diff --git a/.examples/docker-compose/insecure/mariadb/apache/compose.yaml b/.examples/docker-compose/insecure/mariadb/apache/compose.yaml index 4d0fd8fd..daa51590 100644 --- a/.examples/docker-compose/insecure/mariadb/apache/compose.yaml +++ b/.examples/docker-compose/insecure/mariadb/apache/compose.yaml @@ -23,6 +23,7 @@ services: - 127.0.0.1:8080:80 volumes: - nextcloud:/var/www/html:z + # NOTE: The `volumes` config of the `cron` and `app` containers must match environment: - MYSQL_HOST=db - REDIS_HOST=redis @@ -37,6 +38,7 @@ services: restart: always volumes: - nextcloud:/var/www/html:z + # NOTE: The `volumes` config of the `cron` and `app` containers must match entrypoint: /cron.sh depends_on: - db diff --git a/.examples/docker-compose/insecure/mariadb/fpm/compose.yaml b/.examples/docker-compose/insecure/mariadb/fpm/compose.yaml index 06b12afb..25e5b717 100644 --- a/.examples/docker-compose/insecure/mariadb/fpm/compose.yaml +++ b/.examples/docker-compose/insecure/mariadb/fpm/compose.yaml @@ -21,6 +21,7 @@ services: restart: always volumes: - nextcloud:/var/www/html:z + # NOTE: The `volumes` config of the `cron` and `app` containers must match environment: - MYSQL_HOST=db - REDIS_HOST=redis @@ -37,6 +38,7 @@ services: - 127.0.0.1:8080:80 volumes: - nextcloud:/var/www/html:z,ro + # NOTE: The `volumes` included here should match those of the `app` container (unless you know what you're doing) depends_on: - app @@ -45,6 +47,7 @@ services: restart: always volumes: - nextcloud:/var/www/html:z + # NOTE: The `volumes` config of the `cron` and `app` containers must match entrypoint: /cron.sh depends_on: - db diff --git a/.examples/docker-compose/insecure/postgres/apache/compose.yaml b/.examples/docker-compose/insecure/postgres/apache/compose.yaml index 646261d0..19c75ba4 100644 --- a/.examples/docker-compose/insecure/postgres/apache/compose.yaml +++ b/.examples/docker-compose/insecure/postgres/apache/compose.yaml @@ -18,6 +18,7 @@ services: - 127.0.0.1:8080:80 volumes: - nextcloud:/var/www/html:z + # NOTE: The `volumes` config of the `cron` and `app` containers must match environment: - POSTGRES_HOST=db - REDIS_HOST=redis @@ -32,6 +33,7 @@ services: restart: always volumes: - nextcloud:/var/www/html:z + # NOTE: The `volumes` config of the `cron` and `app` containers must match entrypoint: /cron.sh depends_on: - db @@ -39,4 +41,4 @@ services: volumes: db: - nextcloud: \ No newline at end of file + nextcloud: diff --git a/.examples/docker-compose/insecure/postgres/fpm/compose.yaml b/.examples/docker-compose/insecure/postgres/fpm/compose.yaml index b5071d5c..4e268cab 100644 --- a/.examples/docker-compose/insecure/postgres/fpm/compose.yaml +++ b/.examples/docker-compose/insecure/postgres/fpm/compose.yaml @@ -16,6 +16,7 @@ services: restart: always volumes: - nextcloud:/var/www/html:z + # NOTE: The `volumes` config of the `cron` and `app` containers must match environment: - POSTGRES_HOST=db - REDIS_HOST=redis @@ -32,6 +33,7 @@ services: - 127.0.0.1:8080:80 volumes: - nextcloud:/var/www/html:z,ro + # NOTE: The `volumes` included here should match those of the `app` container (unless you know what you're doing) depends_on: - app @@ -40,6 +42,7 @@ services: restart: always volumes: - nextcloud:/var/www/html:z + # NOTE: The `volumes` config of the `cron` and `app` containers must match entrypoint: /cron.sh depends_on: - db diff --git a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl-collabora-office-mariadb/README.MD b/.examples/docker-compose/with-nginx-proxy-self-signed-ssl-collabora-office-mariadb/README.MD new file mode 100644 index 00000000..26dc0b4f --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy-self-signed-ssl-collabora-office-mariadb/README.MD @@ -0,0 +1,5 @@ +This docker-compose.yml file will create a nextcloud instance with signed certs using the lets encrypt companion and the nginx reverse proxy. Collabora office will also be deployed using signed certs. To use collabora the app must be installed within nextcloud and configured to use office.DOMAIN.TLD. + +There is no need to specify a port, simply the pubilc domain used to create your certs for the office instance. Ports, 443 and 80 should be forwarded to the server. + +![Callabora Settings](collaboraOnlineNCSettings.png) diff --git a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl-collabora-office-mariadb/collaboraOnlineNCSettings.png b/.examples/docker-compose/with-nginx-proxy-self-signed-ssl-collabora-office-mariadb/collaboraOnlineNCSettings.png new file mode 100644 index 00000000..1922a887 Binary files /dev/null and b/.examples/docker-compose/with-nginx-proxy-self-signed-ssl-collabora-office-mariadb/collaboraOnlineNCSettings.png differ diff --git a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl-collabora-office-mariadb/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy-self-signed-ssl-collabora-office-mariadb/docker-compose.yml new file mode 100644 index 00000000..b6091b0b --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy-self-signed-ssl-collabora-office-mariadb/docker-compose.yml @@ -0,0 +1,109 @@ +version: '3' + +services: + + proxy: + image: jwilder/nginx-proxy:alpine + labels: + - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true" + container_name: nextcloud-proxy + networks: + - nextcloud_network + ports: + - 80:80 + - 443:443 + volumes: + - ./proxy/conf.d:/etc/nginx/conf.d:rw + - ./proxy/vhost.d:/etc/nginx/vhost.d:rw + - ./proxy/html:/usr/share/nginx/html:rw + - ./proxy/certs:/etc/nginx/certs:ro + - /etc/localtime:/etc/localtime:ro + - /var/run/docker.sock:/tmp/docker.sock:ro + restart: unless-stopped + + letsencrypt: + image: jrcs/letsencrypt-nginx-proxy-companion + container_name: nextcloud-letsencrypt + depends_on: + - proxy + networks: + - nextcloud_network + volumes: + - ./proxy/certs:/etc/nginx/certs:rw + - ./proxy/vhost.d:/etc/nginx/vhost.d:rw + - ./proxy/html:/usr/share/nginx/html:rw + - /etc/localtime:/etc/localtime:ro + - /var/run/docker.sock:/var/run/docker.sock:ro + restart: unless-stopped + db: + image: mariadb + container_name: nextcloud-mariadb + networks: + - nextcloud_network + volumes: + - db:/var/lib/mysql + - /etc/localtime:/etc/localtime:ro + environment: + # Create a root password for the maraiadb instance. + - MYSQL_ROOT_PASSWORD=CREATE-A-SECURE-ROOT-PASSWORD-HERE + # Create a password for the nextcloud users. If you have to manually connect your database you would use the nextcloud user and this password. + - MYSQL_PASSWORD=CREATE-A-SECURE-NEXTCLOUD-USER-PASSWORD-HERE + - MYSQL_DATABASE=nextcloud + - MYSQL_USER=nextcloud + restart: unless-stopped + + app: + image: nextcloud:latest + container_name: nextcloud-app + networks: + - nextcloud_network + depends_on: + - letsencrypt + - proxy + - db + volumes: + - nextcloud:/var/www/html + - ./app/config:/var/www/html/config + - ./app/custom_apps:/var/www/html/custom_apps + - ./app/data:/var/www/html/data + - ./app/themes:/var/www/html/themes + - /etc/localtime:/etc/localtime:ro + environment: + # The VIRTUAL_HOST and LETSENCRYPT_HOST should use the same publically reachable domain for your nextlcloud instance. + - VIRTUAL_HOST=cloud.DOMAIN.TLD + - LETSENCRYPT_HOST=cloud.DOMAIN.TLD + # This needs to be a real email as it will be used by let's encrypt for your cert and is used to warn you about renewals. + - LETSENCRYPT_EMAIL=YOUR-EMAIL@DOMAIN.TDL + restart: unless-stopped + collab: + image: collabora/code + container_name: nextcloud-collab + networks: + - nextcloud_network + depends_on: + - proxy + - letsencrypt + cap_add: + - MKNOD + ports: + - 9980:9980 + environment: + # This nees to be the same as what you set your app domain too (ex: cloud.domain.tld). + - domain=cloud\\.DOMAIN\\.TDL + - username=admin + # Create a passoword for the collabora office admin page. + - password=CREATE-A-SECURE-PASSWORD-HERE + - VIRTUAL_PROTO=https + - VIRTUAL_PORT=443 + # The VIRTUAL_HOST and LETSENCRYPT_HOST should use the same publically reachable domain for your collabora instance (ex: office.domain.tld). + - VIRTUAL_HOST=office.DOMAIN.TLD + - LETSENCRYPT_HOST=office.DOMAIN.TLD + # This needs to be a real email as it will be used by let's encrypt for your cert and is used to warn you about renewals. + - LETSENCRYPT_EMAIL=YOUR-EMAIL@DOMAIN.TDL + restart: unless-stopped +volumes: + nextcloud: + db: + +networks: + nextcloud_network: diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/compose.yaml b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/compose.yaml index 7a221407..2a0d57a5 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/compose.yaml +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/compose.yaml @@ -21,6 +21,7 @@ services: restart: always volumes: - nextcloud:/var/www/html:z + # NOTE: The `volumes` config of the `cron` and `app` containers must match environment: - VIRTUAL_HOST= - LETSENCRYPT_HOST= @@ -45,6 +46,7 @@ services: restart: always volumes: - nextcloud:/var/www/html:z + # NOTE: The `volumes` config of the `cron` and `app` containers must match entrypoint: /cron.sh depends_on: - db diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/compose.yaml b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/compose.yaml index ff7a5388..20db19a9 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/compose.yaml +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/compose.yaml @@ -21,6 +21,7 @@ services: restart: always volumes: - nextcloud:/var/www/html:z + # NOTE: The `volumes` config of the `cron` and `app` containers must match environment: - MYSQL_HOST=db - REDIS_HOST=redis @@ -36,6 +37,7 @@ services: restart: always volumes: - nextcloud:/var/www/html:z,ro + # NOTE: The `volumes` included here should match those of the `app` container (unless you know what you're doing) environment: - VIRTUAL_HOST= - LETSENCRYPT_HOST= @@ -51,6 +53,7 @@ services: restart: always volumes: - nextcloud:/var/www/html:z + # NOTE: The `volumes` config of the `cron` and `app` containers must match entrypoint: /cron.sh depends_on: - db diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/apache/compose.yaml b/.examples/docker-compose/with-nginx-proxy/postgres/apache/compose.yaml index a3dece4b..2eb4f638 100644 --- a/.examples/docker-compose/with-nginx-proxy/postgres/apache/compose.yaml +++ b/.examples/docker-compose/with-nginx-proxy/postgres/apache/compose.yaml @@ -16,6 +16,7 @@ services: restart: always volumes: - nextcloud:/var/www/html:z + # NOTE: The `volumes` config of the `cron` and `app` containers must match environment: - VIRTUAL_HOST= - LETSENCRYPT_HOST= @@ -37,6 +38,7 @@ services: restart: always volumes: - nextcloud:/var/www/html:z + # NOTE: The `volumes` config of the `cron` and `app` containers must match entrypoint: /cron.sh depends_on: - db diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/compose.yaml b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/compose.yaml index 09a80e7d..80be65a6 100644 --- a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/compose.yaml +++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/compose.yaml @@ -18,6 +18,7 @@ services: restart: always volumes: - nextcloud:/var/www/html:z + # NOTE: The `volumes` config of the `cron` and `app` containers must match environment: - POSTGRES_HOST=db - REDIS_HOST=redis @@ -33,6 +34,7 @@ services: restart: always volumes: - nextcloud:/var/www/html:z,ro + # NOTE: The `volumes` included here should match those of the `app` container (unless you know what you're doing) environment: - VIRTUAL_HOST= - LETSENCRYPT_HOST= @@ -48,6 +50,7 @@ services: restart: always volumes: - nextcloud:/var/www/html:z + # NOTE: The `volumes` config of the `cron` and `app` containers must match entrypoint: /cron.sh depends_on: - db diff --git a/README.md b/README.md index d8f41dcb..ab6608ad 100644 --- a/README.md +++ b/README.md @@ -103,7 +103,8 @@ If mounting additional volumes under `/var/www/html`, you should consider: You should note that data inside the main folder (`/var/www/html`) will be overridden/removed during installation and upgrades, unless listed in [upgrade.exclude](https://github.com/nextcloud/docker/blob/master/upgrade.exclude). The additional volumes officially supported are already in that list, but custom volumes will need to be added by you. We suggest mounting custom storage volumes outside of `/var/www/html` and if possible read-only so that making this adjustment is unnecessary. If you must do so, however, you may build a custom image with a modified `/upgrade.exclude` file that incorporates your custom volume(s). -## Using the Nextcloud command-line interface +## Using the Nextcloud command-line interface (`occ`) + To use the [Nextcloud command-line interface](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html) (aka. `occ` command): ```console $ docker exec --user www-data CONTAINER_ID php occ @@ -112,6 +113,23 @@ or for docker compose: ```console $ docker compose exec --user www-data app php occ ``` +or even shorter: +```console +$ docker compose exec -u33 app ./occ +``` +Note: substitute `82` for `33` if using the Alpine-based images. + +## Viewing the Nextcloud configuration (`config.php`) + +The image takes advantage of Nextcloud's [Multiple config.php support](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#multiple-config-php-file) to inject auto configuration environment variables and set image specific config values. + +This means that merely viewing your `config.php` will not give you an accurate view of your running config. Instead, you should use Nextcloud's [`occ config:list system` command](https://docs.nextcloud.com/server/latest/admin_manual/occ_command.html#config-commands-label) to get get a complete view of your merged configuration. This has the added benefit of automatically omitting sensitive values such as passwords and secrets from the output by default (e.g. useful for shared publicly or assisting others when troubleshooting or reporting a bug). + +```console +$ docker compose exec -u33 app ./occ config:list system +``` + +The `--private` flag can also be specified, in order to output all configuration values including passwords and secrets. ## Auto configuration via environment variables The Nextcloud image supports auto configuration via environment variables. You can preconfigure everything that is asked on the install page on first run. To enable auto configuration, set your database connection via the following environment variables. You must specify all of the environment variables for a given database or the database environment variables defaults to SQLITE. ONLY use one database type!