.gitignore | ||
abra.sh | ||
compose.apps.yaml | ||
compose.authentik.yaml | ||
compose.mariadb.yaml | ||
compose.postgres.yaml | ||
compose.smtp.yaml | ||
compose.yaml | ||
entrypoint.sh.tmpl | ||
fpm-tune.ini | ||
my-tune.cnf | ||
nginx.conf.tmpl | ||
README.md | ||
renovate.json |
Nextcloud
Fully automated luxury Nextcloud via docker-swarm.
- Category: Apps
- Status: 2, beta
- Image:
nextcloud
, 4, upstream - Healthcheck: Yes
- Backups: No
- Email: 3
- Tests: 2
- SSO: 1 (OAuth)
Quick start
abra app new nextcloud
abra app config <app-name>
abra app secret insert <app-name> smtp_password v1 <SMTP_PASSWORD>
abra app secret generate -a <app-name>
abra app deploy <app-name>
Onlyoffice Integration
abra app config <app-name>
Configure the following envs:
COMPOSE_FILE="$COMPOSE_FILE:compose.apps.yml"
ONLYOFFICE_URL=https://onlyoffice.example.com
SECRET_ONLYOFFICE_JWT_VERSION=v1
abra app secret insert <app-name> onlyoffice_jwt v1 <jwt_secret>
abra app cmd <app-name> app install_onlyoffice
BBB Integration
abra app config <app-name>
Configure the following envs:
COMPOSE_FILE="$COMPOSE_FILE:compose.apps.yml"
BBB_URL=https://talk.example.org/bigbluebutton/ # trailing slash!
SECRET_BBB_SECRET_VERSION=v1
abra app secret insert <app-name> bbb_secret v1 <bbb_secret>
abra app cmd <app-name> app install_bbb
Authentik Integration
abra app config <app-name>
Configure the following envs:
COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml"
AUTHENTIK_USER_PREFIX=authentik
AUTHENTIK_DOMAIN=authentik.example.com
AUTHENTIK_SECRET_NAME=authentik_example_com_nextcloud_secret_v1 # the same as in authentik
AUTHENTIK_ID_NAME=authentik_example_com_nextcloud_id_v1 # the same as in authentik
abra app cmd <app-name> app set_authentik
Disable Dashboard
Disable dashboard app since it is so corporate:
abra app config <app-name>
Configure the following envs:
OCC_CMDS="app:disable dashboard"
abra app cmd <app-name> app post_install_occ
Running occ
abra app cmd <app-name> app run_occ '"user:list --help"'
Default user files
- Follow these docs to set the default files list for each user in the Files app
Default App
- Configure a
defaultapp
in yourconfig.php
or use apporder
Upgrading Nextcloud apps
abra app cmd <app-name> app run_occ '"app:update --all"'
How do I fix a Nextcloud version snafu?
Exception: Updates between multiple major versions and downgrades are unsupported.
Solution:
- Look at log files to determine the old Nextcloud version
- Change your local
~/.abra/recipes/nextcloud/compose.yml
to the highest minor version in the old version -- e.g. choose22.2.5
for22
, if you're upgrading to23
. - Then, do one of (both bad):
abra app deploy --chaos ...
, thenapp run
to go in and manually lower the version number in PHP (shell in,apt install vim-core && vi version.php
), then tryphp ./occ upgrade
abra app undeploy ...
,abra volume rm
, CAREFULLY only choose the volume ENDING_nextcloud
, thenabra app deploy --chaos ...
, then edit thecompose.yml
to addentrypoint: ['tail', '-f', '/dev/null']
toapp
, thenapp deploy --chaos
again, thenapp run --user=www-data ... app bash
to get in and run./occ maintenance:repair
, and./occ upgrade
.
- Change
compose.yml
to the new version number;git checkout compose.yml
abra app deploy --force
- This wasn't even multiplle major versions was it 😾
How do I integrate with Keycloak SSO?
Use this plugin. Unlike the plugin it's forked from, there is no configuration UI, so you'll need to edit /var/www/html/config/config.php
:
'oidc_login_client_id' => 'nextcloud',
'oidc_login_client_secret' => 'mysecret',
'oidc_login_provider_url' => 'https://example.com/realms/myrealm',
'oidc_login_disable_registration' => false,
'oidc_login_hide_password_form' => true,
'oidc_login_button_text' => 'Log in with your myssodomain',
'oidc_login_default_group' => 'mygroup',
'oidc_login_attributes' =>
array (
'id' => 'sub',
'name' => 'name',
'mail' => 'email',
),
'oidc_create_groups' => true,
You can use this trick (see "Cryptic Usernames" work-around) to get proper usernames.
If you ever need to change the realm, you'll need to reset the cache with:
docker exec -u www-data <container-id> php occ config:app:delete oidc_login last_updated_well_known
docker exec -u www-data <container-id> php occ config:app:delete oidc_login last_updated_jwks
How do I enable multiple SSO login buttons?
We've been able to get this setup by using the social login plugin.
If using Keycloak, you'll want to do this trick also.
How can I customise the CSS?
There is some basic stuff in the admin settings.
To go a little deeper, you can use this handy app.
Here is an example CSS config which hides the local login and makes space for a central image:
#body-login .wrapper main form[name="login"],
#body-login .wrapper main form[name="login"] ~ a {
display: none;
}
#body-login .logo {
visibility: hidden;
}
#body-login #alternative-logins a.button[href*="oidc"] {
background: #233b4a;
color: #fff;
transition: all 0.2s ease-in-out;
}
#body-login #alternative-logins a.button[href*="oidc"]:hover {
background: linear-gradient(-35deg, #233b4a 40%, #486c83 100%);
}
#body-login #alternative-logins a.button[href*="/sociallogin/oauth/google"] {
border: 0;
color: #db4437 !important;
background-color: #fff;
}
#body-login
#alternative-logins
a.button[href*="/sociallogin/oauth/google"]::before {
width: 25px;
background-color: #db4437;
border-radius: 100%;
background-size: 60%;
background-position: center;
height: 25px;
vertical-align: middle;
margin-right: 4px;
}
#body-login main {
padding: 50vh 0 0 0;
}
#body-login a[href*="#body-login"] {
visibility: hidden;
}
#body-login footer a,
#body-login footer p {
color: #233b4a;
}
#body-login footer a:hover {
color: #fff;
}
#body-login footer p.info {
text-shadow: none;
}
Using previewgenerator
app
Beware, this appp has been known to not work...
After you install, enable etc. then you need to run the generation (warning: it can take a long time!):
abra app run <domain> app bash -u www-data
./occ preview:generate-all
To set up the cron to run again, there is no clear solution in the context of containers. So, a pretty dodgy hack is to run it from the system directly:
root@foo.com /etc/cron.hourly $ cat foo-com-preview-generate
#!/bin/bash
docker exec -u www-data $(docker ps -f name=foo_com_app -q) ./occ preview:pre-generate
This app will improve performance of image browsing at the cost of storage space.