eightball/all-in-one
1
0
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2025-12-19 22:16:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

fix a bug with aio-caddy now proxying all traffic to aio-talk

Browse source 
Signed-off-by: Simon L. <szaimen@e.mail.de>
This commit is contained in:
Simon L. 2025-11-13 15:17:03 +01:00
parent 7560694535
commit 9a684e8b3b
3 changed files with 8 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

8
community-containers/caddy/caddy.json
View file

@ -24,9 +24,7 @@
"TZ=%TIMEZONE%", "TZ=%TIMEZONE%",
"NC_DOMAIN=%NC_DOMAIN%", "NC_DOMAIN=%NC_DOMAIN%",
"APACHE_PORT=%APACHE_PORT%", "APACHE_PORT=%APACHE_PORT%",
"NEXTCLOUD_EXPORTER_CADDY_PASSWORD=%NEXTCLOUD_EXPORTER_CADDY_PASSWORD%", "NEXTCLOUD_EXPORTER_CADDY_PASSWORD=%NEXTCLOUD_EXPORTER_CADDY_PASSWORD%"
"turn_domain=turn.%NC_DOMAIN%",
"talk_port=443"
], ],
"volumes": [ "volumes": [
{ {
@ -45,7 +43,9 @@
], ],
"aio_variables": [ "aio_variables": [
"apache_ip_binding=@INTERNAL", "apache_ip_binding=@INTERNAL",
"apache_port=11000" "apache_port=11000",
"turn_domain=turn.%NC_DOMAIN%",
"talk_port=443"
], ],
"nextcloud_exec_commands": [ "nextcloud_exec_commands": [
"mkdir '/mnt/ncdata/admin/files/nextcloud-aio-caddy'", "mkdir '/mnt/ncdata/admin/files/nextcloud-aio-caddy'",

2
community-containers/caddy/readme.md
View file

@ -4,7 +4,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau
### Notes ### Notes
- This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time! - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
- Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO. - Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
- Starting with AIO v12, the Talk port that was usually exposed on port 3478 is now set to port 443 udp and tcp and reachable via `turn.your-nc-domain.com`. So instead of opening port 3478, you need to configure the mentioned subdomain by using a cname record. - Starting with AIO v12, the Talk port that was usually exposed on port 3478 is now set to port 443 udp and tcp and reachable via `turn.your-nc-domain.com`. So instead of opening port 3478, you need to configure the mentioned subdomain by using a cname record. For the changes to become activated, you need to go to `https://your-nc-domain.com/settings/admin/talk` and delete all turn and stun servers. Then restart the containers and the new config should become active.
- Starting with AIO v12, you can also limit vaultwarden, stalwart and lldap to certain ip-addresses. You can do so by creating a `allowed-IPs-vaultwarden.txt`, `allowed-IPs-stalwart.txt`, or `allowed-IPs-lldap.txt` file in the `nextcloud-aio-caddy` directory of your admin user and adding the ip-addresses in these files. - Starting with AIO v12, you can also limit vaultwarden, stalwart and lldap to certain ip-addresses. You can do so by creating a `allowed-IPs-vaultwarden.txt`, `allowed-IPs-stalwart.txt`, or `allowed-IPs-lldap.txt` file in the `nextcloud-aio-caddy` directory of your admin user and adding the ip-addresses in these files.
- If you want to use this with [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden), make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden. - If you want to use this with [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden), make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
- If you want to use this with [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart), make sure that you point `mail.your-nc-domain.com` to your server using an A, AAAA or CNAME record so that caddy can get a certificate automatically for stalwart. - If you want to use this with [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart), make sure that you point `mail.your-nc-domain.com` to your server using an A, AAAA or CNAME record so that caddy can get a certificate automatically for stalwart.

5
php/src/Docker/DockerActionManager.php
View file

@ -225,6 +225,7 @@ readonly class DockerActionManager {
$aioVariables = $container->GetAioVariables()->GetVariables(); $aioVariables = $container->GetAioVariables()->GetVariables();
foreach ($aioVariables as $variable) { foreach ($aioVariables as $variable) {
$config = $this->configurationManager->GetConfig(); $config = $this->configurationManager->GetConfig();
$variable = $this->replaceEnvPlaceholders($variable);
$variableArray = explode('=', $variable); $variableArray = explode('=', $variable);
$config[$variableArray[0]] = $variableArray[1]; $config[$variableArray[0]] = $variableArray[1];
$this->configurationManager->WriteConfig($config); $this->configurationManager->WriteConfig($config);
@ -283,8 +284,8 @@ readonly class DockerActionManager {
} }
} else if ($port === '%TALK_PORT%') { } else if ($port === '%TALK_PORT%') {
$port = $this->configurationManager->GetTalkPort(); $port = $this->configurationManager->GetTalkPort();
// Skip publishing talk port if it is set to the same value like the apache port // Skip publishing talk port if it is set to 443
if ($port === $this->configurationManager->GetApachePort()) { if ($port === '443') {
continue; continue;
} }
} }