Delmar/docker_dev
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updates

Browse Source
This commit is contained in:
Julieñ
2025-11-17 18:51:08 +01:00
parent 14d6f9aa73
commit 7fb0d2212a
318 changed files with 35761 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
nextcloud-aio/Containers/mastercontainer/Caddyfile Normal file
View File

@@ -0,0 +1,37 @@
{
# auto_https will create redirects for https://{host}:8443 instead of https://{host}
# https redirects are added manually in the http://:80 block
auto_https disable_redirects
storage file_system {
root /mnt/docker-aio-config/caddy/
}
log {
level ERROR
}
servers {
protocols h1 h2 h2c
}
on_demand_tls {
ask http://127.0.0.1:9876/
}
}
http://:80 {
redir https://{host}{uri} permanent
}
https://:8443 {
reverse_proxy 127.0.0.1:8000
tls {
on_demand
issuer acme {
disable_tlsalpn_challenge
}
}
}

132
nextcloud-aio/Containers/mastercontainer/Dockerfile Normal file
View File

@@ -0,0 +1,132 @@
# syntax=docker/dockerfile:latest
# Docker CLI is a requirement
FROM docker:28.5.0-cli AS docker
# Caddy is a requirement
FROM caddy:2.10.2-alpine AS caddy
# From https://github.com/docker-library/php/blob/master/8.4/alpine3.22/fpm/Dockerfile
FROM php:8.4.13-fpm-alpine3.22
EXPOSE 80
EXPOSE 8080
EXPOSE 8443
COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
COPY --from=docker /usr/local/bin/docker /usr/local/bin/docker
COPY community-containers /var/www/docker-aio/community-containers
COPY php /var/www/docker-aio/php
COPY --chmod=775 Containers/mastercontainer/*.sh /
COPY --chmod=664 Containers/mastercontainer/Caddyfile /Caddyfile
COPY --chmod=664 Containers/mastercontainer/supervisord.conf /supervisord.conf
COPY Containers/mastercontainer/mastercontainer.conf /etc/apache2/sites-available/mastercontainer.conf
WORKDIR /var/www/docker-aio
# hadolint ignore=SC2086,DL3047,DL3003,DL3004
RUN set -ex; \
apk upgrade --no-cache -a; \
apk add --no-cache shadow; \
groupmod -g 33 www-data; \
usermod -u 33 -g 33 www-data; \
\
apk add --no-cache \
util-linux-misc \
ca-certificates \
wget \
bash \
apache2 \
apache2-proxy \
apache2-ssl \
supervisor \
openssl \
sudo \
netcat-openbsd \
curl \
grep; \
\
apk add --no-cache --virtual .build-deps \
autoconf \
build-base; \
pecl install APCu-5.1.27; \
docker-php-ext-enable apcu; \
rm -r /tmp/pear; \
runDeps="$( \
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \
| tr ',' '\n' \
| sort -u \
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
)"; \
apk add --no-cache --virtual .nextcloud-aio-rundeps $runDeps; \
apk del .build-deps; \
grep -q '^pm = dynamic' /usr/local/etc/php-fpm.d/www.conf; \
sed -i 's/^pm = dynamic/pm = ondemand/' /usr/local/etc/php-fpm.d/www.conf; \
sed -i 's/^pm.max_children =.*/pm.max_children = 80/' /usr/local/etc/php-fpm.d/www.conf; \
sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf; \
grep -q ';listen.allowed_clients' /usr/local/etc/php-fpm.d/www.conf; \
sed -i 's|;listen.allowed_clients.*|listen.allowed_clients = 127.0.0.1,::1|' /usr/local/etc/php-fpm.d/www.conf; \
\
apk add --no-cache git; \
wget https://getcomposer.org/installer -O - | php -- --install-dir=/usr/local/bin --filename=composer; \
chmod +x /usr/local/bin/composer; \
cd /var/www/docker-aio; \
rm -r ./php/tests; \
chown www-data:www-data -R /var/www/docker-aio; \
cd php; \
sudo -u www-data composer install --no-dev; \
sudo -u www-data composer clear-cache; \
cd ..; \
rm -f /usr/local/bin/composer; \
chmod -R 770 /var/www/docker-aio; \
chown -R www-data:www-data /var/www; \
rm -r php/data; \
rm -r php/session; \
\
mkdir -p /etc/apache2/certs; \
cd /etc/apache2/certs; \
openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=DE/ST=BE/L=Local/O=Dev/CN=nextcloud.local" -keyout /etc/apache2/certs/ssl.key -out /etc/apache2/certs/ssl.crt; \
\
sed -i \
-e '/^Listen /d' \
-e 's/^LogLevel .*/LogLevel error/' \
-e 's|^ErrorLog .*|ErrorLog /proc/self/fd/2|' \
-e 's/User apache/User www-data/g' \
-e 's/Group apache/Group www-data/g' \
-e 's/^#\(LoadModule .*mod_rewrite.so\)/\1/' \
-e 's/^#\(LoadModule .*mod_headers.so\)/\1/' \
-e 's/^#\(LoadModule .*mod_env.so\)/\1/' \
-e 's/^#\(LoadModule .*mod_mime.so\)/\1/' \
-e 's/^#\(LoadModule .*mod_dir.so\)/\1/' \
-e 's/^#\(LoadModule .*mod_authz_core.so\)/\1/' \
-e 's/^#\(LoadModule .*mod_mpm_event.so\)/\1/' \
-e 's/\(LoadModule .*mod_mpm_worker.so\)/#\1/' \
-e 's/\(LoadModule .*mod_mpm_prefork.so\)/#\1/' \
-e 's/\(ScriptAlias \)/#\1/' \
/etc/apache2/httpd.conf; \
mkdir -p /etc/apache2/logs; \
rm /etc/apache2/conf.d/ssl.conf; \
echo "ServerName localhost" | tee -a /etc/apache2/httpd.conf; \
grep -q '^LoadModule lbmethod_heartbeat_module' /etc/apache2/conf.d/proxy.conf; \
sed -i 's|^LoadModule lbmethod_heartbeat_module.*|#LoadModule lbmethod_heartbeat_module|' /etc/apache2/conf.d/proxy.conf; \
echo "SSLSessionCache nonenotnull" | tee -a /etc/apache2/httpd.conf; \
echo "LoadModule ssl_module modules/mod_ssl.so" | tee -a /etc/apache2/httpd.conf; \
echo "LoadModule socache_shmcb_module modules/mod_socache_shmcb.so" | tee -a /etc/apache2/httpd.conf; \
echo "Include /etc/apache2/sites-available/mastercontainer.conf" | tee -a /etc/apache2/httpd.conf; \
\
rm -f /etc/apache2/conf.d/default.conf \
/etc/apache2/conf.d/userdir.conf \
/etc/apache2/conf.d/info.conf; \
\
rm -rf /var/www/localhost/cgi-bin/; \
mkdir /var/log/supervisord; \
mkdir /var/run/supervisord;
LABEL org.label-schema.vendor="Nextcloud"
# hadolint ignore=DL3002
USER root
ENTRYPOINT ["/start.sh"]
HEALTHCHECK CMD /healthcheck.sh

30
nextcloud-aio/Containers/mastercontainer/backup-time-file-watcher.sh Normal file
View File

@@ -0,0 +1,30 @@
#!/bin/bash
restart_process() {
echo "Restarting cron.sh because daily backup time was set, changed or unset."
pkill cron.sh
}
file_present() {
if [ -f "/mnt/docker-aio-config/data/daily_backup_time" ]; then
if [ "$FILE_PRESENT" = 0 ]; then
restart_process
else
if [ -n "$BACKUP_TIME" ] && [ "$(head -1 "/mnt/docker-aio-config/data/daily_backup_time")" != "$BACKUP_TIME" ]; then
restart_process
fi
fi
FILE_PRESENT=1
BACKUP_TIME="$(head -1 "/mnt/docker-aio-config/data/daily_backup_time")"
else
if [ "$FILE_PRESENT" = 1 ]; then
restart_process
fi
FILE_PRESENT=0
fi
}
while true; do
file_present
sleep 2
done

75
nextcloud-aio/Containers/mastercontainer/cron.sh Normal file
View File

@@ -0,0 +1,75 @@
#!/bin/bash
while true; do
if [ -f "/mnt/docker-aio-config/data/daily_backup_time" ]; then
set -x
BACKUP_TIME="$(head -1 "/mnt/docker-aio-config/data/daily_backup_time")"
export BACKUP_TIME
export DAILY_BACKUP=1
if [ "$(sed -n '2p' "/mnt/docker-aio-config/data/daily_backup_time")" != 'automaticUpdatesAreNotEnabled' ]; then
export AUTOMATIC_UPDATES=1
else
export AUTOMATIC_UPDATES=0
export START_CONTAINERS=1
fi
if [ "$(sed -n '3p' "/mnt/docker-aio-config/data/daily_backup_time")" != 'successNotificationsAreNotEnabled' ]; then
export SEND_SUCCESS_NOTIFICATIONS=1
else
export SEND_SUCCESS_NOTIFICATIONS=0
fi
set +x
if [ -f "/mnt/docker-aio-config/data/daily_backup_running" ]; then
export LOCK_FILE_PRESENT=1
else
export LOCK_FILE_PRESENT=0
fi
else
export BACKUP_TIME="04:00"
export DAILY_BACKUP=0
export LOCK_FILE_PRESENT=0
fi
# Allow to continue directly if e.g. the mastercontainer was updated. Otherwise wait for the next execution
if [ "$LOCK_FILE_PRESENT" = 0 ]; then
while [ "$(date +%H:%M)" != "$BACKUP_TIME" ]; do
sleep 30
done
fi
if [ "$DAILY_BACKUP" = 1 ]; then
bash /daily-backup.sh
fi
# Make sure to delete the lock file always
rm -f "/mnt/docker-aio-config/data/daily_backup_running"
# Check for updates and send notification if yes on saturdays
if [ "$(date +%u)" = 6 ]; then
sudo -u www-data php /var/www/docker-aio/php/src/Cron/UpdateNotification.php
fi
# Check if AIO is outdated
sudo -u www-data php /var/www/docker-aio/php/src/Cron/OutdatedNotification.php
# Remove sessions older than 24h
find "/mnt/docker-aio-config/session/" -mindepth 1 -mmin +1440 -delete
# Remove nextcloud-aio-domaincheck container
if sudo -u www-data docker ps --format "{{.Names}}" --filter "status=exited" | grep -q "^nextcloud-aio-domaincheck$"; then
sudo -u www-data docker container remove nextcloud-aio-domaincheck
fi
# Remove dangling images
sudo -u www-data docker image prune --force
# Check for available free space
sudo -u www-data php /var/www/docker-aio/php/src/Cron/CheckFreeDiskSpace.php
# Remove mastercontainer from default bridge network
if sudo -u www-data docker inspect nextcloud-aio-mastercontainer --format "{{.NetworkSettings.Networks}}" | grep -q "bridge"; then
sudo -u www-data docker network disconnect bridge nextcloud-aio-mastercontainer
fi
# Wait 60s so that the whole loop will not be executed again
sleep 60
done

133
nextcloud-aio/Containers/mastercontainer/daily-backup.sh Normal file
View File

@@ -0,0 +1,133 @@
#!/bin/bash
echo "Daily backup script has started"
# Check if initial configuration has been done, otherwise this script should do nothing.
CONFIG_FILE=/mnt/docker-aio-config/data/configuration.json
if ! [ -f "$CONFIG_FILE" ] || ! grep -q "wasStartButtonClicked.*1" "$CONFIG_FILE"; then
echo "Initial configuration via AIO interface not done yet. Exiting..."
exit 0
fi
# Daily backup and backup check cannot be run at the same time
if [ "$DAILY_BACKUP" = 1 ] && [ "$CHECK_BACKUP" = 1 ]; then
echo "Daily backup and backup check cannot be run at the same time. Exiting..."
exit 1
fi
# Delete all active sessions and create a lock file
# But don't kick out the user if the mastercontainer was just updated since we block the interface either way with the lock file
if [ "$LOCK_FILE_PRESENT" = 0 ] || ! [ -f "/mnt/docker-aio-config/data/daily_backup_running" ]; then
find "/mnt/docker-aio-config/session/" -mindepth 1 -delete
fi
sudo -u www-data touch "/mnt/docker-aio-config/data/daily_backup_running"
# Check if apache is running/stopped, watchtower is stopped and backupcontainer is stopped
APACHE_PORT="$(docker inspect nextcloud-aio-apache --format "{{.Config.Env}}" | grep -o 'APACHE_PORT=[0-9]\+' | grep -o '[0-9]\+' | head -1)"
if [ -z "$APACHE_PORT" ]; then
echo "APACHE_PORT is not set which is not expected..."
else
# Connect mastercontainer to nextcloud-aio network to make sure that nextcloud-aio-apache is reachable
# Prevent issues like https://github.com/nextcloud/all-in-one/discussions/5222
docker network connect nextcloud-aio nextcloud-aio-mastercontainer &>/dev/null
# Wait for apache to start
while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-apache$" && ! nc -z nextcloud-aio-apache "$APACHE_PORT"; do
echo "Waiting for apache to become available"
sleep 30
done
fi
while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; do
echo "Waiting for watchtower to stop"
sleep 30
done
while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-borgbackup$"; do
echo "Waiting for borgbackup to stop"
sleep 30
done
# Update the mastercontainer
if [ "$AUTOMATIC_UPDATES" = 1 ]; then
echo "Starting mastercontainer update..."
echo "(The script might get exited due to that. In order to update all the other containers correctly, you need to run this script with the same settings a second time.)"
sudo -u www-data php /var/www/docker-aio/php/src/Cron/UpdateMastercontainer.php
fi
# Wait for watchtower to stop
if [ "$AUTOMATIC_UPDATES" = 1 ]; then
if ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; then
echo "Something seems to be wrong: Watchtower should be started at this step."
fi
while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; do
echo "Waiting for watchtower to stop"
sleep 30
done
fi
# Update container images to reduce downtime later on
if [ "$AUTOMATIC_UPDATES" = 1 ]; then
echo "Updating container images..."
sudo -u www-data php /var/www/docker-aio/php/src/Cron/PullContainerImages.php
fi
# Stop containers if required
# shellcheck disable=SC2235
if [ "$CHECK_BACKUP" != 1 ] && ([ "$DAILY_BACKUP" != 1 ] || [ "$STOP_CONTAINERS" = 1 ]); then
echo "Stopping containers..."
sudo -u www-data php /var/www/docker-aio/php/src/Cron/StopContainers.php
fi
# Execute the backup itself and some related tasks (also stops the containers)
if [ "$DAILY_BACKUP" = 1 ]; then
echo "Creating daily backup..."
sudo -u www-data php /var/www/docker-aio/php/src/Cron/CreateBackup.php
if ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-borgbackup$"; then
echo "Something seems to be wrong: the borg container should be started at this step."
fi
while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-borgbackup$"; do
echo "Waiting for backup container to stop"
sleep 30
done
fi
# Execute backup check
if [ "$CHECK_BACKUP" = 1 ]; then
echo "Starting backup check..."
sudo -u www-data php /var/www/docker-aio/php/src/Cron/CheckBackup.php
fi
# Start and/or update containers
if [ "$AUTOMATIC_UPDATES" = 1 ]; then
echo "Starting and updating containers..."
sudo -u www-data php /var/www/docker-aio/php/src/Cron/StartAndUpdateContainers.php
else
if [ "$START_CONTAINERS" = 1 ]; then
echo "Starting containers without updating them..."
sudo -u www-data php /var/www/docker-aio/php/src/Cron/StartContainers.php
fi
fi
# Delete the lock file
rm -f "/mnt/docker-aio-config/data/daily_backup_running"
# Send backup notification
# shellcheck disable=SC2235
if [ "$DAILY_BACKUP" = 1 ] && ([ "$AUTOMATIC_UPDATES" = 1 ] || [ "$START_CONTAINERS" = 1 ]); then
# Wait for the nextcloud container to start and send if the backup was successful
if ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-nextcloud$"; then
echo "Something seems to be wrong: Nextcloud should be started at this step."
else
while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-nextcloud$" && ! nc -z nextcloud-aio-nextcloud 9000; do
echo "Waiting for the Nextcloud container to start"
sleep 30
if [ "$(docker inspect nextcloud-aio-nextcloud --format "{{.State.Restarting}}")" = "true" ]; then
echo "Nextcloud container restarting. Skipping this check!"
break
fi
done
fi
echo "Sending backup notification..."
sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/BackupNotification.php
fi
echo "Daily backup script has finished"

10
nextcloud-aio/Containers/mastercontainer/healthcheck.sh Normal file
View File

@@ -0,0 +1,10 @@
#!/bin/bash
if [ -f "/mnt/docker-aio-config/data/configuration.json" ]; then
nc -z 127.0.0.1 80 || exit 1
nc -z 127.0.0.1 8000 || exit 1
nc -z 127.0.0.1 8080 || exit 1
nc -z 127.0.0.1 8443 || exit 1
nc -z 127.0.0.1 9000 || exit 1
nc -z 127.0.0.1 9876 || exit 1
fi

62
nextcloud-aio/Containers/mastercontainer/mastercontainer.conf Normal file
View File

@@ -0,0 +1,62 @@
Listen 8000
Listen 8080
# Deny access to .ht files
<Files ".ht*">
Require all denied
</Files>
# Http host
<VirtualHost *:8000>
ServerName localhost
# Add error log
CustomLog /proc/self/fd/1 proxy
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
ErrorLog /proc/self/fd/2
ErrorLogFormat "[%t] [%l] [%E] [client: %{X-Forwarded-For}i] [%M] [%{User-Agent}i]"
LogLevel warn
# PHP match
<FilesMatch "\.php$">
SetHandler "proxy:fcgi://127.0.0.1:9000"
</FilesMatch>
# Master dir
DocumentRoot /var/www/docker-aio/php/public/
<Directory /var/www/docker-aio/php/public/>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [QSA,L]
Options Indexes FollowSymLinks
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
Satisfy Any
<IfModule mod_dav.c>
Dav off
</IfModule>
</Directory>
</VirtualHost>
# Https host
<VirtualHost *:8080>
# Proxy to https
ProxyPass / http://127.0.0.1:8000/
ProxyPassReverse / http://127.0.0.1:8000/
ProxyPreserveHost On
# SSL
SSLCertificateKeyFile /etc/apache2/certs/ssl.key
SSLCertificateFile /etc/apache2/certs/ssl.crt
SSLEngine on
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
SSLHonorCipherOrder off
SSLSessionTickets off
</VirtualHost>
# Increase timeout in case e.g. the initial download takes a long time
Timeout 7200
ProxyTimeout 7200
# See https://httpd.apache.org/docs/trunk/mod/core.html#traceenable
TraceEnable Off

22
nextcloud-aio/Containers/mastercontainer/session-deduplicator.sh Normal file
View File

@@ -0,0 +1,22 @@
#!/bin/bash
deduplicate_sessions() {
echo "Deleting duplicate sessions"
find "/mnt/docker-aio-config/session/" -mindepth 1 -exec grep -qv "$NEW_SESSION_TIME" {} \; -delete
}
compare_times() {
if [ -f "/mnt/docker-aio-config/data/session_date_file" ]; then
unset NEW_SESSION_TIME
NEW_SESSION_TIME="$(cat "/mnt/docker-aio-config/data/session_date_file")"
if [ -n "$NEW_SESSION_TIME" ] && [ -n "$OLD_SESSION_TIME" ] && [ "$NEW_SESSION_TIME" != "$OLD_SESSION_TIME" ]; then
deduplicate_sessions
fi
OLD_SESSION_TIME="$NEW_SESSION_TIME"
fi
}
while true; do
compare_times
sleep 2
done

390
nextcloud-aio/Containers/mastercontainer/start.sh Normal file
View File

@@ -0,0 +1,390 @@
#!/bin/bash
# Function to show text in green
print_green() {
local TEXT="$1"
printf "%b%s%b\n" "\e[0;92m" "$TEXT" "\e[0m"
}
# Function to show text in red
print_red() {
local TEXT="$1"
printf "%b%s%b\n" "\e[0;31m" "$TEXT" "\e[0m"
}
# Function to check if number was provided
check_if_number() {
case "${1}" in
''|*[!0-9]*) return 1 ;;
*) return 0 ;;
esac
}
# Check if running as root user
if [ "$EUID" != "0" ]; then
print_red "Container does not run as root user. This is not supported."
exit 1
fi
# Check that the CMD is not overwritten nor set
if [ "$*" != "" ]; then
print_red "Docker run command for AIO is incorrect as a CMD option was given which is not expected."
exit 1
fi
# Check if socket is available and readable
if ! [ -e "/var/run/docker.sock" ]; then
print_red "Docker socket is not available. Cannot continue."
echo "Please make sure to mount the docker socket into /var/run/docker.sock inside the container!"
echo "If you did this by purpose because you don't want the container to have access to the docker socket, see https://github.com/nextcloud/all-in-one/tree/main/manual-install."
echo "And https://github.com/nextcloud/all-in-one/blob/main/manual-install/latest.yml"
exit 1
elif ! mountpoint -q "/mnt/docker-aio-config"; then
print_red "/mnt/docker-aio-config is not a mountpoint. Cannot proceed!"
echo "Please make sure to mount the nextcloud_aio_mastercontainer docker volume into /mnt/docker-aio-config inside the container!"
echo "If you are on TrueNas SCALE, see https://github.com/nextcloud/all-in-one#can-i-run-aio-on-truenas-scale"
exit 1
elif mountpoint -q /var/www/docker-aio/php/containers.json; then
print_red "/var/www/docker-aio/php/containers.json is a mountpoint. Cannot proceed!"
echo "This is a not-supported customization of the mastercontainer!"
echo "Please remove this bind-mount from the mastercontainer."
echo "If you need to customize things, feel free to use https://github.com/nextcloud/all-in-one/tree/main/manual-install"
echo "See https://github.com/nextcloud/all-in-one/blob/main/manual-install/latest.yml"
exit 1
elif ! sudo -u www-data test -r /var/run/docker.sock; then
echo "Trying to fix docker.sock permissions internally..."
DOCKER_GROUP=$(stat -c '%G' /var/run/docker.sock)
DOCKER_GROUP_ID=$(stat -c '%g' /var/run/docker.sock)
# Check if a group with the same group name of /var/run/docker.socket already exists in the container
if grep -q "^$DOCKER_GROUP:" /etc/group; then
# If yes, add www-data to that group
echo "Adding internal www-data to group $DOCKER_GROUP"
usermod -aG "$DOCKER_GROUP" www-data
else
# Delete the docker group for cases when the docker socket permissions changed between restarts
groupdel docker &>/dev/null
# If the group doesn't exist, create it
echo "Creating docker group internally with id $DOCKER_GROUP_ID"
groupadd -g "$DOCKER_GROUP_ID" docker
usermod -aG docker www-data
fi
if ! sudo -u www-data test -r /var/run/docker.sock; then
print_red "Docker socket is not readable by the www-data user. Cannot continue."
exit 1
fi
fi
# Check if api version is supported
if ! sudo -u www-data docker info &>/dev/null; then
print_red "Cannot connect to the docker socket. Cannot proceed."
echo "Did you maybe remove group read permissions for the docker socket? AIO needs them in order to access the docker socket."
echo "If SELinux is enabled on your host, see https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled"
echo "If you are on TrueNas SCALE, see https://github.com/nextcloud/all-in-one#can-i-run-aio-on-truenas-scale"
exit 1
fi
API_VERSION_FILE="$(find ./ -name DockerActionManager.php | head -1)"
API_VERSION="$(grep -oP 'const string API_VERSION.*\;' "$API_VERSION_FILE" | grep -oP '[0-9]+.[0-9]+' | head -1)"
# shellcheck disable=SC2001
API_VERSION_NUMB="$(echo "$API_VERSION" | sed 's/\.//')"
LOCAL_API_VERSION_NUMB="$(sudo -u www-data docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')"
if [ -n "$LOCAL_API_VERSION_NUMB" ] && [ -n "$API_VERSION_NUMB" ]; then
if ! [ "$LOCAL_API_VERSION_NUMB" -ge "$API_VERSION_NUMB" ]; then
print_red "Docker API v$API_VERSION is not supported by your docker engine. Cannot proceed. Please upgrade your docker engine if you want to run Nextcloud AIO!"
exit 1
fi
else
echo "LOCAL_API_VERSION_NUMB or API_VERSION_NUMB are not set correctly. Cannot check if the API version is supported."
sleep 10
fi
# Check Storage drivers
STORAGE_DRIVER="$(sudo -u www-data docker info | grep "Storage Driver")"
# Check if vfs is used: https://github.com/nextcloud/all-in-one/discussions/1467
if echo "$STORAGE_DRIVER" | grep -q vfs; then
echo "$STORAGE_DRIVER"
print_red "Warning: It seems like the storage driver vfs is used. This will lead to problems with disk space and performance and is disrecommended!"
elif echo "$STORAGE_DRIVER" | grep -q fuse-overlayfs; then
echo "$STORAGE_DRIVER"
print_red "Warning: It seems like the storage driver fuse-overlayfs is used. Please check if you can switch to overlay2 instead."
fi
# Check if snap install
if sudo -u www-data docker info | grep "Docker Root Dir" | grep "/var/snap/docker/"; then
print_red "Warning: It looks like your installation uses docker installed via snap."
print_red "This comes with some limitations and is disrecommended by the docker maintainers."
print_red "See for example https://github.com/nextcloud/all-in-one/discussions/4890#discussioncomment-10386752"
fi
# Check if startup command was executed correctly
if ! sudo -u www-data docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-mastercontainer$"; then
print_red "It seems like you did not give the mastercontainer the correct name? (The 'nextcloud-aio-mastercontainer' container was not found.)
Using a different name is not supported since mastercontainer updates will not work in that case!
If you are on docker swarm and try to run AIO, see https://github.com/nextcloud/all-in-one#can-i-run-this-with-docker-swarm"
exit 1
elif ! sudo -u www-data docker volume ls --format "{{.Name}}" | grep -q "^nextcloud_aio_mastercontainer$"; then
print_red "It seems like you did not give the mastercontainer volume the correct name? (The 'nextcloud_aio_mastercontainer' volume was not found.)
Using a different name is not supported since the built-in backup solution will not work in that case!"
exit 1
elif ! sudo -u www-data docker inspect nextcloud-aio-mastercontainer | grep -q "nextcloud_aio_mastercontainer"; then
print_red "It seems like you did not attach the 'nextcloud_aio_mastercontainer' volume to the mastercontainer?
This is not supported since the built-in backup solution will not work in that case!"
exit 1
fi
# Check for other options
if [ -n "$NEXTCLOUD_DATADIR" ]; then
if [ "$NEXTCLOUD_DATADIR" = "nextcloud_aio_nextcloud_datadir" ]; then
sleep 1
elif ! echo "$NEXTCLOUD_DATADIR" | grep -q "^/" || [ "$NEXTCLOUD_DATADIR" = "/" ]; then
print_red "You've set NEXTCLOUD_DATADIR but not to an allowed value.
The string must start with '/' and must not be equal to '/'. Also allowed is 'nextcloud_aio_nextcloud_datadir'.
It is set to '$NEXTCLOUD_DATADIR'."
exit 1
fi
fi
if [ -n "$NEXTCLOUD_MOUNT" ]; then
if ! echo "$NEXTCLOUD_MOUNT" | grep -q "^/" || [ "$NEXTCLOUD_MOUNT" = "/" ]; then
print_red "You've set NEXTCLOUD_MOUNT but not to an allowed value.
The string must start with '/' and must not be equal to '/'.
It is set to '$NEXTCLOUD_MOUNT'."
exit 1
elif [ "$NEXTCLOUD_MOUNT" = "/mnt/ncdata" ] || echo "$NEXTCLOUD_MOUNT" | grep -q "^/mnt/ncdata/"; then
print_red "'/mnt/ncdata' and '/mnt/ncdata/' are not allowed as values for NEXTCLOUD_MOUNT."
exit 1
fi
fi
if [ -n "$NEXTCLOUD_DATADIR" ] && [ -n "$NEXTCLOUD_MOUNT" ]; then
if [ "$NEXTCLOUD_DATADIR" = "$NEXTCLOUD_MOUNT" ]; then
print_red "NEXTCLOUD_DATADIR and NEXTCLOUD_MOUNT are not allowed to be equal."
exit 1
fi
fi
if [ -n "$NEXTCLOUD_UPLOAD_LIMIT" ]; then
if ! echo "$NEXTCLOUD_UPLOAD_LIMIT" | grep -q '^[0-9]\+G$'; then
print_red "You've set NEXTCLOUD_UPLOAD_LIMIT but not to an allowed value.
The string must start with a number and end with 'G'.
It is set to '$NEXTCLOUD_UPLOAD_LIMIT'."
exit 1
fi
fi
if [ -n "$NEXTCLOUD_MAX_TIME" ]; then
if ! echo "$NEXTCLOUD_MAX_TIME" | grep -q '^[0-9]\+$'; then
print_red "You've set NEXTCLOUD_MAX_TIME but not to an allowed value.
The string must be a number. E.g. '3600'.
It is set to '$NEXTCLOUD_MAX_TIME'."
exit 1
fi
fi
if [ -n "$NEXTCLOUD_MEMORY_LIMIT" ]; then
if ! echo "$NEXTCLOUD_MEMORY_LIMIT" | grep -q '^[0-9]\+M$'; then
print_red "You've set NEXTCLOUD_MEMORY_LIMIT but not to an allowed value.
The string must start with a number and end with 'M'.
It is set to '$NEXTCLOUD_MEMORY_LIMIT'."
exit 1
fi
fi
if [ -n "$APACHE_PORT" ]; then
if ! check_if_number "$APACHE_PORT"; then
print_red "You provided an Apache port but did not only use numbers.
It is set to '$APACHE_PORT'."
exit 1
elif ! [ "$APACHE_PORT" -le 65535 ] || ! [ "$APACHE_PORT" -ge 1 ]; then
print_red "The provided Apache port is invalid. It must be between 1 and 65535"
exit 1
fi
fi
if [ -n "$APACHE_IP_BINDING" ]; then
if ! echo "$APACHE_IP_BINDING" | grep -q '^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$\|^[0-9a-f:]\+$\|^@INTERNAL$'; then
print_red "You provided an ip-address for the apache container's ip-binding but it was not a valid ip-address.
It is set to '$APACHE_IP_BINDING'."
exit 1
fi
fi
if [ -n "$APACHE_ADDITIONAL_NETWORK" ]; then
if ! echo "$APACHE_ADDITIONAL_NETWORK" | grep -q "^[a-zA-Z0-9._-]\+$"; then
print_red "You've set APACHE_ADDITIONAL_NETWORK but not to an allowed value.
It needs to be a string with letters, numbers, hyphens and underscores.
It is set to '$APACHE_ADDITIONAL_NETWORK'."
exit 1
fi
fi
if [ -n "$TALK_PORT" ]; then
if ! check_if_number "$TALK_PORT"; then
print_red "You provided an Talk port but did not only use numbers.
It is set to '$TALK_PORT'."
exit 1
elif ! [ "$TALK_PORT" -le 65535 ] || ! [ "$TALK_PORT" -ge 1 ]; then
print_red "The provided Talk port is invalid. It must be between 1 and 65535"
exit 1
fi
fi
if [ -n "$APACHE_PORT" ] && [ -n "$TALK_PORT" ]; then
if [ "$APACHE_PORT" = "$TALK_PORT" ]; then
print_red "APACHE_PORT and TALK_PORT are not allowed to be equal."
exit 1
fi
fi
if [ -n "$WATCHTOWER_DOCKER_SOCKET_PATH" ]; then
if ! echo "$WATCHTOWER_DOCKER_SOCKET_PATH" | grep -q "^/" || echo "$WATCHTOWER_DOCKER_SOCKET_PATH" | grep -q "/$"; then
print_red "You've set WATCHTOWER_DOCKER_SOCKET_PATH but not to an allowed value.
The string must start with '/' and must not end with '/'.
It is set to '$WATCHTOWER_DOCKER_SOCKET_PATH'."
exit 1
fi
fi
if [ -n "$NEXTCLOUD_TRUSTED_CACERTS_DIR" ]; then
if ! echo "$NEXTCLOUD_TRUSTED_CACERTS_DIR" | grep -q "^/" || echo "$NEXTCLOUD_TRUSTED_CACERTS_DIR" | grep -q "/$"; then
print_red "You've set NEXTCLOUD_TRUSTED_CACERTS_DIR but not to an allowed value.
It should be an absolute path to a directory that starts with '/' but not end with '/'.
It is set to '$NEXTCLOUD_TRUSTED_CACERTS_DIR '."
exit 1
fi
fi
if [ -n "$NEXTCLOUD_STARTUP_APPS" ]; then
if ! echo "$NEXTCLOUD_STARTUP_APPS" | grep -q "^[a-z0-9 _-]\+$"; then
print_red "You've set NEXTCLOUD_STARTUP_APPS but not to an allowed value.
It needs to be a string. Allowed are small letters a-z, 0-9, spaces, hyphens and '_'.
It is set to '$NEXTCLOUD_STARTUP_APPS'."
exit 1
fi
fi
if [ -n "$NEXTCLOUD_ADDITIONAL_APKS" ]; then
if ! echo "$NEXTCLOUD_ADDITIONAL_APKS" | grep -q "^[a-z0-9 ._-]\+$"; then
print_red "You've set NEXTCLOUD_ADDITIONAL_APKS but not to an allowed value.
It needs to be a string. Allowed are small letters a-z, digits 0-9, spaces, hyphens, dots and '_'.
It is set to '$NEXTCLOUD_ADDITIONAL_APKS'."
exit 1
fi
fi
if [ -n "$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS" ]; then
if ! echo "$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS" | grep -q "^[a-z0-9 ._-]\+$"; then
print_red "You've set NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS but not to an allowed value.
It needs to be a string. Allowed are small letters a-z, digits 0-9, spaces, hyphens, dots and '_'.
It is set to '$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS'."
exit 1
fi
fi
if [ -n "$AIO_COMMUNITY_CONTAINERS" ]; then
print_red "You've set AIO_COMMUNITY_CONTAINERS but the option was removed.
The community containers get managed via the AIO interface now."
fi
# Check if ghcr.io is reachable
# Solves issues like https://github.com/nextcloud/all-in-one/discussions/5268
if ! curl --no-progress-meter https://ghcr.io/v2/ >/dev/null; then
print_red "Could not reach https://ghcr.io."
echo "Most likely is something blocking access to it."
echo "You should be able to fix this by following https://dockerlabs.collabnix.com/intermediate/networking/Configuring_DNS.html"
echo "Another solution is using https://github.com/nextcloud/all-in-one/tree/main/manual-install"
echo "See https://github.com/nextcloud/all-in-one/blob/main/manual-install/latest.yml"
exit 1
fi
# Check that no changes have been made to timezone settings since AIO only supports running in Etc/UTC timezone
if [ -n "$TZ" ]; then
print_red "The environmental variable TZ has been set which is not supported by AIO since it only supports running in the default Etc/UTC timezone!"
echo "The correct timezone can be set in the AIO interface later on!"
# Disable exit since it seems to be by default set on unraid and we dont want to break these instances
# exit 1
fi
# Check that http proxy or no_proxy variable is not set which AIO does not support
if [ -n "$HTTP_PROXY" ] || [ -n "$http_proxy" ] || [ -n "$HTTPS_PROXY" ] || [ -n "$https_proxy" ] || [ -n "$NO_PROXY" ] || [ -n "$no_proxy" ]; then
print_red "The environmental variable HTTP_PROXY, http_proxy, HTTPS_PROXY, https_proxy, NO_PROXY or no_proxy has been set which is not supported by AIO."
echo "If you need this, then you should use https://github.com/nextcloud/all-in-one/tree/main/manual-install"
echo "See https://github.com/nextcloud/all-in-one/blob/main/manual-install/latest.yml"
exit 1
fi
if mountpoint -q /etc/localtime; then
print_red "/etc/localtime has been mounted into the container which is not allowed because AIO only supports running in the default Etc/UTC timezone!"
echo "The correct timezone can be set in the AIO interface later on!"
exit 1
fi
if mountpoint -q /etc/timezone; then
print_red "/etc/timezone has been mounted into the container which is not allowed because AIO only supports running in the default Etc/UTC timezone!"
echo "The correct timezone can be set in the AIO interface later on!"
exit 1
fi
# Check if unsupported env are set (but don't exit as it would break many instances)
if [ -n "$APACHE_DISABLE_REWRITE_IP" ]; then
print_red "The environmental variable APACHE_DISABLE_REWRITE_IP has been set which is not supported by AIO. Please remove it!"
fi
if [ -n "$NEXTCLOUD_TRUSTED_DOMAINS" ]; then
print_red "The environmental variable NEXTCLOUD_TRUSTED_DOMAINS has been set which is not supported by AIO. Please remove it!"
fi
if [ -n "$TRUSTED_PROXIES" ]; then
print_red "The environmental variable TRUSTED_PROXIES has been set which is not supported by AIO. Please remove it!"
fi
# Add important folders
mkdir -p /mnt/docker-aio-config/data/
mkdir -p /mnt/docker-aio-config/session/
mkdir -p /mnt/docker-aio-config/caddy/
mkdir -p /mnt/docker-aio-config/certs/
# Adjust permissions for all instances
chmod 770 -R /mnt/docker-aio-config
chmod 777 /mnt/docker-aio-config
chown www-data:www-data -R /mnt/docker-aio-config/data/
chown www-data:www-data -R /mnt/docker-aio-config/session/
chown www-data:www-data -R /mnt/docker-aio-config/caddy/
chown root:root -R /mnt/docker-aio-config/certs/
# Don't allow access to the AIO interface from the Nextcloud container
# Probably more cosmetic than anything but at least an attempt
if ! grep -q '# nextcloud-aio-block' /etc/apache2/httpd.conf; then
cat << APACHE_CONF >> /etc/apache2/httpd.conf
# nextcloud-aio-block-start
<Location />
order allow,deny
deny from nextcloud-aio-nextcloud.nextcloud-aio
allow from all
</Location>
# nextcloud-aio-block-end
APACHE_CONF
fi
# Adjust certs
GENERATED_CERTS="/mnt/docker-aio-config/certs"
TMP_CERTS="/etc/apache2/certs"
mkdir -p "$GENERATED_CERTS"
cd "$GENERATED_CERTS" || exit 1
if ! [ -f ./ssl.crt ] && ! [ -f ./ssl.key ]; then
openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=DE/ST=BE/L=Local/O=Dev/CN=nextcloud.local" -keyout ./ssl.key -out ./ssl.crt
fi
if [ -f ./ssl.crt ] && [ -f ./ssl.key ]; then
cd "$TMP_CERTS" || exit 1
rm ./ssl.crt
rm ./ssl.key
cp "$GENERATED_CERTS/ssl.crt" ./
cp "$GENERATED_CERTS/ssl.key" ./
fi
print_green "Initial startup of Nextcloud All-in-One complete!
You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
E.g. https://internal.ip.of.this.server:8080
⚠️ Important: do always use an ip-address if you access this port and not a domain as HSTS might block access to it later!
If your server has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:
https://your-domain-that-points-to-this-server.tld:8443"
# Set the timezone to Etc/UTC
export TZ=Etc/UTC
# Fix apache startup
rm -f /var/run/apache2/httpd.pid
# Fix caddy startup
if [ -d "/mnt/docker-aio-config/caddy/locks" ]; then
rm -rf /mnt/docker-aio-config/caddy/locks/*
fi
# Fix the Caddyfile format
caddy fmt --overwrite /Caddyfile
# Fix caddy log
chmod 777 /root
# Start supervisord
exec /usr/bin/supervisord -c /supervisord.conf

64
nextcloud-aio/Containers/mastercontainer/supervisord.conf Normal file
View File

@@ -0,0 +1,64 @@
[supervisord]
nodaemon=true
logfile=/var/log/supervisord/supervisord.log
pidfile=/var/run/supervisord/supervisord.pid
childlogdir=/var/log/supervisord/
logfile_maxbytes=50MB
logfile_backups=10
loglevel=error
user=root
[program:php-fpm]
# Stdout logging is disabled as otherwise the logs are spammed
stdout_logfile=NONE
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
command=php-fpm
user=root
[program:apache]
# Stdout logging is disabled as otherwise the logs are spammed
stdout_logfile=NONE
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
command=httpd -DFOREGROUND
user=root
[program:caddy]
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
command=/usr/bin/caddy run --config /Caddyfile
user=www-data
[program:cron]
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
command=/cron.sh
user=root
[program:backup-time-file-watcher]
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
command=/backup-time-file-watcher.sh
user=root
[program:session-deduplicator]
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
command=/session-deduplicator.sh
user=root
[program:domain-validator]
# Logging is disabled as otherwise all attempts will be logged which spams the logs
stdout_logfile=NONE
stderr_logfile=NONE
command=php -S 127.0.0.1:9876 /var/www/docker-aio/php/domain-validator.php
user=www-data