Initial backup import

root/docker/Webproxy/Data/certbot/conf/accounts/acme-v02.api.letsencrypt.org/directory/1d335dddc645fdf5a3f24e2c5208e236/meta.json

@@ -0,0 +1 @@
+{"creation_dt": "2026-03-01T09:32:06Z", "creation_host": "9ca7aa7ce7ab"}

root/docker/Webproxy/Data/certbot/conf/accounts/acme-v02.api.letsencrypt.org/directory/1d335dddc645fdf5a3f24e2c5208e236/private_key.json

@@ -0,0 +1 @@
+{"n": "sERopFAfSHSwK4dpxrUW_H3QbKjsFPaDgg9ENG1b4eW6UjILnHZG0xDuxDwXyhNO0D-IWL2r3piFVhDl_oaPLceFmgWy0qGp0r3MrTetpS4EIBrLcDozXRm73wLPv21FD46GPA6Gu2DkuvVPemZa1KxT3IAfSG-j4tSNzryxJBTIYqIR2P8X99XCNLtLmqdBiKkNz1iyDhoGB3HKx8yQY3kRZOG90z7bYWxMaN5CQXGXPrZMcNHsLgCfuZhwbC2Wod8-B27lEZ3Pi3jCmqFqM7K0BriV9ifBVeflI8mXTfSCKe6kWAc7vFdKZIhC4hcKVOTfswVkZja8qk0DY6aFDw", "e": "AQAB", "d": "G8KmcxFgdQH_JDgF73PkP9bywk1Oz4KFKOf35vxUmHmrp9O4MyItMLrGCE-dVTIP9Tr-JGaCtif2701zys6Rw_rEpQHfOP0RkpSiuB2FqEMS4BXa6DPlsEahCzkXoA9QvB2bYDK-kFzN_gLkzhGqZ14rPdkJJsNLvE7o3BQZjKSEf81a8MmzTLM1GmOn9DnjfR63DuXQFXjXzdQ_gom7TP1PrzUxRcj5lT5OpuJKRhMcR6iT8aF7tMODr58azu2hWNnZbbbEyMoiG6ih7fHTB3HoNytCHTSBuXbt-_wV16KmxABfZr0NxFXpOC7c_i20I7ezwiMNybM4Er_aVYbB", "p": "2AX-qC5CdDcIYspGGy_vwC5qLD5ACExr3S-mEwO-AoR_yeU4JudqtsecBDQ5VsedfhTYjvghv-dsb6SVlAtEs-ep9yOPV4mdIbZaNN9f_joQeCrFXhp4wHRQChxdj4uFZknD0M4iuJt9NmRJbQV8yhmSdPTRwZflIDv89t-zke8", "q": "0OL7wSIz3wctIgquAF0MY_jCYeF3ayDX9laFkQ1gRw4AUILo5hmjsZsHE7EjcY5SeaZqrsk0hKNe2tPzpQDBn-AqDVL8q0zcRDW-T0E2PNRFGg8Mm4IATVpnZqZN8e1N0p09hE2ool0ZwWqMtJX4_UD30eKAmWDIcSIpYYQa3uE", "dp": "bjp43BZmwGhIdihip4LJYpYMhTDqeZGNRJsIshEpxp0Xm8zD304cbNHj8V04mOhYm7pFWoaQqhyLf1hLHvS1BNvEJaBWh0NoE4i59Nq6X73_I2InvcHiNcnkAZTBxPpbgntHWOemXe6xcKyxrtiq-XEdA2LdGVzJhK43gT1aoq8", "dq": "IFAclcHOuF-J0cxJInFCa2yd1TplmMLZ5Zd4zfl9vUAjOFEn6gBpXB4ZOCiczQIxK_RcaHFjmGkVUVCcThgR28N3fdwqje0z3bFaoTP7SemkTuWpE51GorCrciujvxrwgPYmAANrZMJ2K39qCL1yaOrV6zfYoOFh4G5ibF1dMsE", "qi": "Hel70qiVCLGOPQCnzq50bXRi6voLTW0Omhmc9BAY_iq9HTavEL27iDKj9pO3Ga5zAdbnrmVGahCu3P1BDB2nJoBRcfCGnrxd1cQgOaasWxseaoT178gz3rPg78CKr3iMwst_lAZiX3u5jWcbtBO9ZbJsvx8jdZgzvVBkNQmnlQw", "kty": "RSA"}

root/docker/Webproxy/Data/certbot/conf/accounts/acme-v02.api.letsencrypt.org/directory/1d335dddc645fdf5a3f24e2c5208e236/regr.json

@@ -0,0 +1 @@
+{"body": {}, "uri": "https://acme-v02.api.letsencrypt.org/acme/acct/3106776712"}

root/docker/Webproxy/Data/certbot/conf/renewal/service.focus-on-it.net.conf

@@ -0,0 +1,20 @@
+version = 5.3.1
+archive_dir = /etc/letsencrypt/archive/service.focus-on-it.net
+cert = /etc/letsencrypt/live/service.focus-on-it.net/cert.pem
+privkey = /etc/letsencrypt/live/service.focus-on-it.net/privkey.pem
+chain = /etc/letsencrypt/live/service.focus-on-it.net/chain.pem
+fullchain = /etc/letsencrypt/live/service.focus-on-it.net/fullchain.pem
+[renewalparams]
+account = 1d335dddc645fdf5a3f24e2c5208e236
+authenticator = webroot
+webroot_path = /var/www/certbot,
+server = https://acme-v02.api.letsencrypt.org/directory
+key_type = ecdsa
+[[webroot_map]]
+service.focus-on-it.net = /var/www/certbot
+dokuwiki.focus-on-it.net = /var/www/certbot
+guacamole.focus-on-it.net = /var/www/certbot
+drawio.focus-on-it.net = /var/www/certbot
+nextcloud.focus-on-it.net = /var/www/certbot
+[acme_renewal_info]
+ari_retry_after = 2026-03-28T10:14:22

root/docker/Webproxy/Data/nginx/auth/.htpasswd

@@ -0,0 +1,2 @@
+drawioUser:$2y$05$Ckt.CPSBzFPWkkRhCe3M7eYePnkPVfhfjDcjpw.1Knn7Amh0N.gxq
+

root/docker/Webproxy/Data/nginx/service.conf

@@ -0,0 +1,171 @@
+
+#/root/docker/Webproxy/Data/nginx/service.conf
+
+map $http_upgrade $connection_upgrade {
+  default upgrade;
+  ''      close;
+}
+
+server {
+  listen 80;
+  server_name service.focus-on-it.net;
+
+  location /.well-known/acme-challenge/ { root /var/www/certbot; }
+  location / { return 301 https://$host$request_uri; }
+}
+
+server {
+  listen 443 ssl;
+  server_name service.focus-on-it.net;
+
+  ssl_certificate     /etc/letsencrypt/live/service.focus-on-it.net/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/service.focus-on-it.net/privkey.pem;
+
+  location / {
+    return 200 "service endpoint\n";
+  }
+}
+
+server {
+  listen 80;
+  server_name dokuwiki.focus-on-it.net;
+  location /.well-known/acme-challenge/ { root /var/www/certbot; }
+  location / { return 301 https://$host$request_uri; }
+}
+
+server {
+  listen 443 ssl;
+  server_name dokuwiki.focus-on-it.net;
+  resolver 127.0.0.11 valid=30s ipv6=off;
+  ssl_certificate     /etc/letsencrypt/live/service.focus-on-it.net/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/service.focus-on-it.net/privkey.pem;
+
+  location / {
+    set $dokuwiki_upstream dokuwiki:8080;
+    proxy_pass http://$dokuwiki_upstream;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Forwarded-Port 443;
+  }
+}
+server {
+  listen 80;
+  server_name guacamole.focus-on-it.net;
+
+  location /.well-known/acme-challenge/ { root /var/www/certbot; }
+  location / { return 301 https://$host$request_uri; }
+}
+
+server {
+  listen 443 ssl;
+  server_name guacamole.focus-on-it.net;
+
+  ssl_certificate     /etc/letsencrypt/live/service.focus-on-it.net/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/service.focus-on-it.net/privkey.pem;
+
+  # optional sinnvoll
+  client_max_body_size 50m;
+
+  # Guacamole läuft standardmäßig unter /guacamole/
+  location / {
+    return 302 /guacamole/;
+  }
+
+  location /guacamole/ {
+    proxy_pass http://guacamole:8080/guacamole/;
+    proxy_http_version 1.1;
+
+    proxy_set_header Host              $host;
+    proxy_set_header X-Real-IP         $remote_addr;
+    proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Forwarded-Port  443;
+
+    # WebSocket für Guacamole Tunnel
+    proxy_set_header Upgrade           $http_upgrade;
+    proxy_set_header Connection        $connection_upgrade;
+
+    proxy_buffering off;
+  }
+}
+server {
+    listen 80;
+    server_name drawio.focus-on-it.net;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl;
+    server_name drawio.focus-on-it.net;
+
+    ssl_certificate     /etc/letsencrypt/live/service.focus-on-it.net/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/service.focus-on-it.net/privkey.pem;
+
+    client_max_body_size 50m;
+
+    location / {
+	auth_basic "Restricted";
+        auth_basic_user_file /etc/nginx/auth/.htpasswd;    
+        proxy_pass http://drawio:8080;
+
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Port 443;
+
+        proxy_read_timeout 300;
+        proxy_send_timeout 300;
+    }
+}
+server {
+    listen 80;
+    server_name nextcloud.focus-on-it.net;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl;
+    server_name nextcloud.focus-on-it.net;
+
+    resolver 127.0.0.11 valid=30s ipv6=off;
+
+    ssl_certificate     /etc/letsencrypt/live/service.focus-on-it.net/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/service.focus-on-it.net/privkey.pem;
+
+    client_max_body_size 10G;
+    proxy_read_timeout 3600;
+    proxy_send_timeout 3600;
+
+    location / {
+        set $nextcloud_upstream nextcloud-nginx:80;
+        proxy_pass http://$nextcloud_upstream;
+
+        proxy_http_version 1.1;
+        proxy_request_buffering off;
+
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Port 443;
+    }
+}

root/docker/Webproxy/certbot.sh

@@ -0,0 +1,10 @@
+# //root/docker/Webproxy/certbot.sh
+docker compose run --rm --entrypoint certbot certbot certonly \
+  --webroot -w /var/www/certbot \
+  -d service.focus-on-it.net \
+  -d dokuwiki.focus-on-it.net \
+  -d guacamole.focus-on-it.net \
+  -d drawio.focus-on-it.net \
+  -d nextcloud.focus-on-it.net \
+  --email Michael.Seidel@focus-on-it.de \
+  --agree-tos --no-eff-email

root/docker/Webproxy/docker-compose.yml

@@ -0,0 +1,41 @@
+# /root/docker/Webproxy/docker-compose.yml
+
+services:
+  webproxy:
+    image: nginx:stable
+    container_name: Webproxy
+    ports:
+      - "80:80"
+      - "443:443"
+    environment:
+      - NGINX_ENTRYPOINT_DISABLE_IPV6=true
+    volumes:
+      - /root/docker/Webproxy/Data/nginx/service.conf:/etc/nginx/conf.d/default.conf:ro
+      - /root/docker/Webproxy/Data/certbot/webroot:/var/www/certbot:ro
+      - /root/docker/Webproxy/Data/certbot/conf:/etc/letsencrypt:ro
+      - /root/docker/Webproxy/Data/logs:/var/log/nginx
+      - /root/docker/Webproxy/Data/nginx/auth:/etc/nginx/auth:ro
+    networks:
+      - webproxy-net
+    restart: unless-stopped
+
+  certbot:
+    image: certbot/certbot
+    container_name: Webproxy-certbot
+    volumes:
+      - /root/docker/Webproxy/Data/certbot/webroot:/var/www/certbot
+      - /root/docker/Webproxy/Data/certbot/conf:/etc/letsencrypt
+    networks:
+      - webproxy-net
+    restart: unless-stopped
+    entrypoint: /bin/sh -c
+    command: >
+      "trap exit TERM;
+       while :; do
+         certbot renew --webroot -w /var/www/certbot --quiet;
+         sleep 12h;
+       done"
+
+networks:
+  webproxy-net:
+    external: true

root/docker/Webproxy/start.sh

@@ -0,0 +1,17 @@
+#!/bin/sh
+#/root/docker/Webserver/start.sh
+
+set -euo pipefail
+cd "$(dirname "$0")"
+
+# Stack sauber stoppen und entfernen (Container weg, Volumes bleiben!)
+docker compose down
+
+# Images aktualisieren
+docker compose pull
+
+# Neu erstellen und starten
+docker compose up -d --force-recreate --remove-orphans
+
+# Optional: alte Images aufräumen
+docker image prune -f

root/docker/dokuwiki/data/conf/acl.auth.php

@@ -0,0 +1,17 @@
+# acl.auth.php
+# <?php exit()?>
+# Don't modify the lines above
+#
+# Access Control Lists
+#
+# Auto-generated by install script
+# Date: Sat, 14 Feb 2026 13:16:27 +0000
+*	@ALL	0
+*	micha	16
+it-doku:*	@foit	1
+it-doku:*	@it	16
+knowledgebase:*	@it	16
+rsit:*	@rsit	16
+start	@user	1
+user:username:*	@ALL	1
+user:username:*	@user	1

root/docker/dokuwiki/data/conf/license.php

@@ -0,0 +1 @@
+/var/www/html/conf.core/license.php

root/docker/dokuwiki/data/conf/local.php

@@ -0,0 +1,24 @@
+<?php
+/*
+ * Dokuwiki's Main Configuration File - Local Settings
+ * Auto-generated by config plugin
+ * Run for user: admin
+ * Date: Sun, 08 Mar 2026 06:10:58 +0000
+ */
+
+$conf['title'] = 'Wiki';
+$conf['license'] = '0';
+$conf['basedir'] = '/';
+$conf['baseurl'] = 'https://dokuwiki.focus-on-it.net';
+$conf['useacl'] = 1;
+$conf['superuser'] = '@admin';
+$conf['disableactions'] = 'register';
+$conf['auth_security_timeout'] = 3600;
+$conf['mailfrom'] = 'Dokuwiki@focus-on-it.net';
+$conf['canonical'] = 1;
+$conf['plugin']['diagrams']['service_url'] = 'https://embed.diagrams.net/';
+$conf['plugin']['diagrams']['mode'] = '2';
+$conf['plugin']['smtp']['smtp_host'] = 'mail.focus-on-it.net';
+$conf['plugin']['smtp']['smtp_port'] = 587;
+$conf['plugin']['smtp']['smtp_ssl'] = 'tls';
+$conf['plugin']['smtp']['localdomain'] = 'service.focus-on-it.net';

root/docker/dokuwiki/data/conf/local.php.bak.php

@@ -0,0 +1,24 @@
+<?php
+/*
+ * Dokuwiki's Main Configuration File - Local Settings
+ * Auto-generated by config plugin
+ * Run for user: admin
+ * Date: Sun, 08 Mar 2026 06:09:16 +0000
+ */
+
+$conf['title'] = 'Wiki';
+$conf['license'] = '0';
+$conf['basedir'] = '/';
+$conf['baseurl'] = 'https://dokuwiki.focus-on-it.net';
+$conf['useacl'] = 1;
+$conf['superuser'] = '@admin';
+$conf['disableactions'] = 'register';
+$conf['auth_security_timeout'] = 3600;
+$conf['mailfrom'] = 'Dokuwiki@focus-on-it.net';
+$conf['canonical'] = 1;
+$conf['plugin']['diagrams']['service_url'] = 'https://app.diagrams.net';
+$conf['plugin']['diagrams']['mode'] = '2';
+$conf['plugin']['smtp']['smtp_host'] = 'mail.focus-on-it.net';
+$conf['plugin']['smtp']['smtp_port'] = 587;
+$conf['plugin']['smtp']['smtp_ssl'] = 'tls';
+$conf['plugin']['smtp']['localdomain'] = 'service.focus-on-it.net';

root/docker/dokuwiki/data/conf/plugins.local.php

@@ -0,0 +1,12 @@
+<?php
+/*
+ * Local plugin enable/disable settings
+ *
+ * Auto-generated by install script
+ * Date: Sat, 14 Feb 2026 13:16:27 +0000
+ */
+
+$plugins['authad']    = 0;
+$plugins['authldap']  = 0;
+$plugins['authmysql'] = 0;
+$plugins['authpgsql'] = 0;

root/docker/dokuwiki/data/conf/users.auth.php

@@ -0,0 +1,18 @@
+# users.auth.php
+# <?php exit()?>
+# Don't modify the lines above
+#
+# Userfile
+#
+# Auto-generated by install script
+# Date: Sat, 14 Feb 2026 13:16:27 +0000
+#
+# Format:
+# login:passwordhash:Real Name:email:groups,comma,separated
+
+admin:$2y$10$jJlC0eW/qKfyZsXxwYlOTuNOpjKzdL32wIFArVbiknOWrjxfwho8e:Admin:Michael.Seidel@focus-on-it.de:admin,user
+dany:$2y$10$id0jpOSPPzQU2Obx5ZMX8eCcqMH1PFQc7dW8XswjbjXzcGkFD/iBi:Daniela Seidel:Daniela.Seidel@focus-on-it.de:user,dany,foit
+micha:$2y$10$8wh6APl35INN752EY3NTM.yy04SZWUzQhrkk040wMX8IFwMiMMrV6:Michael Seidel:Michael.Seidel@focus-on-it.de:user,it,rsit,foit
+matthias:$2y$10$aSQqSxmUKm97IZPqUdEMzug9C1XlZGKcAhFytCO0vveJ9SMxoQahy:Matthias Ruckwied:matthias@ruckwied-it.de:rsit,user
+testuser:$2y$10$RFWOkg5sm5W51pLpgOXLOO.h0PszrYOhFcTxrLkVMtvncCX2nQWWa:Testo:test@focus-on-it.de:user
+testrsit:$2y$10$LmgM9kTY11ynNdNOH6g2qeADFO8GrNiRbFo8lK.lSreiQRi8P9SBy:RSITler:RSIt@focus-on-it.de:rsit,user

root/docker/dokuwiki/data/conf/users.auth.php.bak

@@ -0,0 +1,14 @@
+# users.auth.php
+# <?php exit()?>
+# Don't modify the lines above
+#
+# Userfile
+#
+# Auto-generated by install script
+# Date: Sat, 14 Feb 2026 13:16:27 +0000
+#
+# Format:
+# login:passwordhash:Real Name:email:groups,comma,separated
+
+admin:$2y$10$zGnIfotQJ7QVVrsQtBzRy.vbbR3dOPJjNHpPqUjAUrh3nZ/E1SBRG:Admin:Michael.Seidel@focus-on-it.de:admin,user
+micha:$2y$10$vfJ2kebl9bNf9kzfkxzgB.HuMQkyDMBPSOOXcItO6.MLg9wt4rXMO:Michael Seidel:Michael.Seidel@focus-on-it.de:user

root/docker/dokuwiki/data/lib/plugins/diagramsnet/lib/images/manifest.json

@@ -0,0 +1,22 @@
+{
+    "name": "diagrams.net",
+    "short_name": "Diagrams",
+    "description": "diagrams.net is a completely free diagram editor",
+    "icons": [
+        {
+            "src": "/images/android-chrome-196x196.png",
+            "sizes": "196x196",
+            "type": "image/png",
+     		"purpose": "any maskable"
+        },
+        {
+            "src": "/images/android-chrome-512x512.png",
+            "sizes": "512x512",
+            "type": "image/png"
+        }
+    ],
+    "theme_color": "#DF6C0C",
+    "background_color": "#DF6C0C",
+    "display": "fullscreen",
+    "start_url": "/index.html"
+}

root/docker/dokuwiki/data/lib/plugins/diagramsnet/lib/math/.travis.yml

@@ -0,0 +1,17 @@
+language: node_js
+node_js:
+- stable
+sudo: false
+script:
+- npm install
+- npm test
+branches:
+  only:
+  - "/^\\d+\\.\\d+/"
+deploy:
+  provider: npm
+  email: manager@mathjax.org
+  api_key:
+    secure: VbG6GALVGUCeZKhaqpR1JD70ZWC20NyTSyue9htlmLMhrw02JR/5Bi7mZDZrnvAqo8gSO6MGE6lbbaBBI5u42iklNHFYg+RTeEF7CafoVBSC7QeNNdkpDJyeEQ+zEAWKv4/oOcqH9logQBJoW+iT9xHlyVIZxmEYG9ptWYzouWk=
+  on:
+    tags: true

root/docker/dokuwiki/data/lib/plugins/diagramsnet/lib/package.json

@@ -0,0 +1,39 @@
+{
+  "name": "draw.io",
+  "version": "15.7.2",
+  "description": "diagrams.net desktop",
+  "main": "electron.js",
+  "scripts": {
+    "start": "electron ."
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/jgraph/drawio.git"
+  },
+  "keywords": [
+    "draw.io",
+    "diagram",
+    "flowchart",
+    "UML"
+  ],
+  "author": "JGraph",
+  "license": "Apache-2.0",
+  "bugs": {
+    "url": "https://github.com/jgraph/drawio-desktop/issues"
+  },
+  "homepage": "https://github.com/jgraph/drawio",
+  "dependencies": {
+    "@electron/remote": "^2.0.1",
+    "commander": "^8.2.0",
+    "compression": "^1.7.4",
+    "crc": "^3.8.0",
+    "electron-log": "^4.4.1",
+    "electron-progressbar": "^2.0.1",
+    "electron-store": "^8.0.0",
+    "electron-updater": "^4.3.9",
+    "pdf-lib": "^1.16.0"
+  },
+  "devDependencies": {
+    "electron": "^13.6.1"
+  }
+}

root/docker/dokuwiki/data/lib/plugins/move/.github/workflows/dokuwiki.yml

@@ -0,0 +1,11 @@
+name: DokuWiki Default Tasks
+on:
+  push:
+  pull_request:
+  schedule:
+    - cron: '1 18 5 * *'
+
+
+jobs:
+  all:
+    uses: dokuwiki/github-action/.github/workflows/all.yml@main

root/docker/dokuwiki/data/lib/plugins/move/.github/workflows/release.yml

@@ -0,0 +1,24 @@
+# Create release on change to plugin.info.txt version line
+# https://github.com/dokuwiki/dokuwiki/issues/3951
+#
+# Requires DOKUWIKI_USER and DOKUWIKI_PASS secrets be set in GitHub Actions
+
+name: Release
+
+on:
+  push:
+    branches:
+      - master
+    paths:
+      - "*.info.txt"
+
+jobs:
+  release:
+    name: Release
+    # https://github.com/dokuwiki/dokuwiki/pull/3966
+    uses: glensc/dokuwiki/.github/workflows/plugin-release.yml@39431875f734bddc35cc6b4a899bbfdec97e8aba
+    secrets:
+      DOKUWIKI_USER: ${{ secrets.DOKUWIKI_USER }}
+      DOKUWIKI_PASS: ${{ secrets.DOKUWIKI_PASS }}
+
+# vim:ts=2:sw=2:et

root/docker/dokuwiki/data/lib/plugins/prosemirror/.github/auto-comment.yml

@@ -0,0 +1,9 @@
+# auto replies used by probot/auto-comment
+
+issuesOpened: >
+  Thank you for opening this issue.
+
+  [CosmoCode](https://www.cosmocode.de) is a software company in Berlin providing services for wiki, app and web development. As such we can't guarantee quick responses for issues opened on our Open Source projects.
+
+  If you require certain features or bugs fixed, you can always hire us. Feel free to contact us at dokuwiki@cosmocode.de for an offer.
+

root/docker/dokuwiki/data/lib/plugins/smtp/.travis.yml

@@ -0,0 +1,15 @@
+# Config file for travis-ci.org
+
+language: php
+php:
+  - "7.3"
+  - "7.2"
+  - "7.1"
+  - "7.0"
+  - "5.6"
+env:
+  - DOKUWIKI=master
+  - DOKUWIKI=stable
+before_install: wget https://raw.github.com/splitbrain/dokuwiki-travis/master/travis.sh
+install: sh travis.sh
+script: cd _test && ./phpunit.phar --stderr --group plugin_smtp

root/docker/dokuwiki/data/lib/plugins/smtp/subtree/txtthinking/Mailer/composer.json

@@ -0,0 +1,39 @@
+{
+    "name": "txthinking/mailer",
+    "type": "library",
+    "keywords": ["mail", "smtp"],
+    "description": "A very lightweight PHP SMTP mail sender",
+    "license": "MIT",
+    "homepage": "http://github.com/txthinking/Mailer",
+    "authors": [
+      {
+        "name": "Cloud",
+        "email": "cloud@txthinking.com",
+        "homepage": "http://www.txthinking.com",
+        "role": "Thinker"
+      },
+      {
+        "name": "Matt Sowers",
+        "email": "msowers@erblearn.org"
+      }
+    ],
+    "require": {
+        "php": ">=5.3.2",
+        "psr/log": "~1.0"
+    },
+    "require-dev": {
+        "phpunit/phpunit": "~4.0",
+        "erb/testing-tools": "dev-master",
+        "monolog/monolog": "~1.13"
+    },
+    "autoload": {
+        "psr-4": {
+            "Tx\\": "src/"
+        }
+    },
+    "autoload-dev": {
+        "classmap": [
+            "tests/TestCase.php"
+        ]
+    }
+}

root/docker/dokuwiki/docker-compose.yml

@@ -0,0 +1,24 @@
+#/root/docker/dokuwiki/docker-compose.yml
+
+services:
+  dokuwiki:
+    image: dokuwiki/dokuwiki:stable
+    container_name: dokuwiki
+    restart: unless-stopped
+    volumes:
+      - ./data:/storage
+    networks:
+      - webproxy-net
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=webproxy-net
+      - traefik.http.routers.dokuwiki.rule=Host(`dokuwiki.focus-on-it.net`)
+      - traefik.http.routers.dokuwiki.entrypoints=websecure
+      - traefik.http.routers.dokuwiki.tls=true
+      - traefik.http.routers.dokuwiki.tls.certresolver=le
+      - traefik.http.services.dokuwiki.loadbalancer.server.port=8080
+
+networks:
+  webproxy-net:
+    external: true
+    name: webproxy-net

root/docker/dokuwiki/start.sh

@@ -0,0 +1,17 @@
+#!/bin/sh
+#/root/docker/dokuwiki/start.sh
+set -euo pipefail
+cd "$(dirname "$0")"
+
+# 1) Name freimachen – egal ob Container von docker run oder compose stammt
+docker rm -f dokuwiki >/dev/null 2>&1 || true
+
+# 2) Falls Compose-Reste existieren, wegräumen (optional, aber sauber)
+docker compose down >/dev/null 2>&1 || true
+
+# 3) Update + Recreate
+docker compose pull
+docker compose up -d --force-recreate --remove-orphans
+
+# 4) Cleanup
+docker image prune -f

root/docker/drawio/docker-compose.yml

@@ -0,0 +1,37 @@
+services:
+  drawio:
+    image: jgraph/drawio:latest
+    container_name: drawio
+    restart: unless-stopped
+
+    environment:
+      TZ: Europe/Berlin
+      DRAWIO_SERVER_URL: "https://drawio.focus-on-it.net/"
+      DRAWIO_BASE_URL: "https://drawio.focus-on-it.net"
+      DRAWIO_DISABLE_XFRAME: "1"
+
+    expose:
+      - "8080"
+
+    networks:
+      - webproxy-net
+
+    volumes:
+      - drawio-logs:/usr/local/tomcat/logs
+
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=webproxy-net
+      - traefik.http.routers.drawio.rule=Host(`drawio.focus-on-it.net`)
+      - traefik.http.routers.drawio.entrypoints=websecure
+      - traefik.http.routers.drawio.tls=true
+      - traefik.http.routers.drawio.tls.certresolver=le
+      - traefik.http.routers.drawio.middlewares=drawio-auth@file
+      - traefik.http.services.drawio.loadbalancer.server.port=8080
+
+networks:
+  webproxy-net:
+    external: true
+
+volumes:
+  drawio-logs:

root/docker/drawio/start.sh

@@ -0,0 +1,17 @@
+#!/bin/sh
+#/root/docker/Webserver/start.sh
+
+set -euo pipefail
+cd "$(dirname "$0")"
+
+# Stack sauber stoppen und entfernen (Container weg, Volumes bleiben!)
+docker compose down
+
+# Images aktualisieren
+docker compose pull
+
+# Neu erstellen und starten
+docker compose up -d --force-recreate --remove-orphans
+
+# Optional: alte Images aufräumen
+docker image prune -f

root/docker/guacamole/docker-compose.yml

@@ -0,0 +1,67 @@
+# /root/docker/guacamole/docker-compose.yml
+services:
+  guacd:
+    image: guacamole/guacd:1.6.0
+    container_name: guacd
+    restart: unless-stopped
+    networks:
+      - guac-internal
+
+  postgres:
+    image: postgres:16
+    container_name: guac-postgres
+    restart: unless-stopped
+    environment:
+      POSTGRES_DB: guacamole_db
+      POSTGRES_USER: guacamole
+      POSTGRES_PASSWORD: 'c~dXXUbkV2/f`UL^m#RAq8i=n!DL06#N'
+    volumes:
+      - ./data/postgres:/var/lib/postgresql/data
+    networks:
+      - guac-internal
+
+  guacamole:
+    image: guacamole/guacamole:1.6.0
+    container_name: guacamole
+    restart: unless-stopped
+    depends_on:
+      - guacd
+      - postgres
+    environment:
+      GUACD_HOSTNAME: guacd
+      POSTGRESQL_HOSTNAME: postgres
+      POSTGRESQL_DATABASE: guacamole_db
+      POSTGRESQL_USERNAME: guacamole
+      POSTGRESQL_PASSWORD: 'c~dXXUbkV2/f`UL^m#RAq8i=n!DL06#N'
+    volumes:
+      - ./data/guacamole:/etc/guacamole
+    expose:
+      - "8080"
+    networks:
+      - guac-internal
+      - webproxy-net
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=webproxy-net
+
+      #Haupt-Router für Guacamole
+      - traefik.http.routers.guac.rule=Host(`guacamole.focus-on-it.net`)
+      - traefik.http.routers.guac.entrypoints=websecure
+      - traefik.http.routers.guac.tls=true
+      - traefik.http.routers.guac.tls.certresolver=le
+      - traefik.http.services.guac.loadbalancer.server.port=8080
+
+      # Redirect / -> /guacamole/
+      - traefik.http.routers.guac-root.rule=Host(`guacamole.focus-on-it.net`) && Path(`/`)
+      - traefik.http.routers.guac-root.entrypoints=websecure
+      - traefik.http.routers.guac-root.tls=true
+      - traefik.http.routers.guac-root.tls.certresolver=le
+      - traefik.http.routers.guac-root.middlewares=guac-root-redirect
+      - traefik.http.middlewares.guac-root-redirect.redirectregex.regex=^https://guacamole\.focus-on-it\.net/$
+      - traefik.http.middlewares.guac-root-redirect.redirectregex.replacement=https://guacamole.focus-on-it.net/guacamole/
+      - traefik.http.middlewares.guac-root-redirect.redirectregex.permanent=false
+networks:
+  guac-internal:
+    driver: bridge
+  webproxy-net:
+    external: true

root/docker/guacamole/start.sh

@@ -0,0 +1,6 @@
+#!/bin/sh
+#/root/docker/guacamole/start.sh
+
+docker compose down
+docker compose pull
+docker compose up -d --force-recreate --remove-orphans

root/docker/nextcloud/Dockerfile

@@ -0,0 +1,19 @@
+FROM nextcloud:fpm
+
+USER root
+
+COPY certs/focus-on-it-ca.crt /usr/local/share/ca-certificates/focus-on-it-ca.crt
+RUN update-ca-certificates
+
+RUN apt-get update \
+ && apt-get install -y --no-install-recommends \
+    smbclient \
+    ldap-utils \
+    libldap2-dev \
+    libssl-dev \
+    wait-for-it \
+ && docker-php-ext-configure ldap --with-libdir=lib/x86_64-linux-gnu/ \
+ && docker-php-ext-install ldap \
+ && rm -rf /var/lib/apt/lists/*
+
+# KEIN USER www-data hier

root/docker/nextcloud/data/nginx/conf.d/nextcloud.conf

@@ -0,0 +1,81 @@
+server {
+    listen 80;
+    server_name _;
+
+    root /var/www/html;
+    index index.php index.html /index.php$request_uri;
+
+    client_max_body_size 10G;
+    client_body_timeout 300s;
+    fastcgi_buffers 64 4K;
+
+    gzip off;
+
+    add_header Referrer-Policy "no-referrer" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Permitted-Cross-Domain-Policies "none" always;
+    add_header X-Robots-Tag "noindex, nofollow" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    location = /.well-known/carddav {
+        return 301 /remote.php/dav;
+    }
+
+    location = /.well-known/caldav {
+        return 301 /remote.php/dav;
+    }
+
+    location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
+    location /.well-known/pki-validation    { try_files $uri $uri/ =404; }
+
+    location / {
+        try_files $uri $uri/ /index.php$request_uri;
+    }
+
+    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
+        deny all;
+    }
+
+    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
+        deny all;
+    }
+
+    location ~ \.php(?:$|/) {
+        rewrite ^/(?!index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|.+/richdocumentscode/proxy) /index.php$request_uri;
+
+        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+        set $path_info $fastcgi_path_info;
+
+        try_files $fastcgi_script_name =404;
+
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param PATH_INFO $path_info;
+        fastcgi_param HTTPS on;
+        fastcgi_param modHeadersAvailable true;
+        fastcgi_param front_controller_active true;
+        fastcgi_pass nextcloud-app:9000;
+        fastcgi_intercept_errors on;
+        fastcgi_request_buffering off;
+        fastcgi_read_timeout 3600;
+    }
+
+    location ~ \.(?:css|js|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
+        try_files $uri /index.php$request_uri;
+        expires 6M;
+        access_log off;
+    }
+
+    location ~ \.(?:mp4|webm|avif|bmp|html|ttf|woff2?)$ {
+        try_files $uri /index.php$request_uri;
+        expires 6M;
+        access_log off;
+    }
+}

root/docker/nextcloud/data/nginx/nginx.conf

@@ -0,0 +1,22 @@
+user  nginx;
+worker_processes  auto;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include       /etc/nginx/mime.types;
+    types {
+        text/javascript  mjs;
+    }
+    default_type  application/octet-stream;
+
+    sendfile        on;
+    tcp_nopush      on;
+    tcp_nodelay     on;
+    keepalive_timeout  65;
+    client_max_body_size 10G;
+
+    include /etc/nginx/conf.d/*.conf;
+}

root/docker/nextcloud/docker-compose.yml

@@ -0,0 +1,97 @@
+services:
+  nextcloud-db:
+    image: mariadb:11
+    container_name: nextcloud-db
+    restart: unless-stopped
+    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
+    environment:
+      MYSQL_ROOT_PASSWORD: aMdZqdgztQbadb3yes05
+      MYSQL_DATABASE: nextcloud
+      MYSQL_USER: nextcloud
+      MYSQL_PASSWORD: ZDFnJGCBo0PHvq58KItT
+      TZ: Europe/Berlin
+    volumes:
+      - /root/docker/nextcloud/data/db:/var/lib/mysql
+    networks:
+      - nextcloud-internal
+
+  nextcloud-redis:
+    image: redis:7-alpine
+    container_name: nextcloud-redis
+    restart: unless-stopped
+    command: redis-server --appendonly yes
+    volumes:
+      - /root/docker/nextcloud/data/redis:/data
+    networks:
+      - nextcloud-internal
+
+  nextcloud-app:
+    build: .
+    container_name: nextcloud-app
+    restart: unless-stopped
+    depends_on:
+      - nextcloud-db
+      - nextcloud-redis
+    command: >
+      /bin/sh -c "
+      wait-for-it nextcloud-db:3306 --timeout=60 &&
+      wait-for-it nextcloud-redis:6379 --timeout=60 &&
+      exec php-fpm
+      "
+    environment:
+      MYSQL_HOST: nextcloud-db
+      MYSQL_DATABASE: nextcloud
+      MYSQL_USER: nextcloud
+      MYSQL_PASSWORD: ZDFnJGCBo0PHvq58KItT
+      REDIS_HOST: nextcloud-redis
+      TZ: Europe/Berlin
+    volumes:
+      - /srv/nextcloud-data-local/nextcloud:/var/www/html
+    networks:
+      - nextcloud-internal
+  nextcloud-cron:
+    build: .
+    container_name: nextcloud-cron
+    restart: unless-stopped
+    depends_on:
+       - nextcloud-app
+    entrypoint: /cron.sh
+    environment:
+       MYSQL_HOST: nextcloud-db
+       MYSQL_DATABASE: nextcloud
+       MYSQL_USER: nextcloud
+       MYSQL_PASSWORD: ZDFnJGCBo0PHvq58KItT
+       REDIS_HOST: nextcloud-redis
+       TZ: Europe/Berlin
+    volumes:
+      - /srv/nextcloud-data-local/nextcloud:/var/www/html
+    networks:
+      - nextcloud-internal
+     
+  nextcloud-nginx:
+    image: nginx:alpine
+    container_name: nextcloud-nginx
+    restart: unless-stopped
+    depends_on:
+      - nextcloud-app
+    volumes:
+      - /srv/nextcloud-data-local/nextcloud:/var/www/html:ro
+      - /root/docker/nextcloud/data/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
+      - /root/docker/nextcloud/data/nginx/conf.d:/etc/nginx/conf.d:ro
+    networks:
+      - nextcloud-internal
+      - webproxy-net
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=webproxy-net
+      - traefik.http.routers.nextcloud.rule=Host(`nextcloud.focus-on-it.net`)
+      - traefik.http.routers.nextcloud.entrypoints=websecure
+      - traefik.http.routers.nextcloud.tls=true
+      - traefik.http.routers.nextcloud.tls.certresolver=le
+      - traefik.http.routers.nextcloud.middlewares=nextcloud-headers@file
+      - traefik.http.services.nextcloud.loadbalancer.server.port=80
+networks:
+  nextcloud-internal:
+    driver: bridge
+  webproxy-net:
+    external: true

root/docker/nextcloud/start.sh

@@ -0,0 +1,17 @@
+#!/bin/sh
+#/root/docker/Webserver/start.sh
+
+set -euo pipefail
+cd "$(dirname "$0")"
+
+# Stack sauber stoppen und entfernen (Container weg, Volumes bleiben!)
+docker compose down
+
+# Images aktualisieren
+docker compose pull
+
+# Neu erstellen und starten
+docker compose up -d --build --force-recreate --remove-orphans
+
+# Optional: alte Images aufräumen
+docker image prune -f

root/docker/start.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+#/root/docker/start.sh
+
+set -euo pipefail
+
+cd /root/docker
+
+(cd dokuwiki && ./start.sh)
+(cd guacamole && ./start.sh)
+(cd nextcloud && ./start.sh)
+
+
+# optional: kleine Pause (nach deinen nginx-resolver Änderungen nicht mehr zwingend,
+# aber schadet nicht, falls noch weitere upstreams dazukommen)
+sleep 2
+
+#(cd Webproxy && ./start.sh)
+(cd traefik && ./start.sh)

root/docker/traefik/data/dynamic/dynamic/.htpasswd

@@ -0,0 +1,2 @@
+admin:$apr1$kwoSW3.P$q.4mOtE14xAdBLR5tA4sA/
+

root/docker/traefik/data/dynamic/dynamic/middlewares.yml

@@ -0,0 +1,15 @@
+http:
+  middlewares:
+    drawio-auth:
+      basicAuth:
+        usersFile: /etc/traefik/dynamic/.htpasswd
+
+    dashboard-auth:
+      basicAuth:
+        usersFile: /etc/traefik/dynamic/.htpasswd     
+
+    lan-only:
+      ipWhiteList:
+        sourceRange:
+          - "192.168.0.0/16"
+          - "10.0.0.0/8"

root/docker/traefik/data/dynamic/dynamic/nextcloud.yml

@@ -0,0 +1,6 @@
+http:
+  middlewares:
+    nextcloud-headers:
+      headers:
+        customRequestHeaders:
+          X-Forwarded-Proto: https

root/docker/traefik/data/dynamic/middlewares.yml

@@ -0,0 +1,15 @@
+http:
+  middlewares:
+    drawio-auth:
+      basicAuth:
+        usersFile: /etc/traefik/dynamic/.htpasswd
+
+    dashboard-auth:
+      basicAuth:
+        usersFile: /etc/traefik/dynamic/.htpasswd     
+
+    lan-only:
+      ipWhiteList:
+        sourceRange:
+          - "192.168.0.0/16"
+          - "10.0.0.0/8"

root/docker/traefik/data/dynamic/nextcloud.yml

@@ -0,0 +1,6 @@
+http:
+  middlewares:
+    nextcloud-headers:
+      headers:
+        customRequestHeaders:
+          X-Forwarded-Proto: https

root/docker/traefik/docker-compose.yml

@@ -0,0 +1,60 @@
+services:
+  traefik:
+    image: traefik:latest
+    container_name: traefik
+    command:
+      - --global.sendanonymoususage=false
+      - --log.level=INFO
+
+      # Docker Provider
+      - --providers.docker=true
+      - --providers.docker.exposedbydefault=false
+      - --providers.docker.network=webproxy-net
+
+      # optional: zusätzliche dynamische Datei für Middlewares/TLS-Optionen
+      - --providers.file.directory=/etc/traefik/dynamic
+      - --providers.file.watch=true
+
+      # EntryPoints
+      - --entrypoints.web.address=:80
+      - --entrypoints.websecure.address=:443
+
+      # globaler HTTP -> HTTPS Redirect
+      - --entrypoints.web.http.redirections.entrypoint.to=websecure
+      - --entrypoints.web.http.redirections.entrypoint.scheme=https
+      - --entrypoints.web.http.redirections.entrypoint.permanent=true
+
+      # ACME / Let's Encrypt
+      - --certificatesresolvers.le.acme.email=Michael.Seidel@focus-on-it.de
+      - --certificatesresolvers.le.acme.storage=/letsencrypt/acme.json
+      - --certificatesresolvers.le.acme.httpchallenge=true
+      - --certificatesresolvers.le.acme.httpchallenge.entrypoint=web
+
+      # Dashboard nur intern / testweise
+      - --api.dashboard=true
+      - --api.insecure=false
+
+    ports:
+      - "80:80"
+      - "443:443"
+
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - /root/docker/traefik/data/letsencrypt:/letsencrypt
+      - /root/docker/traefik/data/dynamic:/etc/traefik/dynamic:ro
+
+    networks:
+      - webproxy-net
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.traefik.rule=Host(`traefik.focus-on-it.net`)
+      - traefik.http.routers.traefik.entrypoints=websecure
+      - traefik.http.routers.traefik.tls=true
+      - traefik.http.routers.traefik.tls.certresolver=le
+      - traefik.http.routers.traefik.service=api@internal
+      - traefik.http.routers.traefik.middlewares=lan-only@file,dashboard-auth@file
+    restart: unless-stopped
+
+networks:
+  webproxy-net:
+    external: true

root/docker/traefik/start.sh

@@ -0,0 +1,17 @@
+#!/bin/sh
+#/root/docker/traefik/start.sh
+
+set -euo pipefail
+cd "$(dirname "$0")"
+
+# Stack sauber stoppen und entfernen (Container weg, Volumes bleiben!)
+docker compose down
+
+# Images aktualisieren
+docker compose pull
+
+# Neu erstellen und starten
+docker compose up -d --force-recreate --remove-orphans
+
+# Optional: alte Images aufräumen
+docker image prune -f