Optimized injection layer on lua base, as replace for nginx replace. Also optimized cloudflare cache deletion(no everytime for cleanup). Still CDN is required for logout mechanism via JS and Nextcloud deploy is buggy after changing from nginx to openresty. Propably some variable overwritte topic. Should be solved tomorrow.

2025-08-29 15:06:26 +02:00 · 2025-07-24 19:13:13 +02:00
parent f62355e490
commit 27973c2773
36 changed files with 483 additions and 115 deletions
--- a/roles/web-app-nextcloud/config/main.yml
+++ b/roles/web-app-nextcloud/config/main.yml
@@ -69,6 +69,9 @@ performance:
    memory_limit:               "{{ ((ansible_memtotal_mb | int) / 30)|int }}M" # Dynamic set memory limit
    upload_limit:               "5G"                                            # Set upload limit to 5GB for big media files
    opcache_memory_consumption: "{{ ((ansible_memtotal_mb | int) / 30)|int }}M" # Dynamic set memory consumption
+
+plugins_enabled:                true                                            # Implemented for speeding up testing and debugging process. For productive environments keep it true and steer the apps via the plugins config
+
 plugins:                                                  
 # List for Nextcloud Plugin Routine
 # Decides if plugins should be activated or deactivated
--- a/roles/web-app-nextcloud/tasks/main.yml
+++ b/roles/web-app-nextcloud/tasks/main.yml
@@ -49,6 +49,7 @@
  vars:
    plugin_key:   "{{ plugin_item.key }}"
    plugin_value: "{{ plugin_item.value }}"
+  when: nextcloud_plugins_enabled

 - name: Load system configuration
  include_tasks: 03_system.yml
--- a/roles/web-app-nextcloud/templates/env.j2
+++ b/roles/web-app-nextcloud/templates/env.j2
@@ -29,7 +29,7 @@ NEXTCLOUD_ADMIN_PASSWORD=       "{{applications | get_app_conf(application_id, '

 # Security

-NEXTCLOUD_TRUSTED_DOMAINS=      "{{ nextcloud_domains }}"
+NEXTCLOUD_TRUSTED_DOMAINS=      "{{ domains[application_id] | select | join(',') }}"
 # Whitelist local docker gateway in Nextcloud to prevent brute-force throtteling
 TRUSTED_PROXIES=                "{{ networks.internet.values() | select | join(',') }}"
 OVERWRITECLIURL=                "{{ domains | get_url(application_id, web_protocol) }}"
--- a/roles/web-app-nextcloud/templates/nginx/host.conf.j2
+++ b/roles/web-app-nextcloud/templates/nginx/host.conf.j2
@@ -6,7 +6,8 @@ server

  {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %}

-  {% include 'roles/srv-web-7-7-inj-compose/templates/global.includes.lua.j2'%}
+  {% include 'roles/srv-web-7-7-inj-compose/templates/server.conf.j2'%}
+
  # Remove X-Powered-By, which is an information leak
  fastcgi_hide_header X-Powered-By;

@@ -18,11 +19,7 @@ server
  client_body_buffer_size 400M;
  fastcgi_buffers 64 4K;

-  {% include 'roles/srv-proxy-7-4-core/templates/location/proxy_basic.conf.j2' %}
-
-  {% if applications | get_app_conf(application_id, 'features.logout', False) %}
-    {% include 'roles/web-svc-logout/templates/logout-proxy.conf.j2' %}
-  {% endif %}
+  {% include 'roles/srv-proxy-7-4-core/templates/location/html.conf.j2' %}

  location ^~ /.well-known {
    rewrite ^/\.well-known/host-meta\.json  /public.php?service=host-meta-json  last;
--- a/roles/web-app-nextcloud/vars/main.yml
+++ b/roles/web-app-nextcloud/vars/main.yml
@@ -6,6 +6,7 @@ container_port:                                 80
 # Database
 database_password:                              "{{ applications | get_app_conf(application_id, 'credentials.database_password', True)}}"
 database_type:                                  "mariadb"                                                     # Database flavor
+nextcloud_plugins_enabled:                      "{{ applications | get_app_conf(application_id, 'plugins_enabled', True) }}"

 # Networking
 domain:                                         "{{ domains | get_domain(application_id) }}"                  # Public domain at which Nextcloud will be accessable
@@ -23,15 +24,13 @@ nextcloud_control_node_plugin_tasks_directory:  "{{role_path}}/tasks/plugins/"
 nextcloud_host_config_additives_directory:      "{{ docker_compose.directories.volumes }}cymais/"               # This folder is the path to which the additive configurations will be copied
 nextcloud_host_include_instructions_file:       "{{ docker_compose.directories.volumes }}includes.php"          # Path to the instruction file on the host. Responsible for loading the additional configurations

-nextcloud_domains:                              "{{ domains | get_domain(application_id) }}"                    # This is wrong and should be optimized @todo implement support for multiple domains
-
 # Docker

 nextcloud_volume:                               "{{ applications | get_app_conf(application_id, 'docker.volumes.data', True) }}"

 nextcloud_version:                              "{{ applications | get_app_conf(application_id, 'docker.services.nextcloud.version', True) }}"
 nextcloud_image:                                "{{ applications | get_app_conf(application_id, 'docker.services.nextcloud.image', True) }}"
-nextcloud_container:                                 "{{ applications | get_app_conf(application_id, 'docker.services.nextcloud.name', True) }}"
+nextcloud_container:                            "{{ applications | get_app_conf(application_id, 'docker.services.nextcloud.name', True) }}"

 nextcloud_proxy_name:                           "{{ applications | get_app_conf(application_id, 'docker.services.proxy.name', True) }}"
 nextcloud_proxy_image:                          "{{ applications | get_app_conf(application_id, 'docker.services.proxy.image', True) }}"