diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh old mode 100755 new mode 100644 index 6542d788..d440f5d9 --- a/Containers/mastercontainer/start.sh +++ b/Containers/mastercontainer/start.sh @@ -161,11 +161,11 @@ It is set to '$DOCKER_SOCKET_PATH'." exit 1 fi fi -if [ -n "$TRUSTED_CACERTS_DIR" ]; then - if ! echo "$TRUSTED_CACERTS_DIR" | grep -q "^/" || echo "$TRUSTED_CACERTS_DIR" | grep -q "/$"; then - echo "You've set TRUSTED_CACERTS_DIR but not to an allowed value. +if [ -n "$NEXTCLOUD_TRUSTED_CACERTS_DIR" ]; then + if ! echo "$NEXTCLOUD_TRUSTED_CACERTS_DIR" | grep -q "^/" || echo "$NEXTCLOUD_TRUSTED_CACERTS_DIR" | grep -q "/$"; then + echo "You've set NEXTCLOUD_TRUSTED_CACERTS_DIR but not to an allowed value. It should be an absolute path to a directory that starts with '/' but not end with '/'. -It is set to '$TRUSTED_CACERTS_DIR'." +It is set to '$NEXTCLOUD_TRUSTED_CACERTS_DIR '." exit 1 fi fi diff --git a/docker-compose.yml b/docker-compose.yml index 57e3339b..916620d3 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -26,7 +26,7 @@ services: # - DISABLE_BACKUP_SECTION=true # Setting this to true allows to hide the backup section in the AIO interface. # - NEXTCLOUD_UPLOAD_LIMIT=10G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud # - NEXTCLOUD_MAX_TIME=3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud - # - TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca + # - NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature # - NEXTCLOUD_STARTUP_APPS=twofactor_totp deck tasks calendar contacts apporder # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh index 5706114f..7538e062 100644 --- a/manual-install/update-yaml.sh +++ b/manual-install/update-yaml.sh @@ -65,7 +65,7 @@ sed -i 's|NEXTCLOUD_MOUNT=|NEXTCLOUD_MOUNT=/mnt/ # This allows the Next sed -i 's|NEXTCLOUD_UPLOAD_LIMIT=|NEXTCLOUD_UPLOAD_LIMIT=10G # This allows to change the upload limit of the Nextcloud container|' sample.conf sed -i 's|APACHE_MAX_SIZE=|APACHE_MAX_SIZE=10737418240 # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT|' sample.conf sed -i 's|NEXTCLOUD_MAX_TIME=|NEXTCLOUD_MAX_TIME=3600 # This allows to change the upload time limit of the Nextcloud container|' sample.conf -sed -i 's|TRUSTED_CACERTS_DIR=|TRUSTED_CACERTS_DIR=/path/to/my/cacerts # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.|' sample.conf +sed -i 's|NEXTCLOUD_TRUSTED_CACERTS_DIR=|NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.|' sample.conf sed -i 's|UPDATE_NEXTCLOUD_APPS=|UPDATE_NEXTCLOUD_APPS=no # When setting to yes, it will automatically update all installed Nextcloud apps upon container startup on saturdays.|' sample.conf sed -i 's|APACHE_PORT=|APACHE_PORT=443 # Changing this to a different value than 443 will allow you to run it behind a reverse proxy.|' sample.conf sed -i 's|TALK_PORT=|TALK_PORT=3478 # This allows to adjust the port that the talk container is using.|' sample.conf diff --git a/php/containers.json b/php/containers.json index a3ceef47..2f83611f 100644 --- a/php/containers.json +++ b/php/containers.json @@ -116,7 +116,7 @@ "writeable": true }, { - "name": "%TRUSTED_CACERTS_DIR%", + "name": "%NEXTCLOUD_TRUSTED_CACERTS_DIR%", "location": "/usr/local/share/ca-certificates", "writeable": false } @@ -156,7 +156,7 @@ "FULLTEXTSEARCH_ENABLED=%FULLTEXTSEARCH_ENABLED%", "FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch", "PHP_MAX_TIME=%NEXTCLOUD_MAX_TIME%", - "TRUSTED_CACERTS_DIR=%TRUSTED_CACERTS_DIR%", + "TRUSTED_CACERTS_DIR=%NEXTCLOUD_TRUSTED_CACERTS_DIR%", "STARTUP_APPS=%NEXTCLOUD_STARTUP_APPS%" ], "maxShutdownTime": 10, diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php index e6d416ef..f2d30804 100644 --- a/php/src/ContainerDefinitionFetcher.php +++ b/php/src/ContainerDefinitionFetcher.php @@ -120,7 +120,7 @@ class ContainerDefinitionFetcher if($value['name'] === '') { continue; } - } elseif ($value['name'] === '%TRUSTED_CACERTS_DIR%') { + } elseif ($value['name'] === '%NEXTCLOUD_TRUSTED_CACERTS_DIR%') { $value['name'] = $this->configurationManager->GetTrustedCacertsDir(); if($value['name'] === '') { continue; diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 45233349..06fc2ce4 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -548,7 +548,7 @@ class ConfigurationManager } public function GetTrustedCacertsDir() : string { - $envVariableName = 'TRUSTED_CACERTS_DIR'; + $envVariableName = 'NEXTCLOUD_TRUSTED_CACERTS_DIR'; $configName = 'trusted_cacerts_dir'; $defaultValue = ''; return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue); diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 59f7602d..ad46dc09 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -314,7 +314,7 @@ class DockerActionManager $replacements[1] = $this->configurationManager->GetNextcloudUploadLimit(); } elseif ($out[1] === 'NEXTCLOUD_MAX_TIME') { $replacements[1] = $this->configurationManager->GetNextcloudMaxTime(); - } elseif ($out[1] === 'TRUSTED_CACERTS_DIR') { + } elseif ($out[1] === 'NEXTCLOUD_TRUSTED_CACERTS_DIR') { $replacements[1] = $this->configurationManager->GetTrustedCacertsDir(); } elseif ($out[1] === 'ADDITIONAL_DIRECTORIES_BACKUP') { if ($this->configurationManager->GetAdditionalBackupDirectoriesString() !== '') { diff --git a/readme.md b/readme.md index e24f8860..9245b2ec 100644 --- a/readme.md +++ b/readme.md @@ -516,9 +516,9 @@ What are the requirements? ### How to trust user-defiend Certification Authorities (CA)? For some applications it might be necessary to enstablish a secured connection to a host / server which is using a certificated issued by a Certification Authority that is not trusted out of the box. An example could be configuring LDAPS against the Domain Controller (ActiveDirectory) of an organization -You can make the Nextcloud container trust any Certification Authority by providing the environmental variable `TRUSTED_CACERTS_DIR` when starting the AIO-mastercontainer. The value of the variables should be set to the absolute path to a directory on the host, which contains one or more Certification Authority's certificate. You should use X.509 certificates, Base64 encoded. (Other formats may work but have not been tested!) All the certificates in the directory will be trusted. +You can make the Nextcloud container trust any Certification Authority by providing the environmental variable `NEXTCLOUD_TRUSTED_CACERTS_DIR` when starting the AIO-mastercontainer. The value of the variables should be set to the absolute path to a directory on the host, which contains one or more Certification Authority's certificate. You should use X.509 certificates, Base64 encoded. (Other formats may work but have not been tested!) All the certificates in the directory will be trusted. -When using `docker run`, the environmental variable can be set with `-e TRUSTED_CACERTS_DIR=/path/to/my/cacerts`. +When using `docker run`, the environmental variable can be set with `-e NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts`. In order for the value to be valid, the path should start with `/` and not end with '/' and point to an existing **directory**. Pointing the variable directly to a certificate **file** will not work and may also break things. diff --git a/tests/QA/060-environmental-variables.md b/tests/QA/060-environmental-variables.md index d3b7ebf4..eeb51178 100644 --- a/tests/QA/060-environmental-variables.md +++ b/tests/QA/060-environmental-variables.md @@ -11,7 +11,7 @@ - [ ] When starting the mastercontainer with `-e NEXTCLOUD_MAX_TIME=4000` it should change Nextclouds upload max time 4000s. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud for allowed values. - [ ] When starting the mastercontainer with `-e DOCKER_SOCKET_PATH="/var/run/docker.sock.raw"` it should map `/var/run/docker.sock.raw` to `/var/run/docker.sock` inside the watchtower container which allow to update the mastercontainer on macos and with docker rootless. - [ ] When starting the mastercontainer with `-e DISABLE_BACKUP_SECTION=true` it should hide the backup section that gets shown after AIO is set up (everything of [020-backup-and-restore](./020-backup-and-restore.md)) and simply show that the backup section is disabled. -- [ ] When starting the mastercontainer with `-e TRUSTED_CACERTS_DIR=/path/to/my/cacerts`, the resulting nextcloud container should trust all the Certification Authorities, whose certificates are included in the directory `/path/to/my/cacerts` on the host. +- [ ] When starting the mastercontainer with `-e NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts`, the resulting nextcloud container should trust all the Certification Authorities, whose certificates are included in the directory `/path/to/my/cacerts` on the host. See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca - [ ] When starting the mastercontainer with `-e COLLABORA_SECCOMP_DISABLED=true`, the resulting collabora container should have `--o:security.seccomp=false` applied to it. - [ ] When starting the mastercontainer with `-e NEXTCLOUD_STARTUP_APPS=deck`, the resulting Nextcloud should have only installed the deck app and not the other apps that get installed by default. Default are `twofactor_totp deck tasks calendar contacts apporder`.