Nextcloud Server, a safe home for all your data
Go to file
2023-08-26 20:20:57 +00:00
.gitignore remove files specific to abra, rename yml to yaml 2023-08-26 20:20:57 +00:00
abra.sh fix install_apps cmd 2023-08-08 08:30:05 +00:00
compose.apps.yaml remove files specific to abra, rename yml to yaml 2023-08-26 20:20:57 +00:00
compose.authentik.yaml remove files specific to abra, rename yml to yaml 2023-08-26 20:20:57 +00:00
compose.mariadb.yaml remove files specific to abra, rename yml to yaml 2023-08-26 20:20:57 +00:00
compose.postgres.yaml remove files specific to abra, rename yml to yaml 2023-08-26 20:20:57 +00:00
compose.smtp.yaml remove files specific to abra, rename yml to yaml 2023-08-26 20:20:57 +00:00
compose.yaml remove files specific to abra, rename yml to yaml 2023-08-26 20:20:57 +00:00
entrypoint.sh.tmpl healthchecks (#32) 2023-08-08 08:30:05 +00:00
fpm-tune.ini feat: template fpm settings 2023-08-08 08:30:05 +00:00
my-tune.cnf fix: increase packets to avoid comm timeouts 2021-11-15 11:30:08 +01:00
nginx.conf.tmpl fix frame ancestors 2022-10-11 16:12:04 +02:00
README.md Drop /auth/ from Keycloak example URL 2023-08-08 08:30:05 +00:00
renovate.json Attempt to ignore mariadb upgrade 2021-07-12 11:26:01 +02:00

Nextcloud

Build Status

Fully automated luxury Nextcloud via docker-swarm.

  • Category: Apps
  • Status: 2, beta
  • Image: nextcloud, 4, upstream
  • Healthcheck: Yes
  • Backups: No
  • Email: 3
  • Tests: 2
  • SSO: 1 (OAuth)

Quick start

  • abra app new nextcloud
  • abra app config <app-name>
  • abra app secret insert <app-name> smtp_password v1 <SMTP_PASSWORD>
  • abra app secret generate -a <app-name>
  • abra app deploy <app-name>

Onlyoffice Integration

abra app config <app-name> Configure the following envs:

COMPOSE_FILE="$COMPOSE_FILE:compose.apps.yml"
ONLYOFFICE_URL=https://onlyoffice.example.com
SECRET_ONLYOFFICE_JWT_VERSION=v1

abra app secret insert <app-name> onlyoffice_jwt v1 <jwt_secret> abra app cmd <app-name> app install_onlyoffice

BBB Integration

abra app config <app-name> Configure the following envs:

COMPOSE_FILE="$COMPOSE_FILE:compose.apps.yml"
BBB_URL=https://talk.example.org/bigbluebutton/ # trailing slash!
SECRET_BBB_SECRET_VERSION=v1

abra app secret insert <app-name> bbb_secret v1 <bbb_secret> abra app cmd <app-name> app install_bbb

Authentik Integration

abra app config <app-name> Configure the following envs:

COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml"
AUTHENTIK_USER_PREFIX=authentik
AUTHENTIK_DOMAIN=authentik.example.com
AUTHENTIK_SECRET_NAME=authentik_example_com_nextcloud_secret_v1  # the same as in authentik
AUTHENTIK_ID_NAME=authentik_example_com_nextcloud_id_v1  # the same as in authentik

abra app cmd <app-name> app set_authentik

Disable Dashboard

Disable dashboard app since it is so corporate:

abra app config <app-name> Configure the following envs:

OCC_CMDS="app:disable dashboard"

abra app cmd <app-name> app post_install_occ

Running occ

abra app cmd <app-name> app run_occ '"user:list --help"'

Default user files

  • Follow these docs to set the default files list for each user in the Files app

Default App

  • Configure a defaultapp in your config.php or use apporder

Upgrading Nextcloud apps

abra app cmd <app-name> app run_occ '"app:update --all"'

How do I fix a Nextcloud version snafu?

Exception: Updates between multiple major versions and downgrades are unsupported.

Solution:

  • Look at log files to determine the old Nextcloud version
  • Change your local ~/.abra/recipes/nextcloud/compose.yml to the highest minor version in the old version -- e.g. choose 22.2.5 for 22, if you're upgrading to 23.
  • Then, do one of (both bad):
    1. abra app deploy --chaos ..., then app run to go in and manually lower the version number in PHP (shell in, apt install vim-core && vi version.php), then try php ./occ upgrade
    2. abra app undeploy ..., abra volume rm, CAREFULLY only choose the volume ENDING _nextcloud, then abra app deploy --chaos ..., then edit the compose.yml to add entrypoint: ['tail', '-f', '/dev/null'] to app, then app deploy --chaos again, then app run --user=www-data ... app bash to get in and run ./occ maintenance:repair, and ./occ upgrade.
  • Change compose.yml to the new version number; git checkout compose.yml
  • abra app deploy --force
  • This wasn't even multiplle major versions was it 😾

How do I integrate with Keycloak SSO?

Use this plugin. Unlike the plugin it's forked from, there is no configuration UI, so you'll need to edit /var/www/html/config/config.php:

  'oidc_login_client_id' => 'nextcloud',
  'oidc_login_client_secret' => 'mysecret',
  'oidc_login_provider_url' => 'https://example.com/realms/myrealm',
  'oidc_login_disable_registration' => false,
  'oidc_login_hide_password_form' => true,
  'oidc_login_button_text' => 'Log in with your myssodomain',
  'oidc_login_default_group' => 'mygroup',
  'oidc_login_attributes' =>
  array (
    'id' => 'sub',
    'name' => 'name',
    'mail' => 'email',
  ),
  'oidc_create_groups' => true,

You can use this trick (see "Cryptic Usernames" work-around) to get proper usernames.

If you ever need to change the realm, you'll need to reset the cache with:

docker exec -u www-data <container-id> php occ config:app:delete oidc_login last_updated_well_known
docker exec -u www-data <container-id> php occ config:app:delete oidc_login last_updated_jwks

How do I enable multiple SSO login buttons?

We've been able to get this setup by using the social login plugin.

If using Keycloak, you'll want to do this trick also.

How can I customise the CSS?

There is some basic stuff in the admin settings.

To go a little deeper, you can use this handy app.

Here is an example CSS config which hides the local login and makes space for a central image:

#body-login .wrapper main form[name="login"],
#body-login .wrapper main form[name="login"] ~ a {
  display: none;
}

#body-login .logo {
  visibility: hidden;
}

#body-login #alternative-logins a.button[href*="oidc"] {
  background: #233b4a;
  color: #fff;
  transition: all 0.2s ease-in-out;
}
#body-login #alternative-logins a.button[href*="oidc"]:hover {
  background: linear-gradient(-35deg, #233b4a 40%, #486c83 100%);
}

#body-login #alternative-logins a.button[href*="/sociallogin/oauth/google"] {
  border: 0;
  color: #db4437 !important;
  background-color: #fff;
}

#body-login
  #alternative-logins
  a.button[href*="/sociallogin/oauth/google"]::before {
  width: 25px;
  background-color: #db4437;
  border-radius: 100%;
  background-size: 60%;
  background-position: center;
  height: 25px;
  vertical-align: middle;
  margin-right: 4px;
}

#body-login main {
  padding: 50vh 0 0 0;
}

#body-login a[href*="#body-login"] {
  visibility: hidden;
}

#body-login footer a,
#body-login footer p {
  color: #233b4a;
}

#body-login footer a:hover {
  color: #fff;
}

#body-login footer p.info {
  text-shadow: none;
}

Using previewgenerator app

Beware, this appp has been known to not work...

After you install, enable etc. then you need to run the generation (warning: it can take a long time!):

abra app run <domain> app bash -u www-data
./occ preview:generate-all

To set up the cron to run again, there is no clear solution in the context of containers. So, a pretty dodgy hack is to run it from the system directly:

root@foo.com /etc/cron.hourly $ cat foo-com-preview-generate 
#!/bin/bash

docker exec -u www-data $(docker ps -f name=foo_com_app -q) ./occ preview:pre-generate

This app will improve performance of image browsing at the cost of storage space.