Manage Script, Resource Limits, OnlyOffice Changes (#14)

* Create explicit file for cron, add two automations from fixes.

* Merge the OnlyOffice project into the Nextcloud project. Enhance comments and changelog. Make the container names consistent.

* Found the link. :)

* Add more variables.

* Add a TBD file for mail server.

* Create new script which will replace most the existing single purpose management scripts.

* Add limit to DNS so that if Internet goes out it does not max system resources.

* Prevent OnlyOffice from getting too hungry.

* Ensure Reverse Proxy always has at least some resources.

* Separate build. Add stats -s and combination option -A.

* Make script config file aware. Add comments.

* Add more comments.

* Fix comments.

* Further determine resource allocations.

* Also avoid checking for cron's call to the program.

* Add clean and log parameters. Some clean up.

* Update setups to have DIR first.

* Remove files taken over by manage script.

* Cleaning comments and output.

Config/DNS/docker-compose.yml

@@ -15,3 +15,12 @@ services:
     ports:
       - "53:53/udp"
       - "53:53/tcp"
+    deploy:
+      mode: global
+      resources:
+        limits:
+          cpus: '0.50'
+          memory: 512M
+        reservations:
+          cpus: '0.25'
+          memory: 128M

Config/Hyperling.com/docker-compose.yml

@@ -10,3 +10,9 @@ services:
     restart: always
     ports:
       - 8317:8080
+    deploy:
+      mode: global
+      resources:
+        limits:
+          cpus: '0.25'
+          memory: 256M

Config/Nextcloud/cron.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+# 2023-08-25 Hyperling
+# Put the cron command in a script as well as other automation.
+# This should be added to root's crontab with the full path, such as:
+#   */5 * * * * /opt/Docker/Config/Nextcloud/cron.ksh
+
+# Check if a job is already going.
+PROG="$(basename -- "${BASH_SOURCE[0]}")"
+RUNNING=`ps -ef | grep $PROG | grep -v grep | grep -v $$ | grep -v "sh -c" | wc -l`
+if (( $RUNNING > 0 )); then
+	exit $RUNNING
+fi
+
+# 2023-08-25 From crontab.
+docker exec -u www-data nc-app php cron.php --define apc.enable_cli=1
+
+# 2023-08-25 From fixes.sh, keep ownership correct and apps up to date.
+docker exec -it nc-app chown -Rc www-data:www-data .
+docker exec -itu www-data nc-app ./occ app:update --all
+
+exit 0

Config/Nextcloud/docker-compose.yml

@@ -3,19 +3,25 @@
 #   https://hub.docker.com/_/nextcloud
 
 # Changelog:
-# 2023-07-16 Change from mariadb:10.5 to 10.6.
-# 2023-08-20 Add Redis. (https://markontech.com/docker/setup-nextcloud-with-redis-using-docker/)
-# 2023-08-21 Got NC to work with OO after specifying the Advanced parameters!
-#              OO Address: https://FQDN-For-Reverse-Proxied-OO-Server
-#              OO Secret: Contents-Of-$JWT_SECRET
-#              OO Header:
-#              OO Internal Address: http://docker-server-ip:8000
-#              NC Internal Address: http://docker-server-ip:8080
+#   2023-07-16
+#     Change from mariadb:10.5 to 10.6.
+#   2023-08-20
+#     Add Redis. (https://markontech.com/docker/setup-nextcloud-with-redis-using-docker/)
+#   2023-08-21
+#     Got NC to work with OO after specifying the Advanced parameters!
+#   2023-08-26
+#     Try combining OnlyOffice to here again. It has been on its own since
+#     2023-07-25 but isn't being used for anything else. OO is slow to respond
+#     and upgrades can no longer be done separately but this keeps it all easier
+#     to maintain and may allow the internal address to be based on container
+#     name instead of the docker hosts's IP.
 
 version: '3'
 
 services:
-  db:
+
+  ## MariaDB ##
+  nc-db:
     container_name: nc-db
     image: mariadb:10.6
     restart: always
@@ -27,29 +33,75 @@ services:
       - MYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD
       - MYSQL_USER=$MYSQL_USER
       - MYSQL_PASSWORD=$MYSQL_PASSWORD
+    deploy:
+      mode: global
+      resources:
+        limits:
+          cpus: '0.50'
+          memory: 1G
+        reservations:
+          cpus: '0.25'
+          memory: 256M
 
-  redis:
+  ## Redis ##
+  nc-redis:
     container_name: nc-redis
     image: redis
     restart: always
     command: redis-server --requirepass $REDIS_HOST_PASSWORD
+    deploy:
+      mode: global
+      resources:
+        limits:
+          cpus: '0.25'
+          memory: 128M
 
-  app:
+  ## OnlyOffice ##
+  nc-oo:
+    container_name: nc-oo
+    image: onlyoffice/documentserver
+    restart: always
+    ports:
+      - 8081:80
+    environment:
+      - JWT_SECRET=$JWT_SECRET
+    deploy:
+      mode: global
+      resources:
+        limits:
+          cpus: '0.75'
+          memory: 1G
+
+  ## Nextcloud ##
+  nc-app:
     container_name: nc-app
     image: nextcloud
     restart: always
     ports:
       - 8080:80
     links:
-      - db
-      - redis
+      - nc-db
+      - nc-redis
+      - nc-oo
     volumes:
       - ../../Volumes/Nextcloud/nextcloud:/var/www/html
     environment:
+      - NEXTCLOUD_ADMIN_USER=$NEXTCLOUD_ADMIN_USER
+      - NEXTCLOUD_ADMIN_PASSWORD=$NEXTCLOUD_ADMIN_PASSWORD
+      - PHP_MEMORY_LIMIT=$PHP_MEMORY_LIMIT
+      - PHP_UPLOAD_LIMIT=$PHP_UPLOAD_LIMIT
       - MYSQL_HOST=$MYSQL_HOST
       - MYSQL_DATABASE=$MYSQL_DATABASE
       - MYSQL_USER=$MYSQL_USER
       - MYSQL_PASSWORD=$MYSQL_PASSWORD
-      - PHP_UPLOAD_LIMIT=$PHP_UPLOAD_LIMIT
       - REDIS_HOST=$REDIS_HOST
       - REDIS_HOST_PASSWORD=$REDIS_HOST_PASSWORD
+    deploy:
+      mode: global
+      resources:
+        limits:
+          cpus: '2.00'
+          # No memory limit.
+        reservations:
+          cpus: '0.50'
+          memory: 512M

Config/Nextcloud/env.example

@@ -1,18 +1,55 @@
-# Example environment file for Nextcloud stack, should be copied as `.env`.
+# Example environment file for Nextcloud stack, should be copied as `.env`. The
+#   variables here only apply to the compose file. If you need it passed to a
+#   container then it also needs specified in its `environment:` operator.
+#
+# ** All usernames and passwords need changed before running in production! **
+#
+# Full guide on the Nextcloud parameters which may be supplied:
+#   https://github.com/docker-library/docs/blob/master/nextcloud/README.md#auto-configuration-via-environment-variables
 
+#
 ## Nextcloud ##
+#
 
+NEXTCLOUD_ADMIN_USER=nc_admin
+NEXTCLOUD_ADMIN_PASSWORD=SuperDuperSecretPassword
+
+PHP_MEMORY_LIMIT=2G
 PHP_UPLOAD_LIMIT=5G
 
-## MySQL ##
+#
+## MariaDB ##
+#
+# Should load automatically the first run. Then config.php is the source of
+#   truth for these values. So, if something like the DB password is changed,
+#   updating it here will have no effect. This is only used for the install.
 
-MYSQL_HOST=db
+MYSQL_HOST=nc-db
 MYSQL_DATABASE=nextcloud
 MYSQL_ROOT_PASSWORD=ChangeMe
 MYSQL_USER=nc
 MYSQL_PASSWORD=changeme
 
-## REDIS ##
+#
+## Redis ##
+#
+# Installs automagically if both of these parameters are supplied.
 
-REDIS_HOST=redis
+REDIS_HOST=nc-redis
 REDIS_HOST_PASSWORD=someredispassword
+
+#
+## OnlyOffice ##
+#
+# How Nextcloud's ONLYOFFICE Admin Settings should be set up:
+#   OO Address: https://FQDN-For-Reverse-Proxied-OO-Server
+#   OO Secret: Contents-Of-$JWT_SECRET
+#   OO Header:
+#   OO Internal Address: http://docker-server-ip:8081 ?OR http://nc-oo:8081?
+#   NC Internal Address: http://docker-server-ip:8080 ?OR http://nc-app:8080?
+#
+# Documentation which references the variable(s) below, Nextcloud link does not cover them:
+#   https://helpcenter.onlyoffice.com/installation/docs-configure-jwt.aspx
+
+# Secret key which is used above in the Nextcloud ONLYOFFICE Administration UI.
+JWT_SECRET=abc123

Config/Nextcloud/fixes.sh

@@ -10,10 +10,6 @@ docker exec -itu www-data nc-app ./occ db:add-missing-columns
 docker exec -itu www-data nc-app ./occ db:add-missing-indices
 docker exec -itu www-data nc-app ./occ db:add-missing-primary-keys
 docker exec -itu www-data nc-app ./occ db:convert-filecache-bigint
-docker exec -it nc-app chown -Rc www-data:www-data .
-
-# 2023-02-12 Just for good measure.
-docker exec -itu www-data nc-app ./occ app:update --all
 
 # 2023-07-02
 # This maybe used to exist, but make sure that Files app is correct.

Config/OnlyOffice/docker-compose.yml

@@ -1,15 +0,0 @@
-# 2023-07-25
-# OnlyOffice server, primarily used for Nextcloud.
-
-version: '3'
-
-services:
-  app:
-    container_name: oo-app
-    image: onlyoffice/documentserver
-    restart: always
-    ports:
-      - 8000:80
-      - 4443:443
-    environment:
-      - JWT_SECRET=$JWT_SECRET

Config/OnlyOffice/env.example

@@ -1,6 +0,0 @@
-# Example environment file for OnlyOffice, should be copied as `.env`.
-
-## Relating to the Nextcloud Admin Settings UI ##
-
-# Secret
-JWT_SECRET=abc123

Config/ReverseProxy/docker-compose.yml

@@ -20,6 +20,15 @@ services:
       - ../../Volumes/ReverseProxy/letsencrypt:/etc/nginx/letsencrypt
       - ../../Volumes/ReverseProxy/letsencrypt-certs:/etc/nginx/certs
     command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
+    deploy:
+      mode: global
+      resources:
+        limits:
+          cpus: '1.00'
+          memory: 512M
+        reservations:
+          cpus: '0.25'
+          memory: 128M
 
   certbot:
     container_name: rp-certbot
@@ -29,3 +38,12 @@ services:
       - ../../Volumes/ReverseProxy/letsencrypt:/etc/letsencrypt
       - ../../Volumes/ReverseProxy/letsencrypt-certs:/etc/letsencrypt/nginx
     entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; cp -rL /etc/letsencrypt/live/* /etc/letsencrypt/nginx/; sleep 12h & wait $${!}; done;'"
+    deploy:
+      mode: global
+      resources:
+        limits:
+          cpus: '0.50'
+          memory: 256M
+        reservations:
+          cpus: '0.25'
+          memory: 128M