From cd794dd208958b3aaf0e4bdccabcdcf836d16a20 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Sun, 15 Jun 2025 14:11:23 +0200 Subject: [PATCH] aio-caddy: change to v3 and further adjustments Signed-off-by: Simon L. --- community-containers/caddy/caddy.json | 6 ++++-- community-containers/caddy/readme.md | 1 + manual-install/update-yaml.sh | 1 + php/containers.json | 1 + php/src/Data/ConfigurationManager.php | 9 +++++++++ php/src/Docker/DockerActionManager.php | 6 ++++++ 6 files changed, 22 insertions(+), 2 deletions(-) diff --git a/community-containers/caddy/caddy.json b/community-containers/caddy/caddy.json index d5f72cb8..899328f5 100644 --- a/community-containers/caddy/caddy.json +++ b/community-containers/caddy/caddy.json @@ -5,7 +5,7 @@ "display_name": "Caddy with geoblocking", "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy", "image": "ghcr.io/szaimen/aio-caddy", - "image_tag": "v2", + "image_tag": "v3", "internal_port": "443", "restart": "unless-stopped", "ports": [ @@ -23,7 +23,9 @@ "environment": [ "TZ=%TIMEZONE%", "NC_DOMAIN=%NC_DOMAIN%", - "APACHE_PORT=%APACHE_PORT%" + "APACHE_PORT=%APACHE_PORT%", + "turn_domain=turn.%NC_DOMAIN%", + "talk_port=443" ], "volumes": [ { diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md index d6e63e41..6c12b934 100644 --- a/community-containers/caddy/readme.md +++ b/community-containers/caddy/readme.md @@ -4,6 +4,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau ### Notes - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time! - Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO. +- Starting with AIO v12, the Talk port that was usually exposed on port 3478 is now set to port 443 udp and tcp and reachable via `turn.your-nc-domain.com`. So instead of opening port 3478, you need to configure the mentioned subdomain by using a cname record. - If you want to use this with [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden), make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden. - If you want to use this with [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart), make sure that you point `mail.your-nc-domain.com` to your server using an A, AAAA or CNAME record so that caddy can get a certificate automatically for stalwart. - If you want to use this with [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin), make sure that you point `media.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyfin. diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh index 70d14b4e..af746aee 100644 --- a/manual-install/update-yaml.sh +++ b/manual-install/update-yaml.sh @@ -46,6 +46,7 @@ sed -i '/AIO_TOKEN/d' containers.yml sed -i '/AIO_URL/d' containers.yml sed -i '/DOCKER_SOCKET_PROXY_ENABLED/d' containers.yml sed -i '/ADDITIONAL_TRUSTED_PROXY/d' containers.yml +sed -i '/TURN_DOMAIN/d' containers.yml TCP="$(grep -oP '[%A-Z0-9_]+/tcp' containers.yml | sort -u)" mapfile -t TCP <<< "$TCP" diff --git a/php/containers.json b/php/containers.json index 38fdb09a..f442caca 100644 --- a/php/containers.json +++ b/php/containers.json @@ -229,6 +229,7 @@ "UPDATE_NEXTCLOUD_APPS=%UPDATE_NEXTCLOUD_APPS%", "TZ=%TIMEZONE%", "TALK_PORT=%TALK_PORT%", + "TURN_DOMAIN=%TURN_DOMAIN%", "IMAGINARY_ENABLED=%IMAGINARY_ENABLED%", "IMAGINARY_HOST=nextcloud-aio-imaginary", "CLAMAV_MAX_SIZE=%APACHE_MAX_SIZE%", diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index d4af26b1..3a99cf70 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -569,6 +569,15 @@ class ConfigurationManager return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue); } + public function GetTurnDomain() : string { + $config = $this->GetConfig(); + if(!isset($config['turn_domain'])) { + $config['turn_domain'] = ''; + } + + return $config['turn_domain']; + } + /** * @throws InvalidSettingConfigurationException */ diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 16f28e52..d2a854fa 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -274,6 +274,8 @@ readonly class DockerActionManager { $replacements[1] = $this->configurationManager->GetApachePort(); } elseif ($out[1] === 'TALK_PORT') { $replacements[1] = $this->configurationManager->GetTalkPort(); + } elseif ($out[1] === 'TURN_DOMAIN') { + $replacements[1] = $this->configurationManager->GetTurnDomain(); } elseif ($out[1] === 'NEXTCLOUD_MOUNT') { $replacements[1] = $this->configurationManager->GetNextcloudMount(); } elseif ($out[1] === 'BACKUP_RESTORE_PASSWORD') { @@ -457,6 +459,10 @@ readonly class DockerActionManager { } } else if ($port === '%TALK_PORT%') { $port = $this->configurationManager->GetTalkPort(); + // Skip publishing talk port if it is set to the same value like the apache port + if ($port === $this->configurationManager->GetApachePort()) { + continue; + } } $ipBinding = $value->ipBinding; if ($ipBinding === '%APACHE_IP_BINDING%') {