aio-caddy: change to v3 and further adjustments

Signed-off-by: Simon L. <szaimen@e.mail.de>
2025-09-06 22:55:45 +08:00 · 2025-06-15 14:11:23 +02:00 · 2025-06-15 14:11:23 +02:00 · cd794dd208
commit cd794dd208
parent f0bb29bf8a
6 changed files with 22 additions and 2 deletions
--- a/community-containers/caddy/caddy.json
+++ b/community-containers/caddy/caddy.json
@ -5,7 +5,7 @@
            "display_name": "Caddy with geoblocking",
            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy",
            "image": "ghcr.io/szaimen/aio-caddy",
-            "image_tag": "v2",
+            "image_tag": "v3",
            "internal_port": "443",
            "restart": "unless-stopped",
            "ports": [
@ -23,7 +23,9 @@
            "environment": [
                "TZ=%TIMEZONE%",
                "NC_DOMAIN=%NC_DOMAIN%",
-                "APACHE_PORT=%APACHE_PORT%"
+                "APACHE_PORT=%APACHE_PORT%",
+                "turn_domain=turn.%NC_DOMAIN%",
+                "talk_port=443"
            ],
            "volumes": [
                {
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@ -4,6 +4,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau
 ### Notes
 - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
 - Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
+- Starting with AIO v12, the Talk port that was usually exposed on port 3478 is now set to port 443 udp and tcp and reachable via `turn.your-nc-domain.com`. So instead of opening port 3478, you need to configure the mentioned subdomain by using a cname record.
 - If you want to use this with [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden), make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
 - If you want to use this with [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart), make sure that you point `mail.your-nc-domain.com` to your server using an A, AAAA or CNAME record so that caddy can get a certificate automatically for stalwart.
 - If you want to use this with [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin), make sure that you point `media.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyfin.
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@ -46,6 +46,7 @@ sed -i '/AIO_TOKEN/d' containers.yml
 sed -i '/AIO_URL/d' containers.yml
 sed -i '/DOCKER_SOCKET_PROXY_ENABLED/d' containers.yml
 sed -i '/ADDITIONAL_TRUSTED_PROXY/d' containers.yml
+sed -i '/TURN_DOMAIN/d' containers.yml

 TCP="$(grep -oP '[%A-Z0-9_]+/tcp' containers.yml | sort -u)"
 mapfile -t TCP <<< "$TCP"
--- a/php/containers.json
+++ b/php/containers.json
@ -229,6 +229,7 @@
        "UPDATE_NEXTCLOUD_APPS=%UPDATE_NEXTCLOUD_APPS%",
        "TZ=%TIMEZONE%",
        "TALK_PORT=%TALK_PORT%",
+        "TURN_DOMAIN=%TURN_DOMAIN%",
        "IMAGINARY_ENABLED=%IMAGINARY_ENABLED%",
        "IMAGINARY_HOST=nextcloud-aio-imaginary",
        "CLAMAV_MAX_SIZE=%APACHE_MAX_SIZE%",
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@ -569,6 +569,15 @@ class ConfigurationManager
        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
    }

+    public function GetTurnDomain() : string {
+        $config = $this->GetConfig();
+        if(!isset($config['turn_domain'])) {
+            $config['turn_domain'] = '';
+        }
+
+        return $config['turn_domain'];
+    }
+
    /**
     * @throws InvalidSettingConfigurationException
     */
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@ -274,6 +274,8 @@ readonly class DockerActionManager {
                    $replacements[1] = $this->configurationManager->GetApachePort();
                } elseif ($out[1] === 'TALK_PORT') {
                    $replacements[1] = $this->configurationManager->GetTalkPort();
+                } elseif ($out[1] === 'TURN_DOMAIN') {
+                    $replacements[1] = $this->configurationManager->GetTurnDomain();
                } elseif ($out[1] === 'NEXTCLOUD_MOUNT') {
                    $replacements[1] = $this->configurationManager->GetNextcloudMount();
                } elseif ($out[1] === 'BACKUP_RESTORE_PASSWORD') {
@ -457,6 +459,10 @@ readonly class DockerActionManager {
                    }
                } else if ($port === '%TALK_PORT%') {
                    $port = $this->configurationManager->GetTalkPort();
+                    // Skip publishing talk port if it is set to the same value like the apache port
+                    if ($port === $this->configurationManager->GetApachePort()) {
+                        continue;
+                    }
                }
                $ipBinding = $value->ipBinding;
                if ($ipBinding === '%APACHE_IP_BINDING%') {