diff --git a/templates/Nextcloud/0/README.md b/templates/Nextcloud/0/README.md index 180b3a8..bb093a4 100644 --- a/templates/Nextcloud/0/README.md +++ b/templates/Nextcloud/0/README.md @@ -4,31 +4,6 @@ * Traefik deployed -## First Run Setup - -### Add Configuration For NGINX - -nginx.conf and mime.types to be put in the Configuration/NGINX directory. - -Included nginx.conf has only a few minor tweaks from the one located here: - -https://docs.nextcloud.com/server/stable/admin_manual/installation/nginx.html#nextcloud-in-the-webroot-of-nginx - -### Add Your Domain as a Trusted Domain - -[Official Documentation](https://docs.nextcloud.com/server/latest/admin_manual/installation/installation_wizard.html#trusted-domains) - -* Open the "config.php" file, located in `/Application/config`. -* Under the "trusted_domains" array, add `1 => 'cloud.williammiceli.systems',`. - -### Apache Configuration Reference - -https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html? - -### Setup trusted domains on first startup - -https://docs.nextcloud.com/server/14/admin_manual/installation/installation_wizard.html#trusted-domains - ## Useful Tools * [Official Security Check](https://scan.nextcloud.com/) diff --git a/templates/Nextcloud/0/Resources/conf.d/collabora.conf b/templates/Nextcloud/0/Resources/conf.d/collabora.conf deleted file mode 100644 index 0b718bd..0000000 --- a/templates/Nextcloud/0/Resources/conf.d/collabora.conf +++ /dev/null @@ -1,44 +0,0 @@ -server { - listen 81; - listen [::]:81; - server_name _; - - #access_log logs/collabora_access.log; - #error_log logs/collabora_error.log error; - - # static files - location ^~ /loleaflet { - proxy_pass http://collabora:9980; - proxy_set_header Host $http_host; - } - - # WOPI discovery URL - location ^~ /hosting/discovery { - proxy_pass http://collabora:9980; - proxy_set_header Host $http_host; - } - - # main websocket - location ~ ^/lool/(.*)/ws$ { - proxy_pass http://collabora:9980; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $http_host; - proxy_read_timeout 36000s; - } - - # download, presentation and image upload - location ~ ^/lool { - proxy_pass http://collabora:9980; - proxy_set_header Host $http_host; - } - - # Admin Console websocket - location ^~ /lool/adminws { - proxy_pass http://collabora:9980; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $http_host; - proxy_read_timeout 36000s; - } -} \ No newline at end of file diff --git a/templates/Nextcloud/0/Resources/conf.d/nextcloud.conf b/templates/Nextcloud/0/Resources/conf.d/nextcloud.conf deleted file mode 100644 index e2ee329..0000000 --- a/templates/Nextcloud/0/Resources/conf.d/nextcloud.conf +++ /dev/null @@ -1,127 +0,0 @@ -upstream php-handler { - server nextcloud:9000; -} - -server { - listen 80; - listen [::]:80; - server_name _; - - #---------------------------------------- - # Logging - #---------------------------------------- - - #access_log logs/nextcloud_access.log; - #error_log logs/nextcloud_error.log error; - - #---------------------------------------- - # Basic Settings - #---------------------------------------- - - root /var/www/html/; # Path to the root of your installation - - client_max_body_size 10G; # Max upload size - fastcgi_buffers 64 4K; - - #---------------------------------------- - # GZip - #---------------------------------------- - - # Enable gzip but do not remove ETag headers - gzip on; - gzip_vary on; - gzip_comp_level 4; - gzip_min_length 256; - gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; - gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; - - #---------------------------------------- - # Security Headers - #---------------------------------------- - - # Add headers to serve security related headers - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; - add_header Referrer-Policy no-referrer; - - fastcgi_hide_header X-Powered-By; # Remove X-Powered-By, which is an information leak - - #---------------------------------------- - # Locations - #---------------------------------------- - - error_page 403 /core/templates/403.php; - error_page 404 /core/templates/404.php; - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location = /.well-known/carddav { - return 301 $scheme://$host/remote.php/dav; - } - - location = /.well-known/caldav { - return 301 $scheme://$host/remote.php/dav; - } - - location / { - rewrite ^ /index.php$request_uri; - } - - location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { - deny all; - } - - location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { - deny all; - } - - location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) { - fastcgi_split_path_info ^(.+\.php)(/.*)$; - # Mitigate https://httpoxy.org/ vulnerabilities: - fastcgi_param HTTP_PROXY ""; - #fastcgi_index index.php; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; - #Avoid sending the security headers twice - fastcgi_param modHeadersAvailable true; - fastcgi_param front_controller_active true; - fastcgi_pass php-handler; - fastcgi_intercept_errors on; - fastcgi_request_buffering off; - } - - location ~ ^/(?:updater|ocs-provider)(?:$|/) { - try_files $uri/ =404; - index index.php; - } - - # Adding the cache control header for js and css files - # Make sure it is BELOW the PHP block - location ~ \.(?:css|js|woff|svg|gif)$ { - try_files $uri /index.php$request_uri; - add_header Cache-Control "public, max-age=15778463"; - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; - add_header Referrer-Policy no-referrer; - - # Optional: Don't log access to assets - access_log off; - } - - location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ { - try_files $uri /index.php$request_uri; - # Optional: Don't log access to other assets - access_log off; - } -} \ No newline at end of file diff --git a/templates/Nextcloud/0/Resources/fastcgi_params b/templates/Nextcloud/0/Resources/fastcgi_params deleted file mode 100644 index c2f509a..0000000 --- a/templates/Nextcloud/0/Resources/fastcgi_params +++ /dev/null @@ -1,21 +0,0 @@ -fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; -fastcgi_param QUERY_STRING $query_string; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param CONTENT_LENGTH $content_length; -fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param SERVER_PROTOCOL $server_protocol; -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; -fastcgi_param REMOTE_ADDR $remote_addr; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_PORT $server_port; -fastcgi_param SERVER_NAME $server_name; - -fastcgi_index index.php; - -fastcgi_param REDIRECT_STATUS 200; \ No newline at end of file diff --git a/templates/Nextcloud/0/Resources/mime.types b/templates/Nextcloud/0/Resources/mime.types deleted file mode 100644 index 62bd4b6..0000000 --- a/templates/Nextcloud/0/Resources/mime.types +++ /dev/null @@ -1,48 +0,0 @@ -types { - text/html html htm shtml; - text/css css; - text/xml xml rss; - image/gif gif; - image/jpeg jpeg jpg; - application/x-javascript js; - text/plain txt; - text/x-component htc; - text/mathml mml; - image/png png; - image/x-icon ico; - image/x-jng jng; - image/vnd.wap.wbmp wbmp; - application/java-archive jar war ear; - application/mac-binhex40 hqx; - application/pdf pdf; - application/x-cocoa cco; - application/x-java-archive-diff jardiff; - application/x-java-jnlp-file jnlp; - application/x-makeself run; - application/x-perl pl pm; - application/x-pilot prc pdb; - application/x-rar-compressed rar; - application/x-redhat-package-manager rpm; - application/x-sea sea; - application/x-shockwave-flash swf; - application/x-stuffit sit; - application/x-tcl tcl tk; - application/x-x509-ca-cert der pem crt; - application/x-xpinstall xpi; - application/zip zip; - application/octet-stream deb; - application/octet-stream bin exe dll; - application/octet-stream dmg; - application/octet-stream eot; - application/octet-stream iso img; - application/octet-stream msi msp msm; - audio/mpeg mp3; - audio/x-realaudio ra; - video/mpeg mpeg mpg; - video/quicktime mov; - video/x-flv flv; - video/x-msvideo avi; - video/x-ms-wmv wmv; - video/x-ms-asf asx asf; - video/x-mng mng; -} \ No newline at end of file diff --git a/templates/Nextcloud/0/Resources/nginx.conf b/templates/Nextcloud/0/Resources/nginx.conf deleted file mode 100644 index 682ca28..0000000 --- a/templates/Nextcloud/0/Resources/nginx.conf +++ /dev/null @@ -1,82 +0,0 @@ -user www-data; -worker_processes auto; - -#error_log /var/log/nginx_error.log info; # [ debug | info | notice | warn | error | crit ] -pid /var/run/nginx.pid; - -events { - worker_connections 1024; - use epoll; # use [ kqueue | rtsig | epoll | /dev/poll | select | poll ] -} - -http { - - #---------------------------------------- - # Logging - #---------------------------------------- - - - # REFERENCE 1 - #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - # '$status $body_bytes_sent "$http_referer" ' - # '"$http_user_agent" "$http_x_forwarded_for"'; - - #access_log /var/log/nginx/http_access.log main; - - # REFERENCE 2 - #log_format main '$remote_addr - $host [$time_local] "$request" ' - # '$status $body_bytes_sent "$http_referer" ' - # '"$http_user_agent" "$http_x_forwarded_for"' - # 'rt=$request_time ut=$upstream_response_time ' - # 'cs=$upstream_cache_status'; - - #log_format cache '$remote_addr - $host [$time_local] "$request" $status ' - # '$body_bytes_sent "$http_referer" ' - # 'rt=$request_time ut=$upstream_response_time ' - # 'cs=$upstream_cache_status'; - - #access_log /var/log/nginx/http_access.log main; - #error_log /var/log/nginx/http_error.log error; - - #---------------------------------------- - # Basic Settings - #---------------------------------------- - - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - #---------------------------------------- - # Common Limits - #---------------------------------------- - - client_max_body_size 1G; # Max upload size - - #---------------------------------------- - # GZip - #---------------------------------------- - - gzip on; - gzip_vary on; - gzip_comp_level 4; - gzip_min_length 1000; - gzip_buffers 4 8k; - gzip_types text/plain; - - #---------------------------------------- - # Cache - #---------------------------------------- - - proxy_cache_valid 1m; - - #---------------------------------------- - # Virtual Hosts - #---------------------------------------- - - include /etc/nginx/conf.d/*.conf; - -} \ No newline at end of file diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index 80f1d1e..184e7db 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -1,29 +1,8 @@ version: '2' services: - {{- if eq .Values.COLLABORA "true"}} - collabora: - image: collabora/code:latest - cap_add: - - MKNOD # Ability to create special files (https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities) - dns: # Using Cloudflare DNS - - 1.1.1.1 - - 1.0.0.1 - environment: - domain: collabora.${TRAEFIK_HOST} - labels: - io.rancher.container.pull_image: always - {{- if .Values.HOST_LABEL}} - io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} - {{- end}} - traefik.enable: false - restart: on-failure - volumes: - - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - {{- end}} cron: - image: nextcloud:fpm-alpine + image: nextcloud:apache dns: # Using Cloudflare DNS - 1.1.1.1 - 1.0.0.1 @@ -41,7 +20,7 @@ services: volumes_from: - nginx nextcloud: - image: nextcloud:fpm-alpine + image: nextcloud:apache dns: # Using Cloudflare DNS - 1.1.1.1 - 1.0.0.1 @@ -58,26 +37,7 @@ services: {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} - traefik.enable: false - links: - - mysql - {{- if eq .Values.REDIS "true"}} - - redis - {{- end}} - restart: on-failure - volumes_from: - - nginx - nginx: - image: nginx:latest # Can't use ":alpine" until I have a way to get the "www-data" user added automatically. (Project for another time) - dns: # Using Cloudflare DNS - - 1.1.1.1 - - 1.0.0.1 - labels: - io.rancher.container.pull_image: always - {{- if .Values.HOST_LABEL}} - io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} - {{- end}} - io.rancher.sidekicks: cron, nextcloud + io.rancher.sidekicks: cron traefik.enable: true ### Start Nextcloud Segment traefik.nextcloud.frontend.entryPoints: http,https @@ -89,21 +49,11 @@ services: traefik.nextcloud.frontend.rule: Host:${TRAEFIK_HOST} traefik.nextcloud.port: "80" ### End Nextcloud Segment - ### Start Collabora Segment - traefik.collabora.frontend.entryPoints: http,https - traefik.collabora.frontend.headers.forceSTSHeader: true - traefik.collabora.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information) - traefik.collabora.frontend.headers.SSLRedirect: true - traefik.collabora.frontend.headers.STSPreload: true - traefik.collabora.frontend.headers.STSSeconds: 15552000 - traefik.collabora.frontend.rule: Host:collabora.${TRAEFIK_HOST} - traefik.collabora.port: "81" - ### End Collabora Segment links: - {{- if eq .Values.COLLABORA "true"}} - - collabora + - mysql + {{- if eq .Values.REDIS "true"}} + - redis {{- end}} - - nextcloud {{- if .Values.WEB_PORT}} ports: - "${WEB_PORT}:80" @@ -113,12 +63,9 @@ services: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - /RancherCattle/${DATA_DIR}/Apps:/var/www/html/custom_apps # Nextcloud apps - - /RancherCattle/${DATA_DIR}/Configuration/Nextcloud:/var/www/html/config # Nextcloud configuration files - - /RancherCattle/${DATA_DIR}/Configuration/NGINX:/etc/nginx # NGINX configuration files + - /RancherCattle/${DATA_DIR}/Configuration:/var/www/html/config # Nextcloud configuration files - /RancherCattle/${DATA_DIR}/Nextcloud:/var/www/html # Nextcloud site - /RancherCattle/${DATA_DIR}/UserData:/var/www/html/data # Users' data file - #- /RancherCattle/${DATA_DIR}/Logs/Nextcloud - #- /RancherCattle/${DATA_DIR}/Logs/NGINX mysql: image: mysql:5 dns: # Using Cloudflare DNS diff --git a/templates/Nextcloud/0/rancher-compose.yml b/templates/Nextcloud/0/rancher-compose.yml index 7a54f5a..faa54a4 100644 --- a/templates/Nextcloud/0/rancher-compose.yml +++ b/templates/Nextcloud/0/rancher-compose.yml @@ -65,14 +65,6 @@ catalog: required: true type: password - - variable: "COLLABORA" - label: "Enable Collabora" - description: | - Add a Collabora container for office document editing and live collaboration. Additional setup required, see README. - default: true - required: true - type: boolean - - variable: "REDIS" label: "Enable Redis" description: |