Scott.Idem/OSIT-AE-Docker-Env
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Cleaning up old legacy files. Sorry, no more Flask.

Browse Source
This commit is contained in:
Scott Idem
2026-03-24 15:51:44 -04:00
parent 8c9d263afb
commit 0d81958bfc
25 changed files with 2 additions and 1600 deletions
Download Patch File Download Diff File Expand all files Collapse all files

105
conf/aether_api_v5_fastapi_config.py
View File

@@ -1,105 +0,0 @@
# Configuration file for this FastAPI app.
import os
from pydantic import AnyHttpUrl, BaseSettings, EmailStr, HttpUrl, PostgresDsn, validator
from typing import Any, Dict, List, Optional, Union
# ### ### #
class Settings(BaseSettings):
AETHER_CFG = {}
AETHER_CFG['id'] = os.getenv('AE_CFG_ID', None)
# AETHER_CFG['api_id'] = os.getenv('AE_API_CFG_ID', None) # NOT CURRENTLY NEED OR USED
JWT_KEY = 'EHmSXZFKfMEW65E8kxCKmQ' # 22 characters; super secret Aether JWT signing key
# APP_NAME: str = "Aether API (FastAPI)"
# SUPER_EMAIL: EmailStr = 'Aether.Super@oneskyit.com'
# Database Connection
DB = {}
DB['server'] = os.getenv('AE_DB_V5_SERVER', 'mariadb') # 'linode.oneskyit.com' # linode.oneskyit.com, vpn-linode linode.oneskyit.local
DB['port'] = os.getenv('AE_DB_V5_PORT', '3306') # default = 3306
DB['name'] = os.getenv('AE_DB_V5_NAME', None) # 'aether_dev' #onesky_ams_dev
DB['username'] = os.getenv('AE_DB_V5_USERNAME', None) # 'osit_aether' # 'onesky_aether'
DB['password'] = os.getenv('AE_DB_V5_PASSWORD', None) #
SQLALCHEMY_DB_URI = 'mysql://'+DB['username']+':'+DB['password']+'@'+DB['server']+'/'+DB['name']
# Aether API log files paths
LOG_PATH = {}
LOG_PATH['app'] = os.getenv('AE_API_V5_LOG_PATH', 'admin/log/app.log') # 'admin/log/app.log', '../../logs/aether_api.log'
# LOG_PATH['app_warning'] = '/logs/aether_api_warning.log' # 'admin/log/app_warning.log' '../../logs/aether_api_warning.log'
# Redis
REDIS = {}
REDIS['server'] = os.getenv('AE_REDIS_SERVER', 'redis') # 'localhost' 'redis'
REDIS['port'] = os.getenv('AE_REDIS_PORT', '6379') # '6379'
# Send SMTP Email
SMTP = {}
# server
# port
# username
# password
# Server Hosted File Paths
FILES_PATH = {}
# hosted_files_root
# hosted_tmp_root
# CORS Origins
ORIGINS_REGEX = '(https://.*\.oneskyit\.com)|(http://.*\.oneskyit\.com)|(https://.*\.oneskyit\.com:4443)|(http://.*\.oneskyit\.com:8080)|(http://.*\.oneskyit\.com:8181)|(https://.*\.oneskyit\.com:8443)|(http://.*\.oneskyit\.local)|(http://.*\.oneskyit\.local:5000)|(http://.*.localhost)|(http://.*.localhost:5000)|(http://.*.localhost:8181)'
# A reasonable, but fairly open example regular expression for the CORS origins:
# '(https://.*\.oneskyit\.com)|(http://.*\.oneskyit\.com)|(http://.*\.oneskyit\.com:8181)|(https://.*\.oneskyit\.com:8443)|(http://.*\.oneskyit\.local)|(http://.*\.oneskyit\.local:5000)|(http://.*.localhost)|(http://.*.localhost:5000)|(http://.*.localhost:8181)'
ORIGINS = [
'https://oneskyit.com',
# 'http://app-local.oneskyit.com',
'http://192.168.32.20:3000',
'http://192.168.32.20:8080',
'http://localhost',
'http://localhost:3000',
# 'http://localhost:5000',
'http://localhost:7800',
# 'http://localhost:8080',
# 'http://localhost:8888',
# 'http://fastapi.localhost',
'http://svelte.oneskyit.local:5555',
# 'http://connect.localhost:5000', # Using localhost
# 'http://dev-svelte.oneskyit.local:5555',
# 'http://lci.internal:5000', # Using internal; just in case guess before LCI
# 'http://lci.oneskyit.internal:5000', # Using internal; just in case guess before LCI
# 'http://lci.oneskyit.internal', # Using internal; just in case guess before LCI
]
# HTTP Status Dict List
HTTP_STATUS_LI = {}
# HTTP_STATUS_LI[200] = { 'name': 'OK', 'message': 'The request has succeeded.' }
# HTTP_STATUS_LI[400] = { 'name': 'Bad Request', 'message': 'The request could not be understood by the server due to malformed syntax. The client SHOULD NOT repeat the request without modifications.' }
# HTTP_STATUS_LI[401] = { 'name': 'Unauthorized', 'message': 'The server could not verify that you are authorized to access the URL requested. You either supplied the wrong credentials (e.g. a bad password), or your browser does not understand how to supply the credentials required.' }
# HTTP_STATUS_LI[402] = { 'name': '?Request Failed?', 'message': '??The parameters were valid but the request failed.??' }
# HTTP_STATUS_LI[403] = { 'name': 'Forbidden', 'message': 'The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. If the server does not wish to make this information available to the client, the status code 404 (Not Found) can be used instead.' }
# HTTP_STATUS_LI[404] = { 'name': 'Not Found', 'message': 'The requested resource does not exist.' }
# HTTP_STATUS_LI[409] = { 'name': 'Conflict', 'message': 'The request conflicts with another request (perhaps due to using the same idempotent key).' }
# HTTP_STATUS_LI[429] = { 'name': 'Too Many Requests', 'message': 'Too many requests hit the API too quickly. We recommend an exponential backoff of your requests.' }
# HTTP_STATUS_LI[500] = { 'name': 'Internal Server Error', 'message': 'The server encountered an unexpected condition which prevented it from fulfilling the request.' }
# HTTP_STATUS_LI[501] = { 'name': 'Not Implemented', 'message': 'The server does not support the functionality required to fulfill the request. This is the appropriate response when the server does not recognize the request method and is not capable of supporting it for any resource.' }
# HTTP_STATUS_LI[502] = { 'name': 'Bad Gateway', 'message': 'The server, while acting as a gateway or proxy, received an invalid response from the upstream server it accessed in attempting to fulfill the request.' }
# HTTP_STATUS_LI[503] = { 'name': 'Service Unavailable', 'message': 'The server is currently unable to handle the request due to a temporary overloading or maintenance of the server. The implication is that this is a temporary condition which will be alleviated after some delay. If known, the length of the delay MAY be indicated in a Retry-After header. If no Retry-After is given, the client SHOULD handle the response as it would for a 500 response.' }
# HTTP_STATUS_LI[504] = { 'name': 'Gateway Timeout', 'message': 'The server, while acting as a gateway or proxy, did not receive a timely response from the upstream server specified by the URI (e.g. HTTP, FTP, LDAP) or some other auxiliary server (e.g. DNS) it needed to access in attempting to complete the request.' }
settings = Settings()

46
conf/aether_api_v5_fastapi_gunicorn_conf.py
View File

@@ -1,46 +0,0 @@
import os
# Gunicorn config variables
loglevel = "debug"
accesslog = "/logs/gunicorn_access.log" # "-" # stdout
errorlog = "/logs/gunicorn_error.log" # "-" # stderr
# "logfile" does not seem to actually do anything
# logfile = "/logs/gunicorn.log" # "-" # stderr
# Disable control socket to prevent permission issues on volume mounts
control_socket = None
bind = "0.0.0.0:5005"
# bind = "unix:/tmp/gunicorn.sock"
worker_tmp_dir = "/dev/shm"
chdir = "/srv/aether_api"
# home = /path/to/environment
wsgi_app = "app.main:app"
# module = "run_server"
# callable = "app"
# plugins = "python"
# default_proc_name = "app.main:app"
# Setting a long timeout since some FastAPI API requests may take a while
timeout = 2100 # default 30; 1200 is NOT enough; worker process silent then kill and restart
graceful_timeout = 10 # default 30; timeout after restart signal
keepalive = 2 # default 2; setting higher because behind load balancer (nginx)
# Reload does not work correctly with UvicornWorker
# https://github.com/benoitc/gunicorn/issues/2339
# Disable reload if using more than one thread
##### reload = True
# reload_engine = "poll"
worker_class = "uvicorn.workers.UvicornWorker" # default "sync"
# Works are processes, not threads
# workers = 9 # default 1; use 10ish for production; 2 to 4 times the number of cores
# threads = 1 # default 1; only affects Gthread worker type
workers = os.getenv('AE_API_WORKERS', 2)
threads = os.getenv('AE_API_THREADS', 2)
# umask = '007'

63
conf/aether_api_v5_fastapi_requirements.txt
View File

@@ -1,63 +0,0 @@
# aioredis # BAD! Not maintained!
anyio
argon2-cffi
argon2-cffi-bindings
asgiref
async-timeout
certifi
cffi
charset-normalizer
click
Deprecated
dnspython
email-validator
et-xmlfile
fastapi
greenlet
gunicorn
h11
html2text
httpcore
httptools
httpx
idna
itsdangerous
Jinja2
MarkupSafe
mysqlclient
numpy
openpyxl
orjson
packaging
pandas
passlib
pdf2image
Pillow
pycparser
pydantic
PyJWT
pyparsing
python-dateutil
python-dotenv
python-multipart
pytz
PyYAML
qrcode
redis[hiredis]
requests
rfc3986
six
sniffio
SQLAlchemy==1.4.47 # 1.4.47 is the newest I am working with
starlette
stripe
typing_extensions
ujson
urllib3
uvicorn
uvloop
watchfiles
watchgod
websockets
wrapt
xlrd

67
conf/aether_fastapi_requirements_[freeze_2024-04-26_1240_fastapi110].txt
View File

@@ -1,67 +0,0 @@
aiofiles==23.2.1
anyio==3.7.1
argon2-cffi==23.1.0
argon2-cffi-bindings==21.2.0
async-timeout==4.0.3
baize==0.20.8
certifi==2024.2.2
cffi==1.16.0
charset-normalizer==3.3.2
click==8.1.7
Deprecated==1.2.14
dnspython==2.6.1
email_validator==2.1.1
et-xmlfile==1.1.0
fastapi==0.110.2
greenlet==3.0.3
gunicorn==21.2.0
h11==0.14.0
hiredis==2.3.2
html2text==2024.2.26
httpcore==1.0.5
httptools==0.6.1
httpx==0.27.0
idna==3.7
itsdangerous==2.2.0
Jinja2==3.1.3
MarkupSafe==2.1.5
mysqlclient==2.2.4
numpy==1.26.4
openpyxl==3.1.2
orjson==3.10.1
packaging==24.0
pandas==2.2.2
passlib==1.7.4
pdf2image==1.17.0
pillow==10.3.0
pycparser==2.22
pydantic==1.10.15
PyJWT==2.8.0
pyparsing==3.1.2
pypng==0.20220715.0
python-dateutil==2.9.0.post0
python-dotenv==1.0.1
python-multipart==0.0.9
pytz==2024.1
PyYAML==6.0.1
qrcode==7.4.2
redis==5.0.4
requests==2.31.0
rfc3986==2.0.0
six==1.16.0
sniffio==1.3.1
SQLAlchemy==1.4.52
starlette==0.37.2
stripe==9.4.0
typing_extensions==4.11.0
tzdata==2024.1
ujson==5.9.0
urllib3==2.2.1
uvicorn==0.20.0
uvloop==0.19.0
Wand==0.6.13
watchfiles==0.21.0
watchgod==0.8.2
websockets==12.0
wrapt==1.16.0
xlrd==2.0.1

59
conf/aether_flask_gunicorn_conf.py
View File

@@ -1,59 +0,0 @@
import os
# Gunicorn config variables
loglevel = os.getenv('AE_LOG_LVL', 'warning')
# accesslog = "/logs/gunicorn_access.log" # "-" # stdout
errorlog = "/logs/gunicorn_error.log" # "-" # stderr
# "logfile" does not seem to actually do anything
# logfile = "/logs/gunicorn.log" # "-" # stderr
bind = "0.0.0.0:5005"
# bind = "unix:/tmp/gunicorn.sock"
worker_tmp_dir = "/dev/shm"
chdir = "/srv/aether_app"
# home = /path/to/environment
wsgi_app = "run_server:app"
# module = "run_server"
# callable = "app"
# plugins = "python"
# default_proc_name = "run_server:app"
# Setting a longer timeout since some Flask app requests may take a while
timeout = os.getenv('AE_APP_GUNICORN_TIMEOUT', 1200) # default 30; worker process silent then kill and restart
graceful_timeout = os.getenv('AE_APP_GUNICORN_GRACEFUL_TIMEOUT', 20)
keepalive = os.getenv('AE_APP_GUNICORN_KEEPALIVE', 300) # default 2; setting higher because behind load balancer (nginx)
# Disable reload if using more than one thread
reload = True
# worker_class = "sync" # default "sync"
# Works are processes, not threads
# workers = 9 # default 1; use 10ish for production; 2 to 4 times the number of cores
# threads = 1 # default 1; only affects Gthread worker type
workers = os.getenv('AE_APP_GUNICORN_WORKERS', 2)
threads = os.getenv('AE_APP_GUNICORN_THREADS', 2)
# umask = '007'
# capture_output = True
# default_proc_name = "run_server:app"
# worker_class = "worker_class"
## From FastAPI for reference
# --bind unix:/home/scott/OSIT_dev/aether_api_fastapi/gunicorn.sock
# --umask 007 app.main:app
# --workers 2
# --worker-class uvicorn.workers.UvicornWorker
# --log-level debug
# --access-logfile admin/log/access.log
# --error-logfile admin/log/error.log
# --log-file admin/log/log.log
# --capture-output
# --keep-alive 5
# --reload

41
conf/aether_flask_requirements.txt
View File

@@ -1,41 +0,0 @@
# Updated manually 2023-09-12 with a lot of trial and error.
# A few are commented out even though they are actually used and required. Other packages already pull them in.
argon2-cffi>=23.1.0 # Must keep
click>=8.1.7 # Must keep???
Deprecated>=1.2.14
# Flask 2.0.3 works; 2.1.3 works except for changes related to send_file and send_directory; 2.2.5 does not yet work
Flask==2.1.3 # Must keep; 2.2.5 seems ok as of 2023-10-19 but needs more testing
Flask-Caching>=2.0.2
Flask-Cors>=4.0.0
Flask-MySQLdb>=1.0.1
Flask-SocketIO>=5.3.6
Flask-SQLAlchemy>=2.5.1
gunicorn>=21.2.0
html2text>=2020.1.16
# itsdangerous>=2.1.2
Jinja2>=3.1.2
# MarkupSafe>=2.1.3
# mysqlclient>=2.2.0
numpy>=1.25.2
pandas>=2.1.0
passlib>=1.7.4
Pillow>=10.0.0
pydantic>=2.3.0
python-dateutil>=2.8.2
python-engineio>=4.3.0
python-socketio>=5.5.0
pytz>=2023.3.post1
qrcode>=7.4.2
redis>=5.0.0
requests==2.28.1 # version 2.31.0 does not work?
# six>=1.16.0
SQLAlchemy>=2.0.20 # Must keep
stripe==5.0.0 # version 6.4.0 exists 2023-09-12
types-pytz>=2023.3.0.1
types-requests>=2.31.0.2
types-urllib3>=1.26.25.14
typing_extensions>=4.7.1
# urllib3>=1.26.16
Werkzeug==2.3.7 # hold off on upgrading to 3.x versions; Werkzeug 2.3.7 works with Flask 2.1.3; 2.3.8 should be out late 2023
xmltodict>=0.13.0 # Must keep

40
conf/aether_flask_requirements_current.txt
View File

@@ -1,40 +0,0 @@
# Updated manually 2023-09-12 with a lot of trial and error.
# A few are commented out even though they are actually used and required. Other packages already pull them in.
argon2-cffi>=23.1.0 # Must keep
click>=8.1.7 # Must keep???
Deprecated>=1.2.14
Flask==2.0.3 # Must keep
Flask-Caching>=2.0.2
Flask-Cors>=4.0.0
Flask-MySQLdb>=1.0.1
Flask-SocketIO>=5.3.6
Flask-SQLAlchemy>=2.5.1
gunicorn>=21.2.0
html2text>=2020.1.16
# itsdangerous>=2.1.2
Jinja2>=3.1.2
# MarkupSafe>=2.1.3
# mysqlclient>=2.2.0
numpy>=1.25.2
pandas>=2.1.0
passlib>=1.7.4
Pillow>=10.0.0
pydantic>=2.3.0
python-dateutil>=2.8.2
python-engineio>=4.3.0
python-socketio>=5.5.0
pytz>=2023.3.post1
qrcode>=7.4.2
redis>=5.0.0
requests==2.28.1 # version 2.31.0 does not work?
# six>=1.16.0
SQLAlchemy>=2.0.20 # Must keep
stripe==5.0.0 # version 6.4.0 exists 2023-09-12
types-pytz>=2023.3.0.1
types-requests>=2.31.0.2
types-urllib3>=1.26.25.14
typing_extensions>=4.7.1
# urllib3>=1.26.16
Werkzeug>=2.3.7
xmltodict>=0.13.0 # Must keep

151
conf/nextcloud/Dockerfile
View File

@@ -1,151 +0,0 @@
# DO NOT EDIT: created by update.sh from Dockerfile-debian.template
FROM php:8.1-fpm-bullseye
# entrypoint.sh and cron.sh dependencies
RUN set -ex; \
\
apt-get update; \
apt-get install -y --no-install-recommends \
rsync \
bzip2 \
busybox-static \
libldap-common \
libmagickcore-6.q16-6-extra \
; \
rm -rf /var/lib/apt/lists/*; \
\
mkdir -p /var/spool/cron/crontabs; \
echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
# install the PHP extensions we need
# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
ENV PHP_MEMORY_LIMIT 512M
ENV PHP_UPLOAD_LIMIT 512M
RUN set -ex; \
\
savedAptMark="$(apt-mark showmanual)"; \
\
apt-get update; \
apt-get install -y --no-install-recommends \
libcurl4-openssl-dev \
libevent-dev \
libfreetype6-dev \
libicu-dev \
libjpeg-dev \
libldap2-dev \
libmcrypt-dev \
libmemcached-dev \
libpng-dev \
libpq-dev \
libxml2-dev \
libmagickwand-dev \
libzip-dev \
libwebp-dev \
libgmp-dev \
; \
\
debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \
docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \
docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \
docker-php-ext-install -j "$(nproc)" \
bcmath \
exif \
gd \
intl \
ldap \
opcache \
pcntl \
pdo_mysql \
pdo_pgsql \
zip \
gmp \
; \
\
# pecl will claim success even if one install fails, so we need to perform each install separately
pecl install APCu-5.1.22; \
pecl install memcached-3.2.0; \
pecl install redis-5.3.7; \
pecl install imagick-3.7.0; \
\
docker-php-ext-enable \
apcu \
memcached \
redis \
imagick \
; \
rm -r /tmp/pear; \
\
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
apt-mark auto '.*' > /dev/null; \
apt-mark manual $savedAptMark; \
ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
| awk '/=>/ { print $3 }' \
| sort -u \
| xargs -r dpkg-query -S \
| cut -d: -f1 \
| sort -u \
| xargs -rt apt-mark manual; \
\
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
rm -rf /var/lib/apt/lists/*
# set recommended PHP.ini settings
# see https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache
RUN { \
echo 'opcache.enable=1'; \
echo 'opcache.interned_strings_buffer=16'; \
echo 'opcache.max_accelerated_files=10000'; \
echo 'opcache.memory_consumption=128'; \
echo 'opcache.save_comments=1'; \
echo 'opcache.revalidate_freq=60'; \
} > "${PHP_INI_DIR}/conf.d/opcache-recommended.ini"; \
\
echo 'apc.enable_cli=1' >> "${PHP_INI_DIR}/conf.d/docker-php-ext-apcu.ini"; \
\
{ \
echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \
echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \
echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \
} > "${PHP_INI_DIR}/conf.d/nextcloud.ini"; \
\
mkdir /var/www/data; \
chown -R www-data:root /var/www; \
chmod -R g=u /var/www
VOLUME /var/www/html
ENV NEXTCLOUD_VERSION 25.0.2
RUN set -ex; \
fetchDeps=" \
gnupg \
dirmngr \
"; \
apt-get update; \
apt-get install -y --no-install-recommends $fetchDeps; \
\
curl -fsSL -o nextcloud.tar.bz2 \
"https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \
curl -fsSL -o nextcloud.tar.bz2.asc \
"https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \
export GNUPGHOME="$(mktemp -d)"; \
# gpg key from https://nextcloud.com/nextcloud.asc
gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
gpgconf --kill all; \
rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \
mkdir -p /usr/src/nextcloud/data; \
mkdir -p /usr/src/nextcloud/custom_apps; \
chmod +x /usr/src/nextcloud/occ; \
\
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
rm -rf /var/lib/apt/lists/*
COPY *.sh upgrade.exclude /
COPY config/* /usr/src/nextcloud/config/
ENTRYPOINT ["/entrypoint.sh"]
CMD ["php-fpm"]

4
conf/nextcloud/config/apcu.config.php
View File

@@ -1,4 +0,0 @@
<?php
$CONFIG = array (
'memcache.local' => '\OC\Memcache\APCu',
);

15
conf/nextcloud/config/apps.config.php
View File

@@ -1,15 +0,0 @@
<?php
$CONFIG = array (
'apps_paths' => array (
0 => array (
'path' => OC::$SERVERROOT.'/apps',
'url' => '/apps',
'writable' => false,
),
1 => array (
'path' => OC::$SERVERROOT.'/custom_apps',
'url' => '/custom_apps',
'writable' => true,
),
),
);

41
conf/nextcloud/config/autoconfig.php
View File

@@ -1,41 +0,0 @@
<?php
$autoconfig_enabled = false;
if (getenv('SQLITE_DATABASE')) {
$AUTOCONFIG['dbtype'] = 'sqlite';
$AUTOCONFIG['dbname'] = getenv('SQLITE_DATABASE');
$autoconfig_enabled = true;
} elseif (getenv('MYSQL_DATABASE_FILE') && getenv('MYSQL_USER_FILE') && getenv('MYSQL_PASSWORD_FILE') && getenv('MYSQL_HOST')) {
$AUTOCONFIG['dbtype'] = 'mysql';
$AUTOCONFIG['dbname'] = trim(file_get_contents(getenv('MYSQL_DATABASE_FILE')));
$AUTOCONFIG['dbuser'] = trim(file_get_contents(getenv('MYSQL_USER_FILE')));
$AUTOCONFIG['dbpass'] = trim(file_get_contents(getenv('MYSQL_PASSWORD_FILE')));
$AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST');
$autoconfig_enabled = true;
} elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) {
$AUTOCONFIG['dbtype'] = 'mysql';
$AUTOCONFIG['dbname'] = getenv('MYSQL_DATABASE');
$AUTOCONFIG['dbuser'] = getenv('MYSQL_USER');
$AUTOCONFIG['dbpass'] = getenv('MYSQL_PASSWORD');
$AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST');
$autoconfig_enabled = true;
} elseif (getenv('POSTGRES_DB_FILE') && getenv('POSTGRES_USER_FILE') && getenv('POSTGRES_PASSWORD_FILE') && getenv('POSTGRES_HOST')) {
$AUTOCONFIG['dbtype'] = 'pgsql';
$AUTOCONFIG['dbname'] = trim(file_get_contents(getenv('POSTGRES_DB_FILE')));
$AUTOCONFIG['dbuser'] = trim(file_get_contents(getenv('POSTGRES_USER_FILE')));
$AUTOCONFIG['dbpass'] = trim(file_get_contents(getenv('POSTGRES_PASSWORD_FILE')));
$AUTOCONFIG['dbhost'] = getenv('POSTGRES_HOST');
$autoconfig_enabled = true;
} elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) {
$AUTOCONFIG['dbtype'] = 'pgsql';
$AUTOCONFIG['dbname'] = getenv('POSTGRES_DB');
$AUTOCONFIG['dbuser'] = getenv('POSTGRES_USER');
$AUTOCONFIG['dbpass'] = getenv('POSTGRES_PASSWORD');
$AUTOCONFIG['dbhost'] = getenv('POSTGRES_HOST');
$autoconfig_enabled = true;
}
if ($autoconfig_enabled) {
$AUTOCONFIG['directory'] = getenv('NEXTCLOUD_DATA_DIR') ?: '/var/www/html/data';
}

17
conf/nextcloud/config/redis.config.php
View File

@@ -1,17 +0,0 @@
<?php
if (getenv('REDIS_HOST')) {
$CONFIG = array(
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => getenv('REDIS_HOST'),
'password' => (string) getenv('REDIS_HOST_PASSWORD'),
),
);
if (getenv('REDIS_HOST_PORT') !== false) {
$CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
} elseif (getenv('REDIS_HOST')[0] != '/') {
$CONFIG['redis']['port'] = 6379;
}
}

30
conf/nextcloud/config/reverse-proxy.config.php
View File

@@ -1,30 +0,0 @@
<?php
$overwriteHost = getenv('OVERWRITEHOST');
if ($overwriteHost) {
$CONFIG['overwritehost'] = $overwriteHost;
}
$overwriteProtocol = getenv('OVERWRITEPROTOCOL');
if ($overwriteProtocol) {
$CONFIG['overwriteprotocol'] = $overwriteProtocol;
}
$overwriteCliUrl = getenv('OVERWRITECLIURL');
if ($overwriteCliUrl) {
$CONFIG['overwrite.cli.url'] = $overwriteCliUrl;
}
$overwriteWebRoot = getenv('OVERWRITEWEBROOT');
if ($overwriteWebRoot) {
$CONFIG['overwritewebroot'] = $overwriteWebRoot;
}
$overwriteCondAddr = getenv('OVERWRITECONDADDR');
if ($overwriteCondAddr) {
$CONFIG['overwritecondaddr'] = $overwriteCondAddr;
}
$trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) {
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
}

27
conf/nextcloud/config/s3.config.php
View File

@@ -1,27 +0,0 @@
<?php
if (getenv('OBJECTSTORE_S3_BUCKET')) {
$use_ssl = getenv('OBJECTSTORE_S3_SSL');
$use_path = getenv('OBJECTSTORE_S3_USEPATH_STYLE');
$use_legacyauth = getenv('OBJECTSTORE_S3_LEGACYAUTH');
$autocreate = getenv('OBJECTSTORE_S3_AUTOCREATE');
$CONFIG = array(
'objectstore' => array(
'class' => '\OC\Files\ObjectStore\S3',
'arguments' => array(
'bucket' => getenv('OBJECTSTORE_S3_BUCKET'),
'key' => getenv('OBJECTSTORE_S3_KEY') ?: '',
'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '',
'region' => getenv('OBJECTSTORE_S3_REGION') ?: '',
'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '',
'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true,
'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true,
// required for some non Amazon S3 implementations
'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
// required for older protocol versions
'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false'
)
)
);
}

22
conf/nextcloud/config/smtp.config.php
View File

@@ -1,22 +0,0 @@
<?php
if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) {
$CONFIG = array (
'mail_smtpmode' => 'smtp',
'mail_smtphost' => getenv('SMTP_HOST'),
'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))),
'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
'mail_smtpname' => getenv('SMTP_NAME') ?: '',
'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
'mail_domain' => getenv('MAIL_DOMAIN'),
);
if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) {
$CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE')));
} elseif (getenv('SMTP_PASSWORD')) {
$CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');
} else {
$CONFIG['mail_smtppassword'] = '';
}
}

31
conf/nextcloud/config/swift.config.php
View File

@@ -1,31 +0,0 @@
<?php
if (getenv('OBJECTSTORE_SWIFT_URL')) {
$autocreate = getenv('OBJECTSTORE_SWIFT_AUTOCREATE');
$CONFIG = array(
'objectstore' => [
'class' => 'OC\\Files\\ObjectStore\\Swift',
'arguments' => [
'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false',
'user' => [
'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'),
'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'),
'domain' => [
'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default',
],
],
'scope' => [
'project' => [
'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'),
'domain' => [
'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default',
],
],
],
'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift',
'region' => getenv('OBJECTSTORE_SWIFT_REGION'),
'url' => getenv('OBJECTSTORE_SWIFT_URL'),
'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'),
]
]
);
}

4
conf/nextcloud/cron.sh
View File

@@ -1,4 +0,0 @@
#!/bin/sh
set -eu
exec busybox crond -f -l 0 -L /dev/stdout

250
conf/nextcloud/entrypoint.sh
View File

@@ -1,250 +0,0 @@
#!/bin/sh
set -eu
# version_greater A B returns whether A > B
version_greater() {
[ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
}
# return true if specified directory is empty
directory_empty() {
[ -z "$(ls -A "$1/")" ]
}
run_as() {
if [ "$(id -u)" = 0 ]; then
su -p "$user" -s /bin/sh -c "$1"
else
sh -c "$1"
fi
}
# usage: file_env VAR [DEFAULT]
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
if [ -n "${varValue}" ]; then
export "$var"="${varValue}"
elif [ -n "${fileVarValue}" ]; then
export "$var"="$(cat "${fileVarValue}")"
elif [ -n "${def}" ]; then
export "$var"="$def"
fi
unset "$fileVar"
}
if expr "$1" : "apache" 1>/dev/null; then
if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then
a2disconf remoteip
fi
fi
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
uid="$(id -u)"
gid="$(id -g)"
if [ "$uid" = '0' ]; then
case "$1" in
apache2*)
user="${APACHE_RUN_USER:-http}"
group="${APACHE_RUN_GROUP:-http}"
# strip off any '#' symbol ('#1000' is valid syntax for Apache)
user="${user#'#'}"
group="${group#'#'}"
;;
*) # php-fpm
user='http'
group='http'
;;
esac
else
user="$uid"
group="$gid"
fi
if [ -n "${REDIS_HOST+x}" ]; then
echo "Configuring Redis as session handler"
{
file_env REDIS_HOST_PASSWORD
echo 'session.save_handler = redis'
# check if redis host is an unix socket path
if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then
if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
else
echo "session.save_path = \"unix://${REDIS_HOST}\""
fi
# check if redis password has been set
elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
else
echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
fi
echo "redis.session.locking_enabled = 1"
echo "redis.session.lock_retries = -1"
# redis.session.lock_wait_time is specified in microseconds.
# Wait 10ms before retrying the lock rather than the default 2ms.
echo "redis.session.lock_wait_time = 10000"
} > /usr/local/etc/php/conf.d/redis-session.ini
fi
installed_version="0.0.0.0"
if [ -f /var/www/html/version.php ]; then
# shellcheck disable=SC2016
installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
fi
# shellcheck disable=SC2016
image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
if version_greater "$installed_version" "$image_version"; then
echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
exit 1
fi
if version_greater "$image_version" "$installed_version"; then
echo "Initializing nextcloud $image_version ..."
if [ "$installed_version" != "0.0.0.0" ]; then
echo "Upgrading nextcloud from $installed_version ..."
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
fi
if [ "$(id -u)" = 0 ]; then
rsync_options="-rlDog --chown $user:$group"
else
rsync_options="-rlD"
fi
# If another process is syncing the html folder, wait for
# it to be done, then escape initalization.
# You need to define the NEXTCLOUD_INIT_LOCK environment variable
lock=/var/www/html/nextcloud-init-sync.lock
count=0
limit=10
if [ -f "$lock" ] && [ -n "${NEXTCLOUD_INIT_LOCK+x}" ]; then
until [ ! -f "$lock" ] || [ "$count" -gt "$limit" ]
do
count=$((count+1))
wait=$((count*10))
echo "Another process is initializing Nextcloud. Waiting $wait seconds..."
sleep $wait
done
if [ "$count" -gt "$limit" ]; then
echo "Timeout while waiting for an ongoing initialization"
exit 1
fi
echo "The other process is done, assuming complete initialization"
else
# Prevent multiple images syncing simultaneously
touch $lock
rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/
for dir in config data custom_apps themes; do
if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
fi
done
rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
# Install
if [ "$installed_version" = "0.0.0.0" ]; then
echo "New nextcloud instance"
file_env NEXTCLOUD_ADMIN_PASSWORD
file_env NEXTCLOUD_ADMIN_USER
if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
# shellcheck disable=SC2016
install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then
# shellcheck disable=SC2016
install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"'
fi
file_env MYSQL_DATABASE
file_env MYSQL_PASSWORD
file_env MYSQL_USER
file_env POSTGRES_DB
file_env POSTGRES_PASSWORD
file_env POSTGRES_USER
install=false
if [ -n "${SQLITE_DATABASE+x}" ]; then
echo "Installing with SQLite database"
# shellcheck disable=SC2016
install_options=$install_options' --database-name "$SQLITE_DATABASE"'
install=true
elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then
echo "Installing with MySQL database"
# shellcheck disable=SC2016
install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"'
install=true
elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then
echo "Installing with PostgreSQL database"
# shellcheck disable=SC2016
install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"'
install=true
fi
if [ "$install" = true ]; then
echo "Starting nextcloud installation"
max_retries=10
try=0
until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ]
do
echo "Retrying install..."
try=$((try+1))
sleep 10s
done
if [ "$try" -gt "$max_retries" ]; then
echo "Installing of nextcloud failed!"
exit 1
fi
if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
echo "Setting trusted domains…"
NC_TRUSTED_DOMAIN_IDX=1
for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1))
done
fi
else
echo "Please run the web-based installer on first connect!"
fi
fi
# Upgrade
else
run_as 'php /var/www/html/occ upgrade'
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
echo "The following apps have been disabled:"
diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
rm -f /tmp/list_before /tmp/list_after
fi
# Initialization done, reset lock
rm $lock
echo "Initializing finished"
fi
fi
# Update htaccess after init if requested
if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then
run_as 'php /var/www/html/occ maintenance:update:htaccess'
fi
fi
exec "$@"

6
conf/nextcloud/upgrade.exclude
View File

@@ -1,6 +0,0 @@
/config/
/data/
/custom_apps/
/themes/
/version.php
/nextcloud-init-sync.lock

20
conf/nginx/site-enabled_aether-mailman2.conf
View File

@@ -1,20 +0,0 @@
server {
listen 80;
listen [::]:80;
server_name mailman2-oneskyit.localhost mailman2.oneskyit.com;
access_log /logs/nginx/access_oneskyit_mailman2.log;
index index.php;
location / {
proxy_pass http://mailman2:80;
proxy_pass_header Content-Type;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; # allow websockets
proxy_pass_header Connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
}
}

196
conf/nginx/site-enabled_aether-nextcloud.conf
View File

@@ -1,196 +0,0 @@
upstream php-handler {
server nextcloud25:9000;
# server unix:/var/run/php/php7.4-fpm.sock;
}
# Set the `immutable` cache control options only for assets with a cache busting `v` argument
map $arg_v $asset_immutable {
"" "";
default "immutable";
}
server {
listen 80;
listen [::]:80;
server_name nextcloud.oneskyit.com;
# Prevent nginx HTTP Server Detection
server_tokens off;
# Enforce HTTPS
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_name nextcloud.oneskyit.com;
access_log /logs/nginx/access_oneskyit_nextcloud.log;
# Path to the root of your installation
# root /srv/nextcloud;
root /var/www/html;
# Use Mozilla's guidelines for SSL/TLS settings
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
# ssl_certificate /etc/ssl/nginx/nextcloud.oneskyit.com.crt;
# ssl_certificate_key /etc/ssl/nginx/nextcloud.oneskyit.com.key;
include /etc/nginx/options-ssl-nginx.conf;
ssl_certificate /etc/certs/fullchain.pem;
ssl_certificate_key /etc/certs/privkey.pem;
ssl_dhparam /etc/certs/ssl-dhparams.pem;
# Prevent nginx HTTP Server Detection
server_tokens off;
# HSTS settings
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
# set max upload size and increase upload timeout:
client_max_body_size 512M;
client_body_timeout 300s;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Pagespeed is not supported by Nextcloud, so if your server is built
# with the `ngx_pagespeed` module, uncomment this line to disable it.
#pagespeed off;
# The settings allows you to optimize the HTTP2 bandwitdth.
# See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
# for tunning hints
client_body_buffer_size 512k;
# HTTP response headers borrowed from Nextcloud `.htaccess`
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Specify how to handle directories -- specifying `/index.php$request_uri`
# here as the fallback means that Nginx always exhibits the desired behaviour
# when a client requests a path that corresponds to a directory that exists
# on the server. In particular, if that directory contains an index.php file,
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
# `try_files $uri $uri/ /index.php$request_uri`
# always provides the desired behaviour.
index index.php index.html /index.php$request_uri;
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
location = / {
if ( $http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/$is_args$args;
}
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make a regex exception for `/.well-known` so that clients can still
# access it despite the existence of the regex rule
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
# for `/.well-known`.
location ^~ /.well-known {
# The rules in this block are an adaptation of the rules
# in `.htaccess` that concern `/.well-known`.
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
# Let Nextcloud's API for `/.well-known` URIs handle all other
# requests by passing them to the front-end controller.
return 301 /index.php$request_uri;
}
# Rules borrowed from `.htaccess` to hide certain paths from clients
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
# to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) {
# Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# fastcgi_param SCRIPT_FILENAME /var/www/html/$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_max_temp_file_size 0;
}
location ~ \.(?:css|js|svg|gif|png|jpg|ico|wasm|tflite|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463, $asset_immutable";
access_log off; # Optional: Don't log access to assets
location ~ \.wasm$ {
default_type application/wasm;
}
}
location ~ \.woff2?$ {
try_files $uri /index.php$request_uri;
expires 7d; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
# Rule borrowed from `.htaccess`
location /remote {
return 301 /remote.php$request_uri;
}
location / {
try_files $uri $uri/ /index.php$request_uri;
}
}

160
conf/nginx/site-enabled_aether_api_v5_fastapi_gunicorn.conf
View File

@@ -1,160 +0,0 @@
server {
listen 80;
listen [::]:80;
server_name ${DOCKER_AE_API_V5_SERVER_NAME} v5-fastapi.localhost api-v5.localhost;
# server_name
# fastapi_gunicorn.localhost
# dev-api.localhost
# dev-api.oneskyit.com
# test-api.oneskyit.com
# ;
access_log /logs/nginx/access_fastapi_gunicorn.log;
error_log /logs/nginx/error_fastapi_gunicorn.log;
client_max_body_size ${OSIT_WEB_MAX_BODY_SIZE}; # 5120M; #4096M or 4G; 5120M or 5G;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_buffering off;
# This is needed for long running Python code. Default is 60 seconds
# Increased from 1200 to 1500 on 2022-04-17
# Increased from 1500 to 2000 on 2023-03-15
# Increased proxy read timeout to 2100 and decreased fastcgi options to 35s on 2023-03-16
fastcgi_connect_timeout 4s;
fastcgi_send_timeout 5s;
fastcgi_read_timeout 5s;
# proxy read timeout being too low will cause 504 Gateway Time-out on the client browser
proxy_read_timeout 2100s;
proxy_pass http://v5_fastapi_backend;
}
location /ws {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# proxy_read_timeout 600;
# proxy_headers_hash_max_size 1024;
proxy_pass http://v5_fastapi_backend;
access_log /logs/nginx/access_fastapi_gunicorn_ws.log;
error_log /logs/nginx/error_fastapi_gunicorn_ws.log;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_name ${DOCKER_AE_API_V5_SERVER_NAME} v5-fastapi.localhost api-v5.localhost;
# server_name
# fastapi_gunicorn.localhost
# dev-api.localhost
# dev-api.oneskyit.com
# test-api.oneskyit.com
# ;
access_log /logs/nginx/access_fastapi_gunicorn.log;
error_log /logs/nginx/error_fastapi_gunicorn.log;
include /etc/nginx/options-ssl-nginx.conf;
ssl_certificate /etc/certs/fullchain.pem;
ssl_certificate_key /etc/certs/privkey.pem;
ssl_dhparam /etc/certs/ssl-dhparams.pem;
# include brotli.conf;
# include gzip.conf;
client_max_body_size ${OSIT_WEB_MAX_BODY_SIZE}; # 5120M; #4096M or 4G; 5120M or 5G;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_buffering off;
# This is needed for long running Python code. Default is 60 seconds
# Increased from 1200 to 1500 on 2022-04-17
# Increased from 1500 to 2000 on 2023-03-15
# Increased proxy read timeout to 2100 and decreased fastcgi options to 35s on 2023-03-16
fastcgi_connect_timeout 35s;
fastcgi_send_timeout 35s;
fastcgi_read_timeout 35s;
# proxy read timeout being too low will cause 504 Gateway Time-out on the client browser
proxy_read_timeout 2100s;
proxy_pass http://v5_fastapi_backend;
}
location /ws {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# proxy_read_timeout 600;
# proxy_headers_hash_max_size 1024;
proxy_pass http://v5_fastapi_backend;
access_log /logs/nginx/access_fastapi_gunicorn_ws.log;
error_log /logs/nginx/error_fastapi_gunicorn_ws.log;
}
}
upstream v5_fastapi_backend {
# sticky sessions
ip_hash;
# enable least connections balancing method
# least_conn;
# zone backend 64k; # Use NGINX Plus' shared memory
# server webserver1 weight=1;
# server webserver2 weight=4;
# larger number will recieve more requests
# Example of 20 vs 10: 20 will recieve twice as many requests as 10
server aether_api_v5_gunicorn:5005 weight=20 max_fails=3 fail_timeout=30s;
# server aether_api_gunicorn_bak:5005 weight=10 max_fails=1 fail_timeout=30s;
# maintain up to 20 idle connections to the group of upstream servers
# keepalive 20;
}

2
conf/nginx/site-enabled_aether_app_svelte_node.conf
View File

@@ -4,7 +4,7 @@ server {
server_name
${DOCKER_AE_APP_SERVER_NAME}
~^(dev|test|bak|sk|sr|prod)?-?(app|demo|connect|aacc|aapor|ascm|bgh|businessgroup|chow|cmsc|idaa|ishlt|lci|ncsd|npa|rli|scott|dgr)\.oneskyit\.com$
~^(dev|test|bak|sk|sr|prod)?-?(app|demo|connect|aacc|aapor|ascm|axonius|bgh|businessgroup|chow|cmsc|idaa|ishlt|lci|ncsd|npa|rli|scott|dgr)\.oneskyit\.com$
app.localhost
demo.localhost
connect.localhost

167
conf/nginx/site-enabled_aether_flask_gunicorn.conf
View File

@@ -1,167 +0,0 @@
server {
listen 80;
listen [::]:80;
# server_name
# ${NGINX_SERVER_NAMES}
# ;
server_name
${DOCKER_AE_APP_SERVER_NAME}
flask_gunicorn.localhost demo.localhost dev.localhost
bak-app.oneskyit.com
bak-connect.oneskyit.com *.bak-connect.oneskyit.com
bak-demo.oneskyit.com *.bak-demo.oneskyit.com
bak-businessgroup.oneskyit.com *.bak-businessgroup.oneskyit.com
bak-ishlt.oneskyit.com *.bak-ishlt.oneskyit.com
dev-app.oneskyit.com
dev-connect.oneskyit.com *.dev-connect.oneskyit.com
dev-demo.oneskyit.com *.dev-demo.oneskyit.com
dev-aacc.oneskyit.com *.dev-aacc.oneskyit.com
dev-aapor.oneskyit.com *.dev-aapor.oneskyit.com
dev-businessgroup.oneskyit.com *.dev-businessgroup.oneskyit.com
dev-chow.oneskyit.com *.dev-chow.oneskyit.com
dev-cmsc.oneskyit.com *.dev-cmsc.oneskyit.com
dev-idaa.oneskyit.com *.dev-idaa.oneskyit.com
dev-ishlt.oneskyit.com *.dev-ishlt.oneskyit.com
dev-lci.oneskyit.com *.dev-lci.oneskyit.com
dev-ncsd.oneskyit.com *.dev-ncsd.oneskyit.com
dev-npa.oneskyit.com *.dev-npa.oneskyit.com
dev-rli.oneskyit.com *.dev-rli.oneskyit.com
sr-app.oneskyit.com
sr-connect.oneskyit.com *.sr-connect.oneskyit.com
sr-demo.oneskyit.com *.sr-demo.oneskyit.com
sr-aacc.oneskyit.com *.sr-aacc.oneskyit.com
sr-aapor.oneskyit.com *.sr-aapor.oneskyit.com
sr-businessgroup.oneskyit.com *.sr-businessgroup.oneskyit.com
sr-cmsc.oneskyit.com *.sr-cmsc.oneskyit.com
sr-lci.oneskyit.com *.sr-lci.oneskyit.com
sr-ncsd.oneskyit.com *.sr-ncsd.oneskyit.com
test-app.oneskyit.com
# test-idaa.oneskyit.com *.test-idaa.oneskyit.com
# test-ishlt.oneskyit.com *.test-ishlt.oneskyit.com
;
access_log /logs/nginx/access_flask_gunicorn.log;
error_log /logs/nginx/error_flask_gunicorn.log;
client_max_body_size ${OSIT_WEB_MAX_BODY_SIZE}; # 5120M; #4096M or 4G; 5120M or 5G;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_buffering off;
# This is needed for long running Python code. Default is 60 seconds
# Increased from 1200 to 1500 on 2022-04-17
fastcgi_connect_timeout 1500s;
fastcgi_send_timeout 1500s;
fastcgi_read_timeout 1500s;
proxy_read_timeout 1500s;
proxy_pass http://flask_backend;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
# The Docker nginx envsubst with templates does not work for multiple server names.
# server_name
# ${NGINX_SERVER_NAMES}
# ;
server_name
${DOCKER_AE_APP_SERVER_NAME}
flask_gunicorn.localhost demo.localhost dev.localhost
bak-app.oneskyit.com
bak-connect.oneskyit.com *.bak-connect.oneskyit.com
bak-demo.oneskyit.com *.bak-demo.oneskyit.com
bak-businessgroup.oneskyit.com *.bak-businessgroup.oneskyit.com
bak-ishlt.oneskyit.com *.bak-ishlt.oneskyit.com
dev-app.oneskyit.com
dev-connect.oneskyit.com *.dev-connect.oneskyit.com
dev-demo.oneskyit.com *.dev-demo.oneskyit.com
dev-aacc.oneskyit.com *.dev-aacc.oneskyit.com
dev-aapor.oneskyit.com *.dev-aapor.oneskyit.com
dev-businessgroup.oneskyit.com *.dev-businessgroup.oneskyit.com
dev-chow.oneskyit.com *.dev-chow.oneskyit.com
# dev-cmsc.oneskyit.com *.dev-cmsc.oneskyit.com
dev-idaa.oneskyit.com *.dev-idaa.oneskyit.com
dev-ishlt.oneskyit.com *.dev-ishlt.oneskyit.com
dev-lci.oneskyit.com *.dev-lci.oneskyit.com
# dev-ncsd.oneskyit.com *.dev-ncsd.oneskyit.com
dev-npa.oneskyit.com *.dev-npa.oneskyit.com
dev-rli.oneskyit.com *.dev-rli.oneskyit.com
sr-app.oneskyit.com
sr-connect.oneskyit.com *.sr-connect.oneskyit.com
sr-demo.oneskyit.com *.sr-demo.oneskyit.com
sr-aacc.oneskyit.com *.sr-aacc.oneskyit.com
sr-aapor.oneskyit.com *.sr-aapor.oneskyit.com
sr-businessgroup.oneskyit.com *.sr-businessgroup.oneskyit.com
# sr-cmsc.oneskyit.com *.sr-cmsc.oneskyit.com
sr-lci.oneskyit.com *.sr-lci.oneskyit.com
# sr-ncsd.oneskyit.com *.sr-ncsd.oneskyit.com
test-app.oneskyit.com
# test-idaa.oneskyit.com *.test-idaa.oneskyit.com
# test-ishlt.oneskyit.com *.test-ishlt.oneskyit.com
;
access_log /logs/nginx/access_flask_gunicorn.log;
error_log /logs/nginx/error_flask_gunicorn.log;
include /etc/nginx/options-ssl-nginx.conf;
ssl_certificate /etc/certs/fullchain_wild.pem;
ssl_certificate_key /etc/certs/privkey_wild.pem;
ssl_dhparam /etc/certs/ssl-dhparams.pem;
# include brotli.conf;
# include gzip.conf;
client_max_body_size ${OSIT_WEB_MAX_BODY_SIZE}; # 5120M; #4096M or 4G; 5120M or 5G;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_buffering off;
# This is needed for long running Python code. Default is 60 seconds
# Increased from 1200 to 1500 on 2022-04-17
fastcgi_connect_timeout 1500s;
fastcgi_send_timeout 1500s;
fastcgi_read_timeout 1500s;
proxy_read_timeout 1500s;
proxy_pass http://flask_backend;
}
}
upstream flask_backend {
ip_hash;
server app-node:3000 weight=20 max_fails=3 fail_timeout=30s;
}

38
docker-compose.yml
View File

@@ -15,7 +15,7 @@ services:
- PGID=1000
- TZ=US/Eastern
- NGINX_SERVER_NAMES="flask_gunicorn.localhost demo.localhost dev.localhost dev.oneskyit.com dev-app.oneskyit.com dev-connect.oneskyit.com dev-demo.oneskyit.com dev-aacc.oneskyit.com dev-aapor.oneskyit.com dev-ascm.oneskyit.com dev-businessgroup.oneskyt.com dev-chow.oneskyit.com dev-cmsc.oneskyit.com dev-idaa.oneskyit.com dev-ishlt.oneskyit.com dev-lci.oneskyit.com dev-ncsd.oneskyit.com dev-npa.oneskyit.com dev-rli.oneskyit.com test-app.oneskyit.com test-api.oneskyit.com test-demo.oneskyit.com test-lci.oneskyit.com test-idaa.oneskyit.com scott.oneskyit.com dgr.oneskyit.com"
- NGINX_SERVER_NAMES="demo.localhost dev.localhost dev.oneskyit.com dev-app.oneskyit.com dev-connect.oneskyit.com dev-demo.oneskyit.com dev-aacc.oneskyit.com dev-aapor.oneskyit.com dev-ascm.oneskyit.com dev-businessgroup.oneskyt.com dev-chow.oneskyit.com dev-cmsc.oneskyit.com dev-idaa.oneskyit.com dev-ishlt.oneskyit.com dev-lci.oneskyit.com dev-ncsd.oneskyit.com dev-npa.oneskyit.com dev-rli.oneskyit.com test-app.oneskyit.com test-api.oneskyit.com test-demo.oneskyit.com test-lci.oneskyit.com test-idaa.oneskyit.com scott.oneskyit.com dgr.oneskyit.com"
ports:
- "${OSIT_WEB_HTTP_PORT}:80" # LAN HTTP (local access without SSL)
# - "${OSIT_WEB_HTTPS_PORT}:443" # HTTPS — not needed internally; terminate SSL at home server
@@ -194,42 +194,6 @@ services:
max-size: "10m"
max-file: "3"
# *Legacy* Aether Flask Application served with Gunicorn
# *NOTE:* This legacy frontend using Flask is being replaced by the new one using SvelteKit.
# aether_app_gunicorn:
# # ... (same as before) ...
# restart: always
# container_name: ${CONTAINER_AE_APP}
# build:
# context: ./
# dockerfile: aether_flask_gunicorn.Dockerfile
# env_file:
# - ./.env
# ports:
# - "${AE_APP_GUNICORN_PORT}:5005"
# extra_hosts:
# - "${DOCKER_AE_SERVER_EXTRA_HOST}"
# - "${DOCKER_AE_API_SERVER_EXTRA_HOST}"
# - "${DOCKER_AE_API_BAK_SERVER_EXTRA_HOST}"
# volumes:
# - ./conf/aether_flask_gunicorn_conf.py:/conf/gunicorn_flask_conf.py
# - ./conf/aether_flask_requirements_current.txt:/requirements_current.txt
# - ./conf/aether_app_config.py:/srv/aether_app/flask_config_v2.py
# - ./logs/ae_app:/logs
# - ${AE_APP_SRC}:/srv/aether_app
# - ${HOSTED_FILES_SRC}:/srv/hosted_files
# - ${HOSTED_TMP_SRC}:/srv/hosted_tmp
# - ./tmp/ae_app:/tmp
# depends_on:
# - ae_api
# stdin_open: true
# tty: true
# logging:
# driver: "json-file"
# options:
# max-size: "10m"
# max-file: "3"
dozzle:
container_name: ${CONTAINER_DOZZLE:-ae_dozzle_dev}
image: amir20/dozzle:latest