Compare commits

..

No commits in common. "dfc0dbbffa13430f4bb938be52c9d49f85af22af" and "7eee1748ccfc0f692c1ab8c66e18975ff4cbf74c" have entirely different histories.

15 changed files with 34 additions and 78 deletions

View File

@ -1,11 +1,12 @@
- name: "reload pull-remote-backups service" - name: "reload pull-remote-backups service"
systemd: systemd:
name: pull-remote-backups.service name: pull-remote-backups.service
state: reloaded
enabled: yes enabled: yes
daemon_reload: yes daemon_reload: yes
- name: "restart pull-remote-backups timer" - name: "restart pull-remote-backups timer"
systemd: systemd:
name: pull-remote-backups.timer name: pull-remote-backups.timer
state: started state: restarted
enabled: yes enabled: yes
daemon_reload: yes daemon_reload: yes

View File

@ -2,4 +2,3 @@ dependencies:
- git - git
- systemd_notifier - systemd_notifier
- backups-cleanup-timer - backups-cleanup-timer
- docker-volume-backup-cleanup

View File

@ -1,6 +1,6 @@
[Unit] [Unit]
Description=pull remote backups Description=pull remote backups
OnFailure=systemd-notifier@%n.service docker-volume-backup-cleanup.service OnFailure=systemd-notifier@%n.service
[Service] [Service]
Type=oneshot Type=oneshot

View File

@ -1,21 +1,18 @@
# role docker-nextcloud # role docker-nextcloud
## modify config ## precondition
Enter container:
```bash Before executing cli commands the following variable needs to be set:
docker-compose exec -it application /bin/sh
```
Afterwards modify config:
```bash ```bash
apk add --no-cache nano && nano config/config.php NEXTCLOUD_APPLICATION_DOCKER_CONTAINER=nextcloud-application-1
``` ```
## update ## update
To update the nextcloud container execute the following commands on the server: To update the nextcloud container execute the following commands on the server:
```bash ```bash
docker-compose exec -it -u www-data application /var/www/html/occ maintenance:mode --on && docker exec -it -u www-data $NEXTCLOUD_APPLICATION_DOCKER_CONTAINER /var/www/html/occ maintenance:mode --on &&
export COMPOSE_HTTP_TIMEOUT=600 && export COMPOSE_HTTP_TIMEOUT=600 &&
export DOCKER_CLIENT_TIMEOUT=600 && export DOCKER_CLIENT_TIMEOUT=600 &&
docker-compose down docker-compose down
@ -30,27 +27,27 @@ Wait for the update to finish.
You can verify that the update is finished by checking the following logs: You can verify that the update is finished by checking the following logs:
```bash ```bash
docker-compose logs application docker logs $NEXTCLOUD_APPLICATION_DOCKER_CONTAINER
``` ```
and and
```bash ```bash
docker-compose exec -it application top docker exec -it $NEXTCLOUD_APPLICATION_DOCKER_CONTAINER top
``` ```
If nextcloud stays in the maintenance mode after the update try the following: If nextcloud stays in the maintenance mode after the update try the following:
```bash ```bash
docker-compose exec -it -u www-data application /var/www/html/occ maintenance:mode --on docker exec -it -u www-data $NEXTCLOUD_APPLICATION_DOCKER_CONTAINER /var/www/html/occ maintenance:mode --on
docker-compose exec -it -u www-data application /var/www/html/occ upgrade docker exec -it -u www-data $NEXTCLOUD_APPLICATION_DOCKER_CONTAINER /var/www/html/occ upgrade
docker-compose exec -it -u www-data application /var/www/html/occ maintenance:mode --off docker exec -it -u www-data $NEXTCLOUD_APPLICATION_DOCKER_CONTAINER /var/www/html/occ maintenance:mode --off
``` ```
If the update process fails execute If the update process fails execute
```bash ```bash
docker-compose exec -it -u www-data application /var/www/html/occ maintenance:repair docker exec -it -u www-data $NEXTCLOUD_APPLICATION_DOCKER_CONTAINER /var/www/html/occ maintenance:repair
``` ```
and disable the not functioning apps. and disable the not functioning apps.
@ -59,7 +56,7 @@ and disable the not functioning apps.
```bash ```bash
cd {{path_docker_compose_files}}nextcloud && cd {{path_docker_compose_files}}nextcloud &&
docker-compose down && docker-compose down &&
docker-compose exec -i database mysql -u nextcloud -pPASSWORT nextcloud < "/Backups/$(sha256sum /etc/machine-id | head -c 64)/docker-volume-backup/latest/nextcloud_database/sql/backup.sql" && docker exec -i nextcloud_database_1 mysql -u nextcloud -pPASSWORT nextcloud < "/Backups/$(sha256sum /etc/machine-id | head -c 64)/docker-volume-backup/latest/nextcloud_database/sql/backup.sql" &&
cd {{path_administrator_scripts}}docker-volume-backup && cd {{path_administrator_scripts}}docker-volume-backup &&
bash ./docker-volume-recover.sh "nextcloud_data" "$(sha256sum /etc/machine-id | head -c 64)" bash ./docker-volume-recover.sh "nextcloud_data" "$(sha256sum /etc/machine-id | head -c 64)"
``` ```
@ -68,12 +65,12 @@ bash ./docker-volume-recover.sh "nextcloud_data" "$(sha256sum /etc/machine-id |
### database access ### database access
To access the database execute To access the database execute
```bash ```bash
docker-compose exec -it database mysql -u nextcloud -D nextcloud -p docker exec -it nextcloud_database_1 mysql -u nextcloud -D nextcloud -p
``` ```
### recreate database with new volume: ### recreate database with new volume:
```bash ```bash
docker-compose run --detach --name database --env MYSQL_USER="nextcloud" --env MYSQL_PASSWORD=PASSWORD --env MYSQL_ROOT_PASSWORD=PASSWORD --env MYSQL_DATABASE="nextcloud" -v nextcloud_database:/var/lib/mysql docker run --detach --name nextcloud_database_1 --env MYSQL_USER="nextcloud" --env MYSQL_PASSWORD=PASSWORD --env MYSQL_ROOT_PASSWORD=PASSWORD --env MYSQL_DATABASE="nextcloud" -v nextcloud_database:/var/lib/mysql
``` ```
The process can be checked with: The process can be checked with:
@ -87,7 +84,7 @@ show processlist;
To use occ run: To use occ run:
```bash ```bash
docker-compose exec -it -u www-data application /var/www/html/occ docker exec -it -u www-data $NEXTCLOUD_APPLICATION_DOCKER_CONTAINER /var/www/html/occ
``` ```
## app relevant tables ## app relevant tables
@ -97,14 +94,14 @@ To use occ run:
### initialize duplicates ### initialize duplicates
```bash ```bash
docker-compose exec -it -u www-data application /var/www/html/occ duplicates:find-all --output sudo docker exec -it -u www-data $NEXTCLOUD_APPLICATION_DOCKER_CONTAINER /var/www/html/occ duplicates:find-all --output
``` ```
### unlock files ### unlock files
```bash ```bash
docker-compose exec -it -u www-data application /var/www/html/occ maintenance:mode --on docker exec -it -u www-data $NEXTCLOUD_APPLICATION_DOCKER_CONTAINER /var/www/html/occ maintenance:mode --on
docker-compose exec -it nextcloud_database_1 mysql -u nextcloud -pPASSWORD1234132 -D nextcloud -e "delete from oc_file_locks where 1" docker exec -it nextcloud_database_1 mysql -u nextcloud -pPASSWORD1234132 -D nextcloud -e "delete from oc_file_locks where 1"
docker-compose exec -it -u www-data application /var/www/html/occ maintenance:mode --off docker exec -it -u www-data $NEXTCLOUD_APPLICATION_DOCKER_CONTAINER /var/www/html/occ maintenance:mode --off
``` ```
## architecture ## architecture
@ -115,7 +112,7 @@ Until NC24 MariaDB version has to be used.
### 504 Gateway Timeout ### 504 Gateway Timeout
```bash ```bash
docker-compose logs web --tail 1000 | grep 504 docker logs nextcloud_web_1 --tail 1000 | grep 504
``` ```
#### See #### See

View File

@ -7,9 +7,6 @@ server
# Remove X-Powered-By, which is an information leak # Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By; fastcgi_hide_header X-Powered-By;
# Set X-Robots-Tag to noindex, nofollow on all responses
add_header X-Robots-Tag "noindex, nofollow";
# set max upload size # set max upload size
client_max_body_size 10G; client_max_body_size 10G;
client_body_buffer_size 400M; client_body_buffer_size 400M;

View File

@ -61,13 +61,13 @@ http {
#pagespeed off; #pagespeed off;
# HTTP response headers borrowed from Nextcloud `.htaccess` # HTTP response headers borrowed from Nextcloud `.htaccess`
add_header Referrer-Policy "no-referrer" always; add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always; add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always; add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "noindex, nofollow" always; add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always; add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak # Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By; fastcgi_hide_header X-Powered-By;

View File

@ -1,3 +0,0 @@
# Docker Volume Backup Cleanup
This script cleans up failed docker backups.
It uses https://github.com/kevinveenbirkenbach/docker-volume-backup-cleanup as base.

View File

@ -1,5 +0,0 @@
- name: "reload docker-volume-backup-cleanup.service daemon"
systemd:
name: docker-volume-backup-cleanup.service
enabled: yes
daemon_reload: yes

View File

@ -1,3 +0,0 @@
dependencies:
- git
- systemd_notifier

View File

@ -1,18 +0,0 @@
- name: pull docker-volume-backup-cleanup.git
git:
repo: "https://github.com/kevinveenbirkenbach/docker-volume-backup-cleanup.git"
dest: "{{docker_volume_backup_cleanup_folder}}"
update: yes
register: git_result
ignore_errors: true
- name: Warn if repo is not reachable
debug:
msg: "Warning: Repository is not reachable."
when: git_result.failed
- name: configure docker-volume-backup-cleanup.service
template:
src: docker-volume-backup-cleanup.service.j2
dest: /etc/systemd/system/docker-volume-backup-cleanup.service
notify: reload docker-volume-backup-cleanup.service daemon

View File

@ -1,7 +0,0 @@
[Unit]
Description=Cleans up failed docker volume backups
OnFailure=systemd-notifier@%n.service
[Service]
Type=oneshot
ExecStart=/bin/sh -c '/usr/bin/yes | /usr/bin/bash {{docker_volume_backup_cleanup_folder}}cleanup.sh {{docker_volume_backup_cleanup_machine_id}} {{docker_volume_backup_cleanup_trigger_directory}}'

View File

@ -1 +0,0 @@
docker_volume_backup_cleanup_folder: "{{path_administrator_scripts}}docker-volume-backup-cleanup/"

View File

@ -1,12 +1,12 @@
- name: "reload docker-volume-backup.service" - name: "reload docker-volume-backup.service"
systemd: systemd:
name: docker-volume-backup.service name: docker-volume-backup.service
state: reloaded
enabled: yes enabled: yes
daemon_reload: yes daemon_reload: yes
- name: "restart docker-volume-backup.timer" - name: "restart docker-volume-backup.timer"
systemd: systemd:
name: docker-volume-backup.timer name: docker-volume-backup.timer
state: started state: restarted
enabled: yes enabled: yes
daemon_reload: yes daemon_reload: yes

View File

@ -2,4 +2,3 @@ dependencies:
- git - git
- backups-provider - backups-provider
- systemd_notifier - systemd_notifier
- docker-volume-backup-cleanup

View File

@ -1,6 +1,6 @@
[Unit] [Unit]
Description=docker volume backup Description=docker volume backup
OnFailure=systemd-notifier@%n.service docker-volume-backup-cleanup.service OnFailure=systemd-notifier@%n.service
[Service] [Service]
Type=oneshot Type=oneshot