From 0d81958bfc7ca58311e950e8e8b72fa9e56c704c Mon Sep 17 00:00:00 2001 From: Scott Idem Date: Tue, 24 Mar 2026 15:51:44 -0400 Subject: [PATCH] Cleaning up old legacy files. Sorry, no more Flask. --- conf/aether_api_v5_fastapi_config.py | 105 -------- conf/aether_api_v5_fastapi_gunicorn_conf.py | 46 ---- conf/aether_api_v5_fastapi_requirements.txt | 63 ----- ...ts_[freeze_2024-04-26_1240_fastapi110].txt | 67 ----- conf/aether_flask_gunicorn_conf.py | 59 ----- conf/aether_flask_requirements.txt | 41 --- conf/aether_flask_requirements_current.txt | 40 --- conf/nextcloud/Dockerfile | 151 ----------- conf/nextcloud/config/apcu.config.php | 4 - conf/nextcloud/config/apps.config.php | 15 -- conf/nextcloud/config/autoconfig.php | 41 --- conf/nextcloud/config/redis.config.php | 17 -- .../nextcloud/config/reverse-proxy.config.php | 30 --- conf/nextcloud/config/s3.config.php | 27 -- conf/nextcloud/config/smtp.config.php | 22 -- conf/nextcloud/config/swift.config.php | 31 --- conf/nextcloud/cron.sh | 4 - conf/nextcloud/entrypoint.sh | 250 ------------------ conf/nextcloud/upgrade.exclude | 6 - conf/nginx/site-enabled_aether-mailman2.conf | 20 -- conf/nginx/site-enabled_aether-nextcloud.conf | 196 -------------- ...nabled_aether_api_v5_fastapi_gunicorn.conf | 160 ----------- .../site-enabled_aether_app_svelte_node.conf | 2 +- .../site-enabled_aether_flask_gunicorn.conf | 167 ------------ docker-compose.yml | 38 +-- 25 files changed, 2 insertions(+), 1600 deletions(-) delete mode 100644 conf/aether_api_v5_fastapi_config.py delete mode 100644 conf/aether_api_v5_fastapi_gunicorn_conf.py delete mode 100644 conf/aether_api_v5_fastapi_requirements.txt delete mode 100644 conf/aether_fastapi_requirements_[freeze_2024-04-26_1240_fastapi110].txt delete mode 100644 conf/aether_flask_gunicorn_conf.py delete mode 100644 conf/aether_flask_requirements.txt delete mode 100644 conf/aether_flask_requirements_current.txt delete mode 100644 conf/nextcloud/Dockerfile delete mode 100644 conf/nextcloud/config/apcu.config.php delete mode 100644 conf/nextcloud/config/apps.config.php delete mode 100644 conf/nextcloud/config/autoconfig.php delete mode 100644 conf/nextcloud/config/redis.config.php delete mode 100644 conf/nextcloud/config/reverse-proxy.config.php delete mode 100644 conf/nextcloud/config/s3.config.php delete mode 100644 conf/nextcloud/config/smtp.config.php delete mode 100644 conf/nextcloud/config/swift.config.php delete mode 100755 conf/nextcloud/cron.sh delete mode 100755 conf/nextcloud/entrypoint.sh delete mode 100644 conf/nextcloud/upgrade.exclude delete mode 100644 conf/nginx/site-enabled_aether-mailman2.conf delete mode 100644 conf/nginx/site-enabled_aether-nextcloud.conf delete mode 100644 conf/nginx/site-enabled_aether_api_v5_fastapi_gunicorn.conf delete mode 100644 conf/nginx/site-enabled_aether_flask_gunicorn.conf diff --git a/conf/aether_api_v5_fastapi_config.py b/conf/aether_api_v5_fastapi_config.py deleted file mode 100644 index 9fbc705..0000000 --- a/conf/aether_api_v5_fastapi_config.py +++ /dev/null @@ -1,105 +0,0 @@ -# Configuration file for this FastAPI app. -import os -from pydantic import AnyHttpUrl, BaseSettings, EmailStr, HttpUrl, PostgresDsn, validator -from typing import Any, Dict, List, Optional, Union - - -# ### ### # - - -class Settings(BaseSettings): - AETHER_CFG = {} - AETHER_CFG['id'] = os.getenv('AE_CFG_ID', None) - # AETHER_CFG['api_id'] = os.getenv('AE_API_CFG_ID', None) # NOT CURRENTLY NEED OR USED - - JWT_KEY = 'EHmSXZFKfMEW65E8kxCKmQ' # 22 characters; super secret Aether JWT signing key - - # APP_NAME: str = "Aether API (FastAPI)" - # SUPER_EMAIL: EmailStr = 'Aether.Super@oneskyit.com' - - - # Database Connection - DB = {} - DB['server'] = os.getenv('AE_DB_V5_SERVER', 'mariadb') # 'linode.oneskyit.com' # linode.oneskyit.com, vpn-linode linode.oneskyit.local - DB['port'] = os.getenv('AE_DB_V5_PORT', '3306') # default = 3306 - DB['name'] = os.getenv('AE_DB_V5_NAME', None) # 'aether_dev' #onesky_ams_dev - DB['username'] = os.getenv('AE_DB_V5_USERNAME', None) # 'osit_aether' # 'onesky_aether' - DB['password'] = os.getenv('AE_DB_V5_PASSWORD', None) # - SQLALCHEMY_DB_URI = 'mysql://'+DB['username']+':'+DB['password']+'@'+DB['server']+'/'+DB['name'] - - - # Aether API log files paths - LOG_PATH = {} - LOG_PATH['app'] = os.getenv('AE_API_V5_LOG_PATH', 'admin/log/app.log') # 'admin/log/app.log', '../../logs/aether_api.log' - # LOG_PATH['app_warning'] = '/logs/aether_api_warning.log' # 'admin/log/app_warning.log' '../../logs/aether_api_warning.log' - - - # Redis - REDIS = {} - REDIS['server'] = os.getenv('AE_REDIS_SERVER', 'redis') # 'localhost' 'redis' - REDIS['port'] = os.getenv('AE_REDIS_PORT', '6379') # '6379' - - - # Send SMTP Email - SMTP = {} - # server - # port - # username - # password - - - # Server Hosted File Paths - FILES_PATH = {} - # hosted_files_root - # hosted_tmp_root - - - # CORS Origins - ORIGINS_REGEX = '(https://.*\.oneskyit\.com)|(http://.*\.oneskyit\.com)|(https://.*\.oneskyit\.com:4443)|(http://.*\.oneskyit\.com:8080)|(http://.*\.oneskyit\.com:8181)|(https://.*\.oneskyit\.com:8443)|(http://.*\.oneskyit\.local)|(http://.*\.oneskyit\.local:5000)|(http://.*.localhost)|(http://.*.localhost:5000)|(http://.*.localhost:8181)' - # A reasonable, but fairly open example regular expression for the CORS origins: - # '(https://.*\.oneskyit\.com)|(http://.*\.oneskyit\.com)|(http://.*\.oneskyit\.com:8181)|(https://.*\.oneskyit\.com:8443)|(http://.*\.oneskyit\.local)|(http://.*\.oneskyit\.local:5000)|(http://.*.localhost)|(http://.*.localhost:5000)|(http://.*.localhost:8181)' - - ORIGINS = [ - 'https://oneskyit.com', - # 'http://app-local.oneskyit.com', - 'http://192.168.32.20:3000', - 'http://192.168.32.20:8080', - - 'http://localhost', - 'http://localhost:3000', - # 'http://localhost:5000', - 'http://localhost:7800', - # 'http://localhost:8080', - # 'http://localhost:8888', - - # 'http://fastapi.localhost', - - 'http://svelte.oneskyit.local:5555', - - # 'http://connect.localhost:5000', # Using localhost - - # 'http://dev-svelte.oneskyit.local:5555', - - # 'http://lci.internal:5000', # Using internal; just in case guess before LCI - # 'http://lci.oneskyit.internal:5000', # Using internal; just in case guess before LCI - # 'http://lci.oneskyit.internal', # Using internal; just in case guess before LCI - ] - - - # HTTP Status Dict List - HTTP_STATUS_LI = {} - # HTTP_STATUS_LI[200] = { 'name': 'OK', 'message': 'The request has succeeded.' } - # HTTP_STATUS_LI[400] = { 'name': 'Bad Request', 'message': 'The request could not be understood by the server due to malformed syntax. The client SHOULD NOT repeat the request without modifications.' } - # HTTP_STATUS_LI[401] = { 'name': 'Unauthorized', 'message': 'The server could not verify that you are authorized to access the URL requested. You either supplied the wrong credentials (e.g. a bad password), or your browser does not understand how to supply the credentials required.' } - # HTTP_STATUS_LI[402] = { 'name': '?Request Failed?', 'message': '??The parameters were valid but the request failed.??' } - # HTTP_STATUS_LI[403] = { 'name': 'Forbidden', 'message': 'The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. If the server does not wish to make this information available to the client, the status code 404 (Not Found) can be used instead.' } - # HTTP_STATUS_LI[404] = { 'name': 'Not Found', 'message': 'The requested resource does not exist.' } - # HTTP_STATUS_LI[409] = { 'name': 'Conflict', 'message': 'The request conflicts with another request (perhaps due to using the same idempotent key).' } - # HTTP_STATUS_LI[429] = { 'name': 'Too Many Requests', 'message': 'Too many requests hit the API too quickly. We recommend an exponential backoff of your requests.' } - # HTTP_STATUS_LI[500] = { 'name': 'Internal Server Error', 'message': 'The server encountered an unexpected condition which prevented it from fulfilling the request.' } - # HTTP_STATUS_LI[501] = { 'name': 'Not Implemented', 'message': 'The server does not support the functionality required to fulfill the request. This is the appropriate response when the server does not recognize the request method and is not capable of supporting it for any resource.' } - # HTTP_STATUS_LI[502] = { 'name': 'Bad Gateway', 'message': 'The server, while acting as a gateway or proxy, received an invalid response from the upstream server it accessed in attempting to fulfill the request.' } - # HTTP_STATUS_LI[503] = { 'name': 'Service Unavailable', 'message': 'The server is currently unable to handle the request due to a temporary overloading or maintenance of the server. The implication is that this is a temporary condition which will be alleviated after some delay. If known, the length of the delay MAY be indicated in a Retry-After header. If no Retry-After is given, the client SHOULD handle the response as it would for a 500 response.' } - # HTTP_STATUS_LI[504] = { 'name': 'Gateway Timeout', 'message': 'The server, while acting as a gateway or proxy, did not receive a timely response from the upstream server specified by the URI (e.g. HTTP, FTP, LDAP) or some other auxiliary server (e.g. DNS) it needed to access in attempting to complete the request.' } - -settings = Settings() diff --git a/conf/aether_api_v5_fastapi_gunicorn_conf.py b/conf/aether_api_v5_fastapi_gunicorn_conf.py deleted file mode 100644 index 4ef479e..0000000 --- a/conf/aether_api_v5_fastapi_gunicorn_conf.py +++ /dev/null @@ -1,46 +0,0 @@ -import os - -# Gunicorn config variables -loglevel = "debug" - -accesslog = "/logs/gunicorn_access.log" # "-" # stdout -errorlog = "/logs/gunicorn_error.log" # "-" # stderr -# "logfile" does not seem to actually do anything -# logfile = "/logs/gunicorn.log" # "-" # stderr - -# Disable control socket to prevent permission issues on volume mounts -control_socket = None - -bind = "0.0.0.0:5005" -# bind = "unix:/tmp/gunicorn.sock" - -worker_tmp_dir = "/dev/shm" - -chdir = "/srv/aether_api" -# home = /path/to/environment -wsgi_app = "app.main:app" -# module = "run_server" -# callable = "app" -# plugins = "python" -# default_proc_name = "app.main:app" - -# Setting a long timeout since some FastAPI API requests may take a while -timeout = 2100 # default 30; 1200 is NOT enough; worker process silent then kill and restart -graceful_timeout = 10 # default 30; timeout after restart signal -keepalive = 2 # default 2; setting higher because behind load balancer (nginx) - -# Reload does not work correctly with UvicornWorker -# https://github.com/benoitc/gunicorn/issues/2339 -# Disable reload if using more than one thread -##### reload = True - -# reload_engine = "poll" - -worker_class = "uvicorn.workers.UvicornWorker" # default "sync" -# Works are processes, not threads -# workers = 9 # default 1; use 10ish for production; 2 to 4 times the number of cores -# threads = 1 # default 1; only affects Gthread worker type -workers = os.getenv('AE_API_WORKERS', 2) -threads = os.getenv('AE_API_THREADS', 2) - -# umask = '007' diff --git a/conf/aether_api_v5_fastapi_requirements.txt b/conf/aether_api_v5_fastapi_requirements.txt deleted file mode 100644 index 0943763..0000000 --- a/conf/aether_api_v5_fastapi_requirements.txt +++ /dev/null @@ -1,63 +0,0 @@ -# aioredis # BAD! Not maintained! -anyio -argon2-cffi -argon2-cffi-bindings -asgiref -async-timeout -certifi -cffi -charset-normalizer -click -Deprecated -dnspython -email-validator -et-xmlfile -fastapi -greenlet -gunicorn -h11 -html2text -httpcore -httptools -httpx -idna -itsdangerous -Jinja2 -MarkupSafe -mysqlclient -numpy -openpyxl -orjson -packaging -pandas -passlib -pdf2image -Pillow -pycparser -pydantic -PyJWT -pyparsing -python-dateutil -python-dotenv -python-multipart -pytz -PyYAML -qrcode -redis[hiredis] -requests -rfc3986 -six -sniffio -SQLAlchemy==1.4.47 # 1.4.47 is the newest I am working with -starlette -stripe -typing_extensions -ujson -urllib3 -uvicorn -uvloop -watchfiles -watchgod -websockets -wrapt -xlrd diff --git a/conf/aether_fastapi_requirements_[freeze_2024-04-26_1240_fastapi110].txt b/conf/aether_fastapi_requirements_[freeze_2024-04-26_1240_fastapi110].txt deleted file mode 100644 index 9b5dc15..0000000 --- a/conf/aether_fastapi_requirements_[freeze_2024-04-26_1240_fastapi110].txt +++ /dev/null @@ -1,67 +0,0 @@ -aiofiles==23.2.1 -anyio==3.7.1 -argon2-cffi==23.1.0 -argon2-cffi-bindings==21.2.0 -async-timeout==4.0.3 -baize==0.20.8 -certifi==2024.2.2 -cffi==1.16.0 -charset-normalizer==3.3.2 -click==8.1.7 -Deprecated==1.2.14 -dnspython==2.6.1 -email_validator==2.1.1 -et-xmlfile==1.1.0 -fastapi==0.110.2 -greenlet==3.0.3 -gunicorn==21.2.0 -h11==0.14.0 -hiredis==2.3.2 -html2text==2024.2.26 -httpcore==1.0.5 -httptools==0.6.1 -httpx==0.27.0 -idna==3.7 -itsdangerous==2.2.0 -Jinja2==3.1.3 -MarkupSafe==2.1.5 -mysqlclient==2.2.4 -numpy==1.26.4 -openpyxl==3.1.2 -orjson==3.10.1 -packaging==24.0 -pandas==2.2.2 -passlib==1.7.4 -pdf2image==1.17.0 -pillow==10.3.0 -pycparser==2.22 -pydantic==1.10.15 -PyJWT==2.8.0 -pyparsing==3.1.2 -pypng==0.20220715.0 -python-dateutil==2.9.0.post0 -python-dotenv==1.0.1 -python-multipart==0.0.9 -pytz==2024.1 -PyYAML==6.0.1 -qrcode==7.4.2 -redis==5.0.4 -requests==2.31.0 -rfc3986==2.0.0 -six==1.16.0 -sniffio==1.3.1 -SQLAlchemy==1.4.52 -starlette==0.37.2 -stripe==9.4.0 -typing_extensions==4.11.0 -tzdata==2024.1 -ujson==5.9.0 -urllib3==2.2.1 -uvicorn==0.20.0 -uvloop==0.19.0 -Wand==0.6.13 -watchfiles==0.21.0 -watchgod==0.8.2 -websockets==12.0 -wrapt==1.16.0 -xlrd==2.0.1 diff --git a/conf/aether_flask_gunicorn_conf.py b/conf/aether_flask_gunicorn_conf.py deleted file mode 100644 index bb8049b..0000000 --- a/conf/aether_flask_gunicorn_conf.py +++ /dev/null @@ -1,59 +0,0 @@ -import os - -# Gunicorn config variables -loglevel = os.getenv('AE_LOG_LVL', 'warning') - -# accesslog = "/logs/gunicorn_access.log" # "-" # stdout -errorlog = "/logs/gunicorn_error.log" # "-" # stderr -# "logfile" does not seem to actually do anything -# logfile = "/logs/gunicorn.log" # "-" # stderr - -bind = "0.0.0.0:5005" -# bind = "unix:/tmp/gunicorn.sock" - -worker_tmp_dir = "/dev/shm" - -chdir = "/srv/aether_app" -# home = /path/to/environment -wsgi_app = "run_server:app" -# module = "run_server" -# callable = "app" -# plugins = "python" -# default_proc_name = "run_server:app" - -# Setting a longer timeout since some Flask app requests may take a while -timeout = os.getenv('AE_APP_GUNICORN_TIMEOUT', 1200) # default 30; worker process silent then kill and restart -graceful_timeout = os.getenv('AE_APP_GUNICORN_GRACEFUL_TIMEOUT', 20) -keepalive = os.getenv('AE_APP_GUNICORN_KEEPALIVE', 300) # default 2; setting higher because behind load balancer (nginx) - -# Disable reload if using more than one thread -reload = True - -# worker_class = "sync" # default "sync" -# Works are processes, not threads -# workers = 9 # default 1; use 10ish for production; 2 to 4 times the number of cores -# threads = 1 # default 1; only affects Gthread worker type -workers = os.getenv('AE_APP_GUNICORN_WORKERS', 2) -threads = os.getenv('AE_APP_GUNICORN_THREADS', 2) - -# umask = '007' - -# capture_output = True - - -# default_proc_name = "run_server:app" - -# worker_class = "worker_class" - -## From FastAPI for reference -# --bind unix:/home/scott/OSIT_dev/aether_api_fastapi/gunicorn.sock -# --umask 007 app.main:app -# --workers 2 -# --worker-class uvicorn.workers.UvicornWorker -# --log-level debug -# --access-logfile admin/log/access.log -# --error-logfile admin/log/error.log -# --log-file admin/log/log.log -# --capture-output -# --keep-alive 5 -# --reload diff --git a/conf/aether_flask_requirements.txt b/conf/aether_flask_requirements.txt deleted file mode 100644 index f793ceb..0000000 --- a/conf/aether_flask_requirements.txt +++ /dev/null @@ -1,41 +0,0 @@ -# Updated manually 2023-09-12 with a lot of trial and error. -# A few are commented out even though they are actually used and required. Other packages already pull them in. - -argon2-cffi>=23.1.0 # Must keep -click>=8.1.7 # Must keep??? -Deprecated>=1.2.14 -# Flask 2.0.3 works; 2.1.3 works except for changes related to send_file and send_directory; 2.2.5 does not yet work -Flask==2.1.3 # Must keep; 2.2.5 seems ok as of 2023-10-19 but needs more testing -Flask-Caching>=2.0.2 -Flask-Cors>=4.0.0 -Flask-MySQLdb>=1.0.1 -Flask-SocketIO>=5.3.6 -Flask-SQLAlchemy>=2.5.1 -gunicorn>=21.2.0 -html2text>=2020.1.16 -# itsdangerous>=2.1.2 -Jinja2>=3.1.2 -# MarkupSafe>=2.1.3 -# mysqlclient>=2.2.0 -numpy>=1.25.2 -pandas>=2.1.0 -passlib>=1.7.4 -Pillow>=10.0.0 -pydantic>=2.3.0 -python-dateutil>=2.8.2 -python-engineio>=4.3.0 -python-socketio>=5.5.0 -pytz>=2023.3.post1 -qrcode>=7.4.2 -redis>=5.0.0 -requests==2.28.1 # version 2.31.0 does not work? -# six>=1.16.0 -SQLAlchemy>=2.0.20 # Must keep -stripe==5.0.0 # version 6.4.0 exists 2023-09-12 -types-pytz>=2023.3.0.1 -types-requests>=2.31.0.2 -types-urllib3>=1.26.25.14 -typing_extensions>=4.7.1 -# urllib3>=1.26.16 -Werkzeug==2.3.7 # hold off on upgrading to 3.x versions; Werkzeug 2.3.7 works with Flask 2.1.3; 2.3.8 should be out late 2023 -xmltodict>=0.13.0 # Must keep diff --git a/conf/aether_flask_requirements_current.txt b/conf/aether_flask_requirements_current.txt deleted file mode 100644 index 0185bdf..0000000 --- a/conf/aether_flask_requirements_current.txt +++ /dev/null @@ -1,40 +0,0 @@ -# Updated manually 2023-09-12 with a lot of trial and error. -# A few are commented out even though they are actually used and required. Other packages already pull them in. - -argon2-cffi>=23.1.0 # Must keep -click>=8.1.7 # Must keep??? -Deprecated>=1.2.14 -Flask==2.0.3 # Must keep -Flask-Caching>=2.0.2 -Flask-Cors>=4.0.0 -Flask-MySQLdb>=1.0.1 -Flask-SocketIO>=5.3.6 -Flask-SQLAlchemy>=2.5.1 -gunicorn>=21.2.0 -html2text>=2020.1.16 -# itsdangerous>=2.1.2 -Jinja2>=3.1.2 -# MarkupSafe>=2.1.3 -# mysqlclient>=2.2.0 -numpy>=1.25.2 -pandas>=2.1.0 -passlib>=1.7.4 -Pillow>=10.0.0 -pydantic>=2.3.0 -python-dateutil>=2.8.2 -python-engineio>=4.3.0 -python-socketio>=5.5.0 -pytz>=2023.3.post1 -qrcode>=7.4.2 -redis>=5.0.0 -requests==2.28.1 # version 2.31.0 does not work? -# six>=1.16.0 -SQLAlchemy>=2.0.20 # Must keep -stripe==5.0.0 # version 6.4.0 exists 2023-09-12 -types-pytz>=2023.3.0.1 -types-requests>=2.31.0.2 -types-urllib3>=1.26.25.14 -typing_extensions>=4.7.1 -# urllib3>=1.26.16 -Werkzeug>=2.3.7 -xmltodict>=0.13.0 # Must keep diff --git a/conf/nextcloud/Dockerfile b/conf/nextcloud/Dockerfile deleted file mode 100644 index 041afbb..0000000 --- a/conf/nextcloud/Dockerfile +++ /dev/null @@ -1,151 +0,0 @@ -# DO NOT EDIT: created by update.sh from Dockerfile-debian.template -FROM php:8.1-fpm-bullseye - -# entrypoint.sh and cron.sh dependencies -RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - rsync \ - bzip2 \ - busybox-static \ - libldap-common \ - libmagickcore-6.q16-6-extra \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - \ - mkdir -p /var/spool/cron/crontabs; \ - echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data - -# install the PHP extensions we need -# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html -ENV PHP_MEMORY_LIMIT 512M -ENV PHP_UPLOAD_LIMIT 512M -RUN set -ex; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libcurl4-openssl-dev \ - libevent-dev \ - libfreetype6-dev \ - libicu-dev \ - libjpeg-dev \ - libldap2-dev \ - libmcrypt-dev \ - libmemcached-dev \ - libpng-dev \ - libpq-dev \ - libxml2-dev \ - libmagickwand-dev \ - libzip-dev \ - libwebp-dev \ - libgmp-dev \ - ; \ - \ - debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ - docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \ - docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \ - docker-php-ext-install -j "$(nproc)" \ - bcmath \ - exif \ - gd \ - intl \ - ldap \ - opcache \ - pcntl \ - pdo_mysql \ - pdo_pgsql \ - zip \ - gmp \ - ; \ - \ -# pecl will claim success even if one install fails, so we need to perform each install separately - pecl install APCu-5.1.22; \ - pecl install memcached-3.2.0; \ - pecl install redis-5.3.7; \ - pecl install imagick-3.7.0; \ - \ - docker-php-ext-enable \ - apcu \ - memcached \ - redis \ - imagick \ - ; \ - rm -r /tmp/pear; \ - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies - apt-mark auto '.*' > /dev/null; \ - apt-mark manual $savedAptMark; \ - ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ - | awk '/=>/ { print $3 }' \ - | sort -u \ - | xargs -r dpkg-query -S \ - | cut -d: -f1 \ - | sort -u \ - | xargs -rt apt-mark manual; \ - \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - rm -rf /var/lib/apt/lists/* - -# set recommended PHP.ini settings -# see https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache -RUN { \ - echo 'opcache.enable=1'; \ - echo 'opcache.interned_strings_buffer=16'; \ - echo 'opcache.max_accelerated_files=10000'; \ - echo 'opcache.memory_consumption=128'; \ - echo 'opcache.save_comments=1'; \ - echo 'opcache.revalidate_freq=60'; \ - } > "${PHP_INI_DIR}/conf.d/opcache-recommended.ini"; \ - \ - echo 'apc.enable_cli=1' >> "${PHP_INI_DIR}/conf.d/docker-php-ext-apcu.ini"; \ - \ - { \ - echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \ - echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \ - echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \ - } > "${PHP_INI_DIR}/conf.d/nextcloud.ini"; \ - \ - mkdir /var/www/data; \ - chown -R www-data:root /var/www; \ - chmod -R g=u /var/www - -VOLUME /var/www/html - - -ENV NEXTCLOUD_VERSION 25.0.2 - -RUN set -ex; \ - fetchDeps=" \ - gnupg \ - dirmngr \ - "; \ - apt-get update; \ - apt-get install -y --no-install-recommends $fetchDeps; \ - \ - curl -fsSL -o nextcloud.tar.bz2 \ - "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc \ - "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ -# gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ - gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ - gpgconf --kill all; \ - rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \ - mkdir -p /usr/src/nextcloud/data; \ - mkdir -p /usr/src/nextcloud/custom_apps; \ - chmod +x /usr/src/nextcloud/occ; \ - \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \ - rm -rf /var/lib/apt/lists/* - -COPY *.sh upgrade.exclude / -COPY config/* /usr/src/nextcloud/config/ - -ENTRYPOINT ["/entrypoint.sh"] -CMD ["php-fpm"] diff --git a/conf/nextcloud/config/apcu.config.php b/conf/nextcloud/config/apcu.config.php deleted file mode 100644 index 69fed87..0000000 --- a/conf/nextcloud/config/apcu.config.php +++ /dev/null @@ -1,4 +0,0 @@ - '\OC\Memcache\APCu', -); diff --git a/conf/nextcloud/config/apps.config.php b/conf/nextcloud/config/apps.config.php deleted file mode 100644 index 5f35873..0000000 --- a/conf/nextcloud/config/apps.config.php +++ /dev/null @@ -1,15 +0,0 @@ - array ( - 0 => array ( - 'path' => OC::$SERVERROOT.'/apps', - 'url' => '/apps', - 'writable' => false, - ), - 1 => array ( - 'path' => OC::$SERVERROOT.'/custom_apps', - 'url' => '/custom_apps', - 'writable' => true, - ), - ), -); diff --git a/conf/nextcloud/config/autoconfig.php b/conf/nextcloud/config/autoconfig.php deleted file mode 100644 index b166db0..0000000 --- a/conf/nextcloud/config/autoconfig.php +++ /dev/null @@ -1,41 +0,0 @@ - '\OC\Memcache\Redis', - 'memcache.locking' => '\OC\Memcache\Redis', - 'redis' => array( - 'host' => getenv('REDIS_HOST'), - 'password' => (string) getenv('REDIS_HOST_PASSWORD'), - ), - ); - - if (getenv('REDIS_HOST_PORT') !== false) { - $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT'); - } elseif (getenv('REDIS_HOST')[0] != '/') { - $CONFIG['redis']['port'] = 6379; - } -} diff --git a/conf/nextcloud/config/reverse-proxy.config.php b/conf/nextcloud/config/reverse-proxy.config.php deleted file mode 100644 index 7df0415..0000000 --- a/conf/nextcloud/config/reverse-proxy.config.php +++ /dev/null @@ -1,30 +0,0 @@ - array( - 'class' => '\OC\Files\ObjectStore\S3', - 'arguments' => array( - 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), - 'key' => getenv('OBJECTSTORE_S3_KEY') ?: '', - 'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '', - 'region' => getenv('OBJECTSTORE_S3_REGION') ?: '', - 'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '', - 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', - 'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:", - 'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true, - 'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true, - // required for some non Amazon S3 implementations - 'use_path_style' => $use_path == true && strtolower($use_path) !== 'false', - // required for older protocol versions - 'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false' - ) - ) - ); -} diff --git a/conf/nextcloud/config/smtp.config.php b/conf/nextcloud/config/smtp.config.php deleted file mode 100644 index 93888db..0000000 --- a/conf/nextcloud/config/smtp.config.php +++ /dev/null @@ -1,22 +0,0 @@ - 'smtp', - 'mail_smtphost' => getenv('SMTP_HOST'), - 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), - 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))), - 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', - 'mail_smtpname' => getenv('SMTP_NAME') ?: '', - 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), - 'mail_domain' => getenv('MAIL_DOMAIN'), - ); - - if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) { - $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); - } elseif (getenv('SMTP_PASSWORD')) { - $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); - } else { - $CONFIG['mail_smtppassword'] = ''; - } -} diff --git a/conf/nextcloud/config/swift.config.php b/conf/nextcloud/config/swift.config.php deleted file mode 100644 index 74a4d97..0000000 --- a/conf/nextcloud/config/swift.config.php +++ /dev/null @@ -1,31 +0,0 @@ - [ - 'class' => 'OC\\Files\\ObjectStore\\Swift', - 'arguments' => [ - 'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false', - 'user' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'), - 'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default', - ], - ], - 'scope' => [ - 'project' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default', - ], - ], - ], - 'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift', - 'region' => getenv('OBJECTSTORE_SWIFT_REGION'), - 'url' => getenv('OBJECTSTORE_SWIFT_URL'), - 'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'), - ] - ] - ); -} diff --git a/conf/nextcloud/cron.sh b/conf/nextcloud/cron.sh deleted file mode 100755 index 4dfa411..0000000 --- a/conf/nextcloud/cron.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -set -eu - -exec busybox crond -f -l 0 -L /dev/stdout diff --git a/conf/nextcloud/entrypoint.sh b/conf/nextcloud/entrypoint.sh deleted file mode 100755 index 56444da..0000000 --- a/conf/nextcloud/entrypoint.sh +++ /dev/null @@ -1,250 +0,0 @@ -#!/bin/sh -set -eu - -# version_greater A B returns whether A > B -version_greater() { - [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ] -} - -# return true if specified directory is empty -directory_empty() { - [ -z "$(ls -A "$1/")" ] -} - -run_as() { - if [ "$(id -u)" = 0 ]; then - su -p "$user" -s /bin/sh -c "$1" - else - sh -c "$1" - fi -} - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") - local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") - if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - if [ -n "${varValue}" ]; then - export "$var"="${varValue}" - elif [ -n "${fileVarValue}" ]; then - export "$var"="$(cat "${fileVarValue}")" - elif [ -n "${def}" ]; then - export "$var"="$def" - fi - unset "$fileVar" -} - -if expr "$1" : "apache" 1>/dev/null; then - if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then - a2disconf remoteip - fi -fi - -if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then - uid="$(id -u)" - gid="$(id -g)" - if [ "$uid" = '0' ]; then - case "$1" in - apache2*) - user="${APACHE_RUN_USER:-http}" - group="${APACHE_RUN_GROUP:-http}" - - # strip off any '#' symbol ('#1000' is valid syntax for Apache) - user="${user#'#'}" - group="${group#'#'}" - ;; - *) # php-fpm - user='http' - group='http' - ;; - esac - else - user="$uid" - group="$gid" - fi - - if [ -n "${REDIS_HOST+x}" ]; then - - echo "Configuring Redis as session handler" - { - file_env REDIS_HOST_PASSWORD - echo 'session.save_handler = redis' - # check if redis host is an unix socket path - if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then - if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"unix://${REDIS_HOST}\"" - fi - # check if redis password has been set - elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" - fi - echo "redis.session.locking_enabled = 1" - echo "redis.session.lock_retries = -1" - # redis.session.lock_wait_time is specified in microseconds. - # Wait 10ms before retrying the lock rather than the default 2ms. - echo "redis.session.lock_wait_time = 10000" - } > /usr/local/etc/php/conf.d/redis-session.ini - fi - - installed_version="0.0.0.0" - if [ -f /var/www/html/version.php ]; then - # shellcheck disable=SC2016 - installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" - fi - # shellcheck disable=SC2016 - image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')" - - if version_greater "$installed_version" "$image_version"; then - echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?" - exit 1 - fi - - if version_greater "$image_version" "$installed_version"; then - echo "Initializing nextcloud $image_version ..." - if [ "$installed_version" != "0.0.0.0" ]; then - echo "Upgrading nextcloud from $installed_version ..." - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before - fi - if [ "$(id -u)" = 0 ]; then - rsync_options="-rlDog --chown $user:$group" - else - rsync_options="-rlD" - fi - - # If another process is syncing the html folder, wait for - # it to be done, then escape initalization. - # You need to define the NEXTCLOUD_INIT_LOCK environment variable - lock=/var/www/html/nextcloud-init-sync.lock - count=0 - limit=10 - - if [ -f "$lock" ] && [ -n "${NEXTCLOUD_INIT_LOCK+x}" ]; then - until [ ! -f "$lock" ] || [ "$count" -gt "$limit" ] - do - count=$((count+1)) - wait=$((count*10)) - echo "Another process is initializing Nextcloud. Waiting $wait seconds..." - sleep $wait - done - if [ "$count" -gt "$limit" ]; then - echo "Timeout while waiting for an ongoing initialization" - exit 1 - fi - echo "The other process is done, assuming complete initialization" - else - # Prevent multiple images syncing simultaneously - touch $lock - rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ - - for dir in config data custom_apps themes; do - if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then - rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - fi - done - rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - - # Install - if [ "$installed_version" = "0.0.0.0" ]; then - echo "New nextcloud instance" - - file_env NEXTCLOUD_ADMIN_PASSWORD - file_env NEXTCLOUD_ADMIN_USER - - if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then - # shellcheck disable=SC2016 - install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' - if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then - # shellcheck disable=SC2016 - install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' - fi - - file_env MYSQL_DATABASE - file_env MYSQL_PASSWORD - file_env MYSQL_USER - file_env POSTGRES_DB - file_env POSTGRES_PASSWORD - file_env POSTGRES_USER - - install=false - if [ -n "${SQLITE_DATABASE+x}" ]; then - echo "Installing with SQLite database" - # shellcheck disable=SC2016 - install_options=$install_options' --database-name "$SQLITE_DATABASE"' - install=true - elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then - echo "Installing with MySQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"' - install=true - elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then - echo "Installing with PostgreSQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"' - install=true - fi - - if [ "$install" = true ]; then - echo "Starting nextcloud installation" - max_retries=10 - try=0 - until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] - do - echo "Retrying install..." - try=$((try+1)) - sleep 10s - done - if [ "$try" -gt "$max_retries" ]; then - echo "Installing of nextcloud failed!" - exit 1 - fi - if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then - echo "Setting trusted domains…" - NC_TRUSTED_DOMAIN_IDX=1 - for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do - DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" - NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1)) - done - fi - else - echo "Please run the web-based installer on first connect!" - fi - fi - # Upgrade - else - run_as 'php /var/www/html/occ upgrade' - - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after - echo "The following apps have been disabled:" - diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 - rm -f /tmp/list_before /tmp/list_after - - fi - - # Initialization done, reset lock - rm $lock - echo "Initializing finished" - fi - fi - - # Update htaccess after init if requested - if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then - run_as 'php /var/www/html/occ maintenance:update:htaccess' - fi - -fi - -exec "$@" diff --git a/conf/nextcloud/upgrade.exclude b/conf/nextcloud/upgrade.exclude deleted file mode 100644 index 31ce39a..0000000 --- a/conf/nextcloud/upgrade.exclude +++ /dev/null @@ -1,6 +0,0 @@ -/config/ -/data/ -/custom_apps/ -/themes/ -/version.php -/nextcloud-init-sync.lock diff --git a/conf/nginx/site-enabled_aether-mailman2.conf b/conf/nginx/site-enabled_aether-mailman2.conf deleted file mode 100644 index a2dd90e..0000000 --- a/conf/nginx/site-enabled_aether-mailman2.conf +++ /dev/null @@ -1,20 +0,0 @@ -server { - listen 80; - listen [::]:80; - server_name mailman2-oneskyit.localhost mailman2.oneskyit.com; - - access_log /logs/nginx/access_oneskyit_mailman2.log; - - index index.php; - - location / { - proxy_pass http://mailman2:80; - proxy_pass_header Content-Type; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; # allow websockets - proxy_pass_header Connection; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - } -} diff --git a/conf/nginx/site-enabled_aether-nextcloud.conf b/conf/nginx/site-enabled_aether-nextcloud.conf deleted file mode 100644 index a1a899a..0000000 --- a/conf/nginx/site-enabled_aether-nextcloud.conf +++ /dev/null @@ -1,196 +0,0 @@ -upstream php-handler { - server nextcloud25:9000; - # server unix:/var/run/php/php7.4-fpm.sock; -} - -# Set the `immutable` cache control options only for assets with a cache busting `v` argument -map $arg_v $asset_immutable { - "" ""; - default "immutable"; -} - - -server { - listen 80; - listen [::]:80; - server_name nextcloud.oneskyit.com; - - # Prevent nginx HTTP Server Detection - server_tokens off; - - # Enforce HTTPS - return 301 https://$server_name$request_uri; -} - -server { - listen 443 ssl; - listen [::]:443 ssl; - http2 on; - - server_name nextcloud.oneskyit.com; - - access_log /logs/nginx/access_oneskyit_nextcloud.log; - - # Path to the root of your installation - # root /srv/nextcloud; - root /var/www/html; - - # Use Mozilla's guidelines for SSL/TLS settings - # https://mozilla.github.io/server-side-tls/ssl-config-generator/ - # ssl_certificate /etc/ssl/nginx/nextcloud.oneskyit.com.crt; - # ssl_certificate_key /etc/ssl/nginx/nextcloud.oneskyit.com.key; - - include /etc/nginx/options-ssl-nginx.conf; - - ssl_certificate /etc/certs/fullchain.pem; - ssl_certificate_key /etc/certs/privkey.pem; - ssl_dhparam /etc/certs/ssl-dhparams.pem; - - # Prevent nginx HTTP Server Detection - server_tokens off; - - # HSTS settings - # WARNING: Only add the preload option once you read about - # the consequences in https://hstspreload.org/. This option - # will add the domain to a hardcoded list that is shipped - # in all major browsers and getting removed from this list - # could take several months. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always; - - # set max upload size and increase upload timeout: - client_max_body_size 512M; - client_body_timeout 300s; - fastcgi_buffers 64 4K; - - # Enable gzip but do not remove ETag headers - gzip on; - gzip_vary on; - gzip_comp_level 4; - gzip_min_length 256; - gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; - gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; - - # Pagespeed is not supported by Nextcloud, so if your server is built - # with the `ngx_pagespeed` module, uncomment this line to disable it. - #pagespeed off; - - # The settings allows you to optimize the HTTP2 bandwitdth. - # See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/ - # for tunning hints - client_body_buffer_size 512k; - - # HTTP response headers borrowed from Nextcloud `.htaccess` - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Remove X-Powered-By, which is an information leak - fastcgi_hide_header X-Powered-By; - - # Specify how to handle directories -- specifying `/index.php$request_uri` - # here as the fallback means that Nginx always exhibits the desired behaviour - # when a client requests a path that corresponds to a directory that exists - # on the server. In particular, if that directory contains an index.php file, - # that file is correctly served; if it doesn't, then the request is passed to - # the front-end controller. This consistent behaviour means that we don't need - # to specify custom rules for certain paths (e.g. images and other assets, - # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus - # `try_files $uri $uri/ /index.php$request_uri` - # always provides the desired behaviour. - index index.php index.html /index.php$request_uri; - - # Rule borrowed from `.htaccess` to handle Microsoft DAV clients - location = / { - if ( $http_user_agent ~ ^DavClnt ) { - return 302 /remote.php/webdav/$is_args$args; - } - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Make a regex exception for `/.well-known` so that clients can still - # access it despite the existence of the regex rule - # `location ~ /(\.|autotest|...)` which would otherwise handle requests - # for `/.well-known`. - location ^~ /.well-known { - # The rules in this block are an adaptation of the rules - # in `.htaccess` that concern `/.well-known`. - - location = /.well-known/carddav { return 301 /remote.php/dav/; } - location = /.well-known/caldav { return 301 /remote.php/dav/; } - - location /.well-known/acme-challenge { try_files $uri $uri/ =404; } - location /.well-known/pki-validation { try_files $uri $uri/ =404; } - - # Let Nextcloud's API for `/.well-known` URIs handle all other - # requests by passing them to the front-end controller. - return 301 /index.php$request_uri; - } - - # Rules borrowed from `.htaccess` to hide certain paths from clients - location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; } - location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } - - # Ensure this block, which passes PHP files to the PHP process, is above the blocks - # which handle static assets (as seen below). If this block is not declared first, - # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php` - # to the URI, resulting in a HTTP 500 error response. - location ~ \.php(?:$|/) { - # Required for legacy support - rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; - - fastcgi_split_path_info ^(.+?\.php)(/.*)$; - set $path_info $fastcgi_path_info; - - try_files $fastcgi_script_name =404; - - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - # fastcgi_param SCRIPT_FILENAME /var/www/html/$fastcgi_script_name; - fastcgi_param PATH_INFO $path_info; - fastcgi_param HTTPS on; - - fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice - fastcgi_param front_controller_active true; # Enable pretty urls - fastcgi_pass php-handler; - - fastcgi_intercept_errors on; - fastcgi_request_buffering off; - - fastcgi_max_temp_file_size 0; - } - - location ~ \.(?:css|js|svg|gif|png|jpg|ico|wasm|tflite|map)$ { - try_files $uri /index.php$request_uri; - add_header Cache-Control "public, max-age=15778463, $asset_immutable"; - access_log off; # Optional: Don't log access to assets - - location ~ \.wasm$ { - default_type application/wasm; - } - } - - location ~ \.woff2?$ { - try_files $uri /index.php$request_uri; - expires 7d; # Cache-Control policy borrowed from `.htaccess` - access_log off; # Optional: Don't log access to assets - } - - # Rule borrowed from `.htaccess` - location /remote { - return 301 /remote.php$request_uri; - } - - location / { - try_files $uri $uri/ /index.php$request_uri; - } -} - diff --git a/conf/nginx/site-enabled_aether_api_v5_fastapi_gunicorn.conf b/conf/nginx/site-enabled_aether_api_v5_fastapi_gunicorn.conf deleted file mode 100644 index f8b51e0..0000000 --- a/conf/nginx/site-enabled_aether_api_v5_fastapi_gunicorn.conf +++ /dev/null @@ -1,160 +0,0 @@ -server { - listen 80; - listen [::]:80; - - server_name ${DOCKER_AE_API_V5_SERVER_NAME} v5-fastapi.localhost api-v5.localhost; - # server_name - # fastapi_gunicorn.localhost - # dev-api.localhost - # dev-api.oneskyit.com - # test-api.oneskyit.com - # ; - - access_log /logs/nginx/access_fastapi_gunicorn.log; - error_log /logs/nginx/error_fastapi_gunicorn.log; - - client_max_body_size ${OSIT_WEB_MAX_BODY_SIZE}; # 5120M; #4096M or 4G; 5120M or 5G; - - location / { - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_redirect off; - proxy_buffering off; - - # This is needed for long running Python code. Default is 60 seconds - # Increased from 1200 to 1500 on 2022-04-17 - # Increased from 1500 to 2000 on 2023-03-15 - # Increased proxy read timeout to 2100 and decreased fastcgi options to 35s on 2023-03-16 - fastcgi_connect_timeout 4s; - fastcgi_send_timeout 5s; - fastcgi_read_timeout 5s; - - # proxy read timeout being too low will cause 504 Gateway Time-out on the client browser - proxy_read_timeout 2100s; - - proxy_pass http://v5_fastapi_backend; - } - - location /ws { - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_http_version 1.1; - - proxy_redirect off; - proxy_buffering off; - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - # proxy_read_timeout 600; - # proxy_headers_hash_max_size 1024; - - proxy_pass http://v5_fastapi_backend; - - access_log /logs/nginx/access_fastapi_gunicorn_ws.log; - error_log /logs/nginx/error_fastapi_gunicorn_ws.log; - } -} - - -server { - listen 443 ssl; - listen [::]:443 ssl; - http2 on; - - server_name ${DOCKER_AE_API_V5_SERVER_NAME} v5-fastapi.localhost api-v5.localhost; - # server_name - # fastapi_gunicorn.localhost - # dev-api.localhost - # dev-api.oneskyit.com - # test-api.oneskyit.com - # ; - - access_log /logs/nginx/access_fastapi_gunicorn.log; - error_log /logs/nginx/error_fastapi_gunicorn.log; - - include /etc/nginx/options-ssl-nginx.conf; - - ssl_certificate /etc/certs/fullchain.pem; - ssl_certificate_key /etc/certs/privkey.pem; - ssl_dhparam /etc/certs/ssl-dhparams.pem; - - # include brotli.conf; - # include gzip.conf; - - client_max_body_size ${OSIT_WEB_MAX_BODY_SIZE}; # 5120M; #4096M or 4G; 5120M or 5G; - - location / { - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_redirect off; - proxy_buffering off; - - # This is needed for long running Python code. Default is 60 seconds - # Increased from 1200 to 1500 on 2022-04-17 - # Increased from 1500 to 2000 on 2023-03-15 - # Increased proxy read timeout to 2100 and decreased fastcgi options to 35s on 2023-03-16 - fastcgi_connect_timeout 35s; - fastcgi_send_timeout 35s; - fastcgi_read_timeout 35s; - - # proxy read timeout being too low will cause 504 Gateway Time-out on the client browser - proxy_read_timeout 2100s; - - proxy_pass http://v5_fastapi_backend; - } - - location /ws { - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_http_version 1.1; - - proxy_redirect off; - proxy_buffering off; - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - # proxy_read_timeout 600; - # proxy_headers_hash_max_size 1024; - - proxy_pass http://v5_fastapi_backend; - - access_log /logs/nginx/access_fastapi_gunicorn_ws.log; - error_log /logs/nginx/error_fastapi_gunicorn_ws.log; - } -} - - -upstream v5_fastapi_backend { - # sticky sessions - ip_hash; - - # enable least connections balancing method - # least_conn; - - # zone backend 64k; # Use NGINX Plus' shared memory - - # server webserver1 weight=1; - # server webserver2 weight=4; - - # larger number will recieve more requests - # Example of 20 vs 10: 20 will recieve twice as many requests as 10 - server aether_api_v5_gunicorn:5005 weight=20 max_fails=3 fail_timeout=30s; - # server aether_api_gunicorn_bak:5005 weight=10 max_fails=1 fail_timeout=30s; - - # maintain up to 20 idle connections to the group of upstream servers - # keepalive 20; -} diff --git a/conf/nginx/site-enabled_aether_app_svelte_node.conf b/conf/nginx/site-enabled_aether_app_svelte_node.conf index 642cc73..6eb738c 100644 --- a/conf/nginx/site-enabled_aether_app_svelte_node.conf +++ b/conf/nginx/site-enabled_aether_app_svelte_node.conf @@ -4,7 +4,7 @@ server { server_name ${DOCKER_AE_APP_SERVER_NAME} - ~^(dev|test|bak|sk|sr|prod)?-?(app|demo|connect|aacc|aapor|ascm|bgh|businessgroup|chow|cmsc|idaa|ishlt|lci|ncsd|npa|rli|scott|dgr)\.oneskyit\.com$ + ~^(dev|test|bak|sk|sr|prod)?-?(app|demo|connect|aacc|aapor|ascm|axonius|bgh|businessgroup|chow|cmsc|idaa|ishlt|lci|ncsd|npa|rli|scott|dgr)\.oneskyit\.com$ app.localhost demo.localhost connect.localhost diff --git a/conf/nginx/site-enabled_aether_flask_gunicorn.conf b/conf/nginx/site-enabled_aether_flask_gunicorn.conf deleted file mode 100644 index 85f2518..0000000 --- a/conf/nginx/site-enabled_aether_flask_gunicorn.conf +++ /dev/null @@ -1,167 +0,0 @@ -server { - listen 80; - listen [::]:80; - - # server_name - # ${NGINX_SERVER_NAMES} - # ; - server_name - ${DOCKER_AE_APP_SERVER_NAME} - flask_gunicorn.localhost demo.localhost dev.localhost - - bak-app.oneskyit.com - bak-connect.oneskyit.com *.bak-connect.oneskyit.com - bak-demo.oneskyit.com *.bak-demo.oneskyit.com - - bak-businessgroup.oneskyit.com *.bak-businessgroup.oneskyit.com - bak-ishlt.oneskyit.com *.bak-ishlt.oneskyit.com - - dev-app.oneskyit.com - dev-connect.oneskyit.com *.dev-connect.oneskyit.com - dev-demo.oneskyit.com *.dev-demo.oneskyit.com - - dev-aacc.oneskyit.com *.dev-aacc.oneskyit.com - dev-aapor.oneskyit.com *.dev-aapor.oneskyit.com - dev-businessgroup.oneskyit.com *.dev-businessgroup.oneskyit.com - dev-chow.oneskyit.com *.dev-chow.oneskyit.com - dev-cmsc.oneskyit.com *.dev-cmsc.oneskyit.com - dev-idaa.oneskyit.com *.dev-idaa.oneskyit.com - dev-ishlt.oneskyit.com *.dev-ishlt.oneskyit.com - dev-lci.oneskyit.com *.dev-lci.oneskyit.com - dev-ncsd.oneskyit.com *.dev-ncsd.oneskyit.com - dev-npa.oneskyit.com *.dev-npa.oneskyit.com - dev-rli.oneskyit.com *.dev-rli.oneskyit.com - - sr-app.oneskyit.com - sr-connect.oneskyit.com *.sr-connect.oneskyit.com - sr-demo.oneskyit.com *.sr-demo.oneskyit.com - - sr-aacc.oneskyit.com *.sr-aacc.oneskyit.com - sr-aapor.oneskyit.com *.sr-aapor.oneskyit.com - sr-businessgroup.oneskyit.com *.sr-businessgroup.oneskyit.com - sr-cmsc.oneskyit.com *.sr-cmsc.oneskyit.com - sr-lci.oneskyit.com *.sr-lci.oneskyit.com - sr-ncsd.oneskyit.com *.sr-ncsd.oneskyit.com - - test-app.oneskyit.com - # test-idaa.oneskyit.com *.test-idaa.oneskyit.com - # test-ishlt.oneskyit.com *.test-ishlt.oneskyit.com - ; - - access_log /logs/nginx/access_flask_gunicorn.log; - error_log /logs/nginx/error_flask_gunicorn.log; - - client_max_body_size ${OSIT_WEB_MAX_BODY_SIZE}; # 5120M; #4096M or 4G; 5120M or 5G; - - location / { - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_redirect off; - proxy_buffering off; - - # This is needed for long running Python code. Default is 60 seconds - # Increased from 1200 to 1500 on 2022-04-17 - fastcgi_connect_timeout 1500s; - fastcgi_send_timeout 1500s; - fastcgi_read_timeout 1500s; - proxy_read_timeout 1500s; - - proxy_pass http://flask_backend; - } -} - - -server { - listen 443 ssl; - listen [::]:443 ssl; - http2 on; - - # The Docker nginx envsubst with templates does not work for multiple server names. - # server_name - # ${NGINX_SERVER_NAMES} - # ; - server_name - ${DOCKER_AE_APP_SERVER_NAME} - flask_gunicorn.localhost demo.localhost dev.localhost - - bak-app.oneskyit.com - bak-connect.oneskyit.com *.bak-connect.oneskyit.com - bak-demo.oneskyit.com *.bak-demo.oneskyit.com - - bak-businessgroup.oneskyit.com *.bak-businessgroup.oneskyit.com - bak-ishlt.oneskyit.com *.bak-ishlt.oneskyit.com - - dev-app.oneskyit.com - dev-connect.oneskyit.com *.dev-connect.oneskyit.com - dev-demo.oneskyit.com *.dev-demo.oneskyit.com - - dev-aacc.oneskyit.com *.dev-aacc.oneskyit.com - dev-aapor.oneskyit.com *.dev-aapor.oneskyit.com - dev-businessgroup.oneskyit.com *.dev-businessgroup.oneskyit.com - dev-chow.oneskyit.com *.dev-chow.oneskyit.com - # dev-cmsc.oneskyit.com *.dev-cmsc.oneskyit.com - dev-idaa.oneskyit.com *.dev-idaa.oneskyit.com - dev-ishlt.oneskyit.com *.dev-ishlt.oneskyit.com - dev-lci.oneskyit.com *.dev-lci.oneskyit.com - # dev-ncsd.oneskyit.com *.dev-ncsd.oneskyit.com - dev-npa.oneskyit.com *.dev-npa.oneskyit.com - dev-rli.oneskyit.com *.dev-rli.oneskyit.com - - sr-app.oneskyit.com - sr-connect.oneskyit.com *.sr-connect.oneskyit.com - sr-demo.oneskyit.com *.sr-demo.oneskyit.com - - sr-aacc.oneskyit.com *.sr-aacc.oneskyit.com - sr-aapor.oneskyit.com *.sr-aapor.oneskyit.com - sr-businessgroup.oneskyit.com *.sr-businessgroup.oneskyit.com - # sr-cmsc.oneskyit.com *.sr-cmsc.oneskyit.com - sr-lci.oneskyit.com *.sr-lci.oneskyit.com - # sr-ncsd.oneskyit.com *.sr-ncsd.oneskyit.com - - test-app.oneskyit.com - # test-idaa.oneskyit.com *.test-idaa.oneskyit.com - # test-ishlt.oneskyit.com *.test-ishlt.oneskyit.com - ; - - access_log /logs/nginx/access_flask_gunicorn.log; - error_log /logs/nginx/error_flask_gunicorn.log; - - include /etc/nginx/options-ssl-nginx.conf; - - ssl_certificate /etc/certs/fullchain_wild.pem; - ssl_certificate_key /etc/certs/privkey_wild.pem; - ssl_dhparam /etc/certs/ssl-dhparams.pem; - - # include brotli.conf; - # include gzip.conf; - - client_max_body_size ${OSIT_WEB_MAX_BODY_SIZE}; # 5120M; #4096M or 4G; 5120M or 5G; - - location / { - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_redirect off; - proxy_buffering off; - - # This is needed for long running Python code. Default is 60 seconds - # Increased from 1200 to 1500 on 2022-04-17 - fastcgi_connect_timeout 1500s; - fastcgi_send_timeout 1500s; - fastcgi_read_timeout 1500s; - proxy_read_timeout 1500s; - - proxy_pass http://flask_backend; - } -} - - -upstream flask_backend { - ip_hash; - server app-node:3000 weight=20 max_fails=3 fail_timeout=30s; -} diff --git a/docker-compose.yml b/docker-compose.yml index d734cc5..d1c4ba9 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -15,7 +15,7 @@ services: - PGID=1000 - TZ=US/Eastern - - NGINX_SERVER_NAMES="flask_gunicorn.localhost demo.localhost dev.localhost dev.oneskyit.com dev-app.oneskyit.com dev-connect.oneskyit.com dev-demo.oneskyit.com dev-aacc.oneskyit.com dev-aapor.oneskyit.com dev-ascm.oneskyit.com dev-businessgroup.oneskyt.com dev-chow.oneskyit.com dev-cmsc.oneskyit.com dev-idaa.oneskyit.com dev-ishlt.oneskyit.com dev-lci.oneskyit.com dev-ncsd.oneskyit.com dev-npa.oneskyit.com dev-rli.oneskyit.com test-app.oneskyit.com test-api.oneskyit.com test-demo.oneskyit.com test-lci.oneskyit.com test-idaa.oneskyit.com scott.oneskyit.com dgr.oneskyit.com" + - NGINX_SERVER_NAMES="demo.localhost dev.localhost dev.oneskyit.com dev-app.oneskyit.com dev-connect.oneskyit.com dev-demo.oneskyit.com dev-aacc.oneskyit.com dev-aapor.oneskyit.com dev-ascm.oneskyit.com dev-businessgroup.oneskyt.com dev-chow.oneskyit.com dev-cmsc.oneskyit.com dev-idaa.oneskyit.com dev-ishlt.oneskyit.com dev-lci.oneskyit.com dev-ncsd.oneskyit.com dev-npa.oneskyit.com dev-rli.oneskyit.com test-app.oneskyit.com test-api.oneskyit.com test-demo.oneskyit.com test-lci.oneskyit.com test-idaa.oneskyit.com scott.oneskyit.com dgr.oneskyit.com" ports: - "${OSIT_WEB_HTTP_PORT}:80" # LAN HTTP (local access without SSL) # - "${OSIT_WEB_HTTPS_PORT}:443" # HTTPS — not needed internally; terminate SSL at home server @@ -194,42 +194,6 @@ services: max-size: "10m" max-file: "3" - # *Legacy* Aether Flask Application served with Gunicorn - # *NOTE:* This legacy frontend using Flask is being replaced by the new one using SvelteKit. - # aether_app_gunicorn: - # # ... (same as before) ... - # restart: always - # container_name: ${CONTAINER_AE_APP} - # build: - # context: ./ - # dockerfile: aether_flask_gunicorn.Dockerfile - # env_file: - # - ./.env - # ports: - # - "${AE_APP_GUNICORN_PORT}:5005" - # extra_hosts: - # - "${DOCKER_AE_SERVER_EXTRA_HOST}" - # - "${DOCKER_AE_API_SERVER_EXTRA_HOST}" - # - "${DOCKER_AE_API_BAK_SERVER_EXTRA_HOST}" - # volumes: - # - ./conf/aether_flask_gunicorn_conf.py:/conf/gunicorn_flask_conf.py - # - ./conf/aether_flask_requirements_current.txt:/requirements_current.txt - # - ./conf/aether_app_config.py:/srv/aether_app/flask_config_v2.py - # - ./logs/ae_app:/logs - # - ${AE_APP_SRC}:/srv/aether_app - # - ${HOSTED_FILES_SRC}:/srv/hosted_files - # - ${HOSTED_TMP_SRC}:/srv/hosted_tmp - # - ./tmp/ae_app:/tmp - # depends_on: - # - ae_api - # stdin_open: true - # tty: true - # logging: - # driver: "json-file" - # options: - # max-size: "10m" - # max-file: "3" - dozzle: container_name: ${CONTAINER_DOZZLE:-ae_dozzle_dev} image: amir20/dozzle:latest