From ed867e87e8544061826e64aee7939c2afc7db940 Mon Sep 17 00:00:00 2001 From: Claudio Maradonna Date: Wed, 31 Aug 2022 10:56:26 +0200 Subject: [PATCH 1/2] update nextcloud config --- nextcloud/etc/my.cnf.d/nextcloud.cnf | 5 +++-- nextcloud/etc/php/conf.d/redis-session.ini | 5 +++++ nextcloud/var/www/html/nextcloud/config/config.s3.php | 7 ++++++- 3 files changed, 14 insertions(+), 3 deletions(-) create mode 100644 nextcloud/etc/php/conf.d/redis-session.ini diff --git a/nextcloud/etc/my.cnf.d/nextcloud.cnf b/nextcloud/etc/my.cnf.d/nextcloud.cnf index e0b99fe..9e42809 100644 --- a/nextcloud/etc/my.cnf.d/nextcloud.cnf +++ b/nextcloud/etc/my.cnf.d/nextcloud.cnf @@ -1,6 +1,6 @@ [server] skip_name_resolve = 1 -innodb_buffer_pool_size = 128M +innodb_buffer_pool_size = 1G innodb_buffer_pool_instances = 1 innodb_flush_log_at_trx_commit = 2 innodb_log_buffer_size = 32M @@ -14,13 +14,14 @@ max_heap_table_size= 64M slow_query_log = 1 slow_query_log_file = /var/log/mysql/slow.log long_query_time = 1 +key_buffer_size = 64MB [client] default-character-set = utf8mb4 [mysqld] character_set_server = utf8mb4 -collation_server = utf8mb4_general_ci +collation_server = utf8mb4_bin transaction_isolation = READ-COMMITTED binlog_format = ROW innodb_large_prefix=on diff --git a/nextcloud/etc/php/conf.d/redis-session.ini b/nextcloud/etc/php/conf.d/redis-session.ini new file mode 100644 index 0000000..e60e4f0 --- /dev/null +++ b/nextcloud/etc/php/conf.d/redis-session.ini @@ -0,0 +1,5 @@ +session.save_handler = redis +session.save_path = "tcp://redis:6379" +redis.session.locking_enabled=1 +redis.session.lock_retries=-1 +redis.session.lock_wait_time=10000 diff --git a/nextcloud/var/www/html/nextcloud/config/config.s3.php b/nextcloud/var/www/html/nextcloud/config/config.s3.php index 369b99d..198aaef 100644 --- a/nextcloud/var/www/html/nextcloud/config/config.s3.php +++ b/nextcloud/var/www/html/nextcloud/config/config.s3.php @@ -7,6 +7,10 @@ $CONFIG = array ( array ( 0 => 'your_domain', ), + 'trusted_proxies' => + array ( + 0 => '10.0.0.0/16', + ), 'datadirectory' => '/var/www/html/nextcloud/data', 'dbtype' => 'mysql', 'version' => '23.0.3.2', @@ -23,6 +27,7 @@ $CONFIG = array ( 'memcache.distributed' => '\\OC\\Memcache\\Redis', 'memcache.locking' => '\\OC\\Memcache\\Redis', 'memcache.local' => '\\OC\\Memcache\\Redis', + 'filelocking.enabled' => true, 'log_type' => 'syslog', 'logfile' => '', 'loglevel' => '3', @@ -61,7 +66,7 @@ $CONFIG = array ( 'mail_smtppassword' => '', 'maintenance' => false, 'default_phone_region' => 'IT', - 'enable_previews' => true, + 'enable_previews' => true, 'preview_max_x' => 4096, 'preview_max_y' => 4096, 'preview_max_memory' => 768, From 9de95d45d50cf93e0adf6d395272209da71af620 Mon Sep 17 00:00:00 2001 From: Claudio Maradonna Date: Wed, 31 Aug 2022 11:33:50 +0200 Subject: [PATCH 2/2] add iptables mangle configuration for swarm --- cloud-init/swarm-manager.yml | 9 +++++++++ cloud-init/swarm-worker.yml | 9 +++++++++ 2 files changed, 18 insertions(+) diff --git a/cloud-init/swarm-manager.yml b/cloud-init/swarm-manager.yml index 96350b9..171422a 100644 --- a/cloud-init/swarm-manager.yml +++ b/cloud-init/swarm-manager.yml @@ -22,6 +22,15 @@ write_files: permissions: 0644 owner: root:root content: | + *mangle + :PREROUTING ACCEPT [0:0] + :INPUT ACCEPT [0:0] + :FORWARD ACCEPT [0:0] + :OUTPUT ACCEPT [0:0] + :POSTROUTING ACCEPT [0:0] + -A PREROUTING -i eth0 -p tcp -m tcp --dport 2222 -j DROP + COMMIT + *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] diff --git a/cloud-init/swarm-worker.yml b/cloud-init/swarm-worker.yml index 2ff0d05..8bd69b5 100644 --- a/cloud-init/swarm-worker.yml +++ b/cloud-init/swarm-worker.yml @@ -23,6 +23,15 @@ write_files: permissions: 0644 owner: root:root content: | + *mangle + :PREROUTING ACCEPT [0:0] + :INPUT ACCEPT [0:0] + :FORWARD ACCEPT [0:0] + :OUTPUT ACCEPT [0:0] + :POSTROUTING ACCEPT [0:0] + -A PREROUTING -i eth0 -p tcp -m tcp --dport 2222 -j DROP + COMMIT + *filter :INPUT DROP [0:0] :FORWARD DROP [0:0]