From 1d96efe07c8a18c0aa58f69849a7b36940ce2dc5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Oct 2024 04:59:07 +0000 Subject: [PATCH 01/10] build(deps): bump strukturag/nextcloud-spreed-signaling Bumps strukturag/nextcloud-spreed-signaling from 2.0.0 to 2.0.1. --- updated-dependencies: - dependency-name: strukturag/nextcloud-spreed-signaling dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/talk/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index 6fa5a046903..13896e1bd97 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:latest FROM nats:2.10.22-scratch AS nats FROM eturnal/eturnal:1.12.1 AS eturnal -FROM strukturag/nextcloud-spreed-signaling:2.0.0 AS signaling +FROM strukturag/nextcloud-spreed-signaling:2.0.1 AS signaling FROM alpine:3.20.3 AS janus ARG JANUS_VERSION=v0.14.4 From cf8ba936c9f775aa73fefbcca16ce1892d26cfd2 Mon Sep 17 00:00:00 2001 From: Robert Riemann Date: Tue, 29 Oct 2024 15:12:15 +0100 Subject: [PATCH 02/10] elastic container: ingest-attachment is now module and not a plugin When this command is executed in elastic search v8.15.3, then this warning shows up: ~~~ bin/elasticsearch-plugin install --batch ingest-attachment warning: ignoring JAVA_HOME=/opt/bitnami/java; using ES_JAVA_HOME -> Installing ingest-attachment [ingest-attachment] is no longer a plugin but instead a module packaged with this distribution of Elasticsearch -> Please restart Elasticsearch to activate any plugins installed ~~~ The elastic website says: "The Ingest Attachment plugin is now included in Elasticsearch. See the Ingest Attachment processor." Source: Hence, I remove the explicit installation from the elastic container image. Signed-off-by: Robert Riemann --- Containers/fulltextsearch/Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile index b67b10673b9..4da28fa1521 100644 --- a/Containers/fulltextsearch/Dockerfile +++ b/Containers/fulltextsearch/Dockerfile @@ -14,8 +14,7 @@ RUN set -ex; \ apt-get install -y --no-install-recommends \ tzdata \ ; \ - rm -rf /var/lib/apt/lists/*; \ - elasticsearch-plugin install --batch ingest-attachment + rm -rf /var/lib/apt/lists/*; USER 1000:0 From 95c20fdfff90579a9a9c3e3cd0e55956f6cf6111 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 30 Oct 2024 10:56:06 +0100 Subject: [PATCH 03/10] nextcloud: clean up old sessions after 24h latest Signed-off-by: Simon L. --- Containers/nextcloud/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 1a376908c24..f846f11025a 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -134,6 +134,7 @@ RUN set -ex; \ echo 'redis.session.locking_enabled = 1'; \ echo 'redis.session.lock_retries = -1'; \ echo 'redis.session.lock_wait_time = 10000'; \ + echo 'session.gc_maxlifetime = 86400'; \ } > /usr/local/etc/php/conf.d/redis-session.ini; \ \ mkdir -p /var/www/data; \ From 9316555ecb890d97d1e795223aaf59b38dd15353 Mon Sep 17 00:00:00 2001 From: Perlover Date: Wed, 30 Oct 2024 13:43:19 +0100 Subject: [PATCH 04/10] Update docker-rootless.md 1) No NEXTCLOUD_MOUNT but there is NEXTCLOUD_DATADIR 2) Now in Docker recommended the few different detailed config: https://docs.docker.com/engine/security/rootless/#docker-run--p-does-not-propagate-source-ip-addresses Signed-off-by: Perlover --- docker-rootless.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docker-rootless.md b/docker-rootless.md index 754c44ae180..97bbc5c0593 100644 --- a/docker-rootless.md +++ b/docker-rootless.md @@ -18,7 +18,7 @@ You can run AIO with docker rootless by following the steps below. Almost all commands in this project's documentation use `sudo docker ...`. Since `sudo` is not needed in case of docker rootless, you simply remove `sudo` from the commands and they should work. ### Note regarding permissions -All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. E.g. with `sudo chown -R USERNAME:GROUPNAME /mnt/backup`. The same applies when changing Nextcloud's datadir. E.g. `sudo chown -R USERNAME:GROUPNAME /mnt/ncdata`. When you want to use the NEXTCLOUD_MOUNT option for local external storage, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value). +All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. E.g. with `sudo chown -R USERNAME:GROUPNAME /mnt/backup`. The same applies when changing Nextcloud's datadir. E.g. `sudo chown -R USERNAME:GROUPNAME /mnt/ncdata`. When you want to use the NEXTCLOUD_DATADIR option for local external storage, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value). ### Note regarding docker network driver By default rootless docker uses the `slirp4netns` IP driver and the `builtin` port driver. As mentioned in [the documentation](https://docs.docker.com/engine/security/rootless/#networking-errors), this combination doesn't provide "Source IP propagation". This means that Apache and Nextcloud will see all connections as coming from the docker gateway (e.g 172.19.0.1), which can lead to the Nextcloud brute force protection blocking all connection attempts. To expose the correct source IP, you will need to configure docker to also use `slirp4netns` as the port driver (see also [this guide](https://rootlesscontaine.rs/getting-started/docker/#changing-the-port-forwarder)). @@ -29,9 +29,10 @@ As stated in the documentation, this change will likely lead to decreased networ with the following content: ``` [Service] + Environment="DOCKERD_ROOTLESS_ROOTLESSKIT_NET=slirp4netns" Environment="DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER=slirp4netns" ``` * Restart the docker daemon ``` systemctl --user restart docker - ``` \ No newline at end of file + ``` From 4b51f85d98f5cc9a636b43029949502a6f708d7c Mon Sep 17 00:00:00 2001 From: jr_blue_551 Date: Wed, 30 Oct 2024 19:27:10 +0000 Subject: [PATCH 05/10] Update readme.md Signed-off-by: jr_blue_551 --- community-containers/npmplus/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/community-containers/npmplus/readme.md b/community-containers/npmplus/readme.md index 538e511a62b..8667935239d 100644 --- a/community-containers/npmplus/readme.md +++ b/community-containers/npmplus/readme.md @@ -7,7 +7,7 @@ This container contains a fork of the Nginx Proxy Manager, which is a WebUI for - Make sure that no other service is using port `443 (tcp/upd)` or `81 (tcp)` on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep "443\|81"` before installing AIO. - Please change the default login data first, after you can read inside the logs that the default config for AIO is created and there are no errors. - After the container was started the first time, please check the logs for errors. Then you can open NPMplus on `https://:81` and change the password. -- The default password is `iArhP1j7p1P6TA92FA2FMbbUGYqwcYzxC4AVEe12Wbi94FY9gNN62aKyF1shrvG4NycjjX9KfmDQiwkLZH1ZDR9xMjiG2QmoHXi` and the default email is `admin@example.com` +- The default password is `iArhP1j7p1P6TA92FA2FMbbUGYqwcYzxC4AVEe12Wbi94FY9gNN62aKyF1shrvG4NycjjX9KfmDQiwkLZH1ZDR9xMjiG2QmoHXi` and the default email is `admin@example.org` - If you want to use NPMplus behind a domain and outside localhost just create a new proxy host inside the NPMplus which proxies to `https`, `127.0.0.1` and port `81` - all other settings should be the same as for the AIO host. - If you want to set env options from this [compose.yaml](https://github.com/ZoeyVid/NPMplus/blob/develop/compose.yaml), please set them inside the `.env` file which you can find in the `nextcloud_aio_npmplus` volume - The data (certs, configs, etc.) of NPMplus will be automatically included in AIOs backup solution! From bd799bd753ccfcead272b3582f2e7f71895b6c3d Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 31 Oct 2024 11:48:39 +0100 Subject: [PATCH 06/10] address review Signed-off-by: Simon L. --- docker-rootless.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docker-rootless.md b/docker-rootless.md index 97bbc5c0593..f77b4a547f0 100644 --- a/docker-rootless.md +++ b/docker-rootless.md @@ -18,7 +18,8 @@ You can run AIO with docker rootless by following the steps below. Almost all commands in this project's documentation use `sudo docker ...`. Since `sudo` is not needed in case of docker rootless, you simply remove `sudo` from the commands and they should work. ### Note regarding permissions -All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. E.g. with `sudo chown -R USERNAME:GROUPNAME /mnt/backup`. The same applies when changing Nextcloud's datadir. E.g. `sudo chown -R USERNAME:GROUPNAME /mnt/ncdata`. When you want to use the NEXTCLOUD_DATADIR option for local external storage, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value). +All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. E.g. with `sudo chown -R USERNAME:GROUPNAME /mnt/backup`. The same applies when changing Nextcloud's datadir via NEXTCLOUD_DATADIR. E.g. `sudo chown -R USERNAME:GROUPNAME /mnt/ncdata`. When you want to use the NEXTCLOUD_MOUNT option for local external storage, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value). + ### Note regarding docker network driver By default rootless docker uses the `slirp4netns` IP driver and the `builtin` port driver. As mentioned in [the documentation](https://docs.docker.com/engine/security/rootless/#networking-errors), this combination doesn't provide "Source IP propagation". This means that Apache and Nextcloud will see all connections as coming from the docker gateway (e.g 172.19.0.1), which can lead to the Nextcloud brute force protection blocking all connection attempts. To expose the correct source IP, you will need to configure docker to also use `slirp4netns` as the port driver (see also [this guide](https://rootlesscontaine.rs/getting-started/docker/#changing-the-port-forwarder)). From c78bffbff9146af2beb70a897bc8239774cfdcb4 Mon Sep 17 00:00:00 2001 From: zybster Date: Fri, 1 Nov 2024 09:09:21 +0100 Subject: [PATCH 07/10] Update readme.md Since IX System ditched Kubernetes and integrated a full-fledged docker environment in Truenas Scale 24.10.0 (Electric Eel) it is now very easy to install Nextcloud AIO on Scale On way is listed here. Signed-off-by: zybster --- readme.md | 45 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 44 insertions(+), 1 deletion(-) diff --git a/readme.md b/readme.md index 928319314b0..111e73f15b4 100644 --- a/readme.md +++ b/readme.md @@ -219,7 +219,50 @@ If you have the NAS setup on your local network (which is most often the case) y The easiest way to run it with Portainer on Linux is to use Portainer's stacks feature and use [this docker-compose file](./compose.yaml) in order to start AIO correctly. ### Can I run AIO on TrueNAS SCALE? -On TrueNAS SCALE, there are two ways to run AIO. The preferred one is to run AIO inside a VM. This is necessary since they do not expose the docker socket for containers on the host, you also cannot use docker-compose on it thus and it is also not possible to run custom helm-charts that are not explicitly written for TrueNAS SCALE. + +With the Truenas Scale Release 24.10.0 (which was officially released on October 29th 2024 as a stable release) IX Systems ditched the Kubernetes integration and implemented a fully working docker environment. + +One way to run Nextcloud AIO on the new Truenas Scale release is: +- Create a dataset on your Scale instance for your docker containers / stacks (e.g. /mnt/tank/docker) + +- Install dockge app (Apps -> Discover Apps -> search Dockge -> Install -> In the Dockge Configuration select: + - Port for Dockge (standard is 5001) + - Hostpath folder for stacks /mnt/tank/docker + - Hostpath folder for dockge data /mnt/tank/docker/dockge + +- Go to the Dockge Webui and create a new Stack for the AIO Mastercontainer + +
+ Click here to expand + +``` +services: + nextcloud: + image: nextcloud/all-in-one:latest # Must be changed to 'nextcloud/all-in-one:latest-arm64' when used with an arm64 CPU + restart: always + container_name: nextcloud-aio-mastercontainer + volumes: + - nextcloud_aio_mastercontainer:/mnt/docker-aio-config + - /var/run/docker.sock:/var/run/docker.sock:ro + ports: + - 8080:8080 + environment: + # Is needed when using any of the options below + - APACHE_PORT=11000 # Is needed when running behind a reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md + - NEXTCLOUD_DATADIR=/mnt/tank/docker/nextcloud_aio/data # Allows to set the host directory for Nextcloud's datadir. See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir + - NEXTCLOUD_MOUNT=/mnt/tank/docker/nextcloud_aio # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host + - NEXTCLOUD_MEMORY_LIMIT=4096M +networks: {} + +volumes: + nextcloud_aio_mastercontainer: + name: nextcloud_aio_mastercontainer +``` +
+ +- Deploy the Stack and Nextcloud AIO is running on your Truenas Scale + +On older TrueNAS SCALE releases with Kubernetes environment, there are two ways to run AIO. The preferred one is to run AIO inside a VM. This is necessary since they do not expose the docker socket for containers on the host, you also cannot use docker-compose on it thus and it is also not possible to run custom helm-charts that are not explicitly written for TrueNAS SCALE. Another but untested way is to install Portainer on your TrueNAS SCALE from here https://truecharts.org/charts/stable/portainer/installation-notes and add the Helm-chart repository https://nextcloud.github.io/all-in-one/ into Portainer by following https://docs.portainer.io/user/kubernetes/helm. More docs on AIOs Helm Chart are available here: https://github.com/nextcloud/all-in-one/tree/main/nextcloud-aio-helm-chart#nextcloud-aio-helm-chart. From 0ff08f00f1524c60da1db16dcc122366e0714bc0 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 1 Nov 2024 10:42:18 +0100 Subject: [PATCH 08/10] adjust the PR and add link to guide Signed-off-by: Simon L. --- readme.md | 40 +--------------------------------------- 1 file changed, 1 insertion(+), 39 deletions(-) diff --git a/readme.md b/readme.md index 111e73f15b4..328a9729294 100644 --- a/readme.md +++ b/readme.md @@ -222,45 +222,7 @@ The easiest way to run it with Portainer on Linux is to use Portainer's stacks f With the Truenas Scale Release 24.10.0 (which was officially released on October 29th 2024 as a stable release) IX Systems ditched the Kubernetes integration and implemented a fully working docker environment. -One way to run Nextcloud AIO on the new Truenas Scale release is: -- Create a dataset on your Scale instance for your docker containers / stacks (e.g. /mnt/tank/docker) - -- Install dockge app (Apps -> Discover Apps -> search Dockge -> Install -> In the Dockge Configuration select: - - Port for Dockge (standard is 5001) - - Hostpath folder for stacks /mnt/tank/docker - - Hostpath folder for dockge data /mnt/tank/docker/dockge - -- Go to the Dockge Webui and create a new Stack for the AIO Mastercontainer - -
- Click here to expand - -``` -services: - nextcloud: - image: nextcloud/all-in-one:latest # Must be changed to 'nextcloud/all-in-one:latest-arm64' when used with an arm64 CPU - restart: always - container_name: nextcloud-aio-mastercontainer - volumes: - - nextcloud_aio_mastercontainer:/mnt/docker-aio-config - - /var/run/docker.sock:/var/run/docker.sock:ro - ports: - - 8080:8080 - environment: - # Is needed when using any of the options below - - APACHE_PORT=11000 # Is needed when running behind a reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md - - NEXTCLOUD_DATADIR=/mnt/tank/docker/nextcloud_aio/data # Allows to set the host directory for Nextcloud's datadir. See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir - - NEXTCLOUD_MOUNT=/mnt/tank/docker/nextcloud_aio # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host - - NEXTCLOUD_MEMORY_LIMIT=4096M -networks: {} - -volumes: - nextcloud_aio_mastercontainer: - name: nextcloud_aio_mastercontainer -``` -
- -- Deploy the Stack and Nextcloud AIO is running on your Truenas Scale +For a more complete guide, see this guide by @zybster: https://github.com/nextcloud/all-in-one/discussions/5506 On older TrueNAS SCALE releases with Kubernetes environment, there are two ways to run AIO. The preferred one is to run AIO inside a VM. This is necessary since they do not expose the docker socket for containers on the host, you also cannot use docker-compose on it thus and it is also not possible to run custom helm-charts that are not explicitly written for TrueNAS SCALE. From 013306fff7eb98c7b59a7fe23ec7abfbaf3f7b69 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 1 Nov 2024 11:57:03 +0100 Subject: [PATCH 09/10] update screenshot Signed-off-by: Simon L. --- readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.md b/readme.md index 328a9729294..9f3cde93e12 100644 --- a/readme.md +++ b/readme.md @@ -78,7 +78,7 @@ Included are: ## Screenshots | First setup | After installation | |---|---| -| ![image](https://github.com/user-attachments/assets/6ef5d7b5-86f2-402c-bc6c-b633af2ca7dd) | ![image](https://github.com/user-attachments/assets/5f510667-a172-4841-b916-89025debef3a) | +| ![image](https://github.com/user-attachments/assets/6ef5d7b5-86f2-402c-bc6c-b633af2ca7dd) | ![image](https://github.com/user-attachments/assets/939d0fdf-436f-433d-82d3-27548263a040) | ## How to use this? The following instructions are meant for installations without a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) already being in place. If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), see the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md). Also, the instructions below are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows) and for Synology see [this](#how-to-run-aio-on-synology-dsm). From c823816a79205694eab9942dcff735aebf6c46dd Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Sat, 2 Nov 2024 17:22:25 +0100 Subject: [PATCH 10/10] Update readme.md Signed-off-by: Simon L. --- readme.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/readme.md b/readme.md index 9f3cde93e12..2768b571940 100644 --- a/readme.md +++ b/readme.md @@ -344,7 +344,10 @@ Additionally, there is a cronjob that runs once a day that checks for container AIO ships its own update notifications implementation. It checks if container updates are available. If so, it sends a notification with the title `Container updates available!` on saturdays to Nextcloud users that are part of the `admin` group. If the Nextcloud container image should be older than 90 days (~3 months) and thus badly outdated, AIO sends a notification to all Nextcloud users with the title `AIO is outdated!`. Thus admins should make sure to update the container images at least once every 3 months in order to make sure that the instance gets all security bugfixes as soon as possible. ### How to easily log in to the AIO interface? -If your Nextcloud is running and you are logged in as admin in your Nextcloud, you can easily log in to the AIO interface by opening `https://yourdomain.tld/settings/admin/overview` which will show a button on top that enables you to log in to the AIO interface by just clicking on this button. **Note:** You can change the domain/ip-address/port of the button by simply stopping the containers, visiting the AIO interface from the correct and desired domain/ip-address/port and clicking once on `Start containers`. +If your Nextcloud is running and you are logged in as admin in your Nextcloud, you can easily log in to the AIO interface by opening `https://yourdomain.tld/settings/admin/overview` which will show a button on top that enables you to log in to the AIO interface by just clicking on this button. + +> [!Note] +> You can change the domain/ip-address/port of the button by simply stopping the containers, visiting the AIO interface from the correct and desired domain/ip-address/port and clicking once on `Start containers`. ### How to change the domain? > [!NOTE]