Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 58adfa52 authored by Sylvain Manceau's avatar Sylvain Manceau
Browse files

Upgrade guide, final commit

parent 81d45173

upgrade-guides/upgrade-to-26.0.8.16 smu.md

deleted100644 → 0
+0 −93
Original line number Diff line number Diff line 
# To upgrade from ecloud 25.0.8.19 to 26.0.8.16





- As usual, upgrade your OS with latest patchs, optionally take backup/snapshot

  - NB: you may want to filter out incomming email (TCP 25 & 587) during this upgrade, to avoid losing any messages in case of a rollback



- Go to `/mnt/repo_base`, then run:

  - `docker-compose stop`

  - `git pull origin master` 



- Please make sure that all changes from https://gitlab.e.foundation/e/infra/ecloud-selfhosting/-/merge_requests/95/diffs are pulled.



- In your `docker-compose.yml` file update the following:

  - Set the nextcloud image to `registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/selfhost:26-0-8`

  - Set the mailserver image to `mailserver2/mailserver:1.1.15`

  - In the `nginx:` service, `depends_on:` section, replace `- automx` with `- mail-autodiscover-autoconfig`

  - Replace the whole `automx:` service with:

```

  mail-autodiscover-autoconfig:

    image: wdes/mail-autodiscover-autoconfig:latest

    container_name: mail-autodiscover-autoconfig

    restart: always

    networks:

      - default

    environment:

        ROCKET_PROFILE: production

        ROCKET_ADDRESS: "0.0.0.0"

        ROCKET_PORT: "80"

        APPLE_MAIL_UUID: ${AUTODISCOVER_AM_UUID}

        APPLE_PROFILE_UUID: ${AUTODISCOVER_AP_UUID}

        IMAP_HOSTNAME: ${SMTP_HOST}

        POP_HOSTNAME: ${SMTP_HOST}

        SMTP_HOSTNAME: ${SMTP_HOST}

    volumes:

      - /mnt/repo-base/config/autodiscover/xml:/usr/lib/mail-autodiscover-autoconfig/templates/xml



```

  - Add this line to `nginx:` service, `volumes:` section:

```

      - /mnt/repo-base/config/mta-sts:/var/www/mta-sts

```



- Run:

  - `. scripts/base.sh`



- In you DNS zone, add the records generated by the following commands:

  - `echo "_smtp._tls.$DOMAIN TXT" '"v=TLSRPTv1; rua=mailto:postmaster@'$DOMAIN'"'`

  - `echo "_mta-sts.$DOMAIN" TXT '"v=STSv1;id='$(date +%Y%m%d%H)'"'`

  - `echo "mta-sts.$DOMAIN CNAME mail.$DOMAIN"`



- Run:

  - `rm -rf config/automx/`

  - `echo "AUTODISCOVER_AM_UUID=$(cat /proc/sys/kernel/random/uuid)" >> "$ENVFILE"`

  - `echo "AUTODISCOVER_AP_UUID=$(cat /proc/sys/kernel/random/uuid)" >> "$ENVFILE"`

  - `cat templates/mta-sts/mta-sts.txt | sed "s/@@@SMTP_HOST@@@/$SMTP_HOST/g" > "config/mta-sts/.well-known/mta-sts.txt"`

  - `chown -R www-data:www-data "config/mta-sts/"`

  - `cat templates/nginx/sites-enabled/mta-sts.conf | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "config/nginx/sites-enabled/mta-sts.conf"`

  - `echo "mta-sts.$DOMAIN" >> config/letsencrypt/autorenew/ssl-domains.dat`

  - `bash scripts/ssl-renew.sh`



- In your `config/nginx/sites-enabled/nextcloud.conf` file change the following:

  - replace all occurences of `oc[ms]-provider` with `ocs-provider` (2 occurences, lines 83 & 98) (reference: https://github.com/nextcloud/server/issues/40803#issuecomment-1751717926)



- In your `config/nginx/sites-enabled/autoconfig.$DOMAIN.conf` and `config/nginx/sites-enabled/autodiscover.$DOMAIN.conf` files change the following:

  - replace `proxy_pass http://automx:80;` with `proxy_pass http://mail-autodiscover-autoconfig:80;`



- Run `docker-compose pull`

- If pulls are OK, run `docker-compose up -d`



- Examine `docker-compose logs --tail=500 nextcloud` for the following messages:

  - `nextcloud       | Upgrading nextcloud from x.x.x.x ...` (x.x.x.x is your previous Nextcloud version)

  - `nextcloud       | Update successful`



- Run:

  - `docker-compose exec -T --user www-data nextcloud php occ db:add-missing-indices`

  - `docker exec -u www-data nextcloud /var/www/html/occ -f app:enable bruteforcesettings`

  - `docker exec -u www-data nextcloud /var/www/html/occ -f app:enable suspicious_login`

  - `docker exec -u www-data nextcloud /var/www/html/occ -f app:enable twofactor_totp`

  - `docker exec -u www-data nextcloud /var/www/html/occ -f app:enable user_backend_sql_raw`

  - `docker exec -u www-data nextcloud /var/www/html/occ config:system:set main_domain`



- Check all settings subsections starting from `/settings/admin/overview` while logged in with the admin user account to identify any issues found post upgrade



- Check your new MTA-STS:

  - On your server, launch: `docker logs --details --timestamps --since 10m --follow nginx`

  - Check you server with: https://www.hardenize.com/

  - You should see a line like `GET /.well-known/mta-sts.txt HTTP/1.1" 200 65 "-" "curl/7.54" "-"` in your log

  - Check Hardenize report about MTA-STS

  - Exit log viewer with Ctrl+C



- Examine Docker situation with `docker ps` and `docker images`

  - If everything is OK (all needed containers running), you can cleanup with `docker system prune -a`

upgrade-guides/upgrade-to-26.0.8.16.md

+64 −32
Original line number Diff line number Diff line
@@ -8,13 +8,61 @@ 
  - `docker-compose stop`

  - `git pull origin master` 



- Please make sure that all changes from https://gitlab.e.foundation/e/infra/ecloud-selfhosting/-/merge_requests/95/diffs are pulled.



- In your `docker-compose.yml` file update the following:

  - Set the nextcloud image to `registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/selfhost:26-0-8`

  - Set `OVERWRITEPROTOCOL=https`

  - Set the mailserver image to `mailserver2/mailserver:1.1.15`

  - In the `nginx:` service, `depends_on:` section, replace `- automx` with `- mail-autodiscover-autoconfig`

  - Replace the whole `automx:` service with:

```

  mail-autodiscover-autoconfig:

    image: wdes/mail-autodiscover-autoconfig:latest

    container_name: mail-autodiscover-autoconfig

    restart: always

    networks:

      - default

    environment:

        ROCKET_PROFILE: production

        ROCKET_ADDRESS: "0.0.0.0"

        ROCKET_PORT: "80"

        APPLE_MAIL_UUID: ${AUTODISCOVER_AM_UUID}

        APPLE_PROFILE_UUID: ${AUTODISCOVER_AP_UUID}

        IMAP_HOSTNAME: ${SMTP_HOST}

        POP_HOSTNAME: ${SMTP_HOST}

        SMTP_HOSTNAME: ${SMTP_HOST}

    volumes:

      - /mnt/repo-base/config/autodiscover/xml:/usr/lib/mail-autodiscover-autoconfig/templates/xml



```

  - Add this line to `nginx:` service, `volumes:` section:

```

      - /mnt/repo-base/config/mta-sts:/var/www/mta-sts

```



- In your config/nginx/sites-enabled/nextcloud.conf file, replace:

  - add_header X-Robots-Tag "none" always; with add_header X-Robots-Tag "noindex,nofollow" always;

- Run:

  - `. scripts/base.sh`



- In you DNS zone, add the records generated by the following commands:

  - `echo "_smtp._tls.$DOMAIN TXT" '"v=TLSRPTv1; rua=mailto:postmaster@'$DOMAIN'"'`

  - `echo "_mta-sts.$DOMAIN" TXT '"v=STSv1;id='$(date +%Y%m%d%H)'"'`

  - `echo "mta-sts.$DOMAIN CNAME mail.$DOMAIN"`



- Run:

  - `rm -rf config/automx/`

  - `echo "AUTODISCOVER_AM_UUID=$(cat /proc/sys/kernel/random/uuid)" >> "$ENVFILE"`

  - `echo "AUTODISCOVER_AP_UUID=$(cat /proc/sys/kernel/random/uuid)" >> "$ENVFILE"`

  - `cat templates/mta-sts/mta-sts.txt | sed "s/@@@SMTP_HOST@@@/$SMTP_HOST/g" > "config/mta-sts/.well-known/mta-sts.txt"`

  - `chown -R www-data:www-data "config/mta-sts/"`

  - `cat templates/nginx/sites-enabled/mta-sts.conf | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "config/nginx/sites-enabled/mta-sts.conf"`

  - `echo "mta-sts.$DOMAIN" >> config/letsencrypt/autorenew/ssl-domains.dat`

  - `bash scripts/ssl-renew.sh`



- In your `config/nginx/sites-enabled/nextcloud.conf` file change the following:

  - replace all occurences of `oc[ms]-provider` with `ocs-provider` (2 occurences, lines 83 & 98) (reference: https://github.com/nextcloud/server/issues/40803#issuecomment-1751717926)



- In your `config/nginx/sites-enabled/autoconfig.$DOMAIN.conf` and `config/nginx/sites-enabled/autodiscover.$DOMAIN.conf` files change the following:

  - replace `proxy_pass http://automx:80;` with `proxy_pass http://mail-autodiscover-autoconfig:80;`



- Run `docker-compose pull`

- If pulls are OK, run `docker-compose up -d`
@@ -25,37 +73,21 @@ 


- Run:

  - `docker-compose exec -T --user www-data nextcloud php occ db:add-missing-indices`

  - `docker exec -u www-data nextcloud /var/www/html/occ app:remove ecloud-dashboard`

  - `docker exec -u www-data nextcloud /var/www/html/occ -f app:enable murena-dashboard`

  - `docker exec -u www-data nextcloud /var/www/html/occ -f app:enable bruteforcesettings`

  - `docker exec -u www-data nextcloud /var/www/html/occ -f app:enable suspicious_login`

  - `docker exec -u www-data nextcloud /var/www/html/occ -f app:enable twofactor_totp`

  - `docker exec -u www-data nextcloud /var/www/html/occ -f app:enable user_backend_sql_raw`

  - `docker exec -u www-data nextcloud /var/www/html/occ config:system:set defaultapp --value "murena-dashboard,files"`

  -`. scripts/base.sh`

  -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set main_domain --value $DOMAIN`

  -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set legacy_domain --value $DOMAIN`



- $DOMAIN used above is the main domain where selfhost is installed



- We added new murena logo in this theme and also added a new helper app-`selfhost-theme-helper`

  - Enable the `selfhost-theme-helper` app:

  - `docker exec -u www-data nextcloud /var/www/html/occ app:enable selfhost-theme-helper`



- Videos previews can be enabled in this update, as ffmpeg is bundled in the image.

  - if you did not defined any specific preview providers, to respect the default ones listed in [config.sample.php for nextcloud 25](https://github.com/nextcloud/server/blob/stable25/config/config.sample.php#L1220), you can set :

    -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 0 --value='OC\Preview\PNG'`

    -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 1 --value='OC\Preview\JPEG'`

    -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 2 --value='OC\Preview\GIF'`

    -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 3 --value='OC\Preview\BMP'`

    -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 4 --value='OC\Preview\XBitmap'`

    -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 5 --value='OC\Preview\MP3'`

    -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 6 --value='OC\Preview\TXT'`

    -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 7 --value='OC\Preview\MarkDown'`

    -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 8 --value='OC\Preview\OpenDocument'`

    -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 9 --value='OC\Preview\Krita'`

    -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 10 --value='OC\Preview\Movie'`



  - if you have a custom list of PreviewProviders, just add the `OC\Preview\Movie` in the list

  - `docker exec -u www-data nextcloud /var/www/html/occ config:system:set main_domain`



- Check all settings subsections starting from `/settings/admin/overview` while logged in with the admin user account to identify any issues found post upgrade



- Check your new MTA-STS:

  - On your server, launch: `docker logs --details --timestamps --since 10m --follow nginx`

  - Check you server with: https://www.hardenize.com/

  - You should see a line like `GET /.well-known/mta-sts.txt HTTP/1.1" 200 65 "-" "curl/7.54" "-"` in your log

  - Check Hardenize report about MTA-STS

  - Exit log viewer with Ctrl+C



- Examine Docker situation with `docker ps` and `docker images`

  - If everything is OK (all needed containers running), you can cleanup with `docker system prune -a`