Optimized PHP performance

This commit is contained in:
Kevin Veen-Birkenbach 2025-02-28 15:53:27 +01:00
parent 9a49e7aa3b
commit 93ff9ea575
7 changed files with 59 additions and 46 deletions

View File

@ -257,31 +257,36 @@ defaults_applications:
## Nextcloud
nextcloud:
version: "production" # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/
version: "production" # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/
ldap:
enabled: True # Enables LDAP by default
enabled: True # Enables LDAP by default
oidc:
enabled: "{{ _applications_nextcloud_oidc_enabled }}" # Activate OIDC for Nextcloud
enabled: "{{ _applications_nextcloud_oidc_enabled }}" # Activate OIDC for Nextcloud
# floavor decides which OICD plugin should be used.
# Available options: oidc_login, sociallogin
# @see https://apps.nextcloud.com/apps/oidc_login
# @see https://apps.nextcloud.com/apps/sociallogin
flavor: "oidc_login" # Keeping on sociallogin because the other option is not implemented yet
force_import: False # Forces the import of the LDIF files
flavor: "oidc_login" # Keeping on sociallogin because the other option is not implemented yet
force_import: False # Forces the import of the LDIF files
database:
central_storage: True # Activate Central Database Storage
central_storage: True # Activate Central Database Storage
credentials:
# database_password: Null # Needs to be set in inventory file
# database_password: Null # Needs to be set in inventory file
users:
administrator:
username: "{{users.administrator.username}}"
initial_password: "{{users.administrator.initial_password}}"
default_quota: '1000000000' # Quota to assign if no quota is specified in the OIDC response (bytes)
initial_password: "{{users.administrator.initial_password}}" # Keep in mind to change the password fast after creation and activate 2FA
default_quota: '1000000000' # Quota to assign if no quota is specified in the OIDC response (bytes)
legacy_login_mask:
enabled: False # If true, then legacy login mask is shown. Otherwise just SSO
enabled: False # If true, then legacy login mask is shown. Otherwise just SSO
container:
application: "nextcloud-application" # Nextcloud application container name
proxy: "nextcloud-web" # Nextcloud Proxy Container Name
application: "nextcloud-application" # Nextcloud application container name
proxy: "nextcloud-web" # Nextcloud Proxy Container Name
performance:
php:
memory_limit: "{{ ((ansible_memtotal_mb | int) / 30)|int }}M" # Dynamic set memory limit
upload_limit: "5G" # Set upload limit to 5GB for big media files
opcache_memory_consumption: "{{ ((ansible_memtotal_mb | int) / 30)|int }}M" # Dynamic set memory consumption
plugins:
# List for Nextcloud Plugin Routine
# Decides if plugins should be activated or deactivated
@ -434,7 +439,7 @@ defaults_applications:
enabled: false # Deactivated because it let to bugs
richdocuments:
# Nextcloud Rich Documents: provides collaborative document editing capabilities (https://apps.nextcloud.com/apps/richdocuments)
enabled: true
enabled: false # @todo To set it default to true activate https://hub.docker.com/r/collabora/code before
sociallogin:
# Nextcloud social login: allows authentication using social networks (https://apps.nextcloud.com/apps/sociallogin)
enabled: "{{ _applications_nextcloud_oidc_flavor=='sociallogin' | lower }}"
@ -443,7 +448,7 @@ defaults_applications:
- oidc_login # Will be disabled
spreed:
# Nextcloud Spreed: offers video conferencing and chat functionalities (https://apps.nextcloud.com/apps/spreed)
enabled: true
enabled: false # @todo to activate it first implement docker-coturn and activate it
tables:
# Nextcloud tables: allows creation and editing of tables within the interface (https://apps.nextcloud.com/apps/tables)
enabled: true

View File

@ -16,7 +16,8 @@
owner: "{{nextcloud_docker_user_id}}"
group: "{{nextcloud_docker_user_id}}"
loop: "{{ lookup('fileglob', role_path ~ '/templates/config/*.j2', wantlist=True) }}"
notify: docker compose restart
# Not all type of changes take instantly place. Due to this reason a rebuild is required.
notify: docker compose project setup
- name: "include role for {{application_id}} to recieve certs & do modification routines"
include_role:

View File

@ -4,10 +4,11 @@
return array (
# For single server setup APCu is recommended, for multi server setup Redis
'memcache.local' => '\\OC\\Memcache\\{% if deployment_mode == "single" %}APCu{% else %}Redis{% endif %}',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => 'redis',
'port' => 6379,
)
# The following lines are configured via the environment variables
# 'memcache.locking' => '\\OC\\Memcache\\Redis',
# 'redis' =>
# array (
# 'host' => 'redis',
# 'port' => 6379,
# )
);

View File

@ -1,6 +1,7 @@
<?php
# Activates the turn server
# @see https://nextcloud-talk.readthedocs.io/en/latest/TURN/
return 'turn_servers' => [
[
'host' => 'coturn',

View File

@ -2,27 +2,39 @@
# @See https://github.com/nextcloud/docker/blob/master/README.md
# Database Configuration
MYSQL_DATABASE= "{{database_name}}"
MYSQL_USER= "{{database_username}}"
MYSQL_PASSWORD= "{{database_password}}"
MYSQL_HOST= "{{database_host}}:{{database_port}}"
MYSQL_DATABASE= "{{database_name}}"
MYSQL_USER= "{{database_username}}"
MYSQL_PASSWORD= "{{database_password}}"
MYSQL_HOST= "{{database_host}}:{{database_port}}"
# Memory
PHP_MEMORY_LIMIT= 1G # Required for plugin duplicate finder
# PHP
PHP_MEMORY_LIMIT= "{{applications[application_id].perfomance.php.memory_limit}}"
PHP_UPLOAD_LIMIT= "{{applications[application_id].perfomance.php.upload_limit}}"
PHP_OPCACHE_MEMORY_CONSUMPTION= "{{applications[application_id].perfomance.php.opcache_memory_consumption}}"
# Email Configuration
SMTP_HOST= {{system_email.host}}
SMTP_SECURE= {{ 'ssl' if system_email.tls else '' }}
SMTP_PORT= {{system_email.port}}
SMTP_NAME= {{system_email.username}}
SMTP_PASSWORD= {{system_email.password}}
SMTP_HOST= {{system_email.host}}
SMTP_SECURE= {{ 'ssl' if system_email.tls else '' }}
SMTP_PORT= {{system_email.port}}
SMTP_NAME= {{system_email.username}}
SMTP_PASSWORD= {{system_email.password}}
# Email from configuration
MAIL_FROM_ADDRESS= "{{system_email.local}}"
MAIL_DOMAIN= "{{system_email.domain}}"
MAIL_FROM_ADDRESS= "{{system_email.local}}"
MAIL_DOMAIN= "{{system_email.domain}}"
# Initial Admin Data
NEXTCLOUD_ADMIN_USER= "{{applications[application_id].users.administrator.username}}"
NEXTCLOUD_ADMIN_PASSWORD= "{{applications[application_id].users.administrator.initial_password}}"
NEXTCLOUD_ADMIN_USER= "{{applications[application_id].users.administrator.username}}"
NEXTCLOUD_ADMIN_PASSWORD= "{{applications[application_id].users.administrator.initial_password}}"
NEXTCLOUD_TRUSTED_DOMAINS= "{{domains[application_id]}}"
# Security
NEXTCLOUD_TRUSTED_DOMAINS= "{{domains[application_id]}}"
# Whitelist local docker gateway in Nextcloud to prevent brute-force throtteling
TRUSTED_PROXIES= "192.168.102.65"
OVERWRITECLIURL= "https://{{domains[application_id]}}"
OVERWRITEPROTOCOL= "https"
# Redis Configuration
REDIS_HOST= redis
REDIS_PORT= 6379

View File

@ -12,12 +12,4 @@ nextcloud_system_config:
value: "{{ on_calendar_nextcloud }}"
- parameter: "default_phone_region"
value: "{{ locale | upper }}"
# Force https
- parameter: "overwrite.cli.url"
value: "https://{{domains[application_id]}}"
# Force https
- parameter: "overwriteprotocol"
value: "https"
value: "{{ locale | upper }}"

View File

@ -9,6 +9,7 @@ location {{location | default("/")}}
# headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Accept-Encoding "";