Nextcloud Server, a safe home for all your data
Go to file
2023-08-08 08:30:05 +00:00
.vscode dev: added chellcheck settings for vscode users 2021-05-05 09:57:05 +01:00
releases chore: publish 3.1.0+25.0.1-fpm release 2023-08-08 08:30:05 +00:00
.drone.yml fix CI deployment: set bbb and onlyoffice secret version 2023-08-08 08:30:05 +00:00
.env.sample feat: run occ commands from env variables as post deploy command 2023-08-08 08:30:05 +00:00
.gitignore Fix secrets & network definition 2020-06-29 14:29:16 +02:00
abra.sh feat: run occ commands from env variables as post deploy command 2023-08-08 08:30:05 +00:00
compose.apps.yml refactor: move nc-app secrets to seperate overwrite yml 2023-08-08 08:30:05 +00:00
compose.mariadb.yml healthchecks (#32) 2023-08-08 08:30:05 +00:00
compose.postgres.yml let app container wait for db init 2022-10-13 16:58:10 +02:00
compose.smtp.yml feat: make smtp settings configurable in .env 2023-08-08 08:30:05 +00:00
compose.yml chore: publish 3.1.1+25.0.1-fpm release 2023-08-08 08:30:05 +00:00
entrypoint.sh.tmpl healthchecks (#32) 2023-08-08 08:30:05 +00:00
fpm-tune.ini feat: template fpm settings 2023-08-08 08:30:05 +00:00
my-tune.cnf fix: increase packets to avoid comm timeouts 2021-11-15 11:30:08 +01:00
nginx.conf.tmpl fix frame ancestors 2022-10-11 16:12:04 +02:00
README.md Update abra syntax in examples (finally) [mass update] 2023-08-08 08:30:05 +00:00
renovate.json Attempt to ignore mariadb upgrade 2021-07-12 11:26:01 +02:00

Nextcloud

Build Status

Fully automated luxury Nextcloud via docker-swarm.

  • Category: Apps
  • Status: 2, beta
  • Image: nextcloud, 4, upstream
  • Healthcheck: Yes
  • Backups: No
  • Email: 3
  • Tests: 2
  • SSO: 1 (OAuth)

Basic usage

  1. Set up Docker Swarm and abra
  2. Deploy coop-cloud/traefik
  3. abra app new nextcloud --secrets (optionally with --pass if you'd like to save secrets in pass)
  4. abra app config YOURAPPDOMAIN - be sure to change $DOMAIN to something that resolves to your Docker swarm box
  5. abra app deploy YOURAPPDOMAIN

How do I customise the default home page when logging in?

  • Delete the dashboard app since it is so corporate
  • Follow these docs to set the default files list for each user in the Files app
  • Configure a defaultapp in your config.php or use apporder

Running occ

abra app run --user www-data YOURAPPDOMAIN app occ user:list --help

Upgrading Nextcloud apps

abra app run --user www-data YOURAPPDOMAIN app occ app:update --all

How do I fix a Nextcloud version snafu?

Exception: Updates between multiple major versions and downgrades are unsupported.

Solution:

  • Look at log files to determine the old Nextcloud version
  • Change your local ~/.abra/recipes/nextcloud/compose.yml to the highest minor version in the old version -- e.g. choose 22.2.5 for 22, if you're upgrading to 23.
  • Then, do one of (both bad):
    1. abra app deploy --chaos ..., then app run to go in and manually lower the version number in PHP (shell in, apt install vim-core && vi version.php), then try php ./occ upgrade
    2. abra app undeploy ..., abra volume rm, CAREFULLY only choose the volume ENDING _nextcloud, then abra app deploy --chaos ..., then edit the compose.yml to add entrypoint: ['tail', '-f', '/dev/null'] to app, then app deploy --chaos again, then app run --user=www-data ... app bash to get in and run ./occ maintenance:repair, and ./occ upgrade.
  • Change compose.yml to the new version number; git checkout compose.yml
  • abra app deploy --force
  • This wasn't even multiplle major versions was it 😾

How do I integrate with Keycloak SSO?

Use this plugin. Unlike the plugin it's forked from, there is no configuration UI, so you'll need to edit /var/www/html/config/config.php:

  'oidc_login_client_id' => 'nextcloud',
  'oidc_login_client_secret' => 'mysecret',
  'oidc_login_provider_url' => 'https://example.com/auth/realms/myrealm',
  'oidc_login_disable_registration' => false,
  'oidc_login_hide_password_form' => true,
  'oidc_login_button_text' => 'Log in with your myssodomain',
  'oidc_login_default_group' => 'mygroup',
  'oidc_login_attributes' =>
  array (
    'id' => 'sub',
    'name' => 'name',
    'mail' => 'email',
  ),
  'oidc_create_groups' => true,

You can use this trick (see "Cryptic Usernames" work-around) to get proper usernames.

If you ever need to change the realm, you'll need to reset the cache with:

docker exec -u www-data <container-id> php occ config:app:delete oidc_login last_updated_well_known
docker exec -u www-data <container-id> php occ config:app:delete oidc_login last_updated_jwks

How do I enable multiple SSO login buttons?

We've been able to get this setup by using the social login plugin.

If using Keycloak, you'll want to do this trick also.

How can I customise the CSS?

There is some basic stuff in the admin settings.

To go a little deeper, you can use this handy app.

Here is an example CSS config which hides the local login and makes space for a central image:

#body-login .wrapper main form[name="login"],
#body-login .wrapper main form[name="login"] ~ a {
  display: none;
}

#body-login .logo {
  visibility: hidden;
}

#body-login #alternative-logins a.button[href*="oidc"] {
  background: #233b4a;
  color: #fff;
  transition: all 0.2s ease-in-out;
}
#body-login #alternative-logins a.button[href*="oidc"]:hover {
  background: linear-gradient(-35deg, #233b4a 40%, #486c83 100%);
}

#body-login #alternative-logins a.button[href*="/sociallogin/oauth/google"] {
  border: 0;
  color: #db4437 !important;
  background-color: #fff;
}

#body-login
  #alternative-logins
  a.button[href*="/sociallogin/oauth/google"]::before {
  width: 25px;
  background-color: #db4437;
  border-radius: 100%;
  background-size: 60%;
  background-position: center;
  height: 25px;
  vertical-align: middle;
  margin-right: 4px;
}

#body-login main {
  padding: 50vh 0 0 0;
}

#body-login a[href*="#body-login"] {
  visibility: hidden;
}

#body-login footer a,
#body-login footer p {
  color: #233b4a;
}

#body-login footer a:hover {
  color: #fff;
}

#body-login footer p.info {
  text-shadow: none;
}

Using previewgenerator app

Beware, this appp has been known to not work...

After you install, enable etc. then you need to run the generation (warning: it can take a long time!):

abra app run <domain> app bash -u www-data
./occ preview:generate-all

To set up the cron to run again, there is no clear solution in the context of containers. So, a pretty dodgy hack is to run it from the system directly:

root@foo.com /etc/cron.hourly $ cat foo-com-preview-generate 
#!/bin/bash

docker exec -u www-data $(docker ps -f name=foo_com_app -q) ./occ preview:pre-generate

This app will improve performance of image browsing at the cost of storage space.