Skip to content

feat: oc11 to support docker only deployments #1511

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
DeepDiver1975 wants to merge 6 commits into
base: master
Choose a base branch
from
Draft

feat: oc11 to support docker only deployments #1511

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
62d9700
feat: drop non-docker deployment docs
DeepDiver1975 Mar 30, 2026
738e7d8
feat: drop Raspberry
DeepDiver1975 Mar 30, 2026
919917d
feat: remove "Changing Your ownCloud URL"
DeepDiver1975 Mar 30, 2026
079a9d9
feat: remove lets encrypt and selinux configuration
DeepDiver1975 Mar 30, 2026
d33cae2
feat: drop db:convert-type
DeepDiver1975 Mar 30, 2026
1d3f714
feat: use occ and no sudo
DeepDiver1975 Apr 2, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 1 addition & 2 deletions global-attributes.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,8 +36,7 @@
oc-examples-username: 'username'
oc-examples-password: 'password'
oc-complete-name: 'owncloud-complete-latest'
occ-command-example-prefix: 'sudo -u www-data ./occ'
occ-command-example-prefix-no-sudo: 'occ'
occ-command-example-prefix: 'occ'
php-net-url: 'https://www.php.net'
php-supported-versions-url: 'https://www.php.net/supported-versions.php'
http-status-codes-base-url: 'https://developer.mozilla.org/en-US/docs/Web/HTTP/Status'
Expand Down
2 changes: 2 additions & 0 deletions ...les/admin_manual/pages/configuration/database/linux_database_configuration.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -185,6 +185,8 @@ innodb_file_per_table=ON
{occ-command-example-prefix} db:convert-mysql-charset
----
+
NOTE: Run this command inside the ownCloud Docker container.
+
When this is done, tables will be created with:
+
* A `utf8mb4` character set.
Expand Down
40 changes: 40 additions & 0 deletions ...admin_manual/pages/configuration/files/encryption/encryption_configuration.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -123,11 +123,15 @@ To enable the encryption app, run the following command:
{occ-command-example-prefix} app:enable encryption
----

NOTE: Run this command inside the ownCloud Docker container.

[source,bash,subs="attributes+"]
----
{occ-command-example-prefix} encryption:enable
----

NOTE: Run this command inside the ownCloud Docker container.

If the encryption app is successfully enabled, you should see the following confirmations:

[source,plaintext]
Expand Down Expand Up @@ -165,27 +169,35 @@ To be safe and avoid any issues on a running instance, put your server in single
{occ-command-example-prefix} maintenance:singleuser --on
----

NOTE: Run this command inside the ownCloud Docker container.

Enabling encryption via the command line involves several commands. If not already done, enable the default encryption module app with the following command:

[source,bash,subs="attributes+"]
----
{occ-command-example-prefix} app:enable encryption
----

NOTE: Run this command inside the ownCloud Docker container.

Then enable encryption, using the following command:

[source,bash,subs="attributes+"]
----
{occ-command-example-prefix} encryption:enable
----

NOTE: Run this command inside the ownCloud Docker container.

Finally, encrypt all data, using the following command:

[source,bash,subs="attributes+"]
----
{occ-command-example-prefix} encryption:encrypt-all --yes
----

NOTE: Run this command inside the ownCloud Docker container.

NOTE: This command is not typically required as the master key is often enabled at installation time. As a result when enabling it, there should be no data to encrypt. In case it’s being enabled after the installation and there are files which are unencrypted, xref:configuration/server/occ_command.adoc#encrypt-all[encrypt-all] can be used to encrypt them. Depending on the amount of existing data and the location, this operation can take a long time.

Now you can turn off the single user mode:
Expand All @@ -195,6 +207,8 @@ Now you can turn off the single user mode:
{occ-command-example-prefix} maintenance:singleuser --off
----

NOTE: Run this command inside the ownCloud Docker container.

=== View Current Encryption Status

Get the current encryption status and the loaded encryption module:
Expand All @@ -204,6 +218,8 @@ Get the current encryption status and the loaded encryption module:
{occ-command-example-prefix} encryption:status
----

NOTE: Run this command inside the ownCloud Docker container.

=== Replacing an Existing Master Key

If the master key needs replacement, for example because it has been compromised, an occ command is available. The command is xref:configuration/server/occ_command.adoc#encryption[encryption:recreate-master-key]. It replaces an existing master key with a new one and encrypts the files with the new key.
Expand All @@ -217,6 +233,8 @@ You must first put your ownCloud server into single-user mode to prevent any use
{occ-command-example-prefix} maintenance:singleuser --on
----

NOTE: Run this command inside the ownCloud Docker container.

[source,plaintext]
----
Single user mode is currently enabled
Expand All @@ -229,6 +247,8 @@ Decrypt all user data files, or optionally a single user:
{occ-command-example-prefix} encryption:decrypt-all [username]
----

NOTE: Run this command inside the ownCloud Docker container.

=== Disable Encryption

To disable encryption, put your ownCloud server into single-user mode, and then disable your encryption module with these commands:
Expand All @@ -238,18 +258,24 @@ To disable encryption, put your ownCloud server into single-user mode, and then
{occ-command-example-prefix} maintenance:singleuser --on
----

NOTE: Run this command inside the ownCloud Docker container.

[source,bash,subs="attributes+"]
----
{occ-command-example-prefix} encryption:disable
----

NOTE: Run this command inside the ownCloud Docker container.

Take it out of single-user mode when you are finished, by using the following command:

[source,bash,subs="attributes+"]
----
{occ-command-example-prefix} maintenance:singleuser --off
----

NOTE: Run this command inside the ownCloud Docker container.

[IMPORTANT]
====
You may only disable encryption by using the xref:configuration/server/occ_command.adoc#encryption[occ Encryption Commands]. Make sure you have backups of all encryption keys, including those for all your users if user key encryption was selected.
Expand All @@ -264,6 +290,8 @@ Get the current encryption status and the loaded encryption module:
{occ-command-example-prefix} encryption:status
----

NOTE: Run this command inside the ownCloud Docker container.

=== Enable Users' File Recovery Keys

If users encrypt their files and lose their ownCloud password, they lose access to their encrypted files as the files will be unrecoverable. It is not possible to reset a user’s password using the standard reset process if the user's files are encrypted.
Expand Down Expand Up @@ -315,6 +343,8 @@ You must first put your ownCloud server into single-user mode to prevent any use
{occ-command-example-prefix} maintenance:singleuser --on
----

NOTE: Run this command inside the ownCloud Docker container.

[source,plaintext]
----
Single user mode is currently enabled
Expand All @@ -329,11 +359,15 @@ You may disable encryption only with `occ`. Make sure you have backups of all th
{occ-command-example-prefix} maintenance:singleuser --on
----

NOTE: Run this command inside the ownCloud Docker container.

[source,bash,subs="attributes+"]
----
{occ-command-example-prefix} encryption:disable
----

NOTE: Run this command inside the ownCloud Docker container.

IMPORTANT: Encryption cannot be disabled without the user’s password or
xref:enable-users-file-recovery-keys[file recovery key].
If you don’t have access to at least one of these then there is no way to decrypt all files.
Expand All @@ -345,6 +379,8 @@ command:
{occ-command-example-prefix} maintenance:singleuser --off
----

NOTE: Run this command inside the ownCloud Docker container.

It is possible to disable encryption with the file recovery key _if_ every user has enabled it. In this case, "decrypt all" will decrypt all files of all users.

NOTE: It is *not* planned to move this to the next user login or a background job. If that was done, then login passwords would need to be stored in the database, which could be a security issue.
Expand All @@ -358,6 +394,8 @@ View current location of keys:
{occ-command-example-prefix} encryption:show-key-storage-root
----

NOTE: Run this command inside the ownCloud Docker container.

[source,plaintext]
----
Current key storage root: default storage location (data/)
Expand Down Expand Up @@ -385,6 +423,8 @@ chmod -R 0770 /var/www/owncloud/data/new_keys
{occ-command-example-prefix} encryption:change-key-storage-root new_keys
----

NOTE: Run this command inside the ownCloud Docker container.

[source,plaintext]
----
Change key storage root from default storage location to new_keys
Expand Down
10 changes: 10 additions & 0 deletions .../pages/configuration/files/encryption/encryption_configuration_quick_guide.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,13 +24,17 @@ This quick guide gives a brief summary of the commands needed without going into
{occ-command-example-prefix} maintenance:singleuser --off
----

NOTE: Run this command inside the ownCloud Docker container.

=== View the Encryption Status

[source,bash,subs="attributes+"]
----
{occ-command-example-prefix} encryption:status
----

NOTE: Run this command inside the ownCloud Docker container.

=== Decrypt Encrypted Files

Depending on the amount of existing data, this operation can take a long time.
Expand All @@ -42,6 +46,8 @@ Depending on the amount of existing data, this operation can take a long time.
{occ-command-example-prefix} maintenance:singleuser --off
----

NOTE: Run this command inside the ownCloud Docker container.

=== Deactivate Master-Key-Based Encryption

[source,bash,subs="attributes+"]
Expand All @@ -52,13 +58,17 @@ Depending on the amount of existing data, this operation can take a long time.
{occ-command-example-prefix} app:disable encryption
----

NOTE: Run this command inside the ownCloud Docker container.

If the master key has been compromised or exposed, you can replace it. You will need the current master key for it.

[source,bash,subs="attributes+"]
----
{occ-command-example-prefix} encryption:recreate-master-key
----

NOTE: Run this command inside the ownCloud Docker container.

== Clean up Your Database

Access your ownCloud database and remove the remaining entries that have not been automatically removed with this command:
Expand Down
4 changes: 3 additions & 1 deletion modules/admin_manual/pages/configuration/files/external_storage/configuration.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,7 @@ TIP: Please refer to xref:configuration/server/import_ssl_cert.adoc[Importing Sy
The following backends are provided by the external storages app. Other
apps may provide their own backends, which are not listed here.

NOTE: A non-blocking or correctly configured SELinux setup is needed for these backends to work. Please refer to xref:installation/selinux_configuration.adoc[the SELinux configuration].
NOTE: A non-blocking or correctly configured SELinux setup is needed for these backends to work.

== Allow Users to Mount External Storage

Expand Down Expand Up @@ -137,6 +137,8 @@ You might need to setup a cron job that runs
{occ-command-example-prefix} files:scan --all`
----

NOTE: Run this command inside the ownCloud Docker container.

* Alternatively, replace `--all` with the user name to trigger a rescan of the user’s files periodically,
for example every 15 minutes, which includes the mounted external storage.
+
Expand Down
20 changes: 20 additions & 0 deletions ...min_manual/pages/configuration/files/federated_cloud_sharing_configuration.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,8 @@ image::configuration/files/browser-address-bars.png[Lock icon in Firefox, Google
----
{occ-command-example-prefix} system:cron
----
+
NOTE: Run this command inside the ownCloud Docker container.

. Run the `OCA\Federation\SyncJob` job with the `force` option on both servers. +
You can get the corresponding job ID by using the `background:queue:status` occ command:
Expand All @@ -44,6 +46,8 @@ You can get the corresponding job ID by using the `background:queue:status` occ
----
{occ-command-example-prefix} background:queue:execute --force <jobId>
----
+
NOTE: Run this command inside the ownCloud Docker container.

. The check should now be green

Expand All @@ -54,6 +58,8 @@ You can get the corresponding job ID by using the `background:queue:status` occ
{occ-command-example-prefix} dav:sync-system-addressbook
{occ-command-example-prefix} federation:sync-addressbook
----
+
NOTE: Run this command inside the ownCloud Docker container.

. Configure automatic acceptance of new federated shares
+
Expand All @@ -65,6 +71,8 @@ NOTE: Automatic acceptance of new federated shares will not work if the option `
{occ-command-example-prefix} config:app:set federation auto_accept_trusted --value '0'
{occ-command-example-prefix} config:app:set federatedfilesharing auto_accept_trusted --value 'yes'
----

NOTE: Run this command inside the ownCloud Docker container.
--

== Working With Proxies
Expand Down Expand Up @@ -117,6 +125,8 @@ Alternatively you can use the command line:
{occ-command-example-prefix} config:app:set files_sharing cronjob_scan_external_enabled --value 'yes'
----

NOTE: Run this command inside the ownCloud Docker container.

You can also configure these settings of the cronjob:

. the minimum amount of time since last login of a user so that a scan is triggered (ensures only active users get fed shares synced)
Expand All @@ -125,27 +135,35 @@ You can also configure these settings of the cronjob:
----
{occ-command-example-prefix} config:app:set files_sharing cronjob_scan_external_min_login --value <integer-seconds>
----
+
NOTE: Run this command inside the ownCloud Docker container.

. the minimum amount of time since last scanned so that the next scan is triggered (avoid frequent scan when active collaboration)
+
[source,bash,subs="attributes+"]
----
{occ-command-example-prefix} config:app:set files_sharing cronjob_scan_external_min_scan --value <integer-seconds>
----
+
NOTE: Run this command inside the ownCloud Docker container.

. the maximum number of federated share scans per 10 minutes (scan performed only if fed share files got updated)
+
[source,bash,subs="attributes+"]
----
{occ-command-example-prefix} config:app:set files_sharing cronjob_scan_external_batch --value <integer-number>
----
+
NOTE: Run this command inside the ownCloud Docker container.

. Use the following command to force a run of the scanner cronjob:
+
[source,bash,subs="attributes+"]
----
{occ-command-example-prefix} background:queue:execute --force --accept-warning <id-of-fed-scanner-job>
----
+
NOTE: Run this command inside the ownCloud Docker container.

== Known Issues

Expand Down Expand Up @@ -173,6 +191,8 @@ It is possible to configure the VCARD properties that are searched in order to r
{occ-command-example-prefix} config:app:set dav remote_search_properties --value=CLOUD,FN,EMAIL
----

NOTE: Run this command inside the ownCloud Docker container.

Possible values are:

* VERSION
Expand Down
Loading