all-in-one

mirror of https://github.com/nextcloud/all-in-one.git synced 2024-11-10 17:03:44 +08:00

History

Simon L. 4eadbc93b7 caddy community-container: allow to disable the vaultwarden admin interface Signed-off-by: Simon L. <szaimen@e.mail.de>		2024-07-12 16:53:57 +02:00
..
caddy.json	caddy community-container: allow to disable the vaultwarden admin interface	2024-07-12 16:53:57 +02:00
readme.md	community-containers: Add NocoDB (#4835 )	2024-06-17 13:55:43 +02:00

readme.md

Caddy with geoblocking

This container bundles caddy and auto-configures it for you. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden by listening on bw.$NC_DOMAIN, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart by listening on mail.$NC_DOMAIN, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin by listening on media.$NC_DOMAIN, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap by listening on ldap.$NC_DOMAIN, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb by listening on tables.$NC_DOMAIN, if installed.

Notes

This container is incompatible with the npmplus community container. So make sure that you do not enable both at the same time!
Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with sudo netstat -tulpn | grep 443 before installing AIO.
If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, make sure that you point bw.your-nc-domain.com to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart, make sure that you point mail.your-nc-domain.com to your server using an A, AAAA or CNAME record so that caddy can get a certificate automatically for stalwart.
If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin, make sure that you point media.your-nc-domain.com to your server using a cname record so that caddy can get a certificate automatically for jellyfin.
If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap, make sure that you point ldap.your-nc-domain.com to your server using a cname record so that caddy can get a certificate automatically for lldap.
If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb, make sure that you point tables.your-nc-domain.com to your server using a cname record so that caddy can get a certificate automatically for nocodb.
After the container was started the first time, you should see a new nextcloud-aio-caddy folder and inside there an allowed-countries.txt file when you open the files app with the default admin user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. IT FR would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the GeoLite2-Country.mmdb and upload it with this exact name into the nextcloud-aio-caddy folder. Afterwards restart all containers from the AIO interface and your new config should be active!
You can add your own Caddy configurations in /data/caddy-imports/ inside the Caddy container (sudo docker exec -it nextcloud-aio-caddy bash). These will be imported on container startup.
See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack

Repository

https://github.com/szaimen/aio-caddy

Maintainer

https://github.com/szaimen