Philipp Rothmann
e8a8f636d0
continuous-integration/drone/pr Build is failing
Details
This introduces new env variables to configure nextloud to be embedded via iframe on an external site. Setting X_FRAME_OPTIONS_ENABLED=1 will configure nginx and nextcloud to set X-Frame-Options and CSP headers to allow the domain configured in X_FRAME_OPTIONS_ALLOW_FROM. |
||
|---|---|---|
| .vscode | ||
| releases | ||
| .drone.yml | ||
| .env.sample | ||
| .gitignore | ||
| README.md | ||
| abra.sh | ||
| compose.mariadb.yml | ||
| compose.postgres.yml | ||
| compose.yml | ||
| entrypoint.sh.tmpl | ||
| fpm-tune.ini | ||
| my-tune.cnf | ||
| nginx.conf.tmpl | ||
| renovate.json | ||
README.md
Nextcloud
Fully automated luxury Nextcloud via docker-swarm.
- Category: Apps
- Status: 2, beta
- Image:
nextcloud, 4, upstream - Healthcheck: Yes
- Backups: No
- Email: 3
- Tests: 2
- SSO: 1 (OAuth)
Basic usage
- Set up Docker Swarm and
abra - Deploy
coop-cloud/traefik abra app new nextcloud --secrets(optionally with--passif you'd like to save secrets inpass)abra app YOURAPPDOMAIN config- be sure to change$DOMAINto something that resolves to your Docker swarm boxabra app YOURAPPDOMAIN deploy
How do I customise the default home page when logging in?
- Delete the dashboard app since it is so corporate
- Follow these docs to set the default files list for each user in the Files app
- Configure a
defaultappin yourconfig.phpor use apporder
Running occ
abra app run --user www-data YOURAPPDOMAIN app occ user:list --help
Upgrading Nextcloud apps
abra app run --user www-data YOURAPPDOMAIN app occ app:update --all
How do I fix a Nextcloud version snafu?
Exception: Updates between multiple major versions and downgrades are unsupported.
Solution:
- Look at log files to determine the old Nextcloud version
- Change your local
~/.abra/recipes/nextcloud/compose.ymlto the highest minor version in the old version -- e.g. choose22.2.5for22, if you're upgrading to23. - Then, do one of (both bad):
abra app deploy --chaos ..., thenapp runto go in and manually lower the version number in PHP (shell in,apt install vim-core && vi version.php), then tryphp ./occ upgradeabra app undeploy ...,abra volume rm, CAREFULLY only choose the volume ENDING_nextcloud, thenabra app deploy --chaos ..., then edit thecompose.ymlto addentrypoint: ['tail', '-f', '/dev/null']toapp, thenapp deploy --chaosagain, thenapp run --user=www-data ... app bashto get in and run./occ maintenance:repair, and./occ upgrade.
- Change
compose.ymlto the new version number;git checkout compose.yml abra app deploy --force- This wasn't even multiplle major versions was it 😾
How do I integrate with Keycloak SSO?
Use this plugin. Unlike the plugin it's forked from, there is no configuration UI, so you'll need to edit /var/www/html/config/config.php:
'oidc_login_client_id' => 'nextcloud',
'oidc_login_client_secret' => 'mysecret',
'oidc_login_provider_url' => 'https://example.com/auth/realms/myrealm',
'oidc_login_disable_registration' => false,
'oidc_login_hide_password_form' => true,
'oidc_login_button_text' => 'Log in with your myssodomain',
'oidc_login_default_group' => 'mygroup',
'oidc_login_attributes' =>
array (
'id' => 'sub',
'name' => 'name',
'mail' => 'email',
),
'oidc_create_groups' => true,
You can use this trick (see "Cryptic Usernames" work-around) to get proper usernames.
If you ever need to change the realm, you'll need to reset the cache with:
docker exec -u www-data <container-id> php occ config:app:delete oidc_login last_updated_well_known
docker exec -u www-data <container-id> php occ config:app:delete oidc_login last_updated_jwks
How do I enable multiple SSO login buttons?
We've been able to get this setup by using the social login plugin.
If using Keycloak, you'll want to do this trick also.
How can I customise the CSS?
There is some basic stuff in the admin settings.
To go a little deeper, you can use this handy app.
Here is an example CSS config which hides the local login and makes space for a central image:
#body-login .wrapper main form[name="login"],
#body-login .wrapper main form[name="login"] ~ a {
display: none;
}
#body-login .logo {
visibility: hidden;
}
#body-login #alternative-logins a.button[href*="oidc"] {
background: #233b4a;
color: #fff;
transition: all 0.2s ease-in-out;
}
#body-login #alternative-logins a.button[href*="oidc"]:hover {
background: linear-gradient(-35deg, #233b4a 40%, #486c83 100%);
}
#body-login #alternative-logins a.button[href*="/sociallogin/oauth/google"] {
border: 0;
color: #db4437 !important;
background-color: #fff;
}
#body-login
#alternative-logins
a.button[href*="/sociallogin/oauth/google"]::before {
width: 25px;
background-color: #db4437;
border-radius: 100%;
background-size: 60%;
background-position: center;
height: 25px;
vertical-align: middle;
margin-right: 4px;
}
#body-login main {
padding: 50vh 0 0 0;
}
#body-login a[href*="#body-login"] {
visibility: hidden;
}
#body-login footer a,
#body-login footer p {
color: #233b4a;
}
#body-login footer a:hover {
color: #fff;
}
#body-login footer p.info {
text-shadow: none;
}
Using previewgenerator app
Beware, this appp has been known to not work...
After you install, enable etc. then you need to run the generation (warning: it can take a long time!):
abra app run <domain> app bash -u www-data
./occ preview:generate-all
To set up the cron to run again, there is no clear solution in the context of containers. So, a pretty dodgy hack is to run it from the system directly:
root@foo.com /etc/cron.hourly $ cat foo-com-preview-generate
#!/bin/bash
docker exec -u www-data $(docker ps -f name=foo_com_app -q) ./occ preview:pre-generate
This app will improve performance of image browsing at the cost of storage space.