From e52e5df09b5e5c3ed900f7c7dac76c8c692579e5 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 23 Sep 2024 17:32:57 +0200 Subject: [PATCH 0001/1391] helm: adjust initcontainer: use fixed alpine tag Signed-off-by: Simon L. --- .../templates/nextcloud-aio-apache-deployment.yaml | 2 +- .../templates/nextcloud-aio-clamav-deployment.yaml | 4 ++-- .../nextcloud-aio-database-deployment.yaml | 4 ++-- .../nextcloud-aio-fulltextsearch-deployment.yaml | 2 +- .../nextcloud-aio-nextcloud-deployment.yaml | 4 ++-- .../nextcloud-aio-notify-push-deployment.yaml | 2 +- .../nextcloud-aio-onlyoffice-deployment.yaml | 2 +- .../templates/nextcloud-aio-redis-deployment.yaml | 2 +- nextcloud-aio-helm-chart/update-helm.sh | 14 +++++++------- 9 files changed, 18 insertions(+), 18 deletions(-) diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml index 2dd3d6d6..724f69d3 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml @@ -25,7 +25,7 @@ spec: spec: initContainers: - name: init-volumes - image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine" + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20" command: - chmod - "777" diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml index 2ef68d5c..87896471 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml @@ -26,7 +26,7 @@ spec: spec: initContainers: - name: init-subpath - image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine" + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20" command: - mkdir - "-p" @@ -36,7 +36,7 @@ spec: - name: nextcloud-aio-clamav mountPath: /nextcloud-aio-clamav - name: init-volumes - image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine" + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20" command: - chown - 100:100 diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml index 76e2726b..e34ad74e 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml @@ -25,7 +25,7 @@ spec: spec: initContainers: - name: init-subpath - image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine" + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20" command: - mkdir - "-p" @@ -38,7 +38,7 @@ spec: - name: nextcloud-aio-database mountPath: /nextcloud-aio-database - name: init-volumes - image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine" + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20" command: - chown - 999:999 diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml index e9f5b5e8..dc0991e8 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml @@ -26,7 +26,7 @@ spec: spec: initContainers: - name: init-volumes - image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine" + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20" command: - chmod - "777" diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml index dd603c2f..d5447ac5 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml @@ -25,7 +25,7 @@ spec: spec: initContainers: - name: "delete-lost-found" - image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine" + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20" command: - rm - "-rf" @@ -36,7 +36,7 @@ spec: - name: nextcloud-aio-nextcloud mountPath: /nextcloud-aio-nextcloud - name: init-volumes - image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine" + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20" command: - chmod - "777" diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml index 19389991..523031f0 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml @@ -25,7 +25,7 @@ spec: spec: initContainers: - name: init-volumes - image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine" + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20" command: - chmod - "777" diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml index 1334e074..f78a8fda 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml @@ -26,7 +26,7 @@ spec: spec: initContainers: - name: init-volumes - image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine" + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20" command: - chmod - "777" diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml index 985314c8..0def6e59 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml @@ -25,7 +25,7 @@ spec: spec: initContainers: - name: init-volumes - image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine" + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20" command: - chmod - "777" diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh index 9267ab07..31111b71 100755 --- a/nextcloud-aio-helm-chart/update-helm.sh +++ b/nextcloud-aio-helm-chart/update-helm.sh @@ -59,7 +59,7 @@ find ./ -name '*networkpolicy.yaml' -exec sed -i "s|manual-install-nextcloud-aio cat << EOL > /tmp/initcontainers initContainers: - name: init-volumes - image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine" + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20" command: - chmod - "777" @@ -68,14 +68,14 @@ EOL cat << EOL > /tmp/initcontainers.database initContainers: - name: init-subpath - image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine" + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20" command: - mkdir - "-p" - /nextcloud-aio-database/data volumeMountsInitContainer: - name: init-volumes - image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine" + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20" command: - chown - 999:999 @@ -85,14 +85,14 @@ EOL cat << EOL > /tmp/initcontainers.clamav initContainers: - name: init-subpath - image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine" + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20" command: - mkdir - "-p" - /nextcloud-aio-clamav/data volumeMountsInitContainer: - name: init-volumes - image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine" + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20" command: - chown - 100:100 @@ -102,14 +102,14 @@ EOL cat << EOL > /tmp/initcontainers.nextcloud initContainers: - name: "delete-lost-found" - image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine" + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20" command: - rm - "-rf" - "/nextcloud-aio-nextcloud/lost+found" volumeMountsInitRmLostFound: - name: init-volumes - image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine" + image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20" command: - chmod - "777" From 17362bc23489a38e3ae9b52511421302bc635541 Mon Sep 17 00:00:00 2001 From: lll <2844835+flll@users.noreply.github.com> Date: Sun, 13 Oct 2024 18:56:34 +0900 Subject: [PATCH 0002/1391] [reverse-proxy.md] Add Tailscale integration setup - Detailed explanation of integrating Tailscale, Caddy, and AIO - Add example configuration for Compose file - Include example Caddyfile configuration - Provide instructions for setting environment variables - Include notes on security and network configuration Signed-off-by: lll <2844835+flll@users.noreply.github.com> --- reverse-proxy.md | 159 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 159 insertions(+) diff --git a/reverse-proxy.md b/reverse-proxy.md index 1ea7b179..828a1aea 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -707,6 +707,165 @@ Add the following `web.config` file to the root of the site you created as the r +### Tailscale + +
+ +click here to expand + +**Disclaimer:** It might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome! + +This setup integrates Nextcloud All-in-One (AIO) with Tailscale, using Caddy as a reverse proxy. +Since Tailscale currently only allows communication with localhost(127.0.0.1), we use a sidecar with Caddy to communicate with AIO. + +- Enhanced security with ACL usage within Tailnet +- ACME certificate issuance without port forwarding (Tailnet only) +- Possibility to expose Nextcloud externally using Tailscale's `serve.json` configuration (This document does not provide an example of `serve.json`) + + +### 1. Set Environment Variables + +Set the following environment variables: + +```env +TS_HOSTNAME=nextcloud # Hostname in Tailnet +NC_DOMAIN=nextcloud.your-tailnet.ts.net # Format: {$TS_HOSTNAME}.{$tailnetdomain}.ts.net +TS_AUTH_KEY=tskey-client-kXGGbs6CNTRL # OAuth client key recommended +TS_EXTRA_ARGS=--advertise-tags=tag:nextcloud # For OAuth client key usage +``` + +>[!NOTE] +> Ensure NC_DOMAIN is in the correct format. +> When using OAuth client key, set tags in TS_EXTRA_ARGS and define them in ACL. +> +> For more detailed information, please refer to: +> https://tailscale.com/blog/docker-tailscale-guide + +### 2. Configure Docker Compose File +Create a compose.yml file with the following content. Replace environment variables as appropriate. + +#### compose.yml + +```yml +services: + nextcloud-aio-mastercontainer: + image: nextcloud/all-in-one:latest + init: true + restart: always + container_name: nextcloud-aio-mastercontainer # This line cannot be changed. + volumes: + - nextcloud_aio_mastercontainer:/mnt/docker-aio-config + - /var/run/docker.sock:/var/run/docker.sock:ro + networks: + - nextcloud-aio + ports: + - 0.0.0.0:8080:8080 + environment: + APACHE_PORT: 11000 + APACHE_IP_BINDING: 127.0.0.1 + SKIP_DOMAIN_VALIDATION: true + + caddy: + image: caddy:alpine + restart: unless-stopped + environment: + - NC_DOMAIN=nextcloud.your-tailnet.ts.net # Change this to your domain ending with .ts.net in the format {$TS_HOSTNAME}.{tailnetdomain} + volumes: + - type: bind + source: ./Caddyfile + target: /etc/caddy/Caddyfile + - type: volume + source: caddy_certs + target: /certs + - type: volume + source: caddy_data + target: /data + - type: volume + source: caddy_config + target: /config + - type: volume + source: tailscale_sock + target: /var/run/tailscale/ # Mount the volume for /var/run/tailscale/tailscale.sock + read_only: true + network_mode: service:tailscale + + tailscale: + image: tailscale/tailscale:latest + environment: + - TS_HOSTNAME=nextcloud # Enter the hostname for your tailnet + - TS_AUTH_KEY=tskey-client-kXGGbs6CNTRL # OAuth client key recommended + - TS_EXTRA_ARGS=--advertise-tags=tag:nextcloud # Tags are required when using OAuth client + init: true + restart: unless-stopped + volumes: + - /dev/net/tun:/dev/net/tun + - type: volume + source: tailscale + target: /var/lib/tailscale + - type: volume + source: tailscale_sock + target: /tmp # Mounting the entire /tmp folder to access tailscale.sock + cap_add: + - NET_ADMIN + - NET_RAW + networks: + - nextcloud-aio + +volumes: + nextcloud_aio_mastercontainer: + name: nextcloud_aio_mastercontainer # This line cannot be changed. + caddy_certs: + name: caddy_certs + caddy_data: + name: caddy_data + caddy_config: + name: caddy_config + tailscale: + name: tailscale + tailscale_sock: + name: tailscale_sock + +networks: + nextcloud-aio: + name: nextcloud-aio + driver: bridge + enable_ipv6: false + driver_opts: + com.docker.network.driver.mtu: "9001" # Jumbo Frame + com.docker.network.bridge.host_binding_ipv4: "127.0.0.1" # Harden aio +``` + +>[!IMPORTANT] +> Make sure to replace `NC_DOMAIN`, `TS_HOSTNAME`, `TS_AUTH_KEY`, and `TS_EXTRA_ARGS` with your actual values before running the docker compose file. + + +### 3. Create Caddyfile +Create a Caddyfile in the current directory with the following content: + +#### Caddyfile + +```Caddyfile +https://{$NC_DOMAIN}:443 { + reverse_proxy nextcloud-aio-apache:11000 +} +``` + +>[!NOTE] +> Do not manually replace the `{$NC_DOMAIN}` variable. It will be automatically populated with the value set in your environment variables. + + + +### 4. Set Up Nextcloud AIO +1. Run `docker compose up -d` +1. Connect to https://ip.address.of.server:8080/ +1. Enter the configured $NC_DOMAIN +1. Provision Nextcloud +1. Connect to `https://$NC_DOMAIN/` (e.g., https://nextcloud.your-tailnet.ts.net/) +1. Setup complete! + +
+ + ### Others
From 5cf711399fbbf87515cf8ffcc7f0faf59c38869d Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 16 Oct 2024 12:30:31 +0200 Subject: [PATCH 0003/1391] nextcloud: add `documentation_url.server_logs` Signed-off-by: Simon L. --- Containers/nextcloud/entrypoint.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh index 1abbcd5e..71b0a315 100644 --- a/Containers/nextcloud/entrypoint.sh +++ b/Containers/nextcloud/entrypoint.sh @@ -531,6 +531,7 @@ php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool - php /var/www/html/occ config:system:set davstorage.request_timeout --value="$PHP_MAX_TIME" --type=int php /var/www/html/occ config:system:set trusted_domains 1 --value="$NC_DOMAIN" php /var/www/html/occ config:system:set overwrite.cli.url --value="https://$NC_DOMAIN/" +php /var/www/html/occ config:system:set documentation_url.server_logs --value="https://github.com/nextcloud/all-in-one/discussions/5425" php /var/www/html/occ config:system:set htaccess.RewriteBase --value="/" php /var/www/html/occ maintenance:update:htaccess From 7ac2d60e51ed49e0cc27bd5ff71b389712157743 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 17 Oct 2024 13:20:33 +0200 Subject: [PATCH 0004/1391] local-ai: add hint how to improve ai task pickup speed Signed-off-by: Simon L. --- community-containers/local-ai/readme.md | 1 + 1 file changed, 1 insertion(+) diff --git a/community-containers/local-ai/readme.md b/community-containers/local-ai/readme.md index c74ebc9f..f0c7ea0f 100644 --- a/community-containers/local-ai/readme.md +++ b/community-containers/local-ai/readme.md @@ -19,6 +19,7 @@ This container bundles Local AI and auto-configures it for you. name: gpt4all-j ``` - To make it work, you first need to browse `https://your-nc-domain.com/settings/admin/ai` and enable or disable specific features for your models in the openAI settings. Afterwards using the Nextcloud Assistant should work. +- See [this guide](https://github.com/nextcloud/all-in-one/discussions/5430) for how to improve AI task pickup speed - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack ### Repository From 814a1eca53b6c8fbd4cb3ea952826da387f7f609 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Thu, 17 Oct 2024 12:02:46 +0000 Subject: [PATCH 0005/1391] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index 815580e9..298a4ab7 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -134,16 +134,16 @@ }, { "name": "guzzlehttp/promises", - "version": "2.0.3", + "version": "2.0.4", "source": { "type": "git", "url": "https://github.com/guzzle/promises.git", - "reference": "6ea8dd08867a2a42619d65c3deb2c0fcbf81c8f8" + "reference": "f9c436286ab2892c7db7be8c8da4ef61ccf7b455" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/guzzle/promises/zipball/6ea8dd08867a2a42619d65c3deb2c0fcbf81c8f8", - "reference": "6ea8dd08867a2a42619d65c3deb2c0fcbf81c8f8", + "url": "https://api.github.com/repos/guzzle/promises/zipball/f9c436286ab2892c7db7be8c8da4ef61ccf7b455", + "reference": "f9c436286ab2892c7db7be8c8da4ef61ccf7b455", "shasum": "" }, "require": { @@ -197,7 +197,7 @@ ], "support": { "issues": "https://github.com/guzzle/promises/issues", - "source": "https://github.com/guzzle/promises/tree/2.0.3" + "source": "https://github.com/guzzle/promises/tree/2.0.4" }, "funding": [ { @@ -213,7 +213,7 @@ "type": "tidelift" } ], - "time": "2024-07-18T10:29:17+00:00" + "time": "2024-10-17T10:06:22+00:00" }, { "name": "guzzlehttp/psr7", From 2b6e81c0745923005589973d8b4064864e5d9362 Mon Sep 17 00:00:00 2001 From: ernolf Date: Thu, 17 Oct 2024 17:05:07 +0200 Subject: [PATCH 0006/1391] fix(ui): make loading-overlay cover the logout button Signed-off-by: ernolf --- php/public/style.css | 4 ++-- php/templates/containers.twig | 5 +---- php/templates/layout.twig | 5 ++++- php/templates/login.twig | 5 +---- 4 files changed, 8 insertions(+), 11 deletions(-) diff --git a/php/public/style.css b/php/public/style.css index 9a1e578f..6c01613f 100644 --- a/php/public/style.css +++ b/php/public/style.css @@ -418,6 +418,7 @@ label { font-size: 36px; /* Adjust font size */ cursor: pointer; /* Change cursor to pointer */ outline: none; + z-index: 9999; /* Ensures the icon is on top of every layer */ } /* Icon styling: default state */ @@ -449,7 +450,6 @@ label { position: relative; /* Ensures stacking order */ filter: grayscale(0%); /* Restore full color */ opacity: 1; /* Fully visible on hover */ - z-index: 1; /* Ensures the icon is on top of the shadow */ } /* Inner glow when hovered */ @@ -461,4 +461,4 @@ label { /* Remove hover effects when not hovering */ #theme-toggle:not(:hover) #theme-icon { opacity: 0.6; /* Slightly transparent */ -} \ No newline at end of file +} diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 4017cf8c..87df4758 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -683,7 +683,4 @@ -
-
-
-{% endblock %} \ No newline at end of file +{% endblock %} diff --git a/php/templates/layout.twig b/php/templates/layout.twig index 669854f8..f5523c76 100644 --- a/php/templates/layout.twig +++ b/php/templates/layout.twig @@ -12,5 +12,8 @@ +
+
+
- \ No newline at end of file + diff --git a/php/templates/login.twig b/php/templates/login.twig index 04175cc3..5478225f 100644 --- a/php/templates/login.twig +++ b/php/templates/login.twig @@ -22,7 +22,4 @@ {% endif %} -
-
-
-{% endblock %} \ No newline at end of file +{% endblock %} From a5b25ab56bbb5015b5a9b3c6a5ae878ed90d59db Mon Sep 17 00:00:00 2001 From: ernolf Date: Thu, 17 Oct 2024 17:18:58 +0200 Subject: [PATCH 0007/1391] fix(ui): ensure theme-toggle button is visible on first visit Signed-off-by: ernolf --- php/public/toggle-dark-mode.js | 18 +++++++++--------- php/templates/layout.twig | 6 ++++-- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/php/public/toggle-dark-mode.js b/php/public/toggle-dark-mode.js index 1ec2c114..9fc17193 100644 --- a/php/public/toggle-dark-mode.js +++ b/php/public/toggle-dark-mode.js @@ -1,7 +1,7 @@ // Function to toggle theme function toggleTheme() { const currentTheme = document.documentElement.getAttribute('data-theme'); - const newTheme = (currentTheme === 'dark') ? 'light' : 'dark'; + const newTheme = (currentTheme === 'dark') ? '' : 'dark'; // Toggle between no theme and dark theme document.documentElement.setAttribute('data-theme', newTheme); localStorage.setItem('theme', newTheme); @@ -13,14 +13,14 @@ function toggleTheme() { // Function to apply saved theme from localStorage function applySavedTheme() { const savedTheme = localStorage.getItem('theme'); - if (savedTheme) { - document.documentElement.setAttribute('data-theme', savedTheme); - - // Ensure the icon is set correctly based on the saved theme - const themeIcon = document.getElementById('theme-icon'); - themeIcon.textContent = savedTheme === 'dark' ? '☀️' : '🌙'; + if (savedTheme === 'dark') { + document.documentElement.setAttribute('data-theme', 'dark'); + document.getElementById('theme-icon').textContent = '☀️'; // Sun icon for dark mode + } else { + document.documentElement.removeAttribute('data-theme'); // Default to light theme (no data-theme) + document.getElementById('theme-icon').textContent = '🌙'; // Moon icon for light mode } } -// Apply theme when the page loads -document.addEventListener('DOMContentLoaded', applySavedTheme); \ No newline at end of file +// Immediately apply the saved theme +applySavedTheme(); diff --git a/php/templates/layout.twig b/php/templates/layout.twig index f5523c76..cad5ae7a 100644 --- a/php/templates/layout.twig +++ b/php/templates/layout.twig @@ -4,16 +4,18 @@ +
{% block body %}{% endblock %}
- -
+ From de372c11f3b6e07c55a614b865411cdca2d48af6 Mon Sep 17 00:00:00 2001 From: ernolf Date: Thu, 17 Oct 2024 17:21:09 +0200 Subject: [PATCH 0008/1391] fix(ui): ad darkmode for loading spinner Signed-off-by: ernolf --- php/public/style.css | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/php/public/style.css b/php/public/style.css index 6c01613f..7e6b364a 100644 --- a/php/public/style.css +++ b/php/public/style.css @@ -14,6 +14,7 @@ --color-info: #0071ad; --color-info-hover: #00aaef; --color-border-maxcontrast: #7d7d7d; + --color-loader: #f3f3f3; --border: .5px; --border-hover: 2px; --border-radius: 7px; @@ -35,6 +36,7 @@ --color-error-text: #ff8080; --color-info: #00aeff; --color-info-hover: #33beff; + --color-loader: var(--color-border-maxcontrast); --border-hover: var(--border); } @@ -385,7 +387,7 @@ label { } .loader { - border: 16px solid #f3f3f3; + border: 16px solid var(--color-loader); border-radius: 50%; border-top: 16px solid var(--color-nextcloud-blue); width: 120px; From 99caab3625b6125ab8b8d5a92cd5739119dd42b2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 18 Oct 2024 04:43:28 +0000 Subject: [PATCH 0009/1391] build(deps): bump elasticsearch in /Containers/fulltextsearch Bumps elasticsearch from 8.15.2 to 8.15.3. --- updated-dependencies: - dependency-name: elasticsearch dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/fulltextsearch/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile index 873e9ba9..b67b1067 100644 --- a/Containers/fulltextsearch/Dockerfile +++ b/Containers/fulltextsearch/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile -FROM elasticsearch:8.15.2 +FROM elasticsearch:8.15.3 USER root From fa9ae2bc53b7a0f9c06385dc7462a642ed4344f7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 18 Oct 2024 04:44:08 +0000 Subject: [PATCH 0010/1391] build(deps): bump nats in /Containers/talk Bumps nats from 2.10.21-scratch to 2.10.22-scratch. --- updated-dependencies: - dependency-name: nats dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/talk/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index 0d0631c8..d507a515 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM nats:2.10.21-scratch AS nats +FROM nats:2.10.22-scratch AS nats FROM eturnal/eturnal:1.12.0 AS eturnal FROM strukturag/nextcloud-spreed-signaling:2.0.0 AS signaling FROM alpine:3.20.3 AS janus From a530cee7e45d873eeb13d6c35a52abaa00a0bb57 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 18 Oct 2024 13:47:10 +0200 Subject: [PATCH 0011/1391] update OO Signed-off-by: Simon L. --- Containers/onlyoffice/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile index ad694376..ff7d934c 100644 --- a/Containers/onlyoffice/Dockerfile +++ b/Containers/onlyoffice/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile -FROM onlyoffice/documentserver:8.1.3.2 +FROM onlyoffice/documentserver:8.2.0.1 # USER root is probably used From 0067ec3bcab3eb31c8d1074ed36cf03265998049 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Fri, 18 Oct 2024 12:11:10 +0000 Subject: [PATCH 0012/1391] nextcloud-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 90fac1a8..b79644bb 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -80,7 +80,7 @@ RUN set -ex; \ # pecl will claim success even if one install fails, so we need to perform each install separately pecl install igbinary-3.2.16; \ pecl install APCu-5.1.24; \ - pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.2.0; \ + pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.3.0; \ pecl install -D 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.1.0; \ pecl install imagick-3.7.0; \ \ From 9da4094ff827fc18fc2b6edbc6f91789e06ac9cc Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 18 Oct 2024 14:57:06 +0200 Subject: [PATCH 0013/1391] fix mobile layout Signed-off-by: Simon L. --- php/public/style.css | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/php/public/style.css b/php/public/style.css index 7e6b364a..85a82b80 100644 --- a/php/public/style.css +++ b/php/public/style.css @@ -237,6 +237,7 @@ select:hover { textarea { border-radius: var(--border-radius); border: .5px solid var(--color-main-border); + max-width: 100%; } input[type="text"]:focus, @@ -281,7 +282,7 @@ html[data-theme="dark"] ::-webkit-scrollbar-track { background-color: var(--color-main-background); border-radius: var(--border-radius-large); box-shadow: 0 4px 8px rgba(0, 0, 0, 0.1); - max-height: calc(100dvh - 40px); + max-height: calc(100dvh - 50px); overflow: hidden; } @@ -464,3 +465,9 @@ label { #theme-toggle:not(:hover) #theme-icon { opacity: 0.6; /* Slightly transparent */ } + +@media only screen and (max-width: 800px) { + .container { + margin: 50px auto 0px auto; + } +} From 0e960b8ca46ad6858f5c1c9290f24237d6bc47de Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 18 Oct 2024 15:04:59 +0200 Subject: [PATCH 0014/1391] increase to 9.8.0 Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 87df4758..d1ddb499 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -17,7 +17,7 @@
-

Nextcloud AIO v9.7.0

+

Nextcloud AIO v9.8.0

{# Add 2nd tab warning #} From 9bf38d27956edf76ac28859521f673b21acc9b51 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 18 Oct 2024 15:56:39 +0200 Subject: [PATCH 0015/1391] only apply saved theme when dom content has loaded Signed-off-by: Simon L. --- php/public/toggle-dark-mode.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/php/public/toggle-dark-mode.js b/php/public/toggle-dark-mode.js index 9fc17193..773a9f18 100644 --- a/php/public/toggle-dark-mode.js +++ b/php/public/toggle-dark-mode.js @@ -22,5 +22,5 @@ function applySavedTheme() { } } -// Immediately apply the saved theme -applySavedTheme(); +// Apply theme when the page loads +document.addEventListener('DOMContentLoaded', applySavedTheme); From 8fae9b669f485157c23de1bc5e0e073f26d3707a Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 18 Oct 2024 16:22:51 +0200 Subject: [PATCH 0016/1391] rp-docs: add links to examples direclty to each rp section Signed-off-by: Simon L. --- local-instance.md | 2 +- reverse-proxy.md | 14 +++++++++++--- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/local-instance.md b/local-instance.md index ac0b9fb4..f2471877 100644 --- a/local-instance.md +++ b/local-instance.md @@ -9,7 +9,7 @@ The recommended way is the following: 1. Enter the ip-address of your local dns-server in the daemon.json file for docker so that you are sure that all docker containers use the correct local dns-server. 1. Now, entering the domain in the AIO-interface should work as expected and should allow you to continue with the setup -Here is a video that does shows this a bit more in detail: https://youtu.be/zk-y2wVkY4c +**Hint:** You may have a look at [this video](https://youtu.be/zk-y2wVkY4c) for a more complete but possibly outdated example. ## 2. Use the ACME DNS-challenge You can alternatively use the ACME DNS-challenge to get a valid certificate for Nextcloud. Here is described how to set it up: https://github.com/nextcloud/all-in-one#how-to-get-nextcloud-running-using-the-acme-dns-challenge diff --git a/reverse-proxy.md b/reverse-proxy.md index 205d7892..98ff5545 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -145,6 +145,8 @@ To make the config work you can run the following command: click here to expand +**Hint:** You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/575#discussion-4055615) for a more complete but possibly outdated example. + Add this to your Caddyfile: ``` @@ -204,6 +206,9 @@ For a reverse proxy example guide for Citrix ADC VPX / Citrix Netscaler, see thi click here to expand + +**Hint:** You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/2845#discussioncomment-6423237) for a more complete but possibly outdated example. + Although it does not seem like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. Please see the [caveats](https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel) before proceeding. Here is then how to make it work: 1. Install the Cloudflare Tunnel on the same machine where AIO will be running on and point the Tunnel with the domain that you want to use for AIO to `http://localhost:11000`.
@@ -317,6 +322,8 @@ backend Nextcloud click here to expand +**Hint:** You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-2811152) for a more complete but possibly outdated example. + **Disclaimer:** This config was tested and should normally work on all modern Nginx versions. Improvements to the config are very welcome! Add the below template to your Nginx config. @@ -401,8 +408,6 @@ server { ⚠️ **Please note:** look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration. -**Advice:** You may have a look at [this](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-2811152) for a more complete example. -
### Nginx-Proxy-Manager - NPM @@ -411,6 +416,8 @@ server { click here to expand +**Hint:** You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-3040493) for a more complete but possibly oudated example. + First, make sure the environmental variables `PUID` and `PGID` in the `compose.yaml` file for NPM are either unset or set to `0`. If you need to change the GID/PID then please add `net.ipv4.ip_unprivileged_port_start=0` at the end of `/etc/sysctl.conf`. Note: this will cause that non root users can bind privileged ports. @@ -560,6 +567,8 @@ See these screenshots for a working config: click here to expand +**Hint:** You may have a look at [this video](https://www.youtube.com/watch?v=VLPSRrLMDmA) for a more complete but possibly outdated example. + **Disclaimer:** it might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome! Traefik's building blocks (router, service, middlewares) need to be defined using dynamic configuration similar to [this](https://doc.traefik.io/traefik/providers/file/#configuration-examples) official Traefik configuration example. Using **docker labels _won't work_** because of the nature of the project. @@ -638,7 +647,6 @@ The examples below define the dynamic configuration in YAML files. If you rather --- ⚠️ **Please note:** look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration. -**Hint**: see https://www.youtube.com/watch?v=VLPSRrLMDmA for a video on configuring Traefik. From 42a39397e4866906e542c1be8fd63e0a70a4047a Mon Sep 17 00:00:00 2001 From: lll <2844835+flll@users.noreply.github.com> Date: Fri, 18 Oct 2024 23:40:21 +0900 Subject: [PATCH 0017/1391] to wiki Signed-off-by: lll <2844835+flll@users.noreply.github.com> --- reverse-proxy.md | 150 +---------------------------------------------- 1 file changed, 1 insertion(+), 149 deletions(-) diff --git a/reverse-proxy.md b/reverse-proxy.md index 828a1aea..7a06d30a 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -713,155 +713,7 @@ Add the following `web.config` file to the root of the site you created as the r click here to expand -**Disclaimer:** It might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome! - -This setup integrates Nextcloud All-in-One (AIO) with Tailscale, using Caddy as a reverse proxy. -Since Tailscale currently only allows communication with localhost(127.0.0.1), we use a sidecar with Caddy to communicate with AIO. - -- Enhanced security with ACL usage within Tailnet -- ACME certificate issuance without port forwarding (Tailnet only) -- Possibility to expose Nextcloud externally using Tailscale's `serve.json` configuration (This document does not provide an example of `serve.json`) - - -### 1. Set Environment Variables - -Set the following environment variables: - -```env -TS_HOSTNAME=nextcloud # Hostname in Tailnet -NC_DOMAIN=nextcloud.your-tailnet.ts.net # Format: {$TS_HOSTNAME}.{$tailnetdomain}.ts.net -TS_AUTH_KEY=tskey-client-kXGGbs6CNTRL # OAuth client key recommended -TS_EXTRA_ARGS=--advertise-tags=tag:nextcloud # For OAuth client key usage -``` - ->[!NOTE] -> Ensure NC_DOMAIN is in the correct format. -> When using OAuth client key, set tags in TS_EXTRA_ARGS and define them in ACL. -> -> For more detailed information, please refer to: -> https://tailscale.com/blog/docker-tailscale-guide - -### 2. Configure Docker Compose File -Create a compose.yml file with the following content. Replace environment variables as appropriate. - -#### compose.yml - -```yml -services: - nextcloud-aio-mastercontainer: - image: nextcloud/all-in-one:latest - init: true - restart: always - container_name: nextcloud-aio-mastercontainer # This line cannot be changed. - volumes: - - nextcloud_aio_mastercontainer:/mnt/docker-aio-config - - /var/run/docker.sock:/var/run/docker.sock:ro - networks: - - nextcloud-aio - ports: - - 0.0.0.0:8080:8080 - environment: - APACHE_PORT: 11000 - APACHE_IP_BINDING: 127.0.0.1 - SKIP_DOMAIN_VALIDATION: true - - caddy: - image: caddy:alpine - restart: unless-stopped - environment: - - NC_DOMAIN=nextcloud.your-tailnet.ts.net # Change this to your domain ending with .ts.net in the format {$TS_HOSTNAME}.{tailnetdomain} - volumes: - - type: bind - source: ./Caddyfile - target: /etc/caddy/Caddyfile - - type: volume - source: caddy_certs - target: /certs - - type: volume - source: caddy_data - target: /data - - type: volume - source: caddy_config - target: /config - - type: volume - source: tailscale_sock - target: /var/run/tailscale/ # Mount the volume for /var/run/tailscale/tailscale.sock - read_only: true - network_mode: service:tailscale - - tailscale: - image: tailscale/tailscale:latest - environment: - - TS_HOSTNAME=nextcloud # Enter the hostname for your tailnet - - TS_AUTH_KEY=tskey-client-kXGGbs6CNTRL # OAuth client key recommended - - TS_EXTRA_ARGS=--advertise-tags=tag:nextcloud # Tags are required when using OAuth client - init: true - restart: unless-stopped - volumes: - - /dev/net/tun:/dev/net/tun - - type: volume - source: tailscale - target: /var/lib/tailscale - - type: volume - source: tailscale_sock - target: /tmp # Mounting the entire /tmp folder to access tailscale.sock - cap_add: - - NET_ADMIN - - NET_RAW - networks: - - nextcloud-aio - -volumes: - nextcloud_aio_mastercontainer: - name: nextcloud_aio_mastercontainer # This line cannot be changed. - caddy_certs: - name: caddy_certs - caddy_data: - name: caddy_data - caddy_config: - name: caddy_config - tailscale: - name: tailscale - tailscale_sock: - name: tailscale_sock - -networks: - nextcloud-aio: - name: nextcloud-aio - driver: bridge - enable_ipv6: false - driver_opts: - com.docker.network.driver.mtu: "9001" # Jumbo Frame - com.docker.network.bridge.host_binding_ipv4: "127.0.0.1" # Harden aio -``` - ->[!IMPORTANT] -> Make sure to replace `NC_DOMAIN`, `TS_HOSTNAME`, `TS_AUTH_KEY`, and `TS_EXTRA_ARGS` with your actual values before running the docker compose file. - - -### 3. Create Caddyfile -Create a Caddyfile in the current directory with the following content: - -#### Caddyfile - -```Caddyfile -https://{$NC_DOMAIN}:443 { - reverse_proxy nextcloud-aio-apache:11000 -} -``` - ->[!NOTE] -> Do not manually replace the `{$NC_DOMAIN}` variable. It will be automatically populated with the value set in your environment variables. - - - -### 4. Set Up Nextcloud AIO -1. Run `docker compose up -d` -1. Connect to https://ip.address.of.server:8080/ -1. Enter the configured $NC_DOMAIN -1. Provision Nextcloud -1. Connect to `https://$NC_DOMAIN/` (e.g., https://nextcloud.your-tailnet.ts.net/) -1. Setup complete! +It's too long to write here, so please jump to **this guide:** https://github.com/nextcloud/all-in-one/discussions/5439 From 4be6d492ea8b7f7188abea5edf6d7c7b10e279ad Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 18 Oct 2024 17:50:31 +0200 Subject: [PATCH 0018/1391] nextcloud¬ify-push: allow to adjust the DATABASE_TYPE Signed-off-by: Simon L. --- Containers/nextcloud/entrypoint.sh | 9 +++++++-- Containers/nextcloud/start.sh | 5 +++++ Containers/notify-push/start.sh | 15 +++++++++++---- 3 files changed, 23 insertions(+), 6 deletions(-) diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh index 1abbcd5e..ae577679 100644 --- a/Containers/nextcloud/entrypoint.sh +++ b/Containers/nextcloud/entrypoint.sh @@ -20,6 +20,11 @@ run_upgrade_if_needed_due_to_app_update() { fi } +# Adjust DATABASE_TYPE to by Nextcloud supported value +if [ "$DATABASE_TYPE" = postgres ]; then + export DATABASE_TYPE=pgsql +fi + # Only start container if redis is accessible # shellcheck disable=SC2153 while ! nc -z "$REDIS_HOST" "6379"; do @@ -237,12 +242,12 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then ); DATADIR_PERMISSION_CONF - echo "Installing with PostgreSQL database" + echo "Installing with $DATABASE_TYPE database" # Set a default value for POSTGRES_PORT if [ -z "$POSTGRES_PORT" ]; then POSTGRES_PORT=5432 fi - INSTALL_OPTIONS+=(--database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST" --database-port "$POSTGRES_PORT") + INSTALL_OPTIONS+=(--database "$DATABASE_TYPE" --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST" --database-port "$POSTGRES_PORT") echo "Starting Nextcloud installation..." if ! php /var/www/html/occ maintenance:install "${INSTALL_OPTIONS[@]}"; then diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh index 0bbea739..37aa4d98 100644 --- a/Containers/nextcloud/start.sh +++ b/Containers/nextcloud/start.sh @@ -17,6 +17,11 @@ done POSTGRES_USER="oc_$POSTGRES_USER" export POSTGRES_USER +# Check that db type is not empty +if [ -z "$DATABASE_TYPE" ]; then + export DATABASE_TYPE=postgres +fi + # Fix false database connection on old instances if [ -f "/var/www/html/config/config.php" ]; then sleep 2 diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh index 1f77b0f1..21b291d0 100644 --- a/Containers/notify-push/start.sh +++ b/Containers/notify-push/start.sh @@ -1,13 +1,13 @@ #!/bin/bash if [ -z "$NEXTCLOUD_HOST" ]; then - echo "NEXTCLOUD_HOST need to be provided. Exiting!" + echo "NEXTCLOUD_HOST needs to be provided. Exiting!" exit 1 elif [ -z "$POSTGRES_HOST" ]; then - echo "POSTGRES_HOST need to be provided. Exiting!" + echo "POSTGRES_HOST needs to be provided. Exiting!" exit 1 elif [ -z "$REDIS_HOST" ]; then - echo "REDIS_HOST need to be provided. Exiting!" + echo "REDIS_HOST needs to be provided. Exiting!" exit 1 fi @@ -52,9 +52,16 @@ fi if [ -z "$REDIS_DB_INDEX" ]; then REDIS_DB_INDEX=0 fi +# Set a default for db type +if [ -z "$DATABASE_TYPE" ]; then + DATABASE_TYPE=postgres +elif [ "$DATABASE_TYPE" != postgres ] && [ "$DATABASE_TYPE" != mysql ]; then + echo "DB type must be either postgres or mysql" + exit 1 +fi # Set sensitive values as env -export DATABASE_URL="postgres://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB" +export DATABASE_URL="$DATABASE_TYPE://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB" export REDIS_URL="redis://:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX" # Run it From 5b4edc2c344c623b1a5c718b1d8142a474448e18 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 21 Oct 2024 10:01:02 +0200 Subject: [PATCH 0019/1391] address review Signed-off-by: Simon L. --- local-instance.md | 3 ++- reverse-proxy.md | 15 ++++++++++----- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/local-instance.md b/local-instance.md index f2471877..28ef78ee 100644 --- a/local-instance.md +++ b/local-instance.md @@ -9,7 +9,8 @@ The recommended way is the following: 1. Enter the ip-address of your local dns-server in the daemon.json file for docker so that you are sure that all docker containers use the correct local dns-server. 1. Now, entering the domain in the AIO-interface should work as expected and should allow you to continue with the setup -**Hint:** You may have a look at [this video](https://youtu.be/zk-y2wVkY4c) for a more complete but possibly outdated example. +> [!TIP] +> You may have a look at [this video](https://youtu.be/zk-y2wVkY4c) for a more complete but possibly outdated example. ## 2. Use the ACME DNS-challenge You can alternatively use the ACME DNS-challenge to get a valid certificate for Nextcloud. Here is described how to set it up: https://github.com/nextcloud/all-in-one#how-to-get-nextcloud-running-using-the-acme-dns-challenge diff --git a/reverse-proxy.md b/reverse-proxy.md index 98ff5545..3c2f6134 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -145,7 +145,8 @@ To make the config work you can run the following command: click here to expand -**Hint:** You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/575#discussion-4055615) for a more complete but possibly outdated example. +> [!TIP] +> You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/575#discussion-4055615) for a more complete but possibly outdated example. Add this to your Caddyfile: @@ -207,7 +208,8 @@ For a reverse proxy example guide for Citrix ADC VPX / Citrix Netscaler, see thi click here to expand -**Hint:** You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/2845#discussioncomment-6423237) for a more complete but possibly outdated example. +> [!TIP] +> You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/2845#discussioncomment-6423237) for a more complete but possibly outdated example. Although it does not seem like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. Please see the [caveats](https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel) before proceeding. Here is then how to make it work: @@ -322,7 +324,8 @@ backend Nextcloud click here to expand -**Hint:** You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-2811152) for a more complete but possibly outdated example. +> [!TIP] +> You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-2811152) for a more complete but possibly outdated example. **Disclaimer:** This config was tested and should normally work on all modern Nginx versions. Improvements to the config are very welcome! @@ -416,7 +419,8 @@ server { click here to expand -**Hint:** You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-3040493) for a more complete but possibly oudated example. +> [!TIP] +> You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-3040493) for a more complete but possibly oudated example. First, make sure the environmental variables `PUID` and `PGID` in the `compose.yaml` file for NPM are either unset or set to `0`. If you need to change the GID/PID then please add `net.ipv4.ip_unprivileged_port_start=0` at the end of `/etc/sysctl.conf`. Note: this will cause that non root users can bind privileged ports. @@ -567,7 +571,8 @@ See these screenshots for a working config: click here to expand -**Hint:** You may have a look at [this video](https://www.youtube.com/watch?v=VLPSRrLMDmA) for a more complete but possibly outdated example. +> [!TIP] +> You may have a look at [this video](https://www.youtube.com/watch?v=VLPSRrLMDmA) for a more complete but possibly outdated example. **Disclaimer:** it might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome! From 70e31a40b4a4d7e009d930942f9c2e8e20a5ecef Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 21 Oct 2024 10:27:35 +0200 Subject: [PATCH 0020/1391] update wording Signed-off-by: Simon L. --- reverse-proxy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reverse-proxy.md b/reverse-proxy.md index 7a06d30a..15491819 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -713,7 +713,7 @@ Add the following `web.config` file to the root of the site you created as the r click here to expand -It's too long to write here, so please jump to **this guide:** https://github.com/nextcloud/all-in-one/discussions/5439 +For a reverse proxy example guide for Tailscale, see this guide by @flll: https://github.com/nextcloud/all-in-one/discussions/5439 From 5100bcdddaded09a9b2f53a57ac5539a06f18d34 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 22 Oct 2024 04:36:19 +0000 Subject: [PATCH 0021/1391] build(deps): bump clamav/clamav in /Containers/clamav Bumps clamav/clamav from 1.4.1-8 to 1.4.1-9. --- updated-dependencies: - dependency-name: clamav/clamav dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/clamav/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile index 8deede4e..cbb92232 100644 --- a/Containers/clamav/Dockerfile +++ b/Containers/clamav/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile -FROM clamav/clamav:1.4.1-8 +FROM clamav/clamav:1.4.1-9 COPY clamav.conf /clamav.conf COPY --chmod=775 start.script /start.script From 3dfbf3d9ab0ebd6f43a7bba770d613185d6354ef Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 22 Oct 2024 11:05:08 +0200 Subject: [PATCH 0022/1391] Revert "change Hint to github hint" because it does not seem to work inside a details tag This reverts commit 5b4edc2c344c623b1a5c718b1d8142a474448e18. Signed-off-by: Simon L. --- local-instance.md | 3 +-- reverse-proxy.md | 15 +++++---------- 2 files changed, 6 insertions(+), 12 deletions(-) diff --git a/local-instance.md b/local-instance.md index 28ef78ee..f2471877 100644 --- a/local-instance.md +++ b/local-instance.md @@ -9,8 +9,7 @@ The recommended way is the following: 1. Enter the ip-address of your local dns-server in the daemon.json file for docker so that you are sure that all docker containers use the correct local dns-server. 1. Now, entering the domain in the AIO-interface should work as expected and should allow you to continue with the setup -> [!TIP] -> You may have a look at [this video](https://youtu.be/zk-y2wVkY4c) for a more complete but possibly outdated example. +**Hint:** You may have a look at [this video](https://youtu.be/zk-y2wVkY4c) for a more complete but possibly outdated example. ## 2. Use the ACME DNS-challenge You can alternatively use the ACME DNS-challenge to get a valid certificate for Nextcloud. Here is described how to set it up: https://github.com/nextcloud/all-in-one#how-to-get-nextcloud-running-using-the-acme-dns-challenge diff --git a/reverse-proxy.md b/reverse-proxy.md index a3c71610..1345b583 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -145,8 +145,7 @@ To make the config work you can run the following command: click here to expand -> [!TIP] -> You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/575#discussion-4055615) for a more complete but possibly outdated example. +**Hint:** You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/575#discussion-4055615) for a more complete but possibly outdated example. Add this to your Caddyfile: @@ -208,8 +207,7 @@ For a reverse proxy example guide for Citrix ADC VPX / Citrix Netscaler, see thi click here to expand -> [!TIP] -> You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/2845#discussioncomment-6423237) for a more complete but possibly outdated example. +**Hint:** You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/2845#discussioncomment-6423237) for a more complete but possibly outdated example. Although it does not seem like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. Please see the [caveats](https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel) before proceeding. Here is then how to make it work: @@ -324,8 +322,7 @@ backend Nextcloud click here to expand -> [!TIP] -> You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-2811152) for a more complete but possibly outdated example. +**Hint:** You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-2811152) for a more complete but possibly outdated example. **Disclaimer:** This config was tested and should normally work on all modern Nginx versions. Improvements to the config are very welcome! @@ -419,8 +416,7 @@ server { click here to expand -> [!TIP] -> You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-3040493) for a more complete but possibly oudated example. +**Hint:** You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-3040493) for a more complete but possibly oudated example. First, make sure the environmental variables `PUID` and `PGID` in the `compose.yaml` file for NPM are either unset or set to `0`. If you need to change the GID/PID then please add `net.ipv4.ip_unprivileged_port_start=0` at the end of `/etc/sysctl.conf`. Note: this will cause that non root users can bind privileged ports. @@ -571,8 +567,7 @@ See these screenshots for a working config: click here to expand -> [!TIP] -> You may have a look at [this video](https://www.youtube.com/watch?v=VLPSRrLMDmA) for a more complete but possibly outdated example. +**Hint:** You may have a look at [this video](https://www.youtube.com/watch?v=VLPSRrLMDmA) for a more complete but possibly outdated example. **Disclaimer:** it might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome! From 5849a1fce9a1749215d3d34902b6c7a042849a13 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 22 Oct 2024 11:13:41 +0200 Subject: [PATCH 0023/1391] readme: add tailscale network Signed-off-by: Simon L. --- readme.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/readme.md b/readme.md index 88972ecf..913f18e2 100644 --- a/readme.md +++ b/readme.md @@ -27,6 +27,7 @@ Included are: - A+ security in Nextcloud security scan - Ready to be used behind existing [Reverse proxies](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) - Can be used behind [Cloudflare Tunnel](https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-tunnel) +- Can be used inside [Tailscale network](https://github.com/nextcloud/all-in-one/discussions/5439) - Ready for big file uploads up to 10 GB on public links, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud) (logged in users can upload much bigger files using the webinterface or the mobile/desktop clients since chunking is used in that case) - PHP and web server timeouts set to 3600s, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud) (important for big file uploads) - Defaults to a max of 512 MB RAM per PHP process, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud) @@ -239,6 +240,9 @@ Another but untested way is to install Portainer on your TrueNAS SCALE from here ### How to run Nextcloud behind a Cloudflare Tunnel? Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. So please follow the [reverse proxy documentation](./reverse-proxy.md) where is documented how to make it run behind a Cloudflare Tunnel. However please see the [caveats](https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel) before proceeding. +### How to run Nextcloud inside a Tailscale network? +For a reverse proxy example guide for Tailscale, see this guide by @flll: https://github.com/nextcloud/all-in-one/discussions/5439 + ### Disrecommended VPS providers - *Older* Strato VPS using Virtuozzo caused problems though ones from Q3 2023 and later should work. If your VPS has a `/proc/user_beancounters` file and a low `numproc` limit set in it From d9142871f60d7548f76b537c045df721ade52bff Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 24 Oct 2024 12:03:53 +0200 Subject: [PATCH 0024/1391] Refactor manual-install Compose.yml: Simplify Environment Variables (#5459) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * 🔧 Refactor manual-install Compose.yml: Simplify Environment Variables - Removed explicit values for environment variables in `docker-compose.yml`. - Utilized default values for better flexibility and maintainability. - Updated network configuration to use the default bridge driver. Note: Using `network: default` is sufficient within Docker Compose; there's no need to create a separate `nextcloud-network` for all hosts. 🚀 Signed-off-by: lll <2844835+flll@users.noreply.github.com> --- manual-install/latest.yml | 98 +++++++++---------------- manual-install/update-yaml.sh | 16 ++-- nextcloud-aio-helm-chart/update-helm.sh | 11 ++- 3 files changed, 51 insertions(+), 74 deletions(-) diff --git a/manual-install/latest.yml b/manual-install/latest.yml index e5d876ca..03132847 100644 --- a/manual-install/latest.yml +++ b/manual-install/latest.yml @@ -25,15 +25,15 @@ services: - ${APACHE_IP_BINDING}:${APACHE_PORT}:${APACHE_PORT}/tcp - ${APACHE_IP_BINDING}:${APACHE_PORT}:${APACHE_PORT}/udp environment: - - NC_DOMAIN=${NC_DOMAIN} + - NC_DOMAIN - NEXTCLOUD_HOST=nextcloud-aio-nextcloud - APACHE_HOST=nextcloud-aio-apache - COLLABORA_HOST=nextcloud-aio-collabora - TALK_HOST=nextcloud-aio-talk - - APACHE_PORT=${APACHE_PORT} + - APACHE_PORT - ONLYOFFICE_HOST=nextcloud-aio-onlyoffice - TZ=${TIMEZONE} - - APACHE_MAX_SIZE=${APACHE_MAX_SIZE} + - APACHE_MAX_SIZE - APACHE_MAX_TIME=${NEXTCLOUD_MAX_TIME} - NOTIFY_PUSH_HOST=nextcloud-aio-notify-push - WHITEBOARD_HOST=nextcloud-aio-whiteboard @@ -41,8 +41,6 @@ services: - nextcloud_aio_nextcloud:/var/www/html:ro - nextcloud_aio_apache:/mnt/data:rw restart: unless-stopped - networks: - - nextcloud-aio read_only: true tmpfs: - /var/log/supervisord @@ -70,8 +68,6 @@ services: stop_grace_period: 1800s restart: unless-stopped shm_size: 268435456 - networks: - - nextcloud-aio read_only: true tmpfs: - /var/run/postgresql @@ -116,52 +112,50 @@ services: - POSTGRES_USER=nextcloud - REDIS_HOST=nextcloud-aio-redis - REDIS_HOST_PASSWORD=${REDIS_PASSWORD} - - NC_DOMAIN=${NC_DOMAIN} + - NC_DOMAIN - ADMIN_USER=admin - ADMIN_PASSWORD=${NEXTCLOUD_PASSWORD} - NEXTCLOUD_DATA_DIR=/mnt/ncdata - OVERWRITEHOST=${NC_DOMAIN} - OVERWRITEPROTOCOL=https - - TURN_SECRET=${TURN_SECRET} - - SIGNALING_SECRET=${SIGNALING_SECRET} - - ONLYOFFICE_SECRET=${ONLYOFFICE_SECRET} - - NEXTCLOUD_MOUNT=${NEXTCLOUD_MOUNT} - - CLAMAV_ENABLED=${CLAMAV_ENABLED} + - TURN_SECRET + - SIGNALING_SECRET + - ONLYOFFICE_SECRET + - NEXTCLOUD_MOUNT + - CLAMAV_ENABLED - CLAMAV_HOST=nextcloud-aio-clamav - - ONLYOFFICE_ENABLED=${ONLYOFFICE_ENABLED} - - COLLABORA_ENABLED=${COLLABORA_ENABLED} + - ONLYOFFICE_ENABLED + - COLLABORA_ENABLED - COLLABORA_HOST=nextcloud-aio-collabora - - TALK_ENABLED=${TALK_ENABLED} + - TALK_ENABLED - ONLYOFFICE_HOST=nextcloud-aio-onlyoffice - - UPDATE_NEXTCLOUD_APPS=${UPDATE_NEXTCLOUD_APPS} + - UPDATE_NEXTCLOUD_APPS - TZ=${TIMEZONE} - - TALK_PORT=${TALK_PORT} - - IMAGINARY_ENABLED=${IMAGINARY_ENABLED} + - TALK_PORT + - IMAGINARY_ENABLED - IMAGINARY_HOST=nextcloud-aio-imaginary - CLAMAV_MAX_SIZE=${APACHE_MAX_SIZE} - PHP_UPLOAD_LIMIT=${NEXTCLOUD_UPLOAD_LIMIT} - PHP_MEMORY_LIMIT=${NEXTCLOUD_MEMORY_LIMIT} - - FULLTEXTSEARCH_ENABLED=${FULLTEXTSEARCH_ENABLED} + - FULLTEXTSEARCH_ENABLED - FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch - PHP_MAX_TIME=${NEXTCLOUD_MAX_TIME} - TRUSTED_CACERTS_DIR=${NEXTCLOUD_TRUSTED_CACERTS_DIR} - STARTUP_APPS=${NEXTCLOUD_STARTUP_APPS} - ADDITIONAL_APKS=${NEXTCLOUD_ADDITIONAL_APKS} - ADDITIONAL_PHP_EXTENSIONS=${NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS} - - INSTALL_LATEST_MAJOR=${INSTALL_LATEST_MAJOR} - - TALK_RECORDING_ENABLED=${TALK_RECORDING_ENABLED} - - RECORDING_SECRET=${RECORDING_SECRET} + - INSTALL_LATEST_MAJOR + - TALK_RECORDING_ENABLED + - RECORDING_SECRET - TALK_RECORDING_HOST=nextcloud-aio-talk-recording - - FULLTEXTSEARCH_PASSWORD=${FULLTEXTSEARCH_PASSWORD} - - REMOVE_DISABLED_APPS=${REMOVE_DISABLED_APPS} - - APACHE_PORT=${APACHE_PORT} - - IMAGINARY_SECRET=${IMAGINARY_SECRET} - - WHITEBOARD_SECRET=${WHITEBOARD_SECRET} - - WHITEBOARD_ENABLED=${WHITEBOARD_ENABLED} + - FULLTEXTSEARCH_PASSWORD + - REMOVE_DISABLED_APPS + - APACHE_PORT + - IMAGINARY_SECRET + - WHITEBOARD_SECRET + - WHITEBOARD_ENABLED stop_grace_period: 600s restart: unless-stopped - networks: - - nextcloud-aio cap_drop: - NET_RAW @@ -173,7 +167,7 @@ services: volumes: - nextcloud_aio_nextcloud:/nextcloud:ro environment: - - NC_DOMAIN=${NC_DOMAIN} + - NC_DOMAIN - NEXTCLOUD_HOST=nextcloud-aio-nextcloud - REDIS_HOST=nextcloud-aio-redis - REDIS_HOST_PASSWORD=${REDIS_PASSWORD} @@ -183,8 +177,6 @@ services: - POSTGRES_DB=nextcloud_database - POSTGRES_USER=nextcloud restart: unless-stopped - networks: - - nextcloud-aio read_only: true cap_drop: - NET_RAW @@ -200,8 +192,6 @@ services: volumes: - nextcloud_aio_redis:/data:rw restart: unless-stopped - networks: - - nextcloud-aio read_only: true cap_drop: - NET_RAW @@ -221,8 +211,6 @@ services: restart: unless-stopped profiles: - collabora - networks: - - nextcloud-aio cap_add: - MKNOD - SYS_ADMIN @@ -238,19 +226,17 @@ services: expose: - "8081" environment: - - NC_DOMAIN=${NC_DOMAIN} + - NC_DOMAIN - TALK_HOST=nextcloud-aio-talk - - TURN_SECRET=${TURN_SECRET} - - SIGNALING_SECRET=${SIGNALING_SECRET} + - TURN_SECRET + - SIGNALING_SECRET - TZ=${TIMEZONE} - - TALK_PORT=${TALK_PORT} + - TALK_PORT - INTERNAL_SECRET=${TALK_INTERNAL_SECRET} restart: unless-stopped profiles: - talk - talk-recording - networks: - - nextcloud-aio read_only: true tmpfs: - /var/log/supervisord @@ -267,16 +253,14 @@ services: expose: - "1234" environment: - - NC_DOMAIN=${NC_DOMAIN} + - NC_DOMAIN - TZ=${TIMEZONE} - - RECORDING_SECRET=${RECORDING_SECRET} + - RECORDING_SECRET - INTERNAL_SECRET=${TALK_INTERNAL_SECRET} shm_size: 2147483648 restart: unless-stopped profiles: - talk-recording - networks: - - nextcloud-aio read_only: true tmpfs: - /tmp @@ -298,8 +282,6 @@ services: restart: unless-stopped profiles: - clamav - networks: - - nextcloud-aio read_only: true tmpfs: - /var/lock @@ -323,8 +305,6 @@ services: restart: unless-stopped profiles: - onlyoffice - networks: - - nextcloud-aio cap_drop: - NET_RAW @@ -335,7 +315,7 @@ services: - "9000" environment: - TZ=${TIMEZONE} - - IMAGINARY_SECRET=${IMAGINARY_SECRET} + - IMAGINARY_SECRET restart: unless-stopped cap_add: - SYS_NICE @@ -343,8 +323,6 @@ services: - NET_RAW profiles: - imaginary - networks: - - nextcloud-aio read_only: true tmpfs: - /tmp @@ -364,14 +342,12 @@ services: - http.port=9200 - xpack.license.self_generated.type=basic - xpack.security.enabled=false - - FULLTEXTSEARCH_PASSWORD=${FULLTEXTSEARCH_PASSWORD} + - FULLTEXTSEARCH_PASSWORD volumes: - nextcloud_aio_elasticsearch:/usr/share/elasticsearch/data:rw restart: unless-stopped profiles: - fulltextsearch - networks: - - nextcloud-aio cap_drop: - NET_RAW @@ -391,8 +367,6 @@ services: profiles: - whiteboard read_only: true - networks: - - nextcloud-aio cap_drop: - NET_RAW @@ -417,5 +391,5 @@ volumes: name: nextcloud_aio_nextcloud_data networks: - nextcloud-aio: - name: nextcloud-aio + default: + driver: bridge diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh index d8bb0cc2..e712304c 100644 --- a/manual-install/update-yaml.sh +++ b/manual-install/update-yaml.sh @@ -1,6 +1,6 @@ -#!/bin/bash +#!/bin/bash -ex -set -ex +type {jq,sudo} || { echo "Commands not found. Please install them"; exit 127; } jq -c . ./php/containers.json > /tmp/containers.json sed -i 's|aio_services_v1|services|g' /tmp/containers.json @@ -18,6 +18,7 @@ OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].devices)')" OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].backup_volumes)')" OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].nextcloud_exec_commands)')" OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].image_tag)')" +OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].networks)')" OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-watchtower"))')" OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-domaincheck"))')" OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-borgbackup"))')" @@ -25,7 +26,7 @@ OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "next OUTPUT="$(echo "$OUTPUT" | jq '.services[] |= if has("depends_on") then .depends_on |= if contains(["nextcloud-aio-docker-socket-proxy"]) then del(.[index("nextcloud-aio-docker-socket-proxy")]) else . end else . end')" OUTPUT="$(echo "$OUTPUT" | jq '.services[] |= if has("depends_on") then .depends_on |= map({ (.): { "condition": "service_started", "required": false } }) else . end' | jq '.services[] |= if has("depends_on") then .depends_on |= reduce .[] as $item ({}; . + $item) else . end')" -snap install yq +sudo snap install yq mkdir -p ./manual-install echo "$OUTPUT" | yq -P > ./manual-install/containers.yml @@ -139,13 +140,12 @@ done cat << NETWORK >> containers.yml networks: - nextcloud-aio: - name: nextcloud-aio + default: + driver: bridge NETWORK -cat containers.yml > latest.yml +mv containers.yml latest.yml sed -i "/image:/s/$/:latest/" latest.yml - -rm containers.yml +sed -i 's/\( *- \(\w*\)\)=\${\2\}/\1/' latest.yml set +ex diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh index 9267ab07..9200cc3a 100755 --- a/nextcloud-aio-helm-chart/update-helm.sh +++ b/nextcloud-aio-helm-chart/update-helm.sh @@ -1,9 +1,11 @@ #!/bin/bash +[ -z "$1" ] && { echo "Error: Docker tag is not specified. Usage: ./nextcloud-aio-helm-chart/update-helm.sh "; exit 2; } + DOCKER_TAG="$1" # The logic needs the files in ./helm-chart -mv ./nextcloud-aio-helm-chart ./helm-chart +cp -r ./nextcloud-aio-helm-chart ./helm-chart # Clean rm -f ./helm-chart/values.yaml @@ -15,13 +17,15 @@ chmod +x kompose sudo mv ./kompose /usr/local/bin/kompose # Install yq -snap install yq +sudo snap install yq set -ex # Conversion of docker-compose cd manual-install cp latest.yml latest.yml.backup + +sed -i -E '/^( *- )(NET_RAW|SYS_NICE|MKNOD|SYS_ADMIN)$/!s/( *- )([A-Z_]+)$/\1\2=${\2}/' latest.yml cp sample.conf /tmp/ sed -i 's|^|export |' /tmp/sample.conf # shellcheck disable=SC1091 @@ -41,8 +45,7 @@ sed -i "/NEXTCLOUD_DATADIR/d" latest.yml sed -i "/\${NEXTCLOUD_MOUNT}/d" latest.yml sed -i "/^volumes:/a\ \ nextcloud_aio_nextcloud_trusted_cacerts:\n \ \ \ \ name: nextcloud_aio_nextcloud_trusted_cacerts" latest.yml sed -i "s|\${NEXTCLOUD_TRUSTED_CACERTS_DIR}:|nextcloud_aio_nextcloud_trusted_cacerts:|g#" latest.yml -sed -i 's|\${|{{ .Values.|g' latest.yml -sed -i 's|}| }}|g' latest.yml +sed -i 's/\${/{{ .Values./g; s/}/ }}/g' latest.yml yq -i 'del(.services.[].profiles)' latest.yml # Delete read_only and tmpfs setting while https://github.com/kubernetes/kubernetes/issues/48912 is not fixed yq -i 'del(.services.[].read_only)' latest.yml From 68d75dc01a7cfecfea26a743ce0ead546cc6240d Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 24 Oct 2024 13:08:04 +0200 Subject: [PATCH 0025/1391] local-instance-docs: add content and add tailscale network as option Signed-off-by: Simon L. --- local-instance.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/local-instance.md b/local-instance.md index f2471877..a03f8903 100644 --- a/local-instance.md +++ b/local-instance.md @@ -1,6 +1,13 @@ # Local instance It is possible due to several reasons that you do not want or cannot open Nextcloud to the public internet. However AIO requires a valid certificate to work correctly. Below is discussed how you can achieve both: Having a valid certificate for Nextcloud and only using it locally. +### Content +- [1. The recommended way](#1-the-recommended-way) +- [2. Use the ACME DNS-challenge](#2-use-the-acme-dns-challenge) +- [3. Use Cloudflare](#3-use-cloudflare) +- [4. Buy a certificate and use that](#4-buy-a-certificate-and-use-that) +- [5. Tailscale network](#5-tailscale-network) + ## 1. The recommended way The recommended way is the following: 1. Set up your domain correctly to point to your home network @@ -19,3 +26,6 @@ If you do not have any control over the network, you may think about using Cloud ## 4. Buy a certificate and use that If none of the above ways work for you, you may simply buy a certificate from an issuer for your domain. You then download the certificate onto your server, configure AIO in [reverse proxy mode](./reverse-proxy.md) and use the certificate for your domain in your reverse proxy config. + +## 5. Tailscale network +For a reverse proxy example guide for Tailscale, see this guide by @flll: https://github.com/nextcloud/all-in-one/discussions/5439 From bdc782e74c9d64deb8eabef32e2f47b7f2059b67 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 24 Oct 2024 15:57:09 +0200 Subject: [PATCH 0026/1391] compose.yaml: document additional available envs Signed-off-by: Simon L. --- compose.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/compose.yaml b/compose.yaml index f3b53452..5fed63d3 100644 --- a/compose.yaml +++ b/compose.yaml @@ -14,6 +14,7 @@ services: - 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md # environment: # Is needed when using any of the options below # AIO_DISABLE_BACKUP_SECTION: false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section + # AIO_COMMUNITY_CONTAINERS: # With this variable, you can add community containers very easily. See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers # APACHE_PORT: 11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md # APACHE_IP_BINDING: 127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md # BORG_RETENTION_POLICY: --keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy @@ -29,6 +30,7 @@ services: # NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container # NEXTCLOUD_ENABLE_DRI_DEVICE: true # This allows to enable the /dev/dri device in the Nextcloud container. ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don't set this to true as otherwise the Nextcloud container will fail to start! See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud # NEXTCLOUD_KEEP_DISABLED_APPS: false # Setting this to true will keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed. See https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps + # SKIP_DOMAIN_VALIDATION: false # This should only be set to true if things are correctly configured. See https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-skip-the-domain-validation # TALK_PORT: 3478 # This allows to adjust the port that the talk container is using. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port # WATCHTOWER_DOCKER_SOCKET_PATH: /var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock' # security_opt: ["label:disable"] # Is needed when using SELinux From 459edf573c6504d8a27d581cd266e9b1b2a7e654 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 25 Oct 2024 05:00:45 +0000 Subject: [PATCH 0027/1391] build(deps): bump php in /Containers/mastercontainer Bumps php from 8.3.12-fpm-alpine3.20 to 8.3.13-fpm-alpine3.20. --- updated-dependencies: - dependency-name: php dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index ecfb35de..1ba92044 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -6,7 +6,7 @@ FROM docker:27.3.1-cli AS docker FROM caddy:2.8.4-alpine AS caddy # From https://github.com/docker-library/php/blob/master/8.3/alpine3.20/fpm/Dockerfile -FROM php:8.3.12-fpm-alpine3.20 +FROM php:8.3.13-fpm-alpine3.20 EXPOSE 80 EXPOSE 8080 From 0066ad6a370d1f03860f07aeac7297c4e657f5e2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 25 Oct 2024 05:00:57 +0000 Subject: [PATCH 0028/1391] build(deps): bump php in /Containers/nextcloud Bumps php from 8.2.24-fpm-alpine3.20 to 8.2.25-fpm-alpine3.20. --- updated-dependencies: - dependency-name: php dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index b79644bb..1a376908 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM php:8.2.24-fpm-alpine3.20 +FROM php:8.2.25-fpm-alpine3.20 ENV PHP_MEMORY_LIMIT=512M ENV PHP_UPLOAD_LIMIT=10G From d35d97b3167ed8d87cad4d290dc1321ece72997e Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 25 Oct 2024 11:01:06 +0200 Subject: [PATCH 0029/1391] refactor compose.yaml: adjust the caddy setup to feature inline config Signed-off-by: Simon L. --- compose.yaml | 41 +++++++++++++++++++++++++++-------------- 1 file changed, 27 insertions(+), 14 deletions(-) diff --git a/compose.yaml b/compose.yaml index 5fed63d3..ecf4d588 100644 --- a/compose.yaml +++ b/compose.yaml @@ -35,21 +35,34 @@ services: # WATCHTOWER_DOCKER_SOCKET_PATH: /var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock' # security_opt: ["label:disable"] # Is needed when using SELinux - # # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md - # # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588 - # caddy: - # image: caddy:alpine - # restart: always - # container_name: caddy - # volumes: - # - ./Caddyfile:/etc/caddy/Caddyfile - # - ./certs:/certs - # - ./config:/config - # - ./data:/data - # - ./sites:/srv - # network_mode: "host" +# # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/discussions/575 +# # Hint: You need to uncomment APACHE_PORT: 11000 above, adjust cloud.example.com to your domain and uncomment the necessary docker volumes at the bottom of this file in order to make it work +# # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588 +# caddy: +# image: caddy:alpine +# restart: always +# container_name: caddy +# volumes: +# - caddy_certs:/certs +# - caddy_config:/config +# - caddy_data:/data +# - caddy_sites:/srv +# network_mode: "host" +# configs: +# - source: Caddyfile +# target: /etc/caddy/Caddyfile +# configs: +# Caddyfile: +# content: | +# # Adjust cloud.example.com to your domain below +# https://cloud.example.com:443 { +# reverse_proxy localhost:11000 +# } volumes: # If you want to store the data on a different drive, see https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive nextcloud_aio_mastercontainer: name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work - + # caddy_certs: + # caddy_config: + # caddy_data: + # caddy_sites: From 3f3ae167e9d95f5bceb4e3aff491ced77e4a7ffa Mon Sep 17 00:00:00 2001 From: ernolf Date: Fri, 25 Oct 2024 20:30:30 +0200 Subject: [PATCH 0030/1391] fix(ui): split theme & icon load to prevent flicker, errors Signed-off-by: ernolf --- php/public/toggle-dark-mode.js | 19 +++++++++++++++---- php/templates/layout.twig | 2 +- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/php/public/toggle-dark-mode.js b/php/public/toggle-dark-mode.js index 773a9f18..9df54287 100644 --- a/php/public/toggle-dark-mode.js +++ b/php/public/toggle-dark-mode.js @@ -10,17 +10,28 @@ function toggleTheme() { themeIcon.textContent = newTheme === 'dark' ? '☀️' : '🌙'; // Switch between moon and sun icons } -// Function to apply saved theme from localStorage -function applySavedTheme() { +// Function to immediately apply saved theme without icon update +function applySavedThemeImmediately() { const savedTheme = localStorage.getItem('theme'); if (savedTheme === 'dark') { document.documentElement.setAttribute('data-theme', 'dark'); + } else { + document.documentElement.removeAttribute('data-theme'); // Default to light theme + } +} + +// Function to apply theme-icon update +function setThemeIcon() { + const savedTheme = localStorage.getItem('theme'); + if (savedTheme === 'dark') { document.getElementById('theme-icon').textContent = '☀️'; // Sun icon for dark mode } else { - document.documentElement.removeAttribute('data-theme'); // Default to light theme (no data-theme) document.getElementById('theme-icon').textContent = '🌙'; // Moon icon for light mode } } +// Immediately apply the saved theme to avoid flickering +applySavedThemeImmediately(); + // Apply theme when the page loads -document.addEventListener('DOMContentLoaded', applySavedTheme); +document.addEventListener('DOMContentLoaded', setThemeIcon); diff --git a/php/templates/layout.twig b/php/templates/layout.twig index cad5ae7a..56e4ee6b 100644 --- a/php/templates/layout.twig +++ b/php/templates/layout.twig @@ -15,7 +15,7 @@
From 55b5469260d5e2a0d3476f10e6318aebb0f45529 Mon Sep 17 00:00:00 2001 From: ernolf Date: Fri, 25 Oct 2024 20:43:42 +0200 Subject: [PATCH 0031/1391] fix(ui): correct style for disabled checkbox labels Signed-off-by: ernolf --- php/public/style.css | 52 ++++++++++++++++++++++++++++++++++++-------- 1 file changed, 43 insertions(+), 9 deletions(-) diff --git a/php/public/style.css b/php/public/style.css index 85a82b80..36a37dab 100644 --- a/php/public/style.css +++ b/php/public/style.css @@ -22,6 +22,9 @@ --default-font-size: 13px; --checkbox-size: 16px; --max-width: 500px; + --color-disabled: #d3d3d3; /* light gray background for disabled checkboxes */ + --color-border-disabled: #a9a9a9; /* darker gray border for disabled checkboxes */ + --color-text-disabled: #a9a9a9; /* matching label text color for disabled checkboxes */ } [data-theme="dark"] { @@ -327,7 +330,8 @@ header > form { margin-right: 30px; } -input[type="checkbox"] { +/* Standard styling for enabled checkboxes */ +input[type="checkbox"]:not(:disabled) { width: var(--checkbox-size); height: var(--checkbox-size); -webkit-appearance: none; /* remove default styling */ @@ -341,33 +345,63 @@ input[type="checkbox"] { margin-top: -1px; /* adjust for better alignment */ } -input[type="checkbox"]:checked { +/* Hover effects for enabled checkboxes */ +input[type="checkbox"]:not(:disabled):hover { + border-color: var(--color-info-hover); +} + +/* Checkmark styling for enabled checkboxes */ +input[type="checkbox"]:checked:not(:disabled) { background-color: var(--color-nextcloud-blue); border-color: var(--color-border-maxcontrast); } -input[type="checkbox"]:checked::after { - content: ''; /* Create a pseudo-element for the checkmark */ - position: absolute; /* Position it absolutely */ +input[type="checkbox"]:checked:not(:disabled)::after { + content: ''; /* Creates a pseudo-element for the checkmark */ + position: absolute; /* Positions it absolutely */ left: 4px; /* Positioning of the checkmark */ top: 0; /* Positioning of the checkmark */ width: 4px; /* Width of the checkmark */ height: 9px; /* Height of the checkmark */ border: solid white; /* Color of the checkmark */ - border-width: 0 2px 3px 0; /* Create the checkmark shape */ - transform: rotate(45deg); /* Rotate to form a checkmark */ + border-width: 0 2px 3px 0; /* Creates the checkmark shape */ + transform: rotate(45deg); /* Rotates to form a checkmark */ } -input[type="checkbox"]:hover { - border-color: var(--color-info-hover); +/* Styling for disabled checkboxes (grayed out, no hover, no pointer) */ +input[type="checkbox"]:disabled:not(:checked) { + background-color: var(--color-disabled); + border-color: var(--color-border-disabled); + cursor: default; + opacity: 0.5; /* Makes the checkbox appear faded */ } +/* Styling for disabled checked checkboxes (no pointer) */ +input[type="checkbox"]:disabled:checked { + cursor: default; +} + +input[type="checkbox"]:disabled:hover { + border-color: var(--color-border-disabled); /* Keeps disabled state without hover effect */ +} + +/* General Label styling */ label { cursor: pointer; margin-left: 4px; line-height: var(--checkbox-size); } +/* Label cursor for disabled checkboxes */ +input[type="checkbox"]:disabled + label { + cursor: default; +} + +/* Label styling for disabled, not checked checkboxes */ +input[type="checkbox"]:disabled:not(:checked) + label { + color: var(--color-text-disabled); +} + .loading { color: grey; } From 4ff189fce1dfb8a04363bc807118e7a581428c34 Mon Sep 17 00:00:00 2001 From: ernolf Date: Sat, 26 Oct 2024 10:19:09 +0200 Subject: [PATCH 0032/1391] fix(ui): adjust height of main to fit in container Signed-off-by: ernolf --- php/public/style.css | 43 ++++++++++++++++++++++++++----------------- 1 file changed, 26 insertions(+), 17 deletions(-) diff --git a/php/public/style.css b/php/public/style.css index 36a37dab..c2125820 100644 --- a/php/public/style.css +++ b/php/public/style.css @@ -15,6 +15,9 @@ --color-info-hover: #00aaef; --color-border-maxcontrast: #7d7d7d; --color-loader: #f3f3f3; + --color-disabled: #d3d3d3; /* light gray background for disabled checkboxes */ + --color-border-disabled: #a9a9a9; /* darker gray border for disabled checkboxes */ + --color-text-disabled: #a9a9a9; /* matching label text color for disabled checkboxes */ --border: .5px; --border-hover: 2px; --border-radius: 7px; @@ -22,9 +25,21 @@ --default-font-size: 13px; --checkbox-size: 16px; --max-width: 500px; - --color-disabled: #d3d3d3; /* light gray background for disabled checkboxes */ - --color-border-disabled: #a9a9a9; /* darker gray border for disabled checkboxes */ - --color-text-disabled: #a9a9a9; /* matching label text color for disabled checkboxes */ + --container-top-margin: 20px; + --container-bottom-margin: 20px; + --container-padding: 2px; + --container-height-calculation-difference: calc(var(--container-top-margin) + var(--container-bottom-margin)); + --main-height-calculation-difference: calc(var(--container-height-calculation-difference) + calc(var(--container-padding) * 2)); + --main-padding: 50px; +} + +/* Breakpoint calculation: 500px (max-width) + 100px (main-padding * 2) + 200px (additional space) = 800px +Note: Unfortunately, it's not possible to calculate this dynamically using CSS variables in media queries */ +@media only screen and (max-width: 800px) { + :root { + --container-top-margin: 50px; + --container-bottom-margin: 0px; + } } [data-theme="dark"] { @@ -279,26 +294,26 @@ html[data-theme="dark"] ::-webkit-scrollbar-track { } .container { - margin: 20px auto; - padding: 2px; - max-width: calc(var(--max-width) + 108px); + margin: var(--container-top-margin) auto var(--container-bottom-margin) auto; + padding: var(--container-padding); + max-width: calc(var(--max-width) + calc(var(--main-padding) * 2) + 8px); background-color: var(--color-main-background); border-radius: var(--border-radius-large); box-shadow: 0 4px 8px rgba(0, 0, 0, 0.1); - max-height: calc(100dvh - 50px); + max-height: calc(100dvh - var(--container-height-calculation-difference)); overflow: hidden; } main { - padding-left: 50px; - padding-right: 50px; + padding-left: var(--main-padding); + padding-right: var(--main-padding); background-color: transparent; /* transparent, since color comes from outer container */ color: var(--color-main-text); - max-height: calc(100dvh - 44px); + max-height: calc(100dvh - var(--main-height-calculation-difference)); overflow-y: auto; box-sizing: border-box; word-break: break-word; - max-width: calc(var(--max-width) + 100px); + max-width: calc(var(--max-width) + calc(var(--main-padding) * 2)); margin: 0 auto; } @@ -499,9 +514,3 @@ input[type="checkbox"]:disabled:not(:checked) + label { #theme-toggle:not(:hover) #theme-icon { opacity: 0.6; /* Slightly transparent */ } - -@media only screen and (max-width: 800px) { - .container { - margin: 50px auto 0px auto; - } -} From b814a51d0b8a89f204e5e7af8da10774159d7526 Mon Sep 17 00:00:00 2001 From: sunjam Date: Sun, 27 Oct 2024 07:43:10 -0700 Subject: [PATCH 0033/1391] Update readme.md local documentation (#5473) Adding more wording to local description to clarify it relates to having "no domain" and other keywords/phrases users must be missing, because so many people are confused about this. Signed-off-by: sunjam Signed-off-by: Simon L. Co-authored-by: Simon L. --- local-instance.md | 2 +- readme.md | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/local-instance.md b/local-instance.md index a03f8903..abd99059 100644 --- a/local-instance.md +++ b/local-instance.md @@ -1,5 +1,5 @@ # Local instance -It is possible due to several reasons that you do not want or cannot open Nextcloud to the public internet. However AIO requires a valid certificate to work correctly. Below is discussed how you can achieve both: Having a valid certificate for Nextcloud and only using it locally. +It is possible due to several reasons that you do not want or cannot open Nextcloud to the public internet. Perhaps you were hoping to access AIO directly from an `ip.add.r.ess` (unsupported) or without a valid domain. However, AIO requires a valid certificate to work correctly. Below is discussed how you can achieve both: Having a valid certificate for Nextcloud and only using it locally. ### Content - [1. The recommended way](#1-the-recommended-way) diff --git a/readme.md b/readme.md index 913f18e2..92831931 100644 --- a/readme.md +++ b/readme.md @@ -261,8 +261,11 @@ In general recommended VPS are those that are KVM/non-virtualized as Docker shou ### How to get Nextcloud running using the ACME DNS-challenge? You can install AIO in reverse proxy mode where is also documented how to get it running using the ACME DNS-challenge for getting a valid certificate for AIO. See the [reverse proxy documentation](./reverse-proxy.md). (Meant is the `Caddy with ACME DNS-challenge` section). Also see https://github.com/dani-garcia/vaultwarden/wiki/Running-a-private-vaultwarden-instance-with-Let%27s-Encrypt-certs#getting-a-custom-caddy-build for additional docs on this topic. -### How to run Nextcloud locally? -If you do not want to open Nextcloud to the public internet, you may have a look at the following documentation how to set it up locally: [local-instance.md](./local-instance.md) +### How to run Nextcloud locally? No domain wanted, or wanting intranet access within your LAN. +If you do not want to open Nextcloud to the public internet, you may have a look at the following documentation on how to set it up locally: [local-instance.md](./local-instance.md), but keep in mind you're still required to have https working properly. + +### Can I use an ip-address for Nextcloud instead of a domain? +No and it will not be added. If you only want to run it locally, you may have a look at the following documentation: [local-instance.md](./local-instance.md) for configuration without a traditional domain. Or, [consider using NextcloudPi](nextcloudpi.com) for ip-address access locally (it bundles fewer features than AIO). ### Can I run AIO offline or in an airgapped system? No. This is not possible and will not be added due to multiple reasons: update checks, app installs via app-store, downloading additional docker images on demand and more. @@ -270,9 +273,6 @@ No. This is not possible and will not be added due to multiple reasons: update c ### Are self-signed certificates supported for Nextcloud? No and they will not be. If you want to run it locally, without opening Nextcloud to the public internet, please have a look at the [local instance documentation](./local-instance.md). -### Can I use an ip-address for Nextcloud instead of a domain? -No and it will not be added. If you only want to run it locally, you may have a look at the following documentation: [local-instance.md](./local-instance.md) - ### Can I use AIO with multiple domains? No and it will not be added. However you can use [this feature](https://github.com/nextcloud/all-in-one/blob/main/multiple-instances.md) in order to create multiple AIO instances, one for each domain. From 017ed64f6bedb10f83c6892eecc011eddbc87b2c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Oct 2024 04:39:26 +0000 Subject: [PATCH 0034/1391] build(deps): bump clamav/clamav in /Containers/clamav Bumps clamav/clamav from 1.4.1-9 to 1.4.1-10. --- updated-dependencies: - dependency-name: clamav/clamav dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/clamav/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile index cbb92232..41f54485 100644 --- a/Containers/clamav/Dockerfile +++ b/Containers/clamav/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile -FROM clamav/clamav:1.4.1-9 +FROM clamav/clamav:1.4.1-10 COPY clamav.conf /clamav.conf COPY --chmod=775 start.script /start.script From d2f00b44d435d419f6d48dcdcf100337c4a75afe Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Oct 2024 04:39:27 +0000 Subject: [PATCH 0035/1391] build(deps): bump collabora/code in /Containers/collabora Bumps collabora/code from 24.04.8.2.1 to 24.04.9.1.1. --- updated-dependencies: - dependency-name: collabora/code dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/collabora/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile index 2c0fcad8..e5bd7c04 100644 --- a/Containers/collabora/Dockerfile +++ b/Containers/collabora/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker -FROM collabora/code:24.04.8.2.1 +FROM collabora/code:24.04.9.1.1 USER root ARG DEBIAN_FRONTEND=noninteractive From d2adea5fe446eef9b43f6c5492c1747c47bfce57 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Oct 2024 04:40:04 +0000 Subject: [PATCH 0036/1391] build(deps): bump eturnal/eturnal in /Containers/talk Bumps eturnal/eturnal from 1.12.0 to 1.12.1. --- updated-dependencies: - dependency-name: eturnal/eturnal dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/talk/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index d507a515..6fa5a046 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest FROM nats:2.10.22-scratch AS nats -FROM eturnal/eturnal:1.12.0 AS eturnal +FROM eturnal/eturnal:1.12.1 AS eturnal FROM strukturag/nextcloud-spreed-signaling:2.0.0 AS signaling FROM alpine:3.20.3 AS janus From 6a74ab6363aa0f66c5db80835856623941cf5c15 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Mon, 28 Oct 2024 12:03:09 +0000 Subject: [PATCH 0037/1391] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 48 +++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index 298a4ab7..a4e2a927 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -2940,16 +2940,16 @@ }, { "name": "symfony/console", - "version": "v6.4.12", + "version": "v6.4.13", "source": { "type": "git", "url": "https://github.com/symfony/console.git", - "reference": "72d080eb9edf80e36c19be61f72c98ed8273b765" + "reference": "f793dd5a7d9ae9923e35d0503d08ba734cec1d79" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/console/zipball/72d080eb9edf80e36c19be61f72c98ed8273b765", - "reference": "72d080eb9edf80e36c19be61f72c98ed8273b765", + "url": "https://api.github.com/repos/symfony/console/zipball/f793dd5a7d9ae9923e35d0503d08ba734cec1d79", + "reference": "f793dd5a7d9ae9923e35d0503d08ba734cec1d79", "shasum": "" }, "require": { @@ -3014,7 +3014,7 @@ "terminal" ], "support": { - "source": "https://github.com/symfony/console/tree/v6.4.12" + "source": "https://github.com/symfony/console/tree/v6.4.13" }, "funding": [ { @@ -3030,20 +3030,20 @@ "type": "tidelift" } ], - "time": "2024-09-20T08:15:52+00:00" + "time": "2024-10-09T08:40:40+00:00" }, { "name": "symfony/filesystem", - "version": "v7.1.5", + "version": "v7.1.6", "source": { "type": "git", "url": "https://github.com/symfony/filesystem.git", - "reference": "61fe0566189bf32e8cfee78335d8776f64a66f5a" + "reference": "c835867b3c62bb05c7fe3d637c871c7ae52024d4" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/filesystem/zipball/61fe0566189bf32e8cfee78335d8776f64a66f5a", - "reference": "61fe0566189bf32e8cfee78335d8776f64a66f5a", + "url": "https://api.github.com/repos/symfony/filesystem/zipball/c835867b3c62bb05c7fe3d637c871c7ae52024d4", + "reference": "c835867b3c62bb05c7fe3d637c871c7ae52024d4", "shasum": "" }, "require": { @@ -3080,7 +3080,7 @@ "description": "Provides basic utilities for the filesystem", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/filesystem/tree/v7.1.5" + "source": "https://github.com/symfony/filesystem/tree/v7.1.6" }, "funding": [ { @@ -3096,20 +3096,20 @@ "type": "tidelift" } ], - "time": "2024-09-17T09:16:35+00:00" + "time": "2024-10-25T15:11:02+00:00" }, { "name": "symfony/finder", - "version": "v6.4.11", + "version": "v6.4.13", "source": { "type": "git", "url": "https://github.com/symfony/finder.git", - "reference": "d7eb6daf8cd7e9ac4976e9576b32042ef7253453" + "reference": "daea9eca0b08d0ed1dc9ab702a46128fd1be4958" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/finder/zipball/d7eb6daf8cd7e9ac4976e9576b32042ef7253453", - "reference": "d7eb6daf8cd7e9ac4976e9576b32042ef7253453", + "url": "https://api.github.com/repos/symfony/finder/zipball/daea9eca0b08d0ed1dc9ab702a46128fd1be4958", + "reference": "daea9eca0b08d0ed1dc9ab702a46128fd1be4958", "shasum": "" }, "require": { @@ -3144,7 +3144,7 @@ "description": "Finds files and directories via an intuitive fluent interface", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/finder/tree/v6.4.11" + "source": "https://github.com/symfony/finder/tree/v6.4.13" }, "funding": [ { @@ -3160,7 +3160,7 @@ "type": "tidelift" } ], - "time": "2024-08-13T14:27:37+00:00" + "time": "2024-10-01T08:30:56+00:00" }, { "name": "symfony/polyfill-intl-grapheme", @@ -3406,16 +3406,16 @@ }, { "name": "symfony/string", - "version": "v7.1.5", + "version": "v7.1.6", "source": { "type": "git", "url": "https://github.com/symfony/string.git", - "reference": "d66f9c343fa894ec2037cc928381df90a7ad4306" + "reference": "61b72d66bf96c360a727ae6232df5ac83c71f626" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/string/zipball/d66f9c343fa894ec2037cc928381df90a7ad4306", - "reference": "d66f9c343fa894ec2037cc928381df90a7ad4306", + "url": "https://api.github.com/repos/symfony/string/zipball/61b72d66bf96c360a727ae6232df5ac83c71f626", + "reference": "61b72d66bf96c360a727ae6232df5ac83c71f626", "shasum": "" }, "require": { @@ -3473,7 +3473,7 @@ "utf8" ], "support": { - "source": "https://github.com/symfony/string/tree/v7.1.5" + "source": "https://github.com/symfony/string/tree/v7.1.6" }, "funding": [ { @@ -3489,7 +3489,7 @@ "type": "tidelift" } ], - "time": "2024-09-20T08:28:38+00:00" + "time": "2024-09-25T14:20:29+00:00" }, { "name": "vimeo/psalm", From 1d96efe07c8a18c0aa58f69849a7b36940ce2dc5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Oct 2024 04:59:07 +0000 Subject: [PATCH 0038/1391] build(deps): bump strukturag/nextcloud-spreed-signaling Bumps strukturag/nextcloud-spreed-signaling from 2.0.0 to 2.0.1. --- updated-dependencies: - dependency-name: strukturag/nextcloud-spreed-signaling dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/talk/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index 6fa5a046..13896e1b 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:latest FROM nats:2.10.22-scratch AS nats FROM eturnal/eturnal:1.12.1 AS eturnal -FROM strukturag/nextcloud-spreed-signaling:2.0.0 AS signaling +FROM strukturag/nextcloud-spreed-signaling:2.0.1 AS signaling FROM alpine:3.20.3 AS janus ARG JANUS_VERSION=v0.14.4 From cf8ba936c9f775aa73fefbcca16ce1892d26cfd2 Mon Sep 17 00:00:00 2001 From: Robert Riemann Date: Tue, 29 Oct 2024 15:12:15 +0100 Subject: [PATCH 0039/1391] elastic container: ingest-attachment is now module and not a plugin When this command is executed in elastic search v8.15.3, then this warning shows up: ~~~ bin/elasticsearch-plugin install --batch ingest-attachment warning: ignoring JAVA_HOME=/opt/bitnami/java; using ES_JAVA_HOME -> Installing ingest-attachment [ingest-attachment] is no longer a plugin but instead a module packaged with this distribution of Elasticsearch -> Please restart Elasticsearch to activate any plugins installed ~~~ The elastic website says: "The Ingest Attachment plugin is now included in Elasticsearch. See the Ingest Attachment processor." Source: Hence, I remove the explicit installation from the elastic container image. Signed-off-by: Robert Riemann --- Containers/fulltextsearch/Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile index b67b1067..4da28fa1 100644 --- a/Containers/fulltextsearch/Dockerfile +++ b/Containers/fulltextsearch/Dockerfile @@ -14,8 +14,7 @@ RUN set -ex; \ apt-get install -y --no-install-recommends \ tzdata \ ; \ - rm -rf /var/lib/apt/lists/*; \ - elasticsearch-plugin install --batch ingest-attachment + rm -rf /var/lib/apt/lists/*; USER 1000:0 From 95c20fdfff90579a9a9c3e3cd0e55956f6cf6111 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 30 Oct 2024 10:56:06 +0100 Subject: [PATCH 0040/1391] nextcloud: clean up old sessions after 24h latest Signed-off-by: Simon L. --- Containers/nextcloud/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 1a376908..f846f110 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -134,6 +134,7 @@ RUN set -ex; \ echo 'redis.session.locking_enabled = 1'; \ echo 'redis.session.lock_retries = -1'; \ echo 'redis.session.lock_wait_time = 10000'; \ + echo 'session.gc_maxlifetime = 86400'; \ } > /usr/local/etc/php/conf.d/redis-session.ini; \ \ mkdir -p /var/www/data; \ From 9316555ecb890d97d1e795223aaf59b38dd15353 Mon Sep 17 00:00:00 2001 From: Perlover Date: Wed, 30 Oct 2024 13:43:19 +0100 Subject: [PATCH 0041/1391] Update docker-rootless.md 1) No NEXTCLOUD_MOUNT but there is NEXTCLOUD_DATADIR 2) Now in Docker recommended the few different detailed config: https://docs.docker.com/engine/security/rootless/#docker-run--p-does-not-propagate-source-ip-addresses Signed-off-by: Perlover --- docker-rootless.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docker-rootless.md b/docker-rootless.md index 754c44ae..97bbc5c0 100644 --- a/docker-rootless.md +++ b/docker-rootless.md @@ -18,7 +18,7 @@ You can run AIO with docker rootless by following the steps below. Almost all commands in this project's documentation use `sudo docker ...`. Since `sudo` is not needed in case of docker rootless, you simply remove `sudo` from the commands and they should work. ### Note regarding permissions -All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. E.g. with `sudo chown -R USERNAME:GROUPNAME /mnt/backup`. The same applies when changing Nextcloud's datadir. E.g. `sudo chown -R USERNAME:GROUPNAME /mnt/ncdata`. When you want to use the NEXTCLOUD_MOUNT option for local external storage, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value). +All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. E.g. with `sudo chown -R USERNAME:GROUPNAME /mnt/backup`. The same applies when changing Nextcloud's datadir. E.g. `sudo chown -R USERNAME:GROUPNAME /mnt/ncdata`. When you want to use the NEXTCLOUD_DATADIR option for local external storage, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value). ### Note regarding docker network driver By default rootless docker uses the `slirp4netns` IP driver and the `builtin` port driver. As mentioned in [the documentation](https://docs.docker.com/engine/security/rootless/#networking-errors), this combination doesn't provide "Source IP propagation". This means that Apache and Nextcloud will see all connections as coming from the docker gateway (e.g 172.19.0.1), which can lead to the Nextcloud brute force protection blocking all connection attempts. To expose the correct source IP, you will need to configure docker to also use `slirp4netns` as the port driver (see also [this guide](https://rootlesscontaine.rs/getting-started/docker/#changing-the-port-forwarder)). @@ -29,9 +29,10 @@ As stated in the documentation, this change will likely lead to decreased networ with the following content: ``` [Service] + Environment="DOCKERD_ROOTLESS_ROOTLESSKIT_NET=slirp4netns" Environment="DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER=slirp4netns" ``` * Restart the docker daemon ``` systemctl --user restart docker - ``` \ No newline at end of file + ``` From 4b51f85d98f5cc9a636b43029949502a6f708d7c Mon Sep 17 00:00:00 2001 From: jr_blue_551 Date: Wed, 30 Oct 2024 19:27:10 +0000 Subject: [PATCH 0042/1391] Update readme.md Signed-off-by: jr_blue_551 --- community-containers/npmplus/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/community-containers/npmplus/readme.md b/community-containers/npmplus/readme.md index 538e511a..86679352 100644 --- a/community-containers/npmplus/readme.md +++ b/community-containers/npmplus/readme.md @@ -7,7 +7,7 @@ This container contains a fork of the Nginx Proxy Manager, which is a WebUI for - Make sure that no other service is using port `443 (tcp/upd)` or `81 (tcp)` on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep "443\|81"` before installing AIO. - Please change the default login data first, after you can read inside the logs that the default config for AIO is created and there are no errors. - After the container was started the first time, please check the logs for errors. Then you can open NPMplus on `https://:81` and change the password. -- The default password is `iArhP1j7p1P6TA92FA2FMbbUGYqwcYzxC4AVEe12Wbi94FY9gNN62aKyF1shrvG4NycjjX9KfmDQiwkLZH1ZDR9xMjiG2QmoHXi` and the default email is `admin@example.com` +- The default password is `iArhP1j7p1P6TA92FA2FMbbUGYqwcYzxC4AVEe12Wbi94FY9gNN62aKyF1shrvG4NycjjX9KfmDQiwkLZH1ZDR9xMjiG2QmoHXi` and the default email is `admin@example.org` - If you want to use NPMplus behind a domain and outside localhost just create a new proxy host inside the NPMplus which proxies to `https`, `127.0.0.1` and port `81` - all other settings should be the same as for the AIO host. - If you want to set env options from this [compose.yaml](https://github.com/ZoeyVid/NPMplus/blob/develop/compose.yaml), please set them inside the `.env` file which you can find in the `nextcloud_aio_npmplus` volume - The data (certs, configs, etc.) of NPMplus will be automatically included in AIOs backup solution! From bd799bd753ccfcead272b3582f2e7f71895b6c3d Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 31 Oct 2024 11:48:39 +0100 Subject: [PATCH 0043/1391] address review Signed-off-by: Simon L. --- docker-rootless.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docker-rootless.md b/docker-rootless.md index 97bbc5c0..f77b4a54 100644 --- a/docker-rootless.md +++ b/docker-rootless.md @@ -18,7 +18,8 @@ You can run AIO with docker rootless by following the steps below. Almost all commands in this project's documentation use `sudo docker ...`. Since `sudo` is not needed in case of docker rootless, you simply remove `sudo` from the commands and they should work. ### Note regarding permissions -All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. E.g. with `sudo chown -R USERNAME:GROUPNAME /mnt/backup`. The same applies when changing Nextcloud's datadir. E.g. `sudo chown -R USERNAME:GROUPNAME /mnt/ncdata`. When you want to use the NEXTCLOUD_DATADIR option for local external storage, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value). +All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. E.g. with `sudo chown -R USERNAME:GROUPNAME /mnt/backup`. The same applies when changing Nextcloud's datadir via NEXTCLOUD_DATADIR. E.g. `sudo chown -R USERNAME:GROUPNAME /mnt/ncdata`. When you want to use the NEXTCLOUD_MOUNT option for local external storage, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value). + ### Note regarding docker network driver By default rootless docker uses the `slirp4netns` IP driver and the `builtin` port driver. As mentioned in [the documentation](https://docs.docker.com/engine/security/rootless/#networking-errors), this combination doesn't provide "Source IP propagation". This means that Apache and Nextcloud will see all connections as coming from the docker gateway (e.g 172.19.0.1), which can lead to the Nextcloud brute force protection blocking all connection attempts. To expose the correct source IP, you will need to configure docker to also use `slirp4netns` as the port driver (see also [this guide](https://rootlesscontaine.rs/getting-started/docker/#changing-the-port-forwarder)). From 3ede76af8ff6bcb415cc35986e24de163adf72a9 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 31 Oct 2024 13:14:12 +0100 Subject: [PATCH 0044/1391] DockerActionManager: fix getting the tag from the image Signed-off-by: Simon L. --- php/src/Docker/DockerActionManager.php | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 12a641e0..8ccbe1ec 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -736,16 +736,13 @@ readonly class DockerActionManager { $output = json_decode($this->guzzleClient->get($url)->getBody()->getContents(), true); $containerChecksum = $output['Image']; $tagArray = explode(':', $output['Config']['Image']); - $tag = $tagArray[1]; - apcu_add($cacheKey, $tag); - /** - * @psalm-suppress TypeDoesNotContainNull - * @psalm-suppress DocblockTypeContradiction - */ - if ($tag === null) { + if (isset($tagArray[1])) { + $tag = $tagArray[1]; + } else { error_log("No tag was found when getting the current channel. You probably did not follow the documentation correctly. Changing the channel to the default 'latest'."); $tag = 'latest'; } + apcu_add($cacheKey, $tag); return $tag; } catch (\Exception $e) { error_log('Could not get current channel ' . $e->getMessage()); From c78bffbff9146af2beb70a897bc8239774cfdcb4 Mon Sep 17 00:00:00 2001 From: zybster Date: Fri, 1 Nov 2024 09:09:21 +0100 Subject: [PATCH 0045/1391] Update readme.md Since IX System ditched Kubernetes and integrated a full-fledged docker environment in Truenas Scale 24.10.0 (Electric Eel) it is now very easy to install Nextcloud AIO on Scale On way is listed here. Signed-off-by: zybster --- readme.md | 45 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 44 insertions(+), 1 deletion(-) diff --git a/readme.md b/readme.md index 92831931..111e73f1 100644 --- a/readme.md +++ b/readme.md @@ -219,7 +219,50 @@ If you have the NAS setup on your local network (which is most often the case) y The easiest way to run it with Portainer on Linux is to use Portainer's stacks feature and use [this docker-compose file](./compose.yaml) in order to start AIO correctly. ### Can I run AIO on TrueNAS SCALE? -On TrueNAS SCALE, there are two ways to run AIO. The preferred one is to run AIO inside a VM. This is necessary since they do not expose the docker socket for containers on the host, you also cannot use docker-compose on it thus and it is also not possible to run custom helm-charts that are not explicitly written for TrueNAS SCALE. + +With the Truenas Scale Release 24.10.0 (which was officially released on October 29th 2024 as a stable release) IX Systems ditched the Kubernetes integration and implemented a fully working docker environment. + +One way to run Nextcloud AIO on the new Truenas Scale release is: +- Create a dataset on your Scale instance for your docker containers / stacks (e.g. /mnt/tank/docker) + +- Install dockge app (Apps -> Discover Apps -> search Dockge -> Install -> In the Dockge Configuration select: + - Port for Dockge (standard is 5001) + - Hostpath folder for stacks /mnt/tank/docker + - Hostpath folder for dockge data /mnt/tank/docker/dockge + +- Go to the Dockge Webui and create a new Stack for the AIO Mastercontainer + +
+ Click here to expand + +``` +services: + nextcloud: + image: nextcloud/all-in-one:latest # Must be changed to 'nextcloud/all-in-one:latest-arm64' when used with an arm64 CPU + restart: always + container_name: nextcloud-aio-mastercontainer + volumes: + - nextcloud_aio_mastercontainer:/mnt/docker-aio-config + - /var/run/docker.sock:/var/run/docker.sock:ro + ports: + - 8080:8080 + environment: + # Is needed when using any of the options below + - APACHE_PORT=11000 # Is needed when running behind a reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md + - NEXTCLOUD_DATADIR=/mnt/tank/docker/nextcloud_aio/data # Allows to set the host directory for Nextcloud's datadir. See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir + - NEXTCLOUD_MOUNT=/mnt/tank/docker/nextcloud_aio # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host + - NEXTCLOUD_MEMORY_LIMIT=4096M +networks: {} + +volumes: + nextcloud_aio_mastercontainer: + name: nextcloud_aio_mastercontainer +``` +
+ +- Deploy the Stack and Nextcloud AIO is running on your Truenas Scale + +On older TrueNAS SCALE releases with Kubernetes environment, there are two ways to run AIO. The preferred one is to run AIO inside a VM. This is necessary since they do not expose the docker socket for containers on the host, you also cannot use docker-compose on it thus and it is also not possible to run custom helm-charts that are not explicitly written for TrueNAS SCALE. Another but untested way is to install Portainer on your TrueNAS SCALE from here https://truecharts.org/charts/stable/portainer/installation-notes and add the Helm-chart repository https://nextcloud.github.io/all-in-one/ into Portainer by following https://docs.portainer.io/user/kubernetes/helm. More docs on AIOs Helm Chart are available here: https://github.com/nextcloud/all-in-one/tree/main/nextcloud-aio-helm-chart#nextcloud-aio-helm-chart. From 329e2e7805164d7c5513076af803d3b0604896a0 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 1 Nov 2024 10:28:19 +0100 Subject: [PATCH 0046/1391] aio-interface: add debug docs to collabora, talk and fts Signed-off-by: Simon L. --- php/containers.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/php/containers.json b/php/containers.json index a107df84..2ed946c1 100644 --- a/php/containers.json +++ b/php/containers.json @@ -325,6 +325,7 @@ { "container_name": "nextcloud-aio-collabora", "image_tag": "%AIO_CHANNEL%", + "documentation": "https://github.com/nextcloud/all-in-one/discussions/1358", "display_name": "Collabora", "image": "nextcloud/aio-collabora", "init": true, @@ -362,6 +363,7 @@ { "container_name": "nextcloud-aio-talk", "image_tag": "%AIO_CHANNEL%", + "documentation": "https://github.com/nextcloud/all-in-one/discussions/1358", "display_name": "Talk", "image": "nextcloud/aio-talk", "init": true, @@ -686,6 +688,7 @@ { "container_name": "nextcloud-aio-fulltextsearch", "image_tag": "%AIO_CHANNEL%", + "documentation": "https://github.com/nextcloud/all-in-one/discussions/1709", "display_name": "Fulltextsearch", "image": "nextcloud/aio-fulltextsearch", "init": false, From 315c29c81e7affcca30b337255bbb3a60471c23b Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 1 Nov 2024 10:35:04 +0100 Subject: [PATCH 0047/1391] try to fix the json-validator workflow Signed-off-by: Simon L. --- .github/workflows/json-validator.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/json-validator.yml b/.github/workflows/json-validator.yml index 86e269e9..35f4e8e6 100644 --- a/.github/workflows/json-validator.yml +++ b/.github/workflows/json-validator.yml @@ -21,7 +21,7 @@ jobs: run: | sudo apt-get update sudo apt-get install python3-pip -y --no-install-recommends - sudo pip3 install json-spec + sudo pip3 install json-spec --break-system-packages if ! json validate --schema-file=php/containers-schema.json --document-file=php/containers.json; then exit 1 fi From 0ff08f00f1524c60da1db16dcc122366e0714bc0 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 1 Nov 2024 10:42:18 +0100 Subject: [PATCH 0048/1391] adjust the PR and add link to guide Signed-off-by: Simon L. --- readme.md | 40 +--------------------------------------- 1 file changed, 1 insertion(+), 39 deletions(-) diff --git a/readme.md b/readme.md index 111e73f1..328a9729 100644 --- a/readme.md +++ b/readme.md @@ -222,45 +222,7 @@ The easiest way to run it with Portainer on Linux is to use Portainer's stacks f With the Truenas Scale Release 24.10.0 (which was officially released on October 29th 2024 as a stable release) IX Systems ditched the Kubernetes integration and implemented a fully working docker environment. -One way to run Nextcloud AIO on the new Truenas Scale release is: -- Create a dataset on your Scale instance for your docker containers / stacks (e.g. /mnt/tank/docker) - -- Install dockge app (Apps -> Discover Apps -> search Dockge -> Install -> In the Dockge Configuration select: - - Port for Dockge (standard is 5001) - - Hostpath folder for stacks /mnt/tank/docker - - Hostpath folder for dockge data /mnt/tank/docker/dockge - -- Go to the Dockge Webui and create a new Stack for the AIO Mastercontainer - -
- Click here to expand - -``` -services: - nextcloud: - image: nextcloud/all-in-one:latest # Must be changed to 'nextcloud/all-in-one:latest-arm64' when used with an arm64 CPU - restart: always - container_name: nextcloud-aio-mastercontainer - volumes: - - nextcloud_aio_mastercontainer:/mnt/docker-aio-config - - /var/run/docker.sock:/var/run/docker.sock:ro - ports: - - 8080:8080 - environment: - # Is needed when using any of the options below - - APACHE_PORT=11000 # Is needed when running behind a reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md - - NEXTCLOUD_DATADIR=/mnt/tank/docker/nextcloud_aio/data # Allows to set the host directory for Nextcloud's datadir. See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir - - NEXTCLOUD_MOUNT=/mnt/tank/docker/nextcloud_aio # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host - - NEXTCLOUD_MEMORY_LIMIT=4096M -networks: {} - -volumes: - nextcloud_aio_mastercontainer: - name: nextcloud_aio_mastercontainer -``` -
- -- Deploy the Stack and Nextcloud AIO is running on your Truenas Scale +For a more complete guide, see this guide by @zybster: https://github.com/nextcloud/all-in-one/discussions/5506 On older TrueNAS SCALE releases with Kubernetes environment, there are two ways to run AIO. The preferred one is to run AIO inside a VM. This is necessary since they do not expose the docker socket for containers on the host, you also cannot use docker-compose on it thus and it is also not possible to run custom helm-charts that are not explicitly written for TrueNAS SCALE. From 013306fff7eb98c7b59a7fe23ec7abfbaf3f7b69 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 1 Nov 2024 11:57:03 +0100 Subject: [PATCH 0049/1391] update screenshot Signed-off-by: Simon L. --- readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.md b/readme.md index 328a9729..9f3cde93 100644 --- a/readme.md +++ b/readme.md @@ -78,7 +78,7 @@ Included are: ## Screenshots | First setup | After installation | |---|---| -| ![image](https://github.com/user-attachments/assets/6ef5d7b5-86f2-402c-bc6c-b633af2ca7dd) | ![image](https://github.com/user-attachments/assets/5f510667-a172-4841-b916-89025debef3a) | +| ![image](https://github.com/user-attachments/assets/6ef5d7b5-86f2-402c-bc6c-b633af2ca7dd) | ![image](https://github.com/user-attachments/assets/939d0fdf-436f-433d-82d3-27548263a040) | ## How to use this? The following instructions are meant for installations without a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) already being in place. If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), see the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md). Also, the instructions below are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows) and for Synology see [this](#how-to-run-aio-on-synology-dsm). From c823816a79205694eab9942dcff735aebf6c46dd Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Sat, 2 Nov 2024 17:22:25 +0100 Subject: [PATCH 0050/1391] Update readme.md Signed-off-by: Simon L. --- readme.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/readme.md b/readme.md index 9f3cde93..2768b571 100644 --- a/readme.md +++ b/readme.md @@ -344,7 +344,10 @@ Additionally, there is a cronjob that runs once a day that checks for container AIO ships its own update notifications implementation. It checks if container updates are available. If so, it sends a notification with the title `Container updates available!` on saturdays to Nextcloud users that are part of the `admin` group. If the Nextcloud container image should be older than 90 days (~3 months) and thus badly outdated, AIO sends a notification to all Nextcloud users with the title `AIO is outdated!`. Thus admins should make sure to update the container images at least once every 3 months in order to make sure that the instance gets all security bugfixes as soon as possible. ### How to easily log in to the AIO interface? -If your Nextcloud is running and you are logged in as admin in your Nextcloud, you can easily log in to the AIO interface by opening `https://yourdomain.tld/settings/admin/overview` which will show a button on top that enables you to log in to the AIO interface by just clicking on this button. **Note:** You can change the domain/ip-address/port of the button by simply stopping the containers, visiting the AIO interface from the correct and desired domain/ip-address/port and clicking once on `Start containers`. +If your Nextcloud is running and you are logged in as admin in your Nextcloud, you can easily log in to the AIO interface by opening `https://yourdomain.tld/settings/admin/overview` which will show a button on top that enables you to log in to the AIO interface by just clicking on this button. + +> [!Note] +> You can change the domain/ip-address/port of the button by simply stopping the containers, visiting the AIO interface from the correct and desired domain/ip-address/port and clicking once on `Start containers`. ### How to change the domain? > [!NOTE] From d748134533c8f61df1aaed024ceba95ec2c0fce1 Mon Sep 17 00:00:00 2001 From: Jean-Yves <7360784+docjyJ@users.noreply.github.com> Date: Sat, 2 Nov 2024 18:28:31 +0100 Subject: [PATCH 0051/1391] Fix twig Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com> --- php/templates/login.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/login.twig b/php/templates/login.twig index 5478225f..cb33c8d3 100644 --- a/php/templates/login.twig +++ b/php/templates/login.twig @@ -2,7 +2,7 @@ {% block body %}