eightball/all-in-one
1
0
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2026-02-09 23:37:58 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

Merge branch 'main' into ench/noid/vulkan-ai

Browse source 
Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
This commit is contained in:
Jean-Yves 2026-01-22 20:50:16 +01:00 committed by GitHub
commit 5d30f0f82d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
184 changed files with 3865 additions and 1690 deletions
Download patch file Download diff file Expand all files Collapse all files

15
.github/ISSUE_TEMPLATE/Bug_report.md vendored
View file

@ -6,9 +6,10 @@ labels: 0. Needs triage
<!---
- Before submitting a bug report, please read through the documentation available at https://github.com/nextcloud/all-in-one#faq
- If you use Cloudflare Tunnel or Cloudflare Proxy, see https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel for known issues/limitations and workarounds.
- For issues with Collabora or Talk, make sure to follow https://github.com/nextcloud/all-in-one/discussions/1358. It may already resolve your issue and makes it easier to help you.
- Additional documentation is available here: https://github.com/nextcloud/all-in-one/discussions/categories/wiki
- You should also read through existing questions and their answer here: https://github.com/nextcloud/all-in-one/discussions/categories/questions
- Additional threads can be found here: https://help.nextcloud.com/tag/aio
- Existing feature requests are listed here: https://github.com/nextcloud/all-in-one/discussions/categories/ideas
--->
<!--- Please fill out the whole template below -->
@ -29,4 +30,10 @@ labels: 0. Needs triage
#### Docker run command or docker-compose file that you used
#### Other valuable info <!--- (like logs, screenshots & Co.) -->
#### Output of `sudo docker logs nextcloud-aio-mastercontainer`
#### Output of `sudo docker inspect nextcloud-aio-mastercontainer`
#### Output of `sudo docker ps -a`
#### Other valuable info <!--- (like additional logs, screenshots & Co.) -->

7
.github/ISSUE_TEMPLATE/config.yml vendored
View file

@ -3,15 +3,12 @@ contact_links:
- name: 📘 Documentation on Nextcloud AIO
url: https://github.com/nextcloud/all-in-one#faq
about: Please read the docs first before submitting any report or request!
- name: ⛑️ General questions and support
- name: ⛑️ Questions and support
url: https://help.nextcloud.com/tag/aio
about: For general questions, support and help
about: For questions, support and help
- name: 💡 Suggest a new feature or discuss one
url: https://github.com/nextcloud/all-in-one/discussions/categories/ideas
about: For new feature requests and discussion of existing ones
- name: ❓ Questions about Nextcloud AIO
url: https://github.com/nextcloud/all-in-one/discussions/categories/questions
about: For questions specifically about AIO
- name: 💼 Nextcloud Enterprise
url: https://portal.nextcloud.com/
about: If you are a Nextcloud Enterprise customer, or need Professional support, so it can be resolved directly by our dedicated engineers more quickly

4
.github/dependabot.yml vendored
View file

@ -10,6 +10,8 @@ updates:
labels:
- 3. to review
- dependencies
cooldown:
default-days: 7
- package-ecosystem: composer
directory: "/php/"
schedule:
@ -55,6 +57,6 @@ updates:
- dependency-name: "postgres"
update-types: ["version-update:semver-major"]
- dependency-name: "redis"
update-types: ["version-update:semver-major", "version-update:semver-minor"]
update-types: ["version-update:semver-major"]
- dependency-name: "elasticsearch"
update-types: ["version-update:semver-major"]

4
.github/workflows/codespell.yml vendored
View file

@ -12,9 +12,9 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v4
uses: actions/checkout@v6.0.1
- name: Check spelling
uses: codespell-project/actions-codespell@406322ec52dd7b488e48c1c4b82e2a8b3a1bf630 # v2
uses: codespell-project/actions-codespell@8f01853be192eb0f849a5c7d721450e7a467c579 # v2
with:
check_filenames: true
check_hidden: true

29
.github/workflows/collabora.yml vendored Normal file
View file

@ -0,0 +1,29 @@
name: collabora-update
on:
workflow_dispatch:
schedule:
- cron: '00 12 * * *'
jobs:
collabora-update:
name: update collabora
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6.0.1
- name: Run collabora-profile-update
run: |
rm -f php/cool-seccomp-profile.json
wget https://raw.githubusercontent.com/CollaboraOnline/online/refs/heads/main/docker/cool-seccomp-profile.json
mv cool-seccomp-profile.json php/
- name: Create Pull Request
uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
with:
commit-message: collabora-seccomp-update automated change
signoff: true
title: collabora seccomp update
body: Automated collabora seccomp profile update
labels: dependencies, 3. to review
milestone: next
branch: collabora-seccomp-update

2
.github/workflows/community-containers.yml vendored
View file

@ -16,7 +16,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
uses: actions/checkout@v6.0.1
- name: Validate structure
run: |
CONTAINERS="$(find ./community-containers -mindepth 1 -maxdepth 1 -type d)"

6
.github/workflows/dependency-updates.yml vendored
View file

@ -10,8 +10,8 @@ jobs:
name: Run dependency update script
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2
- uses: actions/checkout@v6.0.1
- uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
with:
php-version: 8.4
extensions: apcu
@ -44,7 +44,7 @@ jobs:
)"
sed -i "s|pecl install APCu.*\;|pecl install APCu-$apcu_version\;|" ./Containers/mastercontainer/Dockerfile
- name: Create Pull Request
uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
with:
commit-message: php dependency updates
signoff: true

2
.github/workflows/docker-lint.yml vendored
View file

@ -25,7 +25,7 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v6.0.1
- name: Install hadolint
run: |

6
.github/workflows/helm-release.yml vendored
View file

@ -13,10 +13,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v6.0.1
- name: Turnstyle
uses: softprops/turnstyle@807f6009e7cee5c2c9faa41ccef03a8bb24b06ab # v2
uses: softprops/turnstyle@e565d2d86403c5d23533937e95980570545e5586 # v2
with:
continue-after-seconds: 180
env:
@ -32,7 +32,7 @@ jobs:
# See https://github.com/helm/chart-releaser-action/issues/6
- name: Set up Helm
uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4
uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4
with:
version: v3.6.3

4
.github/workflows/imaginary-update.yml vendored
View file

@ -10,7 +10,7 @@ jobs:
name: update to latest imaginary commit on master branch
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6.0.1
- name: Run imaginary-update
run: |
# Imaginary
@ -22,7 +22,7 @@ jobs:
sed -i "s|^ENV IMAGINARY_HASH.*$|ENV IMAGINARY_HASH=$imaginary_version|" ./Containers/imaginary/Dockerfile
- name: Create Pull Request
uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
with:
commit-message: imaginary-update automated change
signoff: true

2
.github/workflows/json-validator.yml vendored
View file

@ -16,7 +16,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
uses: actions/checkout@v6.0.1
- name: Validate Json
run: |
sudo apt-get update

4
.github/workflows/lint-helm.yml vendored
View file

@ -11,12 +11,12 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v6.0.1
with:
fetch-depth: 0
- name: Install Helm
uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4
uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4
with:
version: v3.11.1

9
.github/workflows/lint-php.yml vendored
View file

@ -2,6 +2,9 @@
#
# https://github.com/nextcloud/.github
# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
#
# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: MIT
name: Lint php
@ -33,10 +36,12 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v5.0.1
with:
persist-credentials: false
- name: Set up php ${{ matrix.php-versions }}
uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2
uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2.36.0
with:
php-version: ${{ matrix.php-versions }}
coverage: none

42
.github/workflows/lint-yaml.yml vendored Normal file
View file

@ -0,0 +1,42 @@
# This workflow is provided via the organization template repository
#
# https://github.com/nextcloud/.github
# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
#
# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: MIT
name: Lint YAML
on:
pull_request:
paths:
- '**.yml'
permissions:
contents: read
jobs:
yaml-lint:
runs-on: ubuntu-latest
name: yaml
steps:
- name: Checkout
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
persist-credentials: false
- name: GitHub action templates lint
uses: ibiqlik/action-yamllint@2576378a8e339169678f9939646ee3ee325e845c # v3.1.1
with:
file_or_dir: .github/workflows
config_data: |
line-length: warning
- name: Install the latest version of uv
uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0
- name: Check GitHub actions
run: uvx zizmor --min-severity medium .github/workflows/*.yml

2
.github/workflows/lock-threads.yml vendored
View file

@ -14,7 +14,7 @@ jobs:
action:
runs-on: ubuntu-latest
steps:
- uses: dessant/lock-threads@1bf7ec25051fe7c00bdd17e6a7cf3d7bfb7dc771 # v5
- uses: dessant/lock-threads@7266a7ce5c1df01b1c6db85bf8cd86c737dadbe7 # v5
with:
issue-inactive-days: '14'
process-only: 'issues'

4
.github/workflows/nextcloud-update.yml vendored
View file

@ -11,7 +11,7 @@ jobs:
name: Run nextcloud-update script
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6.0.1
- name: Run nextcloud-update script
run: |
# Inspired by https://github.com/nextcloud/docker/blob/master/update.sh
@ -79,7 +79,7 @@ jobs:
fi
- name: Create Pull Request
uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
with:
commit-message: nextcloud-update automated change
signoff: true

4
.github/workflows/php-deprecation-detector.yml vendored
View file

@ -16,9 +16,9 @@ jobs:
name: PHP Deprecation Detector
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6.0.1
- name: Set up php
uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2
uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
with:
php-version: 8.4
extensions: apcu

123
.github/workflows/playwright-on-push.yml vendored Normal file
View file

@ -0,0 +1,123 @@
name: Playwright Tests on push
on:
pull_request:
paths:
- 'php/**'
push:
branches:
- main
paths:
- 'php/**'
concurrency:
group: playwright-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
env:
BASE_URL: https://localhost:8080
jobs:
test:
timeout-minutes: 60
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6.0.1
- uses: actions/setup-node@v6
with:
node-version: lts/*
- name: Install dependencies
run: cd php/tests && npm ci
- name: Install Playwright Browsers
run: cd php/tests && npx playwright install --with-deps chromium
- name: Set up php 8.4
uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2.36.0
with:
extensions: apcu
php-version: 8.4
coverage: none
ini-file: development
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Adjust some things and fix permissions
run: |
cd php
rm -r ./data
rm -r ./session
composer install --no-dev
composer clear-cache
sudo chmod 777 -R ./
- name: Start fresh development server
run: |
docker rm --force nextcloud-aio-{mastercontainer,apache,notify-push,nextcloud,redis,database,domaincheck,whiteboard,imaginary,talk,collabora,borgbackup} || true
docker volume rm nextcloud_aio_{mastercontainer,apache,database,database_dump,nextcloud,nextcloud_data,redis,backup_cache,elasticsearch} || true
docker pull ghcr.io/nextcloud-releases/all-in-one:develop
docker run \
-d \
--init \
--name nextcloud-aio-mastercontainer \
--restart always \
--publish 8080:8080 \
--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
--volume ./php:/var/www/docker-aio/php \
--volume /var/run/docker.sock:/var/run/docker.sock:ro \
--env SKIP_DOMAIN_VALIDATION=true \
--env APACHE_PORT=11000 \
ghcr.io/nextcloud-releases/all-in-one:develop
echo Waiting for 10 seconds for the development container to start ...
sleep 10
- name: Run Playwright tests for initial setup
run: |
cd php/tests
export DEBUG=pw:api
if ! npx playwright test tests/initial-setup.spec.js; then
docker logs nextcloud-aio-mastercontainer
docker logs nextcloud-aio-borgbackup
exit 1
fi
- name: Start fresh development server
run: |
docker rm --force nextcloud-aio-{mastercontainer,apache,notify-push,nextcloud,redis,database,domaincheck,whiteboard,imaginary,talk,collabora,borgbackup} || true
docker volume rm nextcloud_aio_{mastercontainer,apache,database,database_dump,nextcloud,nextcloud_data,redis,backup_cache,elasticsearch} || true
docker run \
-d \
--init \
--name nextcloud-aio-mastercontainer \
--restart always \
--publish 8080:8080 \
--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
--volume ./php:/var/www/docker-aio/php \
--volume /var/run/docker.sock:/var/run/docker.sock:ro \
--env SKIP_DOMAIN_VALIDATION=false \
--env APACHE_PORT=11000 \
ghcr.io/nextcloud-releases/all-in-one:develop
echo Waiting for 10 seconds for the development container to start ...
sleep 10
- name: Run Playwright tests for backup restore
run: |
cd php/tests
export DEBUG=pw:api
if ! npx playwright test tests/restore-instance.spec.js; then
docker logs nextcloud-aio-mastercontainer
docker logs nextcloud-aio-borgbackup
exit 1
fi
- uses: actions/upload-artifact@v6
if: ${{ !cancelled() }}
with:
name: playwright-report
path: php/tests/playwright-report/
retention-days: 14
overwrite: true

24
.github/workflows/playwright.yml → .github/workflows/playwright-on-workflow-dispatch.yml vendored
View file

@ -13,9 +13,9 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6.0.1
- uses: actions/setup-node@v4
- uses: actions/setup-node@v6
with:
node-version: lts/*
@ -45,7 +45,14 @@ jobs:
sleep 10
- name: Run Playwright tests for initial setup
run: cd php/tests && DEBUG=pw:api npx playwright test tests/initial-setup.spec.js
run: |
cd php/tests
export DEBUG=pw:api
if ! npx playwright test tests/initial-setup.spec.js; then
docker logs nextcloud-aio-mastercontainer
docker logs nextcloud-aio-borgbackup
exit 1
fi
- name: Start fresh development server
run: |
@ -66,9 +73,16 @@ jobs:
sleep 10
- name: Run Playwright tests for backup restore
run: cd php/tests && DEBUG=pw:api npx playwright test tests/restore-instance.spec.js
run: |
cd php/tests
export DEBUG=pw:api
if ! npx playwright test tests/restore-instance.spec.js; then
docker logs nextcloud-aio-mastercontainer
docker logs nextcloud-aio-borgbackup
exit 1
fi
- uses: actions/upload-artifact@v4
- uses: actions/upload-artifact@v6
if: ${{ !cancelled() }}
with:
name: playwright-report

6
.github/workflows/psalm-update-baseline.yml vendored
View file

@ -10,10 +10,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6.0.1
- name: Set up php
uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2
uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
with:
php-version: 8.4
extensions: apcu
@ -30,7 +30,7 @@ jobs:
continue-on-error: true
- name: Create Pull Request
uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
with:
token: ${{ secrets.COMMAND_BOT_PAT }}
commit-message: Update psalm baseline

14
.github/workflows/psalm.yml vendored
View file

@ -2,6 +2,9 @@
#
# https://github.com/nextcloud/.github
# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
#
# SPDX-FileCopyrightText: 2022-2024 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: MIT
name: Static analysis
@ -19,6 +22,9 @@ concurrency:
group: psalm-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
permissions:
contents: read
jobs:
static-analysis:
runs-on: ubuntu-latest
@ -26,15 +32,19 @@ jobs:
name: static-psalm-analysis
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v5.0.1
with:
persist-credentials: false
- name: Set up php
uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2
uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2.36.0
with:
php-version: 8.4
extensions: apcu
coverage: none
ini-file: development
# Temporary workaround for missing pcntl_* in PHP 8.3
ini-values: disable_functions=
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

2
.github/workflows/shellcheck.yml vendored
View file

@ -15,7 +15,7 @@ jobs:
name: Check Shell
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6.0.1
- name: Run Shellcheck
uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0
with:

4
.github/workflows/talk.yml vendored
View file

@ -10,7 +10,7 @@ jobs:
name: update talk
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6.0.1
- name: Run talk-container-update
run: |
# Recording
@ -45,7 +45,7 @@ jobs:
sed -i "s|^ARG JANUS_VERSION=.*$|ARG JANUS_VERSION=$janus_version|" ./Containers/talk/Dockerfile
- name: Create Pull Request
uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
with:
commit-message: talk-update automated change
signoff: true

4
.github/workflows/twig-lint.yml vendored
View file

@ -24,10 +24,10 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v6.0.1
- name: Set up php ${{ matrix.php-versions }}
uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2
uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
with:
php-version: 8.4
extensions: apcu

2
.github/workflows/update-copyright.yml vendored
View file

@ -8,4 +8,4 @@ jobs:
name: update copyright
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6.0.1

4
.github/workflows/update-helm.yml vendored
View file

@ -11,7 +11,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
uses: actions/checkout@v6.0.1
- name: update helm chart
run: |
set -x
@ -23,7 +23,7 @@ jobs:
sudo bash nextcloud-aio-helm-chart/update-helm.sh "$DOCKER_TAG"
fi
- name: Create Pull Request
uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
with:
commit-message: Helm Chart updates
signoff: true

4
.github/workflows/update-yaml.yml vendored
View file

@ -11,12 +11,12 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
uses: actions/checkout@v6.0.1
- name: update yaml files
run: |
sudo bash manual-install/update-yaml.sh
- name: Create Pull Request
uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
with:
commit-message: Yaml updates
signoff: true

37
.github/workflows/watchtower-update.yml vendored Normal file
View file

@ -0,0 +1,37 @@
name: watchtower-update
on:
workflow_dispatch:
schedule:
- cron: '00 12 * * *'
jobs:
watchtower-update:
name: update watchtower
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6.0.1
- name: Run watchtower-container-update
run: |
# Watchtower
watchtower_version="$(
git ls-remote https://github.com/nicholas-fedor/watchtower v* \
| cut -d/ -f3 \
| sort -V \
| grep -E "^v[0-9\.]+$" \
| tail -1
)"
watchtower_commit_hash="$(git ls-remote https://github.com/nicholas-fedor/watchtower $watchtower_version | sed 's/refs.*//')"
sed -i "s|^ENV WATCHTOWER_COMMIT_HASH.*$|ENV WATCHTOWER_COMMIT_HASH=$watchtower_commit_hash|" ./Containers/watchtower/Dockerfile
sed -i "s|\$WATCHTOWER_COMMIT_HASH.*$|\$WATCHTOWER_COMMIT_HASH # $watchtower_version|" ./Containers/watchtower/Dockerfile
- name: Create Pull Request
uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
with:
commit-message: watchtower-update automated change
signoff: true
title: watchtower container update
body: Automated watchtower container update
labels: dependencies, 3. to review
milestone: next
branch: watchtower-container-update

2
Containers/alpine/Dockerfile
View file

@ -1,5 +1,5 @@
# syntax=docker/dockerfile:latest
FROM alpine:3.21.3
FROM alpine:3.23.2
RUN set -ex; \
apk upgrade --no-cache -a

1
Containers/apache/Caddyfile
View file

@ -15,6 +15,7 @@
}
https://{$ADDITIONAL_TRUSTED_DOMAIN}:443,
http://{$APACHE_HOST}:23973, # For Collabora callback and WOPI requests, see containers.json
{$PROTOCOL}://{$NC_DOMAIN}:{$APACHE_PORT} {
header -Server
header -X-Powered-By

5
Containers/apache/Dockerfile
View file

@ -1,8 +1,8 @@
# syntax=docker/dockerfile:latest
FROM caddy:2.10.0-alpine AS caddy
FROM caddy:2.10.2-alpine AS caddy
# From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
FROM httpd:2.4.63-alpine3.21
FROM httpd:2.4.66-alpine3.23
COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
@ -88,4 +88,5 @@ CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
HEALTHCHECK CMD /healthcheck.sh
LABEL com.centurylinklabs.watchtower.enable="false" \
wud.watch="false" \
org.label-schema.vendor="Nextcloud"

9
Containers/apache/start.sh
View file

@ -46,7 +46,9 @@ echo "$CADDYFILE" > /tmp/Caddyfile
# Change the trusted_proxies in case of reverse proxies
if [ "$APACHE_PORT" != '443' ]; then
CADDYFILE="$(sed 's|# trusted_proxies placeholder|trusted_proxies static private_ranges|' /tmp/Caddyfile)"
# Here the 100.64.0.0/10 range gets added which is the CGNAT range used by Tailscale nodes
# See https://github.com/nextcloud/all-in-one/pull/6703 for reference
CADDYFILE="$(sed 's|# trusted_proxies placeholder|trusted_proxies static private_ranges 100.64.0.0/10|' /tmp/Caddyfile)"
else
CADDYFILE="$(sed "s|# trusted_proxies placeholder|trusted_proxies static $IPv4_ADDRESS|" /tmp/Caddyfile)"
fi
@ -64,6 +66,11 @@ caddy fmt --overwrite /tmp/Caddyfile
# Add caddy path
mkdir -p /mnt/data/caddy/
# Fix caddy startup
if [ -d "/mnt/data/caddy/locks" ]; then
rm -rf /mnt/data/caddy/locks/*
fi
# Fix apache startup
rm -f /usr/local/apache2/logs/httpd.pid

3
Containers/borgbackup/Dockerfile
View file

@ -1,5 +1,5 @@
# syntax=docker/dockerfile:latest
FROM alpine:3.21.3
FROM alpine:3.23.2
RUN set -ex; \
\
@ -24,5 +24,6 @@ ENTRYPOINT ["/start.sh"]
USER root
LABEL com.centurylinklabs.watchtower.enable="false" \
wud.watch="false" \
org.label-schema.vendor="Nextcloud"
ENV BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6"

18
Containers/borgbackup/backupscript.sh
View file

@ -138,11 +138,6 @@ if [ "$BORG_MODE" = backup ]; then
NEW_REPOSITORY=1
if ! borg init --debug --encryption=repokey-blake2; then
echo "Could not initialize borg repository."
if [ -z "$BORG_REMOTE_REPO" ]; then
# Originally we checked for presence of the config file instead of calling `borg info`. Likely `borg info`
# will error on a partially initialized repo, so this line is probably no longer necessary
rm -f "$BORG_BACKUP_DIRECTORY/config"
fi
exit 1
fi
@ -199,7 +194,7 @@ if [ "$BORG_MODE" = backup ]; then
if [ -f "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/.noaiobackup" ]; then
BORG_EXCLUDE+=(--exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/")
BORG_INCLUDE+=(--pattern="+/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/.noaiobackup")
echo "⚠️⚠️⚠️ '.noaiobackup' file was found in Nextclouds data directory. Excluding the data directory from backup!"
echo "⚠️⚠️⚠️ '.noaiobackup' file was found in Nextcloud's data directory. Excluding the data directory from backup!"
# Exclude preview folder if .noaiobackup file was found
elif [ -f /nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/appdata_*/preview/.noaiobackup ]; then
BORG_EXCLUDE+=(--exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/appdata_*/preview/")
@ -344,7 +339,7 @@ if [ "$BORG_MODE" = restore ]; then
ADDITIONAL_RSYNC_EXCLUDES=(--exclude "nextcloud_aio_nextcloud_data/**")
ADDITIONAL_BORG_EXCLUDES=(--exclude "sh:nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/**")
ADDITIONAL_FIND_EXCLUDES=(-o -regex 'nextcloud_aio_volumes/nextcloud_aio_nextcloud_data\(/.*\)?')
echo "⚠️⚠️⚠️ '.noaiobackup' file was found in Nextclouds data directory. Excluding the data directory from restore!"
echo "⚠️⚠️⚠️ '.noaiobackup' file was found in Nextcloud's data directory. Excluding the data directory from restore!"
echo "You might run into problems due to this afterwards as potentially this makes the directory go out of sync with the database."
echo "You might be able to fix this by running 'occ files:scan --all' and 'occ maintenance:repair' and 'occ files:scan-app-data' after the restore."
echo "See https://github.com/nextcloud/all-in-one#how-to-run-occ-commands"
@ -617,3 +612,12 @@ if [ "$BORG_MODE" = test ]; then
fi
fi
fi
if [ "$BORG_MODE" = list ]; then
echo "Updating backup list..."
if ! borg info > /dev/null; then
echo "Could not update the backup list."
exit 1
fi
# The update gets done automatically in the wrapper start.sh script.
fi

4
Containers/borgbackup/start.sh
View file

@ -32,8 +32,8 @@ else
fi
# Validate BORG_MODE
if [ "$BORG_MODE" != backup ] && [ "$BORG_MODE" != restore ] && [ "$BORG_MODE" != check ] && [ "$BORG_MODE" != "check-repair" ] && [ "$BORG_MODE" != test ]; then
echo "No correct BORG_MODE mode applied. Valid are 'backup', 'check', 'restore' and 'test'."
if [ "$BORG_MODE" != backup ] && [ "$BORG_MODE" != restore ] && [ "$BORG_MODE" != check ] && [ "$BORG_MODE" != "check-repair" ] && [ "$BORG_MODE" != "test" ] && [ "$BORG_MODE" != "list" ]; then
echo "No correct BORG_MODE mode applied. Valid are 'backup', 'check', 'restore', 'test' and 'list'."
exit 1
fi

27
Containers/clamav/Dockerfile
View file

@ -1,27 +1,38 @@
# syntax=docker/dockerfile:latest
FROM alpine:3.21.3
FROM alpine:3.23.2
RUN set -ex; \
apk upgrade --no-cache -a; \
apk add --no-cache tzdata clamav supervisor bash; \
mkdir -p /run/clamav /var/log/supervisord /var/run/supervisord; \
chmod 777 -R /run/clamav /var/log/clamav /var/log/supervisord /var/run/supervisord; \
apk add --no-cache tzdata clamav clamav-milter supervisor bash; \
mkdir -p /tmp /var/lib/clamav /run/clamav /var/log/supervisord /var/run/supervisord; \
chmod 777 -R /tmp /run/clamav /var/log/clamav /var/log/supervisord /var/run/supervisord; \
chown -R 100:100 /var/lib/clamav; \
sed -i "s|#\?MaxDirectoryRecursion.*|MaxDirectoryRecursion 30|g" /etc/clamav/clamd.conf; \
sed -i "s|#\?MaxFileSize.*|MaxFileSize 2G|g" /etc/clamav/clamd.conf; \
sed -i "s|#\?PCREMaxFileSize.*|PCREMaxFileSize aio-placeholder|g" /etc/clamav/clamd.conf; \
sed -i "s|#\?StreamMaxLength.*|StreamMaxLength aio-placeholder|g" /etc/clamav/clamd.conf; \
sed -i "s|#\?MaxScanSize.*|MaxScanSize 2000M|g" /etc/clamav/clamd.conf; \
sed -i "s|#\?MaxFileSize.*|MaxFileSize 2000M|g" /etc/clamav/clamd.conf; \
sed -i "s|#\?PCREMaxFileSize.*|PCREMaxFileSize 2000M|g" /etc/clamav/clamd.conf; \
# StreamMaxLength must be synced with av_stream_max_length inside the Nextcloud files_antivirus plugin
sed -i "s|#\?StreamMaxLength.*|StreamMaxLength 2000M|g" /etc/clamav/clamd.conf; \
sed -i "s|#\?TCPSocket|TCPSocket|g" /etc/clamav/clamd.conf; \
sed -i "s|^LocalSocket .*|LocalSocket /tmp/clamd.sock|g" /etc/clamav/clamd.conf; \
freshclam --foreground --stdout
sed -i "s|Example| |g" /etc/clamav/clamav-milter.conf; \
sed -i "s|#\?MilterSocket inet:7357|MilterSocket inet:7357|g" /etc/clamav/clamav-milter.conf; \
sed -i "s|#\?ClamdSocket unix:/run/clamav/clamd.sock|ClamdSocket unix:/tmp/clamd.sock|g" /etc/clamav/clamav-milter.conf; \
sed -i "s|#\?OnInfected Quarantine|OnInfected Reject|g" /etc/clamav/clamav-milter.conf; \
sed -i "s|#\?AddHeader Replace|AddHeader Add|g" /etc/clamav/clamav-milter.conf; \
sed -i "s|#\?Foreground yes|Foreground yes|g" /etc/clamav/clamav-milter.conf
COPY --chmod=775 start.sh /start.sh
COPY --chmod=775 healthcheck.sh /healthcheck.sh
COPY --chmod=664 supervisord.conf /supervisord.conf
USER 100
RUN set -ex; \
freshclam --foreground --stdout
VOLUME /var/lib/clamav
ENTRYPOINT ["/start.sh"]
CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
LABEL com.centurylinklabs.watchtower.enable="false" \
wud.watch="false" \
org.label-schema.vendor="Nextcloud"
HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh

3
Containers/clamav/start.sh
View file

@ -1,6 +1,7 @@
#!/bin/bash
sed "s|aio-placeholder|$MAX_SIZE|" /etc/clamav/clamd.conf > /tmp/clamd.conf
# Print out clamav version for compliance reasons
clamscan --version
echo "Clamav started"

11
Containers/clamav/supervisord.conf
View file

@ -13,11 +13,18 @@ stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
command=freshclam --foreground --stdout --daemon --daemon-notify=/tmp/clamd.conf
command=freshclam --foreground --stdout --daemon --daemon-notify=/etc/clamav/clamd.conf
[program:clamd]
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
command=clamd --foreground --config-file=/tmp/clamd.conf
command=clamd --foreground --config-file=/etc/clamav/clamd.conf
[program:milter]
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
command=clamav-milter --config-file=/etc/clamav/clamav-milter.conf

16
Containers/collabora-online/Dockerfile Normal file
View file

@ -0,0 +1,16 @@
# syntax=docker/dockerfile:latest
# From https://gitlab.collabora.com/collabora-online/docker
# hadolint ignore=DL3007
FROM registry.gitlab.collabora.com/collabora-online/docker:latest
USER root
ARG DEBIAN_FRONTEND=noninteractive
COPY --chmod=775 healthcheck.sh /healthcheck.sh
USER 1001
HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
LABEL com.centurylinklabs.watchtower.enable="false" \
wud.watch="false" \
org.label-schema.vendor="Nextcloud"

7
Containers/collabora-online/healthcheck.sh Normal file
View file

@ -0,0 +1,7 @@
#!/bin/bash
# Unfortunately, no curl and no nc is installed in the container
# and packages can also not be added as the package list is broken.
# So always exiting 0 for now.
# nc http://127.0.0.1:9980 || exit 1
exit 0

3
Containers/collabora/Dockerfile
View file

@ -1,6 +1,6 @@
# syntax=docker/dockerfile:latest
# From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
FROM collabora/code:25.04.3.1.1
FROM collabora/code:25.04.8.1.1
USER root
ARG DEBIAN_FRONTEND=noninteractive
@ -11,4 +11,5 @@ USER 1001
HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
LABEL com.centurylinklabs.watchtower.enable="false" \
wud.watch="false" \
org.label-schema.vendor="Nextcloud"

3
Containers/docker-socket-proxy/Dockerfile
View file

@ -1,5 +1,5 @@
# syntax=docker/dockerfile:latest
FROM haproxy:3.2.2-alpine
FROM haproxy:3.3.1-alpine
# hadolint ignore=DL3002
USER root
@ -19,4 +19,5 @@ COPY --chmod=664 haproxy.cfg /haproxy.cfg
ENTRYPOINT ["/start.sh"]
HEALTHCHECK CMD /healthcheck.sh
LABEL com.centurylinklabs.watchtower.enable="false" \
wud.watch="false" \
org.label-schema.vendor="Nextcloud"

3
Containers/domaincheck/Dockerfile
View file

@ -1,5 +1,5 @@
# syntax=docker/dockerfile:latest
FROM alpine:3.21.3
FROM alpine:3.23.2
RUN set -ex; \
apk upgrade --no-cache -a; \
apk add --no-cache bash lighttpd netcat-openbsd; \
@ -18,4 +18,5 @@ ENTRYPOINT ["/start.sh"]
HEALTHCHECK CMD nc -z 127.0.0.1 $APACHE_PORT || exit 1
LABEL com.centurylinklabs.watchtower.enable="false" \
wud.watch="false" \
org.label-schema.vendor="Nextcloud"

3
Containers/fulltextsearch/Dockerfile
View file

@ -1,6 +1,6 @@
# syntax=docker/dockerfile:latest
# Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
FROM elasticsearch:8.18.2
FROM elasticsearch:8.19.10
USER root
@ -22,5 +22,6 @@ USER 1000:0
HEALTHCHECK --interval=10s --timeout=5s --start-period=1m --retries=5 CMD /healthcheck.sh
LABEL com.centurylinklabs.watchtower.enable="false" \
wud.watch="false" \
org.label-schema.vendor="Nextcloud"
ENV ES_JAVA_OPTS="-Xms512M -Xmx512M"

7
Containers/imaginary/Dockerfile
View file

@ -1,7 +1,7 @@
# syntax=docker/dockerfile:latest
FROM golang:1.24.4-alpine3.21 AS go
FROM golang:1.25.6-alpine3.23 AS go
ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
RUN set -ex; \
apk upgrade --no-cache -a; \
@ -14,7 +14,7 @@ RUN set -ex; \
build-base; \
go install github.com/h2non/imaginary@"$IMAGINARY_HASH";
FROM alpine:3.21.3
FROM alpine:3.23.2
RUN set -ex; \
apk upgrade --no-cache -a; \
apk add --no-cache \
@ -43,4 +43,5 @@ ENTRYPOINT ["/start.sh"]
HEALTHCHECK CMD /healthcheck.sh
LABEL com.centurylinklabs.watchtower.enable="false" \
wud.watch="false" \
org.label-schema.vendor="Nextcloud"

39
Containers/mastercontainer/Dockerfile
View file

@ -1,23 +1,30 @@
# syntax=docker/dockerfile:latest
# Docker CLI is a requirement
FROM docker:28.3.0-cli AS docker
FROM docker:29.1.5-cli AS docker
# Caddy is a requirement
FROM caddy:2.10.0-alpine AS caddy
FROM caddy:2.10.2-alpine AS caddy
# From https://github.com/docker-library/php/blob/master/8.4/alpine3.21/fpm/Dockerfile
FROM php:8.4.8-fpm-alpine3.21
ARG AIO_GIT_URL="https://github.com/nextcloud-releases/all-in-one.git"
ARG AIO_GIT_BRANCH="main"
# From https://github.com/docker-library/php/blob/master/8.4/alpine3.23/fpm/Dockerfile
FROM php:8.4.17-fpm-alpine3.23
EXPOSE 80
EXPOSE 8080
EXPOSE 8443
# Overwrite home variable for subservices
ENV HOME=/var/www
COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
COPY --from=docker /usr/local/bin/docker /usr/local/bin/docker
COPY community-containers /var/www/docker-aio/community-containers
COPY php /var/www/docker-aio/php
COPY --chmod=775 Containers/mastercontainer/*.sh /
COPY --chmod=664 Containers/mastercontainer/Caddyfile /Caddyfile
COPY --chmod=664 Containers/mastercontainer/supervisord.conf /supervisord.conf
COPY Containers/mastercontainer/mastercontainer.conf /etc/apache2/sites-available/mastercontainer.conf
WORKDIR /var/www/docker-aio
# hadolint ignore=SC2086,DL3047,DL3003,DL3004
@ -45,7 +52,7 @@ RUN set -ex; \
apk add --no-cache --virtual .build-deps \
autoconf \
build-base; \
pecl install APCu-5.1.24; \
pecl install APCu-5.1.28; \
docker-php-ext-enable apcu; \
rm -r /tmp/pear; \
runDeps="$( \
@ -67,13 +74,11 @@ RUN set -ex; \
wget https://getcomposer.org/installer -O - | php -- --install-dir=/usr/local/bin --filename=composer; \
chmod +x /usr/local/bin/composer; \
cd /var/www/docker-aio; \
git clone "$AIO_GIT_URL" --depth 1 --single-branch --branch "$AIO_GIT_BRANCH" .; \
find ./ -maxdepth 1 -mindepth 1 -not -path ./php -not -path ./community-containers -exec rm -r {} \; ; \
rm -r ./php/tests; \
chown www-data:www-data -R /var/www/docker-aio; \
cd php; \
sudo -u www-data composer install --no-dev; \
sudo -u www-data composer clear-cache; \
sudo -E -u www-data composer install --no-dev; \
sudo -E -u www-data composer clear-cache; \
cd ..; \
rm -f /usr/local/bin/composer; \
chmod -R 770 /var/www/docker-aio; \
@ -120,12 +125,10 @@ RUN set -ex; \
mkdir /var/log/supervisord; \
mkdir /var/run/supervisord;
COPY --chmod=775 *.sh /
COPY --chmod=664 Caddyfile /Caddyfile
COPY --chmod=664 supervisord.conf /supervisord.conf
COPY mastercontainer.conf /etc/apache2/sites-available/mastercontainer.conf
LABEL org.label-schema.vendor="Nextcloud"
# hadolint ignore=DL3048
LABEL org.label-schema.vendor="Nextcloud" \
wud.watch="false" \
com.docker.compose.project="nextcloud-aio"
# hadolint ignore=DL3002
USER root

69
Containers/mastercontainer/README.md Normal file
View file

@ -0,0 +1,69 @@
# Nextcloud All-in-One `mastercontainer`
This folder contains the OCI/Docker container definition, along with associated resources and
configuration files, for building the `mastercontainer` as part of the Nextcloud All-in-One
project. This container hosts [the Nextcloud AIO interface](
https://github.com/nextcloud/all-in-one/tree/main/php)[^app], and a dedicated PHP environment
for it (which is completely independent of the Nextcloud Server).
## Overview
The mastercontainer acts as the central orchestration service for the deployment and management
of all other containers in the Nextcloud All-in-One stack. It hosts:
- A dedicated PHP SAPI/backend (php-fpm) for AIO itself (not Nextcloud Server)
- An Apache service for accessing the AIO interface via a self-signed HTTPS VirtualHost on 8080/tcp
- A Caddy reverse proxy service enabling HTTPS access to the AIO frontend on port 8443/tcp.
- Caddy will automatically issue a Let's Encrypt issued certificate if port 80 and 8443
is open/forwarded and a domain pointer is in place; then, simply open the Nextcloud AIO interface using the
domain (`https://your-domain-that-points-to-this-server.tld:8443`). The Let's Encrypt certificate request will
use an [ACME HTTP-01](https://letsencrypt.org/docs/challenge-types/#http-01-challenge) challenge.
- Miscellaneous support services specific to AIO (backup management, health checks, etc.)
## Key Responsibilities
- Orchestrates the deployment and lifecycle of all Nextcloud service containers
- Handles initial setup and container configuration
- Coordinates image updates
- Monitors general system health
It triggers the initial installation and ensures the smooth operation of the Nextcloud
All-in-One stack.
## Contents
- **Dockerfile**: Instructions for building the mastercontainer image.
- **Entrypoint script**: The `start.sh` script is used for container initialization and runtime
configuration before starting supervisord.
- [**Nextcloud All-in-One Controller App**](https://github.com/nextcloud/all-in-one/tree/main/php): The
core AIO orchestrator that handles configuration and settings for the containers.
- **Supervisor**: The `supervisord.conf` file defines the long-running services hosted within
the container (php-fpm, cron, etc.)
## Usage
This container should be used as the trigger image when deploying the Nextcloud All-in-One
stack in a Docker or other OCI-compliant container environment. For detailed deployment
instructions, refer to the [project documentation](
https://github.com/nextcloud/all-in-one).
## Related Resources
- [Main Repository](https://github.com/nextcloud/all-in-one)
- [Documentation](https://github.com/nextcloud/all-in-one#readme)
## Contributing
Contributions are welcome! Please follow the Nextcloud project's guidelines and submit pull
requests or issues via the main repository.
## License
This folder and its contents are licensed under the
[GNU AGPLv3](https://www.gnu.org/licenses/agpl-3.0.html), in line with the rest of Nextcloud
All-in-One.
[^app]: The Nextcloud All-in-One interface allows users to install, configure, and
manage their Nextcloud instance and related containers via a secure web interface and API.
It automates and simplifies complex tasks such as container orchestration, backups, updates,
and service management for users deploying Nextcloud in Docker environments.

16
Containers/mastercontainer/cron.sh
View file

@ -45,29 +45,29 @@ while true; do
# Check for updates and send notification if yes on saturdays
if [ "$(date +%u)" = 6 ]; then
sudo -u www-data php /var/www/docker-aio/php/src/Cron/UpdateNotification.php
sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/UpdateNotification.php
fi
# Check if AIO is outdated
sudo -u www-data php /var/www/docker-aio/php/src/Cron/OutdatedNotification.php
sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/OutdatedNotification.php
# Remove sessions older than 24h
find "/mnt/docker-aio-config/session/" -mindepth 1 -mmin +1440 -delete
# Remove nextcloud-aio-domaincheck container
if sudo -u www-data docker ps --format "{{.Names}}" --filter "status=exited" | grep -q "^nextcloud-aio-domaincheck$"; then
sudo -u www-data docker container remove nextcloud-aio-domaincheck
if sudo -E -u www-data docker ps --format "{{.Names}}" --filter "status=exited" | grep -q "^nextcloud-aio-domaincheck$"; then
sudo -E -u www-data docker container remove nextcloud-aio-domaincheck
fi
# Remove dangling images
sudo -u www-data docker image prune --force
sudo -E -u www-data docker image prune --filter "label=org.label-schema.vendor=Nextcloud" --force
# Check for available free space
sudo -u www-data php /var/www/docker-aio/php/src/Cron/CheckFreeDiskSpace.php
sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/CheckFreeDiskSpace.php
# Remove mastercontainer from default bridge network
if sudo -u www-data docker inspect nextcloud-aio-mastercontainer --format "{{.NetworkSettings.Networks}}" | grep -q "bridge"; then
sudo -u www-data docker network disconnect bridge nextcloud-aio-mastercontainer
if sudo -E -u www-data docker inspect nextcloud-aio-mastercontainer --format "{{.NetworkSettings.Networks}}" | grep -q "bridge"; then
sudo -E -u www-data docker network disconnect bridge nextcloud-aio-mastercontainer
fi
# Wait 60s so that the whole loop will not be executed again

26
Containers/mastercontainer/daily-backup.sh
View file

@ -20,11 +20,11 @@ fi
if [ "$LOCK_FILE_PRESENT" = 0 ] || ! [ -f "/mnt/docker-aio-config/data/daily_backup_running" ]; then
find "/mnt/docker-aio-config/session/" -mindepth 1 -delete
fi
sudo -u www-data touch "/mnt/docker-aio-config/data/daily_backup_running"
sudo -E -u www-data touch "/mnt/docker-aio-config/data/daily_backup_running"
# Check if apache is running/stopped, watchtower is stopped and backupcontainer is stopped
APACHE_PORT="$(docker inspect nextcloud-aio-apache --format "{{.Config.Env}}" | grep -o 'APACHE_PORT=[0-9]\+' | grep -o '[0-9]\+' | head -1)"
if [ -z "$APACHE_PORT" ]; then
LOCAL_APACHE_PORT="$(docker inspect nextcloud-aio-apache --format "{{.Config.Env}}" | grep -o 'APACHE_PORT=[0-9]\+' | grep -o '[0-9]\+' | head -1)"
if [ -z "$LOCAL_APACHE_PORT" ]; then
echo "APACHE_PORT is not set which is not expected..."
else
# Connect mastercontainer to nextcloud-aio network to make sure that nextcloud-aio-apache is reachable
@ -32,7 +32,7 @@ else
docker network connect nextcloud-aio nextcloud-aio-mastercontainer &>/dev/null
# Wait for apache to start
while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-apache$" && ! nc -z nextcloud-aio-apache "$APACHE_PORT"; do
while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-apache$" && ! nc -z nextcloud-aio-apache "$LOCAL_APACHE_PORT"; do
echo "Waiting for apache to become available"
sleep 30
done
@ -50,7 +50,7 @@ done
if [ "$AUTOMATIC_UPDATES" = 1 ]; then
echo "Starting mastercontainer update..."
echo "(The script might get exited due to that. In order to update all the other containers correctly, you need to run this script with the same settings a second time.)"
sudo -u www-data php /var/www/docker-aio/php/src/Cron/UpdateMastercontainer.php
sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/UpdateMastercontainer.php
fi
# Wait for watchtower to stop
@ -64,17 +64,23 @@ if [ "$AUTOMATIC_UPDATES" = 1 ]; then
done
fi
# Update container images to reduce downtime later on
if [ "$AUTOMATIC_UPDATES" = 1 ]; then
echo "Updating container images..."
sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/PullContainerImages.php
fi
# Stop containers if required
# shellcheck disable=SC2235
if [ "$CHECK_BACKUP" != 1 ] && ([ "$DAILY_BACKUP" != 1 ] || [ "$STOP_CONTAINERS" = 1 ]); then
echo "Stopping containers..."
sudo -u www-data php /var/www/docker-aio/php/src/Cron/StopContainers.php
sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/StopContainers.php
fi
# Execute the backup itself and some related tasks (also stops the containers)
if [ "$DAILY_BACKUP" = 1 ]; then
echo "Creating daily backup..."
sudo -u www-data php /var/www/docker-aio/php/src/Cron/CreateBackup.php
sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/CreateBackup.php
if ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-borgbackup$"; then
echo "Something seems to be wrong: the borg container should be started at this step."
fi
@ -87,17 +93,17 @@ fi
# Execute backup check
if [ "$CHECK_BACKUP" = 1 ]; then
echo "Starting backup check..."
sudo -u www-data php /var/www/docker-aio/php/src/Cron/CheckBackup.php
sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/CheckBackup.php
fi
# Start and/or update containers
if [ "$AUTOMATIC_UPDATES" = 1 ]; then
echo "Starting and updating containers..."
sudo -u www-data php /var/www/docker-aio/php/src/Cron/StartAndUpdateContainers.php
sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/StartAndUpdateContainers.php
else
if [ "$START_CONTAINERS" = 1 ]; then
echo "Starting containers without updating them..."
sudo -u www-data php /var/www/docker-aio/php/src/Cron/StartContainers.php
sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/StartContainers.php
fi
fi

8
Containers/mastercontainer/mastercontainer.conf
View file

@ -1,5 +1,5 @@
Listen 8000
Listen 8080
Listen 127.0.0.1:8000
Listen 8080 https
# Deny access to .ht files
<Files ".ht*">
@ -7,8 +7,8 @@ Listen 8080
</Files>
# Http host
<VirtualHost *:8000>
ServerName localhost
<VirtualHost 127.0.0.1:8000>
ServerName 127.0.0.1
# Add error log
CustomLog /proc/self/fd/1 proxy

99
Containers/mastercontainer/start.sh
View file

@ -33,17 +33,25 @@ if [ "$*" != "" ]; then
fi
# Check if socket is available and readable
if ! [ -a "/var/run/docker.sock" ]; then
if ! [ -e "/var/run/docker.sock" ]; then
print_red "Docker socket is not available. Cannot continue."
echo "Please make sure to mount the docker socket into /var/run/docker.sock inside the container!"
echo "If you did this by purpose because you don't want the container to have access to the docker socket, see https://github.com/nextcloud/all-in-one/tree/main/manual-install."
echo "And https://github.com/nextcloud/all-in-one/blob/main/manual-install/latest.yml"
exit 1
elif ! mountpoint -q "/mnt/docker-aio-config"; then
print_red "/mnt/docker-aio-config is not a mountpoint. Cannot proceed!"
echo "Please make sure to mount the nextcloud_aio_mastercontainer docker volume into /mnt/docker-aio-config inside the container!"
echo "If you are on TrueNas SCALE, see https://github.com/nextcloud/all-in-one#can-i-run-aio-on-truenas-scale"
exit 1
elif ! sudo -u www-data test -r /var/run/docker.sock; then
elif mountpoint -q /var/www/docker-aio/php/containers.json; then
print_red "/var/www/docker-aio/php/containers.json is a mountpoint. Cannot proceed!"
echo "This is a not-supported customization of the mastercontainer!"
echo "Please remove this bind-mount from the mastercontainer."
echo "If you need to customize things, feel free to use https://github.com/nextcloud/all-in-one/tree/main/manual-install"
echo "See https://github.com/nextcloud/all-in-one/blob/main/manual-install/latest.yml"
exit 1
elif ! sudo -E -u www-data test -r /var/run/docker.sock; then
echo "Trying to fix docker.sock permissions internally..."
DOCKER_GROUP=$(stat -c '%G' /var/run/docker.sock)
DOCKER_GROUP_ID=$(stat -c '%g' /var/run/docker.sock)
@ -61,28 +69,68 @@ elif ! sudo -u www-data test -r /var/run/docker.sock; then
groupadd -g "$DOCKER_GROUP_ID" docker
usermod -aG docker www-data
fi
if ! sudo -u www-data test -r /var/run/docker.sock; then
if ! sudo -E -u www-data test -r /var/run/docker.sock; then
print_red "Docker socket is not readable by the www-data user. Cannot continue."
exit 1
fi
fi
# Check if api version is supported
if ! sudo -u www-data docker info &>/dev/null; then
print_red "Cannot connect to the docker socket. Cannot proceed."
echo "Did you maybe remove group read permissions for the docker socket? AIO needs them in order to access the docker socket."
echo "If SELinux is enabled on your host, see https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled"
echo "If you are on TrueNas SCALE, see https://github.com/nextcloud/all-in-one#can-i-run-aio-on-truenas-scale"
exit 1
fi
# Get default docker api version
API_VERSION_FILE="$(find ./ -name DockerActionManager.php | head -1)"
API_VERSION="$(grep -oP 'const string API_VERSION.*\;' "$API_VERSION_FILE" | grep -oP '[0-9]+.[0-9]+' | head -1)"
if [ -z "$API_VERSION" ]; then
print_red "Could not get API_VERSION. Something is wrong!"
exit 1
fi
# Check if DOCKER_API_VERSION is set globally
if [ -n "$DOCKER_API_VERSION" ]; then
if ! echo "$DOCKER_API_VERSION" | grep -q '^[0-9].[0-9]\+$'; then
print_red "You've set DOCKER_API_VERSION but not to an allowed value.
The string must be a version number like e.g. '1.44'.
It is set to '$DOCKER_API_VERSION'."
exit 1
fi
print_red "DOCKER_API_VERSION was found to be set to '$DOCKER_API_VERSION'."
print_red "Please note that only v$API_VERSION is officially supported and tested by the maintainers of Nextcloud AIO."
print_red "So you run on your own risk and things might break without warning."
else
# Export docker api version to use it everywhere
export DOCKER_API_VERSION="$API_VERSION"
fi
# Set a fallback docker api version. Needed for api version check.
# The check will not work otherwise on old docker versions
FALLBACK_DOCKER_API_VERSION="1.41"
# Check if docker info can be used
if ! sudo -E -u www-data docker info &>/dev/null; then
if ! sudo -E -u www-data DOCKER_API_VERSION="$FALLBACK_DOCKER_API_VERSION" docker info &>/dev/null; then
print_red "Cannot connect to the docker socket. Cannot proceed."
echo "Did you maybe remove group read permissions for the docker socket? AIO needs them in order to access the docker socket."
echo "If SELinux is enabled on your host, see https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled"
echo "If you are on TrueNas SCALE, see https://github.com/nextcloud/all-in-one#can-i-run-aio-on-truenas-scale"
echo "On macOS, see https://github.com/nextcloud/all-in-one#how-to-run-aio-on-macos"
echo "Another possibility might be that Docker api v$API_VERSION is not supported by your docker daemon."
echo "In that case, you should report this to https://github.com/nextcloud/all-in-one/issues"
echo ""
exit 1
fi
fi
# Docker api version check
# shellcheck disable=SC2001
API_VERSION_NUMB="$(echo "$API_VERSION" | sed 's/\.//')"
LOCAL_API_VERSION_NUMB="$(sudo -u www-data docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')"
API_VERSION_NUMB="$(echo "$DOCKER_API_VERSION" | sed 's/\.//')"
LOCAL_API_VERSION_NUMB="$(sudo -E -u www-data docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')"
if [ -z "$LOCAL_API_VERSION_NUMB" ]; then
LOCAL_API_VERSION_NUMB="$(sudo -E -u www-data DOCKER_API_VERSION="$FALLBACK_DOCKER_API_VERSION" docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')"
fi
if [ -n "$LOCAL_API_VERSION_NUMB" ] && [ -n "$API_VERSION_NUMB" ]; then
if ! [ "$LOCAL_API_VERSION_NUMB" -ge "$API_VERSION_NUMB" ]; then
print_red "Docker API v$API_VERSION is not supported by your docker engine. Cannot proceed. Please upgrade your docker engine if you want to run Nextcloud AIO!"
print_red "Docker API v$DOCKER_API_VERSION is not supported by your docker engine. Cannot proceed. Please upgrade your docker engine if you want to run Nextcloud AIO!"
echo "Alternatively, set the DOCKER_API_VERSION environmental variable to a compatible version."
echo "However please note that only v$API_VERSION is officially supported and tested by the maintainers of Nextcloud AIO."
echo "See https://github.com/nextcloud/all-in-one#how-to-adjust-the-internally-used-docker-api-version"
exit 1
fi
else
@ -91,7 +139,7 @@ else
fi
# Check Storage drivers
STORAGE_DRIVER="$(sudo -u www-data docker info | grep "Storage Driver")"
STORAGE_DRIVER="$(sudo -E -u www-data docker info | grep "Storage Driver")"
# Check if vfs is used: https://github.com/nextcloud/all-in-one/discussions/1467
if echo "$STORAGE_DRIVER" | grep -q vfs; then
echo "$STORAGE_DRIVER"
@ -102,23 +150,23 @@ elif echo "$STORAGE_DRIVER" | grep -q fuse-overlayfs; then
fi
# Check if snap install
if sudo -u www-data docker info | grep "Docker Root Dir" | grep "/var/snap/docker/"; then
if sudo -E -u www-data docker info | grep "Docker Root Dir" | grep "/var/snap/docker/"; then
print_red "Warning: It looks like your installation uses docker installed via snap."
print_red "This comes with some limitations and is disrecommended by the docker maintainers."
print_red "See for example https://github.com/nextcloud/all-in-one/discussions/4890#discussioncomment-10386752"
fi
# Check if startup command was executed correctly
if ! sudo -u www-data docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-mastercontainer$"; then
if ! sudo -E -u www-data docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-mastercontainer$"; then
print_red "It seems like you did not give the mastercontainer the correct name? (The 'nextcloud-aio-mastercontainer' container was not found.)
Using a different name is not supported since mastercontainer updates will not work in that case!
If you are on docker swarm and try to run AIO, see https://github.com/nextcloud/all-in-one#can-i-run-this-with-docker-swarm"
exit 1
elif ! sudo -u www-data docker volume ls --format "{{.Name}}" | grep -q "^nextcloud_aio_mastercontainer$"; then
elif ! sudo -E -u www-data docker volume ls --format "{{.Name}}" | grep -q "^nextcloud_aio_mastercontainer$"; then
print_red "It seems like you did not give the mastercontainer volume the correct name? (The 'nextcloud_aio_mastercontainer' volume was not found.)
Using a different name is not supported since the built-in backup solution will not work in that case!"
exit 1
elif ! sudo -u www-data docker inspect nextcloud-aio-mastercontainer | grep -q "nextcloud_aio_mastercontainer"; then
elif ! sudo -E -u www-data docker inspect nextcloud-aio-mastercontainer | grep -q "nextcloud_aio_mastercontainer"; then
print_red "It seems like you did not attach the 'nextcloud_aio_mastercontainer' volume to the mastercontainer?
This is not supported since the built-in backup solution will not work in that case!"
exit 1
@ -269,6 +317,7 @@ if ! curl --no-progress-meter https://ghcr.io/v2/ >/dev/null; then
echo "Most likely is something blocking access to it."
echo "You should be able to fix this by following https://dockerlabs.collabnix.com/intermediate/networking/Configuring_DNS.html"
echo "Another solution is using https://github.com/nextcloud/all-in-one/tree/main/manual-install"
echo "See https://github.com/nextcloud/all-in-one/blob/main/manual-install/latest.yml"
exit 1
fi
@ -279,6 +328,13 @@ if [ -n "$TZ" ]; then
# Disable exit since it seems to be by default set on unraid and we dont want to break these instances
# exit 1
fi
# Check that http proxy or no_proxy variable is not set which AIO does not support
if [ -n "$HTTP_PROXY" ] || [ -n "$http_proxy" ] || [ -n "$HTTPS_PROXY" ] || [ -n "$https_proxy" ] || [ -n "$NO_PROXY" ] || [ -n "$no_proxy" ]; then
print_red "The environmental variable HTTP_PROXY, http_proxy, HTTPS_PROXY, https_proxy, NO_PROXY or no_proxy has been set which is not supported by AIO."
echo "If you need this, then you should use https://github.com/nextcloud/all-in-one/tree/main/manual-install"
echo "See https://github.com/nextcloud/all-in-one/blob/main/manual-install/latest.yml"
exit 1
fi
if mountpoint -q /etc/localtime; then
print_red "/etc/localtime has been mounted into the container which is not allowed because AIO only supports running in the default Etc/UTC timezone!"
echo "The correct timezone can be set in the AIO interface later on!"
@ -359,6 +415,11 @@ export TZ=Etc/UTC
# Fix apache startup
rm -f /var/run/apache2/httpd.pid
# Fix caddy startup
if [ -d "/mnt/docker-aio-config/caddy/locks" ]; then
rm -rf /mnt/docker-aio-config/caddy/locks/*
fi
# Fix the Caddyfile format
caddy fmt --overwrite /Caddyfile

48
Containers/nextcloud/Dockerfile
View file

@ -1,5 +1,5 @@
# syntax=docker/dockerfile:latest
FROM php:8.3.22-fpm-alpine3.21
FROM php:8.3.30-fpm-alpine3.23
ENV PHP_MEMORY_LIMIT=512M
ENV PHP_UPLOAD_LIMIT=16G
@ -8,16 +8,20 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
ENV REDIS_DB_INDEX=0
# AIO settings start # Do not remove or change this line!
ENV NEXTCLOUD_VERSION=31.0.6
ENV NEXTCLOUD_VERSION=32.0.5
ENV AIO_TOKEN=123456
ENV AIO_URL=localhost
# AIO settings end # Do not remove or change this line!
COPY --chmod=775 *.sh /
COPY --chmod=774 upgrade.exclude /upgrade.exclude
COPY config/*.php /
COPY supervisord.conf /supervisord.conf
COPY root.motd /root.motd
COPY --chmod=775 Containers/nextcloud/*.sh /
COPY --chmod=774 Containers/nextcloud/upgrade.exclude /upgrade.exclude
COPY Containers/nextcloud/config/*.php /
COPY Containers/nextcloud/supervisord.conf /supervisord.conf
# AIO cloning start # Do not remove or change this line!
COPY app /usr/src/nextcloud/apps/nextcloud-aio
COPY Containers/nextcloud/root.motd /root.motd
# AIO cloning end # Do not remove or change this line!
VOLUME /mnt/ncdata
VOLUME /var/www/html
@ -79,16 +83,17 @@ RUN set -ex; \
\
# pecl will claim success even if one install fails, so we need to perform each install separately
pecl install -o igbinary-3.2.16; \
pecl install APCu-5.1.24; \
pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.3.0; \
pecl install -oD 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.2.0; \
pecl install -o imagick-3.8.0; \
pecl install APCu-5.1.28; \
pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.4.0; \
pecl install -oD 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.3.0; \
pecl install -o imagick-3.8.1; \
\
docker-php-ext-enable \
igbinary \
apcu \
memcached \
redis \
imagick \
; \
rm -r /tmp/pear; \
\
@ -107,7 +112,7 @@ RUN set -ex; \
} >> /usr/local/etc/php/conf.d/docker-php-ext-igbinary.ini; \
\
# set recommended PHP.ini settings
# see https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
# see https://docs.nextcloud.com/server/stable/admin_manual/installation/server_tuning.html#enable-php-opcache and below
{ \
echo 'opcache.max_accelerated_files=10000'; \
echo 'opcache.memory_consumption=256'; \
@ -128,13 +133,13 @@ RUN set -ex; \
echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \
echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \
echo 'max_execution_time=${PHP_MAX_TIME}'; \
echo 'max_input_time=${PHP_MAX_TIME}'; \
echo 'max_input_time=-1'; \
echo 'default_socket_timeout=${PHP_MAX_TIME}'; \
} > /usr/local/etc/php/conf.d/nextcloud.ini; \
\
{ \
echo 'session.save_handler = redis'; \
echo 'session.save_path = "tcp://${REDIS_HOST}:6379?database=${REDIS_DB_INDEX}${REDIS_USER_AUTH}&auth[]=${REDIS_HOST_PASSWORD}"'; \
echo 'session.save_path = "tcp://${REDIS_HOST}:${REDIS_PORT}?database=${REDIS_DB_INDEX}${REDIS_USER_AUTH}&auth[]=${REDIS_HOST_PASSWORD}"'; \
echo 'redis.session.locking_enabled = 1'; \
echo 'redis.session.lock_retries = -1'; \
echo 'redis.session.lock_wait_time = 10000'; \
@ -152,7 +157,7 @@ RUN set -ex; \
; \
\
curl -fsSL -o nextcloud.tar.bz2 \
"https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \
"https://github.com/nextcloud-releases/server/releases/download/v${NEXTCLOUD_VERSION}/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \
curl -fsSL -o nextcloud.tar.bz2.asc \
"https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \
export GNUPGHOME="$(mktemp -d)"; \
@ -226,7 +231,6 @@ RUN set -ex; \
sudo \
grep \
nodejs \
libreoffice \
bind-tools \
imagemagick \
imagemagick-svg \
@ -242,20 +246,13 @@ RUN set -ex; \
sed -i 's/^pm.max_children =.*/pm.max_children = 5000/' /usr/local/etc/php-fpm.d/www.conf; \
sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf; \
\
# AIO cloning start # Do not remove or change this line!
rm -rf /tmp/nextcloud-aio && \
mkdir -p /tmp/nextcloud-aio && \
cd /tmp/nextcloud-aio && \
git clone https://github.com/nextcloud-releases/all-in-one.git --depth 1 .; \
mkdir -p /usr/src/nextcloud/apps/nextcloud-aio; \
cp -r ./app/* /usr/src/nextcloud/apps/nextcloud-aio/; \
echo "[ -n \"\$TERM\" ] && cat /root.motd" >> /root/.bashrc; \
# AIO cloning end # Do not remove or change this line!
echo "[ -n \"\$TERM\" ] && [ -f /root.motd ] && cat /root.motd" >> /root/.bashrc; \
\
chown www-data:root -R /usr/src && \
chmod 777 -R /usr/local/etc/php/conf.d && \
chmod 777 -R /usr/local/etc/php-fpm.d && \
chmod -R 777 /tmp; \
chmod -R 777 /etc/openldap; \
\
mkdir -p /nc-updater; \
chmod -R 777 /nc-updater
@ -267,4 +264,5 @@ CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
HEALTHCHECK CMD /healthcheck.sh
LABEL com.centurylinklabs.watchtower.enable="false" \
wud.watch="false" \
org.label-schema.vendor="Nextcloud"

35
Containers/nextcloud/README.md Normal file
View file

@ -0,0 +1,35 @@
# Nextcloud All-in-One ``nextcloud`` Container
This folder contains the OCI/Docker container definition, along with associated resources and configuration files, for building the `nextcloud` container as part of the [Nextcloud All-in-One](https://github.com/nextcloud/all-in-one) project. This container hosts PHP and the Nextcloud Server application.
## Overview
The Nextcloud container provides the core Nextcloud application environment, including the necessary dependencies and configuration for seamless integration into the All-in-One stack. The container hosts:
- The PHP SAPI/backend (php-fpm)
- Nextcloud background jobs and scheduled tasks, which are handled via cron
- Miscellaneous minor support services specific to AIO's Nextcloud deployment (health and exec)
## Contents
- **Dockerfile**: Instructions for building the Nextcloud container image.
- **Entrypoint script**: The `start.sh` script is used for container initialization and runtime configuration before starting supervisord.
- **Nextcloud configuration files**: Specific to running in a containerized setting and/or within AIO.
- **Supervisor**: The `supervisord.conf` file defines the long-running services hosted within the container (php-fpm, cron, etc.).
## Usage
This container is intended to be used as part of the All-in-One deployment and is not meant to be used on its own. Among other requirements, it needs a web server container (which AIO provides in a dedicated Apache container). It is designed to be orchestrated by the [All-in-One mastercontainer](https://github.com/nextcloud/all-in-one/tree/main/Containers/mastercontainer) or used within an [AIO Manual Installation](https://github.com/nextcloud/all-in-one/tree/main/manual-install) or [AIO Helm chart](https://github.com/nextcloud/all-in-one/tree/main/nextcloud-aio-helm-chart).
## Documentation
- [Nextcloud All-in-One Documentation](https://github.com/nextcloud/all-in-one#readme)
- [Nextcloud Documentation](https://docs.nextcloud.com/)
## Contributing
Contributions are welcome! Please follow the Nextcloud project's guidelines and submit pull requests or issues via the main repository.
## License
This folder and its contents are licensed under the [GNU AGPLv3](https://www.gnu.org/licenses/agpl-3.0.html), in line with the rest of Nextcloud All-in-One.

3
Containers/nextcloud/config/apps.config.php
View file

@ -16,3 +16,6 @@ $CONFIG = array (
if (getenv('APPS_ALLOWLIST')) {
$CONFIG['appsallowlist'] = explode(" ", getenv('APPS_ALLOWLIST'));
}
if (getenv('NEXTCLOUD_APP_STORE_URL')) {
$CONFIG['appstoreurl'] = getenv('NEXTCLOUD_APP_STORE_URL');
}

5
Containers/nextcloud/config/certificates-bundle.config.php Normal file
View file

@ -0,0 +1,5 @@
<?php
// Check if NEXTCLOUD_TRUSTED_CERTIFICATES_ are configured
if (str_contains(implode(' ', array_keys(getenv())), 'NEXTCLOUD_TRUSTED_CERTIFICATES_')) {
$CONFIG['default_certificates_bundle_path'] = '/var/www/html/data/certificates/ca-bundle.crt';
}

17
Containers/nextcloud/config/postgres.config.php Normal file
View file

@ -0,0 +1,17 @@
<?php
if (getenv('NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES')) {
$CONFIG = array(
'pgsql_ssl' => array(
'mode' => 'verify-ca',
'rootcert' => '/var/www/html/data/certificates/ca-bundle.crt',
),
);
}
if (getenv('NEXTCLOUD_TRUSTED_CERTIFICATES_MYSQL')) {
$CONFIG = array(
'dbdriveroptions' => array(
PDO::MYSQL_ATTR_SSL_CA => '/var/www/html/data/certificates/ca-bundle.crt',
),
);
}

6
Containers/nextcloud/config/redis.config.php
View file

@ -9,10 +9,8 @@ if (getenv('REDIS_HOST')) {
),
);
if (getenv('REDIS_HOST_PORT')) {
$CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
} elseif (getenv('REDIS_HOST')[0] != '/') {
$CONFIG['redis']['port'] = 6379;
if (getenv('REDIS_PORT')) {
$CONFIG['redis']['port'] = (int) getenv('REDIS_PORT');
}
if (getenv('REDIS_DB_INDEX')) {

12
Containers/nextcloud/config/s3.config.php
View file

@ -4,10 +4,13 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
$use_path = getenv('OBJECTSTORE_S3_USEPATH_STYLE');
$use_legacyauth = getenv('OBJECTSTORE_S3_LEGACYAUTH');
$autocreate = getenv('OBJECTSTORE_S3_AUTOCREATE');
$multibucket = getenv('OBJECTSTORE_S3_MULTIBUCKET');
$CONFIG = array(
'objectstore' => array(
'class' => '\OC\Files\ObjectStore\S3',
'arguments' => array(
'multibucket' => $multibucket === 'true',
'num_buckets' => (int)getenv('OBJECTSTORE_S3_NUM_BUCKETS') ?: 64,
'bucket' => getenv('OBJECTSTORE_S3_BUCKET'),
'key' => getenv('OBJECTSTORE_S3_KEY') ?: '',
'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '',
@ -16,12 +19,13 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true,
'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true,
'autocreate' => strtolower($autocreate) !== 'false',
'use_ssl' => strtolower($use_ssl) !== 'false',
// required for some non Amazon S3 implementations
'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
'use_path_style' => strtolower($use_path) === 'true',
// required for older protocol versions
'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false'
'legacy_auth' => strtolower($use_legacyauth) === 'true',
'use_nextcloud_bundle' => 1,
)
)
);

11
Containers/nextcloud/config/smtp.config.php
View file

@ -18,3 +18,14 @@ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN'))
$CONFIG['mail_smtppassword'] = '';
}
}
if (getenv('NEXTCLOUD_TRUSTED_CERTIFICATES_MAILER')) {
$CONFIG = array(
'mail_smtpstreamoptions' => array(
'ssl' => array(
'verify_peer_name' => false,
'cafile' => '/var/www/html/data/certificates/ca-bundle.crt',
)
)
);
}

404
Containers/nextcloud/entrypoint.sh
View file

@ -20,36 +20,97 @@ run_upgrade_if_needed_due_to_app_update() {
fi
}
# Create cert bundle
if env | grep -q NEXTCLOUD_TRUSTED_CERTIFICATES_; then
# Enable debug mode
set -x
# Default vars
CERTIFICATES_ROOT_DIR="/var/www/html/data/certificates"
CERTIFICATE_BUNDLE="/var/www/html/data/certificates/ca-bundle.crt"
# Remove old root certs and recreate them with current ones
rm -rf "$CERTIFICATES_ROOT_DIR"
mkdir -p "$CERTIFICATES_ROOT_DIR"
# Retrieve default root cert bundle
if ! [ -f "$SOURCE_LOCATION/resources/config/ca-bundle.crt" ]; then
echo "Root ca-bundle not found. Only concattening configured NEXTCLOUD_TRUSTED_CERTIFICATES files!"
# Recreate cert file
touch "$CERTIFICATE_BUNDLE"
else
# Write default bundle to the target ca file
cat "$SOURCE_LOCATION/resources/config/ca-bundle.crt" > "$CERTIFICATE_BUNDLE"
fi
# Iterate through certs
TRUSTED_CERTIFICATES="$(env | grep NEXTCLOUD_TRUSTED_CERTIFICATES_ | grep -oP '^[A-Z_a-z0-9]+')"
mapfile -t TRUSTED_CERTIFICATES <<< "$TRUSTED_CERTIFICATES"
for certificate in "${TRUSTED_CERTIFICATES[@]}"; do
# Create new line
echo "" >> "$CERTIFICATE_BUNDLE"
# Check if variable is an actual cert
if echo "${!certificate}" | grep -q "BEGIN CERTIFICATE" && echo "${!certificate}" | grep -q "END CERTIFICATE"; then
# Write out cert to bundle
echo "${!certificate}" >> "$CERTIFICATE_BUNDLE"
fi
# Create file in cert dir for extra logic in other places
if ! [ -f "$CERTIFICATES_ROOT_DIR/$CERTIFICATE_NAME" ]; then
touch "$CERTIFICATES_ROOT_DIR/$CERTIFICATE_NAME"
fi
done
# Backwards compatibility with older instances
if [ -f "/var/www/html/config/postgres.config.php" ]; then
sed -i "s|/var/www/html/data/certificates/POSTGRES|/var/www/html/data/certificates/ca-bundle.crt|" /var/www/html/config/postgres.config.php
sed -i "s|/var/www/html/data/certificates/MYSQL|/var/www/html/data/certificates/ca-bundle.crt|" /var/www/html/config/postgres.config.php
fi
# Print out bundle one last time
cat "$CERTIFICATE_BUNDLE"
# Disable debug mode
set +x
fi
# Adjust DATABASE_TYPE to by Nextcloud supported value
if [ "$DATABASE_TYPE" = postgres ]; then
export DATABASE_TYPE=pgsql
fi
# Only start container if redis is accessible
# Only start container if Redis is accessible
# shellcheck disable=SC2153
while ! nc -z "$REDIS_HOST" "6379"; do
echo "Waiting for redis to start..."
while ! nc -z "$REDIS_HOST" "$REDIS_PORT"; do
echo "Waiting for Redis to start..."
sleep 5
done
# Check permissions in ncdata
touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file"
if ! [ -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" ]; then
echo "The www-data user doesn't seem to have access rights in the datadir.
Most likely are the files located on a drive that does not follow linux permissions.
Please adjust the permissions like mentioned below.
The found permissions are:
$(stat -c "%u:%g %a" "$NEXTCLOUD_DATA_DIR")
(userID:groupID permissions)
but they should be:
33:0 750
(userID:groupID permissions)
Also make sure that the parent directories on the host of the directory that you've chosen as datadir are publicly readable with e.g. 'sudo chmod +r /mnt' (adjust the command accordingly to your case) and the same for all subdirectories.
Additionally, if you want to use a Fuse-mount as datadir, set 'allow_other' as additional mount option.
For SMB/CIFS mounts as datadir, see https://github.com/nextcloud/all-in-one#can-i-use-a-cifssmb-share-as-nextclouds-datadir"
test_file="$NEXTCLOUD_DATA_DIR/this-is-a-test-file"
touch "$test_file"
if ! [ -f "$test_file" ]; then
echo "The www-data user does not appear to have access rights to the data directory."
echo "It is possible that the files are on a filesystem that does not support standard Linux permissions,"
echo "or the permissions simply need to be adjusted. Please change the permissions as described below."
echo "Current permissions are:"
stat -c "%u:%g %a" "$NEXTCLOUD_DATA_DIR"
echo "(userID:groupID permissions)"
echo "They should be:"
echo "33:0 750"
echo "(userID:groupID permissions)"
echo "Also, ensure that all parent directories on the host of your chosen data directory are publicly readable."
echo "For example: sudo chmod +r /mnt (adjust this command as needed)."
echo "If you want to use a FUSE mount as the data directory, add 'allow_other' as an additional mount option."
echo "For SMB/CIFS mounts as the data directory, see:"
echo " https://github.com/nextcloud/all-in-one#can-i-use-a-cifssmb-share-as-nextclouds-datadir"
exit 1
fi
rm "$NEXTCLOUD_DATA_DIR/this-is-a-test-file"
rm -f "$test_file"
if [ -f /var/www/html/version.php ]; then
# shellcheck disable=SC2016
@ -71,26 +132,31 @@ fi
# Don't start the container if Nextcloud is not compatible with the PHP version
if [ -f "/var/www/html/lib/versioncheck.php" ] && ! php /var/www/html/lib/versioncheck.php; then
echo "It seems like your installed Nextcloud is not compatible with the by the container provided PHP version."
echo "This most likely happened because you tried to restore an old Nextcloud version from backup that is not compatible with the PHP version that comes with the container."
echo "Please try to restore a more recent backup which contains a Nextcloud version that is compatible with the PHP version that comes with the container."
echo "If you do not have a more recent backup, feel free to have a look at this documentation: https://github.com/nextcloud/all-in-one/blob/main/manual-upgrade.md"
echo "Your installed Nextcloud version is not compatible with the PHP version provided by this image."
echo "This typically occurs when you restore an older Nextcloud backup that does not support the"
echo "PHP version included in this image."
echo "Please restore a more recent backup that includes a compatible Nextcloud version."
echo "If you do not have a more recent backup, refer to the manual upgrade documentation:"
echo " https://github.com/nextcloud/all-in-one/blob/main/manual-upgrade.md"
exit 1
fi
# Do not start the container if the last update failed
if [ -f "$NEXTCLOUD_DATA_DIR/update.failed" ]; then
echo "The last Nextcloud update failed."
echo "Please restore from backup and try again!"
echo "If you do not have a backup in place, you can simply delete the update.failed file in the datadir which will allow the container to start again."
echo "Please restore from a backup and try again."
echo "If you do not have a backup, you can delete the update.failed file in the data directory"
echo "to allow the container to start again."
exit 1
fi
# Do not start the container if the install failed
if [ -f "$NEXTCLOUD_DATA_DIR/install.failed" ]; then
echo "The initial Nextcloud installation failed."
echo "Please reset AIO properly and try again. For further clues what went wrong, check the logs above."
echo "See https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance"
echo "For more information about what went wrong, check the logs above."
echo "Please reset AIO properly and try again."
echo "See:"
echo " https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance"
exit 1
fi
@ -143,7 +209,7 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
if [ "$installed_version" != "0.0.0.0" ]; then
# Check connection to appstore start # Do not remove or change this line!
while true; do
echo -e "Checking connection to appstore"
echo -e "Checking connection to the app store..."
APPSTORE_URL="https://apps.nextcloud.com/api/v1"
if grep -q appstoreurl /var/www/html/config/config.php; then
set -x
@ -154,10 +220,10 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
CURL_STATUS="$(curl -LI "$APPSTORE_URL"/apps.json -o /dev/null -w '%{http_code}\n' -s)"
if [[ "$CURL_STATUS" = "200" ]]
then
echo "Appstore is reachable"
echo "App store is reachable."
break
else
echo "Curl didn't produce a 200 status, is appstore reachable?"
echo "Curl did not return a 200 status. Is the app store reachable?"
sleep 5
fi
done
@ -167,21 +233,21 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
php /var/www/html/occ maintenance:mode --off
echo "Getting and backing up the status of apps for later, this might take a while..."
echo "Getting and backing up the status of apps for later; this might take a while..."
NC_APPS="$(find /var/www/html/custom_apps/ -type d -maxdepth 1 -mindepth 1 | sed 's|/var/www/html/custom_apps/||g')"
if [ -z "$NC_APPS" ]; then
echo "No apps detected, aborting export of app status..."
echo "No apps detected. Aborting export of app status..."
APPSTORAGE="no-export-done"
else
mapfile -t NC_APPS_ARRAY <<< "$NC_APPS"
declare -Ag APPSTORAGE
echo "Disabling apps before the update in order to make the update procedure more safe. This can take a while..."
echo "Disabling apps before the update to make the update procedure safer. This can take a while..."
for app in "${NC_APPS_ARRAY[@]}"; do
if APPSTORAGE[$app]="$(php /var/www/html/occ config:app:get "$app" enabled)"; then
php /var/www/html/occ app:disable "$app"
else
APPSTORAGE[$app]=""
echo "Not disabling $app because the occ command to get the enabled state was failing."
echo "Not disabling $app because the occ command to get its enabled state failed."
fi
done
fi
@ -195,19 +261,61 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
run_upgrade_if_needed_due_to_app_update
fi
echo "Initializing nextcloud $image_version ..."
rsync -rlD --delete --exclude-from=/upgrade.exclude "$SOURCE_LOCATION/" /var/www/html/
echo "Initializing Nextcloud $image_version ..."
# Copy over initial data from Nextcloud archive
rsync -rlD --delete \
--exclude-from=/upgrade.exclude \
"$SOURCE_LOCATION/" \
/var/www/html/
# Copy custom_apps from Nextcloud archive
if ! directory_empty "$SOURCE_LOCATION/custom_apps"; then
set -x
for app in "$SOURCE_LOCATION/custom_apps"/*; do
app_id="$(basename "$app")"
mkdir -p "/var/www/html/custom_apps/$app_id"
rsync -rlD --delete \
--include "/$app_id/" \
--exclude '/*' \
"$SOURCE_LOCATION/custom_apps/" \
/var/www/html/custom_apps/
done
set +x
fi
# Copy these from Nextcloud archive if they don't exist yet (i.e. new install)
for dir in config data custom_apps themes; do
if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
rsync -rlD --include "/$dir/" --exclude '/*' "$SOURCE_LOCATION/" /var/www/html/
rsync -rlD \
--include "/$dir/" \
--exclude '/*' \
"$SOURCE_LOCATION/" \
/var/www/html/
fi
done
rsync -rlD --delete --include '/config/' --exclude '/*' --exclude '/config/CAN_INSTALL' --exclude '/config/config.sample.php' --exclude '/config/config.php' "$SOURCE_LOCATION/" /var/www/html/
rsync -rlD --include '/version.php' --exclude '/*' "$SOURCE_LOCATION/" /var/www/html/
rsync -rlD --delete \
--include '/config/' \
--exclude '/*' \
--exclude '/config/CAN_INSTALL' \
--exclude '/config/config.sample.php' \
--exclude '/config/config.php' \
"$SOURCE_LOCATION/" \
/var/www/html/
rsync -rlD \
--include '/version.php' \
--exclude '/*' \
"$SOURCE_LOCATION/" \
/var/www/html/
echo "Initializing finished"
#install
################
# Fresh Install
################
if [ "$installed_version" = "0.0.0.0" ]; then
echo "New Nextcloud instance."
@ -221,21 +329,31 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
INSTALL_OPTIONS+=(--data-dir "$NEXTCLOUD_DATA_DIR")
fi
# We do our own permission check so the permission check is not needed
cat << DATADIR_PERMISSION_CONF > /var/www/html/config/datadir.permission.config.php
# Skip the default permission check (we do our own)
cat > /var/www/html/config/datadir.permission.config.php <<'EOF'
<?php
\$CONFIG = array (
'check_data_directory_permissions' => false
);
DATADIR_PERMISSION_CONF
$CONFIG = array (
'check_data_directory_permissions' => false
);
EOF
echo "Installing with $DATABASE_TYPE database"
# Set a default value for POSTGRES_PORT
if [ -z "$POSTGRES_PORT" ]; then
POSTGRES_PORT=5432
POSTGRES_PORT=5432
fi
INSTALL_OPTIONS+=(--database "$DATABASE_TYPE" --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST" --database-port "$POSTGRES_PORT")
# Add database options to INSTALL_OPTIONS
# shellcheck disable=SC2153
INSTALL_OPTIONS+=(
--database "$DATABASE_TYPE"
--database-name "$POSTGRES_DB"
--database-user "$POSTGRES_USER"
--database-pass "$POSTGRES_PASSWORD"
--database-host "$POSTGRES_HOST"
--database-port "$POSTGRES_PORT"
)
echo "Starting Nextcloud installation..."
if ! php /var/www/html/occ maintenance:install "${INSTALL_OPTIONS[@]}"; then
echo "Installation of Nextcloud failed!"
@ -257,7 +375,7 @@ DATADIR_PERMISSION_CONF
if [ "$try" -ge "$max_retries" ]; then
echo "Installation of Nextcloud failed!"
echo "Install errors: $(cat /var/www/html/data/nextcloud.log)"
echo "Installation errors: $(cat /var/www/html/data/nextcloud.log)"
touch "$NEXTCLOUD_DATA_DIR/install.failed"
exit 1
fi
@ -293,10 +411,12 @@ DATADIR_PERMISSION_CONF
installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
INSTALLED_MAJOR="${installed_version%%.*}"
IMAGE_MAJOR="${image_version%%.*}"
# If a valid upgrade path, trigger the Nextcloud built-in Updater
if ! [ "$INSTALLED_MAJOR" -gt "$IMAGE_MAJOR" ]; then
php /var/www/html/updater/updater.phar --no-interaction --no-backup
if ! php /var/www/html/occ -V || php /var/www/html/occ status | grep maintenance | grep -q 'true'; then
echo "Installation of Nextcloud failed!"
# TODO: Add a hint here about what to do / where to look / updater.log?
touch "$NEXTCLOUD_DATA_DIR/install.failed"
exit 1
fi
@ -355,7 +475,7 @@ DATADIR_PERMISSION_CONF
read -ra STARTUP_APPS_ARRAY <<< "$STARTUP_APPS"
for app in "${STARTUP_APPS_ARRAY[@]}"; do
if ! echo "$app" | grep -q '^-'; then
if [ -z "$(find /var/www/html/apps -type d -maxdepth 1 -mindepth 1 -name "$app" )" ]; then
if [ -z "$(find /var/www/html/apps /var/www/html/custom_apps -type d -maxdepth 1 -mindepth 1 -name "$app" )" ]; then
# If not shipped, install and enable the app
php /var/www/html/occ app:install "$app"
else
@ -373,11 +493,11 @@ DATADIR_PERMISSION_CONF
#upgrade
else
touch "$NEXTCLOUD_DATA_DIR/update.failed"
echo "Upgrading nextcloud from $installed_version to $image_version..."
echo "Upgrading Nextcloud from $installed_version to $image_version..."
php /var/www/html/occ config:system:delete integrity.check.disabled
if ! php /var/www/html/occ upgrade || ! php /var/www/html/occ -V; then
echo "Upgrade failed. Please restore from backup."
bash /notify.sh "Nextcloud update to $image_version failed!" "Please restore from backup!"
bash /notify.sh "Nextcloud update to $image_version failed!" "Please restore from backup."
exit 1
fi
@ -385,7 +505,7 @@ DATADIR_PERMISSION_CONF
installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
rm "$NEXTCLOUD_DATA_DIR/update.failed"
bash /notify.sh "Nextcloud update to $image_version successful!" "Feel free to inspect the Nextcloud container logs for more info."
bash /notify.sh "Nextcloud update to $image_version successful!" "You may inspect the Nextcloud container logs for more information."
php /var/www/html/occ app:update --all
@ -393,7 +513,7 @@ DATADIR_PERMISSION_CONF
# Restore app status
if [ "${APPSTORAGE[0]}" != "no-export-done" ]; then
echo "Restoring the status of apps. This can take a while..."
echo "Restoring app statuses. This may take a while..."
for app in "${!APPSTORAGE[@]}"; do
if [ -n "${APPSTORAGE[$app]}" ]; then
if [ "${APPSTORAGE[$app]}" != "no" ]; then
@ -405,13 +525,13 @@ DATADIR_PERMISSION_CONF
php /var/www/html/occ maintenance:mode --off
fi
run_upgrade_if_needed_due_to_app_update
echo "The $app app could not get enabled. Probably because it is not compatible with the new Nextcloud version."
echo "The $app app could not be re-enabled, probably because it is not compatible with the new Nextcloud version."
if [ "$app" = apporder ]; then
CUSTOM_HINT="The apporder app was deprecated. A possible replacement is the side_menu app, aka 'Custom menu'."
else
CUSTOM_HINT="Most likely because it is not compatible with the new Nextcloud version."
CUSTOM_HINT="Most likely, it is not compatible with the new Nextcloud version."
fi
bash /notify.sh "Could not enable the $app app after the Nextcloud update!" "$CUSTOM_HINT Feel free to look at the Nextcloud update logs and force-enable the app again from the app-store UI."
bash /notify.sh "Could not re-enable the $app app after the Nextcloud update!" "$CUSTOM_HINT Feel free to review the Nextcloud update logs and force-enable the app again if you wish."
continue
fi
# Only restore the group settings, if the app was enabled (and is thus compatible with the new NC version)
@ -433,7 +553,7 @@ DATADIR_PERMISSION_CONF
php /var/www/html/occ config:app:set updatenotification notify_groups --value="[]"
# Apply optimization
echo "Doing some optimizations..."
echo "Performing some optimizations..."
if [ "$NEXTCLOUD_SKIP_DATABASE_OPTIMIZATION" != yes ]; then
php /var/www/html/occ maintenance:repair --include-expensive
php /var/www/html/occ db:add-missing-indices
@ -464,10 +584,10 @@ if [ -z "$OBJECTSTORE_S3_BUCKET" ] && [ -z "$OBJECTSTORE_SWIFT_URL" ]; then
# Check if appdata is present
# If not, something broke (e.g. changing ncdatadir after aio was first started)
if [ -z "$(find "$NEXTCLOUD_DATA_DIR/" -maxdepth 1 -mindepth 1 -type d -name "appdata_*")" ]; then
echo "Appdata is not present. Did you maybe change the datadir after the initial Nextcloud installation? This is not supported!"
echo "Appdata is not present. Did you change the datadir after the initial Nextcloud installation? This is not supported!"
echo "See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir"
echo "If you adjusted the datadir to be located on an external drive, make sure that the drive is still mounted!"
echo "In the datadir was found:"
echo "If you moved the datadir to an external drive, make sure that the drive is still mounted."
echo "The following was found in the datadir:"
ls -la "$NEXTCLOUD_DATA_DIR/"
exit 1
fi
@ -641,7 +761,7 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
fi
fi
else
echo "Warning: No ipv4-address found for $COLLABORA_HOST."
echo "Warning: No IPv4 address found for $COLLABORA_HOST."
fi
if [ -n "$COLLABORA_IPv6_ADDRESS" ]; then
if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$COLLABORA_IPv6_ADDRESS"; then
@ -652,10 +772,10 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
fi
fi
else
echo "No ipv6-address found for $COLLABORA_HOST."
echo "No IPv6 address found for $COLLABORA_HOST."
fi
if [ -n "$COLLABORA_ALLOW_LIST" ]; then
PRIVATE_IP_RANGES='127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1'
PRIVATE_IP_RANGES='127.0.0.0/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,100.64.0.0/10,fd00::/8,::1/128'
if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$PRIVATE_IP_RANGES"; then
COLLABORA_ALLOW_LIST+=",$PRIVATE_IP_RANGES"
fi
@ -666,7 +786,7 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
fi
php /var/www/html/occ config:app:set richdocuments wopi_allowlist --value="$COLLABORA_ALLOW_LIST"
else
echo "Warning: wopi_allowlist is empty which should not be the case!"
echo "Warning: wopi_allowlist is empty; this should not be the case!"
fi
else
if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/richdocuments" ]; then
@ -676,32 +796,52 @@ fi
# OnlyOffice
if [ "$ONLYOFFICE_ENABLED" = 'yes' ]; then
# Determine OnlyOffice port based on host pattern
if echo "$ONLYOFFICE_HOST" | grep -q "nextcloud-.*-onlyoffice"; then
ONLYOFFICE_PORT=80
else
ONLYOFFICE_PORT=443
fi
while ! nc -z "$ONLYOFFICE_HOST" "$ONLYOFFICE_PORT"; do
echo "waiting for OnlyOffice to become available..."
count=0
while ! nc -z "$ONLYOFFICE_HOST" "$ONLYOFFICE_PORT" && [ "$count" -lt 90 ]; do
echo "Waiting for OnlyOffice to become available..."
count=$((count+5))
sleep 5
done
if ! [ -d "/var/www/html/custom_apps/onlyoffice" ]; then
php /var/www/html/occ app:install onlyoffice
elif [ "$(php /var/www/html/occ config:app:get onlyoffice enabled)" != "yes" ]; then
php /var/www/html/occ app:enable onlyoffice
elif [ "$SKIP_UPDATE" != 1 ]; then
php /var/www/html/occ app:update onlyoffice
if [ "$count" -ge 90 ]; then
bash /notify.sh "Onlyoffice did not start in time!" "Skipping initialization and disabling onlyoffice app."
php /var/www/html/occ app:disable onlyoffice
else
# Install or enable OnlyOffice app as needed
if ! [ -d "/var/www/html/custom_apps/onlyoffice" ]; then
php /var/www/html/occ app:install onlyoffice
elif [ "$(php /var/www/html/occ config:app:get onlyoffice enabled)" != "yes" ]; then
php /var/www/html/occ app:enable onlyoffice
elif [ "$SKIP_UPDATE" != 1 ]; then
php /var/www/html/occ app:update onlyoffice
fi
# Set OnlyOffice configuration
php /var/www/html/occ config:system:set onlyoffice editors_check_interval --value="0" --type=integer
php /var/www/html/occ config:system:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
php /var/www/html/occ config:app:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
php /var/www/html/occ config:system:set onlyoffice jwt_header --value="AuthorizationJwt"
# Adjust the OnlyOffice host if using internal pattern
if echo "$ONLYOFFICE_HOST" | grep -q "nextcloud-.*-onlyoffice"; then
ONLYOFFICE_HOST="$NC_DOMAIN/onlyoffice"
export ONLYOFFICE_HOST
fi
php /var/www/html/occ config:app:set onlyoffice DocumentServerUrl --value="https://$ONLYOFFICE_HOST"
fi
php /var/www/html/occ config:system:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
php /var/www/html/occ config:app:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
php /var/www/html/occ config:system:set onlyoffice jwt_header --value="AuthorizationJwt"
if echo "$ONLYOFFICE_HOST" | grep -q "nextcloud-.*-onlyoffice"; then
ONLYOFFICE_HOST="$NC_DOMAIN/onlyoffice"
export ONLYOFFICE_HOST
fi
php /var/www/html/occ config:app:set onlyoffice DocumentServerUrl --value="https://$ONLYOFFICE_HOST"
else
if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/onlyoffice" ] && [ -n "$ONLYOFFICE_SECRET" ] && [ "$(php /var/www/html/occ config:system:get onlyoffice jwt_secret)" = "$ONLYOFFICE_SECRET" ]; then
# Remove OnlyOffice app if disabled and removal is requested
if [ "$REMOVE_DISABLED_APPS" = yes ] && \
[ -d "/var/www/html/custom_apps/onlyoffice" ] && \
[ -n "$ONLYOFFICE_SECRET" ] && \
[ "$(php /var/www/html/occ config:system:get onlyoffice jwt_secret)" = "$ONLYOFFICE_SECRET" ]; then
php /var/www/html/occ app:remove onlyoffice
fi
fi
@ -747,14 +887,16 @@ fi
if [ -d "/var/www/html/custom_apps/spreed" ]; then
if [ "$TALK_RECORDING_ENABLED" = 'yes' ]; then
while ! nc -z "$TALK_RECORDING_HOST" 1234; do
echo "waiting for Talk Recording to become available..."
echo "Waiting for Talk Recording to become available..."
sleep 5
done
# TODO: migrate to occ command if that becomes available
RECORDING_SERVERS_STRING="{\"servers\":[{\"server\":\"http://$TALK_RECORDING_HOST:1234/\",\"verify\":true}],\"secret\":\"$RECORDING_SECRET\"}"
php /var/www/html/occ config:app:set spreed recording_servers --value="$RECORDING_SERVERS_STRING"
else
php /var/www/html/occ config:app:delete spreed recording_servers
if [ "$REMOVE_DISABLED_APPS" = yes ]; then
php /var/www/html/occ config:app:delete spreed recording_servers
fi
fi
fi
@ -762,12 +904,12 @@ fi
if [ "$CLAMAV_ENABLED" = 'yes' ]; then
count=0
while ! nc -z "$CLAMAV_HOST" 3310 && [ "$count" -lt 90 ]; do
echo "waiting for clamav to become available..."
echo "Waiting for ClamAV to become available..."
count=$((count+5))
sleep 5
done
if [ "$count" -ge 90 ]; then
echo "Clamav did not start in time. Skipping initialization and disabling files_antivirus app."
bash /notify.sh "ClamAV did not start in time!" "Skipping initialization and disabling files_antivirus app."
php /var/www/html/occ app:disable files_antivirus
else
if ! [ -d "/var/www/html/custom_apps/files_antivirus" ]; then
@ -780,9 +922,13 @@ if [ "$CLAMAV_ENABLED" = 'yes' ]; then
php /var/www/html/occ config:app:set files_antivirus av_mode --value="daemon"
php /var/www/html/occ config:app:set files_antivirus av_port --value="3310"
php /var/www/html/occ config:app:set files_antivirus av_host --value="$CLAMAV_HOST"
php /var/www/html/occ config:app:set files_antivirus av_stream_max_length --value="$CLAMAV_MAX_SIZE"
php /var/www/html/occ config:app:set files_antivirus av_max_file_size --value="$CLAMAV_MAX_SIZE"
# av_stream_max_length must be synced with StreamMaxLength inside clamav
php /var/www/html/occ config:app:set files_antivirus av_stream_max_length --value="2147483648"
php /var/www/html/occ config:app:set files_antivirus av_max_file_size --value="-1"
php /var/www/html/occ config:app:set files_antivirus av_infected_action --value="only_log"
if [ -n "$CLAMAV_BLOCKLISTED_DIRECTORIES" ]; then
php /var/www/html/occ config:app:set files_antivirus av_blocklisted_directories --value="$CLAMAV_BLOCKLISTED_DIRECTORIES"
fi
fi
else
if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/files_antivirus" ]; then
@ -809,45 +955,57 @@ fi
# Fulltextsearch
if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
while ! nc -z "$FULLTEXTSEARCH_HOST" 9200; do
echo "waiting for Fulltextsearch to become available..."
count=0
while ! nc -z "$FULLTEXTSEARCH_HOST" "$FULLTEXTSEARCH_PORT" && [ "$count" -lt 90 ]; do
echo "Waiting for Fulltextsearch to become available..."
count=$((count+5))
sleep 5
done
if ! [ -d "/var/www/html/custom_apps/fulltextsearch" ]; then
php /var/www/html/occ app:install fulltextsearch
elif [ "$(php /var/www/html/occ config:app:get fulltextsearch enabled)" != "yes" ]; then
php /var/www/html/occ app:enable fulltextsearch
elif [ "$SKIP_UPDATE" != 1 ]; then
php /var/www/html/occ app:update fulltextsearch
fi
if ! [ -d "/var/www/html/custom_apps/fulltextsearch_elasticsearch" ]; then
php /var/www/html/occ app:install fulltextsearch_elasticsearch
elif [ "$(php /var/www/html/occ config:app:get fulltextsearch_elasticsearch enabled)" != "yes" ]; then
php /var/www/html/occ app:enable fulltextsearch_elasticsearch
elif [ "$SKIP_UPDATE" != 1 ]; then
php /var/www/html/occ app:update fulltextsearch_elasticsearch
fi
if ! [ -d "/var/www/html/custom_apps/files_fulltextsearch" ]; then
php /var/www/html/occ app:install files_fulltextsearch
elif [ "$(php /var/www/html/occ config:app:get files_fulltextsearch enabled)" != "yes" ]; then
php /var/www/html/occ app:enable files_fulltextsearch
elif [ "$SKIP_UPDATE" != 1 ]; then
php /var/www/html/occ app:update files_fulltextsearch
fi
php /var/www/html/occ fulltextsearch:configure '{"search_platform":"OCA\\FullTextSearch_Elasticsearch\\Platform\\ElasticSearchPlatform"}'
php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://elastic:$FULLTEXTSEARCH_PASSWORD@$FULLTEXTSEARCH_HOST:9200\",\"elastic_index\":\"nextcloud-aio\"}"
php /var/www/html/occ files_fulltextsearch:configure "{\"files_pdf\":\"1\",\"files_office\":\"1\"}"
if [ "$count" -ge 90 ]; then
echo "Fulltextsearch did not start in time. Skipping initialization and disabling fulltextsearch apps."
php /var/www/html/occ app:disable fulltextsearch
php /var/www/html/occ app:disable fulltextsearch_elasticsearch
php /var/www/html/occ app:disable files_fulltextsearch
else
if [ -z "$FULLTEXTSEARCH_PROTOCOL" ]; then
FULLTEXTSEARCH_PROTOCOL="http"
fi
if ! [ -d "/var/www/html/custom_apps/fulltextsearch" ]; then
php /var/www/html/occ app:install fulltextsearch
elif [ "$(php /var/www/html/occ config:app:get fulltextsearch enabled)" != "yes" ]; then
php /var/www/html/occ app:enable fulltextsearch
elif [ "$SKIP_UPDATE" != 1 ]; then
php /var/www/html/occ app:update fulltextsearch
fi
if ! [ -d "/var/www/html/custom_apps/fulltextsearch_elasticsearch" ]; then
php /var/www/html/occ app:install fulltextsearch_elasticsearch
elif [ "$(php /var/www/html/occ config:app:get fulltextsearch_elasticsearch enabled)" != "yes" ]; then
php /var/www/html/occ app:enable fulltextsearch_elasticsearch
elif [ "$SKIP_UPDATE" != 1 ]; then
php /var/www/html/occ app:update fulltextsearch_elasticsearch
fi
if ! [ -d "/var/www/html/custom_apps/files_fulltextsearch" ]; then
php /var/www/html/occ app:install files_fulltextsearch
elif [ "$(php /var/www/html/occ config:app:get files_fulltextsearch enabled)" != "yes" ]; then
php /var/www/html/occ app:enable files_fulltextsearch
elif [ "$SKIP_UPDATE" != 1 ]; then
php /var/www/html/occ app:update files_fulltextsearch
fi
php /var/www/html/occ fulltextsearch:configure '{"search_platform":"OCA\\FullTextSearch_Elasticsearch\\Platform\\ElasticSearchPlatform"}'
php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"$FULLTEXTSEARCH_PROTOCOL://$FULLTEXTSEARCH_USER:$FULLTEXTSEARCH_PASSWORD@$FULLTEXTSEARCH_HOST:$FULLTEXTSEARCH_PORT\",\"elastic_index\":\"$FULLTEXTSEARCH_INDEX\"}"
php /var/www/html/occ files_fulltextsearch:configure "{\"files_pdf\":true,\"files_office\":true}"
# Do the index
if ! [ -f "$NEXTCLOUD_DATA_DIR/fts-index.done" ]; then
echo "Waiting 10s before activating FTS..."
sleep 10
echo "Activating fulltextsearch..."
if php /var/www/html/occ fulltextsearch:test && php /var/www/html/occ fulltextsearch:index "{\"errors\": \"reset\"}" --no-readline; then
touch "$NEXTCLOUD_DATA_DIR/fts-index.done"
else
echo "Fulltextsearch failed. Could not index."
echo "Feel free to follow https://github.com/nextcloud/all-in-one/discussions/1709 if you want to skip the indexing in the future."
# Do the index
if ! [ -f "$NEXTCLOUD_DATA_DIR/fts-index.done" ]; then
echo "Waiting 10 seconds before activating fulltextsearch..."
sleep 10
echo "Activating fulltextsearch..."
if php /var/www/html/occ fulltextsearch:test && php /var/www/html/occ fulltextsearch:index "{\"errors\": \"reset\"}" --no-readline; then
touch "$NEXTCLOUD_DATA_DIR/fts-index.done"
else
echo "Fulltextsearch failed. Could not index."
echo "If you want to skip indexing in the future, see https://github.com/nextcloud/all-in-one/discussions/1709"
fi
fi
fi
else

5
Containers/nextcloud/run-exec-commands.sh
View file

@ -19,11 +19,6 @@ else
echo "Activating Collabora config..."
php /var/www/html/occ richdocuments:activate-config
fi
# OnlyOffice must work also if using manual-install
if [ "$ONLYOFFICE_ENABLED" = yes ]; then
echo "Activating OnlyOffice config..."
php /var/www/html/occ onlyoffice:documentserver --check
fi
fi
signal_handler() {

18
Containers/nextcloud/start.sh
View file

@ -8,7 +8,7 @@ fi
# Only start container if database is accessible
# POSTGRES_HOST must be set in the containers env vars and POSTGRES_PORT has a default above
# shellcheck disable=SC2153
while ! sudo -u www-data nc -z "$POSTGRES_HOST" "$POSTGRES_PORT"; do
while ! sudo -E -u www-data nc -z "$POSTGRES_HOST" "$POSTGRES_PORT"; do
echo "Waiting for database to start..."
sleep 5
done
@ -25,7 +25,7 @@ fi
# Fix false database connection on old instances
if [ -f "/var/www/html/config/config.php" ]; then
sleep 2
while ! sudo -u www-data psql -d "postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB" -c "select now()"; do
while ! sudo -E -u www-data psql -d "postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB" -c "select now()"; do
echo "Waiting for the database to start..."
sleep 5
done
@ -56,12 +56,12 @@ fi
set +x
# Check datadir permissions
sudo -u www-data touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" &>/dev/null
sudo -E -u www-data touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" &>/dev/null
if ! [ -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" ]; then
chown -R www-data:root "$NEXTCLOUD_DATA_DIR"
chmod 750 -R "$NEXTCLOUD_DATA_DIR"
fi
sudo -u www-data rm -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file"
sudo -E -u www-data rm -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file"
# Install additional dependencies
if [ -n "$ADDITIONAL_APKS" ]; then
@ -86,13 +86,15 @@ fi
# Install additional php extensions
if [ -n "$ADDITIONAL_PHP_EXTENSIONS" ]; then
if ! [ -f "/additional-php-extensions-are-installed" ]; then
# Allow to disable imagick without having to enable it each time
if ! echo "$ADDITIONAL_PHP_EXTENSIONS" | grep -q imagick; then
# Remove the ini file as there is no docker-php-ext-disable script available
rm /usr/local/etc/php/conf.d/docker-php-ext-imagick.ini
fi
read -ra ADDITIONAL_PHP_EXTENSIONS_ARRAY <<< "$ADDITIONAL_PHP_EXTENSIONS"
for app in "${ADDITIONAL_PHP_EXTENSIONS_ARRAY[@]}"; do
if [ "$app" = imagick ]; then
echo "Enabling Imagick..."
if ! docker-php-ext-enable imagick >/dev/null; then
echo "Could not install PHP extension imagick!"
fi
# imagick is already enabled by default, so does not need to be enabled anymore.
continue
fi
# shellcheck disable=SC2086

4
Containers/notify-push/Dockerfile
View file

@ -1,5 +1,5 @@
# syntax=docker/dockerfile:latest
FROM alpine:3.21.3
FROM alpine:3.23.2
COPY --chmod=775 start.sh /start.sh
COPY --chmod=775 healthcheck.sh /healthcheck.sh
@ -11,6 +11,7 @@ RUN set -ex; \
netcat-openbsd \
tzdata \
bash \
jq \
openssl; \
# Give root a random password
echo "root:$(openssl rand -base64 12)" | chpasswd; \
@ -22,4 +23,5 @@ ENTRYPOINT ["/start.sh"]
HEALTHCHECK CMD /healthcheck.sh
LABEL com.centurylinklabs.watchtower.enable="false" \
wud.watch="false" \
org.label-schema.vendor="Nextcloud"

20
Containers/notify-push/start.sh
View file

@ -52,6 +52,10 @@ fi
if [ -z "$REDIS_DB_INDEX" ]; then
REDIS_DB_INDEX=0
fi
# Set a default value for REDIS_PORT
if [ -z "$REDIS_PORT" ]; then
REDIS_PORT=6379
fi
# Set a default for db type
if [ -z "$DATABASE_TYPE" ]; then
DATABASE_TYPE=postgres
@ -66,9 +70,21 @@ if [ "$POSTGRES_USER" = nextcloud ]; then
export POSTGRES_USER
fi
# URL-encode passwords
POSTGRES_PASSWORD="$(jq -rn --arg v "$POSTGRES_PASSWORD" '$v|@uri')"
REDIS_HOST_PASSWORD="$(jq -rn --arg v "$REDIS_HOST_PASSWORD" '$v|@uri')"
# Postgres root cert
if [ -f "/nextcloud/data/certificates/POSTGRES" ]; then
CERT_OPTIONS="?sslmode=verify-ca&sslrootcert=/nextcloud/data/certificates/ca-bundle.crt"
# Mysql root cert
elif [ -f "/nextcloud/data/certificates/MYSQL" ]; then
CERT_OPTIONS="?sslmode=verify-ca&ssl-ca=/nextcloud/data/certificates/ca-bundle.crt"
fi
# Set sensitive values as env
export DATABASE_URL="$DATABASE_TYPE://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB"
export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX"
export DATABASE_URL="$DATABASE_TYPE://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB$CERT_OPTIONS"
export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST:$REDIS_PORT/$REDIS_DB_INDEX"
# Run it
/nextcloud/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push \

3
Containers/onlyoffice/Dockerfile
View file

@ -1,6 +1,6 @@
# syntax=docker/dockerfile:latest
# From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
FROM onlyoffice/documentserver:8.3.3.1
FROM onlyoffice/documentserver:9.2.1.1
# USER root is probably used
@ -8,4 +8,5 @@ COPY --chmod=775 healthcheck.sh /healthcheck.sh
HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
LABEL com.centurylinklabs.watchtower.enable="false" \
wud.watch="false" \
org.label-schema.vendor="Nextcloud"

5
Containers/postgresql/Dockerfile
View file

@ -1,6 +1,6 @@
# syntax=docker/dockerfile:latest
# From https://github.com/docker-library/postgres/blob/master/17/alpine3.21/Dockerfile
FROM postgres:17.5-alpine
# From https://github.com/docker-library/postgres/blob/master/17/alpine3.23/Dockerfile
FROM postgres:17.7-alpine
COPY --chmod=775 start.sh /start.sh
COPY --chmod=775 healthcheck.sh /healthcheck.sh
@ -44,4 +44,5 @@ ENTRYPOINT ["/start.sh"]
HEALTHCHECK CMD /healthcheck.sh
LABEL com.centurylinklabs.watchtower.enable="false" \
wud.watch="false" \
org.label-schema.vendor="Nextcloud"

4
Containers/postgresql/start.sh
View file

@ -128,7 +128,9 @@ EOSQL
fi
# Shut down the database to be able to start it again
pg_ctl stop -m fast
# The smart mode disallows new connections, then waits for all existing clients to disconnect and any online backup to finish
# Wait for 1800s to make sure that a checkpoint is completed successfully
pg_ctl stop -m smart -t 1800
# Change database port back to default
export PGPORT=5432

5
Containers/redis/Dockerfile
View file

@ -1,6 +1,6 @@
# syntax=docker/dockerfile:latest
# From https://github.com/docker-library/redis/blob/master/7.2/alpine/Dockerfile
FROM redis:7.2.9-alpine
# From https://github.com/redis/docker-library-redis/blob/release/8.2/alpine/Dockerfile
FROM redis:8.2.3-alpine
COPY --chmod=775 start.sh /start.sh
@ -21,4 +21,5 @@ ENTRYPOINT ["/start.sh"]
HEALTHCHECK CMD /healthcheck.sh
LABEL com.centurylinklabs.watchtower.enable="false" \
wud.watch="false" \
org.label-schema.vendor="Nextcloud"

5
Containers/talk-recording/Dockerfile
View file

@ -1,10 +1,10 @@
# syntax=docker/dockerfile:latest
FROM python:3.13.5-alpine3.21
FROM python:3.14.2-alpine3.23
COPY --chmod=775 start.sh /start.sh
COPY --chmod=775 healthcheck.sh /healthcheck.sh
ENV RECORDING_VERSION=v0.1
ENV RECORDING_VERSION=v0.2.1
ENV ALLOW_ALL=false
ENV HPB_PROTOCOL=https
ENV NC_PROTOCOL=https
@ -58,4 +58,5 @@ CMD ["python", "-m", "nextcloud.talk.recording", "--config", "/conf/recording.co
HEALTHCHECK CMD /healthcheck.sh
LABEL com.centurylinklabs.watchtower.enable="false" \
wud.watch="false" \
org.label-schema.vendor="Nextcloud"

48
Containers/talk-recording/recording.conf
View file

@ -1,3 +1,5 @@
# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
[logs]
# Log level based on numeric values of Python logging levels:
# - Critical: 50
@ -12,6 +14,11 @@
# IP and port to listen on for HTTP requests.
#listen = 127.0.0.1:8000
[app]
# Comma separated list of trusted proxies (IPs or CIDR networks) that may set
# the "X-Forwarded-For" header.
#trustedproxies =
[backend]
# Allow any hostname as backend endpoint. This is extremely insecure and should
# only be used during development.
@ -100,6 +107,18 @@
# ffmpeg. The options given here fully override the default global options.
#common = ffmpeg -loglevel level+warning -n
# The (additional) options given to ffmpeg for the audio input. The options
# given here extend the default options for the audio input, although they do
# not override them.
# Default options: '-f pulse -i {AUDIO_SOURCE}'
#inputaudio =
# The (additional) options given to ffmpeg for the video input. The options
# given here extend the default options for the video input, although they do
# not override them.
# Default options: '-f x11grab -draw_mouse 0 -video_size {WIDTH}x{HEIGHT} -i {VIDEO_SOURCE}'
#inputvideo =
# The options given to ffmpeg to encode the audio output. The options given here
# fully override the default options for the audio output.
#outputaudio = -c:a libopus
@ -120,4 +139,31 @@
# will use Google Chrome, or Chromium if Google Chrome is not installed.
# Allowed values: firefox, chrome
# Defaults to firefox
# browser = firefox
#browser = firefox
# Path to the Selenium driver to use for recordings.
# If set the driver must match the browser being used (for example,
# "/usr/bin/geckodriver" for "firefox"). If no driver is explicitly set Selenium
# Manager will try to find the right one in $PATH, downloading it as a fallback.
# Note that Selenium Manager does not work in some architectures (for example,
# Linux on arm64/aarch64), so in those architectures the driver must be
# explicitly set.
#driverPath =
# Path to the browser executable to use for recordings.
# If set the executable must match the browser being used (for example,
# "/usr/bin/firefox-esr" for "firefox"). If no executable is explicitly set
# Selenium Manager will try to find the right one in $PATH. Depending on the
# installed Selenium version if the executable is not found Selenium Manager may
# also download the browser as a fallback.
# Note that Selenium Manager does not work in some architectures (for example,
# Linux on arm64/aarch64); in those architectures the Selenium driver will try
# to find the executable, but the executable may need to be explicitly set if
# not found by the driver.
#browserPath =
[stats]
# Comma-separated list of IP addresses (or CIDR networks) that are allowed to
# access the stats endpoint.
# Leave commented to only allow access from "127.0.0.1".
#allowed_ips =

2
Containers/talk-recording/start.sh
View file

@ -59,6 +59,8 @@ extensionvideo = .webm
[recording]
browser = firefox
driverPath = /usr/bin/geckodriver
browserPath = /usr/bin/firefox
RECORDING_CONF
exec "$@"

13
Containers/talk/Dockerfile
View file

@ -1,10 +1,10 @@
# syntax=docker/dockerfile:latest
FROM nats:2.11.6-scratch AS nats
FROM eturnal/eturnal:1.12.1 AS eturnal
FROM strukturag/nextcloud-spreed-signaling:2.0.3 AS signaling
FROM alpine:3.21.3 AS janus
FROM nats:2.12.3-scratch AS nats
FROM eturnal/eturnal:1.12.2-alpine AS eturnal
FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling
FROM alpine:3.23.2 AS janus
ARG JANUS_VERSION=v1.3.1
ARG JANUS_VERSION=v1.3.3
WORKDIR /src
RUN set -ex; \
apk upgrade --no-cache -a; \
@ -35,7 +35,7 @@ RUN set -ex; \
make configs; \
rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample
FROM alpine:3.21.3
FROM alpine:3.23.2
ENV ETURNAL_ETC_DIR="/conf"
ENV SKIP_CERT_VERIFY=false
COPY --from=janus --chmod=777 --chown=1000:1000 /usr/local /usr/local
@ -107,4 +107,5 @@ CMD ["supervisord", "-c", "/supervisord.conf"]
HEALTHCHECK CMD /healthcheck.sh
LABEL com.centurylinklabs.watchtower.enable="false" \
wud.watch="false" \
org.label-schema.vendor="Nextcloud"

22
Containers/talk/server.conf.in
View file

@ -84,7 +84,8 @@ internalsecret = the-shared-secret-for-internal-clients
# For backend type "etcd":
# Key prefix of backend entries. All keys below will be watched and assumed to
# contain a JSON document with the following entries:
# - "url": Url of the Nextcloud instance.
# - "urls": List of urls of the Nextcloud instance.
# - "url": Url of the Nextcloud instance (deprecated).
# - "secret": Shared secret for requests from and to the backend servers.
#
# Additional optional entries:
@ -93,8 +94,8 @@ internalsecret = the-shared-secret-for-internal-clients
# - "sessionlimit": Number of sessions that are allowed to connect.
#
# Example:
# "/signaling/backend/one" -> {"url": "https://nextcloud.domain1.invalid", ...}
# "/signaling/backend/two" -> {"url": "https://domain2.invalid/nextcloud", ...}
# "/signaling/backend/one" -> {"urls": ["https://nextcloud.domain1.invalid"], ...}
# "/signaling/backend/two" -> {"urls": ["https://domain2.invalid/nextcloud"], ...}
#backendprefix = /signaling/backend
# Allow any hostname as backend endpoint. This is extremely insecure and should
@ -122,8 +123,8 @@ connectionsperhost = 8
# Backend configurations as defined in the "[backend]" section above. The
# section names must match the ids used in "backends" above.
#[backend-id]
# URL of the Nextcloud instance
#url = https://cloud.domain.invalid
# Comma-separated list of urls of the Nextcloud instance
#urls = https://cloud.domain.invalid
# Shared secret for requests from and to the backend servers. Leave empty to use
# the common shared secret from above.
@ -143,8 +144,8 @@ connectionsperhost = 8
#maxscreenbitrate = 2097152
#[another-backend]
# URL of the Nextcloud instance
#url = https://cloud.otherdomain.invalid
# Comma-separated list of urls of the Nextcloud instance
#urls = https://cloud.otherdomain.invalid
# Shared secret for requests from and to the backend servers. Leave empty to use
# the common shared secret from above.
@ -179,6 +180,13 @@ connectionsperhost = 8
# proxy server that is used.
#maxscreenbitrate = 2097152
# List of IP addresses / subnets that are allowed to be used by clients in
# candidates. The allowed list has preference over the blocked list below.
#allowedcandidates = 10.0.0.0/8
# List of IP addresses / subnets to filter from candidates received by clients.
#blockedcandidates = 1.2.3.0/24
# For type "proxy": timeout in seconds for requests to the proxy server.
#proxytimeout = 2

2
Containers/talk/start.sh
View file

@ -98,7 +98,7 @@ connectionsperhost = 8
skipverify = ${SKIP_CERT_VERIFY}
[backend-1]
url = https://${NC_DOMAIN}
urls = https://${NC_DOMAIN}
secret = ${SIGNALING_SECRET}
maxstreambitrate = ${TALK_MAX_STREAM_BITRATE}
maxscreenbitrate = ${TALK_MAX_SCREEN_BITRATE}

15
Containers/watchtower/Dockerfile
View file

@ -1,13 +1,21 @@
# syntax=docker/dockerfile:latest
FROM ghcr.io/nicholas-fedor/watchtower:1.11.5 AS watchtower
FROM golang:1.25.6-alpine3.23 AS go
FROM alpine:3.21.3
ENV WATCHTOWER_COMMIT_HASH=f522ce27e1fbe4618da54833025a95be62aa838a
RUN set -ex; \
apk upgrade --no-cache -a; \
apk add --no-cache \
build-base; \
go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.14.0
FROM alpine:3.23.2
RUN set -ex; \
apk upgrade --no-cache -a; \
apk add --no-cache bash ca-certificates tzdata
COPY --from=watchtower /watchtower /watchtower
COPY --from=go /go/bin/watchtower /watchtower
COPY --chmod=775 start.sh /start.sh
@ -16,4 +24,5 @@ USER root
ENTRYPOINT ["/start.sh"]
LABEL com.centurylinklabs.watchtower.enable="false" \
wud.watch="false" \
org.label-schema.vendor="Nextcloud"

2
Containers/watchtower/start.sh
View file

@ -1,7 +1,7 @@
#!/bin/bash
# Check if socket is available and readable
if ! [ -a "/var/run/docker.sock" ]; then
if ! [ -e "/var/run/docker.sock" ]; then
echo "Docker socket is not available. Cannot continue."
exit 1
elif ! test -r /var/run/docker.sock; then

13
Containers/whiteboard/Dockerfile
View file

@ -1,12 +1,16 @@
# syntax=docker/dockerfile:latest
# Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile
FROM ghcr.io/nextcloud-releases/whiteboard:v1.1.2
FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.3
USER root
RUN set -ex; \
apk upgrade --no-cache -a; \
apk add --no-cache bash; \
chmod 777 -R /tmp
apk add --no-cache bash jq; \
chmod 777 -R /tmp; \
if [ -f /usr/lib/chromium/chrome_crashpad_handler ] && [ ! -f /usr/lib/chromium/chrome_crashpad_handler.real ]; then \
mv /usr/lib/chromium/chrome_crashpad_handler /usr/lib/chromium/chrome_crashpad_handler.real; \
printf '%s\n' '#!/bin/sh' "exec /usr/lib/chromium/chrome_crashpad_handler.real --no-periodic-tasks --database=\"\${CRASHPAD_DATABASE:-/tmp/chrome-crashpad}\" \"\$@\"" >/usr/lib/chromium/chrome_crashpad_handler; \
chmod +x /usr/lib/chromium/chrome_crashpad_handler; \
fi
USER 65534
COPY --chmod=775 start.sh /start.sh
@ -19,4 +23,5 @@ WORKDIR /tmp
ENTRYPOINT ["/start.sh"]
LABEL com.centurylinklabs.watchtower.enable="false" \
wud.watch="false" \
org.label-schema.vendor="Nextcloud"

2
Containers/whiteboard/healthcheck.sh
View file

@ -1,4 +1,4 @@
#!/bin/bash
nc -z "$REDIS_HOST" 6379 || exit 0
nc -z "$REDIS_HOST" "$REDIS_PORT" || exit 0
nc -z 127.0.0.1 3002 || exit 1

7
Containers/whiteboard/start.sh
View file

@ -1,7 +1,7 @@
#!/bin/bash
# Only start container if nextcloud is accessible
while ! nc -z "$REDIS_HOST" 6379; do
while ! nc -z "$REDIS_HOST" "$REDIS_PORT"; do
echo "Waiting for redis to start..."
sleep 5
done
@ -11,7 +11,10 @@ if [ -z "$REDIS_DB_INDEX" ]; then
REDIS_DB_INDEX=0
fi
export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX"
# URL-encode password
REDIS_HOST_PASSWORD="$(jq -rn --arg v "$REDIS_HOST_PASSWORD" '$v|@uri')"
export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST:$REDIS_PORT/$REDIS_DB_INDEX"
# Run it
exec npm --prefix /app run server:start

2
app/appinfo/info.xml
View file

@ -13,7 +13,7 @@
<category>monitoring</category>
<bugs>https://github.com/nextcloud/all-in-one/issues</bugs>
<dependencies>
<nextcloud min-version="30" max-version="31"/>
<nextcloud min-version="31" max-version="32"/>
</dependencies>
<settings>

2
community-containers/borgbackup-viewer/readme.md
View file

@ -5,7 +5,7 @@ This container allows to view the local borg repository in a web session. It als
- After adding and starting the container, you need to visit `https://ip.address.of.this.server:5801` in order to log in with the user `nextcloud` and the password that you can see next to the container in the AIO interface. (The web page uses a self-signed certificate, so you need to accept the warning).
- Then, you should see a terminal. There type in `borg mount /mnt/borgbackup/borg /tmp/borg` to mount the backup archive at `/tmp/borg` inside the container. Afterwards type in `nautilus /tmp/borg` which will show a file explorer and allows you to see all the files. You can then copy files and folders back to their initial mountpoints inside `/nextcloud_aio_volumes/`, `/host_mounts/` and `/docker_volumes/`. ⚠️ Be very carefully while doing that as can break your instance!
- After you are done with the operation, click on the terminal in the background and press `[CTRL]+[c]` multiple times to close any open application. Then run `umount /tmp/borg` to unmount the mountpoint correctly.
- You can also delete specific archives by running `borg list`, delete a specific archive e.g. via `borg delete --stats --progress "::20220223_174237-nextcloud-aio"` and compact the archives via `borg compact`. After doing so, make sure to update the backup archives list in the AIO interface! You can do so by clicking on the `Check backup integrity` button or `Create backup` button.
- You can also delete specific archives by running `borg list`, delete a specific archive e.g. via `borg delete --stats --progress "::20220223_174237-nextcloud-aio"` and compact the archives via `borg compact`. After doing so, make sure to update the backup archives list in the AIO interface! You can do so by clicking on the `Update backup list` button in the `Update backup list` section inside the `Backup and restore` section.
- ⚠️ After you are done doing your operations, remove the container for better security again from the stack: https://github.com/nextcloud/all-in-one/tree/main/community-containers#how-to-remove-containers-from-aios-stack
- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack

18
community-containers/caddy/caddy.json
View file

@ -5,7 +5,7 @@
"display_name": "Caddy with geoblocking",
"documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy",
"image": "ghcr.io/szaimen/aio-caddy",
"image_tag": "v2",
"image_tag": "v4",
"internal_port": "443",
"restart": "unless-stopped",
"ports": [
@ -13,17 +13,14 @@
"ip_binding": "",
"port_number": "443",
"protocol": "tcp"
},
{
"ip_binding": "",
"port_number": "443",
"protocol": "udp"
}
],
"environment": [
"TZ=%TIMEZONE%",
"NC_DOMAIN=%NC_DOMAIN%",
"APACHE_PORT=%APACHE_PORT%"
"APACHE_PORT=%APACHE_PORT%",
"APACHE_IP_BINDING=%APACHE_IP_BINDING%",
"NEXTCLOUD_EXPORTER_CADDY_PASSWORD=%NEXTCLOUD_EXPORTER_CADDY_PASSWORD%"
],
"volumes": [
{
@ -37,9 +34,14 @@
"writeable": false
}
],
"secrets": [
"NEXTCLOUD_EXPORTER_CADDY_PASSWORD"
],
"aio_variables": [
"apache_ip_binding=@INTERNAL",
"apache_port=11000"
"apache_port=11000",
"turn_domain=%NC_DOMAIN%",
"talk_port=443"
],
"nextcloud_exec_commands": [
"mkdir '/mnt/ncdata/admin/files/nextcloud-aio-caddy'",

9
community-containers/caddy/readme.md
View file

@ -1,19 +1,24 @@
## Caddy with geoblocking
This container bundles caddy and auto-configures it for you. It also covers [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) by listening on `bw.$NC_DOMAIN`, if installed. It also covers [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart) by listening on `mail.$NC_DOMAIN`, if installed. It also covers [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) by listening on `media.$NC_DOMAIN`, if installed. It also covers [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) by listening on `ldap.$NC_DOMAIN`, if installed. It also covers [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb) by listening on `tables.$NC_DOMAIN`, if installed. It also covers [jellyseerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr) by listening on `requests.$NC_DOMAIN`, if installed.
This container bundles caddy and auto-configures it for you. It also covers [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) by listening on `bw.$NC_DOMAIN`, if installed. It also covers [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart) by listening on `mail.$NC_DOMAIN`, if installed. It also covers [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) by listening on `media.$NC_DOMAIN`, if installed. It also covers [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) by listening on `ldap.$NC_DOMAIN`, if installed. It also covers [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb) by listening on `tables.$NC_DOMAIN`, if installed. It also covers [jellyseerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr) by listening on `requests.$NC_DOMAIN`, if installed. It also covers [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter) by listening on `metrics.$NC_DOMAIN`, if installed.
### Notes
- This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
- Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
- Make sure that no other service is using port 443/tcp on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
- Starting with AIO v12, the Talk port that was usually exposed on port 3478 is now set to port 443 udp and tcp and reachable via `your-nc-domain.com`. For the changes to become activated, you need to go to `https://your-nc-domain.com/settings/admin/talk` and delete all turn and stun servers. Then restart the containers and the new config should become active.
- Starting with AIO v12, you can also limit vaultwarden, stalwart and lldap to certain ip-addresses. You can do so by creating a `allowed-IPs-vaultwarden.txt`, `allowed-IPs-stalwart.txt`, or `allowed-IPs-lldap.txt` file in the `nextcloud-aio-caddy` directory of your admin user and adding the ip-addresses in these files.
- The container also supports the proxy protocol inside caddy. That means that you can run a supported web server in front of port 443/tcp and use the proxy protocol. You can enable this by configuring the `APACHE_IP_BINDING` environmental variable for the mastercontainer and set it to an ip-address from which the protocol shall be accepted. ⚠️ Note that the initial domain validation will not work correctly if you want to use the proxy protocol. So make sure to skip the domain validation in that case. See the [documentation](https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation).
- If you want to use this with [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden), make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
- If you want to use this with [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart), make sure that you point `mail.your-nc-domain.com` to your server using an A, AAAA or CNAME record so that caddy can get a certificate automatically for stalwart.
- If you want to use this with [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin), make sure that you point `media.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyfin.
- If you want to use this with [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap), make sure that you point `ldap.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for lldap.
- If you want to use this with [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb), make sure that you point `tables.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for nocodb.
- If you want to use this with [jellyseerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr), make sure that you point `requests.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyseerr.
- If you want to use this with [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter), make sure that you point `metrics.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for nextcloud-exporter.
- If you want to use this with [local AI with vulkan support](https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai-vulkan), make sure that you point `ai.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for local AI.
- After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!
- You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management
- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
- If you want to remove the container again and revert back to the default, you need to disable the container via the AIO-interface and follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#8-removing-the-reverse-proxy
### Repository
https://github.com/szaimen/aio-caddy

2
community-containers/calcardbackup/readme.md
View file

@ -2,7 +2,7 @@
This container packages calcardbackup which is a tool that exports calendars and addressbooks from Nextcloud to .ics and .vcf files and saves them to a compressed file.
### Notes
- Backups will be created at 00:00 CEST every day. Make sure that this does not conflict with the configured daily backups inside AIO.
- Backups will be created at 00:00 UTC every day. Make sure that this does not conflict with the configured daily backups inside AIO.
- All the exports will be included in AIOs backup solution
- You can find the exports in the nextcloud_aio_calcardbackup volume
- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack

7
community-containers/facerecognition/facerecognition.json
View file

@ -10,18 +10,21 @@
"restart": "unless-stopped",
"environment": [
"TZ=%TIMEZONE%",
"API_KEY=some-super-secret-api-key",
"API_KEY=%FACERECOGNITION_API_KEY%",
"FACE_MODEL=3"
],
"aio_variables": [
"nextcloud_memory_limit=2048M"
],
"secrets": [
"FACERECOGNITION_API_KEY"
],
"enable_nvidia_gpu": false,
"nextcloud_exec_commands": [
"php /var/www/html/occ app:install facerecognition",
"php /var/www/html/occ app:enable facerecognition",
"php /var/www/html/occ config:system:set facerecognition.external_model_url --value nextcloud-aio-facerecognition:5000",
"php /var/www/html/occ config:system:set facerecognition.external_model_api_key --value some-super-secret-api-key",
"php /var/www/html/occ config:system:set facerecognition.external_model_api_key --value %FACERECOGNITION_API_KEY%",
"php /var/www/html/occ face:setup -m 5",
"php /var/www/html/occ face:setup -M 1G",
"php /var/www/html/occ config:app:set facerecognition analysis_image_area --value 4320000",

16
community-containers/languagetool/languagetool.json Normal file
View file

@ -0,0 +1,16 @@
{
"aio_services_v1": [
{
"container_name": "nextcloud-aio-languagetool",
"display_name": "LanguageTool for Collabora",
"documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/languagetool",
"image": "erikvl87/languagetool",
"image_tag": "latest",
"internal_port": "8010",
"restart": "unless-stopped",
"environment": [
"TZ=%TIMEZONE%"
]
}
]
}

13
community-containers/languagetool/readme.md Normal file
View file

@ -0,0 +1,13 @@
## LanguageTool for Collabora
This container bundles a LanguageTool for Collabora which adds spell checking functionality to Collabora.
### Notes
- Make sure to have collabora enabled via the AIO interface
- After adding this container via the AIO Interface, while all containers are still stopped, you need to scroll down to the `Additional Collabora options` section and enter `--o:languagetool.enabled=true --o:languagetool.base_url=http://nextcloud-aio-languagetool:8010/v2`.
- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
### Repository
https://github.com/Erikvl87/docker-languagetool
### Maintainer
https://github.com/szaimen

2
community-containers/lldap/lldap.json
View file

@ -27,7 +27,7 @@
"LLDAP_JWT_SECRET",
"LLDAP_LDAP_USER_PASS"
],
"ui_secret": "LLDAP_JWT_SECRET",
"ui_secret": "LLDAP_LDAP_USER_PASS",
"volumes": [
{
"source": "nextcloud_aio_lldap",

5
community-containers/lldap/readme.md
View file

@ -18,10 +18,7 @@ Functionality with this configuration:
> For simplicity, this configuration is done via the command line (don't worry, it's very simple).
First, you need to retrieve the LLDAP admin password, this will be used later on. Which you need to type in or copy and paste:
```bash
sudo docker inspect nextcloud-aio-lldap | grep LLDAP_LDAP_USER_PASS
```
First, you need to retrieve the LLDAP admin password that you can see next to the container in the AIO interface. There you can configure smtp first and then invite users via mail.
Now go into the Nextcloud container:<br>
**Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management. This script below can be run from inside the container-management container via `bash /lldap.sh`.

2
community-containers/makemkv/readme.md
View file

@ -5,7 +5,7 @@ This container bundles MakeMKV and auto-configures it for you.
- This container should only be run in home networks
- ⚠️ This container mounts all devices from the host inside the container in order to be able to access the external DVD/Blu-ray drives which is a security issue. However no better solution was found for the time being.
- This container only works on Linux and not on Docker-Desktop.
- This container requires the [`NEXTCLOUD_MOUNT` variable in AIO to be set](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host). Otherwise the output will not be saved correctly..
- This container requires the [`NEXTCLOUD_MOUNT` variable in AIO to be set](https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host). Otherwise the output will not be saved correctly..
- After adding and starting the container, you need to visit `https://internal.ip.of.server:5802` in order to log in with the `makemkv` user and the password that you can see next to the container in the AIO interface. (The web page uses a self-signed certificate, so you need to accept the warning).
- After the first login, you can adjust the `/output` directory in the MakeMKV settings to a subdirectory of the root of your chosen `NEXTCLOUD_MOUNT`. (by default `NEXTCLOUD_MOUNT` is mounted to `/output` inside the container. Thus all data is written to the root of it)
- The configured `NEXTCLOUD_DATADIR` is getting mounted to `/storage` inside the container.

41
community-containers/minio/minio.json Normal file
View file

@ -0,0 +1,41 @@
{
"aio_services_v1": [
{
"container_name": "nextcloud-aio-minio",
"image_tag": "v2",
"display_name": "Minio S3 Storage",
"documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/minio",
"image": "ghcr.io/szaimen/aio-minio",
"internal_port": "9000",
"environment": [
"MINIO_ROOT_USER=nextcloud",
"MINIO_ROOT_PASSWORD=%MINIO_ROOT_PASSWORD%"
],
"secrets": [
"MINIO_ROOT_PASSWORD"
],
"volumes": [
{
"source": "nextcloud_aio_minio",
"destination": "/data",
"writeable": true
}
],
"backup_volumes": [
"nextcloud_aio_minio"
],
"nextcloud_exec_commands": [
"php /var/www/html/occ config:system:set objectstore class --value 'OC\\Files\\ObjectStore\\S3'",
"php /var/www/html/occ config:system:set objectstore arguments autocreate --value true --type bool",
"php /var/www/html/occ config:system:set objectstore arguments use_path_style --value true --type bool",
"php /var/www/html/occ config:system:set objectstore arguments use_ssl --value false --type bool",
"php /var/www/html/occ config:system:set objectstore arguments region --value ''",
"php /var/www/html/occ config:system:set objectstore arguments bucket --value nextcloud",
"php /var/www/html/occ config:system:set objectstore arguments key --value nextcloud",
"php /var/www/html/occ config:system:set objectstore arguments secret --value %MINIO_ROOT_PASSWORD%",
"php /var/www/html/occ config:system:set objectstore arguments port --value 9000",
"php /var/www/html/occ config:system:set objectstore arguments hostname --value nextcloud-aio-minio"
]
}
]
}

18
community-containers/minio/readme.md Normal file
View file

@ -0,0 +1,18 @@
## Minio
This container bundles minio s3 storage and auto-configures it for you.
>[!WARNING]
> Enabling this container will remove access to all the files formerly written to the data directory.
> So only enable this on a clean instance directly after installing AIO.
> All additional users that are added via Nextcloud afterwards are going to work correctly.
> Also, after enabling and using it, make sure to not disable the container as you cannot migrate from s3 to local storage anymore and s3 is a critical part of your infrastructure from then on.
### Notes
- The data of Minio will be automatically included in AIOs backup solution!
- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
### Repository
https://github.com/szaimen/aio-minio
### Maintainer
https://github.com/szaimen

35
community-containers/nextcloud-exporter/nextcloud-exporter.json Normal file
View file

@ -0,0 +1,35 @@
{
"aio_services_v1": [
{
"container_name": "nextcloud-aio-nextcloud-exporter",
"display_name": "Prometheus Nextcloud Exporter",
"documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter",
"image": "ghcr.io/xperimental/nextcloud-exporter",
"image_tag": "0.9.0",
"internal_port": "9205",
"restart": "unless-stopped",
"ports": [
{
"ip_binding": "127.0.0.1",
"port_number": "9205",
"protocol": "tcp"
}
],
"environment": [
"TZ=%TIMEZONE%",
"NEXTCLOUD_SERVER=https://%NC_DOMAIN%",
"NEXTCLOUD_AUTH_TOKEN=%NEXTCLOUD_EXPORTER_TOKEN%",
"NEXTCLOUD_LISTEN_ADDRESS=0.0.0.0:9205",
"NEXTCLOUD_TIMEOUT=5s"
],
"ui_secret": "NEXTCLOUD_EXPORTER_CADDY_PASSWORD",
"secrets": [
"NEXTCLOUD_EXPORTER_TOKEN",
"NEXTCLOUD_EXPORTER_CADDY_PASSWORD"
],
"nextcloud_exec_commands": [
"php /var/www/html/occ config:app:set serverinfo token --value %NEXTCLOUD_EXPORTER_TOKEN%"
]
}
]
}

72
community-containers/nextcloud-exporter/readme.md Normal file
View file

@ -0,0 +1,72 @@
## Prometheus Nextcloud Exporter
A Prometheus exporter that collects metrics from your Nextcloud instance for monitoring and alerting.
### How to install
See the [Community Containers documentation](https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers) for instructions on how to install this in your Nextcloud All-in-One setup.
### Security & Access
**Important:** This container is configured to bind only to `127.0.0.1` (localhost) for security reasons. Prometheus exporters typically don't include authentication, so direct network exposure is not recommended.
#### Access Options
1. **With Caddy Container (Recommended)**: If you also install the [Caddy community container](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy), it will automatically configure secure HTTPS access to your metrics with authentication at `metrics.your-domain.com`
**Getting Authentication Credentials**:
- **Username**: Always `metrics`
- **Password**: After deploying the nextcloud-exporter container, the automatically generated password will be displayed in the AIO interface. Look for it in the container section below the container name "Prometheus Nextcloud Exporter".
2. **Custom Reverse Proxy**: Set up your own reverse proxy (nginx, Apache, etc.) to provide HTTPS and authentication. See configuration guides:
- [NGINX Authentication](https://nginx.org/en/docs/http/ngx_http_auth_basic_module.html) + [Reverse Proxy](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/)
- [Apache Authentication](https://httpd.apache.org/docs/2.4/howto/auth.html) + [Reverse Proxy](https://httpd.apache.org/docs/2.4/mod/mod_proxy.html)
- [Traefik BasicAuth](https://doc.traefik.io/traefik/middlewares/http/basicauth/)
- [Prometheus Security Best Practices](https://prometheus.io/docs/operating/security/)
3. **Direct Local Access**: Access metrics directly from the server at `http://127.0.0.1:9205/metrics` (no authentication)
### What it monitors
- User activity (active users hourly, daily)
- File counts and storage usage
- System health and database size
- App statistics and update availability
- Nextcloud performance metrics
### Prometheus Configuration
For **local server access** (if Prometheus runs on the same server):
```yaml
scrape_configs:
- job_name: 'nextcloud'
scrape_interval: 90s
static_configs:
- targets: ['127.0.0.1:9205']
metrics_path: /metrics
scheme: http
```
For **Caddy integration** (secure external access):
```yaml
scrape_configs:
- job_name: 'nextcloud'
scrape_interval: 90s
static_configs:
- targets: ['metrics.your-domain.com']
metrics_path: /
scheme: https
basic_auth:
username: 'metrics'
password: 'your-generated-password'
```
### Visualization
Compatible with Grafana for creating monitoring dashboards:
- Pre-built dashboard available: [Grafana Dashboard #20716](https://grafana.com/grafana/dashboards/20716-nextcloud/)
### Repository
https://github.com/xperimental/nextcloud-exporter
### Maintainer
https://github.com/grotax

23
community-containers/notifications/notifications.json Normal file
View file

@ -0,0 +1,23 @@
{
"aio_services_v1": [
{
"container_name": "nextcloud-aio-notifications",
"display_name": "Notifications",
"documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/notifications",
"image": "ghcr.io/szaimen/aio-notifications",
"image_tag": "v1",
"internal_port": "10000",
"restart": "unless-stopped",
"volumes": [
{
"source": "%WATCHTOWER_DOCKER_SOCKET_PATH%",
"destination": "/var/run/docker.sock",
"writeable": false
}
],
"environment": [
"TZ=%TIMEZONE%"
]
}
]
}

12
community-containers/notifications/readme.md Normal file
View file

@ -0,0 +1,12 @@
## Notifications
This container allows other AIO community containers to send admin notifications to Nextcloud users.
### Notes
- It needs to be enabled for the [scrutiny container](https://github.com/nextcloud/all-in-one/tree/main/community-containers/scrutiny) for example to make use of admin notifications that are sent if a smartctl failure was found.
- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
### Repository
https://github.com/szaimen/aio-notifications
### Maintainer
https://github.com/szaimen

2
community-containers/scrutiny/readme.md
View file

@ -6,7 +6,7 @@ This container bundles Scrutiny which is a frontend for SMART stats and auto-con
- ⚠️ This container mounts all devices from the host inside the container in order to be able to access the drives and smartctl stats which is a security issue. However no better solution was found for the time being.
- This container only works on Linux and not on Docker-Desktop.
- After adding and starting the container, you need to visit `http://internal.ip.of.server:8000` which will show the dashboard for your drives.
- It currently does not support sending notifications as no good solution was found yet that makes this possible. See https://github.com/szaimen/aio-scrutiny/issues/3
- It supports sending notifications in case of a smartctl failure if you enable the notifications community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/notifications
- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
### Repository

2
community-containers/scrutiny/scrutiny.json
View file

@ -5,7 +5,7 @@
"display_name": "Scrutiny",
"documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/scrutiny",
"image": "ghcr.io/szaimen/aio-scrutiny",
"image_tag": "v1",
"image_tag": "v2",
"internal_port": "8000",
"init": false,
"restart": "unless-stopped",

1
community-containers/smbserver/readme.md
View file

@ -3,7 +3,6 @@ This container bundles an SMB-server and allows to configure it via a graphical
### Notes
- This container should only be run in home networks
- This container currently only works on amd64. See https://github.com/szaimen/aio-smbserver/issues/3
- After adding and starting the container, you need to visit `https://internal.ip.of.server:5803` in order to log in with the `smbserver` user and the password that you can see next to the container in the AIO interface. (The web page uses a self-signed certificate, so you need to accept the warning). Then type in `bash /smbserver.sh` and you will see a graphical UI for configuring the smb-server interactively.
- The config data of SMB-server will be automatically included in AIOs backup solution!
- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack

3
community-containers/stalwart/stalwart.json
View file

@ -48,7 +48,8 @@
"environment": [
"TZ=%TIMEZONE%",
"NC_DOMAIN=%NC_DOMAIN%",
"STALWART_USER_PASS=%STALWART_USER_PASS%"
"STALWART_USER_PASS=%STALWART_USER_PASS%",
"CLAMAV_ENABLED=%CLAMAV_ENABLED%"
],
"secrets": [
"STALWART_USER_PASS"

Some files were not shown because too many files have changed in this diff Show more