From 9d50fd98c2cca1c935fe24588fd118bb6d9361ac Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 12:29:33 -0400 Subject: [PATCH 01/11] Unblock Nextcloud in 192.168.1.* schools & all others! --- roles/nextcloud/templates/nextcloud.conf.j2 | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/roles/nextcloud/templates/nextcloud.conf.j2 b/roles/nextcloud/templates/nextcloud.conf.j2 index 615bebdfc..ffc7a08b3 100644 --- a/roles/nextcloud/templates/nextcloud.conf.j2 +++ b/roles/nextcloud/templates/nextcloud.conf.j2 @@ -7,7 +7,12 @@ Alias {{ nextcloud_url }} {{ nextcloud_prefix }}/nextcloud # Apache 2.4 Require host localhost - Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} {{ nextcloud_required_ip }} {{ openvpn_server_virtual_ip }}/255.255.255.0 + # PERMIT ACCESS FROM ALL IPv4 ADDRESSES: + Require all granted + # USE THIS LINE INSTEAD, IF YOU WANT BASIC SECURITY BASED ON IPv4 ADDRESSES: + #Require ip 127.0.0.1 172.18.96.1/255.255.224.0 192.168 10 + # DON'T USE THIS LINE WHICH CAUSES PROBLEMS IN SCHOOLS WITH 192.168.1.x etc: + #Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} {{ nextcloud_required_ip }} {{ openvpn_server_virtual_ip }}/255.255.255.0 # Apache 2.2 From e38a02a40bd10fbcf82c603779d71c8ce6aafe17 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 12:51:42 -0400 Subject: [PATCH 02/11] Update nextcloud.conf.j2 --- roles/nextcloud/templates/nextcloud.conf.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/nextcloud/templates/nextcloud.conf.j2 b/roles/nextcloud/templates/nextcloud.conf.j2 index ffc7a08b3..a9191d735 100644 --- a/roles/nextcloud/templates/nextcloud.conf.j2 +++ b/roles/nextcloud/templates/nextcloud.conf.j2 @@ -9,9 +9,9 @@ Alias {{ nextcloud_url }} {{ nextcloud_prefix }}/nextcloud Require host localhost # PERMIT ACCESS FROM ALL IPv4 ADDRESSES: Require all granted - # USE THIS LINE INSTEAD, IF YOU WANT BASIC SECURITY BASED ON IPv4 ADDRESSES: + # WANT BASIC SECURITY BASED ON IPv4 ADDRESSES? THEN USE THIS LINE INSTEAD: #Require ip 127.0.0.1 172.18.96.1/255.255.224.0 192.168 10 - # DON'T USE THIS LINE WHICH CAUSES PROBLEMS IN SCHOOLS WITH 192.168.1.x etc: + # AVOID THIS LINE WHICH CAUSES PROBLEMS IN SCHOOLS WITH 192.168.1.x etc: #Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} {{ nextcloud_required_ip }} {{ openvpn_server_virtual_ip }}/255.255.255.0 From 02df82dc96333460e669ced3b72a8142306207e3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 12:54:57 -0400 Subject: [PATCH 03/11] Update nextcloud.conf.j2 --- roles/nextcloud/templates/nextcloud.conf.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/nextcloud/templates/nextcloud.conf.j2 b/roles/nextcloud/templates/nextcloud.conf.j2 index a9191d735..a0ae9ae0a 100644 --- a/roles/nextcloud/templates/nextcloud.conf.j2 +++ b/roles/nextcloud/templates/nextcloud.conf.j2 @@ -6,6 +6,7 @@ Alias {{ nextcloud_url }} {{ nextcloud_prefix }}/nextcloud # Apache 2.4 + # http://httpd.apache.org/docs/2.4/mod/mod_authz_core.html Require host localhost # PERMIT ACCESS FROM ALL IPv4 ADDRESSES: Require all granted From d56dc4edcc0a87e32c10483f179ff7cd4879d2af Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 13:05:46 -0400 Subject: [PATCH 04/11] Create README.md --- roles/nextcloud/README.md | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 roles/nextcloud/README.md diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md new file mode 100644 index 000000000..82b8d5337 --- /dev/null +++ b/roles/nextcloud/README.md @@ -0,0 +1,7 @@ +# Nextcloud + +This Ansible playbook was derived from an earlier ownCloud playbook thanks to Josh Dennis in ~2017. + +Going forward, should Internet-in-a-Box consider integrating optimizations (or more!) from these below? +- https://github.com/nextcloud/nextcloudpi +- https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/ From f767706717cdb167fccbc26431d1daf2d37f6b98 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 13:11:20 -0400 Subject: [PATCH 05/11] Update README.md --- roles/nextcloud/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index 82b8d5337..50072b4f8 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -1,6 +1,6 @@ # Nextcloud -This Ansible playbook was derived from an earlier ownCloud playbook thanks to Josh Dennis in ~2017. +This Ansible playbook was derived from an earlier ownCloud playbook thanks to [Josh Dennis](https://github.com/floydianslips) in 2016/2017. Going forward, should Internet-in-a-Box consider integrating optimizations (or more!) from these below? - https://github.com/nextcloud/nextcloudpi From 2b5a8fd571a946ec038d5c4ffbdf64f3d2fc24a6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 13:16:52 -0400 Subject: [PATCH 06/11] Update README.md --- roles/nextcloud/README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index 50072b4f8..3ed885399 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -2,6 +2,11 @@ This Ansible playbook was derived from an earlier ownCloud playbook thanks to [Josh Dennis](https://github.com/floydianslips) in 2016/2017. +Login to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://172.18.96.1/nextcloud (or similar) using: + + Username: Admin + Password: changeme + Going forward, should Internet-in-a-Box consider integrating optimizations (or more!) from these below? - https://github.com/nextcloud/nextcloudpi - https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/ From 45cbf45e78018b0ec4c1941bde58680145dc439b Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 13:21:34 -0400 Subject: [PATCH 07/11] Update enable_or_disable.yml --- roles/nextcloud/tasks/enable_or_disable.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/nextcloud/tasks/enable_or_disable.yml b/roles/nextcloud/tasks/enable_or_disable.yml index ab8df116b..bd829222d 100644 --- a/roles/nextcloud/tasks/enable_or_disable.yml +++ b/roles/nextcloud/tasks/enable_or_disable.yml @@ -1,4 +1,5 @@ # This should go in computed_network.yml, but here for now +# 2019-09-04: THE NEXT 4 LINES ARE UNUSED (due to changes in roles/nextcloud/templates/nextcloud.conf.j2) - name: Compute Nextcloud listen ip addr for nextcloud.conf set_fact: nextcloud_required_ip: "{{ ansible_default_ipv4.network }}/{{ ansible_default_ipv4.netmask }}" @@ -99,6 +100,7 @@ # become_user: "{{ apache_user }}" # when: nextcloud_enabled and returned_count == "0" +# 2019-09-04: THE NEXT 5 LINES ARE INEFFECTIVE AND LIKELY USELESS - name: Remove overwrite.cli.url line (Rewrite URL) from /opt/nextcloud/config/config.php lineinfile: regexp: "overwrite.cli.url" From c24390bbd6308c1358f8ccbc8732221c10971b30 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 13:22:49 -0400 Subject: [PATCH 08/11] Update main.yml --- roles/nextcloud/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml index 11fd0371c..4ee862f2b 100644 --- a/roles/nextcloud/defaults/main.yml +++ b/roles/nextcloud/defaults/main.yml @@ -29,4 +29,5 @@ nextcloud_user_password: nextcloudmysql nextcloud_admin_user: 'Admin' nextcloud_admin_password: 'changeme' +# 2019-09-04: UNUSED (due to changes in roles/nextcloud/templates/nextcloud.conf.j2) nextcloud_required_ip: 10.0.0.0/8 192.168.0.0/16 From 7701301193654ae1216712bd424eee19ad25fdfb Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 13:26:48 -0400 Subject: [PATCH 09/11] Update README.md --- roles/nextcloud/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index 3ed885399..24e67d161 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -10,3 +10,4 @@ Login to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://172 Going forward, should Internet-in-a-Box consider integrating optimizations (or more!) from these below? - https://github.com/nextcloud/nextcloudpi - https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/ +- https://ownyourbits.com/nextcloudpi/ From 9405d98a7b31d341720014bb09152b0049e86426 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 13:27:20 -0400 Subject: [PATCH 10/11] Update README.md --- roles/nextcloud/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index 24e67d161..acb294e04 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -8,6 +8,7 @@ Login to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://172 Password: changeme Going forward, should Internet-in-a-Box consider integrating optimizations (or more!) from these below? + - https://github.com/nextcloud/nextcloudpi - https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/ - https://ownyourbits.com/nextcloudpi/ From fa655bebed03932c3633298dbd811d20cd2ec052 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 13:36:05 -0400 Subject: [PATCH 11/11] Comment Readability --- roles/nextcloud/templates/nextcloud.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/templates/nextcloud.conf.j2 b/roles/nextcloud/templates/nextcloud.conf.j2 index a0ae9ae0a..a2bd40edc 100644 --- a/roles/nextcloud/templates/nextcloud.conf.j2 +++ b/roles/nextcloud/templates/nextcloud.conf.j2 @@ -10,7 +10,7 @@ Alias {{ nextcloud_url }} {{ nextcloud_prefix }}/nextcloud Require host localhost # PERMIT ACCESS FROM ALL IPv4 ADDRESSES: Require all granted - # WANT BASIC SECURITY BASED ON IPv4 ADDRESSES? THEN USE THIS LINE INSTEAD: + # WANT BASIC SECURITY BASED ON IPv4 ADDRESSES? THEN USE THIS LINE INSTEAD: #Require ip 127.0.0.1 172.18.96.1/255.255.224.0 192.168 10 # AVOID THIS LINE WHICH CAUSES PROBLEMS IN SCHOOLS WITH 192.168.1.x etc: #Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} {{ nextcloud_required_ip }} {{ openvpn_server_virtual_ip }}/255.255.255.0