Skip to content

Commit

Permalink
Add ability to specify additional docker network
Browse files Browse the repository at this point in the history
Signed-off-by: Apoorv Parle <[email protected]>
  • Loading branch information
apparle committed Oct 29, 2024
1 parent a02d164 commit 58ff7b7
Show file tree
Hide file tree
Showing 4 changed files with 54 additions and 2 deletions.
1 change: 1 addition & 0 deletions compose.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ services:
# AIO_COMMUNITY_CONTAINERS: # With this variable, you can add community containers very easily. See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers
# APACHE_PORT: 11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
# APACHE_IP_BINDING: 127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
# APACHE_CONTAINER_ADDITIONAL_NETWORK: frontend_net # (Optional) Connect the apache container to an additional docker network. Needed when behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) running in a different docker network on same server. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
# BORG_RETENTION_POLICY: --keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy
# COLLABORA_SECCOMP_DISABLED: false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
# NEXTCLOUD_DATADIR: /mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. ⚠️⚠️⚠️ Warning: do not set or adjust this value after the initial Nextcloud installation is done! See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
Expand Down
7 changes: 7 additions & 0 deletions php/src/Data/ConfigurationManager.php
Original file line number Diff line number Diff line change
Expand Up @@ -888,6 +888,13 @@ public function DeleteCollaboraDictionaries() : void {
$this->WriteConfig($config);
}

public function GetApacheContainerAdditionalNetwork() : string {
$envVariableName = 'APACHE_CONTAINER_ADDITIONAL_NETWORK';
$configName = 'apache_container_additional_network';
$defaultValue = '';
return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
}

public function GetApacheIPBinding() : string {
$envVariableName = 'APACHE_IP_BINDING';
$configName = 'apache_ip_binding';
Expand Down
39 changes: 39 additions & 0 deletions php/src/Docker/DockerActionManager.php
Original file line number Diff line number Diff line change
Expand Up @@ -844,6 +844,33 @@ private function DisconnectContainerFromBridgeNetwork(string $id) : void
}
}

private function ConnectContainerIdToExistingNetwork(string $id, string $internalPort, string $network) : void
{
if ($internalPort === 'host') {
return;
}

$url = $this->BuildApiUrl(
sprintf('networks/%s/connect', $network)
);
try {
$this->guzzleClient->request(
'POST',
$url,
[
'json' => [
'container' => $id,
]
]
);
} catch (RequestException $e) {
// 403 is undocumented and gets thrown if a specific container is already part of a network
if ($e->getCode() !== 403) {
throw $e;
}
}
}

private function ConnectContainerIdToNetwork(string $id, string $internalPort, string $network = 'nextcloud-aio') : void
{
if ($internalPort === 'host') {
Expand Down Expand Up @@ -897,11 +924,23 @@ public function ConnectMasterContainerToNetwork() : void
$this->ConnectContainerIdToNetwork('nextcloud-aio-mastercontainer', '');
// Don't disconnect here since it slows down the initial login by a lot. Is getting done during cron.sh instead.
// $this->DisconnectContainerFromBridgeNetwork('nextcloud-aio-mastercontainer');

$apacheContainerAdditionalNetwork = $this->configurationManager->GetApacheContainerAdditionalNetwork();
if ($apacheContainerAdditionalNetwork !== '') {
$this->ConnectContainerIdToExistingNetwork('nextcloud-aio-mastercontainer', '', $apacheContainerAdditionalNetwork);
}
}

public function ConnectContainerToNetwork(Container $container) : void
{
$this->ConnectContainerIdToNetwork($container->GetIdentifier(), $container->GetInternalPort());

if ($container->GetIdentifier() === 'nextcloud-aio-apache') {
$apacheContainerAdditionalNetwork = $this->configurationManager->GetApacheContainerAdditionalNetwork();
if ($apacheContainerAdditionalNetwork !== '') {
$this->ConnectContainerIdToExistingNetwork($container->GetIdentifier(), $container->GetInternalPort(), $apacheContainerAdditionalNetwork);
}
}
}

public function StopContainer(Container $container) : void {
Expand Down
9 changes: 7 additions & 2 deletions reverse-proxy.md
Original file line number Diff line number Diff line change
Expand Up @@ -44,9 +44,14 @@ All examples below will use port `11000` as `APACHE_PORT`. This port will be exp

<summary>On the same server in a Docker container</summary>

For this setup, you can use as target `host.docker.internal:$APACHE_PORT` instead of `localhost:$APACHE_PORT`. **⚠️ Important:** In order to make this work on Docker for Linux, you need to add `--add-host=host.docker.internal:host-gateway` to the docker run command of your reverse proxy container or `extra_hosts: ["host.docker.internal:host-gateway"]` in docker compose (it works on Docker Desktop by default).
For this setup, the reverse-proxy container and the nextcloud containers (specifically the `nextcloud-aio-mastercontainer` and `nextcloud-aio-apache`) need to be connected to the same bridge network. This can be achieved in one of these two ways:

Another option (actually the recommended way) in this case is to use `--network host` option (or `network_mode: host` for docker-compose) as setting for the reverse proxy container to connect it to the host network. If you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy manually. By doing so, the default sample configurations that point at `localhost:$APACHE_PORT` should work without having to modify them.
* Reverse Proxy container is connected to `nextcloud-aio` network, either by setting it up under the same service (same docker compose file) or as a secondary external network in the reverse proxy container service.
* The front-facing nextcloud containers (`nextcloud-aio-mastercontainer` and `nextcloud-aio-apache`) are connected to the docker network of the reverse proxy container by specifying env variable `APACHE_CONTAINER_ADDITIONAL_NETWORK`.

After this the reverse-proxy can utilize Docker DNS networking to access nextcloud by container names at `http://nextcloud-aio-apache:$APACHE_PORT` and `https://nextcloud-aio-mastercontainer:8080`.

A third alternative is to utilize host networking instead of docker bridge networking: Specify `--network host` option (or `network_mode: host` for docker-compose) as setting for the reverse proxy container to connect it to the host network. If you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy manually. By doing so, the default sample configurations that point at `localhost:$APACHE_PORT` should work without having to modify them.

</details>

Expand Down

0 comments on commit 58ff7b7

Please sign in to comment.