Optimized PHP performance

group_vars/all/07_applications.yml

@@ -275,13 +275,18 @@ defaults_applications:
     users:      
       administrator:
         username:           "{{users.administrator.username}}"
-        initial_password:   "{{users.administrator.initial_password}}"
+        initial_password:   "{{users.administrator.initial_password}}"              # Keep in mind to change the password fast after creation and activate 2FA
     default_quota:          '1000000000'                                            # Quota to assign if no quota is specified in the OIDC response (bytes)
     legacy_login_mask:   
       enabled:              False                                                   # If true, then legacy  login mask is shown. Otherwise just SSO
     container:
       application:          "nextcloud-application"                                 # Nextcloud application container name
       proxy:                "nextcloud-web"                                         # Nextcloud Proxy Container Name
+    performance:
+      php:
+        memory_limit:               "{{ ((ansible_memtotal_mb | int) / 30)|int }}M" # Dynamic set memory limit
+        upload_limit:               "5G"                                            # Set upload limit to 5GB for big media files
+        opcache_memory_consumption: "{{ ((ansible_memtotal_mb | int) / 30)|int }}M" # Dynamic set memory consumption
     plugins:                                                  
     # List for Nextcloud Plugin Routine
     # Decides if plugins should be activated or deactivated
@@ -434,7 +439,7 @@ defaults_applications:
         enabled: false # Deactivated because it let to bugs
       richdocuments:
         # Nextcloud Rich Documents: provides collaborative document editing capabilities (https://apps.nextcloud.com/apps/richdocuments)
-        enabled: true
+        enabled: false # @todo To set it default to true activate https://hub.docker.com/r/collabora/code before
       sociallogin:
         # Nextcloud social login: allows authentication using social networks (https://apps.nextcloud.com/apps/sociallogin)
         enabled:    "{{ _applications_nextcloud_oidc_flavor=='sociallogin' | lower }}"
@@ -443,7 +448,7 @@ defaults_applications:
           - oidc_login  # Will be disabled
       spreed:
         # Nextcloud Spreed: offers video conferencing and chat functionalities (https://apps.nextcloud.com/apps/spreed)
-        enabled: true
+        enabled: false # @todo to activate it first implement docker-coturn and activate it
       tables:
         # Nextcloud tables: allows creation and editing of tables within the interface (https://apps.nextcloud.com/apps/tables)
         enabled: true

roles/docker-nextcloud/tasks/main.yml

@@ -16,7 +16,8 @@
     owner:  "{{nextcloud_docker_user_id}}"
     group:  "{{nextcloud_docker_user_id}}"
   loop:     "{{ lookup('fileglob', role_path ~ '/templates/config/*.j2', wantlist=True) }}"
-  notify: docker compose restart
+  # Not all type of changes take instantly place. Due to this reason a rebuild is required.
+  notify: docker compose project setup
 
 - name: "include role for {{application_id}} to recieve certs & do modification routines"
   include_role:

roles/docker-nextcloud/templates/config/memcache.config.php.j2

@@ -4,10 +4,11 @@
 return array (
   # For single server setup APCu is recommended, for multi server setup Redis
   'memcache.local' => '\\OC\\Memcache\\{% if deployment_mode == "single" %}APCu{% else %}Redis{% endif %}',
-  'memcache.locking' => '\\OC\\Memcache\\Redis',
+  # The following lines are configured via the environment variables
-  'redis' =>
+  # 'memcache.locking' => '\\OC\\Memcache\\Redis',
-  array (
+  # 'redis' =>
-    'host' => 'redis',
+  # array (
-    'port' => 6379,
+  #   'host' => 'redis',
-  )
+  #   'port' => 6379,
+  # )
 );

roles/docker-nextcloud/templates/config/turnserver.config.php.j2.draft

@@ -1,6 +1,7 @@
 <?php
 # Activates the turn server
 # @see https://nextcloud-talk.readthedocs.io/en/latest/TURN/
+
 return 'turn_servers' => [
     [
         'host' => 'coturn',

roles/docker-nextcloud/templates/env.j2

@@ -7,8 +7,10 @@ MYSQL_USER=                 "{{database_username}}"
 MYSQL_PASSWORD=                 "{{database_password}}"
 MYSQL_HOST=                     "{{database_host}}:{{database_port}}"
       
-# Memory
+# PHP
-PHP_MEMORY_LIMIT=           1G # Required for plugin duplicate finder
+PHP_MEMORY_LIMIT=               "{{applications[application_id].perfomance.php.memory_limit}}"
+PHP_UPLOAD_LIMIT=               "{{applications[application_id].perfomance.php.upload_limit}}"
+PHP_OPCACHE_MEMORY_CONSUMPTION= "{{applications[application_id].perfomance.php.opcache_memory_consumption}}"
       
 # Email Configuration
 SMTP_HOST=                      {{system_email.host}}
@@ -25,4 +27,14 @@ MAIL_DOMAIN=                "{{system_email.domain}}"
 NEXTCLOUD_ADMIN_USER=           "{{applications[application_id].users.administrator.username}}"
 NEXTCLOUD_ADMIN_PASSWORD=       "{{applications[application_id].users.administrator.initial_password}}"
 
+# Security
+
 NEXTCLOUD_TRUSTED_DOMAINS=      "{{domains[application_id]}}"
+# Whitelist local docker gateway in Nextcloud to prevent brute-force throtteling
+TRUSTED_PROXIES=                "192.168.102.65"
+OVERWRITECLIURL=                "https://{{domains[application_id]}}"
+OVERWRITEPROTOCOL=              "https"
+
+# Redis Configuration
+REDIS_HOST=                     redis
+REDIS_PORT=                     6379

roles/docker-nextcloud/vars/system.yml

@@ -13,11 +13,3 @@ nextcloud_system_config:
 
   - parameter: "default_phone_region"
     value: "{{ locale | upper }}"
-
-  # Force https  
-  - parameter: "overwrite.cli.url"
-    value: "https://{{domains[application_id]}}"
-
-  # Force https
-  - parameter: "overwriteprotocol"
-    value: "https"

roles/nginx-docker-reverse-proxy/templates/proxy_pass.conf.j2

@@ -9,6 +9,7 @@ location {{location | default("/")}}
   # headers
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP $remote_addr;
+  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_set_header X-Forwarded-Proto $scheme;
   proxy_set_header X-Forwarded-Port 443;
   proxy_set_header Accept-Encoding "";