├── .docker-backup.dist ├── .dockerignore ├── .env.dist ├── .gitignore ├── Dockerfile ├── LICENSE ├── README.md ├── app-hooks ├── before-starting │ ├── setup-config.sh │ └── setup-files-permission.sh ├── post-installation │ └── .gitempty ├── post-upgrade │ └── .gitempty ├── pre-installation │ └── .gitempty └── pre-upgrade │ └── .gitempty ├── bin └── occ ├── compose.override.yml ├── compose.prod.yml ├── compose.yml └── docker ├── collabora └── compose.yml ├── coturn ├── Dockerfile ├── compose.yml ├── docker-entrypoint.sh └── turnserver.conf ├── db ├── Dockerfile └── nextcloud.cnf ├── elasticsearch ├── Dockerfile └── compose.yml ├── nextcloud ├── conf.d │ ├── nextcloud.dev.ini │ ├── nextcloud.ini │ └── nextcloud.prod.ini ├── cron.sh ├── entrypoint.sh ├── notify_push.sh ├── php-fpm.d │ └── nextcloud.conf └── supervisord.conf ├── nginx ├── Dockerfile └── nginx.conf └── redis ├── Dockerfile └── start.sh /.docker-backup.dist: -------------------------------------------------------------------------------- 1 | # See https://github.com/eXtalionLab/docker-backup 2 | 3 | ###> config ### 4 | backupDir='backups' 5 | dockerDbServiceName='db' 6 | # Use local image to skip download 7 | dockerImgToBackupVolumes='alpine' 8 | dockerVolumesDir='docker_volumes' 9 | # Allow types: custom, mysql, postgresql 10 | dbType='mysql' 11 | envFile='.env' 12 | ###< config ### 13 | 14 | ###> files/volumes to backup ### 15 | filesToBackup=( \ 16 | "${envFile}" \ 17 | 'apps/' \ 18 | 'config/' \ 19 | 'data/' \ 20 | 'nextcloud/' \ 21 | ) 22 | filesToExclude=( \ 23 | "data/*.log" \ 24 | ) 25 | # Remember to prefix volumes with docker-compose project name 26 | volumesToBackup=() 27 | ###< files/volumes to backup ### 28 | 29 | ###> borg ### 30 | export BORG_REPO='backups/app' 31 | export BORG_PASSPHRASE='Change_me!' 32 | ###< borg ### 33 | -------------------------------------------------------------------------------- /.dockerignore: -------------------------------------------------------------------------------- 1 | 2 | /.git 3 | /backup/* 4 | /db/* 5 | /docker_volumes/* 6 | /initdb.d/* 7 | 8 | /docker-compose.* 9 | /Dockerfile* 10 | /.dockerignore 11 | /.env 12 | /.gitignore 13 | 14 | /apps/* 15 | /config/* 16 | /data/* 17 | /nextcloud/* 18 | -------------------------------------------------------------------------------- /.env.dist: -------------------------------------------------------------------------------- 1 | # Uncomment line below on production server to skip docker-compose -f options 2 | #COMPOSE_FILE=compose.yml:compose.prod.yml 3 | 4 | IMAGES_PREFIX=extalion/nextcloud 5 | 6 | ###> Nextcloud ### 7 | NEXTCLOUD_ADMIN_USER=admin 8 | NEXTCLOUD_ADMIN_PASSWORD=!ChangeMe! 9 | NEXTCLOUD_DEFAULT_PHONE_REGION=PL 10 | NEXTCLOUD_MAINTENANCE_WINDOW_START=2 11 | # Nextcloud domain (without reverse proxy it's localhost and docker service) 12 | NEXTCLOUD_TRUSTED_DOMAINS="localhost nginx" 13 | OVERWRITECLIURL=http://localhost 14 | OVERWRITEPROTOCOL=http 15 | TRUSTED_PROXIES=172.0.0.0/24 16 | ###< Nextcloud ### 17 | 18 | ###> Nginx ### 19 | NEXTCLOUD_HOST=127.0.0.1 20 | NEXTCLOUD_PORT=80 21 | ###< Nginx ### 22 | 23 | ###> Db ### 24 | MYSQL_DATABASE=nextcloud 25 | MYSQL_PASSWORD=!ChangeMe! 26 | MYSQL_PORT=3306 27 | MYSQL_USER=nextcloud 28 | ###< Db ### 29 | 30 | ###> Redis ### 31 | REDIS_HOST_PASSWORD=!ChangeMe! 32 | ###< Redis ### 33 | 34 | ###> Devel ### 35 | XDEBUG_IDEKEY=xdebug 36 | XDEBUG_HOST=host.docker.internal 37 | XDEBUG_PORT=9003 38 | XDEBUG_MODE=develop 39 | XDEBUG_LOG_LEVEL=7 40 | 41 | MAILER_PORT=8025 42 | ###< Devel ### 43 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | 2 | /backups/* 3 | /db/* 4 | /docker_volumes/* 5 | /initdb.d/* 6 | 7 | /.docker-backup 8 | /.env 9 | /*.log 10 | 11 | /apps/* 12 | /config/* 13 | /data/* 14 | /nextcloud/* 15 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | #syntax=docker/dockerfile:1.4 2 | 3 | # Adapted from https://github.com/dunglas/symfony-docker 4 | 5 | 6 | # Versions 7 | # hadolint ignore=DL3007 8 | FROM nextcloud:29-fpm AS nextcloud_upstream 9 | FROM composer/composer:2-bin AS composer_upstream 10 | FROM mlocati/php-extension-installer AS php_extension_installer_upstream 11 | 12 | 13 | # The different stages of this Dockerfile are meant to be built into separate images 14 | # https://docs.docker.com/develop/develop-images/multistage-build/#stop-at-a-specific-build-stage 15 | # https://docs.docker.com/compose/compose-file/#target 16 | 17 | 18 | # Base nextcloud image 19 | FROM nextcloud_upstream as nextcloud_base 20 | 21 | WORKDIR /var/www/html 22 | 23 | # persistent / runtime deps 24 | # hadolint ignore=DL3008 25 | RUN apt-get update; \ 26 | apt-get install -y --no-install-recommends \ 27 | ffmpeg \ 28 | procps \ 29 | smbclient \ 30 | supervisor \ 31 | && apt-get clean \ 32 | && rm -rf /var/lib/apt/lists/* 33 | 34 | # php extensions installer: https://github.com/mlocati/docker-php-extension-installer 35 | COPY --from=php_extension_installer_upstream /usr/bin/install-php-extensions /usr/local/bin/ 36 | 37 | RUN set -eux; \ 38 | install-php-extensions \ 39 | bz2 \ 40 | imap \ 41 | smbclient \ 42 | ; 43 | 44 | COPY docker/nextcloud/conf.d/nextcloud.ini $PHP_INI_DIR/conf.d/zzz-nextcloud.ini 45 | COPY docker/nextcloud/php-fpm.d/nextcloud.conf $PHP_INI_DIR/../php-fpm.d/zzz-nextcloud.conf 46 | 47 | # https://getcomposer.org/doc/03-cli.md#composer-allow-superuser 48 | ENV COMPOSER_ALLOW_SUPERUSER=1 49 | ENV PATH="${PATH}:/root/.composer/vendor/bin" 50 | 51 | COPY --from=composer_upstream /composer /usr/bin/composer 52 | 53 | ###> cron ### 54 | RUN set -eux; \ 55 | \ 56 | mkdir -p /var/log/supervisord; \ 57 | mkdir -p /var/run/supervisord 58 | 59 | COPY docker/nextcloud/supervisord.conf / 60 | COPY docker/nextcloud/cron.sh /nextcloud-cron.sh 61 | 62 | RUN chmod +x /nextcloud-cron.sh 63 | RUN echo '*/10 * * * * /nextcloud-cron.sh' >> /var/spool/cron/crontabs/www-data 64 | ###< cron ### 65 | 66 | ###> notify_push ### 67 | COPY docker/nextcloud/notify_push.sh /notify_push.sh 68 | RUN set -eux; \ 69 | chmod +x /notify_push.sh 70 | 71 | EXPOSE 7867 72 | ###< notify_push ### 73 | 74 | ###> custom ### 75 | ###< custom ### 76 | 77 | ENV NEXTCLOUD_UPDATE=1 78 | 79 | COPY docker/nextcloud/entrypoint.sh /nextcloud-entrypoint.sh 80 | RUN chmod +x /nextcloud-entrypoint.sh 81 | 82 | ENTRYPOINT ["/nextcloud-entrypoint.sh"] 83 | CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"] 84 | 85 | # Dev nextcloud image 86 | FROM nextcloud_base AS nextcloud_dev 87 | 88 | ENV XDEBUG_MODE=develop 89 | 90 | RUN mv "$PHP_INI_DIR/php.ini-development" "$PHP_INI_DIR/php.ini" 91 | 92 | RUN apt-get update; \ 93 | apt-get install -y --no-install-recommends \ 94 | zip \ 95 | && apt-get clean \ 96 | && rm -rf /var/lib/apt/lists/* 97 | 98 | RUN set -eux; \ 99 | install-php-extensions \ 100 | xdebug \ 101 | ; 102 | 103 | COPY docker/nextcloud/conf.d/nextcloud.dev.ini $PHP_INI_DIR/conf.d/zzz-nextcloud.dev.ini 104 | 105 | # Prod nextcloud image 106 | FROM nextcloud_base AS nextcloud_prod 107 | 108 | RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini" 109 | 110 | COPY docker/nextcloud/conf.d/nextcloud.prod.ini $PHP_INI_DIR/conf.d/zzz-nextcloud.prod.ini 111 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2021 eXtalion 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Nextcloud 2 | 3 | It's a simply as possible `docker compose` stack to run a 4 | [Nextcloud](https://www.nextcloud.com) for **development** and for 5 | **production**. 6 | 7 | --- 8 | 9 | - [Requirements](#requirements) 10 | - [Run](#run) 11 | - [Fresh run](#fresh-run) 12 | - [Run installed cloud](#run-installed-cloud) 13 | - [Production](#production) 14 | - [Docker envs](#docker-envs) 15 | - [Log level](#log-level) 16 | - [Improving Nextcloud Previews](#improving-nextcloud-previews) 17 | - [Full Text Search](#full-text-search) 18 | - [Collabora online](#collabora-online) 19 | - [Talk (STUN / TURN)](#talk-stun--turn) 20 | - [Notify Push](#notify-push) 21 | - [Reverse proxy](#reverse-proxy) 22 | - [Backup](#backup) 23 | - [Update / Deploy](#update--deploy) 24 | - [Debug](#debug) 25 | 26 | ## Requirements 27 | 28 | To run this you just need a [docker](https://www.docker.com/get-started/) and 29 | [docker compose](https://github.com/docker/compose#quick-start). 30 | 31 | ## Run 32 | 33 | You can install a fresh instance of Nextcloud or restore your already installed 34 | cloud from dump/backup. 35 | 36 | ### Fresh run 37 | 38 | When you want to run fresh instance of nextcloud: 39 | 40 | **Extra!** Create a **.env** file (use **.env.dist** as starter file, 41 | `cp .env.dist .env`) and setup values. 42 | 43 | 1. Run `docker compose up [-d]`. 44 | 2. Wait for download and build images. 45 | 3. Wait for install a fresh Nextcloud instance. 46 | 4. Stop (`Ctrl+C`) and run `docker compose up` again to correct setup files 47 | permissions. 48 | 5. Goto [NEXTCLOUD_HOST:NEXTCLOUD_PORT](http://localhost/) domain and play with 49 | your new cloud. 50 | 51 | You can also run command to add "missing" indexes in the database: 52 | 53 | ```bash 54 | bin/occ db:add-missing-indices 55 | ``` 56 | 57 | ### Run installed cloud 58 | 59 | When you have a dump of your already installed Nextcloud instance: 60 | 61 | 1. Create a **.env** file (use **.env.dist** as starter file, 62 | `cp .env.dist .env`) and setup **required** values: 63 | - `MYSQL_DATABASE` (`dbname`), 64 | - `MYSQL_PASSWORD` (`dbpassword`), 65 | - `MYSQL_USER` (`dbuser`), 66 | - `NEXTCLOUD_DEFAULT_PHONE_REGION` (`default_phone_region`), 67 | - `NEXTCLOUD_MAINTENANCE_WINDOW_START` (`maintenance_window_start`), 68 | - `NEXTCLOUD_TRUSTED_DOMAINS` (`trusted_domains`), 69 | - `REDIS_HOST_PASSWORD` (`redis.password`). 70 | They should have the same values as in current **config/config.php**. 71 | 2. Move your database dump file(s) into **initdb.d/** directory. 72 | 3. Move your config files into **config/** directory. 73 | 4. Move your custom apps into **apps/** directory. 74 | 5. Move your data files into **data/** directory. 75 | 6. Move your nextcloud files into **nextcloud/** directory. 76 | 7. Run `docker compose up [-d]`. 77 | 8. Wait for download and build images. 78 | 9. Wait when `db` service will load dump file(s) into the database. 79 | **Note!** When you goto the cloud before database is loaded you will got an 80 | error. Please be patient and wait for database. 81 | 10. Goto [http://localhost/](http://localhost/) domain and play with your new 82 | cloud. 83 | 84 | ### Production 85 | 86 | If you want to run **prod**uction environment 87 | 88 | 1. Uncomment line `#COMPOSE_FILE=compose.yml:compose.prod.yml` in **.env** 89 | file. It tells to `docker compose` to use those files instead of default 90 | **docker compose.yml** and **docker compose.override.yml** (they're good for 91 | **dev**elopment). 92 | 2. Rebuild images with `docker compose build [--pull]`. 93 | 3. Run new stack `docker compose up [-d]`. 94 | 95 | ### Docker envs 96 | 97 | `NEXTCLOUD_HOST` allow to change a host on which `nginx` services is 98 | listening. Default it's `127.0.0.1` so only you can connect from your local 99 | machine to the cloud. Setup `0.0.0.0` to allow others from the same network to 100 | connect to your cloud (for example to test cloud on your mobile). 101 | 102 | Other environments are described 103 | [here](https://github.com/nextcloud/docker/tree/master#auto-configuration-via-environment-variables). 104 | 105 | ### Log level 106 | 107 | To "increase" performance you can set log level to `error`: 108 | 109 | ```bash 110 | bin/occ log:manage --level=error 111 | ``` 112 | 113 | ### Development mailer 114 | 115 | In **dev** environment you can use `mailer` service to catch all emails sent. In 116 | **Basic settings** setup: 117 | 118 | - `Send mode` to `SMTP`, 119 | - `Encryption` to `None`, 120 | - `From address` to your email address, 121 | - `Server address` to `mailer` and port to `1025`. 122 | 123 | Click `Send email` to test if it works. 124 | 125 | ## Improving Nextcloud Previews 126 | 127 | According to this [article](https://ownyourbits.com/2019/06/29/understanding-and-improving-nextcloud-previews/) 128 | Preview mechanism need some tuning. 129 | 130 | Install Nextcloud [app](https://apps.nextcloud.com/apps/previewgenerator) and 131 | setup recommended configurations: 132 | 133 | ```bash 134 | bin/occ config:app:set previewgenerator squareSizes --value="32 256" 135 | bin/occ config:app:set previewgenerator widthSizes --value="256 384" 136 | bin/occ config:app:set previewgenerator heightSizes --value="256" 137 | bin/occ config:system:set preview_max_x --value 2048 138 | bin/occ config:system:set preview_max_y --value 2048 139 | bin/occ config:system:set jpeg_quality --value 60 140 | bin/occ config:app:set preview jpeg_quality --value="60" 141 | ``` 142 | 143 | If you want to start from scratch you can delete preview folder: 144 | 145 | ```bash 146 | rm -rf ./data/appdata_*/preview 147 | ``` 148 | 149 | And regenerate previews first time by: 150 | 151 | ```bash 152 | bin/occ preview:generate-all -vvv 153 | ``` 154 | 155 | ## Full Text Search 156 | 157 | To improve search result we can install: 158 | 159 | - [fulltextsearch](https://apps.nextcloud.com/apps/fulltextsearch) 160 | - [files_fulltextsearch](https://apps.nextcloud.com/apps/files_fulltextsearch) 161 | - [fulltextsearch_elasticsearch](https://apps.nextcloud.com/apps/fulltextsearch_elasticsearch) 162 | 163 | We have to run `elasticsearch` service. Add `:docker/elasticsearch/compose.yml` 164 | to `COMPOSE_FILE` environment. 165 | 166 | Goto [settings](http://localhost:80/settings/admin/fulltextsearch), select 167 | `Elasticsearch` from select box, as an address type `http://elasticsearch:9200` 168 | and setup index to `nextcloud_index`. 169 | 170 | For first index run: 171 | 172 | ```bash 173 | bin/occ fulltextsearch:index 174 | ``` 175 | 176 | ## Collabora online 177 | 178 | If you want to run collabora online locally and you don't have a reverse proxy, 179 | you have to add `nginx` and `collabora` to your **/etc/hosts**: 180 | 181 | ```bash 182 | 127.0.0.1 collabora 183 | 127.0.0.1 nginx 184 | ``` 185 | 186 | For nextcloud (docker service) collabora is available under `collabora` host and 187 | it has to be the same host for a client (your browser). 188 | 189 | For collabora (docker service) nextcloud is available under `nginx` host and you 190 | have to access nextcloud instance via [http://nginx:$NEXTCLOUD_PORT](http://nginx:80). 191 | 192 | --- 193 | 194 | We have to run `collabora` service. Add `:docker/collabora/compose.yml` to 195 | `COMPOSE_FILE` environment. 196 | 197 | You can also change/setup other environments in **.env** file: 198 | 199 | ```bash 200 | ###> Collabora ### 201 | COLLABORA_PORT=9980 202 | 203 | # Go and read https://www.collaboraoffice.com/code/docker/and 204 | # https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/scripts/start-collabora-online.sh 205 | # to see all env 206 | 207 | COLLABORA_DICTIONARIES=en 208 | # Value other then "set" will disable warning/info messages of LOKit 209 | COLLABORA_SAL_LOG=set 210 | # Value other then "set" won't generate ssl cert 211 | COLLABORA_DONT_GEN_SSL_CERT= 212 | COLLABORA_CERT_DOMAIN=collabora 213 | # Collabora domain (without reverse proxy it's docker service) 214 | COLLABORA_SERVER_NAME=collabora:9980 215 | # Nextcloud domain (without reverse proxy it's docker service) 216 | COLLABORA_DOMAIN=nginx 217 | # Extra loolwsd command line parameter. To learn about all possible options, 218 | # refer to the self-documented /etc/loolwsd/loolwsd.xml 219 | # docker compose exec collabora cat /etc/loolwsd/loolwsd.xml 220 | COLLABORA_EXTRA_PARAMS=--o:admin_console.enable=false --o:ssl.enable=false 221 | # To enable the admin console feature of CODE remove admin_console.enbale option 222 | # $COLLABORA_SERVER_NAME/loleaflet/dist/admin/admin.html 223 | COLLABORA_USERNAME=root 224 | COLLABORA_PASSWORD=CHANGE_ME 225 | ###< Collabora ### 226 | ``` 227 | 228 | Install [richdocuments](https://apps.nextcloud.com/apps/richdocuments), 229 | goto [settings](http://nginx:80/settings/admin/richdocuments), select 230 | `Use your own server` and as an url put `http://collabora:9980`. 231 | 232 | **Done!** 233 | 234 | ## Talk (STUN / TURN) 235 | 236 | If you have install talk [app](https://apps.nextcloud.com/apps/spreed) and you 237 | want to "increase" performance and have video calls, you have to set up your own 238 | STUN/TURN server. 239 | 240 | We have to run `coturn` service. Add `:docker/coturn/compose.yml` to 241 | `COMPOSE_FILE` environment. 242 | 243 | You can also change/setup other environments in **.env** file: 244 | 245 | ```bash 246 | ###> Coturn ### 247 | COTURN_PORT=3478 248 | COTURN_SECRET=CHANGE_ME 249 | # Your nextcloud domain 250 | COTURN_REALM=localhost 251 | ###< Coturn ### 252 | ``` 253 | 254 | Goto [settings](http://localhost:80/settings/admin/talk) and set: 255 | 256 | - `STUN server` to `your-server-ip:$COTURN_PORT`, 257 | - `TURN server` to `your-server-ip:$COTURN_PORT`, 258 | - `TURN secret` to `$COTURN_SECRET`. 259 | 260 | ## Notify Push 261 | 262 | To configure [notify_push](https://github.com/nextcloud/notify_push) app: 263 | 264 | - Install the `notify_push` app from the appstore, 265 | - Restart `nextcloud` service (`docker compose restart nextcloud`), 266 | - set the url of the push server (`bin/occ notify_push:setup http://domain/push`) 267 | 268 | If you got **push server is not a trusted proxy** then you have to add displayed 269 | proxies in **config/config.php** to `trusted_proxies`. 270 | 271 | ## Reverse proxy 272 | 273 | Basic nginx configuration for reverse proxy is available 274 | [here](https://www.digitalocean.com/community/tools/nginx?domains.0.server.domain=nextcloud.example.com&domains.0.server.redirectSubdomains=false&domains.0.https.hstsPreload=true&domains.0.php.php=false&domains.0.reverseProxy.reverseProxy=true&domains.0.reverseProxy.proxyPass=http%3A%2F%2F127.0.0.1%3A%24NEXTCLOUD_PORT&domains.0.routing.root=false&domains.0.logging.accessLog=true&domains.0.logging.errorLog=true&domains.1.server.domain=collabora.example.com&domains.1.server.redirectSubdomains=false&domains.1.https.hstsPreload=true&domains.1.php.php=false&domains.1.reverseProxy.reverseProxy=true&domains.1.reverseProxy.proxyPass=http%3A%2F%2F127.0.0.1%3A%24COLLABORA_PORT&domains.1.routing.root=false&domains.1.logging.accessLog=true&domains.1.logging.errorLog=true). 275 | 276 | Update `Server > Domain` names and `Reverse proxy > proxy_pass` ports (read 277 | ports from your **.env** file). 278 | 279 | Remove `include nginxconfig.io/security.conf;` from nextcloud domain conf. 280 | Docker nginx service conf is build base on 281 | [Nextcloud example](https://github.com/nextcloud/docker/blob/master/.examples/docker compose/insecure/mariadb-cron-redis/fpm/web/nginx.conf). 282 | 283 | In **.env** file you have to change: 284 | 285 | ```bash 286 | NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.example.com 287 | COLLABORA_CERT_DOMAIN=collabora.example.com 288 | COLLABORA_SERVER_NAME=collabora.example.com 289 | COLLABORA_DOMAIN=nextcloud.example.com 290 | ``` 291 | 292 | If you have install nextcloud already, in **./config/config.php**: 293 | 294 | - add `nextcloud.example.pl` to `trusted_domains` array, 295 | - change `overwrite.cli.url` to `nextcloud.example.pl`. 296 | 297 | If you have setup collabora online, you have to update 298 | `URL (and Port) of Collabora Online-server` to `collabora.example.com`. 299 | 300 | Reload docker: 301 | 302 | ```bash 303 | docker compose up [-d] 304 | ``` 305 | 306 | ## Backup 307 | 308 | To make a backup we're using a 309 | [docker-backup](https://github.com/eXtalionLab/docker-backup) tool which use 310 | [BorgBackup](https://www.borgbackup.org/) under hood. 311 | 312 | Create a **.docker-backup** file (use **.docker-backup.dist** as starter file, 313 | `cp .docker-backup.dist .docker-backup`) and setup values. Refer to 314 | [documentation](https://github.com/eXtalionLab/docker-backup#docker-backup). 315 | 316 | ## Update / Deploy 317 | 318 | Setup `COMPOSE_FILE` to `docker compose.yml:docker compose.prod.yml`. Also if 319 | you want to run other services (`elasticsearch`, `collabora`, `coturn`) add their 320 | **compose.yml** too. See 321 | [here](https://docs.docker.com/compose/environment-variables/envvars/#compose_file). 322 | 323 | Update images names prefix (**.env** `IMAGES_PREFIX`) which point to your hub. 324 | 325 | Run: 326 | 327 | ```bash 328 | docker compose build --pull 329 | ``` 330 | 331 | If you didn't build images on the server run: 332 | 333 | ```bash 334 | docker compose push 335 | ``` 336 | 337 | On the server run: 338 | 339 | ```bash 340 | docker compose pull 341 | docker compose up -d 342 | ``` 343 | 344 | ## Debug 345 | 346 | If you want to debug a cloud with [xdebug](https://xdebug.org/): 347 | 348 | - be sure you're running **dev** environment (and images), 349 | - add/setup `debug` to `XDEBUG_MODE`, 350 | - reload docker with `docker compose up -d`. 351 | 352 | Now you're ready to remote debugging. 353 | -------------------------------------------------------------------------------- /app-hooks/before-starting/setup-config.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -eu 3 | 4 | if [ "${NEXTCLOUD_DEFAULT_PHONE_REGION}" != "" ]; then 5 | echo "Updating default phone region" 6 | 7 | php /var/www/html/occ config:system:set \ 8 | default_phone_region \ 9 | --value="${NEXTCLOUD_DEFAULT_PHONE_REGION}" 10 | fi 11 | 12 | if [ "${NEXTCLOUD_MAINTENANCE_WINDOW_START}" != "" ]; then 13 | echo "Updating maintenance window start" 14 | 15 | php /var/www/html/occ config:system:set \ 16 | maintenance_window_start \ 17 | --type=integer \ 18 | --value="${NEXTCLOUD_MAINTENANCE_WINDOW_START}" 19 | fi 20 | -------------------------------------------------------------------------------- /app-hooks/before-starting/setup-files-permission.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -eu 3 | 4 | if [ "$(id -u)" = 0 ]; then 5 | echo "Updating permissions in hook: before-starting" 6 | ( 7 | # chown -R www-data:root /var/www/html 8 | ( find /var/www/html -not -user www-data -print0 | xargs -P 0 -0 --no-run-if-empty chown --no-dereference www-data:root ) ; \ 9 | # chmod 750 www-data:root /var/www/html/data 10 | ( find /var/www/html/data -type d -not -perm 750 -print0 | xargs -P 0 -0 --no-run-if-empty chmod 750 ) ; \ 11 | ( find /var/www/html/data -type f -not -perm 650 -print0 | xargs -P 0 -0 --no-run-if-empty chmod 650 ) 12 | ) & 13 | fi 14 | -------------------------------------------------------------------------------- /app-hooks/post-installation/.gitempty: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eXtalionLab/nextcloud_docker/23d4a5408e73aa4a4422c2ab16dbe48b2b3cb940/app-hooks/post-installation/.gitempty -------------------------------------------------------------------------------- /app-hooks/post-upgrade/.gitempty: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eXtalionLab/nextcloud_docker/23d4a5408e73aa4a4422c2ab16dbe48b2b3cb940/app-hooks/post-upgrade/.gitempty -------------------------------------------------------------------------------- /app-hooks/pre-installation/.gitempty: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eXtalionLab/nextcloud_docker/23d4a5408e73aa4a4422c2ab16dbe48b2b3cb940/app-hooks/pre-installation/.gitempty -------------------------------------------------------------------------------- /app-hooks/pre-upgrade/.gitempty: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eXtalionLab/nextcloud_docker/23d4a5408e73aa4a4422c2ab16dbe48b2b3cb940/app-hooks/pre-upgrade/.gitempty -------------------------------------------------------------------------------- /bin/occ: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | docker compose exec -u www-data nextcloud ./occ "$@" 4 | -------------------------------------------------------------------------------- /compose.override.yml: -------------------------------------------------------------------------------- 1 | services: 2 | nextcloud: 3 | build: 4 | context: . 5 | target: nextcloud_dev 6 | volumes: 7 | - ./docker/nextcloud/conf.d/nextcloud.dev.ini:/usr/local/etc/php/conf.d/nextcloud.dev.ini:ro 8 | - ./docker/nextcloud/entrypoint.sh:/nextcloud-entrypoint.sh:ro 9 | depends_on: 10 | - mailer 11 | environment: 12 | - XDEBUG_MODE=${XDEBUG_MODE:-develop} 13 | - XDEBUG_CONFIG= 14 | cli_color=1 15 | client_host=${XDEBUG_HOST:-host.docker.internal} 16 | client_port=${XDEBUG_PORT:-9003} 17 | log=/var/www/html/data/xdebug.log 18 | log_level=${XDEBUG_LOG_LEVEL:-7} 19 | idekey=${XDEBUG_IDEKEY:-xdebug} 20 | - XDEBUG_SESSION=${XDEBUG_IDEKEY:-xdebug} 21 | extra_hosts: 22 | # Ensure that host.docker.internal is correctly defined on Linux 23 | - host.docker.internal:host-gateway 24 | 25 | mailer: 26 | image: axllent/mailpit 27 | ports: 28 | - "127.0.0.1:${MAILER_PORT:-8025}:8025" 29 | environment: 30 | MP_SMTP_AUTH_ACCEPT_ANY: 1 31 | MP_SMTP_AUTH_ALLOW_INSECURE: 1 32 | -------------------------------------------------------------------------------- /compose.prod.yml: -------------------------------------------------------------------------------- 1 | services: 2 | nextcloud: 3 | build: 4 | context: . 5 | target: nextcloud_prod 6 | -------------------------------------------------------------------------------- /compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | nextcloud: 3 | image: ${IMAGES_PREFIX}-app 4 | restart: always 5 | volumes: 6 | - php_socket:/var/run/php 7 | - ./app-hooks:/docker-entrypoint-hooks.d 8 | - ./apps:/var/www/html/custom_apps 9 | - ./config:/var/www/html/config 10 | - ./data:/var/www/html/data 11 | - ./nextcloud:/var/www/html 12 | depends_on: 13 | - db 14 | - redis 15 | environment: 16 | - MYSQL_DATABASE=${MYSQL_DATABASE:-nextcloud} 17 | - MYSQL_HOST=db 18 | - MYSQL_PASSWORD=${MYSQL_PASSWORD:-!ChangeMe!} 19 | - MYSQL_USER=${MYSQL_USER:-nextcloud} 20 | - NEXTCLOUD_DEFAULT_PHONE_REGION=${NEXTCLOUD_DEFAULT_PHONE_REGION} 21 | - NEXTCLOUD_MAINTENANCE_WINDOW_START=${NEXTCLOUD_MAINTENANCE_WINDOW_START} 22 | - REDIS_HOST=redis 23 | - REDIS_HOST_PASSWORD=${REDIS_HOST_PASSWORD:-!ChangeMe!} 24 | - NEXTCLOUD_TRUSTED_DOMAINS=${NEXTCLOUD_TRUSTED_DOMAINS} 25 | # Envs used once during the installation 26 | - OVERWRITECLIURL=${OVERWRITECLIURL:-http://localhost} 27 | - OVERWRITEPROTOCOL=${OVERWRITEPROTOCOL:-http} 28 | - TRUSTED_PROXIES=${TRUSTED_PROXIES} 29 | # Uncomment the following lines to create an admin account. It works only 30 | # for fresh installations. 31 | #- NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER:-admin} 32 | #- NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD:-!ChangeMe!} 33 | 34 | nginx: 35 | build: 36 | context: ./docker/nginx 37 | image: ${IMAGES_PREFIX}-www 38 | restart: always 39 | ports: 40 | - ${NEXTCLOUD_HOST:-127.0.0.1}:${NEXTCLOUD_PORT:-80}:80 41 | volumes: 42 | - php_socket:/var/run/php 43 | - ./apps:/var/www/html/custom_apps 44 | - ./config:/var/www/html/config 45 | - ./data:/var/www/html/data 46 | - ./nextcloud:/var/www/html 47 | depends_on: 48 | - nextcloud 49 | 50 | db: 51 | build: 52 | context: ./docker/db 53 | image: ${IMAGES_PREFIX}-database 54 | command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW 55 | restart: always 56 | ports: 57 | - "127.0.0.1:${MYSQL_PORT:-3306}:3306" 58 | volumes: 59 | - ./db:/var/lib/mysql 60 | - ./initdb.d:/docker-entrypoint-initdb.d 61 | environment: 62 | - MYSQL_DATABASE=${MYSQL_DATABASE:-nextcloud} 63 | - MYSQL_PASSWORD=${MYSQL_PASSWORD:-!ChangeMe!} 64 | - MYSQL_RANDOM_ROOT_PASSWORD='1' 65 | - MYSQL_USER=${MYSQL_USER:-nextcloud} 66 | 67 | redis: 68 | build: 69 | context: ./docker/redis 70 | image: ${IMAGES_PREFIX}-redis 71 | restart: always 72 | environment: 73 | - REDIS_HOST_PASSWORD=${REDIS_HOST_PASSWORD:-!ChangeMe!} 74 | 75 | volumes: 76 | php_socket: 77 | -------------------------------------------------------------------------------- /docker/collabora/compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | collabora: 3 | image: collabora/code 4 | restart: always 5 | ports: 6 | - "127.0.0.1:${COLLABORA_PORT:?COLLABORA_PORT is not set or empty}:9980" 7 | environment: 8 | - cert_domain=${COLLABORA_CERT_DOMAIN} 9 | - dictionaries=${COLLABORA_DICTIONARIES} 10 | - aliasgroup1=${COLLABORA_DOMAIN:?COLLABORA_DOMAIN is not set or empty} 11 | - DONT_GEN_SSL_CERT=${COLLABORA_DONT_GEN_SSL_CERT} 12 | - extra_params=${COLLABORA_EXTRA_PARAMS} 13 | - password=${COLLABORA_PASSWORD} 14 | - SAL_LOG=${COLLABORA_SAL_LOG} 15 | - server_name=${COLLABORA_SERVER_NAME:?COLLABORA_SERVER_NAME is not set or empty} 16 | - username=${COLLABORA_USERNAME} 17 | cap_add: 18 | - MKNOD 19 | -------------------------------------------------------------------------------- /docker/coturn/Dockerfile: -------------------------------------------------------------------------------- 1 | # the different stages of this Dockerfile are meant to be built into separate images 2 | # https://docs.docker.com/develop/develop-images/multistage-build/#stop-at-a-specific-build-stage 3 | # https://docs.docker.com/compose/compose-file/#target 4 | 5 | 6 | # https://docs.docker.com/engine/reference/builder/#understand-how-arg-and-from-interact 7 | ARG COTURN_VERSION=4 8 | 9 | 10 | # "coturn" stage 11 | FROM coturn/coturn:${COTURN_VERSION} 12 | 13 | COPY turnserver.conf /etc/turnserver.conf 14 | 15 | COPY docker-entrypoint.sh / 16 | 17 | USER root:root 18 | RUN chmod +x /docker-entrypoint.sh 19 | 20 | ENTRYPOINT ["/docker-entrypoint.sh"] 21 | CMD ["--log-file=stdout", "--external-ip=$(detect-external-ip)"] 22 | -------------------------------------------------------------------------------- /docker/coturn/compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | nextcloud: 3 | depends_on: 4 | - coturn 5 | 6 | coturn: 7 | build: 8 | context: ./docker/coturn 9 | image: ${IMAGES_PREFIX}-coturn 10 | restart: always 11 | ports: 12 | - "${COTURN_PORT:?COTURN_PORT is not set or empty}:3478" 13 | - "${COTURN_PORT:?COTURN_PORT is not set or empty}:3478/udp" 14 | depends_on: 15 | - redis 16 | environment: 17 | - COTURN_SECRET=${COTURN_SECRET} 18 | - COTURN_REALM=${COTURN_REALM} 19 | - REDIS_HOST_PASSWORD=${REDIS_HOST_PASSWORD:-!ChangeMe!} 20 | -------------------------------------------------------------------------------- /docker/coturn/docker-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ "${1:0:1}" == '-' ]; then 4 | # Coturn can't reads from env 5 | sed -i "s/\(static-auth-secret=\).\+/\1${COTURN_SECRET}/" /etc/turnserver.conf 6 | sed -i "s/\(realm=\).\+/\1${COTURN_REALM}/" /etc/turnserver.conf 7 | sed -i "s/\(redis-userdb=\"ip=redis password=\).\+/\1${REDIS_HOST_PASSWORD}\"/" /etc/turnserver.conf 8 | fi 9 | 10 | docker-entrypoint.sh "$@" 11 | -------------------------------------------------------------------------------- /docker/coturn/turnserver.conf: -------------------------------------------------------------------------------- 1 | listening-port=3478 2 | fingerprint 3 | use-auth-secret 4 | static-auth-secret=$COTURN_SECRET 5 | realm=$COTURN_REALM 6 | total-quota=100 7 | bps-capacity=0 8 | stale-nonce 9 | no-cli 10 | no-multicast-peers 11 | no-stdout-log 12 | simple-log 13 | log-file=/dev/stdout 14 | redis-userdb="ip=redis password=$REDIS_HOST_PASSWORD" 15 | -------------------------------------------------------------------------------- /docker/db/Dockerfile: -------------------------------------------------------------------------------- 1 | # the different stages of this Dockerfile are meant to be built into separate images 2 | # https://docs.docker.com/develop/develop-images/multistage-build/#stop-at-a-specific-build-stage 3 | # https://docs.docker.com/compose/compose-file/#target 4 | 5 | 6 | # https://docs.docker.com/engine/reference/builder/#understand-how-arg-and-from-interact 7 | ARG MARIADB_VERSION=10.5 8 | 9 | 10 | # "mariadb" stage 11 | FROM mariadb:${MARIADB_VERSION} 12 | 13 | COPY nextcloud.cnf /etc/mysql/conf.d/zzz-nextcloud.cnf 14 | -------------------------------------------------------------------------------- /docker/db/nextcloud.cnf: -------------------------------------------------------------------------------- 1 | [server] 2 | skip_name_resolve = 1 3 | innodb_buffer_pool_size = 1G 4 | innodb_buffer_pool_instances = 1 5 | innodb_flush_log_at_trx_commit = 2 6 | innodb_log_buffer_size = 32M 7 | innodb_max_dirty_pages_pct = 90 8 | query_cache_type = 1 9 | query_cache_limit = 2M 10 | query_cache_min_res_unit = 2k 11 | query_cache_size = 64M 12 | tmp_table_size= 64M 13 | max_heap_table_size= 64M 14 | slow_query_log = 1 15 | slow_query_log_file = /var/log/mysql/slow.log 16 | long_query_time = 1 17 | 18 | [client] 19 | default-character-set = utf8mb4 20 | 21 | [mysqld] 22 | character_set_server = utf8mb4 23 | collation_server = utf8mb4_general_ci 24 | transaction_isolation = READ-COMMITTED 25 | binlog_format = ROW 26 | innodb_large_prefix=on 27 | innodb_file_format=barracuda 28 | innodb_file_per_table=1 29 | -------------------------------------------------------------------------------- /docker/elasticsearch/Dockerfile: -------------------------------------------------------------------------------- 1 | # the different stages of this Dockerfile are meant to be built into separate images 2 | # https://docs.docker.com/develop/develop-images/multistage-build/#stop-at-a-specific-build-stage 3 | # https://docs.docker.com/compose/compose-file/#target 4 | 5 | 6 | # https://docs.docker.com/engine/reference/builder/#understand-how-arg-and-from-interact 7 | ARG ELASTICSEARCH_VERSION=7.14.2 8 | 9 | 10 | # "elasticsearch" stage 11 | FROM elasticsearch:${ELASTICSEARCH_VERSION} AS elasticsearch 12 | 13 | 14 | RUN set -eux; \ 15 | \ 16 | bin/elasticsearch-plugin install --batch ingest-attachment 17 | -------------------------------------------------------------------------------- /docker/elasticsearch/compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | nextcloud: 3 | depends_on: 4 | - elasticsearch 5 | 6 | elasticsearch: 7 | build: 8 | context: ./docker/elasticsearch 9 | image: ${IMAGES_PREFIX}-elasticsearch 10 | restart: always 11 | environment: 12 | - discovery.type=single-node 13 | - bootstrap.memory_lock=true 14 | - ES_JAVA_OPTS=-Xms512m -Xmx512m 15 | ulimits: 16 | memlock: 17 | soft: -1 18 | hard: -1 19 | volumes: 20 | - elasticsearch_data:/usr/share/elasticsearch/data 21 | 22 | volumes: 23 | elasticsearch_data: 24 | driver: local 25 | -------------------------------------------------------------------------------- /docker/nextcloud/conf.d/nextcloud.dev.ini: -------------------------------------------------------------------------------- 1 | ; See https://docs.docker.com/desktop/networking/#i-want-to-connect-from-a-container-to-a-service-on-the-host 2 | ; See https://github.com/docker/for-linux/issues/264 3 | ; The `client_host` below may optionally be replaced with `discover_client_host=yes` 4 | ; Add `start_with_request=yes` to start debug session on each request 5 | xdebug.client_host = xdebug://gateway 6 | -------------------------------------------------------------------------------- /docker/nextcloud/conf.d/nextcloud.ini: -------------------------------------------------------------------------------- 1 | 2 | [PHP] 3 | expose_php = Off 4 | 5 | [mysql] 6 | mysql.allow_local_infile=On 7 | mysql.allow_persistent=On 8 | mysql.cache_size=2000 9 | mysql.max_persistent=-1 10 | mysql.max_links=-1 11 | mysql.default_port= 12 | mysql.default_socket=/var/lib/mysql/mysql.sock # Debian squeeze: /var/run/mysqld/mysqld.sock 13 | mysql.default_host= 14 | mysql.default_user= 15 | mysql.default_password= 16 | mysql.connect_timeout=60 17 | mysql.trace_mode=Off 18 | -------------------------------------------------------------------------------- /docker/nextcloud/conf.d/nextcloud.prod.ini: -------------------------------------------------------------------------------- 1 | ; Config php just to production environment 2 | -------------------------------------------------------------------------------- /docker/nextcloud/cron.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -eu 3 | 4 | isPreviewApp=$(php -f /var/www/html/occ | grep preview:pre-generate) 5 | 6 | if [ "$isPreviewApp" != '' ]; then 7 | echo "Preview pre-generate" 8 | php -f /var/www/html/occ preview:pre-generate 9 | fi 10 | -------------------------------------------------------------------------------- /docker/nextcloud/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -eu 3 | 4 | if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then 5 | if [ "$(id -u)" = 0 ]; then 6 | echo "Updating permissions" 7 | ( 8 | # chown -R www-data:root /var/www/html 9 | ( find /var/www/html -not -user www-data -print0 | xargs -P 0 -0 --no-run-if-empty chown --no-dereference www-data:root ) ; \ 10 | # chmod 750 www-data:root /var/www/html/data 11 | ( find /var/www/html/data -type d -not -perm 750 -print0 | xargs -P 0 -0 --no-run-if-empty chmod 750 ) ; \ 12 | ( find /var/www/html/data -type f -not -perm 650 -print0 | xargs -P 0 -0 --no-run-if-empty chmod 650 ) 13 | ) & 14 | fi 15 | fi 16 | 17 | exec /entrypoint.sh "$@" 18 | -------------------------------------------------------------------------------- /docker/nextcloud/notify_push.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | until NGINX_ERROR=$(curl nginx 2>&1); do 4 | echo "Wait for server" 5 | sleep 1 6 | done 7 | 8 | echo "Run notify_push" 9 | 10 | /var/www/html/custom_apps/notify_push/bin/x86_64/notify_push /var/www/html/config/config.php 11 | -------------------------------------------------------------------------------- /docker/nextcloud/php-fpm.d/nextcloud.conf: -------------------------------------------------------------------------------- 1 | [www] 2 | listen = /var/run/php/php-fpm.sock 3 | listen.mode = 0666 4 | 5 | pm = dynamic 6 | pm.max_children = 120 7 | pm.start_servers = 12 8 | pm.min_spare_servers = 6 9 | pm.max_spare_servers = 18 10 | -------------------------------------------------------------------------------- /docker/nextcloud/supervisord.conf: -------------------------------------------------------------------------------- 1 | [supervisord] 2 | nodaemon=true 3 | logfile=/var/log/supervisord/supervisord.log 4 | pidfile=/var/run/supervisord/supervisord.pid 5 | childlogdir=/var/log/supervisord/ 6 | logfile_maxbytes=50MB ; maximum size of logfile before rotation 7 | logfile_backups=10 ; number of backed up logfiles 8 | loglevel=error 9 | 10 | [program:php-fpm] 11 | stdout_logfile=/dev/stdout 12 | stdout_logfile_maxbytes=0 13 | stderr_logfile=/dev/stderr 14 | stderr_logfile_maxbytes=0 15 | command=php-fpm 16 | 17 | [program:cron] 18 | stdout_logfile=/dev/stdout 19 | stdout_logfile_maxbytes=0 20 | stderr_logfile=/dev/stderr 21 | stderr_logfile_maxbytes=0 22 | command=/cron.sh 23 | 24 | [program:notify_push] 25 | stdout_logfile=/dev/stdout 26 | stdout_logfile_maxbytes=0 27 | stderr_logfile=/dev/stderr 28 | stderr_logfile_maxbytes=0 29 | command=/notify_push.sh 30 | -------------------------------------------------------------------------------- /docker/nginx/Dockerfile: -------------------------------------------------------------------------------- 1 | # the different stages of this Dockerfile are meant to be built into separate images 2 | # https://docs.docker.com/develop/develop-images/multistage-build/#stop-at-a-specific-build-stage 3 | # https://docs.docker.com/compose/compose-file/#target 4 | 5 | 6 | # https://docs.docker.com/engine/reference/builder/#understand-how-arg-and-from-interact 7 | ARG NGINX_VERSION=1.20 8 | 9 | 10 | # "nginx" stage 11 | FROM nginx:${NGINX_VERSION}-alpine 12 | 13 | COPY nginx.conf /etc/nginx/conf.d/default.conf 14 | -------------------------------------------------------------------------------- /docker/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | upstream php-handler { 2 | #server 127.0.0.1:9000; 3 | server unix:/var/run/php/php-fpm.sock; 4 | } 5 | 6 | # Set the `immutable` cache control options only for assets with a cache busting `v` argument 7 | map $arg_v $asset_immutable { 8 | "" ""; 9 | default ", immutable"; 10 | } 11 | 12 | server { 13 | listen 80; 14 | listen [::]:80; 15 | 16 | # Path to the root of your installation 17 | root /var/www/html; 18 | 19 | # Prevent nginx HTTP Server Detection 20 | server_tokens off; 21 | 22 | # HSTS settings 23 | # WARNING: Only add the preload option once you read about 24 | # the consequences in https://hstspreload.org/. This option 25 | # will add the domain to a hardcoded list that is shipped 26 | # in all major browsers and getting removed from this list 27 | # could take several months. 28 | #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always; 29 | add_header Strict-Transport-Security "max-age=15768000; includeSubDomains;" always; 30 | 31 | # set max upload size and increase upload timeout: 32 | client_max_body_size 512M; 33 | client_body_timeout 300s; 34 | fastcgi_buffers 64 4K; 35 | 36 | # Enable gzip but do not remove ETag headers 37 | gzip on; 38 | gzip_vary on; 39 | gzip_comp_level 4; 40 | gzip_min_length 256; 41 | gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; 42 | gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; 43 | 44 | # Pagespeed is not supported by Nextcloud, so if your server is built 45 | # with the `ngx_pagespeed` module, uncomment this line to disable it. 46 | #pagespeed off; 47 | 48 | # The settings allows you to optimize the HTTP2 bandwidth. 49 | # See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/ 50 | # for tuning hints 51 | client_body_buffer_size 512k; 52 | 53 | # HTTP response headers borrowed from Nextcloud `.htaccess` 54 | add_header Referrer-Policy "no-referrer" always; 55 | add_header X-Content-Type-Options "nosniff" always; 56 | add_header X-Frame-Options "SAMEORIGIN" always; 57 | add_header X-Permitted-Cross-Domain-Policies "none" always; 58 | add_header X-Robots-Tag "noindex, nofollow" always; 59 | add_header X-XSS-Protection "1; mode=block" always; 60 | 61 | # Remove X-Powered-By, which is an information leak 62 | fastcgi_hide_header X-Powered-By; 63 | 64 | # Set .mjs and .wasm MIME types 65 | # Either include it in the default mime.types list 66 | # and include that list explicitly or add the file extension 67 | # only for Nextcloud like below: 68 | include mime.types; 69 | types { 70 | text/javascript js mjs; 71 | application/wasm wasm; 72 | } 73 | 74 | # Specify how to handle directories -- specifying `/index.php$request_uri` 75 | # here as the fallback means that Nginx always exhibits the desired behaviour 76 | # when a client requests a path that corresponds to a directory that exists 77 | # on the server. In particular, if that directory contains an index.php file, 78 | # that file is correctly served; if it doesn't, then the request is passed to 79 | # the front-end controller. This consistent behaviour means that we don't need 80 | # to specify custom rules for certain paths (e.g. images and other assets, 81 | # `/updater`, `/ocs-provider`), and thus 82 | # `try_files $uri $uri/ /index.php$request_uri` 83 | # always provides the desired behaviour. 84 | index index.php index.html /index.php$request_uri; 85 | 86 | # Rule borrowed from `.htaccess` to handle Microsoft DAV clients 87 | location = / { 88 | if ( $http_user_agent ~ ^DavClnt ) { 89 | return 302 /remote.php/webdav/$is_args$args; 90 | } 91 | } 92 | 93 | location = /robots.txt { 94 | allow all; 95 | log_not_found off; 96 | access_log off; 97 | } 98 | 99 | # Make a regex exception for `/.well-known` so that clients can still 100 | # access it despite the existence of the regex rule 101 | # `location ~ /(\.|autotest|...)` which would otherwise handle requests 102 | # for `/.well-known`. 103 | location ^~ /.well-known { 104 | # The rules in this block are an adaptation of the rules 105 | # in `.htaccess` that concern `/.well-known`. 106 | 107 | location = /.well-known/carddav { return 301 /remote.php/dav/; } 108 | location = /.well-known/caldav { return 301 /remote.php/dav/; } 109 | 110 | location /.well-known/acme-challenge { try_files $uri $uri/ =404; } 111 | location /.well-known/pki-validation { try_files $uri $uri/ =404; } 112 | 113 | # Let Nextcloud's API for `/.well-known` URIs handle all other 114 | # requests by passing them to the front-end controller. 115 | return 301 /index.php$request_uri; 116 | } 117 | 118 | # Rules borrowed from `.htaccess` to hide certain paths from clients 119 | location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; } 120 | location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } 121 | 122 | # Ensure this block, which passes PHP files to the PHP process, is above the blocks 123 | # which handle static assets (as seen below). If this block is not declared first, 124 | # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php` 125 | # to the URI, resulting in a HTTP 500 error response. 126 | location ~ \.php(?:$|/) { 127 | # Required for legacy support 128 | rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri; 129 | 130 | fastcgi_split_path_info ^(.+?\.php)(/.*)$; 131 | set $path_info $fastcgi_path_info; 132 | 133 | try_files $fastcgi_script_name =404; 134 | 135 | include fastcgi_params; 136 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 137 | fastcgi_param PATH_INFO $path_info; 138 | fastcgi_param HTTPS on; 139 | fastcgi_param REMOTE_ADDR $remote_addr; 140 | 141 | fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice 142 | fastcgi_param front_controller_active true; # Enable pretty urls 143 | fastcgi_pass php-handler; 144 | 145 | fastcgi_intercept_errors on; 146 | fastcgi_request_buffering off; 147 | 148 | fastcgi_max_temp_file_size 0; 149 | } 150 | 151 | # Serve static files 152 | location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ { 153 | try_files $uri /index.php$request_uri; 154 | # HTTP response headers borrowed from Nextcloud `.htaccess` 155 | add_header Cache-Control "public, max-age=15778463$asset_immutable"; 156 | add_header Referrer-Policy "no-referrer" always; 157 | add_header X-Content-Type-Options "nosniff" always; 158 | add_header X-Frame-Options "SAMEORIGIN" always; 159 | add_header X-Permitted-Cross-Domain-Policies "none" always; 160 | add_header X-Robots-Tag "noindex, nofollow" always; 161 | add_header X-XSS-Protection "1; mode=block" always; 162 | access_log off; # Optional: Don't log access to assets 163 | } 164 | 165 | location ~ \.woff2?$ { 166 | try_files $uri /index.php$request_uri; 167 | expires 7d; # Cache-Control policy borrowed from `.htaccess` 168 | access_log off; # Optional: Don't log access to assets 169 | } 170 | 171 | # Rule borrowed from `.htaccess` 172 | location /remote { 173 | return 301 /remote.php$request_uri; 174 | } 175 | 176 | location / { 177 | try_files $uri $uri/ /index.php$request_uri; 178 | } 179 | 180 | location ^~ /push/ { 181 | proxy_pass http://nextcloud:7867/; 182 | proxy_http_version 1.1; 183 | proxy_set_header Upgrade $http_upgrade; 184 | proxy_set_header Connection "Upgrade"; 185 | proxy_set_header Host $host; 186 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 187 | } 188 | } 189 | -------------------------------------------------------------------------------- /docker/redis/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM redis:7-alpine 2 | 3 | RUN apk add --no-cache openssl bash 4 | 5 | COPY start.sh /usr/bin/ 6 | RUN chmod +x /usr/bin/start.sh 7 | 8 | # Give root a random password 9 | RUN echo "root:$(openssl rand -base64 12)" | chpasswd 10 | 11 | USER redis 12 | ENTRYPOINT ["start.sh"] 13 | -------------------------------------------------------------------------------- /docker/redis/start.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Show wiki if vm.overcommit is disabled 4 | if [ "$(sysctl -n vm.overcommit_memory)" != "1" ]; then 5 | echo "Memory overcommit is disabled but necessary for safe operation" 6 | echo "See https://github.com/nextcloud/all-in-one/discussions/1731 how to enable overcommit" 7 | fi 8 | 9 | # Run redis with a password if provided 10 | if [ -n "$REDIS_HOST_PASSWORD" ]; then 11 | exec redis-server --requirepass "$REDIS_HOST_PASSWORD" 12 | else 13 | exec redis-server 14 | fi 15 | 16 | exec "$@" 17 | --------------------------------------------------------------------------------