From 849d981d5bc359c1c00a57a6ab632b6ee80ae22c Mon Sep 17 00:00:00 2001
From: Simon Belbeoch <39310468+LiquidITGuy@users.noreply.github.com>
Date: Sat, 24 Apr 2021 01:25:41 +0200
Subject: [PATCH] Upgrade nextcloud from 19.0.0 to 21.0.1 (#405)

* add intelliJ idea's project configuration to gitignore

* upgrade mariadb from 10.5.3 to 10.5.9 for nextcloud

* add redis to nextcloud and upgrade from 19.0.0 to 21.0.1

* remove bad http port for nextcloud

* improve nextcloud end instructions

Co-authored-by: Simon Belbeoch <simon.belbeoch@octo.com>
---
 .gitignore                   |  1 +
 public/v4/apps/nextcloud.yml | 42 +++++++++++++++++++++++++++---------
 2 files changed, 33 insertions(+), 10 deletions(-)

diff --git a/.gitignore b/.gitignore
index 8297107..37a347a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@
 dist/*
 node_modules
 .DS_Store
+.idea/
diff --git a/public/v4/apps/nextcloud.yml b/public/v4/apps/nextcloud.yml
index 2118695..855395a 100644
--- a/public/v4/apps/nextcloud.yml
+++ b/public/v4/apps/nextcloud.yml
@@ -13,9 +13,16 @@ services:
             MYSQL_PASSWORD: $$cap_db_pass
         caproverExtra:
             notExposeAsWebApp: 'true'
+    $$cap_appname-redis:
+        documentation: Taken from https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/docker-compose.yml
+        image: redis:$$cap_redis_version
+        restart: always
+        caproverExtra:
+            notExposeAsWebApp: 'true'
     $$cap_appname:
         depends_on:
             - $$cap_appname-db
+            - $$cap_appname-redis
         documentation: Taken from https://hub.docker.com/_/nextcloud
         image: nextcloud:$$cap_nextcloud_version
         volumes:
@@ -27,14 +34,16 @@ services:
             MYSQL_USER: $$cap_db_user
             MYSQL_PASSWORD: $$cap_db_pass
             MYSQL_HOST: srv-captain--$$cap_appname-db
+            REDIS_HOST: srv-captain--$$cap_appname-redis
             NEXTCLOUD_ADMIN_USER: $$cap_admin_user
             NEXTCLOUD_ADMIN_PASSWORD: $$cap_admin_pass
             NEXTCLOUD_TRUSTED_DOMAINS: $$cap_appname.$$cap_root_domain
     $$cap_appname-cron:
         depends_on:
             - $$cap_appname-db
+            - $$cap_appname-redis
             - $$cap_appname
-        documentation: https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/insecure/mariadb-cron-redis/apache/docker-compose.yml
+        documentation: https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/docker-compose.yml
         restart: always
         volumes:
             - $$cap_appname-data:/var/www/html
@@ -47,27 +56,33 @@ caproverOneClickApp:
     variables:
         - id: $$cap_nextcloud_version
           label: NextCloud Version
-          defaultValue: 19.0.0
+          defaultValue: 21.0.1
           description: >-
-              Check out their Docker page for the valid tags https://hub.docker.com/r/library/nextcloud/tags/
+              Check out their Docker page for the valid tags https://hub.docker.com/_/nextcloud?tab=tags
 
 
               Do not use fpm versions.
+          validRegex: /^((?!fpm)\S)+$/
+        - id: $$cap_redis_version
+          label: Redis Version
+          defaultValue: 6.2.2
+          description: Check out their Docker page for the valid tags https://hub.docker.com/_/redis?tab=tags
           validRegex: /^([^\s^\/])+$/
         - id: $$cap_mariadb_version
           label: MariaDB (database) version
-          defaultValue: 10.5.3
+          defaultValue: 10.5.9
           description: Check out their Docker page for the valid tags https://hub.docker.com/_/mariadb?tab=tags
           validRegex: /^([^\s^\/])+$/
-        - id: $$cap_db_pass
-          label: database password
-          description: Password for the database user and root using mysql.
-          validRegex: /.{1,}/
         - id: $$cap_db_user
           label: database user
           defaultValue: nextcloud
           description: Username for the database using mysql.
           validRegex: /^([a-zA-Z0-9])+$/
+        - id: $$cap_db_pass
+          label: database password
+          defaultValue: $$cap_gen_random_hex(32)
+          description: Password for the database user and root using mysql.
+          validRegex: /.{1,}/
         - id: $$cap_admin_user
           label: admin name
           defaultValue: admin
@@ -76,7 +91,7 @@ caproverOneClickApp:
         - id: $$cap_admin_pass
           label: admin password
           description: Password for the Nextcloud admin user.
-          validRegex: /.{1,}/
+          validRegex: /.{8,}/
         - id: $$cap_http_https_cors
           label: Protocol of proxy
           defaultValue: https
@@ -90,7 +105,14 @@ caproverOneClickApp:
             If you set the cors sections to https, please enable https on your app. If you do not activate it you will have an error.
 
 
-            For better performances and compliance, you can add "add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;" below "proxy_set_header X-Forwarded-Proto $scheme;" into the nginx configuration.
+            For better performances and compliance, click on "edit default nginx configuration" button then
+            below "proxy_set_header X-Forwarded-Proto $scheme;"
+            add "add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;"  into the nginx configuration.
+
+            You can see HSTS parts of the nextcloud security documentation https://docs.nextcloud.com/server/21/admin_manual/installation/harden_server.html for further informations
+
+
+            You can also scan your nextcloud instance on https://scan.nextcloud.com/
     displayName: nextcloud
     isOfficial: true
     description: Nextcloud is a suite of client-server software for creating and using file hosting services