diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile index 61b115e..93ce588 100644 --- a/Containers/docker-socket-proxy/Dockerfile +++ b/Containers/docker-socket-proxy/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM haproxy:3.1.1-alpine +FROM haproxy:3.1.2-alpine # hadolint ignore=DL3002 USER root diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index 6047bc7..3849cfd 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Docker CLI is a requirement -FROM docker:27.4.1-cli AS docker +FROM docker:27.5.0-cli AS docker # Caddy is a requirement FROM caddy:2.9.1-alpine AS caddy diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh index d467c88..7424c43 100644 --- a/Containers/mastercontainer/start.sh +++ b/Containers/mastercontainer/start.sh @@ -283,6 +283,15 @@ if [ "$?" = 6 ]; then exit 1 fi +# Check if auth.docker.io is reachable +# Solves issues like https://github.com/nextcloud/all-in-one/discussions/5268 +if ! curl https://auth.docker.io/token | grep -q token; then + print_red "Could not reach https://auth.docker.io." + echo "Most likely is something blocking access to it." + echo "You should be able to fix this by using https://github.com/nextcloud/all-in-one/tree/main/manual-install" + exit 1 +fi + # Check that no changes have been made to timezone settings since AIO only supports running in Etc/UTC timezone if [ -n "$TZ" ]; then print_red "The environmental variable TZ has been set which is not supported by AIO since it only supports running in the default Etc/UTC timezone!" diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 50692fb..bb3b567 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud ENV REDIS_DB_INDEX=0 # AIO settings start # Do not remove or change this line! -ENV NEXTCLOUD_VERSION=30.0.4 +ENV NEXTCLOUD_VERSION=30.0.5 ENV AIO_TOKEN=123456 ENV AIO_URL=localhost # AIO settings end # Do not remove or change this line! diff --git a/community-containers/fail2ban/fail2ban.json b/community-containers/fail2ban/fail2ban.json index 5305ad8..70d0597 100644 --- a/community-containers/fail2ban/fail2ban.json +++ b/community-containers/fail2ban/fail2ban.json @@ -25,6 +25,11 @@ "source": "nextcloud_aio_vaultwarden_logs", "destination": "/vaultwarden", "writeable": false + }, + { + "source": "nextcloud_aio_jellyfin", + "destination": "/jellyfin", + "writeable": false } ] } diff --git a/community-containers/fail2ban/readme.md b/community-containers/fail2ban/readme.md index 9725251..1811ebb 100644 --- a/community-containers/fail2ban/readme.md +++ b/community-containers/fail2ban/readme.md @@ -1,5 +1,5 @@ ## Fail2ban -This container bundles fail2ban and auto-configures it for you in order to block ip-addresses automatically. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, if installed. +This container bundles fail2ban and auto-configures it for you in order to block ip-addresses automatically. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden and https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin, if installed. ### Notes - If you get an error like `"ip6tables v1.8.9 (legacy): can't initialize ip6tables table filter': Table does not exist (do you need to insmod?)"`, you need to enable ip6tables on your host via `sudo modprobe ip6table_filter`. diff --git a/community-containers/jellyfin/readme.md b/community-containers/jellyfin/readme.md index b277ab4..2a78bc1 100644 --- a/community-containers/jellyfin/readme.md +++ b/community-containers/jellyfin/readme.md @@ -8,6 +8,7 @@ This container bundles Jellyfin and auto-configures it for you. - In order to access your Jellyfin outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) and [Jellyfin's networking documentation](https://jellyfin.org/docs/general/networking/#running-jellyfin-behind-a-reverse-proxy), OR use the [Caddy](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy) community container that will automatically configure `media.$NC_DOMAIN` to redirect to your Jellyfin. - ⚠️ After the initial start, Jellyfin shows a configuration page to set up the root password, etc. **Be careful to initialize your Jellyfin before adding the DNS record.** - If you have a firewall like ufw configured, you might need to open all Jellyfin ports in there first in order to make it work. Especially port 8096 is important! +- If you want to secure the installation with fail2ban, you might want to check out https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban - The data of Jellyfin will be automatically included in AIO's backup solution! - See [here](https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers) how to add it to the AIO stack. diff --git a/manual-install/readme.md b/manual-install/readme.md index c14dae5..9bf34c9 100644 --- a/manual-install/readme.md +++ b/manual-install/readme.md @@ -6,11 +6,13 @@ You can run the containers that are build for AIO with docker-compose. This come - You can run it without a container having access to the docker socket - You can modify all values on your own - You can run the containers with docker swarm +- You can run this in environments where access to docker.io is not possible. See [this issue](https://github.com/nextcloud/all-in-one/discussions/5268). ### Disadvantages - You lose the AIO interface - You lose update notifications and automatic updates - You lose all AIO backup and restore features +- You lose the built-in [Docker Socket Proxy container](https://github.com/nextcloud/docker-socket-proxy#readme) (needed for [Nextcloud App API](https://github.com/nextcloud/app_api#nextcloud-appapi)) - You lose all community containers: https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers - **You need to know what you are doing, especially when modifying the compose.yaml file** - For updating, you need to strictly follow the at the bottom described update routine diff --git a/reverse-proxy.md b/reverse-proxy.md index 29869ae..d8fdaa7 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -920,5 +920,6 @@ If something does not work, follow the steps below: 1. If you use Cloudflare, you might need to skip the domain validation anyways since it is known that Cloudflare might block the validation attempts. In that case, see the last option below! 1. If your reverse proxy is configured to use the host network (as recommended in the above docs) or running on the host, make sure that you've configured your firewall to open port 443 (and 80)! 1. Check if you have a public IPv4- and public IPv6-address. If you only have a public IPv6-address (e.g. due to DS-Lite), make sure to enable IPv6 in Docker and your whole networking infrastructure (e.g. also by adding an AAAA DNS-entry to your domain)! +1. [Enable Hairpin NAT in your router](https://github.com/nextcloud/all-in-one/discussions/5849) or [set up a local DNS server and add a custom dns-record](https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally) that allows the server to reach itself locally 1. Try to configure everything from scratch - if it still does not work by following https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance. 1. As last resort, you may disable the domain validation by adding `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command. But only use this if you are completely sure that you've correctly configured everything!