From 542487e9095342296443beee9b832b2b5467edb0 Mon Sep 17 00:00:00 2001 From: alexenica Date: Fri, 13 Dec 2024 15:06:28 +0200 Subject: [PATCH 01/13] Add dot to network regex check Signed-off-by: Alexandru Nica --- Containers/mastercontainer/start.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh index 687651e2..d467c880 100644 --- a/Containers/mastercontainer/start.sh +++ b/Containers/mastercontainer/start.sh @@ -194,7 +194,7 @@ It is set to '$APACHE_IP_BINDING'." fi fi if [ -n "$APACHE_ADDITIONAL_NETWORK" ]; then - if ! echo "$APACHE_ADDITIONAL_NETWORK" | grep -q "^[a-zA-Z0-9_-]\+$"; then + if ! echo "$APACHE_ADDITIONAL_NETWORK" | grep -q "^[a-zA-Z0-9._-]\+$"; then print_red "You've set APACHE_ADDITIONAL_NETWORK but not to an allowed value. It needs to be a string with letters, numbers, hyphens and underscores. It is set to '$APACHE_ADDITIONAL_NETWORK'." From 7eddf00f8c1383ff73b77a1d1909c501d60ac53d Mon Sep 17 00:00:00 2001 From: Zoey Date: Sat, 14 Dec 2024 22:20:08 +0100 Subject: [PATCH 02/13] Improve nginx reverse proxy template based on (not identical): https://ssl-config.mozilla.org/#server=nginx&version=1.27.3&config=intermediate&openssl=3.4.0&hsts=false&ocsp=false&guideline=5.7 Signed-off-by: Zoey --- reverse-proxy.md | 37 ++++++++++++++++++------------------- 1 file changed, 18 insertions(+), 19 deletions(-) diff --git a/reverse-proxy.md b/reverse-proxy.md index a7eea8c2..224ca844 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -317,7 +317,7 @@ backend Nextcloud -### Nginx, Freenginx, Openresty +### Nginx, Freenginx, Openresty, Angie
@@ -344,24 +344,27 @@ server { if ($scheme = "http") { return 301 https://$host$request_uri; } + if ($http_x_forwarded_proto = "http") { + return 301 https://$host$request_uri; + } listen 443 ssl http2; # for nginx versions below v1.25.1 listen [::]:443 ssl http2; # for nginx versions below v1.25.1 - comment to disable IPv6 # listen 443 ssl; # for nginx v1.25.1+ # listen [::]:443 ssl; # for nginx v1.25.1+ - keep comment to disable IPv6 - - # http2 on; # uncomment to enable HTTP/2 - supported on nginx v1.25.1+ + # http2 on; # uncomment to enable HTTP/2 - supported on nginx v1.25.1+ + + # listen 443 quic reuseport; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ - please remove "reuseport" if there is already another quic listener on port 443 with enabled reuseport + # listen [::]:443 quic reuseport; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ - please remove "reuseport" if there is already another quic listener on port 443 with enabled reuseport - keep comment to disable IPv6 # http3 on; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ # quic_retry on; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ # add_header Alt-Svc 'h3=":443"; ma=86400'; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ - # listen 443 quic reuseport; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ - please remove "reuseport" if there is already another quic listener on port 443 with enabled reuseport - # listen [::]:443 quic reuseport; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ - please remove "reuseport" if there is already another quic listener on port 443 with enabled reuseport - keep comment to disable IPv6 server_name ; location / { - proxy_pass http://127.0.0.1:11000$request_uri; + proxy_pass http://127.0.0.1:11000$request_uri; # adjust to match APACHE_PORT and APACHE_IP_BINDING proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Port $server_port; @@ -369,6 +372,7 @@ server { proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; + proxy_set_header Early-Data $ssl_early_data; proxy_request_buffering off; proxy_read_timeout 86400s; @@ -386,23 +390,18 @@ server { ssl_certificate /etc/letsencrypt/live//fullchain.pem; # managed by certbot on host machine ssl_certificate_key /etc/letsencrypt/live//privkey.pem; # managed by certbot on host machine + ssl_dhparam /etc/dhparam; # curl -L https://ssl-config.mozilla.org/ffdhe2048.txt -o /etc/dhparam + + ssl_early_data on; ssl_session_timeout 1d; - ssl_session_cache shared:MozSSL:10m; # about 40000 sessions - ssl_session_tickets off; + ssl_session_cache shared:SSL:10m; ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305; + ssl_ecdh_curve x25519:x448:secp521r1:secp384r1:secp256r1; + ssl_prefer_server_ciphers on; - - # Optional settings: - - # OCSP stapling - # ssl_stapling on; - # ssl_stapling_verify on; - # ssl_trusted_certificate /etc/letsencrypt/live//chain.pem; - - # replace with the IP address of your resolver - # resolver 127.0.0.1; # needed for oscp stapling: e.g. use 94.140.15.15 for adguard / 1.1.1.1 for cloudflared or 8.8.8.8 for google - you can use the same nameserver as listed in your /etc/resolv.conf file + ssl_conf_command Options PrioritizeChaCha; + ssl_ciphers TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256; } ``` From e4b0998f3c7997a2e3cea6731b5dea3c8ba2deed Mon Sep 17 00:00:00 2001 From: Zoey Date: Sat, 14 Dec 2024 22:27:55 +0100 Subject: [PATCH 03/13] small additional improvement Signed-off-by: Zoey --- reverse-proxy.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/reverse-proxy.md b/reverse-proxy.md index 224ca844..da89af9e 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -358,6 +358,7 @@ server { # listen 443 quic reuseport; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ - please remove "reuseport" if there is already another quic listener on port 443 with enabled reuseport # listen [::]:443 quic reuseport; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ - please remove "reuseport" if there is already another quic listener on port 443 with enabled reuseport - keep comment to disable IPv6 # http3 on; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ + # quic_gso on; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ # quic_retry on; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ # add_header Alt-Svc 'h3=":443"; ma=86400'; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ @@ -373,7 +374,8 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header Early-Data $ssl_early_data; - + + proxy_buffering off; proxy_request_buffering off; proxy_read_timeout 86400s; client_max_body_size 0; From ccb8443241b59319d592d5d559d2afb771a83a29 Mon Sep 17 00:00:00 2001 From: Zoey Date: Sat, 14 Dec 2024 22:47:11 +0100 Subject: [PATCH 04/13] Add NPMplus to reverse-proxy.md Signed-off-by: Zoey --- reverse-proxy.md | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/reverse-proxy.md b/reverse-proxy.md index a7eea8c2..633c7a55 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -411,6 +411,32 @@ server {
+### NPMplus (Fork of Nginx-Proxy-Manager - NPM) + +
+ +click here to expand + +⚠️ **Please note:** This is not needed when running NPMplus as a community container. + +First, make sure the environmental variables `PUID` and `PGID` in the `compose.yaml` file for NPM are either unset or set to `0`. +If you need to change the GID/PID then please add `net.ipv4.ip_unprivileged_port_start=0` at the end of `/etc/sysctl.conf`. Note: this will cause that a non root user can bind privileged ports. + +Second, see these screenshots for a working config: + +![grafik](https://github.com/user-attachments/assets/c32c8fe8-7417-4f8f-9625-24b95651e630) + +![grafik](https://github.com/user-attachments/assets/a26c53fd-6cc8-4a6b-a86f-c2f94b70088f) + +![grafik](https://github.com/user-attachments/assets/75d7f539-35d1-4a3e-8c51-43123f698893) + +![grafik](https://github.com/user-attachments/assets/e494edb5-8b70-4d45-bc9b-374219230041) + +⚠️ **Please note:** Nextcloud will complain that X-XXS-Protection is set to the wrong value, this is intended by NPMplus. +⚠️ **Please note:** look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration. + +
+ ### Nginx-Proxy-Manager - NPM
@@ -420,7 +446,7 @@ server { **Hint:** You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-3040493) for a more complete but possibly oudated example. First, make sure the environmental variables `PUID` and `PGID` in the `compose.yaml` file for NPM are either unset or set to `0`. -If you need to change the GID/PID then please add `net.ipv4.ip_unprivileged_port_start=0` at the end of `/etc/sysctl.conf`. Note: this will cause that non root users can bind privileged ports. +If you need to change the GID/PID then please add `net.ipv4.ip_unprivileged_port_start=0` at the end of `/etc/sysctl.conf`. Note: this will cause that a non root user can bind privileged ports. Second, see these screenshots for a working config: From d5cd4fe519d6df72c076e44544b31e81f9876acb Mon Sep 17 00:00:00 2001 From: Zoey Date: Sat, 14 Dec 2024 22:49:10 +0100 Subject: [PATCH 05/13] Update reverse-proxy.md Signed-off-by: Zoey --- reverse-proxy.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/reverse-proxy.md b/reverse-proxy.md index 633c7a55..b2e7603f 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -419,8 +419,9 @@ server { ⚠️ **Please note:** This is not needed when running NPMplus as a community container. -First, make sure the environmental variables `PUID` and `PGID` in the `compose.yaml` file for NPM are either unset or set to `0`. -If you need to change the GID/PID then please add `net.ipv4.ip_unprivileged_port_start=0` at the end of `/etc/sysctl.conf`. Note: this will cause that a non root user can bind privileged ports. +First, make sure the environmental variables `PUID` and `PGID` in the `compose.yaml` file for NPM are either unset or set to `0`.
+If you need to change the GID/PID then please add `net.ipv4.ip_unprivileged_port_start=0` at the end of `/etc/sysctl.conf`.
+Note: this will cause that a non root user can bind privileged ports. Second, see these screenshots for a working config: @@ -432,7 +433,7 @@ Second, see these screenshots for a working config: ![grafik](https://github.com/user-attachments/assets/e494edb5-8b70-4d45-bc9b-374219230041) -⚠️ **Please note:** Nextcloud will complain that X-XXS-Protection is set to the wrong value, this is intended by NPMplus. +⚠️ **Please note:** Nextcloud will complain that X-XXS-Protection is set to the wrong value, this is intended by NPMplus.
⚠️ **Please note:** look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
@@ -445,8 +446,9 @@ Second, see these screenshots for a working config: **Hint:** You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-3040493) for a more complete but possibly oudated example. -First, make sure the environmental variables `PUID` and `PGID` in the `compose.yaml` file for NPM are either unset or set to `0`. -If you need to change the GID/PID then please add `net.ipv4.ip_unprivileged_port_start=0` at the end of `/etc/sysctl.conf`. Note: this will cause that a non root user can bind privileged ports. +First, make sure the environmental variables `PUID` and `PGID` in the `compose.yaml` file for NPM are either unset or set to `0`.
+If you need to change the GID/PID then please add `net.ipv4.ip_unprivileged_port_start=0` at the end of `/etc/sysctl.conf`.
+Note: this will cause that a non root user can bind privileged ports. Second, see these screenshots for a working config: From d74d7f9a672c6b2d1a13c7dc0b9fb866f96ccf77 Mon Sep 17 00:00:00 2001 From: Zoey Date: Mon, 16 Dec 2024 19:00:19 +0100 Subject: [PATCH 06/13] improve upload speeds in nginx template Signed-off-by: Zoey --- reverse-proxy.md | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/reverse-proxy.md b/reverse-proxy.md index da89af9e..933e88e7 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -362,6 +362,14 @@ server { # quic_retry on; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ # add_header Alt-Svc 'h3=":443"; ma=86400'; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ + proxy_buffering off; + proxy_request_buffering off; + + client_max_body_size 0; + client_body_buffer_size 1m; + http3_stream_buffer_size 1m; + proxy_read_timeout 86400s; + server_name ; location / { @@ -375,11 +383,6 @@ server { proxy_set_header Host $host; proxy_set_header Early-Data $ssl_early_data; - proxy_buffering off; - proxy_request_buffering off; - proxy_read_timeout 86400s; - client_max_body_size 0; - # Websocket proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; @@ -434,7 +437,7 @@ Second, see these screenshots for a working config: ![grafik](https://user-images.githubusercontent.com/75573284/213889746-87dbe8c5-4d1f-492f-b251-bbf82f1510d0.png) ``` -client_body_buffer_size 512k; +client_body_buffer_size 1m; proxy_read_timeout 86400s; client_max_body_size 0; ``` From e7a36de3db2cd85922c9bbbd2fbd8384534a77d2 Mon Sep 17 00:00:00 2001 From: Zoey Date: Mon, 16 Dec 2024 22:13:05 +0100 Subject: [PATCH 07/13] also remove DHE Signed-off-by: Zoey --- reverse-proxy.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/reverse-proxy.md b/reverse-proxy.md index 933e88e7..ebeb0997 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -360,6 +360,7 @@ server { # http3 on; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ # quic_gso on; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ # quic_retry on; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ + # quic_bpf on; # improves HTTP/3 / QUIC - supported on nginx v1.25.0+, if nginx runs as a docker container you need to give it privileged permission # add_header Alt-Svc 'h3=":443"; ma=86400'; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ proxy_buffering off; @@ -406,7 +407,7 @@ server { ssl_prefer_server_ciphers on; ssl_conf_command Options PrioritizeChaCha; - ssl_ciphers TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256; + ssl_ciphers TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256; } ``` From 1ecf1092f61f189506b85f4cecf3058150d5ab2b Mon Sep 17 00:00:00 2001 From: Zoey Date: Tue, 17 Dec 2024 08:53:55 +0100 Subject: [PATCH 08/13] 512k is enough Signed-off-by: Zoey --- reverse-proxy.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/reverse-proxy.md b/reverse-proxy.md index ebeb0997..0f1693d1 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -367,8 +367,8 @@ server { proxy_request_buffering off; client_max_body_size 0; - client_body_buffer_size 1m; - http3_stream_buffer_size 1m; + client_body_buffer_size 512k; + http3_stream_buffer_size 512k; proxy_read_timeout 86400s; server_name ; @@ -438,7 +438,7 @@ Second, see these screenshots for a working config: ![grafik](https://user-images.githubusercontent.com/75573284/213889746-87dbe8c5-4d1f-492f-b251-bbf82f1510d0.png) ``` -client_body_buffer_size 1m; +client_body_buffer_size 512k; proxy_read_timeout 86400s; client_max_body_size 0; ``` From 1b3e2d6ece916fb4859a49f229ab9e1cafe55fdd Mon Sep 17 00:00:00 2001 From: Zoey Date: Tue, 17 Dec 2024 09:00:49 +0100 Subject: [PATCH 09/13] Update reverse-proxy.md Signed-off-by: Zoey --- reverse-proxy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reverse-proxy.md b/reverse-proxy.md index 0f1693d1..03167e6e 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -360,7 +360,7 @@ server { # http3 on; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ # quic_gso on; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ # quic_retry on; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ - # quic_bpf on; # improves HTTP/3 / QUIC - supported on nginx v1.25.0+, if nginx runs as a docker container you need to give it privileged permission + # quic_bpf on; # improves HTTP/3 / QUIC - supported on nginx v1.25.0+, if nginx runs as a docker container you need to give it privileged permission to use this option # add_header Alt-Svc 'h3=":443"; ma=86400'; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ proxy_buffering off; From 9638b50796f90d29a0b263a76079a2f3044a2ae5 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Tue, 17 Dec 2024 12:09:07 +0000 Subject: [PATCH 10/13] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index 8a23b483..e851be37 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -2814,16 +2814,16 @@ }, { "name": "spatie/array-to-xml", - "version": "3.3.0", + "version": "3.4.0", "source": { "type": "git", "url": "https://github.com/spatie/array-to-xml.git", - "reference": "f56b220fe2db1ade4c88098d83413ebdfc3bf876" + "reference": "7dcfc67d60b0272926dabad1ec01f6b8a5fb5e67" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/spatie/array-to-xml/zipball/f56b220fe2db1ade4c88098d83413ebdfc3bf876", - "reference": "f56b220fe2db1ade4c88098d83413ebdfc3bf876", + "url": "https://api.github.com/repos/spatie/array-to-xml/zipball/7dcfc67d60b0272926dabad1ec01f6b8a5fb5e67", + "reference": "7dcfc67d60b0272926dabad1ec01f6b8a5fb5e67", "shasum": "" }, "require": { @@ -2866,7 +2866,7 @@ "xml" ], "support": { - "source": "https://github.com/spatie/array-to-xml/tree/3.3.0" + "source": "https://github.com/spatie/array-to-xml/tree/3.4.0" }, "funding": [ { @@ -2878,7 +2878,7 @@ "type": "github" } ], - "time": "2024-05-01T10:20:27+00:00" + "time": "2024-12-16T12:45:15+00:00" }, { "name": "sserbin/twig-linter", From f8a249e1adde58fb1404dc0b808343984c835c9a Mon Sep 17 00:00:00 2001 From: tofuwabohu <66644064+tofuwabohu@users.noreply.github.com> Date: Sun, 10 Nov 2024 22:15:37 +0100 Subject: [PATCH 11/13] Add steps to migrate using borg backup Signed-off-by: tofuwabohu <66644064+tofuwabohu@users.noreply.github.com> --- migration.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/migration.md b/migration.md index 12488b17..e676366e 100644 --- a/migration.md +++ b/migration.md @@ -21,6 +21,32 @@ The procedure for migrating only the files works like this: 1. If the restored data is older than any clients you want to continue to sync, for example if the server was down for a period of time during migration, you may want to take a look at [Synchronising with clients after migration](/migration.md#synchronising-with-clients-after-migration) below. ## Migrate the files and the database +### Using the borg backup +If you have the borg backup feature enabled, you can copy it over to the new host and restore from the backup. This guide assumes the new installation data dir will be on /mnt/datadir, you can adjust the steps if it's elsewhere. + +1. Set the DNS entry to 60 seconds TTL if applicable +1. On your current installation, use the AIO interface to: + 1. Update AIO and all containers + 1. Stop all containers (from now on, your cloud is down) + 1. Create a current borg backup + 1. Note the path where the backups are stored and the encryption password +1. Navigate to the backup folder +1. Create archive of the backup so it's easier to copy: `tar -czvf borg.tar.gz borg` +1. Copy the archive over to the new host: `cp borg.tar.gz user@new.host:/mnt`. Make sure to replace `user` with your actual user and `new.host` with the IP or domain of the actual host. You can also use another way to copy the archive. +1. Switch to the new host +1. Go to the folder you put the backup archive and extract it with `tar -xf borg.tar.gz` +1. Follow the installation guide to create a new aio instance, but do not start the containers yet (the `docker run` or `docker compose up -d` command) +1. Change the DNS entry to the new host's IP +1. Configure your reverse proxy if you use one +1. Start the AIO container and open the new AIO interface in your browser +1. Make sure to save the newly generated passphrase and enter it in the next step +1. Select the "Restore former AIO instance from backup" option and enter the encryption password from the old backup and the path in which the extracted `borg` folder lies in (without the borg part) and hit "Submit location and password" +1. Choose the latest backup in the dropdown and hit "Restore selected backup" +1. Wait until the backup is restored +1. Start the containers in the AIO interface + + +### Manual process **Please note**: this is much more complicated than migrating only the files and also not as failproof so be warned! Also, this will not work on former snap installations as the snap is read-only and thus you cannot install the necessary `pdo_pgsql` PHP extension. So if migrating from snap, you will need to use one of the other methods. However you could try to ask if the snaps maintainer could add this one small PHP extension to the snap here: https://github.com/nextcloud-snap/nextcloud-snap/issues which would allow for an easy migration. The procedure for migrating the files and the database works like this: From 0598b10f2ebce699ccf6a9151c2ecd2d15966c65 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 17 Dec 2024 14:14:14 +0100 Subject: [PATCH 12/13] adjust the guide to be shown in the normal readme and add a link from the migration docs Signed-off-by: Simon L. --- migration.md | 28 +--------------------------- readme.md | 24 ++++++++++++++++++++++++ 2 files changed, 25 insertions(+), 27 deletions(-) diff --git a/migration.md b/migration.md index e676366e..864559c4 100644 --- a/migration.md +++ b/migration.md @@ -1,6 +1,6 @@ # How to migrate from an already existing Nextcloud installation to Nextcloud AIO? -There are basically three ways how to migrate from an already existing Nextcloud installation to Nextcloud AIO: +There are basically three ways how to migrate from an already existing Nextcloud installation to Nextcloud AIO (if you ran AIO on the former installation already, you can follow [these steps](https://github.com/nextcloud/all-in-one#how-to-migrate-from-aio-to-aio)): 1. Migrate only the files which is the easiest way (this excludes all calendar data for example) 1. Migrate the files and the database which is much more complicated (and doesn't work on former snap installations) @@ -21,32 +21,6 @@ The procedure for migrating only the files works like this: 1. If the restored data is older than any clients you want to continue to sync, for example if the server was down for a period of time during migration, you may want to take a look at [Synchronising with clients after migration](/migration.md#synchronising-with-clients-after-migration) below. ## Migrate the files and the database -### Using the borg backup -If you have the borg backup feature enabled, you can copy it over to the new host and restore from the backup. This guide assumes the new installation data dir will be on /mnt/datadir, you can adjust the steps if it's elsewhere. - -1. Set the DNS entry to 60 seconds TTL if applicable -1. On your current installation, use the AIO interface to: - 1. Update AIO and all containers - 1. Stop all containers (from now on, your cloud is down) - 1. Create a current borg backup - 1. Note the path where the backups are stored and the encryption password -1. Navigate to the backup folder -1. Create archive of the backup so it's easier to copy: `tar -czvf borg.tar.gz borg` -1. Copy the archive over to the new host: `cp borg.tar.gz user@new.host:/mnt`. Make sure to replace `user` with your actual user and `new.host` with the IP or domain of the actual host. You can also use another way to copy the archive. -1. Switch to the new host -1. Go to the folder you put the backup archive and extract it with `tar -xf borg.tar.gz` -1. Follow the installation guide to create a new aio instance, but do not start the containers yet (the `docker run` or `docker compose up -d` command) -1. Change the DNS entry to the new host's IP -1. Configure your reverse proxy if you use one -1. Start the AIO container and open the new AIO interface in your browser -1. Make sure to save the newly generated passphrase and enter it in the next step -1. Select the "Restore former AIO instance from backup" option and enter the encryption password from the old backup and the path in which the extracted `borg` folder lies in (without the borg part) and hit "Submit location and password" -1. Choose the latest backup in the dropdown and hit "Restore selected backup" -1. Wait until the backup is restored -1. Start the containers in the AIO interface - - -### Manual process **Please note**: this is much more complicated than migrating only the files and also not as failproof so be warned! Also, this will not work on former snap installations as the snap is read-only and thus you cannot install the necessary `pdo_pgsql` PHP extension. So if migrating from snap, you will need to use one of the other methods. However you could try to ask if the snaps maintainer could add this one small PHP extension to the snap here: https://github.com/nextcloud-snap/nextcloud-snap/issues which would allow for an easy migration. The procedure for migrating the files and the database works like this: diff --git a/readme.md b/readme.md index fac0235b..dd5ecd3a 100644 --- a/readme.md +++ b/readme.md @@ -428,6 +428,30 @@ Backed up will get all important data of your Nextcloud AIO instance like the da #### How to adjust borgs retention policy? The built-in borg-based backup solution has by default a retention policy of `--keep-within=7d --keep-weekly=4 --keep-monthly=6`. See https://borgbackup.readthedocs.io/en/stable/usage/prune.html for what these values mean. You can adjust the retention policy by providing `--env BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. ⚠️ Please make sure that this value is valid, otherwise backup pruning will bug out! +#### How to migrate from AIO to AIO? +If you have the borg backup feature enabled, you can copy it over to the new host and restore from the backup. This guide assumes the new installation data dir will be on `/mnt/datadir`, you can adjust the steps if it's elsewhere. + +1. Set the DNS entry to 60 seconds TTL if applicable +1. On your current installation, use the AIO interface to: + 1. Update AIO and all containers + 1. Stop all containers (from now on, your cloud is down) + 1. Create a current borg backup + 1. Note the path where the backups are stored and the encryption password +1. Navigate to the backup folder +1. Create archive of the backup so it's easier to copy: `tar -czvf borg.tar.gz borg` +1. Copy the archive over to the new host: `cp borg.tar.gz user@new.host:/mnt`. Make sure to replace `user` with your actual user and `new.host` with the IP or domain of the actual host. You can also use another way to copy the archive. +1. Switch to the new host +1. Go to the folder you put the backup archive and extract it with `tar -xf borg.tar.gz` +1. Follow the installation guide to create a new aio instance, but do not start the containers yet (the `docker run` or `docker compose up -d` command) +1. Change the DNS entry to the new host's IP +1. Configure your reverse proxy if you use one +1. Start the AIO container and open the new AIO interface in your browser +1. Make sure to save the newly generated passphrase and enter it in the next step +1. Select the "Restore former AIO instance from backup" option and enter the encryption password from the old backup and the path in which the extracted `borg` folder lies in (without the borg part) and hit `Submit location and password` +1. Choose the latest backup in the dropdown and hit `Restore selected backup` +1. Wait until the backup is restored +1. Start the containers in the AIO interface + #### Are remote borg backups supported? Backing up directly to a remote borg repository is supported. This avoids having to store a local copy of your backups, supports append-only borg keys to counter ransomware and allows using the AIO interface to manage your backups. From 32109b255160c733e563fef29f8f7025d77a0ff5 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 17 Dec 2024 14:54:21 +0100 Subject: [PATCH 13/13] increase to 10.2.0 Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 08269747..32cb5f02 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -17,7 +17,7 @@
-

Nextcloud AIO v10.1.1

+

Nextcloud AIO v10.2.0

{# Add 2nd tab warning #}