diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile index 7bcac338..dcc52fda 100644 --- a/Containers/fulltextsearch/Dockerfile +++ b/Containers/fulltextsearch/Dockerfile @@ -22,3 +22,4 @@ USER 1000:0 HEALTHCHECK --interval=10s --timeout=5s --start-period=1m --retries=5 CMD /healthcheck.sh LABEL com.centurylinklabs.watchtower.enable="false" +ENV ES_JAVA_OPTS="-Xms512M -Xmx512M" diff --git a/compose.yaml b/compose.yaml index 61c81a44..a72fbf50 100644 --- a/compose.yaml +++ b/compose.yaml @@ -20,6 +20,7 @@ services: # APACHE_ADDITIONAL_NETWORK: frontend_net # (Optional) Connect the apache container to an additional docker network. Needed when behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) running in a different docker network on same server. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md # BORG_RETENTION_POLICY: --keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy # COLLABORA_SECCOMP_DISABLED: false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature + # FULLTEXTSEARCH_JAVA_OPTIONS: "-Xms1024M -Xmx1024M" # Allows to adjust the fulltextsearch java options. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-fulltextsearch-java-options # NEXTCLOUD_DATADIR: /mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. ⚠️⚠️⚠️ Warning: do not set or adjust this value after the initial Nextcloud installation is done! See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir # NEXTCLOUD_MOUNT: /mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host # NEXTCLOUD_UPLOAD_LIMIT: 16G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud diff --git a/manual-install/latest.yml b/manual-install/latest.yml index 8bebf41c..daf85630 100644 --- a/manual-install/latest.yml +++ b/manual-install/latest.yml @@ -429,7 +429,7 @@ services: - "9200" environment: - TZ=${TIMEZONE} - - ES_JAVA_OPTS=-Xms512M -Xmx512M + - ES_JAVA_OPTS=${FULLTEXTSEARCH_JAVA_OPTIONS} - bootstrap.memory_lock=true - cluster.name=nextcloud-aio - discovery.type=single-node diff --git a/manual-install/sample.conf b/manual-install/sample.conf index 79fa9b36..de7dd709 100644 --- a/manual-install/sample.conf +++ b/manual-install/sample.conf @@ -26,6 +26,7 @@ APACHE_MAX_SIZE=17179869184 # This needs to be an integer and in sync w APACHE_PORT=443 # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru" # You can change this in order to enable other dictionaries for collabora COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true # Changing the value to false allows to disable the seccomp feature of the Collabora container. +FULLTEXTSEARCH_JAVA_OPTIONS="-Xms512M -Xmx512M" # Allows to adjust the fulltextsearch java options. INSTALL_LATEST_MAJOR=no # Setting this to yes will install the latest Major Nextcloud version upon the first installation NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh index 95c99426..5a4af271 100644 --- a/manual-install/update-yaml.sh +++ b/manual-install/update-yaml.sh @@ -93,6 +93,7 @@ sed -i 's|NC_DOMAIN=|NC_DOMAIN=yourdomain.com # TODO! Needs to be chang sed -i 's|NEXTCLOUD_PASSWORD=|NEXTCLOUD_PASSWORD= # TODO! This is the password of the initially created Nextcloud admin with username "admin".|' sample.conf sed -i 's|TIMEZONE=|TIMEZONE=Europe/Berlin # TODO! This is the timezone that your containers will use.|' sample.conf sed -i 's|COLLABORA_SECCOMP_POLICY=|COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true # Changing the value to false allows to disable the seccomp feature of the Collabora container.|' sample.conf +sed -i 's|FULLTEXTSEARCH_JAVA_OPTIONS=|FULLTEXTSEARCH_JAVA_OPTIONS="-Xms512M -Xmx512M" # Allows to adjust the fulltextsearch java options.|' sample.conf sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes" # Allows to modify the Nextcloud apps that are installed on starting AIO the first time|' sample.conf sed -i 's|NEXTCLOUD_ADDITIONAL_APKS=|NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.|' sample.conf sed -i 's|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.|' sample.conf diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml index 9979136b..ab8ba44a 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml @@ -35,7 +35,7 @@ spec: containers: - env: - name: ES_JAVA_OPTS - value: -Xms512M -Xmx512M + value: "{{ .Values.FULLTEXTSEARCH_JAVA_OPTIONS | default "-Xms512M -Xmx512M" }}" - name: FULLTEXTSEARCH_PASSWORD value: "{{ .Values.FULLTEXTSEARCH_PASSWORD }}" - name: TZ diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh index 3a8fff29..6f54d824 100755 --- a/nextcloud-aio-helm-chart/update-helm.sh +++ b/nextcloud-aio-helm-chart/update-helm.sh @@ -306,6 +306,8 @@ cat << EOL > /tmp/additional.config EOL # shellcheck disable=SC1083 find ./ -name '*nextcloud-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional.config" \{} \; +# shellcheck disable=SC1083 +find ./ -name '*fulltextsearch-deployment.yaml' -exec sed -i 's/{{ .Values.FULLTEXTSEARCH_JAVA_OPTIONS }}/{{ .Values.FULLTEXTSEARCH_JAVA_OPTIONS | default "-Xms512M -Xmx512M" }}/' \{} \; # Additional config cat << EOL > /tmp/additional-apache.config diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml index 3f760504..bbf597f3 100755 --- a/nextcloud-aio-helm-chart/values.yaml +++ b/nextcloud-aio-helm-chart/values.yaml @@ -25,6 +25,7 @@ APACHE_MAX_SIZE: "17179869184" # This needs to be an integer and in syn APACHE_PORT: 443 # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). COLLABORA_DICTIONARIES: de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru # You can change this in order to enable other dictionaries for collabora COLLABORA_SECCOMP_POLICY: --o:security.seccomp=true # Changing the value to false allows to disable the seccomp feature of the Collabora container. +FULLTEXTSEARCH_JAVA_OPTIONS: -Xms512M -Xmx512M # Allows to adjust the fulltextsearch java options. INSTALL_LATEST_MAJOR: no # Setting this to yes will install the latest Major Nextcloud version upon the first installation NEXTCLOUD_ADDITIONAL_APKS: imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. diff --git a/php/containers.json b/php/containers.json index d384053c..846a60d8 100644 --- a/php/containers.json +++ b/php/containers.json @@ -785,7 +785,7 @@ "internal_port": "9200", "environment": [ "TZ=%TIMEZONE%", - "ES_JAVA_OPTS=-Xms512M -Xmx512M", + "ES_JAVA_OPTS=%FULLTEXTSEARCH_JAVA_OPTIONS%", "bootstrap.memory_lock=true", "cluster.name=nextcloud-aio", "discovery.type=single-node", diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index a06f666c..d8c0c8ec 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -714,6 +714,13 @@ class ConfigurationManager return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue); } + public function GetFulltextsearchJavaOptions() : string { + $envVariableName = 'FULLTEXTSEARCH_JAVA_OPTIONS'; + $configName = 'fulltextsearch_java_options'; + $defaultValue = '-Xms512M -Xmx512M'; + return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue); + } + public function GetDockerSocketPath() : string { $envVariableName = 'WATCHTOWER_DOCKER_SOCKET_PATH'; $configName = 'docker_socket_path'; diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index e98a5237..a22b2efb 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -357,6 +357,8 @@ readonly class DockerActionManager { $replacements[1] = $this->configurationManager->GetNextcloudMaxTime(); } elseif ($out[1] === 'BORG_RETENTION_POLICY') { $replacements[1] = $this->configurationManager->GetBorgRetentionPolicy(); + } elseif ($out[1] === 'FULLTEXTSEARCH_JAVA_OPTIONS') { + $replacements[1] = $this->configurationManager->GetFulltextsearchJavaOptions(); } elseif ($out[1] === 'NEXTCLOUD_TRUSTED_CACERTS_DIR') { $replacements[1] = $this->configurationManager->GetTrustedCacertsDir(); } elseif ($out[1] === 'ADDITIONAL_DIRECTORIES_BACKUP') { diff --git a/readme.md b/readme.md index 5d8f735c..dbd4eda5 100644 --- a/readme.md +++ b/readme.md @@ -226,6 +226,7 @@ If your firewall/router has port 80 and 8443 open/forwarded and you point a doma - [Requirements for integrating new containers](#requirements-for-integrating-new-containers) - [How to trust user-defined Certification Authorities (CA)?](#how-to-trust-user-defined-certification-authorities-ca) - [How to disable Collabora's Seccomp feature?](#how-to-disable-collaboras-seccomp-feature) +- [How to adjust the Fulltextsearch Java options?](#how-to-adjust-the-fulltextsearch-java-options) - [How to enable automatic updates without creating a backup beforehand?](#how-to-enable-automatic-updates-without-creating-a-backup-beforehand) - [Securing the AIO interface from unauthorized ACME challenges](#securing-the-aio-interface-from-unauthorized-acme-challenges) @@ -970,7 +971,10 @@ When using `docker run`, the environmental variable can be set with `--env NEXTC In order for the value to be valid, the path should start with `/` and not end with `/` and point to an existing **directory**. Pointing the variable directly to a certificate **file** will not work and may also break things. ### How to disable Collabora's Seccomp feature? -The Collabora container enables Seccomp by default, which is a security feature of the Linux kernel. On systems without this kernel feature enabled, you need to provide `--env COLLABORA_SECCOMP_DISABLED=true` to the initial docker run command in order to make it work. +The Collabora container enables Seccomp by default, which is a security feature of the Linux kernel. On systems without this kernel feature enabled, you need to provide `--env COLLABORA_SECCOMP_DISABLED=true` to the initial docker run command in order to make it work. If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used. + +### How to adjust the Fulltextsearch Java options? +The Fulltextsearch Java options are by default set to `-Xms512M -Xmx512M` which might not be enough on some systems. You can adjust this by adding e.g. `--env FULLTEXTSEARCH_JAVA_OPTIONS="-Xms1024M -Xmx1024M"` to the initial docker run command. If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used. ### How to enable automatic updates without creating a backup beforehand? If you have an external backup solution, you might want to enable automatic updates without creating a backup first. However note that doing this is disrecommended since you will not be able to easily create and restore a backup from the AIO interface anymore and you need to make sure to shut down all the containers properly before creating the backup, e.g. by stopping them from the AIO interface first. diff --git a/tests/QA/060-environmental-variables.md b/tests/QA/060-environmental-variables.md index fd6a4dca..b2fadceb 100644 --- a/tests/QA/060-environmental-variables.md +++ b/tests/QA/060-environmental-variables.md @@ -12,6 +12,7 @@ - [ ] When starting the mastercontainer with `--env NEXTCLOUD_MEMORY_LIMIT=1024M` it should change Nextclouds PHP memory limit to 1024M. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud for allowed values. - [ ] When starting the mastercontainer with `--env NEXTCLOUD_MAX_TIME=4000` it should change Nextclouds upload max time 4000s. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud for allowed values. - [ ] When starting the mastercontainer with `--env BORG_RETENTION_POLICY="--keep-within=1d --keep-weekly=1 --keep-monthly=1"` it should change borgs retention policy to the defined one. This can be checked when creating a backup and looking at the logs. +- [ ] When starting the mastercontainer with `--env FULLTEXTSEARCH_JAVA_OPTIONS="-Xms1024M -Xmx1024M"` it should change Elasticsearchs `ES_JAVA_OPTS` options to the defined one. This can be checked by checking the `ES_JAVA_OPTS` variable for the nextcloud-aio-fulltextsearch container. - [ ] When starting the mastercontainer with `--env WATCHTOWER_DOCKER_SOCKET_PATH="$XDG_RUNTIME_DIR/docker.sock"` it should map `$XDG_RUNTIME_DIR/docker.sock` to `/var/run/docker.sock` inside the watchtower container which allow to update the mastercontainer on docker rootless. - [ ] When starting the mastercontainer with `--env AIO_DISABLE_BACKUP_SECTION=true` it should hide the backup section that gets shown after AIO is set up (everything of [020-backup-and-restore](./020-backup-and-restore.md)) and simply show that the backup section is disabled. - [ ] When starting the mastercontainer with `--env NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts`, the resulting nextcloud container should trust all the Certification Authorities, whose certificates are included in the directory `/path/to/my/cacerts` on the host.