update
This commit is contained in:
parent
2499d00d19
commit
af00ea3175
|
@ -36,10 +36,10 @@ Documentation and notes.
|
|||
version: "2"
|
||||
services:
|
||||
|
||||
bookstack_db:
|
||||
bookstack-db:
|
||||
image: linuxserver/mariadb
|
||||
container_name: bookstack_db
|
||||
hostname: bookstack_db
|
||||
container_name: bookstack-db
|
||||
hostname: bookstack-db
|
||||
environment:
|
||||
- TZ
|
||||
- PUID
|
||||
|
@ -76,7 +76,7 @@ Documentation and notes.
|
|||
- ./bookstack-data:/config
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
- bookstack_db
|
||||
- bookstack-db
|
||||
|
||||
networks:
|
||||
default:
|
||||
|
@ -103,7 +103,7 @@ Documentation and notes.
|
|||
# BOOKSTACK
|
||||
PUID=1000
|
||||
PGID=1000
|
||||
DB_HOST=bookstack_db
|
||||
DB_HOST=bookstack-db
|
||||
DB_USER=bookstack
|
||||
DB_PASS=bookstack
|
||||
DB_DATABASE=bookstack
|
||||
|
@ -177,7 +177,7 @@ but borg backup is daily making snapshot of the entire directory.
|
|||
#!/bin/bash
|
||||
|
||||
# CREATE DATABASE DUMP, bash -c '...' IS USED OTHERWISE OUTPUT > WOULD TRY TO GO TO THE HOST
|
||||
docker container exec bookstack_db bash -c 'mysqldump -u $MYSQL_USER -p$MYSQL_PASSWORD $MYSQL_DATABASE > $MYSQL_DIR/BACKUP.bookstack.database.sql'
|
||||
docker container exec bookstack-db bash -c 'mysqldump -u $MYSQL_USER -p$MYSQL_PASSWORD $MYSQL_DATABASE > $MYSQL_DIR/BACKUP.bookstack.database.sql'
|
||||
|
||||
# ARCHIVE UPLOADED FILES
|
||||
docker container exec bookstack tar -czPf /config/BACKUP.bookstack.uploaded-files.tar.gz /config/www/
|
||||
|
@ -194,10 +194,10 @@ but borg backup is daily making snapshot of the entire directory.
|
|||
|
||||
Assuming clean start, first restore the database before running the app container.
|
||||
|
||||
* start only the database container: `docker-compose up -d bookstack_db`
|
||||
* start only the database container: `docker-compose up -d bookstack-db`
|
||||
* have `BACKUP.bookstack.database.sql` mounted in by placing it in `bookstack/bookstack-data`
|
||||
* exec in to the container and restore the database</br>
|
||||
`docker container exec -it bookstack_db /bin/bash`</br>
|
||||
`docker container exec -it bookstack-db /bin/bash`</br>
|
||||
`cd /config`</br>
|
||||
`mysql -u $MYSQL_USER -p$MYSQL_PASSWORD $MYSQL_DATABASE < BACKUP.bookstack.database.sql`
|
||||
* now start the app container: `docker-compose up -d`
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
|
||||
![logo](https://i.imgur.com/6Wqs7J1.png)
|
||||
|
||||
### Purpose
|
||||
## Purpose
|
||||
|
||||
File share & sync.
|
||||
|
||||
|
@ -12,7 +12,7 @@ File share & sync.
|
|||
* [Github](https://github.com/nextcloud/server)
|
||||
* [DockerHub](https://hub.docker.com/_/nextcloud/)
|
||||
|
||||
### Files and directory structure
|
||||
## Files and directory structure
|
||||
|
||||
```
|
||||
/home
|
||||
|
@ -26,24 +26,16 @@ File share & sync.
|
|||
└── 🗋 nextcloud-backup-script.sh
|
||||
```
|
||||
|
||||
### docker-compose
|
||||
## docker-compose
|
||||
|
||||
Official examples [here](https://github.com/nextcloud/docker/tree/master/.examples/docker-compose)
|
||||
|
||||
There are several options, default recomendation is apache.
|
||||
Alternative is php-fpm as a stand alone container with either apache or ngnix.
|
||||
Apache with php as a module is used in this setup.
|
||||
|
||||
Four containers are spin up
|
||||
- `nextcloud` - nextcloud app with apache web server with php as a module
|
||||
- `nextcloud-db` - mariadb database where files and users meta data are stored
|
||||
- `nextcloud` - the nextcloud
|
||||
- `nextcloud-redis` - in memory data store for faster and responsive interface
|
||||
- `nextcloud-redis` - in memory file cashing and more reliable tranactional file locking
|
||||
- `nextcloud-cron` - for being able to run maintnance cronjobs
|
||||
|
||||
Two persinstent storages
|
||||
- `nextcloud-data` bind mount - nextcloud app storage with web server and the works
|
||||
- `nextcloud-data-db` bind mount - database storage
|
||||
|
||||
`docker-compose.yml`
|
||||
|
||||
```
|
||||
|
@ -64,6 +56,12 @@ Two persinstent storages
|
|||
- MYSQL_DATABASE
|
||||
- MYSQL_USER
|
||||
|
||||
nextcloud-redis:
|
||||
image: redis:alpine
|
||||
container_name: nextcloud-redis
|
||||
hostname: nextcloud-redis
|
||||
restart: unless-stopped
|
||||
|
||||
nextcloud:
|
||||
image: nextcloud:apache
|
||||
container_name: nextcloud
|
||||
|
@ -79,13 +77,13 @@ Two persinstent storages
|
|||
environment:
|
||||
- MYSQL_HOST
|
||||
- REDIS_HOST
|
||||
- NEXTCLOUD_TRUSTED_DOMAINS
|
||||
|
||||
nextcloud-redis:
|
||||
image: redis:alpine
|
||||
container_name: nextcloud-redis
|
||||
hostname: nextcloud-redis
|
||||
restart: unless-stopped
|
||||
- MAIL_DOMAIN
|
||||
- MAIL_FROM_ADDRESS
|
||||
- SMTP_SECURE
|
||||
- SMTP_HOST
|
||||
- SMTP_PORT
|
||||
- SMTP_NAME
|
||||
- SMTP_PASSWORD
|
||||
|
||||
nextcloud-cron:
|
||||
image: nextcloud:apache
|
||||
|
@ -121,13 +119,23 @@ Two persinstent storages
|
|||
# NEXTCLOUD
|
||||
MYSQL_HOST=nextcloud-db
|
||||
REDIS_HOST=nextcloud-redis
|
||||
NEXTCLOUD_TRUSTED_DOMAINS=
|
||||
|
||||
# USING SENDGRID FOR SENDING EMAILS
|
||||
MAIL_DOMAIN=blabla.org
|
||||
MAIL_FROM_ADDRESS=nextcloud
|
||||
SMTP_SECURE=ssl
|
||||
SMTP_HOST=smtp.sendgrid.net
|
||||
SMTP_PORT=465
|
||||
SMTP_NAME=apikey
|
||||
SMTP_PASSWORD=SG.asdasdasdasdasdasdsaasdasdsa
|
||||
```
|
||||
|
||||
### Reverse proxy
|
||||
## Reverse proxy
|
||||
|
||||
Caddy v2 is used,
|
||||
details [here](https://github.com/DoTheEvo/Caddy-v2-examples)
|
||||
|
||||
There are few extra directives here to fix some nextcloud warnings
|
||||
|
||||
`Caddyfile`
|
||||
```
|
||||
|
@ -136,61 +144,133 @@ Two persinstent storages
|
|||
}
|
||||
|
||||
nextcloud.{$MY_DOMAIN} {
|
||||
reverse_proxy {
|
||||
to nextcloud:80
|
||||
}
|
||||
reverse_proxy nextcloud:80
|
||||
header Strict-Transport-Security max-age=31536000;
|
||||
redir /.well-known/carddav /remote.php/carddav 301
|
||||
redir /.well-known/caldav /remote.php/caldav 301
|
||||
}
|
||||
```
|
||||
### First run
|
||||
|
||||
## First run
|
||||
|
||||
Nextcloud needs few minutes to start, then there is the initial configuration.
|
||||
Creating adming account and giving the database details as set in the `.env` file
|
||||
|
||||
![first-run-pic](https://i.imgur.com/EygHgKa.png)
|
||||
|
||||
|
||||
### Extra info
|
||||
## Security & setup warnings
|
||||
|
||||
- check if redis container works</br>
|
||||
exec in to redis container: `docker container exec -it nextcloud-redis /bin/sh`</br>
|
||||
Nextcloud has status check in *Settings > Administration > Overview*</br>
|
||||
There are likely several warnings on a freshly spun container.
|
||||
|
||||
- **The database is missing some indexes**
|
||||
- `docker exec --user www-data --workdir /var/www/html nextcloud php occ db:add-missing-indices`
|
||||
|
||||
- **Some columns in the database are missing a conversion to big int**
|
||||
- `docker exec --user www-data --workdir /var/www/html nextcloud php occ db:convert-filecache-bigint`
|
||||
|
||||
- **The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds.**
|
||||
- helps to know what [HSTS means](https://www.youtube.com/watch?v=kYhMnw4aJTw)
|
||||
- fixed in the reverse proxy section above in caddy config
|
||||
- the line `header Strict-Transport-Security max-age=31536000;`
|
||||
|
||||
- **Your web server is not properly set up to resolve "/.well-known/caldav"** and **Your web server is not properly set up to resolve "/.well-known/carddav".**
|
||||
- fixed in the reverse proxy section above in caddy config
|
||||
- `redir /.well-known/carddav /remote.php/carddav 301`
|
||||
- `redir /.well-known/caldav /remote.php/caldav 301`
|
||||
|
||||
![status-pic](https://i.imgur.com/wjjd5CJ.png)
|
||||
|
||||
|
||||
## Extra info
|
||||
|
||||
- **check if redis container works**</br>
|
||||
at `https://<nexcloud url>/ocs/v2.php/apps/serverinfo/api/v1/info`</br>
|
||||
ctrl+f for `redis`, should be in memcache.distributed and memcache.locking
|
||||
|
||||
you can also exec in to redis container: `docker exec -it nextcloud-redis /bin/bash`</br>
|
||||
start monitoring: `redis-cli MONITOR`</br>
|
||||
in browse start browsing files on the nextcloud,
|
||||
there should be lot of activity in the monitoring
|
||||
start browsing files on the nextcloud,
|
||||
there should be activity in the monitoring
|
||||
|
||||
- check if cron container works</br>
|
||||
- **check if cron container works**</br>
|
||||
in *settings > administration > basic settings*</br>
|
||||
**Background jobs** should be set to **Cron** and the last job info
|
||||
should never be older than 10 minutes
|
||||
Background jobs should be set to Cron</br>
|
||||
the last job info should never be older than 10 minutes</br>
|
||||
|
||||
- in *settings > administration > overview*</br>
|
||||
nextcloud complains about missing indexes or big int
|
||||
## Update
|
||||
|
||||
- in *settings > administration > overview*</br>
|
||||
nextcloud complains about missing indexes or big int
|
||||
* [watchtower](https://github.com/DoTheEvo/selfhosted-apps-docker/tree/master/watchtower) updates the image automaticly
|
||||
|
||||
- docker exec -it nextcloud /bin/sh
|
||||
- chsh -s /bin/sh www-data
|
||||
- su www-data
|
||||
- cd /var/www/html
|
||||
- php occ db:add-missing-indices
|
||||
- php occ db:convert-filecache-bigint
|
||||
* manual image update</br>
|
||||
`docker-compose pull`</br>
|
||||
`docker-compose up -d`</br>
|
||||
`docker image prune`
|
||||
|
||||
- in *settings > administration > overview*</br>
|
||||
not resolve "/.well-known/caldav" and "/.well-known/carddav"
|
||||
## Backup and restore
|
||||
|
||||
`docker container exec -it nextcloud /bin/sh`</br>
|
||||
`cd /etc/apache2/sites-enabled`</br>
|
||||
`echo >> 000-default.conf`</br>
|
||||
`echo Redirect 301 /.well-known/carddav /nextcloud/remote.php/dav >> 000-default.conf`</br>
|
||||
`echo Redirect 301 /.well-known/caldav /nextcloud/remote.php/dav >> 000-default.conf`
|
||||
* **backup** using [borgbackup setup](https://github.com/DoTheEvo/selfhosted-apps-docker/tree/master/borg_backup)
|
||||
that makes daily snapshot of the entire directory
|
||||
|
||||
* **restore**</br>
|
||||
down the nextcloud containers `docker-compose down`</br>
|
||||
delete the entire nextcloud directory</br>
|
||||
from the backup copy back the nextcloud directortory</br>
|
||||
start the container `docker-compose up -d`
|
||||
|
||||
![interface-pic](https://i.imgur.com/cN1GUZw.png)
|
||||
### Backup of just user data
|
||||
|
||||
# #4 Update Nextcloud
|
||||
user-data daily export using the [official procedure.](https://docs.nextcloud.com/server/latest/admin_manual/maintenance/backup.html)</br>
|
||||
For nextcloud it means entering maintenance mode,
|
||||
database dump and backing up several directories containing data, configs, themes.</br>
|
||||
The created backup files are overwriten on every run of the script,
|
||||
but borg backup is daily making snapshot of the entire directory.
|
||||
|
||||
`docker-compose pull`
|
||||
`docker-compose up -d`
|
||||
`docker image prune`
|
||||
* **create a backup script**</br>
|
||||
placed inside `nextcloud` directory on the host
|
||||
|
||||
`nextcloud-backup-script.sh`
|
||||
```
|
||||
#!/bin/bash
|
||||
|
||||
# #5.Backup and restore
|
||||
# MAINTENANCE MODE ON
|
||||
docker container exec --user www-data --workdir /var/www/html nextcloud php occ maintenance:mode --on
|
||||
|
||||
likely there will be container running borg or borgmatic and cron
|
||||
|
||||
# CREATE DATABASE DUMP, bash -c '...' IS USED OTHERWISE OUTPUT > WOULD TRY TO GO TO THE HOST
|
||||
docker container exec nextcloud-db bash -c 'mysqldump --single-transaction -h nextcloud-db -u $MYSQL_USER -p$MYSQL_PASSWORD $MYSQL_DATABASE > /var/lib/mysql/BACKUP.nextcloud.database.sql'
|
||||
|
||||
# ARCHIVE DIRECTORIES
|
||||
docker container exec --workdir /var/www/html nextcloud tar -czPf BACKUP.nextcloud.data.tar config data themes
|
||||
|
||||
# MAINTENANCE MODE OFF
|
||||
docker container exec --user www-data --workdir /var/www/html nextcloud php occ maintenance:mode --off
|
||||
```
|
||||
|
||||
the script must be **executabe** - `chmod +x bookstack-backup-script.sh`
|
||||
|
||||
* **cronjob** on the host</br>
|
||||
`crontab -e` - add new cron job</br>
|
||||
`0 2 * * * /home/bastard/docker/bookstack/bookstack-backup-script.sh` - run it [at 02:00](https://crontab.guru/#0_2_*_*_*)</br>
|
||||
`crontab -l` - list cronjobs
|
||||
|
||||
### Restore the user data
|
||||
|
||||
Assuming clean start, first restore the database before running the app container.
|
||||
|
||||
* start the containers: `docker-compose up -d`</br>
|
||||
let it run so it creates its file structure
|
||||
* down the containers: `docker-compose up -d`
|
||||
* from backup copy the direcotries `data`, `configs`, `themes` in to `nextcloud-data` replacing the ones in place
|
||||
* from backup copy the backup database in to `nextcloud-data-db`
|
||||
* start the containers: `docker-compose up -d`
|
||||
* set the correct user ownership of the direcotries copied:</br>
|
||||
`docker exec --workdir /var/www/html nextcloud chown -R www-data:www-data config data themes`
|
||||
* restore the database</br>
|
||||
`docker exec --workdir /var/lib/mysql nextcloud-db bash -c 'mysql -u $MYSQL_USER -p$MYSQL_PASSWORD $MYSQL_DATABASE < BACKUP.nextcloud.database.sql'`
|
||||
* turn off the maintenance mode:</br>
|
||||
`docker container exec --user www-data --workdir /var/www/html nextcloud php occ maintenance:mode --off`
|
||||
* update the systems data-fingerprint:</br>
|
||||
`docker exec --user www-data --workdir /var/www/html nextcloud php occ maintenance:data-fingerprint`
|
||||
* restart the containers: `docker-compose restart`
|
||||
* log in
|
||||
|
|
Loading…
Reference in New Issue