better postinstall apps

2026-03-30 11:10:11 +02:00 · 2026-03-30 11:10:11 +02:00 · 71a8dac389
commit 71a8dac389
parent fb22e9cab4
4 changed files with 302 additions and 4 deletions
--- a/nextcloud/docker-compose.yml
+++ b/nextcloud/docker-compose.yml
@ -1,7 +1,7 @@
 # Nextcloud-Stack
 services:
  nextcloud:
-    image: nextcloud:31.0-fpm
+    image: nextcloud:32-fpm
    container_name: nextcloud
    depends_on:
      - nextcloud-redis
@ -10,6 +10,7 @@ services:
      - NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER:-admin}
      - NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD:-admin}
      - NEXTCLOUD_DEFAULT_PHONE_REGION=DE
+      - NEXTCLOUD_DEFAULT_LANGUAGE=${NEXTCLOUD_DEFAULT_LANGUAGE:-de}
      - ONLYOFFICE_JWT_SECRET=${ONLYOFFICE_JWT_SECRET}
      - POSTGRES_DB=${NEXTCLOUD_DB_NAME}
      - POSTGRES_HOST=${NEXTCLOUD_DB_HOST}
@ -18,6 +19,8 @@ services:
      - OVERWRITEPROTOCOL=https
      - OVERWRITEHOST=${NEXTCLOUD_DOMAIN}
      - REDIS_HOST=nextcloud-redis
+      - TRUSTED_PROXIES=172.22.0.0/16 172.19.0.0/16
+      - COLLABORA_DOMAIN=${COLLABORA_DOMAIN}
    labels:
      - "traefik.enable=false"
    volumes:
@ -61,6 +64,36 @@ services:
      - nextcloud
    restart: unless-stopped

+  collabora:
+    image: collabora/code:latest
+    container_name: nextcloud-collabora
+    environment:
+      - domain=${NEXTCLOUD_DOMAIN}
+      - aliasgroup1=https://${NEXTCLOUD_DOMAIN}:443
+      - username=${COLLABORA_USERNAME}
+      - password=${COLLABORA_PASSWORD}
+      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:welcome.enable=false --o:logging.level=warning
+      - dictionaries=de_DE en_GB en_US
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=traefik"
+      - "traefik.http.routers.collabora.rule=Host(`${COLLABORA_DOMAIN}`)"
+      - "traefik.http.routers.collabora.entrypoints=web,websecure"
+      - "traefik.http.routers.collabora.middlewares=https-redirect"
+      - "traefik.http.routers.collabora.tls=true"
+      - "traefik.http.routers.collabora.tls.certresolver=le"
+      - "traefik.http.services.collabora.loadbalancer.server.port=9980"
+      - "traefik.http.services.collabora.loadbalancer.server.scheme=http"
+    networks:
+      - nextcloud
+      - traefik
+    restart: unless-stopped
+    cap_add:
+      - MKNOD
+      - SYS_ADMIN
+    security_opt:
+      - apparmor:unconfined
+
 volumes:
  nextcloud-data:
    name: nextcloud-data
--- a/nextcloud/hooks/post-installation/install-nextcloud-office.sh
+++ b/nextcloud/hooks/post-installation/install-nextcloud-office.sh
@ -0,0 +1,35 @@
+#!/bin/bash
+set -e
+
+echo "Installing Nextcloud Office (richdocuments) app..."
+php /var/www/html/occ app:install richdocuments
+echo "Nextcloud Office installed successfully!"
+
+echo "Enabling Nextcloud Office..."
+php /var/www/html/occ app:enable richdocuments
+echo "Nextcloud Office enabled successfully!"
+
+echo "Configuring Nextcloud Office with Collabora Online..."
+
+# Set the WOPI URL (Collabora server URL)
+if [ -n "${COLLABORA_DOMAIN}" ]; then
+    echo "Setting WOPI URL to https://${COLLABORA_DOMAIN}"
+    php /var/www/html/occ --no-warnings config:app:set richdocuments wopi_url --value="https://${COLLABORA_DOMAIN}"
+else
+    echo "Warning: COLLABORA_DOMAIN not set, skipping WOPI URL configuration"
+fi
+
+# Disable certificate verification (set to 'yes' only for development/self-signed certs)
+php /var/www/html/occ --no-warnings config:app:set richdocuments disable_certificate_verification --value="no"
+
+# Allow list for WOPI requests (optional, for additional security)
+if [ -n "${COLLABORA_DOMAIN}" ]; then
+    php /var/www/html/occ --no-warnings config:app:set richdocuments wopi_allowlist --value="${COLLABORA_DOMAIN}"
+fi
+
+# Enable the built-in CODE server option (if using built-in Collabora)
+# Uncomment if you want to use the built-in CODE server instead of external Collabora
+# php /var/www/html/occ --no-warnings config:app:set richdocuments use_built_in_code_server --value="yes"
+
+echo "Nextcloud Office configuration completed!"
+echo "Collabora Online should now be available at: https://${COLLABORA_DOMAIN}"
--- a/nextcloud/nextcloud-maintenance.sh
+++ b/nextcloud/nextcloud-maintenance.sh
@ -0,0 +1,226 @@
+#!/bin/bash
+
+# Nextcloud Maintenance Script.
+# This script performs maintenance tasks for Nextcloud.
+
+set -e
+
+# Colors for output.
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color.
+
+CONTAINER_NAME="nextcloud"
+
+# Function to print colored messages.
+printMessage() {
+    local color=$1
+    local message=$2
+    echo -e "${color}${message}${NC}"
+}
+
+# Function to run occ command.
+runOcc() {
+    docker exec -u www-data "$CONTAINER_NAME" php occ "$@"
+}
+
+# Load environment variables.
+loadEnv() {
+  if [ -f "./nextcloud/.env" ]; then
+    source ./nextcloud/.env
+    printMessage "$GREEN" "Loaded Nextcloud environment variables."
+  else
+    printMessage "$RED" "Nextcloud .env file not found!"
+    exit 1
+  fi
+
+  if [ -f "./core/.env" ]; then
+    source ./core/.env
+    printMessage "$GREEN" "Loaded core environment variables."
+  else
+    printMessage "$RED" "Core .env file not found!"
+    exit 1
+  fi
+}
+
+# Function to check if container is running.
+checkContainer() {
+  if ! docker ps | grep -q "$CONTAINER_NAME"; then
+    printMessage "$RED" "Error: Container $CONTAINER_NAME is not running!"
+    exit 1
+  fi
+}
+
+# Function to fix database collation version mismatch.
+fix_database_collation() {
+  printMessage "$YELLOW" "Checking and fixing database collation version..."
+  
+  if docker exec postgres psql -U "${POSTGRES_USER}" -d "${NEXTCLOUD_DB_NAME}" -c "ALTER DATABASE ${NEXTCLOUD_DB_NAME} REFRESH COLLATION VERSION;" 2>&1 | grep -q "ALTER DATABASE"; then
+    printMessage "$GREEN" "Database collation version updated successfully."
+    return 0
+  else
+    printMessage "$YELLOW" "Database collation check completed (may already be up to date)."
+    return 0
+  fi
+}
+
+# Function to check Nextcloud status.
+check_status() {
+  printMessage "$YELLOW" "Checking Nextcloud status..."
+  runOcc status
+  return 0
+}
+
+# Function to scan files.
+scan_files() {
+  if [ -z "$1" ]; then
+    printMessage "$YELLOW" "Scanning all files..."
+    runOcc files:scan --all
+  else
+    printMessage "$YELLOW" "Scanning files for user: $1..."
+    runOcc files:scan "$1"
+  fi
+  return 0
+}
+
+# Function to update Nextcloud.
+update_nextcloud() {
+  printMessage "$YELLOW" "Running database upgrade..."
+  runOcc upgrade
+  return 0
+}
+
+# Function to optimize database.
+optimize_database() {
+  printMessage "$YELLOW" "Optimizing database..."
+  runOcc db:add-missing-indices
+  runOcc db:add-missing-columns
+  runOcc db:add-missing-primary-keys
+  return 0
+}
+
+# Function to run maintenance repair.
+run_repair() {
+  printMessage "$YELLOW" "Running maintenance repair..."
+  runOcc maintenance:repair
+  return 0
+}
+
+# Function to run comprehensive post-update maintenance.
+post_update_maintenance() {
+  checkContainer
+  
+  printMessage "$GREEN" "========================================="
+  printMessage "$GREEN" "Nextcloud Post-Update Maintenance"
+  printMessage "$GREEN" "========================================="
+  echo ""
+
+  printMessage "$YELLOW" "[1/10] Enabling maintenance mode..."
+  runOcc maintenance:mode --on
+
+  printMessage "$YELLOW" "[2/10] Running database upgrade..."
+  runOcc upgrade
+
+  printMessage "$YELLOW" "[3/10] Adding missing database indices..."
+  runOcc db:add-missing-indices
+
+  printMessage "$YELLOW" "[4/10] Adding missing database columns..."
+  runOcc db:add-missing-columns
+
+  printMessage "$YELLOW" "[5/10] Adding missing primary keys..."
+  runOcc db:add-missing-primary-keys
+
+  printMessage "$YELLOW" "[6/10] Converting filecache to big int (if needed)..."
+  runOcc db:convert-filecache-bigint --no-interaction || printMessage "$YELLOW" "Already converted or not needed."
+
+  printMessage "$YELLOW" "[7/10] Updating .htaccess and configuration files..."
+  runOcc maintenance:update:htaccess
+
+  printMessage "$YELLOW" "[8/10] Updating theme..."
+  runOcc maintenance:theme:update
+
+  printMessage "$YELLOW" "[9/10] Running repair steps..."
+  runOcc maintenance:repair
+
+  printMessage "$YELLOW" "[10/10] Disabling maintenance mode..."
+  runOcc maintenance:mode --off
+
+  echo ""
+  printMessage "$GREEN" "========================================="
+  printMessage "$GREEN" "Maintenance completed successfully!"
+  printMessage "$GREEN" "========================================="
+  echo ""
+
+  printMessage "$YELLOW" "System Status:"
+  runOcc status
+
+  echo ""
+  printMessage "$GREEN" "You may want to run background jobs manually:"
+  printMessage "$YELLOW" "  docker exec -u www-data $CONTAINER_NAME php occ background:job:execute"
+}
+
+# Main execution.
+printMessage "$YELLOW" "Running Nextcloud maintenance tasks..."
+
+case "${1:-all}" in
+  collation)
+    loadEnv
+    checkContainer
+    fix_database_collation
+    ;;
+  status)
+    checkContainer
+    check_status
+    ;;
+  scan)
+    checkContainer
+    scan_files "$2"
+    ;;
+  update)
+    checkContainer
+    update_nextcloud
+    ;;
+  optimize)
+    checkContainer
+    optimize_database
+    ;;
+  repair)
+    checkContainer
+    run_repair
+    ;;
+  post-update)
+    loadEnv
+    post_update_maintenance
+    ;;
+  all)
+    loadEnv
+    checkContainer
+    fix_database_collation
+    echo ""
+    check_status
+    echo ""
+    optimize_database
+    echo ""
+    run_repair
+    echo ""
+    printMessage "$YELLOW" "Disabling maintenance mode..."
+    runOcc maintenance:mode --off
+    echo ""
+    printMessage "$GREEN" "All maintenance tasks completed."
+    ;;
+  *)
+    echo "Usage: $0 [collation|status|scan|update|optimize|repair|post-update|all]"
+    echo ""
+    echo "Commands:"
+    echo "  collation   - Fix database collation version mismatch"
+    echo "  status      - Check Nextcloud status"
+    echo "  scan        - Scan files (optionally specify username)"
+    echo "  update      - Update Nextcloud database"
+    echo "  optimize    - Optimize database indices and columns"
+    echo "  repair      - Run maintenance repair"
+    echo "  post-update - Run comprehensive post-update maintenance workflow"
+    echo "  all         - Run all basic maintenance tasks (default)"
+    exit 1
+    ;;
+esac
--- a/nextcloud/reverse-proxy/nginx.conf
+++ b/nextcloud/reverse-proxy/nginx.conf
@ -82,15 +82,15 @@ http {
            # The rules in this block are an adaptation of the rules
            # in `.htaccess` that concern `/.well-known`.

-            location = /.well-known/carddav { return 301 /remote.php/dav; }
-            location = /.well-known/caldav { return 301 /remote.php/dav; }
+            location = /.well-known/carddav { return 301 https://$host/remote.php/dav; }
+            location = /.well-known/caldav { return 301 https://$host/remote.php/dav; }

            location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
            location /.well-known/pki-validation { try_files $uri $uri/ =404; }

            # Let Nextcloud's API for `/.well-known` URIs handle all other
            # requests by passing them to the front-end controller.
-            return 301 /index.php$request_uri;
+            return 301 https://$host/index.php$request_uri;
        }

        location = /robots.txt {
@ -138,6 +138,10 @@ http {
            fastcgi_param PATH_INFO $fastcgi_path_info;
            fastcgi_param HTTPS on;
            fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
+            fastcgi_param HTTP_X_FORWARDED_FOR $proxy_add_x_forwarded_for;
+            fastcgi_param HTTP_X_FORWARDED_PROTO $scheme;
+            fastcgi_param HTTP_X_FORWARDED_HOST $host;
+            fastcgi_param REMOTE_ADDR $remote_addr;
            fastcgi_pass backend;
            fastcgi_intercept_errors on;
        }