forked from coop-cloud/nextcloud
Compare commits
19 Commits
Author | SHA1 | Date |
---|---|---|
Moritz | 7a64d3c6a7 | |
3wc | bb781e654b | |
Moritz | cb5cd5f7b2 | |
3wc | 0a3e943b26 | |
3wc | 4f1aaf5d1d | |
3wc | 019b71fde1 | |
3wc | 7527399da0 | |
3wc | 94e84122ed | |
p4u1 | 0d9ab936a0 | |
iexos | 09ec6f842c | |
3wc | b5d40aa428 | |
Moritz | eead80b60a | |
3wc | 24670cdb6b | |
3wc | 7e4ab9288c | |
p4u1 | 199bf61300 | |
p4u1 | 99514b5991 | |
p4u1 | eefb14e150 | |
iexos | a34e100bd7 | |
p4u1 | 24ca6b22bc |
|
@ -11,6 +11,8 @@ COMPOSE_FILE="compose.yml"
|
|||
COMPOSE_FILE="$COMPOSE_FILE:compose.mariadb.yml"
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.postgres.yml"
|
||||
|
||||
#MAX_DB_CONNECTIONS=500
|
||||
|
||||
ADMIN_USER=admin
|
||||
|
||||
SECRET_DB_ROOT_PASSWORD_VERSION=v1
|
||||
|
@ -62,3 +64,6 @@ DEFAULT_QUOTA="10 GB"
|
|||
# AUTHENTIK_DOMAIN=authentik.example.com
|
||||
# SECRET_AUTHENTIK_SECRET_VERSION=v1
|
||||
# SECRET_AUTHENTIK_ID_VERSION=v1
|
||||
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.fulltextsearch.yml"
|
||||
#SECRET_ELASTICSEARCH_PASSWORD_VERSION=v1
|
||||
|
|
43
README.md
43
README.md
|
@ -6,10 +6,10 @@ Fully automated luxury Nextcloud via docker-swarm.
|
|||
|
||||
<!-- metadata -->
|
||||
* **Category**: Apps
|
||||
* **Status**: 2, beta
|
||||
* **Status**: 5
|
||||
* **Image**: [`nextcloud`](https://hub.docker.com/_/nextcloud), 4, upstream
|
||||
* **Healthcheck**: Yes
|
||||
* **Backups**: No
|
||||
* **Backups**: Yes
|
||||
* **Email**: 3
|
||||
* **Tests**: 2
|
||||
* **SSO**: 1 (OAuth)
|
||||
|
@ -17,7 +17,6 @@ Fully automated luxury Nextcloud via docker-swarm.
|
|||
|
||||
## Quick start
|
||||
|
||||
|
||||
* `abra app new nextcloud`
|
||||
* `abra app config <app-name>`
|
||||
* `abra app secret insert <app-name> smtp_password v1 <SMTP_PASSWORD>`
|
||||
|
@ -244,3 +243,41 @@ docker exec -u www-data $(docker ps -f name=foo_com_app -q) ./occ preview:pre-ge
|
|||
```
|
||||
|
||||
This app will improve performance of image browsing at the cost of storage space.
|
||||
|
||||
## Fulltextsearch using elasticsearch
|
||||
|
||||
1. Uncomment the following lines in your env file:
|
||||
```
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.fulltextsearch.yml"
|
||||
#SECRET_ELASTICSEARCH_PASSWORD_VERSION=v1
|
||||
```
|
||||
|
||||
2. Generate the secret for elasticsearch:
|
||||
```bash
|
||||
abra app secret generate <domain> elasticsearch_password v1
|
||||
```
|
||||
|
||||
3. Deploy your app:
|
||||
```bash
|
||||
abra app deploy <domain>
|
||||
```
|
||||
|
||||
4. Install the apps and configure them:
|
||||
```
|
||||
abra app cmd <domain> app install_fulltextsearch
|
||||
```
|
||||
|
||||
5. You might need to configure the files_fulltextsearch app. run this command to check its settings:
|
||||
```
|
||||
abra app cmd <domain> app run_occ '"config:list files_fulltextsearch"
|
||||
```
|
||||
|
||||
6. You can check if the nextcloud can connect to elasticsearch:
|
||||
```
|
||||
abra app cmd <domain> app run_occ '"fulltextsearch:test"'
|
||||
```
|
||||
|
||||
And you can populate the index manually and check if any errors occur:
|
||||
```
|
||||
abra app cmd <domain> app run_occ '"fulltextsearch:index"'
|
||||
```
|
||||
|
|
15
abra.sh
15
abra.sh
|
@ -1,9 +1,10 @@
|
|||
#!/bin/bash
|
||||
|
||||
export FPM_TUNE_VERSION=v5
|
||||
export NGINX_CONF_VERSION=v4
|
||||
export MY_CNF_VERSION=v4
|
||||
export NGINX_CONF_VERSION=v6
|
||||
export MY_CNF_VERSION=v5
|
||||
export ENTRYPOINT_VERSION=v3
|
||||
export CRONTAB_VERSION=v1
|
||||
|
||||
run_occ() {
|
||||
su -p www-data -s /bin/sh -c "/var/www/html/occ $@"
|
||||
|
@ -70,6 +71,16 @@ install_collabora() {
|
|||
set_app_config richdocuments wopi_url "$COLLABORA_URL"
|
||||
}
|
||||
|
||||
install_fulltextsearch() {
|
||||
install_apps fulltextsearch
|
||||
install_apps fulltextsearch_elasticsearch
|
||||
install_apps files_fulltextsearch
|
||||
set_app_config fulltextsearch search_platform "OCA\\FullTextSearch_Elasticsearch\\Platform\\ElasticSearchPlatform"
|
||||
set_app_config fulltextsearch_elasticsearch elastic_host "http://elastic:$(cat /run/secrets/elasticsearch_password)@elasticsearch:9200/"
|
||||
set_app_config fulltextsearch_elasticsearch elastic_index "nextcloud"
|
||||
set_app_config files_fulltextsearch files_local "1"
|
||||
}
|
||||
|
||||
set_default_quota() {
|
||||
set_app_config files default_quota "$DEFAULT_QUOTA"
|
||||
}
|
||||
|
|
|
@ -0,0 +1,23 @@
|
|||
authentik:
|
||||
uncomment:
|
||||
- compose.authentik.yml
|
||||
- AUTHENTIK_USER_PREFIX
|
||||
- AUTHENTIK_DOMAIN
|
||||
- SECRET_AUTHENTIK_SECRET_VERSION
|
||||
- SECRET_AUTHENTIK_ID_VERSION
|
||||
execute:
|
||||
- app set_authentik
|
||||
shared_secrets:
|
||||
nextcloud_secret: authentik_secret
|
||||
nextcloud_id: authentik_id
|
||||
onlyoffice:
|
||||
uncomment:
|
||||
- ONLYOFFICE_URL
|
||||
- SECRET_ONLYOFFICE_JWT_VERSION
|
||||
execute:
|
||||
- app install_onlyoffice
|
||||
collabora:
|
||||
uncomment:
|
||||
- COLLABORA_URL
|
||||
execute:
|
||||
- app install_collabora
|
|
@ -0,0 +1,55 @@
|
|||
version: "3.8"
|
||||
|
||||
services:
|
||||
elasticsearch:
|
||||
image: "docker.elastic.co/elasticsearch/elasticsearch:8.11.3"
|
||||
environment:
|
||||
- cluster.name=docker-cluster
|
||||
- bootstrap.memory_lock=true
|
||||
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
|
||||
- discovery.type=single-node
|
||||
# Disable authentication and ssl completely
|
||||
# - xpack.security.enabled=false
|
||||
# Use this to enable Basic Authentication:
|
||||
- xpack.security.enabled=true
|
||||
- xpack.security.http.ssl.enabled=false
|
||||
- ELASTIC_PASSWORD_FILE=/var/run/secrets/elasticsearch_password
|
||||
ulimits:
|
||||
memlock:
|
||||
soft: -1
|
||||
hard: -1
|
||||
volumes:
|
||||
- elasticsearch:/usr/share/elasticsearch/data
|
||||
networks:
|
||||
- internal
|
||||
secrets:
|
||||
- source: elasticsearch_password
|
||||
uid: "1000"
|
||||
gid: "1000"
|
||||
mode: 0600
|
||||
|
||||
searchindexer:
|
||||
image: nextcloud:29.0.0-fpm
|
||||
volumes:
|
||||
- nextcloud:/var/www/html/
|
||||
- nextapps:/var/www/html/custom_apps:cached
|
||||
- nextdata:/var/www/html/data:cached
|
||||
- nextconfig:/var/www/html/config:cached
|
||||
- ${EXTRA_VOLUME}
|
||||
networks:
|
||||
- internal
|
||||
entrypoint: su -p www-data -s /bin/sh -c '/var/www/html/occ fulltextsearch:live'
|
||||
|
||||
# Add the secret to the app service so it is avaiable in the
|
||||
# install_fulltextsearch command
|
||||
app:
|
||||
secrets:
|
||||
- elasticsearch_password
|
||||
|
||||
secrets:
|
||||
elasticsearch_password:
|
||||
external: true
|
||||
name: ${STACK_NAME}_elasticsearch_password_${SECRET_ELASTICSEARCH_PASSWORD_VERSION}
|
||||
|
||||
volumes:
|
||||
elasticsearch:
|
|
@ -15,6 +15,7 @@ services:
|
|||
- MYSQL_USER=nextcloud
|
||||
- MYSQL_PASSWORD_FILE=/run/secrets/db_password
|
||||
- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
|
||||
- MAX_DB_CONNECTIONS=${MAX_DB_CONNECTIONS:-100}
|
||||
configs:
|
||||
- source: my_tune
|
||||
target: /etc/mysql/conf.d/my-tune.cnf
|
||||
|
@ -41,6 +42,12 @@ configs:
|
|||
my_tune:
|
||||
name: ${STACK_NAME}_my_cnf_${MY_CNF_VERSION}
|
||||
file: my-tune.cnf
|
||||
template_driver: golang
|
||||
|
||||
secrets:
|
||||
db_root_password:
|
||||
external: true
|
||||
name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
|
||||
|
||||
volumes:
|
||||
mariadb:
|
||||
|
|
|
@ -11,6 +11,7 @@ services:
|
|||
|
||||
db:
|
||||
image: "postgres:12"
|
||||
command: -c "max_connections=${MAX_DB_CONNECTIONS:-100}"
|
||||
volumes:
|
||||
- "postgres:/var/lib/postgresql/data"
|
||||
networks:
|
||||
|
|
20
compose.yml
20
compose.yml
|
@ -1,7 +1,7 @@
|
|||
version: "3.8"
|
||||
services:
|
||||
web:
|
||||
image: nginx:1.25.3
|
||||
image: nginx:1.26.0
|
||||
depends_on:
|
||||
- app
|
||||
configs:
|
||||
|
@ -46,7 +46,7 @@ services:
|
|||
start_period: 5m
|
||||
|
||||
app:
|
||||
image: nextcloud:27.1.3-fpm
|
||||
image: nextcloud:29.0.0-fpm
|
||||
depends_on:
|
||||
- db
|
||||
configs:
|
||||
|
@ -91,7 +91,7 @@ services:
|
|||
failure_action: rollback
|
||||
order: start-first
|
||||
labels:
|
||||
- "coop-cloud.${STACK_NAME}.version=5.1.0+27.1.3-fpm"
|
||||
- "coop-cloud.${STACK_NAME}.version=7.0.0+29.0.0-fpm"
|
||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
||||
- "backupbot.backup=true"
|
||||
- "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/"
|
||||
|
@ -103,7 +103,7 @@ services:
|
|||
start_period: 15m
|
||||
|
||||
cron:
|
||||
image: nextcloud:27.1.3-fpm
|
||||
image: nextcloud:29.0.0-fpm
|
||||
volumes:
|
||||
- nextcloud:/var/www/html/
|
||||
- nextapps:/var/www/html/custom_apps:cached
|
||||
|
@ -113,9 +113,13 @@ services:
|
|||
networks:
|
||||
- internal
|
||||
entrypoint: /cron.sh
|
||||
configs:
|
||||
- source: crontab
|
||||
target: /var/spool/cron/crontabs/www-data
|
||||
|
||||
|
||||
cache:
|
||||
image: redis:7.2.3-alpine
|
||||
image: redis:7.2.4-alpine
|
||||
networks:
|
||||
- internal
|
||||
volumes:
|
||||
|
@ -127,9 +131,6 @@ services:
|
|||
retries: 20
|
||||
|
||||
secrets:
|
||||
db_root_password:
|
||||
external: true
|
||||
name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
|
||||
db_password:
|
||||
external: true
|
||||
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
|
||||
|
@ -158,6 +159,9 @@ configs:
|
|||
name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
|
||||
file: entrypoint.sh.tmpl
|
||||
template_driver: golang
|
||||
crontab:
|
||||
name: ${STACK_NAME}_crontab_${CRONTAB_VERSION}
|
||||
file: crontab
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
*/5 * * * * php -d memory_limit=1G -f /var/www/html/cron.php
|
|
@ -13,7 +13,7 @@ key_buffer_size = 16M
|
|||
innodb_log_file_size = 256M
|
||||
long_query_time = 1
|
||||
max_allowed_packet = 256M
|
||||
max_connections = 100
|
||||
max_connections = {{ env "MAX_DB_CONNECTIONS" }}
|
||||
max_heap_table_size = 64M
|
||||
max_user_connections = 0
|
||||
myisam_recover_options = BACKUP
|
||||
|
|
|
@ -11,6 +11,10 @@ events {
|
|||
|
||||
http {
|
||||
include /etc/nginx/mime.types;
|
||||
# See https://github.com/nextcloud/forms/issues/1838#issuecomment-1860497200
|
||||
types {
|
||||
application/javascript js mjs;
|
||||
}
|
||||
default_type application/octet-stream;
|
||||
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
|
@ -59,12 +63,12 @@ http {
|
|||
#pagespeed off;
|
||||
|
||||
# HTTP response headers borrowed from Nextcloud `.htaccess`
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Download-Options "noopen" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "none" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Download-Options "noopen" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "noindex, nofollow" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
|
||||
{{ if eq (env "X_FRAME_OPTIONS_ENABLED") "1" }}
|
||||
add_header Content-Security-Policy "frame-ancestors {{ env "X_FRAME_OPTIONS_ALLOW_FROM" }} {{ env "DOMAIN" }}";
|
||||
|
|
Loading…
Reference in New Issue