diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile index 8c46ed97..6e739095 100644 --- a/Containers/fulltextsearch/Dockerfile +++ b/Containers/fulltextsearch/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile -FROM elasticsearch:8.19.7 +FROM elasticsearch:8.19.8 USER root diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile index 7e477820..ea0a70de 100644 --- a/Containers/imaginary/Dockerfile +++ b/Containers/imaginary/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM golang:1.25.4-alpine3.22 AS go +FROM golang:1.25.5-alpine3.22 AS go ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh index 77c4675e..4ca193be 100644 --- a/Containers/mastercontainer/start.sh +++ b/Containers/mastercontainer/start.sh @@ -75,18 +75,15 @@ elif ! sudo -E -u www-data test -r /var/run/docker.sock; then fi fi -# Check if api version is supported -if ! sudo -E -u www-data docker info &>/dev/null; then - print_red "Cannot connect to the docker socket. Cannot proceed." - echo "Did you maybe remove group read permissions for the docker socket? AIO needs them in order to access the docker socket." - echo "If SELinux is enabled on your host, see https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled" - echo "If you are on TrueNas SCALE, see https://github.com/nextcloud/all-in-one#can-i-run-aio-on-truenas-scale" +# Get default docker api version +API_VERSION_FILE="$(find ./ -name DockerActionManager.php | head -1)" +API_VERSION="$(grep -oP 'const string API_VERSION.*\;' "$API_VERSION_FILE" | grep -oP '[0-9]+.[0-9]+' | head -1)" +if [ -z "$API_VERSION" ]; then + print_red "Could not get API_VERSION. Something is wrong!" exit 1 fi -# Docker api version check -API_VERSION_FILE="$(find ./ -name DockerActionManager.php | head -1)" -API_VERSION="$(grep -oP 'const string API_VERSION.*\;' "$API_VERSION_FILE" | grep -oP '[0-9]+.[0-9]+' | head -1)" +# Check if DOCKER_API_VERSION is set globally if [ -n "$DOCKER_API_VERSION" ]; then if ! echo "$DOCKER_API_VERSION" | grep -q '^[0-9].[0-9]\+$'; then print_red "You've set DOCKER_API_VERSION but not to an allowed value. @@ -98,23 +95,45 @@ It is set to '$DOCKER_API_VERSION'." print_red "Please note that only v$API_VERSION is officially supported and tested by the maintainers of Nextcloud AIO." print_red "So you run on your own risk and things might break without warning." else - # shellcheck disable=SC2001 - API_VERSION_NUMB="$(echo "$API_VERSION" | sed 's/\.//')" - LOCAL_API_VERSION_NUMB="$(sudo -E -u www-data docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')" - if [ -n "$LOCAL_API_VERSION_NUMB" ] && [ -n "$API_VERSION_NUMB" ]; then - if ! [ "$LOCAL_API_VERSION_NUMB" -ge "$API_VERSION_NUMB" ]; then - print_red "Docker API v$API_VERSION is not supported by your docker engine. Cannot proceed. Please upgrade your docker engine if you want to run Nextcloud AIO!" - echo "Alternatively, set the DOCKER_API_VERSION environmental variable to a compatible version." - echo "However please note that only v$API_VERSION is officially supported and tested by the maintainers of Nextcloud AIO." - echo "See https://github.com/nextcloud/all-in-one#how-to-adjust-the-internally-used-docker-api-version" - exit 1 - fi - else - echo "LOCAL_API_VERSION_NUMB or API_VERSION_NUMB are not set correctly. Cannot check if the API version is supported." - sleep 10 + # Export docker api version to use it everywhere + export DOCKER_API_VERSION="$API_VERSION" +fi + +# Set a fallback docker api version. Needed for api version check. +# The check will not work otherwise on old docker versions +FALLBACK_DOCKER_API_VERSION="1.41" + +# Check if docker info can be used +if ! sudo -E -u www-data docker info &>/dev/null; then + if ! sudo -E -u www-data DOCKER_API_VERSION="$FALLBACK_DOCKER_API_VERSION" docker info &>/dev/null; then + print_red "Cannot connect to the docker socket. Cannot proceed." + echo "Did you maybe remove group read permissions for the docker socket? AIO needs them in order to access the docker socket." + echo "If SELinux is enabled on your host, see https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled" + echo "If you are on TrueNas SCALE, see https://github.com/nextcloud/all-in-one#can-i-run-aio-on-truenas-scale" + exit 1 fi fi +# Docker api version check +# shellcheck disable=SC2001 +API_VERSION_NUMB="$(echo "$API_VERSION" | sed 's/\.//')" +LOCAL_API_VERSION_NUMB="$(sudo -E -u www-data docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')" +if [ -z "$LOCAL_API_VERSION_NUMB" ]; then + LOCAL_API_VERSION_NUMB="$(sudo -E -u www-data DOCKER_API_VERSION="$FALLBACK_DOCKER_API_VERSION" docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')" +fi +if [ -n "$LOCAL_API_VERSION_NUMB" ] && [ -n "$API_VERSION_NUMB" ]; then + if ! [ "$LOCAL_API_VERSION_NUMB" -ge "$API_VERSION_NUMB" ]; then + print_red "Docker API v$API_VERSION is not supported by your docker engine. Cannot proceed. Please upgrade your docker engine if you want to run Nextcloud AIO!" + echo "Alternatively, set the DOCKER_API_VERSION environmental variable to a compatible version." + echo "However please note that only v$API_VERSION is officially supported and tested by the maintainers of Nextcloud AIO." + echo "See https://github.com/nextcloud/all-in-one#how-to-adjust-the-internally-used-docker-api-version" + exit 1 + fi +else + echo "LOCAL_API_VERSION_NUMB or API_VERSION_NUMB are not set correctly. Cannot check if the API version is supported." + sleep 10 +fi + # Check Storage drivers STORAGE_DRIVER="$(sudo -E -u www-data docker info | grep "Storage Driver")" # Check if vfs is used: https://github.com/nextcloud/all-in-one/discussions/1467 diff --git a/Containers/nextcloud/config/postgres.config.php b/Containers/nextcloud/config/postgres.config.php index 38f980fe..acde7b82 100644 --- a/Containers/nextcloud/config/postgres.config.php +++ b/Containers/nextcloud/config/postgres.config.php @@ -7,3 +7,11 @@ if (getenv('NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES')) { ), ); } +if (getenv('NEXTCLOUD_TRUSTED_CERTIFICATES_MYSQL')) { + $CONFIG = array( + 'dbdriveroptions' => array( + 'PDO::MYSQL_ATTR_SSL_CA' => '/var/www/html/data/certificates/MYSQL', + ), + ); +} + diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh index 0c03a973..8fdff0d0 100644 --- a/Containers/nextcloud/entrypoint.sh +++ b/Containers/nextcloud/entrypoint.sh @@ -283,6 +283,10 @@ EOF if [ -n "$NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES" ]; then mkdir /var/www/html/data/certificates echo "$NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES" > "/var/www/html/data/certificates/POSTGRES" + # Write out mysql root cert + elif [ -n "$NEXTCLOUD_TRUSTED_CERTIFICATES_MYSQL" ]; then + mkdir /var/www/html/data/certificates + echo "$NEXTCLOUD_TRUSTED_CERTIFICATES_MYSQL" > "/var/www/html/data/certificates/MYSQL" fi echo "Installing with $DATABASE_TYPE database" diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh index 859c6309..9277bdaa 100644 --- a/Containers/notify-push/start.sh +++ b/Containers/notify-push/start.sh @@ -68,11 +68,14 @@ fi # Postgres root cert if [ -f "/nextcloud/data/certificates/POSTGRES" ]; then - POSTGRES_CERT="?sslmode=verify-ca&sslrootcert=/nextcloud/data/certificates/POSTGRES" + CERT_OPTIONS="?sslmode=verify-ca&sslrootcert=/nextcloud/data/certificates/POSTGRES" +# Mysql root cert +elif [ -f "/nextcloud/data/certificates/MYSQL" ]; then + CERT_OPTIONS="?sslmode=verify-ca&ssl-ca=/nextcloud/data/certificates/MYSQL" fi # Set sensitive values as env -export DATABASE_URL="$DATABASE_TYPE://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB$POSTGRES_CERT" +export DATABASE_URL="$DATABASE_TYPE://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB$CERT_OPTIONS" export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX" # Run it diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile index 602d2106..d2db5ae3 100644 --- a/Containers/watchtower/Dockerfile +++ b/Containers/watchtower/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM golang:1.25.4-alpine3.22 AS go +FROM golang:1.25.5-alpine3.22 AS go ENV WATCHTOWER_COMMIT_HASH=6c5a1b0bea65cea1d4cc1de5196789a01617957a diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md index 6cdcb452..a8baf9ea 100644 --- a/community-containers/caddy/readme.md +++ b/community-containers/caddy/readme.md @@ -3,7 +3,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau ### Notes - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time! -- Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO. +- Make sure that no other service is using port 443/tcp on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO. - Starting with AIO v12, the Talk port that was usually exposed on port 3478 is now set to port 443 udp and tcp and reachable via `your-nc-domain.com`. For the changes to become activated, you need to go to `https://your-nc-domain.com/settings/admin/talk` and delete all turn and stun servers. Then restart the containers and the new config should become active. - Starting with AIO v12, you can also limit vaultwarden, stalwart and lldap to certain ip-addresses. You can do so by creating a `allowed-IPs-vaultwarden.txt`, `allowed-IPs-stalwart.txt`, or `allowed-IPs-lldap.txt` file in the `nextcloud-aio-caddy` directory of your admin user and adding the ip-addresses in these files. - The container also supports the proxy protocol inside caddy. That means that you can run a supported web server in front of port 443/tcp and use the proxy protocol. You can enable this by configuring the `APACHE_IP_BINDING` environmental variable for the mastercontainer and set it to an ip-address from which the protocol shall be accepted. ⚠️ Note that the initial domain validation will not work correctly if you want to use the proxy protocol. So make sure to skip the domain validation in that case. See the [documentation](https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation). diff --git a/community-containers/smbserver/readme.md b/community-containers/smbserver/readme.md index 9886f4b2..20d90c9f 100644 --- a/community-containers/smbserver/readme.md +++ b/community-containers/smbserver/readme.md @@ -3,7 +3,6 @@ This container bundles an SMB-server and allows to configure it via a graphical ### Notes - This container should only be run in home networks -- This container currently only works on amd64. See https://github.com/szaimen/aio-smbserver/issues/3 - After adding and starting the container, you need to visit `https://internal.ip.of.server:5803` in order to log in with the `smbserver` user and the password that you can see next to the container in the AIO interface. (The web page uses a self-signed certificate, so you need to accept the warning). Then type in `bash /smbserver.sh` and you will see a graphical UI for configuring the smb-server interactively. - The config data of SMB-server will be automatically included in AIOs backup solution! - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack diff --git a/manual-install/latest.yml b/manual-install/latest.yml index 12545ac3..4e2cfaee 100644 --- a/manual-install/latest.yml +++ b/manual-install/latest.yml @@ -438,7 +438,7 @@ services: environment: - TZ=${TIMEZONE} - ES_JAVA_OPTS=${FULLTEXTSEARCH_JAVA_OPTIONS} - - bootstrap.memory_lock=true + - bootstrap.memory_lock=false - cluster.name=nextcloud-aio - discovery.type=single-node - logger.level=WARN diff --git a/php/public/index.php b/php/public/index.php index 46967c72..c49629bd 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -104,7 +104,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'is_backup_container_running' => $dockerActionManger->isBackupContainerRunning(), 'backup_exit_code' => $dockerActionManger->GetBackupcontainerExitCode(), 'is_instance_restore_attempt' => $configurationManager->isInstanceRestoreAttempt(), - 'borg_backup_mode' => $configurationManager->GetBorgBackupMode(), + 'borg_backup_mode' => $configurationManager->GetBackupMode(), 'was_start_button_clicked' => $configurationManager->wasStartButtonClicked(), 'has_update_available' => $dockerActionManger->isAnyUpdateAvailable(), 'last_backup_time' => $configurationManager->GetLastBackupTime(), diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php index 051f8d9e..45586f9c 100644 --- a/php/src/Controller/ConfigurationController.php +++ b/php/src/Controller/ConfigurationController.php @@ -159,7 +159,7 @@ readonly class ConfigurationController { } if (isset($request->getParsedBody()['delete_borg_backup_location_vars'])) { - $this->configurationManager->DeleteBorgBackupLocationVars(); + $this->configurationManager->DeleteBorgBackupLocationItems(); } return $response->withStatus(201)->withHeader('Location', '.'); diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index a2573fa2..904af4a1 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -89,9 +89,7 @@ readonly class DockerController { } public function startBackup(bool $forceStopNextcloud = false) : void { - $config = $this->configurationManager->GetConfig(); - $config['backup-mode'] = 'backup'; - $this->configurationManager->WriteConfig($config); + $this->configurationManager->SetBackupMode('backup'); $id = self::TOP_CONTAINER; $this->PerformRecursiveContainerStop($id, $forceStopNextcloud); @@ -111,26 +109,22 @@ readonly class DockerController { } public function checkBackup() : void { - $config = $this->configurationManager->GetConfig(); - $config['backup-mode'] = 'check'; - $this->configurationManager->WriteConfig($config); + $this->configurationManager->SetBackupMode('check'); $id = 'nextcloud-aio-borgbackup'; $this->PerformRecursiveContainerStart($id); } private function listBackup() : void { - $config = $this->configurationManager->GetConfig(); - $config['backup-mode'] = 'list'; - $this->configurationManager->WriteConfig($config); + $this->configurationManager->SetBackupMode('list'); $id = 'nextcloud-aio-borgbackup'; $this->PerformRecursiveContainerStart($id); } public function StartBackupContainerRestore(Request $request, Response $response, array $args) : Response { + $this->configurationManager->SetBackupMode('restore'); $config = $this->configurationManager->GetConfig(); - $config['backup-mode'] = 'restore'; $config['selected-restore-time'] = $request->getParsedBody()['selected_restore_time'] ?? ''; if (isset($request->getParsedBody()['restore-exclude-previews'])) { $config['restore-exclude-previews'] = 1; @@ -150,24 +144,20 @@ readonly class DockerController { } public function StartBackupContainerCheckRepair(Request $request, Response $response, array $args) : Response { - $config = $this->configurationManager->GetConfig(); - $config['backup-mode'] = 'check-repair'; - $this->configurationManager->WriteConfig($config); + $this->configurationManager->SetBackupMode('check-repair'); $id = 'nextcloud-aio-borgbackup'; $this->PerformRecursiveContainerStart($id); // Restore to backup check which is needed to make the UI logic work correctly - $config = $this->configurationManager->GetConfig(); - $config['backup-mode'] = 'check'; - $this->configurationManager->WriteConfig($config); + $this->configurationManager->SetBackupMode('check'); return $response->withStatus(201)->withHeader('Location', '.'); } public function StartBackupContainerTest(Request $request, Response $response, array $args) : Response { + $this->configurationManager->SetBackupMode('test'); $config = $this->configurationManager->GetConfig(); - $config['backup-mode'] = 'test'; $config['instance_restore_attempt'] = 0; $this->configurationManager->WriteConfig($config); diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 253b1371..320bc477 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -426,6 +426,12 @@ class ConfigurationManager return $config['backup-mode']; } + public function SetBackupMode(string $mode) : void { + $config = $this->GetConfig(); + $config['backup-mode'] = $mode; + $this->WriteConfig($config); + } + public function GetSelectedRestoreTime() : string { $config = $this->GetConfig(); if(!isset($config['selected-restore-time'])) { @@ -506,11 +512,19 @@ class ConfigurationManager } } - public function DeleteBorgBackupLocationVars() : void { + public function DeleteBorgBackupLocationItems() : void { + // Delete the variables $config = $this->GetConfig(); $config['borg_backup_host_location'] = ''; $config['borg_remote_repo'] = ''; $this->WriteConfig($config); + + // Also delete the borg config file to be able to start over + if (file_exists(DataConst::GetBackupKeyFile())) { + if (unlink(DataConst::GetBackupKeyFile())) { + error_log('borg.config file deleted to be able to start over.'); + } + } } /** @@ -667,15 +681,6 @@ class ConfigurationManager return false; } - public function GetBorgBackupMode() : string { - $config = $this->GetConfig(); - if(!isset($config['backup-mode'])) { - $config['backup-mode'] = ''; - } - - return $config['backup-mode']; - } - public function GetNextcloudMount() : string { $envVariableName = 'NEXTCLOUD_MOUNT'; $configName = 'nextcloud_mount';