redeploy nextcloud with ldap #96

Merged
mg merged 45 commits from nc_ldap into master 2024-06-03 21:23:53 +02:00
2 changed files with 25 additions and 173 deletions
Showing only changes of commit 83ea4cb5b6 - Show all commits

View file

@ -1,148 +0,0 @@
version: '3.3'
services:
######## Datenbank ########
nextcloud-db:
image: "mariadb:11.3.2"
container_name: nextcloud-db
command: --transaction-isolation=READ-COMMITTED --log-bin=ROW --innodb_read_only_compressed=OFF
restart: unless-stopped
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- db:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: "{{ lookup('keepass', 'nextcloud_mysql_root_password', 'password') }}"
MYSQL_PASSWORD: "{{ lookup('keepass', 'nextcloud_mysql_password', 'password') }}"
MYSQL_DATABASE: nextcloud
MYSQL_USER: nextcloud
MYSQL_INITDB_SKIP_TZINFO: 1
networks:
- intern
healthcheck:
interval: 30s
retries: 3
test:
[
"CMD",
"healthcheck.sh",
"--su-mysql",
"--connect"
]
timeout: 30s
# Error
## [ERROR] Incorrect definition of table mysql.column_stats: expected column 'histogram' at position 10 to have type longblob, found type varbinary(255).
## [ERROR] Incorrect definition of table mysql.column_stats: expected column 'hist_type' at position 9 to have type enum('SINGLE_PREC_HB','DOUBLE_PREC_HB','JSON_HB'), found type enum('SINGLE_PREC_HB','DOUBLE_PREC_HB').
# Fix
## docker exec nextcloud-db mysql nextcloud -p<MySQL-Root-Pw> -e "ALTER TABLE mysql.column_stats MODIFY histogram longblob;"
## docker exec nextcloud-db mysql nextcloud -p<MySQL-Root-Pw> -e "ALTER TABLE mysql.column_stats MODIFY hist_type enum('SINGLE_PREC_HB','DOUBLE_PREC_HB','JSON_HB');"
######## Redis ########
nextcloud-redis:
image: "redis:7.2.5"
container_name: nextcloud-redis
hostname: nextcloud-redis
networks:
- intern
restart: unless-stopped
command: "redis-server --requirepass {{ lookup('keepass', 'nextcloud_redis_host_password', 'password') }}"
healthcheck:
test: ["CMD", "redis-cli", "--pass", "{{ lookup('keepass', 'nextcloud_redis_host_password', 'password') }}", "--no-auth-warning", "ping"]
interval: 5s
timeout: 2s
retries: 3
######## cron ########
nextcloud-cron:
container_name: nextcloud-cron
image: "registry.mgrote.net/nextcloud-cronjob:latest"
restart: unless-stopped
network_mode: none
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /etc/localtime:/etc/localtime:ro
environment:
NEXTCLOUD_CONTAINER_NAME: nextcloud-app
NEXTCLOUD_CRON_MINUTE_INTERVAL: 1
######## Nextcloud ########
nextcloud-app:
image: "nextcloud:29.0.0"
container_name: nextcloud-app
restart: unless-stopped
depends_on:
- nextcloud-db
- nextcloud-redis
- nextcloud-cron
environment:
REDIS_HOST: nextcloud-redis
REDIS_HOST_PASSWORD: "{{ lookup('keepass', 'nextcloud_redis_host_password', 'password') }}"
MYSQL_DATABASE: nextcloud
MYSQL_USER: nextcloud
MYSQL_PASSWORD: "{{ lookup('keepass', 'nextcloud_mysql_password', 'password') }}"
MYSQL_HOST: nextcloud-db
NEXTCLOUD_TRUSTED_DOMAINS: "nextcloud.mgrote.net"
SMTP_HOST: mail-relay
#SMTP_SECURE: tls
SMTP_PORT: 25
#SMTP_AUTHTYPE: LOGIN
SMTP_NAME: info@mgrote.net
#SMTP_PASSWORD: "{{ lookup('keepass', 'strato_smtp_password', 'password') }}"
MAIL_FROM_ADDRESS: info@mgrote.net
PHP_MEMORY_LIMIT: 1024M
PHP_UPLOAD_LIMIT: 10G
APACHE_DISABLE_REWRITE_IP: 1
TRUSTED_PROXIES: "192.168.48.0/24" # Subnetz in dem sich traefik befindet
NEXTCLOUD_UPLOAD_LIMIT: 10G
NEXTCLOUD_MAX_TIME: 3600
APACHE_BODY_LIMIT: 0 # unlimited, https://github.com/nextcloud/docker/issues/1796
volumes:
- app:/var/www/html
- data:/var/www/html/data
networks:
- intern
- traefik
- mail-relay
healthcheck:
test: ["CMD", "curl", "-f", "--insecure", "http://localhost:80"]
interval: 30s
timeout: 10s
retries: 3
labels:
traefik.http.routers.nextcloud.rule: Host(`nextcloud.mgrote.net`)
traefik.enable: true
traefik.http.routers.nextcloud.tls: true
traefik.http.routers.nextcloud.tls.certresolver: resolver_letsencrypt
traefik.http.routers.nextcloud.entrypoints: entry_https
traefik.http.services.nextcloud.loadbalancer.server.port: 80
traefik.http.middlewares.nextcloud-webdav.replacepathregex.regex: "^/.well-known/ca(l|rd)dav"
traefik.http.middlewares.nextcloud-webdav.replacepathregex.replacement: "/remote.php/dav/"
traefik.http.middlewares.nextcloud-hsts.headers.stsincludesubdomains: false
traefik.http.middlewares.nextcloud-hsts.headers.stspreload: true
traefik.http.middlewares.nextcloud-hsts.headers.stsseconds: 15552001
traefik.http.middlewares.nextcloud-hsts.headers.isdevelopment: false
traefik.http.routers.nextcloud.middlewares: nextcloud-hsts,nextcloud-webdav
######## Networks ########
networks:
intern:
driver: bridge
traefik:
external: true
mail-relay:
external: true
######## Volumes ########
volumes:
db:
app:
data:
######## Doku ########
# Telefonregion
# docker exec --user www-data nextcloud-app php occ config:system:set default_phone_region --value="DE"
# https://help.nextcloud.com/t/nextcloud-wont-load-any-mixed-content/13565/3
# docker exec --user www-data nextcloud-app php occ config:system:set overwriteprotocol --value="https"
# docker exec --user www-data nextcloud-app php occ config:system:set overwrite.cli.url --value="http://nextcloud.mgrote.net"

View file

@ -1,15 +1,15 @@
version: '3.3' version: '3.3'
services: services:
######## Datenbank ######## ######## Datenbank ########
nextcloud-db-ldap: nextcloud-db:
image: "mariadb:11.3.2" image: "mariadb:11.3.2"
container_name: nextcloud-db-ldap container_name: nextcloud-db
command: --transaction-isolation=READ-COMMITTED --log-bin=ROW --innodb_read_only_compressed=OFF command: --transaction-isolation=READ-COMMITTED --log-bin=ROW --innodb_read_only_compressed=OFF
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro
- db-ldap:/var/lib/mysql - db:/var/lib/mysql
environment: environment:
MYSQL_ROOT_PASSWORD: "{{ lookup('keepass', 'nextcloud_mysql_root_password', 'password') }}" MYSQL_ROOT_PASSWORD: "{{ lookup('keepass', 'nextcloud_mysql_root_password', 'password') }}"
MYSQL_PASSWORD: "{{ lookup('keepass', 'nextcloud_mysql_password', 'password') }}" MYSQL_PASSWORD: "{{ lookup('keepass', 'nextcloud_mysql_password', 'password') }}"
@ -34,14 +34,14 @@ services:
## [ERROR] Incorrect definition of table mysql.column_stats: expected column 'histogram' at position 10 to have type longblob, found type varbinary(255). ## [ERROR] Incorrect definition of table mysql.column_stats: expected column 'histogram' at position 10 to have type longblob, found type varbinary(255).
## [ERROR] Incorrect definition of table mysql.column_stats: expected column 'hist_type' at position 9 to have type enum('SINGLE_PREC_HB','DOUBLE_PREC_HB','JSON_HB'), found type enum('SINGLE_PREC_HB','DOUBLE_PREC_HB'). ## [ERROR] Incorrect definition of table mysql.column_stats: expected column 'hist_type' at position 9 to have type enum('SINGLE_PREC_HB','DOUBLE_PREC_HB','JSON_HB'), found type enum('SINGLE_PREC_HB','DOUBLE_PREC_HB').
# Fix # Fix
## docker exec nextcloud-db-ldap mysql nextcloud -p<MySQL-Root-Pw> -e "ALTER TABLE mysql.column_stats MODIFY histogram longblob;" ## docker exec nextcloud-db mysql nextcloud -p<MySQL-Root-Pw> -e "ALTER TABLE mysql.column_stats MODIFY histogram longblob;"
## docker exec nextcloud-db-ldap mysql nextcloud -p<MySQL-Root-Pw> -e "ALTER TABLE mysql.column_stats MODIFY hist_type enum('SINGLE_PREC_HB','DOUBLE_PREC_HB','JSON_HB');" ## docker exec nextcloud-db mysql nextcloud -p<MySQL-Root-Pw> -e "ALTER TABLE mysql.column_stats MODIFY hist_type enum('SINGLE_PREC_HB','DOUBLE_PREC_HB','JSON_HB');"
######## Redis ######## ######## Redis ########
nextcloud-redis-ldap: nextcloud-redis:
image: "redis:7.2.5" image: "redis:7.2.5"
container_name: nextcloud-redis-ldap container_name: nextcloud-redis
hostname: nextcloud-redis-ldap hostname: nextcloud-redis
networks: networks:
- intern - intern
restart: unless-stopped restart: unless-stopped
@ -53,8 +53,8 @@ services:
retries: 3 retries: 3
######## cron ######## ######## cron ########
nextcloud-cron-ldap: nextcloud-cron:
container_name: nextcloud-cron-ldap container_name: nextcloud-cron
image: "registry.mgrote.net/nextcloud-cronjob:latest" image: "registry.mgrote.net/nextcloud-cronjob:latest"
restart: unless-stopped restart: unless-stopped
network_mode: none network_mode: none
@ -62,27 +62,27 @@ services:
- /var/run/docker.sock:/var/run/docker.sock:ro - /var/run/docker.sock:/var/run/docker.sock:ro
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
environment: environment:
NEXTCLOUD_CONTAINER_NAME: nextcloud-app-ldap NEXTCLOUD_CONTAINER_NAME: nextcloud-app
NEXTCLOUD_CRON_MINUTE_INTERVAL: 1 NEXTCLOUD_CRON_MINUTE_INTERVAL: 1
######## Nextcloud ######## ######## Nextcloud ########
nextcloud-app-ldap: nextcloud-app:
image: "nextcloud:29.0.0" image: "nextcloud:29.0.0"
container_name: nextcloud-app-ldap container_name: nextcloud-app
restart: unless-stopped restart: unless-stopped
depends_on: depends_on:
- nextcloud-db-ldap - nextcloud-db
- nextcloud-redis-ldap - nextcloud-redis
- nextcloud-cron-ldap - nextcloud-cron
environment: environment:
# redis # redis
REDIS_HOST: nextcloud-redis-ldap REDIS_HOST: nextcloud-redis
REDIS_HOST_PASSWORD: "{{ lookup('keepass', 'nextcloud_redis_host_password', 'password') }}" REDIS_HOST_PASSWORD: "{{ lookup('keepass', 'nextcloud_redis_host_password', 'password') }}"
# mysql # mysql
MYSQL_DATABASE: nextcloud MYSQL_DATABASE: nextcloud
MYSQL_USER: nextcloud MYSQL_USER: nextcloud
MYSQL_PASSWORD: "{{ lookup('keepass', 'nextcloud_mysql_password', 'password') }}" MYSQL_PASSWORD: "{{ lookup('keepass', 'nextcloud_mysql_password', 'password') }}"
MYSQL_HOST: nextcloud-db-ldap MYSQL_HOST: nextcloud-db
# mail # mail
SMTP_HOST: mail-relay SMTP_HOST: mail-relay
SMTP_PORT: 25 SMTP_PORT: 25
@ -101,8 +101,8 @@ services:
NEXTCLOUD_MAX_TIME: 3600 NEXTCLOUD_MAX_TIME: 3600
APACHE_BODY_LIMIT: 0 # unlimited, https://github.com/nextcloud/docker/issues/1796 APACHE_BODY_LIMIT: 0 # unlimited, https://github.com/nextcloud/docker/issues/1796
volumes: volumes:
- app-ldap:/var/www/html - app:/var/www/html
- data-ldap:/var/www/html/data - data:/var/www/html/data
# hook-script nach install welches die ldap-config setzt, je einmal nach install und vor starten # hook-script nach install welches die ldap-config setzt, je einmal nach install und vor starten
- ./ldap.sh:/docker-entrypoint-hooks.d/post-installation/ldap.sh - ./ldap.sh:/docker-entrypoint-hooks.d/post-installation/ldap.sh
- ./ldap.sh:/docker-entrypoint-hooks.d/before-starting/ldap.sh - ./ldap.sh:/docker-entrypoint-hooks.d/before-starting/ldap.sh
@ -121,7 +121,7 @@ services:
timeout: 10s timeout: 10s
retries: 3 retries: 3
labels: labels:
traefik.http.routers.nextcloud.rule: Host(`nextcloud-ldap.mgrote.net`) traefik.http.routers.nextcloud.rule: Host(`nextcloud.mgrote.net`)
traefik.enable: true traefik.enable: true
traefik.http.routers.nextcloud.tls: true traefik.http.routers.nextcloud.tls: true
traefik.http.routers.nextcloud.tls.certresolver: resolver_letsencrypt traefik.http.routers.nextcloud.tls.certresolver: resolver_letsencrypt
@ -148,9 +148,9 @@ networks:
external: true external: true
######## Volumes ######## ######## Volumes ########
volumes: volumes:
db-ldap: db:
app-ldap: app:
data-ldap: data:
# debug: docker exec --user www-data nextcloud-app-ldap php occ config:system:set trusted_domains 2 --value=docker10.mgrote.net # debug: docker exec --user www-data nextcloud-app php occ config:system:set trusted_domains 2 --value=docker10.mgrote.net