Compare commits
32 Commits
4.0.7+26.0
...
main
Author | SHA1 | Date |
---|---|---|
Moritz | 7a64d3c6a7 | |
3wc | bb781e654b | |
Moritz | cb5cd5f7b2 | |
3wc | 0a3e943b26 | |
3wc | 4f1aaf5d1d | |
3wc | 019b71fde1 | |
3wc | 7527399da0 | |
3wc | 94e84122ed | |
p4u1 | 0d9ab936a0 | |
iexos | 09ec6f842c | |
3wc | b5d40aa428 | |
Moritz | eead80b60a | |
3wc | 24670cdb6b | |
3wc | 7e4ab9288c | |
p4u1 | 199bf61300 | |
p4u1 | 99514b5991 | |
p4u1 | eefb14e150 | |
iexos | a34e100bd7 | |
p4u1 | 24ca6b22bc | |
Moritz | c4ea5e053e | |
Moritz | 9d2e5cc05b | |
Moritz | 72bb75a49f | |
3wc | 5014bcb276 | |
Moritz | 88fc62bcd0 | |
3wc | c54b975654 | |
3wc | e9a602cc78 | |
3wc | 90c7b87655 | |
3wc | 3a8c203b51 | |
Philipp Rothmann | 634a3553b9 | |
Moritz | 24e9571ba1 | |
Moritz | 6546a05cf9 | |
Philipp Rothmann | ad3059d518 |
16
.drone.yml
16
.drone.yml
|
@ -31,3 +31,19 @@ steps:
|
|||
trigger:
|
||||
branch:
|
||||
- main
|
||||
---
|
||||
kind: pipeline
|
||||
name: generate recipe catalogue
|
||||
steps:
|
||||
- name: release a new version
|
||||
image: plugins/downstream
|
||||
settings:
|
||||
server: https://build.coopcloud.tech
|
||||
token:
|
||||
from_secret: drone_abra-bot_token
|
||||
fork: true
|
||||
repositories:
|
||||
- coop-cloud/auto-recipes-catalogue-json
|
||||
|
||||
trigger:
|
||||
event: tag
|
||||
|
|
21
.env.sample
21
.env.sample
|
@ -1,5 +1,5 @@
|
|||
TYPE=nextcloud
|
||||
TIMEOUT=500
|
||||
TIMEOUT=900
|
||||
ENABLE_AUTO_UPDATE=true
|
||||
|
||||
DOMAIN=nextcloud.example.com
|
||||
|
@ -11,6 +11,8 @@ COMPOSE_FILE="compose.yml"
|
|||
COMPOSE_FILE="$COMPOSE_FILE:compose.mariadb.yml"
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.postgres.yml"
|
||||
|
||||
#MAX_DB_CONNECTIONS=500
|
||||
|
||||
ADMIN_USER=admin
|
||||
|
||||
SECRET_DB_ROOT_PASSWORD_VERSION=v1
|
||||
|
@ -21,10 +23,10 @@ EXTRA_VOLUME=/dev/null:/tmp/.dummy
|
|||
|
||||
PHP_MEMORY_LIMIT=1G
|
||||
# fpm-tune, see: https://spot13.com/pmcalculator/
|
||||
FPM_MAX_CHILDREN=131
|
||||
FPM_START_SERVERS=32
|
||||
FPM_MIN_SPARE_SERVERS=32
|
||||
FPM_MAX_SPARE_SERVERS=98
|
||||
FPM_MAX_CHILDREN=16
|
||||
FPM_START_SERVERS=4
|
||||
FPM_MIN_SPARE_SERVERS=4
|
||||
FPM_MAX_SPARE_SERVERS=12
|
||||
|
||||
DEFAULT_QUOTA="10 GB"
|
||||
|
||||
|
@ -48,6 +50,8 @@ DEFAULT_QUOTA="10 GB"
|
|||
# ONLYOFFICE_URL=https://onlyoffice.example.com
|
||||
# SECRET_ONLYOFFICE_JWT_VERSION=v1
|
||||
#
|
||||
# COLLABORA_URL=https://collabora.example.com
|
||||
#
|
||||
# BBB_URL=https://talk.example.org/bigbluebutton/ # trailing slash!
|
||||
# SECRET_BBB_SECRET_VERSION=v1
|
||||
#
|
||||
|
@ -58,5 +62,8 @@ DEFAULT_QUOTA="10 GB"
|
|||
# COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml"
|
||||
# AUTHENTIK_USER_PREFIX=authentik
|
||||
# AUTHENTIK_DOMAIN=authentik.example.com
|
||||
# AUTHENTIK_SECRET_NAME=authentik_example_com_nextcloud_secret_v1 # the same as in authentik
|
||||
# AUTHENTIK_ID_NAME=authentik_example_com_nextcloud_id_v1 # the same as in authentik
|
||||
# SECRET_AUTHENTIK_SECRET_VERSION=v1
|
||||
# SECRET_AUTHENTIK_ID_VERSION=v1
|
||||
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.fulltextsearch.yml"
|
||||
#SECRET_ELASTICSEARCH_PASSWORD_VERSION=v1
|
||||
|
|
43
README.md
43
README.md
|
@ -6,10 +6,10 @@ Fully automated luxury Nextcloud via docker-swarm.
|
|||
|
||||
<!-- metadata -->
|
||||
* **Category**: Apps
|
||||
* **Status**: 2, beta
|
||||
* **Status**: 5
|
||||
* **Image**: [`nextcloud`](https://hub.docker.com/_/nextcloud), 4, upstream
|
||||
* **Healthcheck**: Yes
|
||||
* **Backups**: No
|
||||
* **Backups**: Yes
|
||||
* **Email**: 3
|
||||
* **Tests**: 2
|
||||
* **SSO**: 1 (OAuth)
|
||||
|
@ -17,7 +17,6 @@ Fully automated luxury Nextcloud via docker-swarm.
|
|||
|
||||
## Quick start
|
||||
|
||||
|
||||
* `abra app new nextcloud`
|
||||
* `abra app config <app-name>`
|
||||
* `abra app secret insert <app-name> smtp_password v1 <SMTP_PASSWORD>`
|
||||
|
@ -244,3 +243,41 @@ docker exec -u www-data $(docker ps -f name=foo_com_app -q) ./occ preview:pre-ge
|
|||
```
|
||||
|
||||
This app will improve performance of image browsing at the cost of storage space.
|
||||
|
||||
## Fulltextsearch using elasticsearch
|
||||
|
||||
1. Uncomment the following lines in your env file:
|
||||
```
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.fulltextsearch.yml"
|
||||
#SECRET_ELASTICSEARCH_PASSWORD_VERSION=v1
|
||||
```
|
||||
|
||||
2. Generate the secret for elasticsearch:
|
||||
```bash
|
||||
abra app secret generate <domain> elasticsearch_password v1
|
||||
```
|
||||
|
||||
3. Deploy your app:
|
||||
```bash
|
||||
abra app deploy <domain>
|
||||
```
|
||||
|
||||
4. Install the apps and configure them:
|
||||
```
|
||||
abra app cmd <domain> app install_fulltextsearch
|
||||
```
|
||||
|
||||
5. You might need to configure the files_fulltextsearch app. run this command to check its settings:
|
||||
```
|
||||
abra app cmd <domain> app run_occ '"config:list files_fulltextsearch"
|
||||
```
|
||||
|
||||
6. You can check if the nextcloud can connect to elasticsearch:
|
||||
```
|
||||
abra app cmd <domain> app run_occ '"fulltextsearch:test"'
|
||||
```
|
||||
|
||||
And you can populate the index manually and check if any errors occur:
|
||||
```
|
||||
abra app cmd <domain> app run_occ '"fulltextsearch:index"'
|
||||
```
|
||||
|
|
20
abra.sh
20
abra.sh
|
@ -1,9 +1,10 @@
|
|||
#!/bin/bash
|
||||
|
||||
export FPM_TUNE_VERSION=v5
|
||||
export NGINX_CONF_VERSION=v4
|
||||
export MY_CNF_VERSION=v4
|
||||
export NGINX_CONF_VERSION=v6
|
||||
export MY_CNF_VERSION=v5
|
||||
export ENTRYPOINT_VERSION=v3
|
||||
export CRONTAB_VERSION=v1
|
||||
|
||||
run_occ() {
|
||||
su -p www-data -s /bin/sh -c "/var/www/html/occ $@"
|
||||
|
@ -65,6 +66,21 @@ install_onlyoffice() {
|
|||
set_app_config onlyoffice customizationForcesave true
|
||||
}
|
||||
|
||||
install_collabora() {
|
||||
install_apps richdocuments
|
||||
set_app_config richdocuments wopi_url "$COLLABORA_URL"
|
||||
}
|
||||
|
||||
install_fulltextsearch() {
|
||||
install_apps fulltextsearch
|
||||
install_apps fulltextsearch_elasticsearch
|
||||
install_apps files_fulltextsearch
|
||||
set_app_config fulltextsearch search_platform "OCA\\FullTextSearch_Elasticsearch\\Platform\\ElasticSearchPlatform"
|
||||
set_app_config fulltextsearch_elasticsearch elastic_host "http://elastic:$(cat /run/secrets/elasticsearch_password)@elasticsearch:9200/"
|
||||
set_app_config fulltextsearch_elasticsearch elastic_index "nextcloud"
|
||||
set_app_config files_fulltextsearch files_local "1"
|
||||
}
|
||||
|
||||
set_default_quota() {
|
||||
set_app_config files default_quota "$DEFAULT_QUOTA"
|
||||
}
|
||||
|
|
|
@ -0,0 +1,23 @@
|
|||
authentik:
|
||||
uncomment:
|
||||
- compose.authentik.yml
|
||||
- AUTHENTIK_USER_PREFIX
|
||||
- AUTHENTIK_DOMAIN
|
||||
- SECRET_AUTHENTIK_SECRET_VERSION
|
||||
- SECRET_AUTHENTIK_ID_VERSION
|
||||
execute:
|
||||
- app set_authentik
|
||||
shared_secrets:
|
||||
nextcloud_secret: authentik_secret
|
||||
nextcloud_id: authentik_id
|
||||
onlyoffice:
|
||||
uncomment:
|
||||
- ONLYOFFICE_URL
|
||||
- SECRET_ONLYOFFICE_JWT_VERSION
|
||||
execute:
|
||||
- app install_onlyoffice
|
||||
collabora:
|
||||
uncomment:
|
||||
- COLLABORA_URL
|
||||
execute:
|
||||
- app install_collabora
|
|
@ -8,7 +8,7 @@ services:
|
|||
secrets:
|
||||
authentik_secret:
|
||||
external: true
|
||||
name: ${AUTHENTIK_SECRET_NAME}
|
||||
name: ${STACK_NAME}_authentik_secret_${SECRET_AUTHENTIK_SECRET_VERSION}
|
||||
authentik_id:
|
||||
external: true
|
||||
name: ${AUTHENTIK_ID_NAME}
|
||||
name: ${STACK_NAME}_authentik_id_${SECRET_AUTHENTIK_ID_VERSION}
|
||||
|
|
|
@ -0,0 +1,55 @@
|
|||
version: "3.8"
|
||||
|
||||
services:
|
||||
elasticsearch:
|
||||
image: "docker.elastic.co/elasticsearch/elasticsearch:8.11.3"
|
||||
environment:
|
||||
- cluster.name=docker-cluster
|
||||
- bootstrap.memory_lock=true
|
||||
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
|
||||
- discovery.type=single-node
|
||||
# Disable authentication and ssl completely
|
||||
# - xpack.security.enabled=false
|
||||
# Use this to enable Basic Authentication:
|
||||
- xpack.security.enabled=true
|
||||
- xpack.security.http.ssl.enabled=false
|
||||
- ELASTIC_PASSWORD_FILE=/var/run/secrets/elasticsearch_password
|
||||
ulimits:
|
||||
memlock:
|
||||
soft: -1
|
||||
hard: -1
|
||||
volumes:
|
||||
- elasticsearch:/usr/share/elasticsearch/data
|
||||
networks:
|
||||
- internal
|
||||
secrets:
|
||||
- source: elasticsearch_password
|
||||
uid: "1000"
|
||||
gid: "1000"
|
||||
mode: 0600
|
||||
|
||||
searchindexer:
|
||||
image: nextcloud:29.0.0-fpm
|
||||
volumes:
|
||||
- nextcloud:/var/www/html/
|
||||
- nextapps:/var/www/html/custom_apps:cached
|
||||
- nextdata:/var/www/html/data:cached
|
||||
- nextconfig:/var/www/html/config:cached
|
||||
- ${EXTRA_VOLUME}
|
||||
networks:
|
||||
- internal
|
||||
entrypoint: su -p www-data -s /bin/sh -c '/var/www/html/occ fulltextsearch:live'
|
||||
|
||||
# Add the secret to the app service so it is avaiable in the
|
||||
# install_fulltextsearch command
|
||||
app:
|
||||
secrets:
|
||||
- elasticsearch_password
|
||||
|
||||
secrets:
|
||||
elasticsearch_password:
|
||||
external: true
|
||||
name: ${STACK_NAME}_elasticsearch_password_${SECRET_ELASTICSEARCH_PASSWORD_VERSION}
|
||||
|
||||
volumes:
|
||||
elasticsearch:
|
|
@ -15,6 +15,7 @@ services:
|
|||
- MYSQL_USER=nextcloud
|
||||
- MYSQL_PASSWORD_FILE=/run/secrets/db_password
|
||||
- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
|
||||
- MAX_DB_CONNECTIONS=${MAX_DB_CONNECTIONS:-100}
|
||||
configs:
|
||||
- source: my_tune
|
||||
target: /etc/mysql/conf.d/my-tune.cnf
|
||||
|
@ -41,6 +42,12 @@ configs:
|
|||
my_tune:
|
||||
name: ${STACK_NAME}_my_cnf_${MY_CNF_VERSION}
|
||||
file: my-tune.cnf
|
||||
template_driver: golang
|
||||
|
||||
secrets:
|
||||
db_root_password:
|
||||
external: true
|
||||
name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
|
||||
|
||||
volumes:
|
||||
mariadb:
|
||||
|
|
|
@ -11,6 +11,7 @@ services:
|
|||
|
||||
db:
|
||||
image: "postgres:12"
|
||||
command: -c "max_connections=${MAX_DB_CONNECTIONS:-100}"
|
||||
volumes:
|
||||
- "postgres:/var/lib/postgresql/data"
|
||||
networks:
|
||||
|
|
27
compose.yml
27
compose.yml
|
@ -1,7 +1,9 @@
|
|||
version: "3.8"
|
||||
services:
|
||||
web:
|
||||
image: nginx:1.25.0
|
||||
image: nginx:1.26.0
|
||||
depends_on:
|
||||
- app
|
||||
configs:
|
||||
- source: nginx_conf
|
||||
target: /etc/nginx/nginx.conf
|
||||
|
@ -33,6 +35,9 @@ services:
|
|||
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||
- "caddy=${DOMAIN}"
|
||||
- "caddy.reverse_proxy={{upstreams 80}}"
|
||||
- "caddy.tls.on_demand="
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", 'curl -s -N curl -Ns localhost/status.php | grep "installed\":true"']
|
||||
interval: 30s
|
||||
|
@ -41,7 +46,7 @@ services:
|
|||
start_period: 5m
|
||||
|
||||
app:
|
||||
image: nextcloud:26.0.2-fpm
|
||||
image: nextcloud:29.0.0-fpm
|
||||
depends_on:
|
||||
- db
|
||||
configs:
|
||||
|
@ -86,7 +91,7 @@ services:
|
|||
failure_action: rollback
|
||||
order: start-first
|
||||
labels:
|
||||
- "coop-cloud.${STACK_NAME}.version=4.0.7+26.0.2-fpm"
|
||||
- "coop-cloud.${STACK_NAME}.version=7.0.0+29.0.0-fpm"
|
||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
||||
- "backupbot.backup=true"
|
||||
- "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/"
|
||||
|
@ -95,10 +100,10 @@ services:
|
|||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 10
|
||||
start_period: 5m
|
||||
start_period: 15m
|
||||
|
||||
cron:
|
||||
image: nextcloud:26.0.2-fpm
|
||||
image: nextcloud:29.0.0-fpm
|
||||
volumes:
|
||||
- nextcloud:/var/www/html/
|
||||
- nextapps:/var/www/html/custom_apps:cached
|
||||
|
@ -108,9 +113,13 @@ services:
|
|||
networks:
|
||||
- internal
|
||||
entrypoint: /cron.sh
|
||||
configs:
|
||||
- source: crontab
|
||||
target: /var/spool/cron/crontabs/www-data
|
||||
|
||||
|
||||
cache:
|
||||
image: redis:7.0.11-alpine
|
||||
image: redis:7.2.4-alpine
|
||||
networks:
|
||||
- internal
|
||||
volumes:
|
||||
|
@ -122,9 +131,6 @@ services:
|
|||
retries: 20
|
||||
|
||||
secrets:
|
||||
db_root_password:
|
||||
external: true
|
||||
name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
|
||||
db_password:
|
||||
external: true
|
||||
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
|
||||
|
@ -153,6 +159,9 @@ configs:
|
|||
name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
|
||||
file: entrypoint.sh.tmpl
|
||||
template_driver: golang
|
||||
crontab:
|
||||
name: ${STACK_NAME}_crontab_${CRONTAB_VERSION}
|
||||
file: crontab
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
*/5 * * * * php -d memory_limit=1G -f /var/www/html/cron.php
|
|
@ -13,7 +13,7 @@ key_buffer_size = 16M
|
|||
innodb_log_file_size = 256M
|
||||
long_query_time = 1
|
||||
max_allowed_packet = 256M
|
||||
max_connections = 100
|
||||
max_connections = {{ env "MAX_DB_CONNECTIONS" }}
|
||||
max_heap_table_size = 64M
|
||||
max_user_connections = 0
|
||||
myisam_recover_options = BACKUP
|
||||
|
|
|
@ -11,6 +11,10 @@ events {
|
|||
|
||||
http {
|
||||
include /etc/nginx/mime.types;
|
||||
# See https://github.com/nextcloud/forms/issues/1838#issuecomment-1860497200
|
||||
types {
|
||||
application/javascript js mjs;
|
||||
}
|
||||
default_type application/octet-stream;
|
||||
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
|
@ -59,12 +63,12 @@ http {
|
|||
#pagespeed off;
|
||||
|
||||
# HTTP response headers borrowed from Nextcloud `.htaccess`
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Download-Options "noopen" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "none" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Download-Options "noopen" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "noindex, nofollow" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
|
||||
{{ if eq (env "X_FRAME_OPTIONS_ENABLED") "1" }}
|
||||
add_header Content-Security-Policy "frame-ancestors {{ env "X_FRAME_OPTIONS_ALLOW_FROM" }} {{ env "DOMAIN" }}";
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
The authentik secrets need to be inserted again, as nextcloud is not sharing the secret with authentik any more.
|
Loading…
Reference in New Issue