By having the environment explicit on each service, we both document
the settings and have more control over what each service is allowed
to see.
This avoids weird things like nginx having access to postgresql's
credentials on its environment.
As a bonus: we are able to use one single environment file, which is
basically dd.conf with some values that are dynamically-calculated and
added from dd-ctl.
That issue is fixed in NC 25, but it will likely not be backported to
NC 24.
It produces issues when modifying users and not modifying their
display name.
See also: https://github.com/nextcloud/server/issues/33751
This is used to tag Docker images in the registry / pull images form
the registry, it has been observed in the wiled that:
git rev-parse --short
can have different default values for its length depending on the
system.
We currently specify the length to be 8 as specified here:
https://git-scm.com/docs/git-rev-parse#Documentation/git-rev-parse.txt---shortlength
The first example of these changes relates to the latest Nextcloud
upgrades to major version 24.
Operators are now expected to read the latest version this file before
updating their instances.
This may be causing issues when the plugin requires occ upgrade
Alternatively, installing plugins may require it.
While there, also remove one of the nextcloud_scan calls and delay it
along with logo customisation until after a potential ./occ upgrade
has taken place.
NotaBLE és la col·laboració entre Gwido i el Workspace educatiu DD.
És un projecte de Xnet, IsardVDI, Gwido i Taller de Músics, guanyador
de la Ciutat Proactiva 2021, suport a la innovació urbana de la
Fundació BitHabitat.
The API spec file can be generated with:
python -m admin.views.test.test_ApiViews --generate-spec
From the admin development environment.
A simple testing ground that serves the Swagger UI can also be started with:
python -m admin.views.test.test_ApiViews
We do this more reliably on HAProxy, as doing it from WP requires
specialised plugins and in DD we are sure that traffic goes through
the corresponding HAProxy backend.
This fixes several issues where services would see the internal IP of
the proxy and not that of the client.
It works by first unsetting any proxy-related headers that arrive from
the internet, then setting those as seen by HAProxy's entrypoint
frontend.
And finally making sure that neither WAF when enabled nor other
HAProxy backends touch these headers, while they are actually used by
the final services.
Services affected: Netcloud, Keycloak, Moodle
The environment / dd.conf variables: PROXY_PROTOCOL and DISABLE_WAF
determine how DD and HAProxy will behave.
- PROXY_PROTOCOL: whether or not the PROXY protocol will be accepted
- DISABLE_WAF: whether or not WAF will be enabled
This simplifies maintenance, as well as the overall architecture and operation.
While at it, we now publish images for DD's HAProxy as well.