mirror of
https://github.com/nextcloud/all-in-one.git
synced 2026-02-04 04:56:52 +00:00
Compare commits
13 commits
f0f023346a
...
51b32578a2
| Author | SHA1 | Date | |
|---|---|---|---|
|
51b32578a2 | ||
|
|
423ba1cc3c | ||
|
|
ad9d877289 | ||
|
|
dd495d76a1 | ||
|
|
49aa732ec5 | ||
|
|
4b4184f248 | ||
|
|
8764307d68 | ||
|
|
51a9d47c74 | ||
|
|
c3d1d96d19 | ||
|
|
1e750fdcf6 | ||
|
|
3e71a789e1 | ||
|
|
9ffb91bd04 | ||
|
|
01dc07e8f1 |
41 changed files with 161 additions and 109 deletions
|
|
@ -46,7 +46,9 @@ echo "$CADDYFILE" > /tmp/Caddyfile
|
|||
|
||||
# Change the trusted_proxies in case of reverse proxies
|
||||
if [ "$APACHE_PORT" != '443' ]; then
|
||||
CADDYFILE="$(sed 's|# trusted_proxies placeholder|trusted_proxies static private_ranges|' /tmp/Caddyfile)"
|
||||
# Here the 100.64.0.0/10 range gets added which is the CGNAT range used by Tailscale nodes
|
||||
# See https://github.com/nextcloud/all-in-one/pull/6703 for reference
|
||||
CADDYFILE="$(sed 's|# trusted_proxies placeholder|trusted_proxies static private_ranges 100.64.0.0/10|' /tmp/Caddyfile)"
|
||||
else
|
||||
CADDYFILE="$(sed "s|# trusted_proxies placeholder|trusted_proxies static $IPv4_ADDRESS|" /tmp/Caddyfile)"
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -8,9 +8,6 @@ FROM caddy:2.10.0-alpine AS caddy
|
|||
# From https://github.com/docker-library/php/blob/master/8.4/alpine3.22/fpm/Dockerfile
|
||||
FROM php:8.4.11-fpm-alpine3.22
|
||||
|
||||
ARG AIO_GIT_URL="https://github.com/nextcloud-releases/all-in-one.git"
|
||||
ARG AIO_GIT_BRANCH="main"
|
||||
|
||||
EXPOSE 80
|
||||
EXPOSE 8080
|
||||
EXPOSE 8443
|
||||
|
|
@ -18,6 +15,13 @@ EXPOSE 8443
|
|||
COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
|
||||
COPY --from=docker /usr/local/bin/docker /usr/local/bin/docker
|
||||
|
||||
COPY community-containers /var/www/docker-aio/community-containers
|
||||
COPY php /var/www/docker-aio/php
|
||||
COPY --chmod=775 Containers/mastercontainer/*.sh /
|
||||
COPY --chmod=664 Containers/mastercontainer/Caddyfile /Caddyfile
|
||||
COPY --chmod=664 Containers/mastercontainer/supervisord.conf /supervisord.conf
|
||||
COPY Containers/mastercontainer/mastercontainer.conf /etc/apache2/sites-available/mastercontainer.conf
|
||||
|
||||
WORKDIR /var/www/docker-aio
|
||||
|
||||
# hadolint ignore=SC2086,DL3047,DL3003,DL3004
|
||||
|
|
@ -67,8 +71,6 @@ RUN set -ex; \
|
|||
wget https://getcomposer.org/installer -O - | php -- --install-dir=/usr/local/bin --filename=composer; \
|
||||
chmod +x /usr/local/bin/composer; \
|
||||
cd /var/www/docker-aio; \
|
||||
git clone "$AIO_GIT_URL" --depth 1 --single-branch --branch "$AIO_GIT_BRANCH" .; \
|
||||
find ./ -maxdepth 1 -mindepth 1 -not -path ./php -not -path ./community-containers -exec rm -r {} \; ; \
|
||||
rm -r ./php/tests; \
|
||||
chown www-data:www-data -R /var/www/docker-aio; \
|
||||
cd php; \
|
||||
|
|
@ -120,11 +122,6 @@ RUN set -ex; \
|
|||
mkdir /var/log/supervisord; \
|
||||
mkdir /var/run/supervisord;
|
||||
|
||||
COPY --chmod=775 *.sh /
|
||||
COPY --chmod=664 Caddyfile /Caddyfile
|
||||
COPY --chmod=664 supervisord.conf /supervisord.conf
|
||||
COPY mastercontainer.conf /etc/apache2/sites-available/mastercontainer.conf
|
||||
|
||||
LABEL org.label-schema.vendor="Nextcloud"
|
||||
|
||||
# hadolint ignore=DL3002
|
||||
|
|
|
|||
|
|
@ -13,11 +13,15 @@ ENV AIO_TOKEN=123456
|
|||
ENV AIO_URL=localhost
|
||||
# AIO settings end # Do not remove or change this line!
|
||||
|
||||
COPY --chmod=775 *.sh /
|
||||
COPY --chmod=774 upgrade.exclude /upgrade.exclude
|
||||
COPY config/*.php /
|
||||
COPY supervisord.conf /supervisord.conf
|
||||
COPY root.motd /root.motd
|
||||
COPY --chmod=775 Containers/nextcloud/*.sh /
|
||||
COPY --chmod=774 Containers/nextcloud/upgrade.exclude /upgrade.exclude
|
||||
COPY Containers/nextcloud/config/*.php /
|
||||
COPY Containers/nextcloud/supervisord.conf /supervisord.conf
|
||||
|
||||
# AIO cloning start # Do not remove or change this line!
|
||||
COPY app /usr/src/nextcloud/apps/nextcloud-aio
|
||||
COPY Containers/nextcloud/root.motd /root.motd
|
||||
# AIO cloning end # Do not remove or change this line!
|
||||
|
||||
VOLUME /mnt/ncdata
|
||||
VOLUME /var/www/html
|
||||
|
|
@ -242,15 +246,7 @@ RUN set -ex; \
|
|||
sed -i 's/^pm.max_children =.*/pm.max_children = 5000/' /usr/local/etc/php-fpm.d/www.conf; \
|
||||
sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf; \
|
||||
\
|
||||
# AIO cloning start # Do not remove or change this line!
|
||||
rm -rf /tmp/nextcloud-aio && \
|
||||
mkdir -p /tmp/nextcloud-aio && \
|
||||
cd /tmp/nextcloud-aio && \
|
||||
git clone https://github.com/nextcloud-releases/all-in-one.git --depth 1 .; \
|
||||
mkdir -p /usr/src/nextcloud/apps/nextcloud-aio; \
|
||||
cp -r ./app/* /usr/src/nextcloud/apps/nextcloud-aio/; \
|
||||
echo "[ -n \"\$TERM\" ] && cat /root.motd" >> /root/.bashrc; \
|
||||
# AIO cloning end # Do not remove or change this line!
|
||||
echo "[ -n \"\$TERM\" ] && [ -f /root.motd ] && cat /root.motd" >> /root/.bashrc; \
|
||||
\
|
||||
chown www-data:root -R /usr/src && \
|
||||
chmod 777 -R /usr/local/etc/php/conf.d && \
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
# syntax=docker/dockerfile:latest
|
||||
FROM nats:2.11.7-scratch AS nats
|
||||
FROM eturnal/eturnal:1.12.1 AS eturnal
|
||||
FROM strukturag/nextcloud-spreed-signaling:2.0.3 AS signaling
|
||||
FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling
|
||||
FROM alpine:3.22.1 AS janus
|
||||
|
||||
ARG JANUS_VERSION=v1.3.2
|
||||
|
|
|
|||
|
|
@ -84,7 +84,8 @@ internalsecret = the-shared-secret-for-internal-clients
|
|||
# For backend type "etcd":
|
||||
# Key prefix of backend entries. All keys below will be watched and assumed to
|
||||
# contain a JSON document with the following entries:
|
||||
# - "url": Url of the Nextcloud instance.
|
||||
# - "urls": List of urls of the Nextcloud instance.
|
||||
# - "url": Url of the Nextcloud instance (deprecated).
|
||||
# - "secret": Shared secret for requests from and to the backend servers.
|
||||
#
|
||||
# Additional optional entries:
|
||||
|
|
@ -93,8 +94,8 @@ internalsecret = the-shared-secret-for-internal-clients
|
|||
# - "sessionlimit": Number of sessions that are allowed to connect.
|
||||
#
|
||||
# Example:
|
||||
# "/signaling/backend/one" -> {"url": "https://nextcloud.domain1.invalid", ...}
|
||||
# "/signaling/backend/two" -> {"url": "https://domain2.invalid/nextcloud", ...}
|
||||
# "/signaling/backend/one" -> {"urls": ["https://nextcloud.domain1.invalid"], ...}
|
||||
# "/signaling/backend/two" -> {"urls": ["https://domain2.invalid/nextcloud"], ...}
|
||||
#backendprefix = /signaling/backend
|
||||
|
||||
# Allow any hostname as backend endpoint. This is extremely insecure and should
|
||||
|
|
@ -122,8 +123,8 @@ connectionsperhost = 8
|
|||
# Backend configurations as defined in the "[backend]" section above. The
|
||||
# section names must match the ids used in "backends" above.
|
||||
#[backend-id]
|
||||
# URL of the Nextcloud instance
|
||||
#url = https://cloud.domain.invalid
|
||||
# Comma-separated list of urls of the Nextcloud instance
|
||||
#urls = https://cloud.domain.invalid
|
||||
|
||||
# Shared secret for requests from and to the backend servers. Leave empty to use
|
||||
# the common shared secret from above.
|
||||
|
|
@ -143,8 +144,8 @@ connectionsperhost = 8
|
|||
#maxscreenbitrate = 2097152
|
||||
|
||||
#[another-backend]
|
||||
# URL of the Nextcloud instance
|
||||
#url = https://cloud.otherdomain.invalid
|
||||
# Comma-separated list of urls of the Nextcloud instance
|
||||
#urls = https://cloud.otherdomain.invalid
|
||||
|
||||
# Shared secret for requests from and to the backend servers. Leave empty to use
|
||||
# the common shared secret from above.
|
||||
|
|
@ -179,6 +180,13 @@ connectionsperhost = 8
|
|||
# proxy server that is used.
|
||||
#maxscreenbitrate = 2097152
|
||||
|
||||
# List of IP addresses / subnets that are allowed to be used by clients in
|
||||
# candidates. The allowed list has preference over the blocked list below.
|
||||
#allowedcandidates = 10.0.0.0/8
|
||||
|
||||
# List of IP addresses / subnets to filter from candidates received by clients.
|
||||
#blockedcandidates = 1.2.3.0/24
|
||||
|
||||
# For type "proxy": timeout in seconds for requests to the proxy server.
|
||||
#proxytimeout = 2
|
||||
|
||||
|
|
|
|||
|
|
@ -98,7 +98,7 @@ connectionsperhost = 8
|
|||
skipverify = ${SKIP_CERT_VERIFY}
|
||||
|
||||
[backend-1]
|
||||
url = https://${NC_DOMAIN}
|
||||
urls = https://${NC_DOMAIN}
|
||||
secret = ${SIGNALING_SECRET}
|
||||
maxstreambitrate = ${TALK_MAX_STREAM_BITRATE}
|
||||
maxscreenbitrate = ${TALK_MAX_SCREEN_BITRATE}
|
||||
|
|
|
|||
|
|
@ -48,7 +48,8 @@
|
|||
"environment": [
|
||||
"TZ=%TIMEZONE%",
|
||||
"NC_DOMAIN=%NC_DOMAIN%",
|
||||
"STALWART_USER_PASS=%STALWART_USER_PASS%"
|
||||
"STALWART_USER_PASS=%STALWART_USER_PASS%",
|
||||
"CLAMAV_ENABLED=%CLAMAV_ENABLED%"
|
||||
],
|
||||
"secrets": [
|
||||
"STALWART_USER_PASS"
|
||||
|
|
|
|||
25
develop.md
25
develop.md
|
|
@ -26,7 +26,7 @@ Simply use https://github.com/nextcloud/all-in-one/issues/6198 as template.
|
|||
Go to https://github.com/nextcloud-releases/all-in-one/actions/workflows/repo-sync.yml and run the workflow that will first sync the repo and then build new container that automatically get published to `develop` and `develop-arm64`.
|
||||
|
||||
## How to test things correctly?
|
||||
Before testing, make sure that at least the amd64 containers are built successfully by checking the last workflow here: https://github.com/nextcloud-releases/all-in-one/actions/workflows/build_images.yml.
|
||||
Before testing, make sure that at least the amd64 containers are built successfully by checking the last workflow here: https://github.com/nextcloud-releases/all-in-one/actions/workflows/build_images.yml.
|
||||
|
||||
There is a testing-VM available for the maintainer of AIO that allows for some final testing before releasing new version. See [this](https://cloud.nextcloud.com/apps/collectives/Nextcloud%20Handbook/Technical/AIO%20testing%20VM?fileId=6350152) for details.
|
||||
|
||||
|
|
@ -48,12 +48,25 @@ This is documented here: https://github.com/nextcloud-releases/all-in-one/tree/m
|
|||
## How to connect to the database?
|
||||
Simply run `sudo docker exec -it nextcloud-aio-database psql -U oc_nextcloud nextcloud_database` and you should be in.
|
||||
|
||||
## How to locally build and test changes to mastercontainer?
|
||||
1. Push changes to your own git fork and branch.
|
||||
1. Use below commands to build mastercontainer image for a custom git url and branch:
|
||||
## How to locally build and test changes to mastercontainer
|
||||
1. Ensure you are on the developer channel per the instructions above.
|
||||
1. Use the commands below from the project root to build the mastercontainer image:
|
||||
```
|
||||
cd Containers/mastercontainer
|
||||
docker buildx build -t ghcr.io/nextcloud-releases/all-in-one:latest --build-arg AIO_GIT_URL="https://github.com/my-fork-repo/all-in-one.git" --build-arg AIO_GIT_BRANCH="my-feature-branch" --load .
|
||||
docker buildx build --file Containers/mastercontainer/Dockerfile --tag ghcr.io/nextcloud-releases/all-in-one:develop --load .
|
||||
```
|
||||
1. Start a container with above built image.
|
||||
1. Since the hash of a locally built image doesn't match the latest release mastercontainer, it prompts for a mandatory update. To temporarily bypass the update suffix `?bypass_mastercontainer_update` to the URL. Eg: `https://localhost:8080/containers?bypass_mastercontainer_update`
|
||||
|
||||
## How to locally build and test changes to other containers using the bypass_container_update param
|
||||
1. Ensure you are on the developer channel per the instructions above.
|
||||
1. Use the commands below from the project root to build the container image:
|
||||
```
|
||||
# For the "nextcloud" container
|
||||
docker buildx build --file Containers/nextcloud/Dockerfile --tag ghcr.io/nextcloud-releases/aio-nextcloud:develop --load .
|
||||
|
||||
# For all other containers
|
||||
docker buildx build --file Containers/{container}/Dockerfile --tag ghcr.io/nextcloud-releases/aio-{container}:develop --load Containers/{container}
|
||||
```
|
||||
1. Stop the containers using the AIO admin interface.
|
||||
1. Reload the AIO admin interface with the param `bypass_container_update` to avoid overwriting your local changes, e.g. `https://localhost:8080/containers?bypass_container_update`.
|
||||
1. Click "Start and update containers" and test your changes. Containers will not be updated, despite the button text.
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
name: nextcloud-aio-helm-chart
|
||||
description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
|
||||
version: 11.5.0
|
||||
version: 11.6.0
|
||||
apiVersion: v2
|
||||
keywords:
|
||||
- latest
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ apiVersion: apps/v1
|
|||
kind: Deployment
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-apache
|
||||
name: nextcloud-aio-apache
|
||||
|
|
@ -17,7 +17,7 @@ spec:
|
|||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-apache
|
||||
spec:
|
||||
|
|
@ -61,7 +61,7 @@ spec:
|
|||
value: "{{ .Values.TIMEZONE }}"
|
||||
- name: WHITEBOARD_HOST
|
||||
value: nextcloud-aio-whiteboard
|
||||
image: ghcr.io/nextcloud-releases/aio-apache:20250811_115851
|
||||
image: ghcr.io/nextcloud-releases/aio-apache:20250822_112758
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ apiVersion: v1
|
|||
kind: Service
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-apache
|
||||
name: nextcloud-aio-apache
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ apiVersion: apps/v1
|
|||
kind: Deployment
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-clamav
|
||||
name: nextcloud-aio-clamav
|
||||
|
|
@ -18,7 +18,7 @@ spec:
|
|||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-clamav
|
||||
spec:
|
||||
|
|
@ -36,7 +36,7 @@ spec:
|
|||
{{- end }}
|
||||
initContainers:
|
||||
- name: init-subpath
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20250811_115851
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20250822_112758
|
||||
command:
|
||||
- mkdir
|
||||
- "-p"
|
||||
|
|
@ -59,7 +59,7 @@ spec:
|
|||
value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-clamav:20250811_115851
|
||||
image: ghcr.io/nextcloud-releases/aio-clamav:20250822_112758
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ apiVersion: v1
|
|||
kind: Service
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-clamav
|
||||
name: nextcloud-aio-clamav
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ apiVersion: apps/v1
|
|||
kind: Deployment
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-collabora
|
||||
name: nextcloud-aio-collabora
|
||||
|
|
@ -16,7 +16,7 @@ spec:
|
|||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-collabora
|
||||
spec:
|
||||
|
|
@ -35,7 +35,7 @@ spec:
|
|||
value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
|
||||
- name: server_name
|
||||
value: "{{ .Values.NC_DOMAIN }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-collabora:20250811_115851
|
||||
image: ghcr.io/nextcloud-releases/aio-collabora:20250822_112758
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ apiVersion: v1
|
|||
kind: Service
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-collabora
|
||||
name: nextcloud-aio-collabora
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ apiVersion: apps/v1
|
|||
kind: Deployment
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-database
|
||||
name: nextcloud-aio-database
|
||||
|
|
@ -17,7 +17,7 @@ spec:
|
|||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-database
|
||||
spec:
|
||||
|
|
@ -35,7 +35,7 @@ spec:
|
|||
{{- end }}
|
||||
initContainers:
|
||||
- name: init-subpath
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20250811_115851
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20250822_112758
|
||||
command:
|
||||
- mkdir
|
||||
- "-p"
|
||||
|
|
@ -64,7 +64,7 @@ spec:
|
|||
value: nextcloud
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-postgresql:20250811_115851
|
||||
image: ghcr.io/nextcloud-releases/aio-postgresql:20250822_112758
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ apiVersion: v1
|
|||
kind: Service
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-database
|
||||
name: nextcloud-aio-database
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ apiVersion: apps/v1
|
|||
kind: Deployment
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-fulltextsearch
|
||||
name: nextcloud-aio-fulltextsearch
|
||||
|
|
@ -18,13 +18,13 @@ spec:
|
|||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-fulltextsearch
|
||||
spec:
|
||||
initContainers:
|
||||
- name: init-volumes
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20250811_115851
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20250822_112758
|
||||
command:
|
||||
- chmod
|
||||
- "777"
|
||||
|
|
@ -54,7 +54,7 @@ spec:
|
|||
value: basic
|
||||
- name: xpack.security.enabled
|
||||
value: "false"
|
||||
image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250811_115851
|
||||
image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250822_112758
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ apiVersion: v1
|
|||
kind: Service
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-fulltextsearch
|
||||
name: nextcloud-aio-fulltextsearch
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ apiVersion: apps/v1
|
|||
kind: Deployment
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-imaginary
|
||||
name: nextcloud-aio-imaginary
|
||||
|
|
@ -16,7 +16,7 @@ spec:
|
|||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-imaginary
|
||||
spec:
|
||||
|
|
@ -38,7 +38,7 @@ spec:
|
|||
value: "{{ .Values.IMAGINARY_SECRET }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-imaginary:20250811_115851
|
||||
image: ghcr.io/nextcloud-releases/aio-imaginary:20250822_112758
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ apiVersion: v1
|
|||
kind: Service
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-imaginary
|
||||
name: nextcloud-aio-imaginary
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ apiVersion: apps/v1
|
|||
kind: Deployment
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-nextcloud
|
||||
name: nextcloud-aio-nextcloud
|
||||
|
|
@ -17,7 +17,7 @@ spec:
|
|||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-nextcloud
|
||||
spec:
|
||||
|
|
@ -38,7 +38,7 @@ spec:
|
|||
# AIO settings start # Do not remove or change this line!
|
||||
initContainers:
|
||||
- name: init-volumes
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20250811_115851
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20250822_112758
|
||||
command:
|
||||
- chmod
|
||||
- "777"
|
||||
|
|
@ -188,7 +188,7 @@ spec:
|
|||
value: "{{ .Values.WHITEBOARD_ENABLED }}"
|
||||
- name: WHITEBOARD_SECRET
|
||||
value: "{{ .Values.WHITEBOARD_SECRET }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-nextcloud:20250811_115851
|
||||
image: ghcr.io/nextcloud-releases/aio-nextcloud:20250822_112758
|
||||
{{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
|
||||
securityContext:
|
||||
# The items below only work in container context
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ apiVersion: v1
|
|||
kind: Service
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-nextcloud
|
||||
name: nextcloud-aio-nextcloud
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ apiVersion: apps/v1
|
|||
kind: Deployment
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-notify-push
|
||||
name: nextcloud-aio-notify-push
|
||||
|
|
@ -17,7 +17,7 @@ spec:
|
|||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-notify-push
|
||||
spec:
|
||||
|
|
@ -55,7 +55,7 @@ spec:
|
|||
value: "{{ .Values.REDIS_PASSWORD }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-notify-push:20250811_115851
|
||||
image: ghcr.io/nextcloud-releases/aio-notify-push:20250822_112758
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ apiVersion: v1
|
|||
kind: Service
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-notify-push
|
||||
name: nextcloud-aio-notify-push
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ apiVersion: apps/v1
|
|||
kind: Deployment
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-onlyoffice
|
||||
name: nextcloud-aio-onlyoffice
|
||||
|
|
@ -18,13 +18,13 @@ spec:
|
|||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-onlyoffice
|
||||
spec:
|
||||
initContainers:
|
||||
- name: init-volumes
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20250811_115851
|
||||
image: ghcr.io/nextcloud-releases/aio-alpine:20250822_112758
|
||||
command:
|
||||
- chmod
|
||||
- "777"
|
||||
|
|
@ -42,7 +42,7 @@ spec:
|
|||
value: "{{ .Values.ONLYOFFICE_SECRET }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250811_115851
|
||||
image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250822_112758
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ apiVersion: v1
|
|||
kind: Service
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-onlyoffice
|
||||
name: nextcloud-aio-onlyoffice
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ apiVersion: apps/v1
|
|||
kind: Deployment
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-redis
|
||||
name: nextcloud-aio-redis
|
||||
|
|
@ -17,7 +17,7 @@ spec:
|
|||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-redis
|
||||
spec:
|
||||
|
|
@ -39,7 +39,7 @@ spec:
|
|||
value: "{{ .Values.REDIS_PASSWORD }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-redis:20250811_115851
|
||||
image: ghcr.io/nextcloud-releases/aio-redis:20250822_112758
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ apiVersion: v1
|
|||
kind: Service
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-redis
|
||||
name: nextcloud-aio-redis
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ apiVersion: apps/v1
|
|||
kind: Deployment
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-talk
|
||||
name: nextcloud-aio-talk
|
||||
|
|
@ -16,7 +16,7 @@ spec:
|
|||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-talk
|
||||
spec:
|
||||
|
|
@ -52,7 +52,7 @@ spec:
|
|||
value: "{{ .Values.TURN_SECRET }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-talk:20250811_115851
|
||||
image: ghcr.io/nextcloud-releases/aio-talk:20250822_112758
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ apiVersion: apps/v1
|
|||
kind: Deployment
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-talk-recording
|
||||
name: nextcloud-aio-talk-recording
|
||||
|
|
@ -18,7 +18,7 @@ spec:
|
|||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-talk-recording
|
||||
spec:
|
||||
|
|
@ -44,7 +44,7 @@ spec:
|
|||
value: "{{ .Values.RECORDING_SECRET }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-talk-recording:20250811_115851
|
||||
image: ghcr.io/nextcloud-releases/aio-talk-recording:20250822_112758
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ apiVersion: v1
|
|||
kind: Service
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-talk-recording
|
||||
name: nextcloud-aio-talk-recording
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ apiVersion: v1
|
|||
kind: Service
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-talk
|
||||
name: nextcloud-aio-talk-public
|
||||
|
|
@ -28,7 +28,7 @@ apiVersion: v1
|
|||
kind: Service
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-talk
|
||||
name: nextcloud-aio-talk
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ apiVersion: apps/v1
|
|||
kind: Deployment
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-whiteboard
|
||||
name: nextcloud-aio-whiteboard
|
||||
|
|
@ -16,7 +16,7 @@ spec:
|
|||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-whiteboard
|
||||
spec:
|
||||
|
|
@ -48,7 +48,7 @@ spec:
|
|||
value: redis
|
||||
- name: TZ
|
||||
value: "{{ .Values.TIMEZONE }}"
|
||||
image: ghcr.io/nextcloud-releases/aio-whiteboard:20250811_115851
|
||||
image: ghcr.io/nextcloud-releases/aio-whiteboard:20250822_112758
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ apiVersion: v1
|
|||
kind: Service
|
||||
metadata:
|
||||
annotations:
|
||||
kompose.version: 1.36.0 (ae2a39403)
|
||||
kompose.version: 1.37.0 (fb0539e64)
|
||||
labels:
|
||||
io.kompose.service: nextcloud-aio-whiteboard
|
||||
name: nextcloud-aio-whiteboard
|
||||
|
|
|
|||
|
|
@ -397,6 +397,8 @@
|
|||
"cap_add": [
|
||||
"MKNOD",
|
||||
"SYS_ADMIN",
|
||||
"SYS_CHROOT",
|
||||
"FOWNER",
|
||||
"CHOWN"
|
||||
],
|
||||
"cap_drop": [
|
||||
|
|
|
|||
|
|
@ -86,6 +86,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
|
|||
// Check if bypass_mastercontainer_update is provided on the URL, a special developer mode to bypass a mastercontainer update and use local image.
|
||||
$params = $request->getQueryParams();
|
||||
$bypass_mastercontainer_update = isset($params['bypass_mastercontainer_update']);
|
||||
$bypass_container_update = isset($params['bypass_container_update']);
|
||||
|
||||
return $view->render($response, 'containers.twig', [
|
||||
'domain' => $configurationManager->GetDomain(),
|
||||
|
|
@ -136,6 +137,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
|
|||
'is_whiteboard_enabled' => $configurationManager->isWhiteboardEnabled(),
|
||||
'community_containers' => $configurationManager->listAvailableCommunityContainers(),
|
||||
'community_containers_enabled' => $configurationManager->GetEnabledCommunityContainers(),
|
||||
'bypass_container_update' => $bypass_container_update,
|
||||
]);
|
||||
})->setName('profile');
|
||||
$app->get('/login', function (Request $request, Response $response, array $args) use ($container) {
|
||||
|
|
|
|||
|
|
@ -191,8 +191,14 @@ readonly class DockerController {
|
|||
$config['install_latest_major'] = $installLatestMajor;
|
||||
$this->configurationManager->WriteConfig($config);
|
||||
|
||||
// Do not pull container images in case 'bypass_container_update' is set via url params
|
||||
// Needed for local testing
|
||||
$pullImage = !isset($request->getParsedBody()['bypass_container_update']);
|
||||
if ($pullImage === false) {
|
||||
error_log('WARNING: Not pulling container images. Instead, using local ones.');
|
||||
}
|
||||
// Start container
|
||||
$this->startTopContainer(true);
|
||||
$this->startTopContainer($pullImage);
|
||||
|
||||
// Clear apcu cache in order to check if container updates are available
|
||||
// Temporarily disabled as it leads much faster to docker rate limits
|
||||
|
|
|
|||
|
|
@ -389,7 +389,7 @@ class ConfigurationManager
|
|||
if ($port === '443') {
|
||||
$notice .= " If you should be using Cloudflare, make sure to disable the Cloudflare Proxy feature as it might block the domain validation. Same for any other firewall or service that blocks unencrypted access on port 443.";
|
||||
} else {
|
||||
error_log('Please follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#6-how-to-debug-things in order to debug things!');
|
||||
error_log('Please follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#how-to-debug in order to debug things!');
|
||||
}
|
||||
throw new InvalidSettingConfigurationException($notice);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -123,7 +123,7 @@
|
|||
<p>If you only want to install AIO locally without exposing it to the public internet or if you cannot do so, feel free to follow <a target="_blank" href="https://github.com/nextcloud/all-in-one/blob/main/local-instance.md">this documentation</a>.</p>
|
||||
<p>If you should be using Cloudflare Proxy for your domain, make sure to disable the Proxy feature temporarily as it might block the domain validation attempts.</p>
|
||||
{% if apache_port != '443' %}
|
||||
<p>If you run into issues with your domain being accepted, see <a target="_blank" href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#6-how-to-debug-things">these steps</a> for how to debug things.</p>
|
||||
<p>If you run into issues with your domain being accepted, see <a target="_blank" href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#how-to-debug">these steps</a> for how to debug things.</p>
|
||||
{% endif %}
|
||||
<p><strong>Hint:</strong> If the domain validation fails but you are completely sure that you've configured everything correctly, you may skip the domain validation by following <a target="_blank" href="https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation">this documentation</a>.</p>
|
||||
</details>
|
||||
|
|
@ -352,6 +352,7 @@
|
|||
<form method="POST" action="/api/docker/start" class="xhr">
|
||||
<input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
|
||||
<input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
|
||||
<input type="hidden" name="bypass_container_update" value="{{bypass_container_update}}">
|
||||
<input class="button " type="submit" value="Start and update containers" onclick="return confirm('Start and update containers? You should consider creating a backup first.')" />
|
||||
</form>
|
||||
{% endif %}
|
||||
|
|
|
|||
|
|
@ -42,7 +42,7 @@ ghcr.io/nextcloud-releases/all-in-one:latest
|
|||
- `--env APACHE_PORT=11000` This is the port that is published on the host that runs Docker and Nextcloud AIO at which the reverse proxy should point at.
|
||||
- `--env APACHE_IP_BINDING=0.0.0.0` This can be modified to allow access to the published port on the host only from certain ip-addresses. [See this documentation](#3-limit-the-access-to-the-apache-container)
|
||||
- `--env APACHE_ADDITIONAL_NETWORK=""` This can be used to put the sibling apache container that is created by AIO into a specified network - useful if your reverse proxy runs as a container on the same host. [See this documentation](#adapting-the-sample-web-server-configurations-below)
|
||||
- `--env SKIP_DOMAIN_VALIDATION=false` This can be set to `true` if the domain validation does not work and you are sure that you configured everything correctly after you followed [the debug documentation](#6-how-to-debug-things).
|
||||
- `--env SKIP_DOMAIN_VALIDATION=false` This can be set to `true` if the domain validation does not work and you are sure that you configured everything correctly after you followed [the debug documentation](#7-how-to-debug-things).
|
||||
- `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` This means that the files that are created by the mastercontainer will be stored in a docker volume that is called `nextcloud_aio_mastercontainer`. This line is not allowed to be changed, since built-in backups would fail later on.
|
||||
- `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootless. See the applicable documentation on this. If adjusting, don't forget to also set `WATCHTOWER_DOCKER_SOCKET_PATH`! If you dislike this, see https://github.com/nextcloud/all-in-one/tree/main/manual-install.
|
||||
- `ghcr.io/nextcloud-releases/all-in-one:latest` This is the docker container image that is used.
|
||||
|
|
@ -51,7 +51,7 @@ ghcr.io/nextcloud-releases/all-in-one:latest
|
|||
</details>
|
||||
|
||||
> [!Note]
|
||||
> If you run into troubles, see [the debug section](#6-how-to-debug-things).
|
||||
> If you run into troubles, see [the debug section](#7-how-to-debug-things).
|
||||
|
||||
---
|
||||
|
||||
|
|
@ -68,8 +68,9 @@ The process to run Nextcloud behind a reverse proxy consists of at least steps 1
|
|||
1. **Use this startup command! See [point 2](#2-use-this-startup-command)**
|
||||
1. Optional: if the reverse proxy is installed on the same host and in the host network, you should limit the apache container to only listen on localhost. See [point 3](#3-limit-the-access-to-the-apache-container)
|
||||
1. **Open the AIO interface. See [point 4](#4-open-the-aio-interface)**
|
||||
1. Optional: get a valid certificate for the AIO interface! See [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface)
|
||||
1. Optional: how to debug things? See [point 6](#6-how-to-debug-things)
|
||||
1. Optional: if the reverse proxy is outside the host network, configure AIO to trust it. See [point 5](#5-optional-configure-aio-for-reverse-proxies-that-connect-to-nextcloud-using-an-ip-address-and-not-localhost-nor-127001)
|
||||
1. Optional: get a valid certificate for the AIO interface! See [point 6](#6-optional-get-a-valid-certificate-for-the-aio-interface)
|
||||
1. Optional: how to debug things? See [point 7](#7-how-to-debug-things)
|
||||
|
||||
## 1. Configure the reverse proxy
|
||||
|
||||
|
|
@ -990,7 +991,28 @@ After starting AIO, you should be able to access the AIO Interface via `https://
|
|||
⚠️ **Important:** do always use an ip-address if you access this port and not a domain as HSTS might block access to it later! (It is also expected that this port uses a self-signed certificate due to security concerns which you need to accept in your browser)<br>
|
||||
Enter your domain in the AIO interface that you've used in the reverse proxy config and you should be done. Please do not forget to open/forward port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container!
|
||||
|
||||
## 5. Optional: get a valid certificate for the AIO interface
|
||||
## 5. Optional: Configure AIO for reverse proxies that connect to nextcloud using an ip-address and not localhost nor 127.0.0.1
|
||||
If your reverse proxy connects to nextcloud using an ip-address and not localhost or 127.0.0.1<sup>*</sup> you must make the following configuration changes
|
||||
|
||||
<small>*: The IP address it uses to connect to AIO is not in a private IP range such as these: `127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1`</small>
|
||||
|
||||
### Nextcloud trusted proxies
|
||||
Add the IP it uses connect to AIO to the Nextcloud trusted_proxies like this:
|
||||
|
||||
```
|
||||
sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set trusted_proxies 2 --value=ip.address.of.proxy
|
||||
```
|
||||
|
||||
### Collabora WOPI allow list
|
||||
If your reverse proxy connects to Nextcloud with an IP address that is different from the one for your domain<sup>*</sup> and you are using the Collabora server then you must also add the IP to the WOPI request allow list via `Administration Settings > Administration > Office > Allow list for WOPI requests`.
|
||||
|
||||
<small>*: For example, the reverse proxy has a public globally routable IP and connects to your AIO instance via Tailscale with an IP in the `100.64.0.0/10` range, or you are using a Cloudflare tunnel ([cloudflare notes](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#notes-on-cloudflare-proxytunnel): You must add all [Cloudflare IP-Ranges](https://www.cloudflare.com/ips/) to the WOPI allowlist.)</small>
|
||||
|
||||
### External reverse proxies connecting via VPN (e.g. Tailscale)
|
||||
|
||||
If your reverse proxy is outside your LAN and connecting via VPN such as Tailscale, you may want to set `APACHE_IP_BINDING=AIO.VPN.host.IP` to ensure only traffic coming from the VPN can connect.
|
||||
|
||||
## 6. Optional: get a valid certificate for the AIO interface
|
||||
|
||||
If you want to also access your AIO interface publicly with a valid certificate, you can add e.g. the following config to your Caddyfile:
|
||||
|
||||
|
|
@ -1007,7 +1029,9 @@ https://<your-nc-domain>:8443 {
|
|||
|
||||
Afterwards should the AIO interface be accessible via `https://ip.address.of.the.host:8443`. You can alternatively change the domain to a different subdomain by using `https://<your-alternative-domain>:443` instead of `https://<your-nc-domain>:8443` in the Caddyfile and use that to access the AIO interface.
|
||||
|
||||
## 6. How to debug things?
|
||||
## 7. How to debug things?
|
||||
<a id="how-to-debug"></a> <!-- for external linking -->
|
||||
<a id="6-how-to-debug-things"></a> <!-- For backwards compatibility-->
|
||||
|
||||
If something does not work, follow the steps below:
|
||||
1. Make sure to exactly follow the whole reverse proxy documentation step-for-step from top to bottom!
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue