Compare commits

...

61 Commits
main ... main

Author SHA1 Message Date
Christian Galo 9d2ec0f0b5 put secrets in correct files 2023-10-16 23:21:17 +00:00
Christian Galo 907d73ea92 Minimal removal of abra-related stuff 2023-08-31 07:07:22 +00:00
Christian Galo 392b859110 remove abra bloatware 2023-08-30 04:58:02 +00:00
Christian Galo 827e03bc52 remove files specific to abra, rename yml to yaml 2023-08-26 20:20:57 +00:00
3wc b58b00d679 Trigger catalogue rebuild on tag push 2023-08-08 08:30:05 +00:00
3wc e0b09908d9 chore: publish 5.0.1+27.0.1-fpm release 2023-08-08 08:30:05 +00:00
Philipp Rothmann 47565b5e2b fix: use saner fpm defaults 2023-08-08 08:30:05 +00:00
Moritz 571d9feb56 fix install_apps cmd 2023-08-08 08:30:05 +00:00
Moritz 5803a2356f use standalone authentik secrets 2023-08-08 08:30:05 +00:00
Philipp Rothmann d94a750958 chore: publish 5.0.0+27.0.0-fpm release 2023-08-08 08:30:05 +00:00
Philipp Rothmann c3a4826636 chore: publish 4.0.7+26.0.2-fpm release 2023-08-08 08:30:05 +00:00
Philipp Rothmann e80e58433c chore: point backup to a volume directory 2023-08-08 08:30:05 +00:00
Philipp Rothmann 8de526606f feat: add set logfile to stdout cmd 2023-08-08 08:30:05 +00:00
Philipp Rothmann 5f592e299e chore: publish 4.0.6+26.0.2-fpm release 2023-08-08 08:30:05 +00:00
Philipp Rothmann 183becfd87 fix postgres healtcheck 2023-08-08 08:30:05 +00:00
Philipp Rothmann 4714122197 chore: publish 4.0.5+26.0.2-fpm release 2023-08-08 08:30:05 +00:00
Philipp Rothmann 41b7868713 fix: release the fpm handbrake
it seems like php-fpm applys configs in aphabetical order, so that our
fpm-tune was overwritten by the www.conf with default values.

so let's go on highspeed now! :)
2023-08-08 08:30:05 +00:00
Philipp Rothmann e33f1c12ae chore: publish 4.0.4+26.0.2-fpm release 2023-08-08 08:30:05 +00:00
Philipp Rothmann abac635267 fix env fpm default values overwriteable 2023-08-08 08:30:05 +00:00
3wc 06cf73d438 chore: publish 4.0.3+26.0.2-fpm release 2023-08-08 08:30:05 +00:00
KawaiiPunk 088f9ff9e5 chore: publish 4.0.2+26.0.2-fpm release 2023-08-08 08:30:05 +00:00
Philipp Rothmann 09e60aaa49 chore: publish 4.0.1+26.0.1-fpm release 2023-08-08 08:30:05 +00:00
Philipp Rothmann bdcdbf5e41 chore: autoformatting abra.sh 2023-08-08 08:30:05 +00:00
Philipp Rothmann 8fdad4c913 fix: set trusted proxies to 10.0.0.0/8 2023-08-08 08:30:05 +00:00
3wc af18ec0637 chore: publish 4.0.0+26.0.1-fpm release 2023-08-08 08:30:05 +00:00
3wc 83a45a477c chore: publish 3.3.2+25.0.6-fpm release 2023-08-08 08:30:05 +00:00
Moritz 90728de1ea add auto update and timeout env 2023-08-08 08:30:05 +00:00
Moritz f77ab17a69 default authentik admin mapping 2023-08-08 08:30:05 +00:00
Moritz a4d32b5b90 add default timeout 2023-08-08 08:30:05 +00:00
3wc 77997c00a4 Drop /auth/ from Keycloak example URL
[ci skip]
2023-08-08 08:30:05 +00:00
Moritz 2e9098c9ba chore: publish 3.3.0+25.0.5-fpm release 2023-08-08 08:30:05 +00:00
Moritz 9955dce2a8 chore: publish 3.2.0+25.0.4-fpm release 2023-08-08 08:30:05 +00:00
Moritz 5ccda65459 feat: authentik autoconfiguration 2023-08-08 08:30:05 +00:00
Moritz e62e8dea6d chore: update readme 2023-08-08 08:30:05 +00:00
Moritz 36037c4475 fix release note path 2023-08-08 08:30:05 +00:00
3wc d19cb857ba chore: publish 3.1.2+25.0.4-fpm release 2023-08-08 08:30:05 +00:00
3wc a9e8b2e2bd Fix `occ` commands in README
[ci skip]
2023-08-08 08:30:05 +00:00
3wc 70c441ea70 Switch to self-hosted stack-ssh-deploy image [mass update] 2023-08-08 08:30:05 +00:00
Moritz 8673aadbf3 chore: publish 3.1.1+25.0.1-fpm release 2023-08-08 08:30:05 +00:00
Moritz ca19cf5732 increase healthcheck start_period for long updates 2023-08-08 08:30:05 +00:00
Moritz 002531ea84 chore: publish 3.1.0+25.0.1-fpm release 2023-08-08 08:30:05 +00:00
Moritz cc89f448f2 update release file for next release 2023-08-08 08:30:05 +00:00
3wc e3e66cb732 Update abra syntax in examples (finally) [mass update] 2023-08-08 08:30:05 +00:00
moritz b08bb5903f healthchecks (#32)
Adding healthchecks for nginx, mariadb, redis and php-fpm

Co-authored-by: Moritz <moritz.m@local-it.org>
Reviewed-on: #32
2023-08-08 08:30:05 +00:00
Moritz 92bc8b0b68 feat: run occ commands from env variables as post deploy command 2023-08-08 08:30:05 +00:00
Philipp Rothmann b863452e9d feat: set default quota via abra app cmd 2023-08-08 08:30:05 +00:00
Philipp Rothmann af7bbe23d6 feat: template fpm settings
this closes #25
2023-08-08 08:30:05 +00:00
Philipp Rothmann 968552ea4c chore: clean up .env.sample 2023-08-08 08:30:05 +00:00
Philipp Rothmann 6185853ad3 refactor: move nc-app secrets to seperate overwrite yml 2023-08-08 08:30:05 +00:00
Philipp Rothmann 61e63f403b feat: make smtp settings configurable in .env 2023-08-08 08:30:05 +00:00
Moritz 69fa1b9aed fix CI deployment: set bbb and onlyoffice secret version 2023-08-08 08:30:05 +00:00
Moritz 1fd97150f7 use docker secrets for bbb 2023-08-08 08:30:05 +00:00
Moritz e19504af56 add install_onlyoffice command 2023-08-08 08:30:05 +00:00
Philipp Rothmann 94558d4055 chore: publish 3.0.1+25.0.1-fpm release 2023-08-08 08:30:05 +00:00
3wc 54bb36a111 Fix typo in db_password versioning 2023-08-08 08:30:05 +00:00
decentral1se e5aafdae8b chore: publish 3.0.0+25.0.1-fpm release 2023-08-08 08:30:05 +00:00
3wc 2c8df2ad17 Return to <recipe>.example.com templating 2023-08-08 08:30:05 +00:00
Philipp Rothmann 95b902f7ab Add install_bbb app command 2023-08-08 08:30:05 +00:00
Moritz 8a3283e398 refactor: clean abra.sh file from old unused functions 2023-08-08 08:30:05 +00:00
3wc aef52ab967 Set config versions for CI deployment 2023-08-08 08:30:05 +00:00
3wc 17c3cb6ac0 Auto-create `proxy` network during CI test 2023-08-08 08:30:05 +00:00
14 changed files with 114 additions and 435 deletions

View File

@ -1,25 +0,0 @@
---
kind: pipeline
name: deploy to swarm-test.autonomic.zone
steps:
- name: deployment
image: decentral1se/stack-ssh-deploy:latest
settings:
host: swarm-test.autonomic.zone
stack: nextcloud
generate_secrets: true
purge: true
deploy_key:
from_secret: drone_ssh_swarm_test
environment:
DOMAIN: nextcloud.swarm-test.autonomic.zone
STACK_NAME: nextcloud
LETS_ENCRYPT_ENV: production
ADMIN_USER: foobar
SECRET_DB_PASSWORD_VERSION: v1
SECRET_DB_ROOT_PASSWORD_VERSION: v1
SECRET_ADMIN_PASSWORD_VERSION: v1
EXTRA_VOLUME: "/dev/null:/tmp/.dummy"
trigger:
branch:
- main

View File

@ -1,23 +0,0 @@
TYPE=nextcloud
DOMAIN={{ .Domain }}
## Domain aliases
#EXTRA_DOMAINS=', `www.nextcloud.example.com`'
LETS_ENCRYPT_ENV=production
COMPOSE_FILE="compose.yml"
COMPOSE_FILE="$COMPOSE_FILE:compose.mariadb.yml"
#COMPOSE_FILE="$COMPOSE_FILE:compose.postgres.yml"
ADMIN_USER=admin
SECRET_DB_ROOT_PASSWORD_VERSION=v1
SECRET_DB_PASSWORD_VERSION=v1
SECRET_ADMIN_PASSWORD_VERSION=v1
EXTRA_VOLUME=/dev/null:/tmp/.dummy
# X_FRAME_OPTIONS_ENABLED=1
# X_FRAME_OPTIONS_ALLOW_FROM=embedding-site.example.org
# APPS="calendar sociallogin onlyoffice"

2
.gitignore vendored
View File

@ -1 +1 @@
/.envrc
.env

View File

@ -1,5 +0,0 @@
{
"shellcheck.customArgs": [
"--shell=bash"
]
}

184
README.md
View File

@ -1,192 +1,24 @@
# Nextcloud
[![Build Status](https://drone.autonomic.zone/api/badges/coop-cloud/nextcloud/status.svg)](https://drone.autonomic.zone/coop-cloud/nextcloud)
Wiki Cafe's configuration for a Nextcloud deployment. Originally slimmed down from an `abra` [recipe](https://git.coopcloud.tech/coop-cloud/nextcloud) by [Co-op Cloud](https://coopcloud.tech/).
Fully automated luxury Nextcloud via docker-swarm.
<!-- metadata -->
* **Category**: Apps
* **Status**: 2, beta
* **Image**: [`nextcloud`](https://hub.docker.com/_/nextcloud), 4, upstream
* **Healthcheck**: Yes
* **Backups**: No
* **Email**: 3
* **Tests**: 2
* **SSO**: 1 (OAuth)
<!-- endmetadata -->
## Deploying the app with Docker Swarm
## Basic usage
1. Set up Docker Swarm and [`abra`]
2. Deploy [`coop-cloud/traefik`]
3. `abra app new nextcloud --secrets` (optionally with `--pass` if you'd like
to save secrets in `pass`)
4. `abra app YOURAPPDOMAIN config` - be sure to change `$DOMAIN` to something that resolves to
your Docker swarm box
5. `abra app YOURAPPDOMAIN deploy`
## How do I customise the default home page when logging in?
- Delete the dashboard app since it is so corporate
- Follow [these docs](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/default_files_configuration.html) to set the default files list for each user in the Files app
- Configure a `defaultapp` in your `config.php` or use [apporder](https://apps.nextcloud.com/apps/apporder)
## Running `occ`
`abra app run --user www-data YOURAPPDOMAIN app occ user:list --help`
## Upgrading Nextcloud apps
`abra app run --user www-data YOURAPPDOMAIN app occ app:update --all`
## How do I fix a Nextcloud version snafu?
`Exception: Updates between multiple major versions and downgrades are unsupported.`
Solution:
- Look at log files to determine the old Nextcloud version
- Change your local `~/.abra/recipes/nextcloud/compose.yml` to the highest minor
version in the old version -- e.g. choose `22.2.5` for `22`, if you're
upgrading to `23`.
- Then, do one of (both bad):
1. `abra app deploy --chaos ...`, then `app run` to go in and manually lower the version number in PHP (shell in, `apt install vim-core && vi version.php`), then try `php ./occ upgrade`
2. `abra app undeploy ...`, `abra volume rm`, CAREFULLY only choose the volume
ENDING `_nextcloud`, then `abra app deploy --chaos ...`, then edit the
`compose.yml` to add `entrypoint: ['tail', '-f', '/dev/null']` to `app`,
then `app deploy --chaos` again, then `app run --user=www-data ... app bash` to get in and run `./occ maintenance:repair`, and `./occ upgrade`.
- Change `compose.yml` to the new version number; `git checkout compose.yml`
- `abra app deploy --force`
- This wasn't even multiplle major versions was it 😾
## How do I integrate with Keycloak SSO?
Use [this plugin](https://github.com/pulsejet/nextcloud-oidc-login). Unlike the plugin it's forked from, there is no configuration UI, so you'll need to edit `/var/www/html/config/config.php`:
Set the environment variables from the .env file during the shell session.
```
'oidc_login_client_id' => 'nextcloud',
'oidc_login_client_secret' => 'mysecret',
'oidc_login_provider_url' => 'https://example.com/auth/realms/myrealm',
'oidc_login_disable_registration' => false,
'oidc_login_hide_password_form' => true,
'oidc_login_button_text' => 'Log in with your myssodomain',
'oidc_login_default_group' => 'mygroup',
'oidc_login_attributes' =>
array (
'id' => 'sub',
'name' => 'name',
'mail' => 'email',
),
'oidc_create_groups' => true,
set -a && source .env && set +a
```
You can use [this trick](https://janikvonrotz.ch/2020/10/20/openid-connect-with-nextcloud-and-keycloak/) (see "Cryptic Usernames" work-around) to get proper usernames.
If you ever need to change the realm, you'll need to reset the cache with:
Set the secrets.
```
docker exec -u www-data <container-id> php occ config:app:delete oidc_login last_updated_well_known
docker exec -u www-data <container-id> php occ config:app:delete oidc_login last_updated_jwks
printf "SECRET_HERE" | docker secret create SECRET_NAME -
```
## How do I enable multiple SSO login buttons?
We've been able to get this setup by using the [social login](https://apps.nextcloud.com/apps/sociallogin) plugin.
If using Keycloak, you'll want to do [this trick](https://janikvonrotz.ch/2020/10/20/openid-connect-with-nextcloud-and-keycloak/) also.
## How can I customise the CSS?
There is some basic stuff in the admin settings.
To go a little deeper, you can use [this handy app](https://apps.nextcloud.com/apps/theming_customcss).
Here is an example CSS config which hides the local login and makes space for a central image:
```css
#body-login .wrapper main form[name="login"],
#body-login .wrapper main form[name="login"] ~ a {
display: none;
}
#body-login .logo {
visibility: hidden;
}
#body-login #alternative-logins a.button[href*="oidc"] {
background: #233b4a;
color: #fff;
transition: all 0.2s ease-in-out;
}
#body-login #alternative-logins a.button[href*="oidc"]:hover {
background: linear-gradient(-35deg, #233b4a 40%, #486c83 100%);
}
#body-login #alternative-logins a.button[href*="/sociallogin/oauth/google"] {
border: 0;
color: #db4437 !important;
background-color: #fff;
}
#body-login
#alternative-logins
a.button[href*="/sociallogin/oauth/google"]::before {
width: 25px;
background-color: #db4437;
border-radius: 100%;
background-size: 60%;
background-position: center;
height: 25px;
vertical-align: middle;
margin-right: 4px;
}
#body-login main {
padding: 50vh 0 0 0;
}
#body-login a[href*="#body-login"] {
visibility: hidden;
}
#body-login footer a,
#body-login footer p {
color: #233b4a;
}
#body-login footer a:hover {
color: #fff;
}
#body-login footer p.info {
text-shadow: none;
}
```
[nextcloud-docker]: https://hub.docker.com/_/nextcloud/
[`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra
[`coop-cloud/traefik`]: https://git.autonomic.zone/coop-cloud/traefik
## Using [`previewgenerator`](https://github.com/nextcloud/previewgenerator) app
> Beware, this appp has been known to not work...
After you install, enable etc. then you need to run the generation (**warning**: it can take a long time!):
Deploy using the `-c` flag to specify one or multiple compose files.
```
abra app run <domain> app bash -u www-data
./occ preview:generate-all
docker stack deploy nextcloud -c compose.yaml -c compose.mariadb.yaml -c compose.smtp.yaml
```
To set up the cron to run again, there is [no clear solution in the context of
containers](https://github.com/nextcloud/previewgenerator/issues/1). So, a
pretty dodgy hack is to run it from the system directly:
```
root@foo.com /etc/cron.hourly $ cat foo-com-preview-generate
#!/bin/bash
docker exec -u www-data $(docker ps -f name=foo_com_app -q) ./occ preview:pre-generate
```
This app will improve performance of image browsing at the cost of storage space.

122
abra.sh
View File

@ -1,122 +0,0 @@
export FPM_TUNE_VERSION=v4
export NGINX_CONF_VERSION=v4
export MY_CNF_VERSION=v4
export ENTRYPOINT_VERSION=v2
NC_APP_DIR="app:/var/www/html"
sub_occ(){
# shellcheck disable=SC2034
abra__service_="app"
# shellcheck disable=SC2034
abra___user="www-data"
sub_app_run php /var/www/html/occ "$@"
}
run_occ(){
su -p www-data -s /bin/sh -c "/var/www/html/occ $@"
}
install_apps(){
install_apps="$@"
if [ -z "$install_apps" ]
then
install_apps=$APPS
fi
for app in $install_apps
do
run_occ "app:install $app"
done
}
_backup_app() {
# Copied _abra_backup_dir to make UX better on restore and backup
{
abra__src_="$1"
abra__dst_="-"
}
# shellcheck disable=SC2154
FILENAME="$(basename "$1").tar"
debug "Copying '$1' to '$FILENAME'"
silence
mkdir -p /tmp/abra
sub_app_cp > /tmp/abra/$FILENAME
unsilence
}
next_maintenance_on() {
silence
sub_occ maintenance:mode --on > /dev/null
unsilence
debug "Nextcloud maintenance mode enabled"
}
next_maintenance_off() {
silence
sub_occ maintenance:mode --off > /dev/null
unsilence
debug "Nextcloud maintenance mode disabled"
}
abra_backup_app() {
# shellcheck disable=SC2154
ARK_FILENAME="$ABRA_BACKUP_DIR/${abra__app_}_app_$(date +%F).tar.gz"
# Cant be FILENAME as that gets changed by something
next_maintenance_on
_backup_app $NC_APP_DIR/config
_backup_app $NC_APP_DIR/data
_backup_app $NC_APP_DIR/themes
# Combine archives
tar -Af /tmp/abra/config.tar /tmp/abra/data.tar
tar -Af /tmp/abra/config.tar /tmp/abra/themes.tar
gzip /tmp/abra/config.tar -c > "$ARK_FILENAME"
rm /tmp/abra/*.tar
success "Backed up 'app' to $ARK_FILENAME"
next_maintenance_off
}
abra_backup_db() {
next_maintenance_on
_abra_backup_mysql "db" "nextcloud"
next_maintenance_off
}
abra_backup() {
abra_backup_app && abra_backup_db
}
abra_restore_app() {
next_maintenance_on
# shellcheck disable=SC2034
{
abra__src_="-"
abra__dst_=$NC_APP_DIR
}
zcat "$@" | sub_app_cp
next_maintenance_off
sub_occ files:scan --all > /dev/null # Needs to be run in normal mode
success "Restored 'app'"
}
# abra_restore_db() {
# warning "Restoring the database is on a existing app and not a new one has not been tested. Use with caution."
# next_maintenance_on
# # 3wc: unlike abra_backup_db, we can assume abra__service_ will be 'db' if we
# # got this far..
# # shellcheck disable=SC2034
# abra___no_tty="true"
# DB_PASSWORD=$(sub_app_run cat /run/secrets/db_password)
# zcat "$@" | sub_app_run mysql -u root -p"$DB_PASSWORD" wordpress
# success "Restored 'db'"
# next_maintenance_off
# }

View File

@ -1,5 +1,3 @@
version: "3.8"
services:
app:
environment:
@ -28,13 +26,28 @@ services:
deploy:
labels:
backupbot.backup: "true"
backupbot.backup.pre-hook: 'mkdir -p /tmp/backup/ && mysqldump --single-transaction -u root -p"$$(cat /run/secrets/db_root_password)" nextcloud > /tmp/backup/backup.sql'
backupbot.backup.post-hook: "rm -rf /tmp/backup"
backupbot.backup.path: "/tmp/backup/"
backupbot.backup.pre-hook: 'mysqldump --single-transaction -u root -p"$$(cat /run/secrets/db_root_password)" nextcloud > /var/lib/mysql/backup.sql'
backupbot.backup.post-hook: "rm -rf /var/lib/mysql/backup.sql"
backupbot.backup.path: "/var/lib/mysql/backup.sql"
healthcheck:
test: ["CMD-SHELL", 'mysqladmin -p"$$(cat /run/secrets/db_root_password)" ping']
interval: 30s
timeout: 10s
retries: 10
start_period: 1m
configs:
my_tune:
name: ${STACK_NAME}_my_cnf_${MY_CNF_VERSION}
name: ${STACK_NAME}_my_cnf
file: my-tune.cnf
secrets:
db_root_password:
external: true
name: ${STACK_NAME}_db_root_password
db_password:
external: true
name: ${STACK_NAME}_db_password
volumes:
mariadb:

View File

@ -1,37 +0,0 @@
version: '3.8'
services:
app:
environment:
- POSTGRES_HOST=db
- POSTGRES_DB=nextcloud
- POSTGRES_USER=nextcloud
- POSTGRES_PASSWORD_FILE=/run/secrets/db_password
- NEXTCLOUD_UPDATE=1
db:
image: "postgres:12"
volumes:
- "postgres:/var/lib/postgresql/data"
networks:
- internal
environment:
POSTGRES_USER: nextcloud
POSTGRES_PASSWORD_FILE: /run/secrets/db_password
POSTGRES_DB: nextcloud
secrets:
- db_password
healthcheck:
test: ["CMD-SHELL", "pg_isready"]
interval: 10s
timeout: 5s
retries: 5
deploy:
labels:
backupbot.backup: "true"
backupbot.backup.pre-hook: "mkdir -p /tmp/backup/ && PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /tmp/backup/backup.sql"
backupbot.backup.post-hook: "rm -rf /tmp/backup"
backupbot.backup.path: "/tmp/backup/"
volumes:
postgres:

18
compose.smtp.yaml Normal file
View File

@ -0,0 +1,18 @@
services:
app:
secrets:
- smtp_password
environment:
- SMTP_AUTHTYPE
- SMTP_HOST
- SMTP_SECURE
- SMTP_NAME
- SMTP_PORT
- SMTP_PASSWORD_FILE=/run/secrets/smtp_password
- MAIL_FROM_ADDRESS
- MAIL_DOMAIN
secrets:
smtp_password:
external: true
name: ${STACK_NAME}_smtp_password

View File

@ -1,7 +1,6 @@
version: "3.8"
services:
web:
image: nginx:1.23.1
image: nginx:1.25.1
configs:
- source: nginx_conf
target: /etc/nginx/nginx.conf
@ -33,14 +32,20 @@ services:
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
healthcheck:
test: ["CMD-SHELL", 'curl -s -N curl -Ns localhost/status.php | grep "installed\":true"']
interval: 30s
timeout: 10s
retries: 10
start_period: 5m
app:
image: nextcloud:24.0.6-fpm
image: nextcloud:27.0.1-fpm
depends_on:
- db
configs:
- source: fpm_tune
target: /usr/local/etc/php-fpm.d/fpm-tune.conf
target: /usr/local/etc/php-fpm.d/zzz-fpm-tune.conf
- source: entrypoint
target: /custom-entrypoint.sh
mode: 555
@ -57,14 +62,15 @@ services:
- NEXTCLOUD_ADMIN_USER=${ADMIN_USER}
- NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/admin_password
- NEXTCLOUD_TRUSTED_DOMAINS=${DOMAIN}
- TRUSTED_PROXIES=traefik
- TRUSTED_PROXIES=10.0.0.0/8
- REDIS_HOST=cache
- SMTP_HOST
- MAIL_FROM_ADDRESS
- MAIL_DOMAIN
- SMTP_AUTHTYPE=PLAIN
- OVERWRITEPROTOCOL=https
- PHP_MEMORY_LIMIT=1G
- PHP_MEMORY_LIMIT=${PHP_MEMORY_LIMIT:-1G}
- FPM_MAX_CHILDREN=${FPM_MAX_CHILDREN:-131}
- FPM_START_SERVERS=${FPM_START_SERVERS:-32}
- FPM_MIN_SPARE_SERVERS=${FPM_MIN_SPARE_SERVERS:-32}
- FPM_MAX_SPARE_SERVERS=${FPM_MAX_SPARE_SERVERS:-98}
- DEFAULT_QUOTA
volumes:
- nextcloud:/var/www/html/
- nextapps:/var/www/html/custom_apps:cached
@ -78,12 +84,17 @@ services:
failure_action: rollback
order: start-first
labels:
- "coop-cloud.${STACK_NAME}.version=2.1.4+24.0.6-fpm"
- "backupbot.backup=true"
- "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/"
healthcheck:
test: ["CMD-SHELL", 'SCRIPT_NAME=status SCRIPT_FILENAME=/var/www/html/status.php REQUEST_METHOD=GET cgi-fcgi -bind -connect 127.0.0.1:9000 | grep "installed\":true"']
interval: 30s
timeout: 10s
retries: 10
start_period: 5m
cron:
image: nextcloud:24.0.6-fpm
image: nextcloud:27.0.1-fpm
volumes:
- nextcloud:/var/www/html/
- nextapps:/var/www/html/custom_apps:cached
@ -95,22 +106,24 @@ services:
entrypoint: /cron.sh
cache:
image: redis:7.0.5-alpine
image: redis:7.0.12-alpine
networks:
- internal
volumes:
- "redis:/data"
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 3s
timeout: 5s
retries: 20
secrets:
db_root_password:
external: true
name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
db_password:
external: true
name: ${STACK_NAME}_db_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
name: ${STACK_NAME}_db_password
admin_password:
external: true
name: ${STACK_NAME}_admin_password_${SECRET_ADMIN_PASSWORD_VERSION}
name: ${STACK_NAME}_admin_password
volumes:
nextcloud:
@ -122,14 +135,15 @@ volumes:
configs:
nginx_conf:
name: ${STACK_NAME}_nginx_${NGINX_CONF_VERSION}
name: ${STACK_NAME}_nginx
file: nginx.conf.tmpl
template_driver: golang
fpm_tune:
name: ${STACK_NAME}_fpm_tune_${FPM_TUNE_VERSION}
name: ${STACK_NAME}_fpm_tune
file: fpm-tune.ini
template_driver: golang
entrypoint:
name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
name: ${STACK_NAME}_entrypoint
file: entrypoint.sh.tmpl
template_driver: golang

View File

@ -1,5 +1,30 @@
#!/bin/bash
set -eu
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
file_env "SMTP_PASSWORD"
echo "Giving the db container some time to come up"; sleep 20
# see this issue with postgres db https://github.com/nextcloud/docker/issues/1204
@ -9,4 +34,8 @@ if ! [[ $(grep {{ env "X_FRAME_OPTIONS_ALLOW_FROM" }} lib/public/AppFramework/Ht
fi
{{ end }}
# Required for healthcheck
which cgi-fcgi > /dev/null || (apt-get update && apt-get install -y libfcgi-bin)
/entrypoint.sh php-fpm

View File

@ -1,5 +1,5 @@
pm = dynamic
pm.max_children = 131
pm.start_servers = 32
pm.min_spare_servers = 32
pm.max_spare_servers = 98
pm.max_children = {{ env "FPM_MAX_CHILDREN" }}
pm.start_servers = {{ env "FPM_START_SERVERS" }}
pm.min_spare_servers = {{ env "FPM_MIN_SPARE_SERVERS" }}
pm.max_spare_servers = {{ env "FPM_MAX_SPARE_SERVERS" }}

View File

@ -1,6 +0,0 @@
2.0.0 introduces a minor nextcloud update to 23.0.4 and moves the database service to a seperate override.yml file to support different database types (mariadb / postgres). This might break your installation. Please add the following snippet to your config .env to ensure the right db is used:
```
COMPOSE_FILE="compose.yml"
COMPOSE_FILE="$COMPOSE_FILE:compose.mariadb.yml"
```

View File

@ -1,9 +0,0 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"ignoreDeps": [
"mariadb:10.6"
],
"extends": [
"config:base"
]
}