coop-cloud/nextcloud
coop-cloud
/
nextcloud
5
1
Fork 3
Code Issues 7 Pull Requests Releases Wiki Activity

Compare commits

base: coop-cloud:4.0.7+26.0.2-fpm
Branches Tags
coop-cloud:main
coop-cloud:authentik_sso
coop-cloud:healthchecks
coop-cloud:occ_cmds
coop-cloud:auto_app_install
coop-cloud:embed_nextcloud_in_iframe
coop-cloud:auto_configure_sso
coop-cloud:add-postgres-db
coop-cloud:7.0.0+29.0.0-fpm
coop-cloud:6.0.4+28.0.5-fpm
coop-cloud:6.0.3+28.0.5-fpm
coop-cloud:6.0.2+28.0.5-fpm
coop-cloud:5.0.3+27.0.1-fpm
coop-cloud:6.0.1+28.0.2-fpm
coop-cloud:6.0.0+28.0.1-fpm
coop-cloud:5.2.0+27.1.5-fpm
coop-cloud:5.1.1+27.1.5-fpm
coop-cloud:5.1.0+27.1.3-fpm
coop-cloud:5.0.2+27.0.1-fpm
coop-cloud:5.0.1+27.0.1-fpm
coop-cloud:5.0.0+27.0.0-fpm
coop-cloud:4.0.7+26.0.2-fpm
coop-cloud:4.0.6+26.0.2-fpm
coop-cloud:4.0.5+26.0.2-fpm
coop-cloud:4.0.4+26.0.2-fpm
coop-cloud:4.0.3+26.0.2-fpm
coop-cloud:4.0.2+26.0.2-fpm
coop-cloud:4.0.1+26.0.1-fpm
coop-cloud:4.0.0+26.0.1-fpm
coop-cloud:3.3.2+25.0.6-fpm
coop-cloud:3.3.1+25.0.5-fpm
coop-cloud:3.3.0+25.0.5-fpm
coop-cloud:3.2.0+25.0.4-fpm
coop-cloud:3.1.2+25.0.4-fpm
coop-cloud:3.1.1+25.0.1-fpm
coop-cloud:3.1.0+25.0.1-fpm
coop-cloud:3.0.1+25.0.1-fpm
coop-cloud:3.0.0+25.0.1-fpm
coop-cloud:2.1.4+24.0.6-fpm
coop-cloud:2.1.3+24.0.5-fpm
coop-cloud:2.1.2+24.0.3-fpm
coop-cloud:2.1.1+24.0.2-fpm
coop-cloud:2.1.0+24.0.0-fpm
coop-cloud:2.0.0+23.0.4-fpm
coop-cloud:1.0.0+23.0.1-fpm
...
compare: coop-cloud:main
Branches Tags
coop-cloud:main
coop-cloud:authentik_sso
coop-cloud:healthchecks
coop-cloud:occ_cmds
coop-cloud:auto_app_install
coop-cloud:embed_nextcloud_in_iframe
coop-cloud:auto_configure_sso
coop-cloud:add-postgres-db
coop-cloud:7.0.0+29.0.0-fpm
coop-cloud:6.0.4+28.0.5-fpm
coop-cloud:6.0.3+28.0.5-fpm
coop-cloud:6.0.2+28.0.5-fpm
coop-cloud:5.0.3+27.0.1-fpm
coop-cloud:6.0.1+28.0.2-fpm
coop-cloud:6.0.0+28.0.1-fpm
coop-cloud:5.2.0+27.1.5-fpm
coop-cloud:5.1.1+27.1.5-fpm
coop-cloud:5.1.0+27.1.3-fpm
coop-cloud:5.0.2+27.0.1-fpm
coop-cloud:5.0.1+27.0.1-fpm
coop-cloud:5.0.0+27.0.0-fpm
coop-cloud:4.0.7+26.0.2-fpm
coop-cloud:4.0.6+26.0.2-fpm
coop-cloud:4.0.5+26.0.2-fpm
coop-cloud:4.0.4+26.0.2-fpm
coop-cloud:4.0.3+26.0.2-fpm
coop-cloud:4.0.2+26.0.2-fpm
coop-cloud:4.0.1+26.0.1-fpm
coop-cloud:4.0.0+26.0.1-fpm
coop-cloud:3.3.2+25.0.6-fpm
coop-cloud:3.3.1+25.0.5-fpm
coop-cloud:3.3.0+25.0.5-fpm
coop-cloud:3.2.0+25.0.4-fpm
coop-cloud:3.1.2+25.0.4-fpm
coop-cloud:3.1.1+25.0.1-fpm
coop-cloud:3.1.0+25.0.1-fpm
coop-cloud:3.0.1+25.0.1-fpm
coop-cloud:3.0.0+25.0.1-fpm
coop-cloud:2.1.4+24.0.6-fpm
coop-cloud:2.1.3+24.0.5-fpm
coop-cloud:2.1.2+24.0.3-fpm
coop-cloud:2.1.1+24.0.2-fpm
coop-cloud:2.1.0+24.0.0-fpm
coop-cloud:2.0.0+23.0.4-fpm
coop-cloud:1.0.0+23.0.1-fpm

32 Commits
4.0.7+26.0 ... main

Author SHA1 Message Date
Moritz 7a64d3c6a7 add alakazam integration file alaconnect.yml
continuous-integration/drone/push Build is failing Details
2024-05-13 17:30:26 +02:00
3wc bb781e654b chore: publish 7.0.0+29.0.0-fpm release
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/tag Build is passing Details
2024-05-12 14:08:32 -03:00
Moritz cb5cd5f7b2 fix release note 5.0.1+27.0.1-fpm
continuous-integration/drone/push Build is failing Details
2024-05-08 11:05:05 +02:00
3wc 0a3e943b26 chore: publish 6.0.4+28.0.5-fpm release
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/tag Build is passing Details
2024-05-07 19:31:54 -03:00
3wc 4f1aaf5d1d Increase memory limit for cron
continuous-integration/drone/push Build is failing Details 
Re coop-cloud/nextcloud#41
 2024-05-07 19:30:49 -03:00
3wc 019b71fde1 chore: publish 6.0.3+28.0.5-fpm release
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/tag Build is passing Details
2024-05-07 15:18:19 -03:00
3wc 7527399da0 Add mjs as a mimetype for javascript 2024-05-07 15:18:19 -03:00
3wc 94e84122ed chore: publish 6.0.2+28.0.5-fpm release
continuous-integration/drone/tag Build is passing Details
2024-05-07 15:18:19 -03:00
p4u1 0d9ab936a0 fulltextsearch: rename and update image 2024-05-07 15:18:19 -03:00
iexos 09ec6f842c update to 28.0.5
continuous-integration/drone/push Build is passing Details
2024-04-30 15:50:17 +02:00
3wc b5d40aa428 Update metadata
continuous-integration/drone/push Build is passing Details
2024-03-30 15:48:50 -03:00
Moritz eead80b60a add env MAX_DB_CONNECTIONS to set the database connection limit
continuous-integration/drone/push Build is passing Details
2024-02-27 09:47:26 +01:00
3wc 24670cdb6b chore: publish 6.0.1+28.0.2-fpm release
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/tag Build is passing Details
2024-02-08 14:51:39 -03:00
3wc 7e4ab9288c chore: publish 6.0.0+28.0.1-fpm release
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/tag Build is passing Details
2024-01-20 21:51:02 -03:00
p4u1 199bf61300 chore: publish 5.2.0+27.1.5-fpm release
continuous-integration/drone/push Build is passing Details
2023-12-22 13:19:26 +01:00
p4u1 99514b5991 feat: add fulltextsearch using elasticsearch (#36)
continuous-integration/drone/push Build is failing Details 
Reviewed-on: #36
Co-authored-by: p4u1 <p4u1_f4u1@riseup.net>
Co-committed-by: p4u1 <p4u1_f4u1@riseup.net>
 2023-12-22 12:09:58 +00:00
p4u1 eefb14e150 refactor: move db_root_password to mariadb (#38)
continuous-integration/drone/push Build is passing Details 
It is only used by mariadb and not by postgres

Closes #34

Reviewed-on: #38
Co-authored-by: p4u1 <p4u1_f4u1@riseup.net>
Co-committed-by: p4u1 <p4u1_f4u1@riseup.net>
 2023-12-22 12:09:07 +00:00
iexos a34e100bd7 chore: publish 5.1.1+27.1.5-fpm release
continuous-integration/drone/push Build is passing Details
2023-12-21 23:23:20 +01:00
p4u1 24ca6b22bc fix: noindex, nofollow instead of none robots header (#37)
continuous-integration/drone/push Build is passing Details 
This fixes a warning shown on the administration page.
More info on: https://help.nextcloud.com/t/x-robots-tag-http-header-not-configured-with-noindex-nofollow-since-nc-26-0-0/158300/1

Reviewed-on: #37
Co-authored-by: p4u1 <p4u1_f4u1@riseup.net>
Co-committed-by: p4u1 <p4u1_f4u1@riseup.net>
 2023-12-19 14:50:46 +00:00
Moritz c4ea5e053e increase default timeout
continuous-integration/drone/push Build is passing Details
2023-12-07 16:33:15 +01:00
Moritz 9d2e5cc05b increase healthcheck start_period for long updates
continuous-integration/drone/push Build is passing Details
2023-11-28 14:39:50 +01:00
Moritz 72bb75a49f add container depedency to avoid restart of web container
continuous-integration/drone/push Build is passing Details
2023-11-28 11:29:55 +01:00
3wc 5014bcb276 chore: publish 5.1.0+27.1.3-fpm release
continuous-integration/drone/push Build encountered an error Details
continuous-integration/drone/tag Build is passing Details
2023-11-06 13:44:44 +00:00
Moritz 88fc62bcd0 automating collabora installation
continuous-integration/drone/push Build is passing Details
2023-08-24 11:01:50 +02:00
3wc c54b975654 chore: publish 5.0.2+27.0.1-fpm release
continuous-integration/drone/push Build is passing Details
2023-08-22 21:14:50 +02:00
3wc e9a602cc78 Add Caddy labels
continuous-integration/drone/push Build is passing Details
2023-08-22 19:08:56 +02:00
3wc 90c7b87655 Trigger catalogue rebuild on tag push
continuous-integration/drone/push Build is passing Details
2023-08-04 15:00:09 +02:00
3wc 3a8c203b51 chore: publish 5.0.1+27.0.1-fpm release
continuous-integration/drone/push Build is passing Details
2023-08-04 14:57:31 +02:00
Philipp Rothmann 634a3553b9 fix: use saner fpm defaults
continuous-integration/drone/push Build is passing Details
2023-07-31 13:42:52 +02:00
Moritz 24e9571ba1 fix install_apps cmd
continuous-integration/drone/push Build is passing Details
2023-07-19 13:34:50 +02:00
Moritz 6546a05cf9 use standalone authentik secrets
continuous-integration/drone/push Build is passing Details
2023-07-18 16:51:37 +02:00
Philipp Rothmann ad3059d518 chore: publish 5.0.0+27.0.0-fpm release
continuous-integration/drone/push Build is passing Details
2023-07-11 11:33:11 +02:00
14 changed files with 207 additions and 30 deletions
Show Stats Expand all files Collapse all files

16
.drone.yml
View File

@ -31,3 +31,19 @@ steps:
trigger:
branch:
- main
---
kind: pipeline
name: generate recipe catalogue
steps:
- name: release a new version
image: plugins/downstream
settings:
server: https://build.coopcloud.tech
token:
from_secret: drone_abra-bot_token
fork: true
repositories:
- coop-cloud/auto-recipes-catalogue-json
trigger:
event: tag

21
.env.sample
View File

@ -1,5 +1,5 @@
TYPE=nextcloud
TIMEOUT=500
TIMEOUT=900
ENABLE_AUTO_UPDATE=true
DOMAIN=nextcloud.example.com
@ -11,6 +11,8 @@ COMPOSE_FILE="compose.yml"
COMPOSE_FILE="$COMPOSE_FILE:compose.mariadb.yml"
#COMPOSE_FILE="$COMPOSE_FILE:compose.postgres.yml"
#MAX_DB_CONNECTIONS=500
ADMIN_USER=admin
SECRET_DB_ROOT_PASSWORD_VERSION=v1
@ -21,10 +23,10 @@ EXTRA_VOLUME=/dev/null:/tmp/.dummy
PHP_MEMORY_LIMIT=1G
# fpm-tune, see: https://spot13.com/pmcalculator/
FPM_MAX_CHILDREN=131
FPM_START_SERVERS=32
FPM_MIN_SPARE_SERVERS=32
FPM_MAX_SPARE_SERVERS=98
FPM_MAX_CHILDREN=16
FPM_START_SERVERS=4
FPM_MIN_SPARE_SERVERS=4
FPM_MAX_SPARE_SERVERS=12
DEFAULT_QUOTA="10 GB"
@ -48,6 +50,8 @@ DEFAULT_QUOTA="10 GB"
# ONLYOFFICE_URL=https://onlyoffice.example.com
# SECRET_ONLYOFFICE_JWT_VERSION=v1
#
# COLLABORA_URL=https://collabora.example.com
#
# BBB_URL=https://talk.example.org/bigbluebutton/ # trailing slash!
# SECRET_BBB_SECRET_VERSION=v1
#
@ -58,5 +62,8 @@ DEFAULT_QUOTA="10 GB"
# COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml"
# AUTHENTIK_USER_PREFIX=authentik
# AUTHENTIK_DOMAIN=authentik.example.com
# AUTHENTIK_SECRET_NAME=authentik_example_com_nextcloud_secret_v1 # the same as in authentik
# AUTHENTIK_ID_NAME=authentik_example_com_nextcloud_id_v1 # the same as in authentik
# SECRET_AUTHENTIK_SECRET_VERSION=v1
# SECRET_AUTHENTIK_ID_VERSION=v1
#COMPOSE_FILE="$COMPOSE_FILE:compose.fulltextsearch.yml"
#SECRET_ELASTICSEARCH_PASSWORD_VERSION=v1

43
README.md
View File

@ -6,10 +6,10 @@ Fully automated luxury Nextcloud via docker-swarm.
<!-- metadata -->
* **Category**: Apps
* **Status**: 2, beta
* **Status**: 5
* **Image**: [`nextcloud`](https://hub.docker.com/_/nextcloud), 4, upstream
* **Healthcheck**: Yes
* **Backups**: No
* **Backups**: Yes
* **Email**: 3
* **Tests**: 2
* **SSO**: 1 (OAuth)
@ -17,7 +17,6 @@ Fully automated luxury Nextcloud via docker-swarm.
## Quick start
* `abra app new nextcloud`
* `abra app config <app-name>`
* `abra app secret insert <app-name> smtp_password v1 <SMTP_PASSWORD>`
@ -244,3 +243,41 @@ docker exec -u www-data $(docker ps -f name=foo_com_app -q) ./occ preview:pre-ge
```
This app will improve performance of image browsing at the cost of storage space.
## Fulltextsearch using elasticsearch
1. Uncomment the following lines in your env file:
```
#COMPOSE_FILE="$COMPOSE_FILE:compose.fulltextsearch.yml"
#SECRET_ELASTICSEARCH_PASSWORD_VERSION=v1
```
2. Generate the secret for elasticsearch:
```bash
abra app secret generate <domain> elasticsearch_password v1
```
3. Deploy your app:
```bash
abra app deploy <domain>
```
4. Install the apps and configure them:
```
abra app cmd <domain> app install_fulltextsearch
```
5. You might need to configure the files_fulltextsearch app. run this command to check its settings:
```
abra app cmd <domain> app run_occ '"config:list files_fulltextsearch"
```
6. You can check if the nextcloud can connect to elasticsearch:
```
abra app cmd <domain> app run_occ '"fulltextsearch:test"'
```
And you can populate the index manually and check if any errors occur:
```
abra app cmd <domain> app run_occ '"fulltextsearch:index"'
```

20
abra.sh
View File

@ -1,9 +1,10 @@
#!/bin/bash
export FPM_TUNE_VERSION=v5
export NGINX_CONF_VERSION=v4
export MY_CNF_VERSION=v4
export NGINX_CONF_VERSION=v6
export MY_CNF_VERSION=v5
export ENTRYPOINT_VERSION=v3
export CRONTAB_VERSION=v1
run_occ() {
su -p www-data -s /bin/sh -c "/var/www/html/occ $@"
@ -65,6 +66,21 @@ install_onlyoffice() {
set_app_config onlyoffice customizationForcesave true
}
install_collabora() {
install_apps richdocuments
set_app_config richdocuments wopi_url "$COLLABORA_URL"
}
install_fulltextsearch() {
install_apps fulltextsearch
install_apps fulltextsearch_elasticsearch
install_apps files_fulltextsearch
set_app_config fulltextsearch search_platform "OCA\\FullTextSearch_Elasticsearch\\Platform\\ElasticSearchPlatform"
set_app_config fulltextsearch_elasticsearch elastic_host "http://elastic:$(cat /run/secrets/elasticsearch_password)@elasticsearch:9200/"
set_app_config fulltextsearch_elasticsearch elastic_index "nextcloud"
set_app_config files_fulltextsearch files_local "1"
}
set_default_quota() {
set_app_config files default_quota "$DEFAULT_QUOTA"
}

23
alaconnect.yml Normal file
View File

@ -0,0 +1,23 @@
authentik:
uncomment:
- compose.authentik.yml
- AUTHENTIK_USER_PREFIX
- AUTHENTIK_DOMAIN
- SECRET_AUTHENTIK_SECRET_VERSION
- SECRET_AUTHENTIK_ID_VERSION
execute:
- app set_authentik
shared_secrets:
nextcloud_secret: authentik_secret
nextcloud_id: authentik_id
onlyoffice:
uncomment:
- ONLYOFFICE_URL
- SECRET_ONLYOFFICE_JWT_VERSION
execute:
- app install_onlyoffice
collabora:
uncomment:
- COLLABORA_URL
execute:
- app install_collabora

4
compose.authentik.yml
View File

@ -8,7 +8,7 @@ services:
secrets:
authentik_secret:
external: true
name: ${AUTHENTIK_SECRET_NAME}
name: ${STACK_NAME}_authentik_secret_${SECRET_AUTHENTIK_SECRET_VERSION}
authentik_id:
external: true
name: ${AUTHENTIK_ID_NAME}
name: ${STACK_NAME}_authentik_id_${SECRET_AUTHENTIK_ID_VERSION}

55
compose.fulltextsearch.yml Normal file
View File

@ -0,0 +1,55 @@
version: "3.8"
services:
elasticsearch:
image: "docker.elastic.co/elasticsearch/elasticsearch:8.11.3"
environment:
- cluster.name=docker-cluster
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- discovery.type=single-node
# Disable authentication and ssl completely
# - xpack.security.enabled=false
# Use this to enable Basic Authentication:
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=false
- ELASTIC_PASSWORD_FILE=/var/run/secrets/elasticsearch_password
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- elasticsearch:/usr/share/elasticsearch/data
networks:
- internal
secrets:
- source: elasticsearch_password
uid: "1000"
gid: "1000"
mode: 0600
searchindexer:
image: nextcloud:29.0.0-fpm
volumes:
- nextcloud:/var/www/html/
- nextapps:/var/www/html/custom_apps:cached
- nextdata:/var/www/html/data:cached
- nextconfig:/var/www/html/config:cached
- ${EXTRA_VOLUME}
networks:
- internal
entrypoint: su -p www-data -s /bin/sh -c '/var/www/html/occ fulltextsearch:live'
# Add the secret to the app service so it is avaiable in the
# install_fulltextsearch command
app:
secrets:
- elasticsearch_password
secrets:
elasticsearch_password:
external: true
name: ${STACK_NAME}_elasticsearch_password_${SECRET_ELASTICSEARCH_PASSWORD_VERSION}
volumes:
elasticsearch:

7
compose.mariadb.yml
View File

@ -15,6 +15,7 @@ services:
- MYSQL_USER=nextcloud
- MYSQL_PASSWORD_FILE=/run/secrets/db_password
- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
- MAX_DB_CONNECTIONS=${MAX_DB_CONNECTIONS:-100}
configs:
- source: my_tune
target: /etc/mysql/conf.d/my-tune.cnf
@ -41,6 +42,12 @@ configs:
my_tune:
name: ${STACK_NAME}_my_cnf_${MY_CNF_VERSION}
file: my-tune.cnf
template_driver: golang
secrets:
db_root_password:
external: true
name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
volumes:
mariadb:

1
compose.postgres.yml
View File

@ -11,6 +11,7 @@ services:
db:
image: "postgres:12"
command: -c "max_connections=${MAX_DB_CONNECTIONS:-100}"
volumes:
- "postgres:/var/lib/postgresql/data"
networks:

27
compose.yml
View File

@ -1,7 +1,9 @@
version: "3.8"
services:
web:
image: nginx:1.25.0
image: nginx:1.26.0
depends_on:
- app
configs:
- source: nginx_conf
target: /etc/nginx/nginx.conf
@ -33,6 +35,9 @@ services:
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
- "caddy=${DOMAIN}"
- "caddy.reverse_proxy={{upstreams 80}}"
- "caddy.tls.on_demand="
healthcheck:
test: ["CMD-SHELL", 'curl -s -N curl -Ns localhost/status.php | grep "installed\":true"']
interval: 30s
@ -41,7 +46,7 @@ services:
start_period: 5m
app:
image: nextcloud:26.0.2-fpm
image: nextcloud:29.0.0-fpm
depends_on:
- db
configs:
@ -86,7 +91,7 @@ services:
failure_action: rollback
order: start-first
labels:
- "coop-cloud.${STACK_NAME}.version=4.0.7+26.0.2-fpm"
- "coop-cloud.${STACK_NAME}.version=7.0.0+29.0.0-fpm"
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
- "backupbot.backup=true"
- "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/"
@ -95,10 +100,10 @@ services:
interval: 30s
timeout: 10s
retries: 10
start_period: 5m
start_period: 15m
cron:
image: nextcloud:26.0.2-fpm
image: nextcloud:29.0.0-fpm
volumes:
- nextcloud:/var/www/html/
- nextapps:/var/www/html/custom_apps:cached
@ -108,9 +113,13 @@ services:
networks:
- internal
entrypoint: /cron.sh
configs:
- source: crontab
target: /var/spool/cron/crontabs/www-data
cache:
image: redis:7.0.11-alpine
image: redis:7.2.4-alpine
networks:
- internal
volumes:
@ -122,9 +131,6 @@ services:
retries: 20
secrets:
db_root_password:
external: true
name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
db_password:
external: true
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
@ -153,6 +159,9 @@ configs:
name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
file: entrypoint.sh.tmpl
template_driver: golang
crontab:
name: ${STACK_NAME}_crontab_${CRONTAB_VERSION}
file: crontab
networks:
proxy:

1
crontab Normal file
View File

@ -0,0 +1 @@
*/5 * * * * php -d memory_limit=1G -f /var/www/html/cron.php

2
my-tune.cnf
View File

@ -13,7 +13,7 @@ key_buffer_size = 16M
innodb_log_file_size = 256M
long_query_time = 1
max_allowed_packet = 256M
max_connections = 100
max_connections = {{ env "MAX_DB_CONNECTIONS" }}
max_heap_table_size = 64M
max_user_connections = 0
myisam_recover_options = BACKUP

16
nginx.conf.tmpl
View File

@ -11,6 +11,10 @@ events {
http {
include /etc/nginx/mime.types;
# See https://github.com/nextcloud/forms/issues/1838#issuecomment-1860497200
types {
application/javascript js mjs;
}
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
@ -59,12 +63,12 @@ http {
#pagespeed off;
# HTTP response headers borrowed from Nextcloud `.htaccess`
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-XSS-Protection "1; mode=block" always;
{{ if eq (env "X_FRAME_OPTIONS_ENABLED") "1" }}
add_header Content-Security-Policy "frame-ancestors {{ env "X_FRAME_OPTIONS_ALLOW_FROM" }} {{ env "DOMAIN" }}";

1
release/5.0.1+27.0.1-fpm Normal file
View File

@ -0,0 +1 @@
The authentik secrets need to be inserted again, as nextcloud is not sharing the secret with authentik any more.