compose.yaml: move the security_opt setting up for easier discovery

Signed-off-by: Simon L. <szaimen@e.mail.de>
Merge pull request #6798 from nextcloud/enh/6797/adjust-permissions
2026-02-15 18:20:20 +00:00 · 2025-08-28 15:59:37 +02:00 · 2025-08-28 11:09:11 +02:00 · 2025-08-28 10:28:14 +02:00 · 2025-08-28 09:10:09 +02:00 · 2025-08-28 09:09:48 +02:00
4 changed files with 5 additions and 4 deletions
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM caddy:2.10.0-alpine AS caddy
+FROM caddy:2.10.2-alpine AS caddy

 # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
 FROM httpd:2.4.65-alpine3.22
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@ -4,8 +4,9 @@ FROM alpine:3.22.1
 RUN set -ex; \
    apk upgrade --no-cache -a; \
    apk add --no-cache tzdata clamav supervisor bash; \
-    mkdir -p /run/clamav /var/log/supervisord /var/run/supervisord; \
+    mkdir -p /var/lib/clamav /run/clamav /var/log/supervisord /var/run/supervisord; \
    chmod 777 -R /run/clamav /var/log/clamav /var/log/supervisord /var/run/supervisord; \
+    chown -R 100:100 /var/lib/clamav; \
    sed -i "s|#\?MaxDirectoryRecursion.*|MaxDirectoryRecursion 30|g" /etc/clamav/clamd.conf; \
    sed -i "s|#\?MaxFileSize.*|MaxFileSize 2G|g" /etc/clamav/clamd.conf; \
    sed -i "s|#\?PCREMaxFileSize.*|PCREMaxFileSize aio-placeholder|g" /etc/clamav/clamd.conf; \
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@ -3,7 +3,7 @@
 FROM docker:28.3.3-cli AS docker

 # Caddy is a requirement
-FROM caddy:2.10.0-alpine AS caddy
+FROM caddy:2.10.2-alpine AS caddy

 # From https://github.com/docker-library/php/blob/master/8.4/alpine3.22/fpm/Dockerfile
 FROM php:8.4.11-fpm-alpine3.22
--- a/compose.yaml
+++ b/compose.yaml
@ -12,6 +12,7 @@ services:
      - 80:80 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
      - 8080:8080
      - 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+    # security_opt: ["label:disable"] # Is needed when using SELinux
    # environment: # Is needed when using any of the options below
      # AIO_DISABLE_BACKUP_SECTION: false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section
      # APACHE_PORT: 11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
@ -35,7 +36,6 @@ services:
      # SKIP_DOMAIN_VALIDATION: false # This should only be set to true if things are correctly configured. See https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-skip-the-domain-validation
      # TALK_PORT: 3478 # This allows to adjust the port that the talk container is using which is exposed on the host. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port
      # WATCHTOWER_DOCKER_SOCKET_PATH: /var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
-    # security_opt: ["label:disable"] # Is needed when using SELinux

 #   # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/discussions/575
 #   # Alternatively, use Tailscale if you don't have a domain yet. See https://github.com/nextcloud/all-in-one/discussions/5439
Author	SHA1	Message	Date
Simon L.	3badbf2d05	compose.yaml: move the security_opt setting up for easier discovery Some checks are pending Codespell / Check spelling (push) Waiting to run Details Docker Lint / docker-lint (push) Waiting to run Details Signed-off-by: Simon L. <szaimen@e.mail.de>	2025-08-28 15:59:37 +02:00
Simon L.	074418dc73	Merge pull request #6798 from nextcloud/enh/6797/adjust-permissions clamav: set permissions for `/var/lib/clamav` correctly	2025-08-28 11:09:11 +02:00
Simon L.	a2394e4621	clamav: set permissions for `/var/lib/clamav` correctly Signed-off-by: Simon L. <szaimen@e.mail.de>	2025-08-28 10:28:14 +02:00
Simon L.	d05dca85ea	Merge pull request #6800 from nextcloud/dependabot/docker/Containers/apache/caddy-2.10.2-alpine build(deps): bump caddy from 2.10.0-alpine to 2.10.2-alpine in /Containers/apache	2025-08-28 09:10:09 +02:00
Simon L.	2a49bfff20	Merge pull request #6799 from nextcloud/dependabot/docker/Containers/mastercontainer/caddy-2.10.2-alpine build(deps): bump caddy from 2.10.0-alpine to 2.10.2-alpine in /Containers/mastercontainer	2025-08-28 09:09:48 +02:00
dependabot[bot]	1e579b049e	build(deps): bump caddy in /Containers/apache Bumps caddy from 2.10.0-alpine to 2.10.2-alpine. --- updated-dependencies: - dependency-name: caddy dependency-version: 2.10.2-alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-08-28 05:55:45 +00:00
dependabot[bot]	bc04ee6aea	build(deps): bump caddy in /Containers/mastercontainer Bumps caddy from 2.10.0-alpine to 2.10.2-alpine. --- updated-dependencies: - dependency-name: caddy dependency-version: 2.10.2-alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-08-28 05:49:58 +00:00