From 343169d233c3c0f8104d87f27e8e2f9913808ea8 Mon Sep 17 00:00:00 2001 From: J0WI Date: Mon, 29 Apr 2019 14:59:35 +0200 Subject: [PATCH] Compatibility with docker secrets (Fix #560) Signed-off-by: J0WI --- 14.0/apache/entrypoint.sh | 30 ++++++++++++++++++ 14.0/fpm-alpine/entrypoint.sh | 30 ++++++++++++++++++ 14.0/fpm/entrypoint.sh | 30 ++++++++++++++++++ 15.0/apache/entrypoint.sh | 30 ++++++++++++++++++ 15.0/fpm-alpine/entrypoint.sh | 30 ++++++++++++++++++ 15.0/fpm/entrypoint.sh | 30 ++++++++++++++++++ 16.0/apache/entrypoint.sh | 30 ++++++++++++++++++ 16.0/fpm-alpine/entrypoint.sh | 30 ++++++++++++++++++ 16.0/fpm/entrypoint.sh | 30 ++++++++++++++++++ README.md | 58 ++++++++++++++++++++++++++++++++++- docker-entrypoint.sh | 30 ++++++++++++++++++ 11 files changed, 357 insertions(+), 1 deletion(-) diff --git a/14.0/apache/entrypoint.sh b/14.0/apache/entrypoint.sh index 78bd0a8..a45147f 100755 --- a/14.0/apache/entrypoint.sh +++ b/14.0/apache/entrypoint.sh @@ -19,6 +19,31 @@ run_as() { fi } +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + else + # do not define empty vars + return + fi + export "$var"="$val" + unset "$fileVar" +} + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then @@ -67,6 +92,8 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP if [ "$installed_version" = "0.0.0.0" ]; then echo "New nextcloud instance" + file_env NEXTCLOUD_ADMIN_PASSWORD + if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then # shellcheck disable=SC2016 install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' @@ -81,6 +108,9 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' fi + file_env MYSQL_PASSWORD + file_env POSTGRES_PASSWORD + install=false if [ -n "${SQLITE_DATABASE+x}" ]; then echo "Installing with SQLite database" diff --git a/14.0/fpm-alpine/entrypoint.sh b/14.0/fpm-alpine/entrypoint.sh index 78bd0a8..a45147f 100755 --- a/14.0/fpm-alpine/entrypoint.sh +++ b/14.0/fpm-alpine/entrypoint.sh @@ -19,6 +19,31 @@ run_as() { fi } +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + else + # do not define empty vars + return + fi + export "$var"="$val" + unset "$fileVar" +} + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then @@ -67,6 +92,8 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP if [ "$installed_version" = "0.0.0.0" ]; then echo "New nextcloud instance" + file_env NEXTCLOUD_ADMIN_PASSWORD + if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then # shellcheck disable=SC2016 install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' @@ -81,6 +108,9 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' fi + file_env MYSQL_PASSWORD + file_env POSTGRES_PASSWORD + install=false if [ -n "${SQLITE_DATABASE+x}" ]; then echo "Installing with SQLite database" diff --git a/14.0/fpm/entrypoint.sh b/14.0/fpm/entrypoint.sh index 78bd0a8..a45147f 100755 --- a/14.0/fpm/entrypoint.sh +++ b/14.0/fpm/entrypoint.sh @@ -19,6 +19,31 @@ run_as() { fi } +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + else + # do not define empty vars + return + fi + export "$var"="$val" + unset "$fileVar" +} + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then @@ -67,6 +92,8 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP if [ "$installed_version" = "0.0.0.0" ]; then echo "New nextcloud instance" + file_env NEXTCLOUD_ADMIN_PASSWORD + if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then # shellcheck disable=SC2016 install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' @@ -81,6 +108,9 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' fi + file_env MYSQL_PASSWORD + file_env POSTGRES_PASSWORD + install=false if [ -n "${SQLITE_DATABASE+x}" ]; then echo "Installing with SQLite database" diff --git a/15.0/apache/entrypoint.sh b/15.0/apache/entrypoint.sh index 78bd0a8..a45147f 100755 --- a/15.0/apache/entrypoint.sh +++ b/15.0/apache/entrypoint.sh @@ -19,6 +19,31 @@ run_as() { fi } +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + else + # do not define empty vars + return + fi + export "$var"="$val" + unset "$fileVar" +} + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then @@ -67,6 +92,8 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP if [ "$installed_version" = "0.0.0.0" ]; then echo "New nextcloud instance" + file_env NEXTCLOUD_ADMIN_PASSWORD + if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then # shellcheck disable=SC2016 install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' @@ -81,6 +108,9 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' fi + file_env MYSQL_PASSWORD + file_env POSTGRES_PASSWORD + install=false if [ -n "${SQLITE_DATABASE+x}" ]; then echo "Installing with SQLite database" diff --git a/15.0/fpm-alpine/entrypoint.sh b/15.0/fpm-alpine/entrypoint.sh index 78bd0a8..a45147f 100755 --- a/15.0/fpm-alpine/entrypoint.sh +++ b/15.0/fpm-alpine/entrypoint.sh @@ -19,6 +19,31 @@ run_as() { fi } +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + else + # do not define empty vars + return + fi + export "$var"="$val" + unset "$fileVar" +} + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then @@ -67,6 +92,8 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP if [ "$installed_version" = "0.0.0.0" ]; then echo "New nextcloud instance" + file_env NEXTCLOUD_ADMIN_PASSWORD + if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then # shellcheck disable=SC2016 install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' @@ -81,6 +108,9 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' fi + file_env MYSQL_PASSWORD + file_env POSTGRES_PASSWORD + install=false if [ -n "${SQLITE_DATABASE+x}" ]; then echo "Installing with SQLite database" diff --git a/15.0/fpm/entrypoint.sh b/15.0/fpm/entrypoint.sh index 78bd0a8..a45147f 100755 --- a/15.0/fpm/entrypoint.sh +++ b/15.0/fpm/entrypoint.sh @@ -19,6 +19,31 @@ run_as() { fi } +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + else + # do not define empty vars + return + fi + export "$var"="$val" + unset "$fileVar" +} + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then @@ -67,6 +92,8 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP if [ "$installed_version" = "0.0.0.0" ]; then echo "New nextcloud instance" + file_env NEXTCLOUD_ADMIN_PASSWORD + if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then # shellcheck disable=SC2016 install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' @@ -81,6 +108,9 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' fi + file_env MYSQL_PASSWORD + file_env POSTGRES_PASSWORD + install=false if [ -n "${SQLITE_DATABASE+x}" ]; then echo "Installing with SQLite database" diff --git a/16.0/apache/entrypoint.sh b/16.0/apache/entrypoint.sh index 78bd0a8..a45147f 100755 --- a/16.0/apache/entrypoint.sh +++ b/16.0/apache/entrypoint.sh @@ -19,6 +19,31 @@ run_as() { fi } +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + else + # do not define empty vars + return + fi + export "$var"="$val" + unset "$fileVar" +} + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then @@ -67,6 +92,8 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP if [ "$installed_version" = "0.0.0.0" ]; then echo "New nextcloud instance" + file_env NEXTCLOUD_ADMIN_PASSWORD + if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then # shellcheck disable=SC2016 install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' @@ -81,6 +108,9 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' fi + file_env MYSQL_PASSWORD + file_env POSTGRES_PASSWORD + install=false if [ -n "${SQLITE_DATABASE+x}" ]; then echo "Installing with SQLite database" diff --git a/16.0/fpm-alpine/entrypoint.sh b/16.0/fpm-alpine/entrypoint.sh index 78bd0a8..a45147f 100755 --- a/16.0/fpm-alpine/entrypoint.sh +++ b/16.0/fpm-alpine/entrypoint.sh @@ -19,6 +19,31 @@ run_as() { fi } +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + else + # do not define empty vars + return + fi + export "$var"="$val" + unset "$fileVar" +} + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then @@ -67,6 +92,8 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP if [ "$installed_version" = "0.0.0.0" ]; then echo "New nextcloud instance" + file_env NEXTCLOUD_ADMIN_PASSWORD + if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then # shellcheck disable=SC2016 install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' @@ -81,6 +108,9 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' fi + file_env MYSQL_PASSWORD + file_env POSTGRES_PASSWORD + install=false if [ -n "${SQLITE_DATABASE+x}" ]; then echo "Installing with SQLite database" diff --git a/16.0/fpm/entrypoint.sh b/16.0/fpm/entrypoint.sh index 78bd0a8..a45147f 100755 --- a/16.0/fpm/entrypoint.sh +++ b/16.0/fpm/entrypoint.sh @@ -19,6 +19,31 @@ run_as() { fi } +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + else + # do not define empty vars + return + fi + export "$var"="$val" + unset "$fileVar" +} + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then @@ -67,6 +92,8 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP if [ "$installed_version" = "0.0.0.0" ]; then echo "New nextcloud instance" + file_env NEXTCLOUD_ADMIN_PASSWORD + if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then # shellcheck disable=SC2016 install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' @@ -81,6 +108,9 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' fi + file_env MYSQL_PASSWORD + file_env POSTGRES_PASSWORD + install=false if [ -n "${SQLITE_DATABASE+x}" ]; then echo "Installing with SQLite database" diff --git a/README.md b/README.md index 88c1545..fa18f50 100644 --- a/README.md +++ b/README.md @@ -245,6 +245,62 @@ services: Then run `docker-compose up -d`, now you can access Nextcloud at http://localhost:8080/ from your host system. +# Docker Secrets +As an alternative to passing sensitive information via environment variables, _FILE may be appended to the previously listed environment variables, causing the initialization script to load the values for those variables from files present in the container. In particular, this can be used to load passwords from Docker secrets stored in /run/secrets/ files. For example: + +```yaml +version: '3.2' +services: + db: + image: postgres + restart: always + volumes: + - db:/var/lib/postgresql/data + environment: + - POSTGRES_DB=nextcloud + - POSTGRES_USER=nextcloud + - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password + secrets: + - postgres_password + app: + image: nextcloud + restart: always + ports: + - 8080:80 + volumes: + - nextcloud:/var/www/html + environment: + - POSTGRES_HOST=db + - POSTGRES_DB=nextcloud + - POSTGRES_USER=nextcloud + - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password + - NEXTCLOUD_ADMIN_USER=superuser + - NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/admin_password + depends_on: + - db + secrets: + - postgres_password + - admin_password + cron: + image: nextcloud + restart: always + volumes: + - nextcloud:/var/www/html + entrypoint: /cron.sh + depends_on: + - db +volumes: + db: + nextcloud: + +secrets: + postgres_password: + file: ./postgres_password.txt # put postgresql password to this file + admin_password: + file: ./admin_password.txt # put admin password to this file +``` +Currently, this is only supported for `NEXTCLOUD_ADMIN_PASSWORD`, `MYSQL_PASSWORD`, `POSTGRES_PASSWORD`. + # Make your Nextcloud available from the internet Until here your Nextcloud is just available from you docker host. If you want you Nextcloud available from the internet adding SSL encryption is mandatory. @@ -271,7 +327,7 @@ $ docker stop $ docker rm $ docker run -d nextcloud ``` -Beware that you have to run the same command with the options that you used to initially start your Nextcloud. That includes volumes, port mapping. +Beware that you have to run the same command with the options that you used to initially start your Nextcloud. That includes volumes, port mapping. When using docker-compose your compose file takes care of your configuration, so you just have to run: diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 78bd0a8..a45147f 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -19,6 +19,31 @@ run_as() { fi } +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + else + # do not define empty vars + return + fi + export "$var"="$val" + unset "$fileVar" +} + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then @@ -67,6 +92,8 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP if [ "$installed_version" = "0.0.0.0" ]; then echo "New nextcloud instance" + file_env NEXTCLOUD_ADMIN_PASSWORD + if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then # shellcheck disable=SC2016 install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' @@ -81,6 +108,9 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' fi + file_env MYSQL_PASSWORD + file_env POSTGRES_PASSWORD + install=false if [ -n "${SQLITE_DATABASE+x}" ]; then echo "Installing with SQLite database"