coop-cloud/nextcloud
6
3
Fork 7
Code Issues 11 Pull Requests 2 Releases Wiki Activity

Compare commits

base: coop-cloud:add-theming
Branches Tags
coop-cloud:main coop-cloud:feature/nextcloudTalkHPB coop-cloud:feature/imaginary coop-cloud:kc_stable coop-cloud:nextcloud-v28 coop-cloud:add-theming-v28.0.5 coop-cloud:add-theming coop-cloud:update-nginx-conf coop-cloud:split-bbb-onlyoffice-compos coop-cloud:split-onlyoffice-bbb-config coop-cloud:authentik_sso coop-cloud:healthchecks coop-cloud:occ_cmds coop-cloud:auto_app_install coop-cloud:embed_nextcloud_in_iframe coop-cloud:auto_configure_sso coop-cloud:add-postgres-db
coop-cloud:12.0.1+31.0.6-fpm coop-cloud:12.0.0+31.0.6-fpm coop-cloud:11.4.0+30.0.6-fpm coop-cloud:11.4.0+30.0.10-fpm coop-cloud:11.3.0+30.0.6-fpm coop-cloud:11.2.0+30.0.6-fpm coop-cloud:11.1.0+30.0.6-fpm coop-cloud:11.0.1+30.0.4-fpm coop-cloud:11.0.0+30.0.4-fpm coop-cloud:10.0.0+30.0.4-fpm coop-cloud:9.2.0+29.0.8-fpm coop-cloud:6.0.11+28.0.10-fpm coop-cloud:6.0.10+28.0.10-fpm coop-cloud:6.0.9+28.0.10-fpm coop-cloud:9.1.2+29.0.5-fpm coop-cloud:6.0.8+28.0.5-fpm coop-cloud:6.0.7+28.0.5-fpm coop-cloud:9.1.0+29.0.5-fpm coop-cloud:9.0.0+29.0.5-fpm coop-cloud:6.0.6+28.0.5-fpm coop-cloud:8.0.1+29.0.3-fpm coop-cloud:8.0.0+29.0.1-fpm coop-cloud:7.0.3+29.0.1-fpm coop-cloud:6.0.5+28.0.5-fpm coop-cloud:7.0.2+29.0.1-fpm coop-cloud:7.0.1+29.0.1-fpm coop-cloud:7.0.0+29.0.0-fpm coop-cloud:6.0.4+28.0.5-fpm coop-cloud:6.0.3+28.0.5-fpm coop-cloud:6.0.2+28.0.5-fpm coop-cloud:5.0.3+27.0.1-fpm coop-cloud:6.0.1+28.0.2-fpm coop-cloud:6.0.0+28.0.1-fpm coop-cloud:5.2.0+27.1.5-fpm coop-cloud:5.1.1+27.1.5-fpm coop-cloud:5.1.0+27.1.3-fpm coop-cloud:5.0.2+27.0.1-fpm coop-cloud:5.0.1+27.0.1-fpm coop-cloud:5.0.0+27.0.0-fpm coop-cloud:4.0.7+26.0.2-fpm coop-cloud:4.0.6+26.0.2-fpm coop-cloud:4.0.5+26.0.2-fpm coop-cloud:4.0.4+26.0.2-fpm coop-cloud:4.0.3+26.0.2-fpm coop-cloud:4.0.2+26.0.2-fpm coop-cloud:4.0.1+26.0.1-fpm coop-cloud:4.0.0+26.0.1-fpm coop-cloud:3.3.2+25.0.6-fpm coop-cloud:3.3.1+25.0.5-fpm coop-cloud:3.3.0+25.0.5-fpm coop-cloud:3.2.0+25.0.4-fpm coop-cloud:3.1.2+25.0.4-fpm coop-cloud:3.1.1+25.0.1-fpm coop-cloud:3.1.0+25.0.1-fpm coop-cloud:3.0.1+25.0.1-fpm coop-cloud:3.0.0+25.0.1-fpm coop-cloud:2.1.4+24.0.6-fpm coop-cloud:2.1.3+24.0.5-fpm coop-cloud:2.1.2+24.0.3-fpm coop-cloud:2.1.1+24.0.2-fpm coop-cloud:2.1.0+24.0.0-fpm coop-cloud:2.0.0+23.0.4-fpm coop-cloud:1.0.0+23.0.1-fpm
..
compare: coop-cloud:feature/nextcloudTalkHPB
Branches Tags
coop-cloud:feature/nextcloudTalkHPB coop-cloud:main coop-cloud:feature/imaginary coop-cloud:kc_stable coop-cloud:nextcloud-v28 coop-cloud:add-theming-v28.0.5 coop-cloud:add-theming coop-cloud:update-nginx-conf coop-cloud:split-bbb-onlyoffice-compos coop-cloud:split-onlyoffice-bbb-config coop-cloud:authentik_sso coop-cloud:healthchecks coop-cloud:occ_cmds coop-cloud:auto_app_install coop-cloud:embed_nextcloud_in_iframe coop-cloud:auto_configure_sso coop-cloud:add-postgres-db
coop-cloud:12.0.1+31.0.6-fpm coop-cloud:12.0.0+31.0.6-fpm coop-cloud:11.4.0+30.0.6-fpm coop-cloud:11.4.0+30.0.10-fpm coop-cloud:11.3.0+30.0.6-fpm coop-cloud:11.2.0+30.0.6-fpm coop-cloud:11.1.0+30.0.6-fpm coop-cloud:11.0.1+30.0.4-fpm coop-cloud:11.0.0+30.0.4-fpm coop-cloud:10.0.0+30.0.4-fpm coop-cloud:9.2.0+29.0.8-fpm coop-cloud:6.0.11+28.0.10-fpm coop-cloud:6.0.10+28.0.10-fpm coop-cloud:6.0.9+28.0.10-fpm coop-cloud:9.1.2+29.0.5-fpm coop-cloud:6.0.8+28.0.5-fpm coop-cloud:6.0.7+28.0.5-fpm coop-cloud:9.1.0+29.0.5-fpm coop-cloud:9.0.0+29.0.5-fpm coop-cloud:6.0.6+28.0.5-fpm coop-cloud:8.0.1+29.0.3-fpm coop-cloud:8.0.0+29.0.1-fpm coop-cloud:7.0.3+29.0.1-fpm coop-cloud:6.0.5+28.0.5-fpm coop-cloud:7.0.2+29.0.1-fpm coop-cloud:7.0.1+29.0.1-fpm coop-cloud:7.0.0+29.0.0-fpm coop-cloud:6.0.4+28.0.5-fpm coop-cloud:6.0.3+28.0.5-fpm coop-cloud:6.0.2+28.0.5-fpm coop-cloud:5.0.3+27.0.1-fpm coop-cloud:6.0.1+28.0.2-fpm coop-cloud:6.0.0+28.0.1-fpm coop-cloud:5.2.0+27.1.5-fpm coop-cloud:5.1.1+27.1.5-fpm coop-cloud:5.1.0+27.1.3-fpm coop-cloud:5.0.2+27.0.1-fpm coop-cloud:5.0.1+27.0.1-fpm coop-cloud:5.0.0+27.0.0-fpm coop-cloud:4.0.7+26.0.2-fpm coop-cloud:4.0.6+26.0.2-fpm coop-cloud:4.0.5+26.0.2-fpm coop-cloud:4.0.4+26.0.2-fpm coop-cloud:4.0.3+26.0.2-fpm coop-cloud:4.0.2+26.0.2-fpm coop-cloud:4.0.1+26.0.1-fpm coop-cloud:4.0.0+26.0.1-fpm coop-cloud:3.3.2+25.0.6-fpm coop-cloud:3.3.1+25.0.5-fpm coop-cloud:3.3.0+25.0.5-fpm coop-cloud:3.2.0+25.0.4-fpm coop-cloud:3.1.2+25.0.4-fpm coop-cloud:3.1.1+25.0.1-fpm coop-cloud:3.1.0+25.0.1-fpm coop-cloud:3.0.1+25.0.1-fpm coop-cloud:3.0.0+25.0.1-fpm coop-cloud:2.1.4+24.0.6-fpm coop-cloud:2.1.3+24.0.5-fpm coop-cloud:2.1.2+24.0.3-fpm coop-cloud:2.1.1+24.0.2-fpm coop-cloud:2.1.0+24.0.0-fpm coop-cloud:2.0.0+23.0.4-fpm coop-cloud:1.0.0+23.0.1-fpm

42 Commits
add-themin ... feature/ne

Author SHA1 Message Date
Apfelwurm
d4371b4afb Implement NC Talk High Performance Backend
Some checks failed
continuous-integration/drone/pr Build is failing
Details
2025-12-06 03:45:55 +01:00
ammaratef45
aa3ab83a38 Merge pull request 'remove post_install_occ' (#55) from improve_readme into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #55
 2025-10-30 17:38:15 +00:00
Ammar Hussein
dbdf6227e1 remove post_install_occ
Some checks failed
continuous-integration/drone/pr Build is failing
Details
2025-10-17 19:05:03 -07:00
ammaratef45
e83ae638eb Merge pull request 'make maximum upload size configurable' (#53) from uploadLimit into main 
Reviewed-on: #53
Reviewed-by: 3wordchant <3wordchant@noreply.git.coopcloud.tech>
Reviewed-by: decentral1se <decentral1se@noreply.git.coopcloud.tech>
 2025-09-09 20:43:13 +00:00
ammaratef45
96e9a224f3 Merge branch 'main' into uploadLimit 2025-09-09 20:42:54 +00:00
3wordchant
afee08ae4d Merge pull request 'Make INNODB_BUFFER_POOL_SIZE configurable' (#51) from feature/innodb-buffer-tune into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #51
Reviewed-by: ammaratef45 <ammaratef45@proton.me>
 2025-09-09 20:17:59 +00:00
Ammar Hussein
5f05ab8f42 make maximum upload size configurable
Some checks failed
continuous-integration/drone/pr Build is failing
Details
2025-09-09 12:53:37 -07:00
ammaratef45
65d5af91bc Merge branch 'main' into feature/innodb-buffer-tune
Some checks failed
continuous-integration/drone/pr Build is failing
Details
2025-09-09 19:46:26 +00:00
ammaratef45
93037e1a35 Merge pull request 'fix supporting multiple domains' (#52) from sslhost into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #52
Reviewed-by: 3wordchant <3wordchant@noreply.git.coopcloud.tech>
 2025-09-08 13:38:09 +00:00
Ammar Hussein
9986e87db5 fix supporting multiple domains
Some checks failed
continuous-integration/drone/pr Build is failing
Details
2025-09-07 14:41:53 -07:00
3wc
42c90cce21 Add configurable INNODB_BUFFER_POOL_SIZE
Some checks failed
continuous-integration/drone/pr Build is failing
Details
2025-09-01 00:15:52 -04:00
knoflook
8c5d843ba4 chore: publish 12.0.1+31.0.6-fpm release
All checks were successful
continuous-integration/drone/tag Build is passing
Details
continuous-integration/drone/push Build is passing
Details
2025-07-24 17:28:53 +02:00
Ammar Hussein
7074744ba8 chore: publish 12.0.1+31.0.6-fpm release
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-07-09 10:51:04 -07:00
ammaratef45
cb0a103e04 Merge pull request 'add OVERWRITECLIURL' (#49) from clioverwrite into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #49
 2025-07-09 17:24:09 +00:00
Ammar Hussein
ff6873a52c add OVERWRITECLIURL
Some checks failed
continuous-integration/drone/pr Build is failing
Details
2025-07-06 15:44:19 -07:00
carla
9408a6ab81 chore: publish 12.0.0+31.0.6-fpm release
All checks were successful
continuous-integration/drone/tag Build is passing
Details
continuous-integration/drone/push Build is passing
Details
2025-07-03 14:58:09 +02:00
Ammar Hussein
c4bb6d0932 chore: publish 11.4.0+30.0.6-fpm release
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2025-06-18 17:34:48 -07:00
ammaratef45
7a6256f78d Merge pull request 'Add HSTS headers' (#48) from hsts into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #48
Reviewed-by: moritz <moritz@noreply.git.coopcloud.tech>
 2025-06-19 00:32:01 +00:00
Ammar Hussein
8be413fe71 pump up the config version
Some checks failed
continuous-integration/drone/pr Build is failing
Details
2025-06-18 16:07:22 -07:00
Ammar Hussein
af36d22633 Add HSTS headers
Some checks failed
continuous-integration/drone/pr Build is failing
Details
2025-06-18 12:13:44 -07:00
p4u1
85e5070b8d docs: Adds troubleshooting section for fulltextsearch
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-05-23 15:32:02 +02:00
Simon
36615bc097 chore: publish 11.3.0+30.0.6-fpm release
All checks were successful
continuous-integration/drone/tag Build is passing
Details
continuous-integration/drone/push Build is passing
Details
2025-05-20 18:20:05 +02:00
Simon
a3cd6741eb improve secret handling for whiteboard 2025-05-20 18:17:46 +02:00
Simon
cb453e884d chore: publish 11.2.0+30.0.6-fpm release
All checks were successful
continuous-integration/drone/tag Build is passing
Details
continuous-integration/drone/push Build is passing
Details
2025-05-13 23:59:33 +02:00
Simon
267f3cbb78 chore: publish 11.1.0+30.0.6-fpm release
All checks were successful
continuous-integration/drone/tag Build is passing
Details
continuous-integration/drone/push Build is passing
Details
2025-02-15 14:43:25 +01:00
iexos
b0c4f06af1 chore: publish 11.0.1+30.0.4-fpm release
All checks were successful
continuous-integration/drone/tag Build is passing
Details
continuous-integration/drone/push Build is passing
Details
2025-02-03 13:37:05 +01:00
iexos
750477a409 fix mariadb backup label 2025-02-03 13:19:08 +01:00
Cassowary
7a7da21544 Update .drone.yml
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-01-08 10:09:13 -08:00
marlon
d72a8fdcdb Merge pull request 'upgrade to mariadb 11.4' (#45) from MIR/nextcloud:main into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #45
 2024-12-22 21:32:37 +00:00
marlon
7aa4e15034 upgrade to mariadb 11.4
Some checks failed
continuous-integration/drone/pr Build is failing
Details
continuous-integration/drone/tag Build is passing
Details
2024-12-21 16:56:09 -05:00
Steven Sting
0c5b05957c chore: publish 10.0.0+30.0.4-fpm release
All checks were successful
continuous-integration/drone/tag Build is passing
Details
continuous-integration/drone/push Build is passing
Details
2024-12-20 16:50:42 +01:00
Moritz
d8cb3719e2 fix authentik logout url
All checks were successful
continuous-integration/drone/push Build is passing
Details
2024-12-03 22:34:12 +01:00
p4u1
bbc834a62d chore: publish 9.2.0+29.0.8-fpm release
All checks were successful
continuous-integration/drone/tag Build is passing
Details
continuous-integration/drone/push Build is passing
Details
2024-11-08 15:23:34 +01:00
Moritz
da8f7fb447 fix drone runner
All checks were successful
continuous-integration/drone/push Build is passing
Details
2024-10-24 12:48:45 +02:00
Moritz
ee2c5a2b42 update pg_backup.sh
Some checks failed
continuous-integration/drone/push Build is failing
Details
2024-10-22 21:31:41 +02:00
Moritz
182a42ff1f update backupbot labels
Some checks failed
continuous-integration/drone/push Build is failing
Details
2024-10-22 15:18:37 +02:00
Simon
5a397ce63e Merge branch 'main' of ssh://git.coopcloud.tech:2222/coop-cloud/nextcloud
Some checks failed
continuous-integration/drone/push Build is failing
Details
2024-10-08 10:14:57 +02:00
kawaiipunk
ccb54f34d4 Added note about our experiances upgrading Nextcloud
Some checks failed
continuous-integration/drone/push Build is failing
Details
2024-10-07 16:25:26 +01:00
Simon
3143e99572 add function to set windows forbidden filename characters 2024-10-02 14:30:41 +02:00
Simon
9859907d4b chore: publish 9.1.2+29.0.5-fpm release
Some checks failed
continuous-integration/drone/push Build is failing
Details
2024-10-01 11:37:15 +02:00
Simon
6c0fa9c12d chore: publish 9.1.2+29.0.5-fpm release
Some checks failed
continuous-integration/drone/push Build is failing
Details
2024-09-30 17:21:04 +02:00
Simon
a3c99a72bf add-theming (#44)
Some checks failed
continuous-integration/drone/push Build is failing
Details 
Reviewed-on: #44
Co-authored-by: Simon <simonthiessen@posteo.de>
Co-committed-by: Simon <simonthiessen@posteo.de>
 2024-09-30 14:24:07 +00:00
17 changed files with 367 additions and 55 deletions
Expand all files Collapse all files

4
.drone.yml
View File

@ -22,6 +22,8 @@ steps:
NGINX_CONF_VERSION: v1
MY_CNF_VERSION: v1
ENTRYPOINT_VERSION: v1
CRONTAB_VERSION: v1
PG_BACKUP_VERSION: v2
SECRET_DB_PASSWORD_VERSION: v1
SECRET_DB_ROOT_PASSWORD_VERSION: v1
SECRET_ADMIN_PASSWORD_VERSION: v1
@ -43,7 +45,7 @@ steps:
from_secret: drone_abra-bot_token
fork: true
repositories:
- coop-cloud/auto-recipes-catalogue-json
- toolshed/auto-recipes-catalogue-json
trigger:
event: tag

35
.env.sample
View File

@ -1,6 +1,7 @@
TYPE=nextcloud
TIMEOUT=900
ENABLE_AUTO_UPDATE=true
ENABLE_BACKUPS=true
DOMAIN=nextcloud.example.com
## Domain aliases
@ -14,6 +15,7 @@ COMPOSE_FILE="$COMPOSE_FILE:compose.mariadb.yml"
#MAX_DB_CONNECTIONS=500
ADMIN_USER=admin
TZ=Etc/UTC
SECRET_DB_ROOT_PASSWORD_VERSION=v1
SECRET_DB_PASSWORD_VERSION=v1
@ -22,6 +24,7 @@ SECRET_ADMIN_PASSWORD_VERSION=v1
EXTRA_VOLUME=/dev/null:/tmp/.dummy
PHP_MEMORY_LIMIT=1G
PHP_UPLOAD_LIMIT=512M
# fpm-tune, see: https://spot13.com/pmcalculator/
FPM_MAX_CHILDREN=16
FPM_START_SERVERS=4
@ -47,13 +50,19 @@ DEFAULT_QUOTA="10 GB"
## Customization
# THEMING_COLOR=
# THEMING_SLOGAN=
# COPY_ASSETS="flow_background.jpg|app:/var/www/html/themes/background.jpg"
# COPY_ASSETS="$COPY_ASSETS icon_left_brand.svg|app:/var/www/html/themes/logo.svg"
# COPY_ASSETS="$COPY_ASSETS icon.png|app:/web/dist/assets/icons/icon.png"
# COPY_ASSETS="flow_background.jpg|app:/var/www/html/themes/"
# COPY_ASSETS="$COPY_ASSETS icon_left_brand.svg|app:/var/www/html/themes/"
# COPY_ASSETS="$COPY_ASSETS icon.png|app:/var/www/html/themes/"
# APPS="calendar"
# COLLABORA_URL=https://collabora.example.com
## IMPORTANT FOR SECURITY REASONS WHEN RUNNING COLLABORA
## list of IP addresses that are allowed to make WOPI requests. Use the default
## when running the collabora server on the same machine as nextcloud.
## Otherwise set this to the IP address range of your collabora server(s) i.e. 1.2.3.4/32
## https://docs.nextcloud.com/server/latest/admin_manual/office/configuration.html#wopi-settings
# COLLABORA_ALLOWLIST="172.16.0.0/12"
# COMPOSE_FILE="$COMPOSE_FILE:compose.onlyoffice.yml"
# ONLYOFFICE_URL=https://onlyoffice.example.com
@ -64,15 +73,29 @@ DEFAULT_QUOTA="10 GB"
# BBB_URL=https://talk.example.org/bigbluebutton/ # trailing slash!
# SECRET_BBB_SECRET_VERSION=v1
# COMPOSE_FILE="$COMPOSE_FILE:compose.whiteboard.yml"
# APPS="$APPS whiteboard"
# SECRET_WHITEBOARD_JWT_VERSION=v1
# COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml"
# APPS="$APPS sociallogin"
# AUTHENTIK_USER_PREFIX=authentik
# AUTHENTIK_DOMAIN=authentik.example.com
# SECRET_AUTHENTIK_SECRET_VERSION=v1
# SECRET_AUTHENTIK_ID_VERSION=v1
# OCC_CMDS="app:disable dashboard"
# OCC_CMDS="$OCC_CMDS|config:app:set sociallogin auto_create_groups --value 1"
# OCC_CMDS="$OCC_CMDS|config:app:set sociallogin hide_default_login --value 1"
#COMPOSE_FILE="$COMPOSE_FILE:compose.fulltextsearch.yml"
#SECRET_ELASTICSEARCH_PASSWORD_VERSION=v1
#COMPOSE_FILE="$COMPOSE_FILE:compose.talk.yml"
#TALK_DOMAIN=talk.example.com
#SECRET_TALK_INTERNAL_SECRET_VERSION=v1 # length=64 charset=default
#SECRET_TALK_TURN_SECRET_VERSION=v1 # length=64 charset=default
#SECRET_TALK_SIGNALING_SECRET_VERSION=v1 # length=64 charset=default
# HSTS Options
# Uncomment this line to enable HSTS: https://docs.nextcloud.com/server/30/admin_manual/installation/harden_server.html
#HSTS_ENABLED=1
# Uncomment this line to add the `preload` part
#HSTS_PRELOAD=1

80
README.md
View File

@ -26,6 +26,7 @@ Fully automated luxury Nextcloud via docker-swarm.
### Onlyoffice Integration
`abra app config <app-name>`
Configure the following envs:
```
COMPOSE_FILE="$COMPOSE_FILE:compose.apps.yml"
@ -33,12 +34,13 @@ ONLYOFFICE_URL=https://onlyoffice.example.com
SECRET_ONLYOFFICE_JWT_VERSION=v1
```
`abra app secret insert <app-name> onlyoffice_jwt v1 <jwt_secret>`
`abra app cmd <app-name> app install_onlyoffice`
* `abra app secret insert <app-name> onlyoffice_jwt v1 <jwt_secret>`
* `abra app cmd <app-name> app install_onlyoffice`
### BBB Integration
`abra app config <app-name>`
Configure the following envs:
```
COMPOSE_FILE="$COMPOSE_FILE:compose.apps.yml"
@ -46,8 +48,44 @@ BBB_URL=https://talk.example.org/bigbluebutton/ # trailing slash!
SECRET_BBB_SECRET_VERSION=v1
```
`abra app secret insert <app-name> bbb_secret v1 <bbb_secret>`
`abra app cmd <app-name> app install_bbb`
* `abra app secret insert <app-name> bbb_secret v1 <bbb_secret>`
* `abra app cmd <app-name> app install_bbb`
### Nextcloud Talk High performance Backend
Note: at the moment you are limited to run one Nextcloud high performance backend per docker host with this setup.
`abra app config <app-name>`
Configure the following envs:
```
#COMPOSE_FILE="$COMPOSE_FILE:compose.talk.yml"
#TALK_DOMAIN=talk.example.com
#SECRET_TALK_INTERNAL_SECRET_VERSION=v1 # length=64 charset=default
#SECRET_TALK_TURN_SECRET_VERSION=v1 # length=64 charset=default
#SECRET_TALK_SIGNALING_SECRET_VERSION=v1 # length=64 charset=default
```
* `abra app secret insert <app-name> talk_internal_secret v1 <talk_internal_secret>`
* `abra app secret insert <app-name> talk_turn_secret v1 <talk_turn_secret>`
* `abra app secret insert <app-name> talk_signaling_secret v1 <talk_signaling_secret>`
* `abra app cmd <app-name> app install_talk`
Don't forget to enable the additional env's in your hosts traefik instance:
```
COMPOSE_FILE="$COMPOSE_FILE:compose.nextcloud-talk-hpb.yml"
NEXTCLOUD_TALK_HPB_ENABLED=1
```
Due to a bug in compose that deletes duplacted ports without checking for the protocol, traefik need to get the additional udp binding added after the deployment via ssh (this might take longer than expected!):
```
docker service update --publish-add published=3478,target=3478,protocol=udp traefik_XXX_XXX_app
```
To check if tcp and udp was binded, you can use:
```
docker service inspect traefik_XXX_XXX_app | grep 3478 -a2
```
### Authentik Integration
@ -64,21 +102,18 @@ AUTHENTIK_ID_NAME=authentik_example_com_nextcloud_id_v1 # the same as in authen
`abra app cmd <app-name> app set_authentik`
### Disable Dashboard
Disable dashboard app since it is so corporate:
`abra app config <app-name>`
Configure the following envs:
```
OCC_CMDS="app:disable dashboard"
```
`abra app cmd <app-name> app post_install_occ`
## Running `occ`
`abra app cmd <app-name> app run_occ '"user:list --help"'`
Read more about [occ command here](https://docs.nextcloud.com/server/stable/admin_manual/occ_command.html).
### Disable Dashboard
To disable dashboard app (since it is so corporate):
`abra app cmd <app-name> app run_occ '"app:disable dashboard"'`
## Default user files
- Follow [these docs](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/default_files_configuration.html) to set the default files list for each user in the Files app
@ -87,7 +122,12 @@ OCC_CMDS="app:disable dashboard"
- Configure a `defaultapp` in your `config.php` or use [apporder](https://apps.nextcloud.com/apps/apporder)
## Upgrading Nextcloud apps
## Upgrading Nextcloud
Upgrading Nextcloud can be a hair raising experiance. They [don't support downgrading](https://docs.nextcloud.com/server/latest/admin_manual/maintenance/upgrade.html) even for minor versions.
Many of us have found that jumping major versions when upgrading is also a bad idea. We have however found that it's ok to skip minor version upgrades and go to the last minor version before a major version (e.g. 24.0.0 to 24.9.9 before going to 25.0.0). To extra cautious just upgrade one release at a time. Read the release notes and check your logs.
## Upgrading Nextcloud apps (plug-ins)
`abra app cmd <app-name> app run_occ '"app:update --all"'`
@ -281,3 +321,11 @@ And you can populate the index manually and check if any errors occur:
```
abra app cmd <domain> app run_occ '"fulltextsearch:index"'
```
### Troubleshooting fulltextsearch
The fulltextsearch plugin might be stuck with this error: "Index is already running". In that case the following command can get things runing again:
```
abra app run <domain> db /bin/sh -- -c 'echo "delete from oc_fulltextsearch_ticks;" | mariadb -u root -p$(cat /run/secrets/db_root_password) nextcloud'
```

49
abra.sh
View File

@ -1,22 +1,18 @@
#!/bin/bash
export FPM_TUNE_VERSION=v5
export NGINX_CONF_VERSION=v7
export MY_CNF_VERSION=v5
export NGINX_CONF_VERSION=v8
export MY_CNF_VERSION=v6
export ENTRYPOINT_VERSION=v3
export ENTRYPOINT_WHITEBOARD_VERSION=v1
export ENTRYPOINT_TALK_VERSION=v1
export CRONTAB_VERSION=v1
export PG_BACKUP_VERSION=v2
run_occ() {
su -p www-data -s /bin/sh -c "/var/www/html/occ $@"
}
post_install_occ() {
IFS='|' read -ra CMD <<<"$OCC_CMDS"
for cmd in "${CMD[@]}"; do
run_occ "$cmd"
done
}
install_apps() {
install_apps="$@"
if [ -z "$install_apps" ]; then
@ -90,6 +86,25 @@ install_onlyoffice() {
install_collabora() {
install_apps richdocuments
set_app_config richdocuments wopi_url "$COLLABORA_URL"
# important for security reaosns
# https://docs.nextcloud.com/server/latest/admin_manual/office/configuration.html#wopi-settings
set_app_config richdocuments wopi_allowlist "$COLLABORA_ALLOWLIST"
}
install_whiteboard() {
install_apps whiteboard
set_app_config whiteboard collabBackendUrl "https://${DOMAIN}/whiteboard"
set_app_config whiteboard jwt_secret_key "$(cat /run/secrets/whiteboard_jwt)"
}
install_talk() {
install_apps spreed
run_occ "talk:signaling:add --verify 'wss://${TALK_DOMAIN}' '$(cat /run/secrets/talk_signaling_secret)'"
run_occ "talk:stun:add '${TALK_DOMAIN}:3478'"
run_occ "talk:stun:add '${TALK_DOMAIN}:443'"
run_occ "talk:turn:add --secret='$(cat /run/secrets/talk_turn_secret)' turn '${TALK_DOMAIN}:3478' udp,tcp"
}
install_fulltextsearch() {
@ -121,7 +136,7 @@ set_authentik() {
\"tokenUrl\": \"https://$AUTHENTIK_DOMAIN/application/o/token/\",
\"displayNameClaim\":\"preferred_username\",
\"userInfoUrl\": \"https://$AUTHENTIK_DOMAIN/application/o/userinfo/\",
\"logoutUrl\": \"https://$AUTHENTIK_DOMAIN/if/session-end/nextcloud/\",
\"logoutUrl\": \"https://$AUTHENTIK_DOMAIN/application/o/nextcloud/end-session/\",
\"clientId\":\"$AUTHENTIK_ID\",
\"clientSecret\":\"$AUTHENTIK_SECRET\",
\"scope\":\"openid profile email nextcloud\",
@ -147,3 +162,17 @@ set_authentik() {
disable_skeletondirectory() {
run_occ "config:system:set skeletondirectory --value ''"
}
set_windowsfriendly_filenames() {
run_occ 'config:system:set forbidden_filename_characters 0 --value=?'
run_occ 'config:system:set forbidden_filename_characters 1 --value=\<'
run_occ 'config:system:set forbidden_filename_characters 2 --value=\>'
run_occ 'config:system:set forbidden_filename_characters 3 --value=:'
run_occ 'config:system:set forbidden_filename_characters 4 --value=*'
run_occ 'config:system:set forbidden_filename_characters 5 --value=\|'
run_occ 'config:system:set forbidden_filename_characters 6 --value=\"'
}
upgrade_mariadb() {
mariadb-upgrade -p`cat /run/secrets/db_root_password`
}

4
compose.fulltextsearch.yml
View File

@ -2,7 +2,7 @@ version: "3.8"
services:
elasticsearch:
image: "docker.elastic.co/elasticsearch/elasticsearch:8.15.0"
image: "docker.elastic.co/elasticsearch/elasticsearch:8.17.2"
environment:
- cluster.name=docker-cluster
- bootstrap.memory_lock=true
@ -29,7 +29,7 @@ services:
mode: 0600
searchindexer:
image: nextcloud:29.0.5-fpm
image: nextcloud:31.0.6-fpm
volumes:
- nextcloud:/var/www/html/
- nextapps:/var/www/html/custom_apps:cached

12
compose.mariadb.yml
View File

@ -9,13 +9,14 @@ services:
- MYSQL_PASSWORD_FILE=/run/secrets/db_password
db:
image: "mariadb:10.5"
image: "mariadb:11.4"
environment:
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_PASSWORD_FILE=/run/secrets/db_password
- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
- MAX_DB_CONNECTIONS=${MAX_DB_CONNECTIONS:-100}
- INNODB_BUFFER_POOL_SIZE=${INNODB_BUFFER_POOL_SIZE:-1G}"
configs:
- source: my_tune
target: /etc/mysql/conf.d/my-tune.cnf
@ -28,12 +29,11 @@ services:
- internal
deploy:
labels:
backupbot.backup: "true"
backupbot.backup.pre-hook: 'mysqldump --single-transaction -u root -p"$$(cat /run/secrets/db_root_password)" nextcloud > /var/lib/mysql/backup.sql'
backupbot.backup.post-hook: "rm -rf /var/lib/mysql/backup.sql"
backupbot.backup.path: "/var/lib/mysql/backup.sql"
backupbot.backup.pre-hook: 'mariadb-dump --single-transaction -u root -p"$$(cat /run/secrets/db_root_password)" nextcloud > /var/lib/mysql/backup.sql'
backupbot.backup.volumes.mariadb.path: "backup.sql"
backupbot.restore.post-hook: 'mariadb -u root -p"$$(cat /run/secrets/db_root_password)" nextcloud < /var/lib/mysql/backup.sql'
healthcheck:
test: ["CMD-SHELL", 'mysqladmin -p"$$(cat /run/secrets/db_root_password)" ping']
test: ["CMD-SHELL", 'mariadb-admin -p"$$(cat /run/secrets/db_root_password)" ping']
interval: 30s
timeout: 10s
retries: 10

16
compose.postgres.yml
View File

@ -29,10 +29,18 @@ services:
retries: 5
deploy:
labels:
backupbot.backup: "true"
backupbot.backup.pre-hook: "PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /var/lib/postgresql/data/backup.sql"
backupbot.backup.post-hook: "rm -rf /var/lib/postgresql/data/backup.sql"
backupbot.backup.path: "/var/lib/postgresql/data/"
backupbot.backup.pre-hook: "/pg_backup.sh backup"
backupbot.backup.volumes.postgres.path: "backup.sql"
backupbot.restore.post-hook: '/pg_backup.sh restore'
configs:
- source: pg_backup
target: /pg_backup.sh
mode: 0555
volumes:
postgres:
configs:
pg_backup:
name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
file: pg_backup.sh

70
compose.talk.yml Normal file
View File

@ -0,0 +1,70 @@
version: "3.8"
services:
talk:
image: "nextcloud/aio-talk:20251128_084214"
environment:
- NC_DOMAIN=${DOMAIN}
- TALK_HOST=${TALK_DOMAIN}
- TZ
- TALK_PORT=3478
- INTERNAL_SECRET_FILE=/run/secrets/talk_internal_secret
- TURN_SECRET_FILE=/run/secrets/talk_turn_secret
- SIGNALING_SECRET_FILE=/run/secrets/talk_signaling_secret
deploy:
labels:
- traefik.enable=true
- traefik.docker.network=proxy
- traefik.http.services.${STACK_NAME}_talk.loadbalancer.server.port=8081
- traefik.http.routers.${STACK_NAME}_talk.rule=Host(`${TALK_DOMAIN}`)
- traefik.http.routers.${STACK_NAME}_talk.entrypoints=web-secure
- traefik.http.routers.${STACK_NAME}_talk.tls.certresolver=${LETS_ENCRYPT_ENV}
- traefik.tcp.routers.${STACK_NAME}_nextcloud-talk-hpb.rule=HostSNI(`*`)
- traefik.tcp.routers.${STACK_NAME}_nextcloud-talk-hpb.entrypoints=nextcloud-talk-hpb
- traefik.tcp.routers.${STACK_NAME}_nextcloud-talk-hpb.service=${STACK_NAME}_nextcloud-talk-hpb-svc
- traefik.tcp.services.${STACK_NAME}_nextcloud-talk-hpb-svc.loadbalancer.server.port=3478
- traefik.udp.routers.${STACK_NAME}_nextcloud-talk-hpb-udp.entrypoints=nextcloud-talk-hpb-udp
- traefik.udp.routers.${STACK_NAME}_nextcloud-talk-hpb-udp.service=${STACK_NAME}_nextcloud-talk-hpb-udp-svc
- traefik.udp.services.${STACK_NAME}_nextcloud-talk-hpb-udp-svc.loadbalancer.server.port=3478
networks:
- proxy
configs:
- source: entrypoint_talk
target: /custom-entrypoint.sh
mode: 775
entrypoint: /custom-entrypoint.sh
secrets:
- source: talk_internal_secret
uid: "1000"
gid: "122"
mode: 0600
- source: talk_turn_secret
uid: "1000"
gid: "122"
mode: 0600
- source: talk_signaling_secret
uid: "1000"
gid: "122"
mode: 0600
app:
secrets:
- talk_turn_secret
- talk_signaling_secret
secrets:
talk_internal_secret:
external: true
name: ${STACK_NAME}_talk_internal_secret_${SECRET_TALK_INTERNAL_SECRET_VERSION}
talk_turn_secret:
external: true
name: ${STACK_NAME}_talk_turn_secret_${SECRET_TALK_TURN_SECRET_VERSION}
talk_signaling_secret:
external: true
name: ${STACK_NAME}_talk_signaling_secret_${SECRET_TALK_SIGNALING_SECRET_VERSION}
configs:
entrypoint_talk:
name: ${STACK_NAME}_entrypoint_talk_${ENTRYPOINT_TALK_VERSION}
file: entrypoint.talk.sh.tmpl
template_driver: golang

44
compose.whiteboard.yml Normal file
View File

@ -0,0 +1,44 @@
version: "3.8"
services:
app:
secrets:
- whiteboard_jwt
whiteboard:
image: ghcr.io/nextcloud-releases/whiteboard:v1.1.2
deploy:
labels:
- traefik.enable=true
- traefik.docker.network=proxy
- traefik.http.services.${STACK_NAME}_whiteboard.loadbalancer.server.port=3002
- traefik.http.routers.${STACK_NAME}_whiteboard.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS}) && PathPrefix(`/whiteboard`)
- traefik.http.routers.${STACK_NAME}_whiteboard.entrypoints=web-secure
- traefik.http.routers.${STACK_NAME}_whiteboard.tls.certresolver=${LETS_ENCRYPT_ENV}
- traefik.http.middlewares.${STACK_NAME}_whiteboard-stripprefix.stripprefix.prefixes=/whiteboard
- traefik.http.routers.${STACK_NAME}_whiteboard.middlewares=${STACK_NAME}_whiteboard-stripprefix
configs:
- source: entrypoint_whiteboard
target: /custom-entrypoint.sh
entrypoint: ["sh", "/custom-entrypoint.sh"]
user: root
networks:
- proxy
ports:
- 3002:3002
secrets:
- whiteboard_jwt
environment:
- NEXTCLOUD_URL=https://$DOMAIN
- JWT_SECRET_KEY_FILE=/run/secrets/whiteboard_jwt
secrets:
whiteboard_jwt:
external: true
name: ${STACK_NAME}_whiteboard_jwt_${SECRET_WHITEBOARD_JWT_VERSION}
configs:
entrypoint_whiteboard:
name: ${STACK_NAME}_entrypoint_whiteboard_${ENTRYPOINT_WHITEBOARD_VERSION}
file: entrypoint.whiteboard.sh.tmpl
template_driver: golang

24
compose.yml
View File

@ -1,7 +1,7 @@
version: "3.8"
services:
web:
image: nginx:1.27.1
image: nginx:1.29.0
depends_on:
- app
configs:
@ -12,6 +12,8 @@ services:
- X_FRAME_OPTIONS_ENABLED
- DOMAIN
- STACK_NAME
- HSTS_ENABLED
- HSTS_PRELOAD
volumes:
- nextcloud:/var/www/html/
- nextapps:/var/www/html/custom_apps:cached
@ -33,8 +35,8 @@ services:
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
- "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.permanent=true"
- "caddy=${DOMAIN}"
- "caddy.reverse_proxy={{upstreams 80}}"
- "caddy.tls.on_demand="
@ -46,7 +48,7 @@ services:
start_period: 5m
app:
image: nextcloud:29.0.5-fpm
image: nextcloud:31.0.6-fpm
depends_on:
- db
configs:
@ -72,7 +74,9 @@ services:
- TRUSTED_PROXIES=10.0.0.0/8
- REDIS_HOST=cache
- OVERWRITEPROTOCOL=https
- OVERWRITECLIURL=https://${DOMAIN}
- PHP_MEMORY_LIMIT=${PHP_MEMORY_LIMIT:-1G}
- PHP_UPLOAD_LIMIT=${PHP_UPLOAD_LIMIT:-512M}
- FPM_MAX_CHILDREN=${FPM_MAX_CHILDREN:-131}
- FPM_START_SERVERS=${FPM_START_SERVERS:-32}
- FPM_MIN_SPARE_SERVERS=${FPM_MIN_SPARE_SERVERS:-32}
@ -91,10 +95,12 @@ services:
failure_action: rollback
order: start-first
labels:
- "coop-cloud.${STACK_NAME}.version=9.1.0+29.0.5-fpm"
- "coop-cloud.${STACK_NAME}.version=12.0.1+31.0.6-fpm"
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
- "backupbot.backup=true"
- "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/"
- "backupbot.backup=${ENABLE_BACKUPS:-true}"
- "backupbot.backup.volumes.redis=false"
#- "backupbot.backup.volumes.nextcloud=false"
healthcheck:
test: ["CMD-SHELL", 'SCRIPT_NAME=status SCRIPT_FILENAME=/var/www/html/status.php REQUEST_METHOD=GET cgi-fcgi -bind -connect 127.0.0.1:9000 | grep "installed\":true"']
interval: 30s
@ -103,7 +109,7 @@ services:
start_period: 15m
cron:
image: nextcloud:29.0.5-fpm
image: nextcloud:31.0.6-fpm
volumes:
- nextcloud:/var/www/html/
- nextapps:/var/www/html/custom_apps:cached
@ -119,7 +125,7 @@ services:
cache:
image: redis:7.4.0-alpine
image: redis:8.0.2-alpine
networks:
- internal
volumes:

30
entrypoint.talk.sh.tmpl Normal file
View File

@ -0,0 +1,30 @@
#!/bin/bash
set -eu
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
file_env "INTERNAL_SECRET"
file_env "TURN_SECRET"
file_env "SIGNALING_SECRET"
/start.sh supervisord -c /supervisord.conf

6
entrypoint.whiteboard.sh.tmpl Normal file
View File

@ -0,0 +1,6 @@
#!/bin/sh
set -e
export JWT_SECRET_KEY=$(cat /run/secrets/whiteboard_jwt)
exec npm run server:start

2
my-tune.cnf
View File

@ -4,7 +4,7 @@
# https://mariadb.com/kb/en/library/performance-schema-overview/
[server]
innodb_buffer_pool_size = 1G
innodb_buffer_pool_size = {{ env "INNODB_BUFFER_POOL_SIZE" }}
innodb_flush_log_at_trx_commit = 2
innodb_log_buffer_size = 32M
innodb_max_dirty_pages_pct = 90

7
nginx.conf.tmpl
View File

@ -45,6 +45,13 @@ http {
# could take several months.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
{{ if eq (env "HSTS_ENABLED") "1" }}
{{ if eq (env "HSTS_PRELOAD") "1" }}
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
{{ else }}
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains;" always;
{{ end }}
{{ end }}
# set max upload size
client_max_body_size 512M;

34
pg_backup.sh Normal file
View File

@ -0,0 +1,34 @@
#!/bin/bash
set -e
BACKUP_FILE='/var/lib/postgresql/data/backup.sql'
function backup {
export PGPASSWORD=$(cat /run/secrets/db_password)
pg_dump -U ${POSTGRES_USER} ${POSTGRES_DB} > $BACKUP_FILE
}
function restore {
cd /var/lib/postgresql/data/
restore_config(){
# Restore allowed connections
cat pg_hba.conf.bak > pg_hba.conf
su postgres -c 'pg_ctl reload'
}
# Don't allow any other connections than local
cp pg_hba.conf pg_hba.conf.bak
echo "local all all trust" > pg_hba.conf
su postgres -c 'pg_ctl reload'
trap restore_config EXIT INT TERM
# Recreate Database
psql -U ${POSTGRES_USER} -d postgres -c "DROP DATABASE ${POSTGRES_DB} WITH (FORCE);"
createdb -U ${POSTGRES_USER} ${POSTGRES_DB}
psql -U ${POSTGRES_USER} -d ${POSTGRES_DB} -1 -f $BACKUP_FILE
trap - EXIT INT TERM
restore_config
}
$@

1
release/10.0.0+30.0.4-fpm Normal file
View File

@ -0,0 +1 @@
https://docs.nextcloud.com/server/latest/admin_manual/release_notes/upgrade_to_30.html

4
release/11.0.0+30.0.4-fpm Normal file
View File

@ -0,0 +1,4 @@
Upgrades mariadb from 10.5 to 11.4
NOTE: If your Nextcloud instance is using mariadb, after running this update you MUST run the database upgrade command:
`abra app command nextcloud.yourserver.org db upgrade_mariadb`
More info: https://mariadb.com/kb/en/upgrading-from-mariadb-10-11-to-mariadb-11-4/