mirror of
https://github.com/nextcloud/all-in-one.git
synced 2025-10-05 04:55:29 +08:00
Merge pull request #5945 from nextcloud/enh/5938/show-secret-in-interface
containers-schema: allow to specify ui-secret and show in aio interface
This commit is contained in:
Simon L.
GitHub
commit
1eebe6fd60
16 changed files with 42 additions and 4 deletions
|
|
@ -26,6 +26,7 @@
|
|||
"BORGBACKUP_VIEWER_PASSWORD",
|
||||
"BORGBACKUP_PASSWORD"
|
||||
],
|
||||
"ui_secret": "BORGBACKUP_VIEWER_PASSWORD",
|
||||
"volumes": [
|
||||
{
|
||||
"source": "nextcloud_aio_backup_cache",
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
This container allows to view the local borg repository in a web session. It also allows you to restore files and folders from the backup by using desktop programs in a web browser.
|
||||
|
||||
### Notes
|
||||
- After adding and starting the container, you need to visit `https://ip.address.of.this.server:5801` in order to log in with the user `nextcloud` and the password that you can retrieve when running `sudo docker inspect nextcloud-aio-borgbackup-viewer | grep WEB_AUTHENTICATION_PASSWORD`. (It uses a self-signed certificate, so you need to accept the warning).
|
||||
- After adding and starting the container, you need to visit `https://ip.address.of.this.server:5801` in order to log in with the user `nextcloud` and the password that you can see next to the container in the AIO interface. (The web page uses a self-signed certificate, so you need to accept the warning).
|
||||
- Then, you should see a terminal. There type in `borg mount /mnt/borgbackup/borg /tmp/borg` to mount the backup archive at `/tmp/borg` inside the container. Afterwards type in `nautilus /tmp/borg` which will show a file explorer and allows you to see all the files. You can then copy files and folders back to their initial mountpoints inside `/nextcloud_aio_volumes/`, `/host_mounts/` and `/docker_volumes/`. ⚠️ Be very carefully while doing that as can break your instance!
|
||||
- After you are done with the operation, click on the terminal in the background and press `[CTRL]+[c]` multiple times to close any open application. Then run `umount /tmp/borg` to unmount the mountpoint correctly.
|
||||
- You can also delete specific archives by running `borg list`, delete a specific archive e.g. via `borg delete --stats --progress "::20220223_174237-nextcloud-aio"` and compact the archives via `borg compact`. After doing so, make sure to update the backup archives list in the AIO interface! You can do so by clicking on the `Check backup integrity` button or `Create backup` button.
|
||||
|
|
|
|||
|
|
@ -27,6 +27,7 @@
|
|||
"LLDAP_JWT_SECRET",
|
||||
"LLDAP_LDAP_USER_PASS"
|
||||
],
|
||||
"ui_secret": "LLDAP_JWT_SECRET",
|
||||
"volumes": [
|
||||
{
|
||||
"source": "nextcloud_aio_lldap",
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ This container bundles LLDAP server and auto-configures your Nextcloud instance
|
|||
|
||||
### Notes
|
||||
- In order to access your LLDAP web interface outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) OR use the [Caddy](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy) community container that will automatically configure `ldap.$NC_DOMAIN` to redirect to your Lldap. You need to point the reverse proxy at port 17170 of this server.
|
||||
- After adding and starting the container, you can log in to the lldap web interface by using the username `admin` and the password that you can retrieve via `sudo docker inspect nextcloud-aio-lldap | grep LLDAP_JWT_SECRET`.
|
||||
- After adding and starting the container, you can log in to the lldap web interface by using the username `admin` and the secret that you can see next to the container in the AIO interface.
|
||||
- To configure Nextcloud, you can use the generic configuration proposed below.
|
||||
- For advanced configurations, see how to configure a client with lldap https://github.com/lldap/lldap#client-configuration
|
||||
- Also, see how Nextcloud's LDAP application works https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html
|
||||
|
|
|
|||
|
|
@ -50,6 +50,7 @@
|
|||
"secrets": [
|
||||
"MAKEMKV_PASSWORD"
|
||||
],
|
||||
"ui_secret": "MAKEMKV_PASSWORD",
|
||||
"backup_volumes": [
|
||||
"nextcloud_aio_makemkv"
|
||||
]
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ This container bundles MakeMKV and auto-configures it for you.
|
|||
- ⚠️ This container mounts all devices from the host inside the container in order to be able to access the external DVD/Blu-ray drives which is a security issue. However no better solution was found for the time being.
|
||||
- This container only works on Linux and not on Docker-Desktop.
|
||||
- This container requires the [`NEXTCLOUD_MOUNT` variable in AIO to be set](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host). Otherwise the output will not be saved correctly..
|
||||
- After adding and starting the container, you need to visit `https://internal.ip.of.server:5802` in order to log in with the `makemkv` user and the password that you can retrieve when running `sudo docker inspect nextcloud-aio-makemkv | grep WEB_AUTHENTICATION_PASSWORD`. (It uses a self-signed certificate, so you need to accept the warning).
|
||||
- After adding and starting the container, you need to visit `https://internal.ip.of.server:5802` in order to log in with the `makemkv` user and the password that you can see next to the container in the AIO interface. (The web page uses a self-signed certificate, so you need to accept the warning).
|
||||
- After the first login, you can adjust the `/output` directory in the MakeMKV settings to a subdirectory of the root of your chosen `NEXTCLOUD_MOUNT`. (by default `NEXTCLOUD_MOUNT` is mounted to `/output` inside the container. Thus all data is written to the root of it)
|
||||
- The configured `NEXTCLOUD_DATADIR` is getting mounted to `/storage` inside the container.
|
||||
- The config data of MakeMKV will be automatically included in AIOs backup solution!
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@
|
|||
"NOCODB_JWT_SECRET",
|
||||
"NOCODB_USER_PASS"
|
||||
],
|
||||
"ui_secret": "NOCODB_USER_PASS",
|
||||
"volumes": [
|
||||
{
|
||||
"source": "nextcloud_aio_nocodb",
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ This is an alternative of **Airtable**.
|
|||
- You need to configure a reverse proxy in order to run this container since nocodb needs a dedicated (sub)domain! For that, you might have a look at https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy.
|
||||
- Currently, only `tables.$NC_DOMAIN` is supported as subdomain! So if Nextcloud is using `your-domain.com`, nocodb will use `tables.your-domain.com`.
|
||||
- The data of NocoDb will be automatically included in AIOs backup solution!
|
||||
- After adding and starting the container, you need to run `docker inspect nextcloud-aio-nocodb | grep NC_ADMIN_PASS` to obtain the system administrator password (username: `admin@noco.db`). With this information, you can log in to the web interface at `https://tables.$NC_DOMAIN/#/signin`
|
||||
- After adding and starting the container, you can log in to the web interface at `https://tables.$NC_DOMAIN/#/signin` with the username `admin@noco.db` and the password that you can see in the AIO interface next to the container.
|
||||
- See https://docs.nocodb.com/ for usage of NocoDb
|
||||
- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
|
||||
|
||||
|
|
|
|||
|
|
@ -53,6 +53,7 @@
|
|||
"secrets": [
|
||||
"STALWART_USER_PASS"
|
||||
],
|
||||
"ui_secret": "STALWART_USER_PASS",
|
||||
"volumes": [
|
||||
{
|
||||
"source": "nextcloud_aio_stalwart",
|
||||
|
|
|
|||
|
|
@ -14,6 +14,7 @@ cat /tmp/containers.json
|
|||
OUTPUT="$(cat /tmp/containers.json)"
|
||||
OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].internal_port)')"
|
||||
OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].secrets)')"
|
||||
OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].ui_secrets)')"
|
||||
OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].devices)')"
|
||||
OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].enable_nvidia_gpu)')"
|
||||
OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].backup_volumes)')"
|
||||
|
|
|
|||
|
|
@ -145,6 +145,10 @@
|
|||
"pattern": "^[A-Z_]+$"
|
||||
}
|
||||
},
|
||||
"ui_secret": {
|
||||
"type": "string",
|
||||
"pattern": "^[A-Z_]+$"
|
||||
},
|
||||
"image_tag": {
|
||||
"type": "string",
|
||||
"pattern": "^([a-z0-9.-]+|%AIO_CHANNEL%)$"
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@ readonly class Container {
|
|||
private array $dependsOn,
|
||||
/** @var string[] */
|
||||
private array $secrets,
|
||||
private string $uiSecret,
|
||||
/** @var string[] */
|
||||
private array $devices,
|
||||
private bool $enableNvidiaGpu,
|
||||
|
|
@ -85,6 +86,10 @@ readonly class Container {
|
|||
return $this->secrets;
|
||||
}
|
||||
|
||||
public function GetUiSecret() : string {
|
||||
return $this->dockerActionManager->GetAndGenerateSecretWrapper($this->uiSecret);
|
||||
}
|
||||
|
||||
public function GetTmpfs() : array {
|
||||
return $this->tmpfs;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -244,6 +244,11 @@ readonly class ContainerDefinitionFetcher {
|
|||
$secrets = $entry['secrets'];
|
||||
}
|
||||
|
||||
$uiSecret = '';
|
||||
if (isset($entry['ui_secret'])) {
|
||||
$uiSecret = $entry['ui_secret'];
|
||||
}
|
||||
|
||||
$devices = [];
|
||||
if (isset($entry['devices'])) {
|
||||
$devices = $entry['devices'];
|
||||
|
|
@ -316,6 +321,7 @@ readonly class ContainerDefinitionFetcher {
|
|||
$variables,
|
||||
$dependsOn,
|
||||
$secrets,
|
||||
$uiSecret,
|
||||
$devices,
|
||||
$enableNvidiaGpu,
|
||||
$capAdd,
|
||||
|
|
|
|||
|
|
@ -33,6 +33,10 @@ class ConfigurationManager
|
|||
}
|
||||
|
||||
public function GetAndGenerateSecret(string $secretId) : string {
|
||||
if ($secretId === '') {
|
||||
return '';
|
||||
}
|
||||
|
||||
$config = $this->GetConfig();
|
||||
if(!isset($config['secrets'][$secretId])) {
|
||||
$config['secrets'][$secretId] = bin2hex(random_bytes(24));
|
||||
|
|
|
|||
|
|
@ -1032,6 +1032,10 @@ readonly class DockerActionManager {
|
|||
}
|
||||
}
|
||||
|
||||
public function GetAndGenerateSecretWrapper(string $secretId) : string {
|
||||
return $this->configurationManager->GetAndGenerateSecret($secretId);
|
||||
}
|
||||
|
||||
public function isNextcloudImageOutdated() : bool {
|
||||
$createdTime = $this->GetCreatedTimeOfNextcloudImage();
|
||||
|
||||
|
|
|
|||
|
|
@ -282,6 +282,9 @@
|
|||
{% if container.GetDocumentation() != '' %}
|
||||
(<a href="{{ container.GetDocumentation() }}">docs</a>)
|
||||
{% endif %}
|
||||
{% if container.GetUiSecret() != '' %}
|
||||
(password: {{ GetUiSecret.GetUiSecret() }} )
|
||||
{% endif %}
|
||||
</span>
|
||||
{% elseif container.GetRunningState().value == 'running' %}
|
||||
<span class="status success"></span>
|
||||
|
|
@ -289,6 +292,9 @@
|
|||
{% if container.GetDocumentation() != '' %}
|
||||
(<a href="{{ container.GetDocumentation() }}">docs</a>)
|
||||
{% endif %}
|
||||
{% if container.GetUiSecret() != '' %}
|
||||
(password: {{ GetUiSecret.GetUiSecret() }} )
|
||||
{% endif %}
|
||||
</span>
|
||||
{% else %}
|
||||
<span class="status error"></span>
|
||||
|
|
@ -296,6 +302,9 @@
|
|||
{% if container.GetDocumentation() != '' %}
|
||||
(<a href="{{ container.GetDocumentation() }}">docs</a>)
|
||||
{% endif %}
|
||||
{% if container.GetUiSecret() != '' %}
|
||||
(password: {{ GetUiSecret.GetUiSecret() }} )
|
||||
{% endif %}
|
||||
</span>
|
||||
{% endif %}
|
||||
</li>
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue