diff --git a/roles/docker-nextcloud/README.md b/roles/docker-nextcloud/README.md index 9dc756a8..60632b05 100644 --- a/roles/docker-nextcloud/README.md +++ b/roles/docker-nextcloud/README.md @@ -1,61 +1,71 @@ -# role docker-nextcloud +# Docker Nextcloud Role πŸš€ -## modify config -Enter container: +This repository contains an Ansible role for deploying and managing [Nextcloud](https://nextcloud.com/) using [Docker](https://www.docker.com/). It covers configuration modifications, updates, backups, database management, and more. Additionally, OIDC (OpenID Connect) is supported (for example, via **Keycloak**). + +> **Developed by:** Kevin Veen-Birkenbach +> **Website:** [https://www.veen.world/](https://www.veen.world/) +> +> *This README.md was created with the help of [ChatGPT](https://chatgpt.com/share/67a5312c-7248-800f-ae27-0288c1c82f1d).* + +--- + +## Modify Config πŸ”§ + +### Enter the Container ```bash - docker-compose exec -it application /bin/sh +docker-compose exec -it application /bin/sh ``` -Afterwards modify config: +### Modify the Configuration +Inside the container, install a text editor and edit the config: ```bash apk add --no-cache nano && nano config/config.php ``` -## update +--- -To update the nextcloud container execute the following commands on the server: +## Update πŸ”„ + +To update the Nextcloud container, execute the following commands on the server: ```bash - docker-compose exec -it -u www-data application /var/www/html/occ maintenance:mode --on && - export COMPOSE_HTTP_TIMEOUT=600 && - export DOCKER_CLIENT_TIMEOUT=600 && - docker-compose down +docker-compose exec -it -u www-data application /var/www/html/occ maintenance:mode --on && +export COMPOSE_HTTP_TIMEOUT=600 && +export DOCKER_CLIENT_TIMEOUT=600 && +docker-compose down ``` -Afterwards update the ***applications.nextcloud.version*** variable to the next version and run the this repository with this ansible role. +Afterwards, update the ***applications.nextcloud.version*** variable to the next version and run this repository with this Ansible role. -It is only possible to update from one to the next major version at a time - -Wait for the update to finish. - -You can verify that the update is finished by checking the following logs: +> **Note:** +> It is only possible to update from one to the next major version at a time. +> Wait for the update to finish. +Verify the update by checking the logs: ```bash docker-compose logs application ``` - and - ```bash docker-compose exec -it application top ``` -If nextcloud stays in the maintenance mode after the update try the following: - +If Nextcloud remains in maintenance mode after the update, try the following: ```bash - docker-compose exec -it -u www-data application /var/www/html/occ maintenance:mode --on - docker-compose exec -it -u www-data application /var/www/html/occ upgrade - docker-compose exec -it -u www-data application /var/www/html/occ maintenance:mode --off +docker-compose exec -it -u www-data application /var/www/html/occ maintenance:mode --on +docker-compose exec -it -u www-data application /var/www/html/occ upgrade +docker-compose exec -it -u www-data application /var/www/html/occ maintenance:mode --off ``` -If the update process fails execute - +If the update process fails, execute: ```bash - docker-compose exec -it -u www-data application /var/www/html/occ maintenance:repair --include-expensive +docker-compose exec -it -u www-data application /var/www/html/occ maintenance:repair --include-expensive ``` +and disable any non-functioning apps. -and disable the not functioning apps. +--- + +## Recover Latest Backup πŸ’Ύ -## recover latest backup ```bash cd {{path_docker_compose_instances}}nextcloud && docker-compose down && @@ -64,77 +74,99 @@ cd {{path_administrator_scripts}}backup-docker-to-local && bash ./recover-docker-from-local.sh "nextcloud_data" "$(sha256sum /etc/machine-id | head -c 64)" ``` -## database -### database access -To access the database execute +--- + +## Database Management πŸ—„οΈ + +### Database Access +To access the database, execute: ```bash - docker-compose exec -it database mysql -u nextcloud -D nextcloud -p +docker-compose exec -it database mysql -u nextcloud -D nextcloud -p ``` -### recreate database with new volume: +### Recreate Database with New Volume ```bash docker-compose run --detach --name database --env MYSQL_USER="nextcloud" --env MYSQL_PASSWORD=PASSWORD --env MYSQL_ROOT_PASSWORD=PASSWORD --env MYSQL_DATABASE="nextcloud" -v nextcloud_database:/var/lib/mysql ``` -The process can be checked with: - -```bash +Check the process with: +```sql show processlist; ``` -## occ +--- -To use occ run: +## OCC (Nextcloud Command Line) πŸ”§ +To use OCC, run: ```bash - docker-compose exec -it -u www-data application /var/www/html/occ +docker-compose exec -it -u www-data application /var/www/html/occ ``` -## app relevant tables -- oc_appconfig -- oc_migrations +--- -### initialize duplicates +## App Relevant Tables πŸ—ƒοΈ +- `oc_appconfig` +- `oc_migrations` + +### Initialize Duplicates ```bash - docker-compose exec -it -u www-data application /var/www/html/occ duplicates:find-all --output +docker-compose exec -it -u www-data application /var/www/html/occ duplicates:find-all --output ``` -### unlock files +### Unlock Files ```bash - docker-compose exec -it -u www-data application /var/www/html/occ maintenance:mode --on - docker-compose exec -it nextcloud_database_1 mysql -u nextcloud -pPASSWORD1234132 -D nextcloud -e "delete from oc_file_locks where 1" - docker-compose exec -it -u www-data application /var/www/html/occ maintenance:mode --off +docker-compose exec -it -u www-data application /var/www/html/occ maintenance:mode --on +docker-compose exec -it nextcloud_database_1 mysql -u nextcloud -pPASSWORD1234132 -D nextcloud -e "delete from oc_file_locks where 1" +docker-compose exec -it -u www-data application /var/www/html/occ maintenance:mode --off ``` -## architecture -### Maria DB -Until NC24 MariaDB version has to be used. +--- -## performance -### 504 Gateway Timeout +## Architecture + +### MariaDB +Until Nextcloud 24, the MariaDB version must be used. + +--- + +## Performance: 504 Gateway Timeout ⏱️ ```bash - docker-compose logs web --tail 1000 | grep 504 +docker-compose logs web --tail 1000 | grep 504 ``` -#### See -- https://support.f5.com/csp/article/K48373902 -- https://github.com/nextcloud/server/issues/25436 -- https://help.nextcloud.com/t/update-to-next-cloud-21-0-2-has-get-an-error/117028/23?page=2 -- https://serverfault.com/questions/178671/nginx-php-fpm-504-gateway-time-out-error-with-almost-zero-load-on-a-test-se -- https://help.nextcloud.com/t/solved-manual-lemp-install-php-fpm-timing-out/39070 +#### See: +- [F5 Support: K48373902](https://support.f5.com/csp/article/K48373902) +- [Nextcloud Server Issue #25436](https://github.com/nextcloud/server/issues/25436) +- [Nextcloud 21.0.2 Update Error](https://help.nextcloud.com/t/update-to-next-cloud-21-0-2-has-get-an-error/117028/23?page=2) +- [ServerFault: Nginx PHP-FPM 504 Error](https://serverfault.com/questions/178671/nginx-php-fpm-504-gateway-time-out-error-with-almost-zero-load-on-a-test-se) +- [Manual LEMP Install Timeout](https://help.nextcloud.com/t/solved-manual-lemp-install-php-fpm-timing-out/39070) -## further information -- https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml -- https://goneuland.de/nextcloud-upgrade-auf-neue-versionen-mittels-docker/ -- https://help.nextcloud.com/t/cant-start-nextcloud-because-the-version-of-the-data-is-higher-than-the-docker-image-version-and-downgrading-is-not-supported/109438 -- https://github.com/nextcloud/docker/issues/1302 -- https://help.nextcloud.com/t/update-to-22-failed-with-database-error-updated/120682 -- https://help.nextcloud.com/t/nc-update-to-21-0-0-beta1-exception-database-error/101124/4 -- https://wolfgang.gassler.org/reset-password-mariadb-mysql-docker/ -- https://unix.stackexchange.com/questions/478855/ansible-docker/container/and-depends-on -- https://github.com/gdiepen/docker-convenience-scripts -- https://help.nextcloud.com/t/several-issues-after-upgrading-to-nextcloud-21/113118/3 -- https://forum.openmediavault.org/index.php?thread/31782-docker-nextcloud-talk-plugin-and-turnserver/ -- https://help.nextcloud.com/t/nextcloud-talk-im-docker/container/turn-server-auf-docker-host-kein-video/84133/10 +--- + +## Further Information ℹ️ + +- [Nextcloud Docker Example with Nginx Proxy, MariaDB, and FPM](https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml) +- [Nextcloud Upgrade via Docker by Goneuland](https://goneuland.de/nextcloud-upgrade-auf-neue-versionen-mittels-docker/) +- [Nextcloud Data Version Issue](https://help.nextcloud.com/t/cant-start-nextcloud-because-the-version-of-the-data-is-higher-than-the-docker-image-version-and-downgrading-is-not-supported/109438) +- [Nextcloud Docker Issue #1302](https://github.com/nextcloud/docker/issues/1302) +- [Update to Nextcloud 22 Failed Database Error](https://help.nextcloud.com/t/update-to-22-failed-with-database-error-updated/120682) +- [Nextcloud 21.0.0-beta1 Database Error](https://help.nextcloud.com/t/nc-update-to-21-0-0-beta1-exception-database-error/101124/4) +- [Reset Password for MariaDB/MySQL in Docker](https://wolfgang.gassler.org/reset-password-mariadb-mysql-docker/) +- [Ansible Docker Container and depends_on Issue](https://unix.stackexchange.com/questions/478855/ansible-docker/container/and-depends-on) +- [Docker Convenience Scripts by gdiepen](https://github.com/gdiepen/docker-convenience-scripts) +- [Issues After Upgrading to Nextcloud 21](https://help.nextcloud.com/t/several-issues-after-upgrading-to-nextcloud-21/113118/3) +- [Nextcloud Talk Plugin and Turnserver in Docker](https://forum.openmediavault.org/index.php?thread/31782-docker-nextcloud-talk-plugin-and-turnserver/) +- [Nextcloud Talk on Docker: Turn Server Issues](https://help.nextcloud.com/t/nextcloud-talk-im-docker/container/turn-server-auf-docker-host-kein-video/84133/10) + +--- + +## OIDC (OpenID Connect) Support πŸ” + +OIDC is supported in this roleβ€”for example, via **Keycloak**. OIDC-specific tasks are included when enabled, allowing integration of external authentication providers seamlessly. + +--- + +*Enjoy and happy containerizing! πŸ˜„* diff --git a/roles/docker-nextcloud/tasks/main.yml b/roles/docker-nextcloud/tasks/main.yml index 54d4e4c7..73be562e 100644 --- a/roles/docker-nextcloud/tasks/main.yml +++ b/roles/docker-nextcloud/tasks/main.yml @@ -32,7 +32,6 @@ force: yes notify: docker compose project setup -# @todo activate -#- name: Include OIDC-specific tasks if OIDC client is active -# include_tasks: oidc_tasks.yml -# when: oidc.enabled | bool +- name: Include OIDC-specific tasks if OIDC client is active + include_tasks: oidc_tasks.yml + when: oidc.enabled | bool diff --git a/roles/docker-nextcloud/tasks/oidc_tasks.yml b/roles/docker-nextcloud/tasks/oidc_tasks.yml index 7c09e14c..83f00c3d 100644 --- a/roles/docker-nextcloud/tasks/oidc_tasks.yml +++ b/roles/docker-nextcloud/tasks/oidc_tasks.yml @@ -6,28 +6,24 @@ - name: Set hide_login_form to true command: "docker exec -u www-data {{nextcloud_application_container_name}} /var/www/html/occ config:system:set --type boolean --value true hide_login_form" -- name: Set auth.webauthn.enabled to false - command: docker exec -u www-data {{nextcloud_application_container_name}} /var/www/html/occ config:system:set --type boolean --value false auth.webauthn.enabled" +- name: "Set auth.webauthn.enabled to false" + command: "docker exec -u www-data {{nextcloud_application_container_name}} /var/www/html/occ config:system:set --type boolean --value false auth.webauthn.enabled" - name: Set allow_login_connect to 1 - command: > - docker-compose exec -u www-data application /var/www/html/occ - config:app:set sociallogin allow_login_connect --value="1" + command: "docker exec -u www-data {{nextcloud_application_container_name}} /var/www/html/occ config:app:set sociallogin allow_login_connect --value='1'" # This configuration allows users to connect multiple accounts to their Nextcloud profile # using the sociallogin app. - name: Set custom_providers command: > - docker-compose exec -u www-data application /var/www/html/occ + docker exec -u www-data {{nextcloud_application_container_name}} /var/www/html/occ config:app:set sociallogin custom_providers - --value='{"custom_oidc":[{"name":"{{domains.keycloak}}","title":"keycloak","authorizeUrl":"{{oidc.client.authorize_url}}","tokenUrl":"{{oidc.client.toke_url}}","displayNameClaim":"","userInfoUrl":"{{oidc.client.user_info_url}}","logoutUrl":"{{oidc.client.logout_url}}","clientId":"{{oidc.client.id}}","clientSecret":"{{oidc.client.secret}}","scope":"openid","groupsClaim":"","style":"","defaultGroup":""}]}' + --value='{"custom_oidc":[{"name":"{{domains.keycloak}}","title":"keycloak","style":"keycloak","authorizeUrl":"{{oidc.client.authorize_url}}","tokenUrl":"{{oidc.client.toke_url}}","displayNameClaim":"","userInfoUrl":"{{oidc.client.user_info_url}}","logoutUrl":"{{oidc.client.logout_url}}","clientId":"{{oidc.client.id}}","clientSecret":"{{oidc.client.secret}}","scope":"openid","groupsClaim":"","style":"","defaultGroup":""}]}' # This configuration defines custom OpenID Connect (OIDC) providers for authentication. # In this case, it sets up a Keycloak provider with details like URLs for authorization, # token retrieval, user info, and logout, as well as the client ID and secret. - name: Set prevent_create_email_exists to 1 - command: > - docker-compose exec -u www-data application /var/www/html/occ - config:app:set sociallogin prevent_create_email_exists --value="1" + command: 'docker exec -u www-data {{nextcloud_application_container_name}} /var/www/html/occ config:app:set sociallogin prevent_create_email_exists --value="1"' # This configuration prevents the creation of new Nextcloud users if an account with the # same email address already exists in the system. It helps avoid duplicate accounts. \ No newline at end of file