# Install or enable OnlyOffice app as needed
if ! [ -d "/var/www/html/custom_apps/onlyoffice" ]; then if ! [ -d "/var/www/html/custom_apps/onlyoffice" ]; then
php /var/www/html/occ app:install onlyoffice php /var/www/html/occ app:install onlyoffice
elif [ "$(php /var/www/html/occ config:app:get onlyoffice enabled)" != "yes" ]; then elif [ "$(php /var/www/html/occ config:app:get onlyoffice enabled)" != "yes" ]; then
@ -729,16 +783,25 @@ if [ "$ONLYOFFICE_ENABLED" = 'yes' ]; then
elif [ "$SKIP_UPDATE" != 1 ]; then elif [ "$SKIP_UPDATE" != 1 ]; then
php /var/www/html/occ app:update onlyoffice php /var/www/html/occ app:update onlyoffice
fi fi
# Set OnlyOffice configuration
php /var/www/html/occ config:system:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET" php /var/www/html/occ config:system:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
php /var/www/html/occ config:app:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET" php /var/www/html/occ config:app:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
php /var/www/html/occ config:system:set onlyoffice jwt_header --value="AuthorizationJwt" php /var/www/html/occ config:system:set onlyoffice jwt_header --value="AuthorizationJwt"
# Adjust the OnlyOffice host if using internal pattern
if echo "$ONLYOFFICE_HOST" | grep -q "nextcloud-.*-onlyoffice"; then if echo "$ONLYOFFICE_HOST" | grep -q "nextcloud-.*-onlyoffice"; then
ONLYOFFICE_HOST="$NC_DOMAIN/onlyoffice" ONLYOFFICE_HOST="$NC_DOMAIN/onlyoffice"
export ONLYOFFICE_HOST export ONLYOFFICE_HOST
fi fi
php /var/www/html/occ config:app:set onlyoffice DocumentServerUrl --value="https://$ONLYOFFICE_HOST" php /var/www/html/occ config:app:set onlyoffice DocumentServerUrl --value="https://$ONLYOFFICE_HOST"
else else
if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/onlyoffice" ] && [ -n "$ONLYOFFICE_SECRET" ] && [ "$(php /var/www/html/occ config:system:get onlyoffice jwt_secret)" = "$ONLYOFFICE_SECRET" ]; then # Remove OnlyOffice app if disabled and removal is requested
if [ "$REMOVE_DISABLED_APPS" = yes ] && \
[ -d "/var/www/html/custom_apps/onlyoffice" ] && \
[ -n "$ONLYOFFICE_SECRET" ] && \
[ "$(php /var/www/html/occ config:system:get onlyoffice jwt_secret)" = "$ONLYOFFICE_SECRET" ]; then
php /var/www/html/occ app:remove onlyoffice php /var/www/html/occ app:remove onlyoffice
fi fi
fi fi
@ -784,7 +847,7 @@ fi
if [ -d "/var/www/html/custom_apps/spreed" ]; then if [ -d "/var/www/html/custom_apps/spreed" ]; then
if [ "$TALK_RECORDING_ENABLED" = 'yes' ]; then if [ "$TALK_RECORDING_ENABLED" = 'yes' ]; then
while ! nc -z "$TALK_RECORDING_HOST" 1234; do while ! nc -z "$TALK_RECORDING_HOST" 1234; do
echo "waiting for Talk Recording to become available..." echo "Waiting for Talk Recording to become available..."
sleep 5 sleep 5
done done
# TODO: migrate to occ command if that becomes available # TODO: migrate to occ command if that becomes available
@ -799,12 +862,12 @@ fi
if [ "$CLAMAV_ENABLED" = 'yes' ]; then if [ "$CLAMAV_ENABLED" = 'yes' ]; then
count=0 count=0
while ! nc -z "$CLAMAV_HOST" 3310 && [ "$count" -lt 90 ]; do while ! nc -z "$CLAMAV_HOST" 3310 && [ "$count" -lt 90 ]; do
echo "waiting for clamav to become available..." echo "Waiting for ClamAV to become available..."
count=$((count+5)) count=$((count+5))
sleep 5 sleep 5
done done
if [ "$count" -ge 90 ]; then if [ "$count" -ge 90 ]; then
echo "Clamav did not start in time. Skipping initialization and disabling files_antivirus app." echo "ClamAV did not start in time. Skipping initialization and disabling files_antivirus app."
php /var/www/html/occ app:disable files_antivirus php /var/www/html/occ app:disable files_antivirus
else else
if ! [ -d "/var/www/html/custom_apps/files_antivirus" ]; then if ! [ -d "/var/www/html/custom_apps/files_antivirus" ]; then
@ -851,7 +914,7 @@ fi
if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
count=0 count=0
while ! nc -z "$FULLTEXTSEARCH_HOST" "$FULLTEXTSEARCH_PORT" && [ "$count" -lt 90 ]; do while ! nc -z "$FULLTEXTSEARCH_HOST" "$FULLTEXTSEARCH_PORT" && [ "$count" -lt 90 ]; do
echo "waiting for Fulltextsearch to become available..." echo "Waiting for Fulltextsearch to become available..."
count=$((count+5)) count=$((count+5))
sleep 5 sleep 5
done done
@ -888,14 +951,14 @@ if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
# Do the index # Do the index
if ! [ -f "$NEXTCLOUD_DATA_DIR/fts-index.done" ]; then if ! [ -f "$NEXTCLOUD_DATA_DIR/fts-index.done" ]; then
echo "Waiting 10s before activating FTS..." echo "Waiting 10 seconds before activating fulltextsearch..."
sleep 10 sleep 10
echo "Activating fulltextsearch..." echo "Activating fulltextsearch..."
if php /var/www/html/occ fulltextsearch:test && php /var/www/html/occ fulltextsearch:index "{\"errors\": \"reset\"}" --no-readline; then if php /var/www/html/occ fulltextsearch:test && php /var/www/html/occ fulltextsearch:index "{\"errors\": \"reset\"}" --no-readline; then
touch "$NEXTCLOUD_DATA_DIR/fts-index.done" touch "$NEXTCLOUD_DATA_DIR/fts-index.done"
else else
echo "Fulltextsearch failed. Could not index." echo "Fulltextsearch failed. Could not index."
echo "Feel free to follow https://github.com/nextcloud/all-in-one/discussions/1709 if you want to skip the indexing in the future." echo "If you want to skip indexing in the future, see https://github.com/nextcloud/all-in-one/discussions/1709"
fi fi
fi fi
fi fi

2
Containers/notify-push/Dockerfile
View file

@ -1,5 +1,5 @@
# syntax=docker/dockerfile:latest # syntax=docker/dockerfile:latest
FROM alpine:3.22.1 FROM alpine:3.22.2
COPY --chmod=775 start.sh /start.sh COPY --chmod=775 start.sh /start.sh
COPY --chmod=775 healthcheck.sh /healthcheck.sh COPY --chmod=775 healthcheck.sh /healthcheck.sh

2
Containers/onlyoffice/Dockerfile
View file

@ -1,6 +1,6 @@
# syntax=docker/dockerfile:latest # syntax=docker/dockerfile:latest
# From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
FROM onlyoffice/documentserver:9.0.4.1 FROM onlyoffice/documentserver:9.1.0.1
# USER root is probably used # USER root is probably used

4
Containers/talk-recording/Dockerfile
View file

@ -1,10 +1,10 @@
# syntax=docker/dockerfile:latest # syntax=docker/dockerfile:latest
FROM python:3.13.7-alpine3.22 FROM python:3.14.0-alpine3.22
COPY --chmod=775 start.sh /start.sh COPY --chmod=775 start.sh /start.sh
COPY --chmod=775 healthcheck.sh /healthcheck.sh COPY --chmod=775 healthcheck.sh /healthcheck.sh
ENV RECORDING_VERSION=v0.1 ENV RECORDING_VERSION=v0.2.0
ENV ALLOW_ALL=false ENV ALLOW_ALL=false
ENV HPB_PROTOCOL=https ENV HPB_PROTOCOL=https
ENV NC_PROTOCOL=https ENV NC_PROTOCOL=https

48
Containers/talk-recording/recording.conf
View file

@ -1,3 +1,5 @@
# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
[logs] [logs]
# Log level based on numeric values of Python logging levels: # Log level based on numeric values of Python logging levels:
# - Critical: 50 # - Critical: 50
@ -12,6 +14,11 @@
# IP and port to listen on for HTTP requests. # IP and port to listen on for HTTP requests.
#listen = 127.0.0.1:8000 #listen = 127.0.0.1:8000
[app]
# Comma separated list of trusted proxies (IPs or CIDR networks) that may set
# the "X-Forwarded-For" header.
#trustedproxies =
[backend] [backend]
# Allow any hostname as backend endpoint. This is extremely insecure and should # Allow any hostname as backend endpoint. This is extremely insecure and should
# only be used during development. # only be used during development.
@ -100,6 +107,18 @@
# ffmpeg. The options given here fully override the default global options. # ffmpeg. The options given here fully override the default global options.
#common = ffmpeg -loglevel level+warning -n #common = ffmpeg -loglevel level+warning -n
# The (additional) options given to ffmpeg for the audio input. The options
# given here extend the default options for the audio input, although they do
# not override them.
# Default options: '-f pulse -i {AUDIO_SOURCE}'
#inputaudio =
# The (additional) options given to ffmpeg for the video input. The options
# given here extend the default options for the video input, although they do
# not override them.
# Default options: '-f x11grab -draw_mouse 0 -video_size {WIDTH}x{HEIGHT} -i {VIDEO_SOURCE}'
#inputvideo =
# The options given to ffmpeg to encode the audio output. The options given here # The options given to ffmpeg to encode the audio output. The options given here
# fully override the default options for the audio output. # fully override the default options for the audio output.
#outputaudio = -c:a libopus #outputaudio = -c:a libopus
@ -120,4 +139,31 @@
# will use Google Chrome, or Chromium if Google Chrome is not installed. # will use Google Chrome, or Chromium if Google Chrome is not installed.
# Allowed values: firefox, chrome # Allowed values: firefox, chrome
# Defaults to firefox # Defaults to firefox
# browser = firefox #browser = firefox
# Path to the Selenium driver to use for recordings.
# If set the driver must match the browser being used (for example,
# "/usr/bin/geckodriver" for "firefox"). If no driver is explicitly set Selenium
# Manager will try to find the right one in $PATH, downloading it as a fallback.
# Note that Selenium Manager does not work in some architectures (for example,
# Linux on arm64/aarch64), so in those architectures the driver must be
# explicitly set.
#driverPath =
# Path to the browser executable to use for recordings.
# If set the executable must match the browser being used (for example,
# "/usr/bin/firefox-esr" for "firefox"). If no executable is explicitly set
# Selenium Manager will try to find the right one in $PATH. Depending on the
# installed Selenium version if the executable is not found Selenium Manager may
# also download the browser as a fallback.
# Note that Selenium Manager does not work in some architectures (for example,
# Linux on arm64/aarch64); in those architectures the Selenium driver will try
# to find the executable, but the executable may need to be explicitly set if
# not found by the driver.
#browserPath =
[stats]
# Comma-separated list of IP addresses (or CIDR networks) that are allowed to
# access the stats endpoint.
# Leave commented to only allow access from "127.0.0.1".
#allowed_ips =

2
Containers/talk-recording/start.sh
View file

@ -59,6 +59,8 @@ extensionvideo = .webm
[recording] [recording]
browser = firefox browser = firefox
driverPath = /usr/bin/geckodriver
browserPath = /usr/bin/firefox
RECORDING_CONF RECORDING_CONF
exec "$@" exec "$@"

6
Containers/talk/Dockerfile
View file

@ -1,8 +1,8 @@
# syntax=docker/dockerfile:latest # syntax=docker/dockerfile:latest
FROM nats:2.12.0-scratch AS nats FROM nats:2.12.1-scratch AS nats
FROM eturnal/eturnal:1.12.2-alpine AS eturnal FROM eturnal/eturnal:1.12.2-alpine AS eturnal
FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling
FROM alpine:3.22.1 AS janus FROM alpine:3.22.2 AS janus
ARG JANUS_VERSION=v1.3.2 ARG JANUS_VERSION=v1.3.2
WORKDIR /src WORKDIR /src
@ -35,7 +35,7 @@ RUN set -ex; \
make configs; \ make configs; \
rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample
FROM alpine:3.22.1 FROM alpine:3.22.2
ENV ETURNAL_ETC_DIR="/conf" ENV ETURNAL_ETC_DIR="/conf"
ENV SKIP_CERT_VERIFY=false ENV SKIP_CERT_VERIFY=false
COPY --from=janus --chmod=777 --chown=1000:1000 /usr/local /usr/local COPY --from=janus --chmod=777 --chown=1000:1000 /usr/local /usr/local

2
Containers/watchtower/Dockerfile
View file

@ -1,7 +1,7 @@
# syntax=docker/dockerfile:latest # syntax=docker/dockerfile:latest
FROM ghcr.io/nicholas-fedor/watchtower:1.12.1 AS watchtower FROM ghcr.io/nicholas-fedor/watchtower:1.12.1 AS watchtower
FROM alpine:3.22.1 FROM alpine:3.22.2
RUN set -ex; \ RUN set -ex; \
apk upgrade --no-cache -a; \ apk upgrade --no-cache -a; \

2
Containers/whiteboard/Dockerfile
View file

@ -1,6 +1,6 @@
# syntax=docker/dockerfile:latest # syntax=docker/dockerfile:latest
# Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile
FROM ghcr.io/nextcloud-releases/whiteboard:v1.2.1 FROM ghcr.io/nextcloud-releases/whiteboard:v1.3.0
USER root USER root
RUN set -ex; \ RUN set -ex; \

2
community-containers/lldap/lldap.json
View file

@ -27,7 +27,7 @@
"LLDAP_JWT_SECRET", "LLDAP_JWT_SECRET",
"LLDAP_LDAP_USER_PASS" "LLDAP_LDAP_USER_PASS"
], ],
"ui_secret": "LLDAP_JWT_SECRET", "ui_secret": "LLDAP_LDAP_USER_PASS",
"volumes": [ "volumes": [
{ {
"source": "nextcloud_aio_lldap", "source": "nextcloud_aio_lldap",

5
community-containers/lldap/readme.md
View file

@ -18,10 +18,7 @@ Functionality with this configuration:
> For simplicity, this configuration is done via the command line (don't worry, it's very simple). > For simplicity, this configuration is done via the command line (don't worry, it's very simple).
First, you need to retrieve the LLDAP admin password, this will be used later on. Which you need to type in or copy and paste: First, you need to retrieve the LLDAP admin password that you can see next to the container in the AIO interface. There you can configure smtp first and then invite users via mail.
```bash
sudo docker inspect nextcloud-aio-lldap | grep LLDAP_LDAP_USER_PASS
```
Now go into the Nextcloud container:<br> Now go into the Nextcloud container:<br>
**Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management. This script below can be run from inside the container-management container via `bash /lldap.sh`. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management. This script below can be run from inside the container-management container via `bash /lldap.sh`.

2
nextcloud-aio-helm-chart/Chart.yaml
View file

@ -1,6 +1,6 @@
name: nextcloud-aio-helm-chart name: nextcloud-aio-helm-chart
description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
version: 11.9.0 version: 11.10.0
apiVersion: v2 apiVersion: v2
keywords: keywords:
- latest - latest

2
nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
View file

@ -61,7 +61,7 @@ spec:
value: "{{ .Values.TIMEZONE }}" value: "{{ .Values.TIMEZONE }}"
- name: WHITEBOARD_HOST - name: WHITEBOARD_HOST
value: nextcloud-aio-whiteboard value: nextcloud-aio-whiteboard
image: ghcr.io/nextcloud-releases/aio-apache:20250927_081431 image: ghcr.io/nextcloud-releases/aio-apache:20251015_082711
readinessProbe: readinessProbe:
exec: exec:
command: command:

4
nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
View file

@ -36,7 +36,7 @@ spec:
{{- end }} {{- end }}
initContainers: initContainers:
- name: init-subpath - name: init-subpath
image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431 image: ghcr.io/nextcloud-releases/aio-alpine:20251015_082711
command: command:
- mkdir - mkdir
- "-p" - "-p"
@ -59,7 +59,7 @@ spec:
value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}" value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
- name: TZ - name: TZ
value: "{{ .Values.TIMEZONE }}" value: "{{ .Values.TIMEZONE }}"
image: ghcr.io/nextcloud-releases/aio-clamav:20250927_081431 image: ghcr.io/nextcloud-releases/aio-clamav:20251015_082711
readinessProbe: readinessProbe:
exec: exec:
command: command:

2
nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
View file

@ -35,7 +35,7 @@ spec:
value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
- name: server_name - name: server_name
value: "{{ .Values.NC_DOMAIN }}" value: "{{ .Values.NC_DOMAIN }}"
image: ghcr.io/nextcloud-releases/aio-collabora:20250927_081431 image: ghcr.io/nextcloud-releases/aio-collabora:20251015_082711
readinessProbe: readinessProbe:
exec: exec:
command: command:

4
nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
View file

@ -35,7 +35,7 @@ spec:
{{- end }} {{- end }}
initContainers: initContainers:
- name: init-subpath - name: init-subpath
image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431 image: ghcr.io/nextcloud-releases/aio-alpine:20251015_082711
command: command:
- mkdir - mkdir
- "-p" - "-p"
@ -64,7 +64,7 @@ spec:
value: nextcloud value: nextcloud
- name: TZ - name: TZ
value: "{{ .Values.TIMEZONE }}" value: "{{ .Values.TIMEZONE }}"
image: ghcr.io/nextcloud-releases/aio-postgresql:20250927_081431 image: ghcr.io/nextcloud-releases/aio-postgresql:20251015_082711
readinessProbe: readinessProbe:
exec: exec:
command: command:

4
nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
View file

@ -24,7 +24,7 @@ spec:
spec: spec:
initContainers: initContainers:
- name: init-volumes - name: init-volumes
image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431 image: ghcr.io/nextcloud-releases/aio-alpine:20251015_082711
command: command:
- chmod - chmod
- "777" - "777"
@ -54,7 +54,7 @@ spec:
value: basic value: basic
- name: xpack.security.enabled - name: xpack.security.enabled
value: "false" value: "false"
image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250927_081431 image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20251015_082711
readinessProbe: readinessProbe:
exec: exec:
command: command:

2
nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
View file

@ -38,7 +38,7 @@ spec:
value: "{{ .Values.IMAGINARY_SECRET }}" value: "{{ .Values.IMAGINARY_SECRET }}"
- name: TZ - name: TZ
value: "{{ .Values.TIMEZONE }}" value: "{{ .Values.TIMEZONE }}"
image: ghcr.io/nextcloud-releases/aio-imaginary:20250927_081431 image: ghcr.io/nextcloud-releases/aio-imaginary:20251015_082711
readinessProbe: readinessProbe:
exec: exec:
command: command:

4
nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
View file

@ -38,7 +38,7 @@ spec:
# AIO settings start # Do not remove or change this line! # AIO settings start # Do not remove or change this line!
initContainers: initContainers:
- name: init-volumes - name: init-volumes
image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431 image: ghcr.io/nextcloud-releases/aio-alpine:20251015_082711
command: command:
- chmod - chmod
- "777" - "777"
@ -188,7 +188,7 @@ spec:
value: "{{ .Values.WHITEBOARD_ENABLED }}" value: "{{ .Values.WHITEBOARD_ENABLED }}"
- name: WHITEBOARD_SECRET - name: WHITEBOARD_SECRET
value: "{{ .Values.WHITEBOARD_SECRET }}" value: "{{ .Values.WHITEBOARD_SECRET }}"
image: ghcr.io/nextcloud-releases/aio-nextcloud:20250927_081431 image: ghcr.io/nextcloud-releases/aio-nextcloud:20251015_082711
{{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment! {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
securityContext: securityContext:
# The items below only work in container context # The items below only work in container context

2
nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
View file

@ -55,7 +55,7 @@ spec:
value: "{{ .Values.REDIS_PASSWORD }}" value: "{{ .Values.REDIS_PASSWORD }}"
- name: TZ - name: TZ
value: "{{ .Values.TIMEZONE }}" value: "{{ .Values.TIMEZONE }}"
image: ghcr.io/nextcloud-releases/aio-notify-push:20250927_081431 image: ghcr.io/nextcloud-releases/aio-notify-push:20251015_082711
readinessProbe: readinessProbe:
exec: exec:
command: command:

4
nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
View file

@ -24,7 +24,7 @@ spec:
spec: spec:
initContainers: initContainers:
- name: init-volumes - name: init-volumes
image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431 image: ghcr.io/nextcloud-releases/aio-alpine:20251015_082711
command: command:
- chmod - chmod
- "777" - "777"
@ -42,7 +42,7 @@ spec:
value: "{{ .Values.ONLYOFFICE_SECRET }}" value: "{{ .Values.ONLYOFFICE_SECRET }}"
- name: TZ - name: TZ
value: "{{ .Values.TIMEZONE }}" value: "{{ .Values.TIMEZONE }}"
image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250927_081431 image: ghcr.io/nextcloud-releases/aio-onlyoffice:20251015_082711
readinessProbe: readinessProbe:
exec: exec:
command: command:

2
nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
View file

@ -39,7 +39,7 @@ spec:
value: "{{ .Values.REDIS_PASSWORD }}" value: "{{ .Values.REDIS_PASSWORD }}"
- name: TZ - name: TZ
value: "{{ .Values.TIMEZONE }}" value: "{{ .Values.TIMEZONE }}"
image: ghcr.io/nextcloud-releases/aio-redis:20250927_081431 image: ghcr.io/nextcloud-releases/aio-redis:20251015_082711
readinessProbe: readinessProbe:
exec: exec:
command: command:

2
nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
View file

@ -52,7 +52,7 @@ spec:
value: "{{ .Values.TURN_SECRET }}" value: "{{ .Values.TURN_SECRET }}"
- name: TZ - name: TZ
value: "{{ .Values.TIMEZONE }}" value: "{{ .Values.TIMEZONE }}"
image: ghcr.io/nextcloud-releases/aio-talk:20250927_081431 image: ghcr.io/nextcloud-releases/aio-talk:20251015_082711
readinessProbe: readinessProbe:
exec: exec:
command: command:

2
nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
View file

@ -44,7 +44,7 @@ spec:
value: "{{ .Values.RECORDING_SECRET }}" value: "{{ .Values.RECORDING_SECRET }}"
- name: TZ - name: TZ
value: "{{ .Values.TIMEZONE }}" value: "{{ .Values.TIMEZONE }}"
image: ghcr.io/nextcloud-releases/aio-talk-recording:20250927_081431 image: ghcr.io/nextcloud-releases/aio-talk-recording:20251015_082711
readinessProbe: readinessProbe:
exec: exec:
command: command:

2
nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
View file

@ -48,7 +48,7 @@ spec:
value: redis value: redis
- name: TZ - name: TZ
value: "{{ .Values.TIMEZONE }}" value: "{{ .Values.TIMEZONE }}"
image: ghcr.io/nextcloud-releases/aio-whiteboard:20250927_081431 image: ghcr.io/nextcloud-releases/aio-whiteboard:20251015_082711
readinessProbe: readinessProbe:
exec: exec:
command: command:

10
php/composer.lock generated
View file

@ -391,16 +391,16 @@
}, },
{ {
"name": "laravel/serializable-closure", "name": "laravel/serializable-closure",
"version": "v2.0.5", "version": "v2.0.6",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/laravel/serializable-closure.git", "url": "https://github.com/laravel/serializable-closure.git",
"reference": "3832547db6e0e2f8bb03d4093857b378c66eceed" "reference": "038ce42edee619599a1debb7e81d7b3759492819"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/laravel/serializable-closure/zipball/3832547db6e0e2f8bb03d4093857b378c66eceed", "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/038ce42edee619599a1debb7e81d7b3759492819",
"reference": "3832547db6e0e2f8bb03d4093857b378c66eceed", "reference": "038ce42edee619599a1debb7e81d7b3759492819",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -448,7 +448,7 @@
"issues": "https://github.com/laravel/serializable-closure/issues", "issues": "https://github.com/laravel/serializable-closure/issues",
"source": "https://github.com/laravel/serializable-closure" "source": "https://github.com/laravel/serializable-closure"
}, },
"time": "2025-09-22T17:29:40+00:00" "time": "2025-10-09T13:42:30+00:00"
}, },
{ {
"name": "nikic/fast-route", "name": "nikic/fast-route",

5
php/src/Data/ConfigurationManager.php
View file

@ -286,11 +286,6 @@ class ConfigurationManager
$value = 0; $value = 0;
} }
// Currently only works on x64. See https://github.com/nextcloud/nextcloud-talk-recording/issues/17
if (!$this->isx64Platform()) {
$value = 0;
}
$config = $this->GetConfig(); $config = $this->GetConfig();
$config['isTalkRecordingEnabled'] = $value; $config['isTalkRecordingEnabled'] = $value;
$this->WriteConfig($config); $this->WriteConfig($config);

2
php/templates/includes/optional-containers.twig
View file

@ -96,7 +96,7 @@
data-initial-state="false" data-initial-state="false"
{% endif %} {% endif %}
> >
<label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM and ~2 additional vCPUs, currently <a target="_blank" href="https://github.com/nextcloud/nextcloud-talk-recording/issues/17">only works on x86_64</a>)</label> <label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM and ~2 additional vCPUs)</label>
</p> </p>
<p> <p>
<input <input

5
readme.md
View file

@ -52,7 +52,8 @@ Included are:
- Possibility included to [pass the needed device for hardware transcoding](https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud) to the Nextcloud container - Possibility included to [pass the needed device for hardware transcoding](https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud) to the Nextcloud container
- Possibility included to [store all docker related files on a separate drive](https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive) - Possibility included to [store all docker related files on a separate drive](https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive)
- [LDAP can be used as user backend for Nextcloud](https://github.com/nextcloud/all-in-one/tree/main#ldap) - [LDAP can be used as user backend for Nextcloud](https://github.com/nextcloud/all-in-one/tree/main#ldap)
- Migration from any former Nextcloud installation to AIO is possible. See [this documentation](https://github.com/nextcloud/all-in-one/blob/main/migration.md) - Migration from any former Nextcloud installation to AIO is possible. See [this documentation](https://github.com/nextcloud/all-in-one/blob/main/migration.md).
- Migration in the other direction (e.g. from AIO to a VM-based installation) is also possible.
- [Fail2Ban can be added](https://github.com/nextcloud/all-in-one#fail2ban) - [Fail2Ban can be added](https://github.com/nextcloud/all-in-one#fail2ban)
- [phpMyAdmin, Adminer or pgAdmin can be added](https://github.com/nextcloud/all-in-one#phpmyadmin-adminer-or-pgadmin) - [phpMyAdmin, Adminer or pgAdmin can be added](https://github.com/nextcloud/all-in-one#phpmyadmin-adminer-or-pgadmin)
- [Mail server can be added](https://github.com/nextcloud/all-in-one#mail-server) - [Mail server can be added](https://github.com/nextcloud/all-in-one#mail-server)
@ -359,7 +360,7 @@ You can adjust the MTU size of the docker network by creating it beforehand with
``` ```
docker network create --driver bridge --opt com.docker.network.driver.mtu=1440 nextcloud-aio docker network create --driver bridge --opt com.docker.network.driver.mtu=1440 nextcloud-aio
``` ```
When you open the AIO interface for the first time after you execute the `docker run` command, it will automatically connect to the `aio-nextcloud` network with the custom MTU. Keep in mind that if you previously started the mastercontainer without creating the network with the extra options, you will need to remove the old `aio-nextcloud` network and recreate it with the new configuration. When you open the AIO interface for the first time after you execute the `docker run` command, it will automatically connect to the `nextcloud-aio` network with the custom MTU. Keep in mind that if you previously started the mastercontainer without creating the network with the extra options, you will need to remove the old `nextcloud-aio` network and recreate it with the new configuration.
If you want to use docker compose, you can check out the comments in the `compose.yaml` file for more details. If you want to use docker compose, you can check out the comments in the `compose.yaml` file for more details.

4
reverse-proxy.md
View file

@ -547,7 +547,9 @@ Also change `<you>@<your-mail-provider-domain>` to a mail address of yours.
<summary>click here to expand</summary> <summary>click here to expand</summary>
Unfortunately, it is not possible to configure Nginx-proxy in a way that works because it completely relies on environmental variables of the docker containers itself. Providing these variables does not work as stated above. This section refers to the dedicated project named `nginx-proxy`. See its [GitHub repo](https://github.com/nginx-proxy/nginx-proxy). If you should be looking for Nginx, see the `Nginx, Freenginx, Openresty, Angie` section in this docu.
Unfortunately, it is not possible to configure `nginx-proxy` in a way that works because it completely relies on environmental variables of the docker containers itself. Providing these variables does not work as stated above.
If you really want to use AIO, we recommend you to switch to caddy. It is simply amazing!<br> If you really want to use AIO, we recommend you to switch to caddy. It is simply amazing!<br>