Nextcloud AIO
Nextcloud All-In-One Manual-Install
Manual-install statt Auto-install mit AIO-Webinterface, um Möglichkeiten wie admin-pw, container-versionen, SSE, S3 Primary Storage usw bearbeiten zu können und es zu einem späteren Zeitpunkt besser zu Kubernetes/Swarm übertragen zu können.
Quelle: https://github.com/nextcloud/all-in-one/tree/main/manual-install
Befehle
# nextcloud-aio repo klonen
git clone https://github.com/nextcloud/all-in-one.git
cd all-in-one/manual-install
# dateien umbenennen (damit sie beim updaten nicht überschrieben werden)
cp sample.conf .env
cp latest.yml compose.yaml
# bearbeiten
nano .env
nano compose.yaml
# mit docker hochfahren
# sudo docker compose --profile collabora --profile talk --profile talk-recording --profile clamav --profile imaginary --profile fulltextsearch --profile whiteboard up
docker compose --profile collabora --profile clamav --profile imaginary --profile fulltextsearch --profile whiteboard up -d --force-recreateResultierende Dateien
Eikes .env
Änderungen: Secrets & PWs, optionale Container enabled, Nextcloud PHP Memory auf 2048MB statt 512, Apache-Additional-Network für reverse-proxy von anderem server, skip-domain-validation für einfacheres debugging
# SECRETS UND PWs MIT 'openssl rand -hex 24' erstellen!
DATABASE_PASSWORD=c9ba4dc404 # TODO! This needs to be a unique and good password!
FULLTEXTSEARCH_PASSWORD=5a2e38d # TODO! This needs to be a unique and good password!
IMAGINARY_SECRET=b8e9d34b1 # TODO! This needs to be a unique and good password!
NC_DOMAIN=nextcloud.MEINEDOMAIN.de # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
NEXTCLOUD_PASSWORD=e1dae5 # TODO! This is the password of the initially created Nextcloud admin with username "admin".
ONLYOFFICE_SECRET=aaf8 # TODO! This needs to be a unique and good password!
RECORDING_SECRET=88ff5 # TODO! This needs to be a unique and good password!
REDIS_PASSWORD=0aaff3b99c # TODO! This needs to be a unique and good password!
SIGNALING_SECRET=98467 # TODO! This needs to be a unique and good password!
TALK_INTERNAL_SECRET=4d67b6 # TODO! This needs to be a unique and good password!
TIMEZONE=Europe/Berlin # TODO! This is the timezone that your containers will use.
TURN_SECRET=b1ebb03d63 # TODO! This needs to be a unique and good password!
WHITEBOARD_SECRET=d7135 # TODO! This needs to be a unique and good password!
CLAMAV_ENABLED="yes" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
COLLABORA_ENABLED="yes" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
FULLTEXTSEARCH_ENABLED="yes" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
IMAGINARY_ENABLED="yes" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
ONLYOFFICE_ENABLED="no" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
TALK_ENABLED="no" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
TALK_RECORDING_ENABLED="no" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
WHITEBOARD_ENABLED="yes" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
APACHE_IP_BINDING=0.0.0.0 # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) and if that is running on the same host and using localhost to connect
APACHE_MAX_SIZE=17179869184 # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
APACHE_PORT=11000 # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else).
ADDITIONAL_COLLABORA_OPTIONS=['--o:security.seccomp=true'] # You can add additional collabora options here by using the array syntax.
COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru" # You can change this in order to enable other dictionaries for collabora
FULLTEXTSEARCH_JAVA_OPTIONS="-Xms512M -Xmx512M" # Allows to adjust the fulltextsearch java options.
INSTALL_LATEST_MAJOR=no # Setting this to yes will install the latest Major Nextcloud version upon the first installation
NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.
NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.
NEXTCLOUD_DATADIR=nextcloud_aio_nextcloud_data # You can change this to e.g. "/mnt/ncdata" to map it to a location on your host. It needs to be adjusted before the first startup and never afterwards!
NEXTCLOUD_MAX_TIME=3600 # This allows to change the upload time limit of the Nextcloud container
NEXTCLOUD_MEMORY_LIMIT=2048M # This allows to change the PHP memory limit of the Nextcloud container
NEXTCLOUD_MOUNT=/mnt/ # This allows the Nextcloud container to access directories on the host. It must never be equal to the value of NEXTCLOUD_DATADIR!
NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes" # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.
NEXTCLOUD_UPLOAD_LIMIT=16G # This allows to change the upload limit of the Nextcloud container
REMOVE_DISABLED_APPS=no # Setting this to no keep Nextcloud apps that are disabled via their switch and not uninstall them if they should be installed in Nextcloud.
TALK_PORT=3478 # This allows to adjust the port that the talk container is using. It should be set to something higher than 1024! Otherwise it might not work!
UPDATE_NEXTCLOUD_APPS="no" # When setting to "yes" (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.
APACHE_ADDITIONAL_NETWORK=""
SKIP_DOMAIN_VALIDATION=trueEikes compose.yaml
(Änderungen: eigentlich nur name: nc ganz oben, damit das Docker-Stack nicht nach dem Ordner 'manual-install' benannt wird)
name: nc
services:
nextcloud-aio-apache:
depends_on:
nextcloud-aio-onlyoffice:
condition: service_started
required: false
nextcloud-aio-collabora:
condition: service_started
required: false
nextcloud-aio-talk:
condition: service_started
required: false
nextcloud-aio-nextcloud:
condition: service_started
required: false
nextcloud-aio-notify-push:
condition: service_started
required: false
nextcloud-aio-whiteboard:
condition: service_started
required: false
image: ghcr.io/nextcloud-releases/aio-apache:latest
user: "33"
init: true
healthcheck:
start_period: 0s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 3
ports:
- ${APACHE_IP_BINDING}:${APACHE_PORT}:${APACHE_PORT}/tcp
- ${APACHE_IP_BINDING}:${APACHE_PORT}:${APACHE_PORT}/udp
environment:
- NC_DOMAIN
- NEXTCLOUD_HOST=nextcloud-aio-nextcloud
- APACHE_HOST=nextcloud-aio-apache
- COLLABORA_HOST=nextcloud-aio-collabora
- TALK_HOST=nextcloud-aio-talk
- APACHE_PORT
- ONLYOFFICE_HOST=nextcloud-aio-onlyoffice
- TZ=${TIMEZONE}
- APACHE_MAX_SIZE
- APACHE_MAX_TIME=${NEXTCLOUD_MAX_TIME}
- NOTIFY_PUSH_HOST=nextcloud-aio-notify-push
- WHITEBOARD_HOST=nextcloud-aio-whiteboard
volumes:
- nextcloud_aio_nextcloud:/var/www/html:ro
- nextcloud_aio_apache:/mnt/data:rw
restart: unless-stopped
read_only: true
tmpfs:
- /var/log/supervisord
- /var/run/supervisord
- /usr/local/apache2/logs
- /tmp
- /home/www-data
cap_drop:
- NET_RAW
nextcloud-aio-database:
image: ghcr.io/nextcloud-releases/aio-postgresql:latest
user: "999"
init: true
healthcheck:
start_period: 0s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 3
expose:
- "5432"
volumes:
- nextcloud_aio_database:/var/lib/postgresql/data:rw
- nextcloud_aio_database_dump:/mnt/data:rw
environment:
- POSTGRES_PASSWORD=${DATABASE_PASSWORD}
- POSTGRES_DB=nextcloud_database
- POSTGRES_USER=nextcloud
- TZ=${TIMEZONE}
- PGTZ=${TIMEZONE}
stop_grace_period: 1800s
restart: unless-stopped
shm_size: 268435456
read_only: true
tmpfs:
- /var/run/postgresql
cap_drop:
- NET_RAW
nextcloud-aio-nextcloud:
depends_on:
nextcloud-aio-database:
condition: service_started
required: false
nextcloud-aio-redis:
condition: service_started
required: false
nextcloud-aio-clamav:
condition: service_started
required: false
nextcloud-aio-fulltextsearch:
condition: service_started
required: false
nextcloud-aio-talk-recording:
condition: service_started
required: false
nextcloud-aio-imaginary:
condition: service_started
required: false
image: ghcr.io/nextcloud-releases/aio-nextcloud:latest
init: true
healthcheck:
start_period: 0s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 3
expose:
- "9000"
- "9001"
volumes:
- nextcloud_aio_nextcloud:/var/www/html:rw
- ${NEXTCLOUD_DATADIR}:/mnt/ncdata:rw
- ${NEXTCLOUD_MOUNT}:${NEXTCLOUD_MOUNT}:rw
- ${NEXTCLOUD_TRUSTED_CACERTS_DIR}:/usr/local/share/ca-certificates:ro
environment:
- NEXTCLOUD_HOST=nextcloud-aio-nextcloud
- POSTGRES_HOST=nextcloud-aio-database
- POSTGRES_PORT=5432
- POSTGRES_PASSWORD=${DATABASE_PASSWORD}
- POSTGRES_DB=nextcloud_database
- POSTGRES_USER=nextcloud
- REDIS_HOST=nextcloud-aio-redis
- REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
- APACHE_HOST=nextcloud-aio-apache
- APACHE_PORT
- NC_DOMAIN
- ADMIN_USER=admin
- ADMIN_PASSWORD=${NEXTCLOUD_PASSWORD}
- NEXTCLOUD_DATA_DIR=/mnt/ncdata
- OVERWRITEHOST=${NC_DOMAIN}
- OVERWRITEPROTOCOL=https
- TURN_SECRET
- SIGNALING_SECRET
- ONLYOFFICE_SECRET
- NEXTCLOUD_MOUNT
- CLAMAV_ENABLED
- CLAMAV_HOST=nextcloud-aio-clamav
- ONLYOFFICE_ENABLED
- COLLABORA_ENABLED
- COLLABORA_HOST=nextcloud-aio-collabora
- TALK_ENABLED
- ONLYOFFICE_HOST=nextcloud-aio-onlyoffice
- UPDATE_NEXTCLOUD_APPS
- TZ=${TIMEZONE}
- TALK_PORT
- IMAGINARY_ENABLED
- IMAGINARY_HOST=nextcloud-aio-imaginary
- CLAMAV_MAX_SIZE=${APACHE_MAX_SIZE}
- PHP_UPLOAD_LIMIT=${NEXTCLOUD_UPLOAD_LIMIT}
- PHP_MEMORY_LIMIT=${NEXTCLOUD_MEMORY_LIMIT}
- FULLTEXTSEARCH_ENABLED
- FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch
- PHP_MAX_TIME=${NEXTCLOUD_MAX_TIME}
- TRUSTED_CACERTS_DIR=${NEXTCLOUD_TRUSTED_CACERTS_DIR}
- STARTUP_APPS=${NEXTCLOUD_STARTUP_APPS}
- ADDITIONAL_APKS=${NEXTCLOUD_ADDITIONAL_APKS}
- ADDITIONAL_PHP_EXTENSIONS=${NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS}
- INSTALL_LATEST_MAJOR
- TALK_RECORDING_ENABLED
- RECORDING_SECRET
- TALK_RECORDING_HOST=nextcloud-aio-talk-recording
- FULLTEXTSEARCH_PASSWORD
- REMOVE_DISABLED_APPS
- IMAGINARY_SECRET
- WHITEBOARD_SECRET
- WHITEBOARD_ENABLED
stop_grace_period: 600s
restart: unless-stopped
cap_drop:
- NET_RAW
nextcloud-aio-notify-push:
image: ghcr.io/nextcloud-releases/aio-notify-push:latest
user: "33"
init: true
healthcheck:
start_period: 0s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 3
expose:
- "7867"
volumes:
- nextcloud_aio_nextcloud:/nextcloud:ro
environment:
- NC_DOMAIN
- NEXTCLOUD_HOST=nextcloud-aio-nextcloud
- TZ=${TIMEZONE}
- REDIS_HOST=nextcloud-aio-redis
- REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
- POSTGRES_HOST=nextcloud-aio-database
- POSTGRES_PORT=5432
- POSTGRES_PASSWORD=${DATABASE_PASSWORD}
- POSTGRES_DB=nextcloud_database
- POSTGRES_USER=nextcloud
restart: unless-stopped
read_only: true
cap_drop:
- NET_RAW
nextcloud-aio-redis:
image: ghcr.io/nextcloud-releases/aio-redis:latest
user: "999"
init: true
healthcheck:
start_period: 0s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 3
expose:
- "6379"
environment:
- REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
- TZ=${TIMEZONE}
volumes:
- nextcloud_aio_redis:/data:rw
restart: unless-stopped
read_only: true
cap_drop:
- NET_RAW
nextcloud-aio-collabora:
command: ${ADDITIONAL_COLLABORA_OPTIONS}
image: ghcr.io/nextcloud-releases/aio-collabora:latest
init: true
healthcheck:
start_period: 60s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 9
expose:
- "9980"
environment:
- aliasgroup1=https://${NC_DOMAIN}:443
- extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
- dictionaries=${COLLABORA_DICTIONARIES}
- TZ=${TIMEZONE}
- server_name=${NC_DOMAIN}
- DONT_GEN_SSL_CERT=1
restart: unless-stopped
profiles:
- collabora
cap_add:
- MKNOD
- SYS_ADMIN
cap_drop:
- NET_RAW
nextcloud-aio-talk:
image: ghcr.io/nextcloud-releases/aio-talk:latest
user: "1000"
init: true
healthcheck:
start_period: 0s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 3
ports:
- ${TALK_PORT}:${TALK_PORT}/tcp
- ${TALK_PORT}:${TALK_PORT}/udp
expose:
- "8081"
environment:
- NC_DOMAIN
- TALK_HOST=nextcloud-aio-talk
- TURN_SECRET
- SIGNALING_SECRET
- TZ=${TIMEZONE}
- TALK_PORT
- INTERNAL_SECRET=${TALK_INTERNAL_SECRET}
restart: unless-stopped
profiles:
- talk
- talk-recording
read_only: true
tmpfs:
- /var/log/supervisord
- /var/run/supervisord
- /opt/eturnal/run
- /conf
- /tmp
cap_drop:
- NET_RAW
nextcloud-aio-talk-recording:
image: ghcr.io/nextcloud-releases/aio-talk-recording:latest
user: "122"
init: true
healthcheck:
start_period: 0s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 3
expose:
- "1234"
environment:
- NC_DOMAIN
- TZ=${TIMEZONE}
- RECORDING_SECRET
- INTERNAL_SECRET=${TALK_INTERNAL_SECRET}
volumes:
- nextcloud_aio_talk_recording:/tmp:rw
shm_size: 2147483648
restart: unless-stopped
profiles:
- talk-recording
read_only: true
tmpfs:
- /conf
cap_drop:
- NET_RAW
nextcloud-aio-clamav:
image: ghcr.io/nextcloud-releases/aio-clamav:latest
user: "100"
init: false
healthcheck:
start_period: 60s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 9
expose:
- "3310"
environment:
- TZ=${TIMEZONE}
- MAX_SIZE=${NEXTCLOUD_UPLOAD_LIMIT}
volumes:
- nextcloud_aio_clamav:/var/lib/clamav:rw
restart: unless-stopped
profiles:
- clamav
read_only: true
tmpfs:
- /tmp
- /var/log/clamav
- /run/clamav
- /var/log/supervisord
- /var/run/supervisord
cap_drop:
- NET_RAW
nextcloud-aio-onlyoffice:
image: ghcr.io/nextcloud-releases/aio-onlyoffice:latest
init: true
healthcheck:
start_period: 60s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 9
expose:
- "80"
environment:
- TZ=${TIMEZONE}
- JWT_ENABLED=true
- JWT_HEADER=AuthorizationJwt
- JWT_SECRET=${ONLYOFFICE_SECRET}
volumes:
- nextcloud_aio_onlyoffice:/var/lib/onlyoffice:rw
restart: unless-stopped
profiles:
- onlyoffice
cap_drop:
- NET_RAW
nextcloud-aio-imaginary:
image: ghcr.io/nextcloud-releases/aio-imaginary:latest
user: "65534"
init: true
healthcheck:
start_period: 0s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 3
expose:
- "9000"
environment:
- TZ=${TIMEZONE}
- IMAGINARY_SECRET
restart: unless-stopped
cap_add:
- SYS_NICE
cap_drop:
- NET_RAW
profiles:
- imaginary
read_only: true
tmpfs:
- /tmp
nextcloud-aio-fulltextsearch:
image: ghcr.io/nextcloud-releases/aio-fulltextsearch:latest
init: false
healthcheck:
start_period: 60s
test: /healthcheck.sh
interval: 10s
timeout: 5s
start_interval: 5s
retries: 5
expose:
- "9200"
environment:
- TZ=${TIMEZONE}
- ES_JAVA_OPTS=${FULLTEXTSEARCH_JAVA_OPTIONS}
- bootstrap.memory_lock=true
- cluster.name=nextcloud-aio
- discovery.type=single-node
- logger.org.elasticsearch.discovery=WARN
- http.port=9200
- xpack.license.self_generated.type=basic
- xpack.security.enabled=false
- FULLTEXTSEARCH_PASSWORD
volumes:
- nextcloud_aio_elasticsearch:/usr/share/elasticsearch/data:rw
restart: unless-stopped
profiles:
- fulltextsearch
cap_drop:
- NET_RAW
nextcloud-aio-whiteboard:
image: ghcr.io/nextcloud-releases/aio-whiteboard:latest
user: "65534"
init: true
healthcheck:
start_period: 0s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 3
expose:
- "3002"
tmpfs:
- /tmp
environment:
- TZ=${TIMEZONE}
- NEXTCLOUD_URL=https://${NC_DOMAIN}
- JWT_SECRET_KEY=${WHITEBOARD_SECRET}
- STORAGE_STRATEGY=redis
- REDIS_HOST=nextcloud-aio-redis
- REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
- BACKUP_DIR=/tmp
restart: unless-stopped
profiles:
- whiteboard
read_only: true
cap_drop:
- NET_RAW
volumes:
nextcloud_aio_apache:
name: nextcloud_aio_apache
nextcloud_aio_clamav:
name: nextcloud_aio_clamav
nextcloud_aio_database:
name: nextcloud_aio_database
nextcloud_aio_database_dump:
name: nextcloud_aio_database_dump
nextcloud_aio_elasticsearch:
name: nextcloud_aio_elasticsearch
nextcloud_aio_nextcloud:
name: nextcloud_aio_nextcloud
nextcloud_aio_onlyoffice:
name: nextcloud_aio_onlyoffice
nextcloud_aio_redis:
name: nextcloud_aio_redis
nextcloud_aio_talk_recording:
name: nextcloud_aio_talk_recording
nextcloud_aio_nextcloud_data:
name: nextcloud_aio_nextcloud_data
networks:
default:
driver: bridge