Added Nextcloud/Collabora

2026-05-07 22:05:02 +02:00
@@ -0,0 +1,3 @@
 podman pull certbot/certbot
 podman run -it -v /srv/containers/nginx/ssl:/etc/letsencrypt certbot certonly --manual --preferred-challenges dns -d *.[DOMAIN]
@@ -1,9 +0,0 @@
 [Unit]
 Name=certbot
 [Container]
 ContainerName=certbot
 Image=certbot/certbot
 AutoUpdate=registry
 Volume=/srv/containers/nginx/ssl:/etc/letsencrypt
@@ -1,18 +0,0 @@
 [Container]
 Image=gitea/gitea
 ContainerName=gitea
 Network=internal.network
 PublishPort=3000:3000
 PublishPort=2222:22
 Volume=/srv/containers/gitea:/data
 #Environment=USER_UID=1000
 #Environment=USER_GID=1000
 [Service]
 Restart=always
 [Install]
 WantedBy=multi-user.target
@@ -0,0 +1,78 @@
 APP_NAME = [SERVER_NAME]
 RUN_MODE = prod
 RUN_USER = git
 [repository]
 ROOT = /data/git/repositories
 [repository.local]
 LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
 [repository.upload]
 ENABLED = true
 TEMP_PATH = /data/gitea/uploads
 ALLOWED_TYPES =
 FILE_MAX_SIZE = 1024
 MAX_FILES = 10
 [server]
 APP_DATA_PATH = /data/gitea
 DOMAIN = code.[DOMAIN]
 SSH_DOMAIN = code.[DOMAIN]
 HTTP_PORT = 3000
 ROOT_URL = https://code.[DOMAIN]/
 PROTOCOL = http
 DISABLE_SSH = false
 SSH_PORT = 2222
 SSH_LISTEN_PORT = 22
 LFS_START_SERVER = true
 LFS_CONTENT_PATH = /data/git/lfs
 [database]
 DB_TYPE = postgres
 HOST = postgres:5432
 NAME = gitea
 USER = gitea
 PASSWD = [PASSWORD]
 SSL_MODE = disable
 LOG_SQL = false
 [indexer]
 ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
 [session]
 PROVIDER = file
 PROVIDER_CONFIG = /data/gitea/sessions
 [picture]
 AVATAR_UPLOAD_PATH = /data/gitea/avatars
 REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
 [attachment]
 PATH = /data/gitea/attachments
 ALLOWED_TYPES =
 MAX_SIZE = 1024
 MAX_FILES = 10
 [release.attachment]
 ALLOWED_TYPES =
 FILE_MAX_SIZE = 1024
 MAX_FILES = 10
 [log]
 MODE = console
 LEVEL = info
 ROOT_PATH = /data/gitea/log
 [security]
 INSTALL_LOCK = true
 SECRET_KEY = [SECRET_KEY]
 REVERSE_PROXY_LIMIT = 1
 REVERSE_PROXY_TRUSTED_PROXIES = *
 [service]
 DISABLE_REGISTRATION = false
 REQUIRE_SIGNIN_VIEW = false
 [lfs]
 PATH = /data/git/lfs
@@ -0,0 +1,27 @@
 [Unit]
 Name=gitea
 [Container]
 ContainerName=gitea
 Image=docker.gitea.com/gitea:1.26.1
 #AutoUpdate=registry
 Network=internal.network
 #NetworkAlias=gitea
 PublishPort=3000:3000
 PublishPort=2222:22
 Volume=/srv/containers/gitea:/data
 Volume=/etc/timezone:/etc/timezone:ro
 Volume=/etc/localtime:/etc/localtime:ro
 #Environment=USER_UID=1000
 #Environment=USER_GID=1000
 [Service]
 TimeoutStartSec=5m
 Restart=always
 [Install]
 WantedBy=multi-user.target default.target
@@ -0,0 +1,28 @@
 server {
    listen 443 ssl http2;
    server_name code.[DOMAIN];
    ssl_certificate /etc/letsencrypt/live/[DOMAIN]/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/[DOMAIN]/privkey.pem;
    client_max_body_size 1G;
    location / {
        proxy_pass http://gitea:3000;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $http_host;
        proxy_set_header X-Forwarded-Ssl on;
        proxy_read_timeout 3600;
        proxy_send_timeout 3600;
        proxy_connect_timeout 3600;
        proxy_request_buffering off;
        proxy_buffering off;
    }
 }
@@ -0,0 +1,21 @@
 [Unit]
 Name=collaboraoffice
 [Container]
 ContainerName=collaboraoffice
 Image=docker.io/library/collabora/code:latest
 AutoUpdate=registry
 Network=internal.network
 Environment=extra_params="--o:ssl.enable=false --o:ssl.termination=true --o:net.proto=IPv4"
 Environment=server_name=[DOMAIN]
 Environment=aliasgroup1=https://[DOMAIN]
 PublishPort=9980:9980
 [Service]
 TimeoutStartSec=5m
 Restart=on-failure
 [Install]
 WantedBy=multi-user.target default.target
@@ -0,0 +1,43 @@
 server {
    listen 443 ssl http2;
    server_name office.[DOMAIN];
    ssl_certificate /etc/letsencrypt/live/[DOMAIN]/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/[DOMAIN]/privkey.pem;
    location ^~ /browser {
        proxy_pass http://collaboraoffice:9980;
        proxy_set_header Host $http_host;
    }
    location ^~ /hosting/discovery {
        proxy_pass http://collaboraoffice:9980;
        proxy_set_header Host $http_host;
    }
    location ^~ /hosting/capabilities {
        proxy_pass http://collaboraoffice:9980;
        proxy_set_header Host $http_host;
    }
    location ~ ^/cool/(.*)/ws$ {
        proxy_pass http://collaboraoffice:9980;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $http_host;
        proxy_read_timeout 36000s;
    }
    location ~ ^/(c|l)ool {
        proxy_pass http://collaboraoffice:9980;
        proxy_set_header Host $http_host;
    }
    location ^~ /cool/adminws {
        proxy_pass http://collaboraoffice:9980;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $http_host;
        proxy_read_timeout 36000s;
    }
 }
@@ -0,0 +1,11 @@
 ### Configurazioni per SSL
 podman exec -it nextcloud php occ config:system:set trusted_domains 1 --value=cloud.[DOMAIN]
 podman exec -it nextcloud php occ config:system:set overwriteprotocol --value=https
 podman exec -it nextcloud php occ config:system:set overwritehost --value=cloud.[DOMAIN]
 podman exec -it nextcloud php occ config:system:set trusted_proxies 0 --value=nginx
 podman exec -it nextcloud php occ config:app:set richdocuments wopi_url --value="https://office.[DOMAIN]"
 podman exec -it nextcloud php occ config:app:set richdocuments public_wopi_url --value="https://office.[DOMAIN]"
 podman exec -it nextcloud php occ config:app:delete richdocuments wopi_discovery
 podman exec -it nextcloud php occ config:app:delete richdocuments wopi_capabilities
@@ -0,0 +1,21 @@
 [Unit]
 Name=nextcloud
 [Container]
 ContainerName=nextcloud
 Image=docker.io/library/nextcloud:latest
 AutoUpdate=registry
 Network=internal.network
 PublishPort=8080:80
 Volume=/srv/containers/nextcloud/config:/var/www/html/config
 Volume=/srv/containers/nextcloud/custom_apps:/var/www/html/custom_apps
 Volume=/srv/containers/nextcloud/data:/var/www/html/data
 [Service]
 TimeoutStartSec=5m
 Restart=on-failure
 [Install]
 WantedBy=multi-user.target default.target
@@ -0,0 +1,48 @@
 server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name cloud.[DOMAIN];
    ssl_certificate /etc/letsencrypt/live/[DOMAIN]/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/[DOMAIN]/privkey.pem;
    client_max_body_size 0;
    underscores_in_headers on;
    location / {
        proxy_pass http://nextcloud:80;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $http_host;
        proxy_set_header X-Forwarded-Ssl on;
        proxy_redirect off;
        proxy_buffering off;
        proxy_request_buffering off;
        proxy_max_temp_file_size 0;
        proxy_read_timeout 3600;
        proxy_send_timeout 3600;
    }
    location = /.well-known/carddav {
        return 301 https://$http_host/remote.php/dav;
    }
    location = /.well-known/caldav {
        return 301 https://$http_host/remote.php/dav;
    }
    location = /.well-known/webfinger {
        return 301 https://$http_host/index.php/.well-known/webfinger;
    }
    location = /.well-known/nodeinfo {
        return 301 https://$http_host/index.php/.well-known/nodeinfo;
    }
 }
		`@@ -0,0 +1,3 @@`
							`podman pull certbot/certbot`

							`podman run -it -v /srv/containers/nginx/ssl:/etc/letsencrypt certbot certonly --manual --preferred-challenges dns -d *.[DOMAIN]`