HomeLabDocs/nextcloud-aio.md

---

## 🧰 Container Overview and Internal Ports

| Container | Role | Internal Ports | Notes |
|----------|------|----------------|-------|
| `nextcloud-aio-nextcloud` | Main web application | `9000` | Responds to Apache proxy |
| `nextcloud-aio-apache` | Internal reverse proxy | `80`, `11000`, `8000` | Proxies all incoming requests |
| `nextcloud-aio-database` | PostgreSQL 17.5 | `5432` | Secured with password, stored in env |
| `nextcloud-aio-redis` | Redis caching | `6379` | Password-protected |
| `nextcloud-aio-collabora` | WOPI doc editor | `9980` | Connected via `richdocuments` app |
| `nextcloud-aio-whiteboard` | Real-time whiteboard | `3002` | Enabled |
| `nextcloud-aio-imaginary` | Image processor | `9005`, internal only | Speeds up thumbnails/previews |
| `nextcloud-aio-notify-push` | WebSocket push server | `7867` (internal) | Push for mobile and browser |
| `nextcloud-aio-mastercontainer` | Orchestrator | `8080`, `80`, `8443`, `9876` | Admin UI and internal mgmt |
| `cloudflared` | Tunnel client | N/A | Provides secure remote access |

---

## 🧠 Useful OCC Commands for Admins

```bash
# List installed apps
docker exec -u www-data nextcloud-aio-nextcloud php occ app:list

# Enable maintenance mode
docker exec -u www-data nextcloud-aio-nextcloud php occ maintenance:mode --on

# Disable maintenance mode
docker exec -u www-data nextcloud-aio-nextcloud php occ maintenance:mode --off

# Check system status
docker exec -u www-data nextcloud-aio-nextcloud php occ status

# Clear all file cache entries
docker exec -u www-data nextcloud-aio-nextcloud php occ files:cleanup

# Update Nextcloud (should be done via AIO normally)
docker exec -u www-data nextcloud-aio-nextcloud php occ upgrade
```

---

## 🔧 Apache Proxy Configuration (internal)

Apache container proxies internal ports:

| Proxy Route | Target |
|-------------|--------|
| `/` → `127.0.0.1:9000` | Nextcloud app |
| `/loleaflet`, `/hosting/discovery`, etc. → `127.0.0.1:9980` | Collabora |
| WebSocket and push → notify-push container |
| Optional: `rewrite` rules enabled for overwritehost/protocol logic |

---

## 📡 Collabora Integration Details

- **Container**: `nextcloud-aio-collabora`
- **Hostname**: `nextcloud-aio-collabora`
- **Secrets Used**:
  - `COLLABORA_ENABLED=yes`
  - `COLLABORA_HOST=nextcloud-aio-collabora`
  - `ONLYOFFICE_SECRET`, `SIGNALING_SECRET` present but unused unless OnlyOffice/Talk is enabled
- **SSL Termination**: Handled upstream (SSL disabled in Collabora)
- **Font sync**: Uses remote fonts config JSON:
  - `https://drive.whatsolutions.us/apps/richdocuments/settings/fonts.json`

---

## 📋 Additional AIO Environment Variables (Internal Use)

| Variable | Purpose |
|----------|---------|
| `THIS_IS_AIO=true` | Confirms this is a full AIO setup |
| `REMOVE_DISABLED_APPS=yes` | Prunes unused built-in apps |
| `IMAGINARY_SECRET` | Secures internal image requests |
| `WHITEBOARD_SECRET` | Secures whiteboard sessions |
| `STARTUP_APPS=deck ...` | First-time auto-install apps |
| `FULLTEXTSEARCH_*` | Present, but currently unused |
| `AIO_URL=192.168.1.50:8080` | Admin Panel endpoint |
| `PHP_UPLOAD_LIMIT`, `PHP_MEMORY_LIMIT`, etc. | Performance tuning |
| `ADDITIONAL_APKS=imagemagick` | Installed at build time |
| `ADDITIONAL_PHP_EXTENSIONS=imagick` | Enabled at runtime |

---

## 🧪 Debugging Tips

- **Restart a specific container**:
  ```bash
  docker restart nextcloud-aio-nextcloud
  ```
- **Get container logs**:
  ```bash
  docker logs nextcloud-aio-nextcloud --tail 50
  ```
- **Check AIO health**:
  ```bash
  docker exec -it nextcloud-aio-mastercontainer /healthcheck.sh
  ```

---

## ✅ Additional Recommendations

| Area | Suggestion |
|------|------------|
| DNS | Use short TTL for CF-hosted subdomains |
| Backups | Regularly copy `/mnt/nc_data`, PostgreSQL dump volume, and `/mnt/docker-aio-config` |
| Monitoring | Run Uptime Kuma or add healthchecks for cron and ZFS snapshot |
| Updates | Always use AIO Admin UI or `docker restart nextcloud-aio-mastercontainer` after `docker pull` |