From 030a743b397af22366598c2b9ca010a95120cc29 Mon Sep 17 00:00:00 2001 From: J0WI Date: Sat, 5 Jan 2019 18:36:52 +0100 Subject: [PATCH 1/3] Add Alpine variant to Dockerfile examples Signed-off-by: J0WI --- .../dockerfiles/cron/fpm-alpine/Dockerfile | 10 ++++ .../cron/fpm-alpine/supervisord.conf | 22 ++++++++ .../dockerfiles/full/fpm-alpine/Dockerfile | 52 +++++++++++++++++++ .../full/fpm-alpine/supervisord.conf | 22 ++++++++ .../dockerfiles/imap/fpm-alpine/Dockerfile | 22 ++++++++ .../dockerfiles/smb/fpm-alpine/Dockerfile | 3 ++ 6 files changed, 131 insertions(+) create mode 100644 .examples/dockerfiles/cron/fpm-alpine/Dockerfile create mode 100644 .examples/dockerfiles/cron/fpm-alpine/supervisord.conf create mode 100644 .examples/dockerfiles/full/fpm-alpine/Dockerfile create mode 100644 .examples/dockerfiles/full/fpm-alpine/supervisord.conf create mode 100644 .examples/dockerfiles/imap/fpm-alpine/Dockerfile create mode 100644 .examples/dockerfiles/smb/fpm-alpine/Dockerfile diff --git a/.examples/dockerfiles/cron/fpm-alpine/Dockerfile b/.examples/dockerfiles/cron/fpm-alpine/Dockerfile new file mode 100644 index 0000000..820b3f9 --- /dev/null +++ b/.examples/dockerfiles/cron/fpm-alpine/Dockerfile @@ -0,0 +1,10 @@ +FROM nextcloud:fpm-alpine + +RUN apk add --no-cache supervisor \ + && mkdir /var/log/supervisord /var/run/supervisord + +COPY supervisord.conf /etc/supervisor/supervisord.conf + +ENV NEXTCLOUD_UPDATE=1 + +CMD ["/usr/bin/supervisord"] diff --git a/.examples/dockerfiles/cron/fpm-alpine/supervisord.conf b/.examples/dockerfiles/cron/fpm-alpine/supervisord.conf new file mode 100644 index 0000000..4f76259 --- /dev/null +++ b/.examples/dockerfiles/cron/fpm-alpine/supervisord.conf @@ -0,0 +1,22 @@ +[supervisord] +nodaemon=true +logfile=/var/log/supervisord/supervisord.log +pidfile=/var/run/supervisord/supervisord.pid +childlogdir=/var/log/supervisord/ +logfile_maxbytes=50MB ; maximum size of logfile before rotation +logfile_backups=10 ; number of backed up logfiles +loglevel=error + +[program:php-fpm] +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 +command=php-fpm + +[program:cron] +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 +command=/cron.sh diff --git a/.examples/dockerfiles/full/fpm-alpine/Dockerfile b/.examples/dockerfiles/full/fpm-alpine/Dockerfile new file mode 100644 index 0000000..bfcb263 --- /dev/null +++ b/.examples/dockerfiles/full/fpm-alpine/Dockerfile @@ -0,0 +1,52 @@ +FROM nextcloud:fpm-alpine + +RUN set -ex; \ + \ + apk add --no-cache \ + ffmpeg \ + samba-client \ + supervisor \ +# libreoffice \ + ; + +RUN set -ex; \ + \ + apk add --no-cache --virtual .build-deps \ + $PHPIZE_DEPS \ + imap-dev \ + krb5-dev \ + libressl-dev \ + samba-dev \ + bzip2-dev \ + gmp-dev \ + ; \ + \ + docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \ + docker-php-ext-install \ + bz2 \ + gmp \ + imap \ + ; \ + pecl install smbclient; \ + docker-php-ext-enable smbclient; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + )"; \ + apk add --virtual .nextcloud-phpext-rundeps $runDeps; \ + apk del .build-deps + +RUN mkdir -p \ + /usr/share/man/man1 \ + /var/log/supervisord \ + /var/run/supervisord \ +; + +COPY supervisord.conf /etc/supervisor/supervisord.conf + +ENV NEXTCLOUD_UPDATE=1 + +CMD ["/usr/bin/supervisord"] diff --git a/.examples/dockerfiles/full/fpm-alpine/supervisord.conf b/.examples/dockerfiles/full/fpm-alpine/supervisord.conf new file mode 100644 index 0000000..4f76259 --- /dev/null +++ b/.examples/dockerfiles/full/fpm-alpine/supervisord.conf @@ -0,0 +1,22 @@ +[supervisord] +nodaemon=true +logfile=/var/log/supervisord/supervisord.log +pidfile=/var/run/supervisord/supervisord.pid +childlogdir=/var/log/supervisord/ +logfile_maxbytes=50MB ; maximum size of logfile before rotation +logfile_backups=10 ; number of backed up logfiles +loglevel=error + +[program:php-fpm] +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 +command=php-fpm + +[program:cron] +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 +command=/cron.sh diff --git a/.examples/dockerfiles/imap/fpm-alpine/Dockerfile b/.examples/dockerfiles/imap/fpm-alpine/Dockerfile new file mode 100644 index 0000000..289c2a9 --- /dev/null +++ b/.examples/dockerfiles/imap/fpm-alpine/Dockerfile @@ -0,0 +1,22 @@ +FROM nextcloud:fpm-alpine + +RUN set -ex; \ + \ + apk add --no-cache --virtual .build-deps \ + $PHPIZE_DEPS \ + imap-dev \ + krb5-dev \ + libressl-dev \ + ; \ + \ + docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \ + docker-php-ext-install imap; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + )"; \ + apk add --virtual .nextcloud-phpext-rundeps $runDeps; \ + apk del .build-deps diff --git a/.examples/dockerfiles/smb/fpm-alpine/Dockerfile b/.examples/dockerfiles/smb/fpm-alpine/Dockerfile new file mode 100644 index 0000000..a66cd93 --- /dev/null +++ b/.examples/dockerfiles/smb/fpm-alpine/Dockerfile @@ -0,0 +1,3 @@ +FROM nextcloud:fpm-alpine + +RUN apk add --no-cache samba-client From 0e941215b1b79929581cbbecdd79a544b50e4b9b Mon Sep 17 00:00:00 2001 From: J0WI Date: Sat, 5 Jan 2019 18:43:27 +0100 Subject: [PATCH 2/3] Refactor install process and remove build deps Signed-off-by: J0WI --- .examples/dockerfiles/full/apache/Dockerfile | 65 +++++++++++++++----- .examples/dockerfiles/full/fpm/Dockerfile | 65 +++++++++++++++----- .examples/dockerfiles/imap/apache/Dockerfile | 31 ++++++++-- .examples/dockerfiles/imap/fpm/Dockerfile | 31 ++++++++-- 4 files changed, 152 insertions(+), 40 deletions(-) diff --git a/.examples/dockerfiles/full/apache/Dockerfile b/.examples/dockerfiles/full/apache/Dockerfile index 178ca84..fe82de2 100644 --- a/.examples/dockerfiles/full/apache/Dockerfile +++ b/.examples/dockerfiles/full/apache/Dockerfile @@ -1,23 +1,58 @@ FROM nextcloud:apache -RUN mkdir -p /usr/share/man/man1 \ - && apt-get update && apt-get install -y \ - supervisor \ +RUN set -ex; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends \ ffmpeg \ - libbz2-dev \ - libgmp3-dev \ - libc-client-dev \ - libkrb5-dev \ smbclient \ - libsmbclient-dev \ + supervisor \ # libreoffice \ - && rm -rf /var/lib/apt/lists/* \ - && docker-php-ext-configure imap --with-kerberos --with-imap-ssl \ - && ln -s "/usr/include/$(dpkg-architecture --query DEB_BUILD_MULTIARCH)/gmp.h" /usr/include/gmp.h \ - && docker-php-ext-install bz2 gmp imap \ - && pecl install smbclient \ - && docker-php-ext-enable smbclient \ - && mkdir /var/log/supervisord /var/run/supervisord + ; \ + rm -rf /var/lib/apt/lists/* + +RUN set -ex; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libbz2-dev \ + libc-client-dev \ + libgmp3-dev \ + libkrb5-dev \ + libsmbclient-dev \ + ; \ + \ + docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \ + ln -s "/usr/include/$(dpkg-architecture --query DEB_BUILD_MULTIARCH)/gmp.h" /usr/include/gmp.h; \ + docker-php-ext-install \ + bz2 \ + gmp \ + imap \ + ; \ + pecl install smbclient; \ + docker-php-ext-enable smbclient; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + apt-mark manual $savedAptMark; \ + ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ + | awk '/=>/ { print $3 }' \ + | sort -u \ + | xargs -r dpkg-query -S \ + | cut -d: -f1 \ + | sort -u \ + | xargs -rt apt-mark manual; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir -p \ + /usr/share/man/man1 \ + /var/log/supervisord \ + /var/run/supervisord \ +; COPY supervisord.conf /etc/supervisor/supervisord.conf diff --git a/.examples/dockerfiles/full/fpm/Dockerfile b/.examples/dockerfiles/full/fpm/Dockerfile index b0c61d6..3e53e59 100644 --- a/.examples/dockerfiles/full/fpm/Dockerfile +++ b/.examples/dockerfiles/full/fpm/Dockerfile @@ -1,23 +1,58 @@ FROM nextcloud:fpm -RUN mkdir -p /usr/share/man/man1 \ - && apt-get update && apt-get install -y \ - supervisor \ +RUN set -ex; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends \ ffmpeg \ - libbz2-dev \ - libgmp3-dev \ - libc-client-dev \ - libkrb5-dev \ smbclient \ - libsmbclient-dev \ + supervisor \ # libreoffice \ - && rm -rf /var/lib/apt/lists/* \ - && docker-php-ext-configure imap --with-kerberos --with-imap-ssl \ - && ln -s "/usr/include/$(dpkg-architecture --query DEB_BUILD_MULTIARCH)/gmp.h" /usr/include/gmp.h \ - && docker-php-ext-install bz2 gmp imap \ - && pecl install smbclient \ - && docker-php-ext-enable smbclient \ - && mkdir /var/log/supervisord /var/run/supervisord + ; \ + rm -rf /var/lib/apt/lists/* + +RUN set -ex; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libbz2-dev \ + libc-client-dev \ + libgmp3-dev \ + libkrb5-dev \ + libsmbclient-dev \ + ; \ + \ + docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \ + ln -s "/usr/include/$(dpkg-architecture --query DEB_BUILD_MULTIARCH)/gmp.h" /usr/include/gmp.h; \ + docker-php-ext-install \ + bz2 \ + gmp \ + imap \ + ; \ + pecl install smbclient; \ + docker-php-ext-enable smbclient; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + apt-mark manual $savedAptMark; \ + ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ + | awk '/=>/ { print $3 }' \ + | sort -u \ + | xargs -r dpkg-query -S \ + | cut -d: -f1 \ + | sort -u \ + | xargs -rt apt-mark manual; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir -p \ + /usr/share/man/man1 \ + /var/log/supervisord \ + /var/run/supervisord \ +; COPY supervisord.conf /etc/supervisor/supervisord.conf diff --git a/.examples/dockerfiles/imap/apache/Dockerfile b/.examples/dockerfiles/imap/apache/Dockerfile index f7958c0..5f24c75 100644 --- a/.examples/dockerfiles/imap/apache/Dockerfile +++ b/.examples/dockerfiles/imap/apache/Dockerfile @@ -1,7 +1,28 @@ FROM nextcloud:apache -RUN apt-get update \ - && apt-get install -y libc-client-dev libkrb5-dev \ - && rm -rf /var/lib/apt/lists/* \ - && docker-php-ext-configure imap --with-kerberos --with-imap-ssl \ - && docker-php-ext-install imap +RUN set -ex; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libc-client-dev \ + libkrb5-dev \ + ; \ + \ + docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \ + docker-php-ext-install imap; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + apt-mark manual $savedAptMark; \ + ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ + | awk '/=>/ { print $3 }' \ + | sort -u \ + | xargs -r dpkg-query -S \ + | cut -d: -f1 \ + | sort -u \ + | xargs -rt apt-mark manual; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/* diff --git a/.examples/dockerfiles/imap/fpm/Dockerfile b/.examples/dockerfiles/imap/fpm/Dockerfile index b403de6..f692fd7 100644 --- a/.examples/dockerfiles/imap/fpm/Dockerfile +++ b/.examples/dockerfiles/imap/fpm/Dockerfile @@ -1,7 +1,28 @@ FROM nextcloud:fpm -RUN apt-get update \ - && apt-get install -y libc-client-dev libkrb5-dev \ - && rm -rf /var/lib/apt/lists/* \ - && docker-php-ext-configure imap --with-kerberos --with-imap-ssl \ - && docker-php-ext-install imap +RUN set -ex; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libc-client-dev \ + libkrb5-dev \ + ; \ + \ + docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \ + docker-php-ext-install imap; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + apt-mark manual $savedAptMark; \ + ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ + | awk '/=>/ { print $3 }' \ + | sort -u \ + | xargs -r dpkg-query -S \ + | cut -d: -f1 \ + | sort -u \ + | xargs -rt apt-mark manual; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/* From 7d262cbf9737f053f8ad0120a4a1f71fbd8f033a Mon Sep 17 00:00:00 2001 From: J0WI Date: Sun, 6 Jan 2019 23:57:41 +0100 Subject: [PATCH 3/3] Remove reference to line number Signed-off-by: J0WI --- .examples/README.md | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/.examples/README.md b/.examples/README.md index f2842d9..015ff53 100644 --- a/.examples/README.md +++ b/.examples/README.md @@ -21,43 +21,43 @@ Example | Description ### full The `full` Dockerfile example adds dependencies for all optional packages suggested by nextcloud that may be needed for some features (e.g. Video Preview Generation), as stated in the [Administration Manual](https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html). -NOTE: The Dockerfile does not install the LibreOffice package (line is commented), because it would increase the generated Image size by approximately 500 MB. In order to install it, simply uncomment the 13th line of the Dockerfile. +NOTE: The Dockerfile does not install the LibreOffice package (line is commented), because it would increase the generated Image size by approximately 500 MB. In order to install it, simply uncomment the appropriate line in the Dockerfile. -NOTE: Per default, only previews for BMP, GIF, JPEG, MarkDown, MP3, PNG, TXT, and XBitmap Files are generated. The configuration of the preview generation can be done in config.php, as explained in the [Administration Manual](https://docs.nextcloud.com/server/12/admin_manual/configuration_server/config_sample_php_parameters.html#previews) +NOTE: Per default, only previews for BMP, GIF, JPEG, MarkDown, MP3, PNG, TXT, and XBitmap Files are generated. The configuration of the preview generation can be done in config.php, as explained in the [Administration Manual](https://docs.nextcloud.com/server/12/admin_manual/configuration_server/config_sample_php_parameters.html#previews) -NOTE: Nextcloud recommends [disabling preview generation](https://docs.nextcloud.com/server/12/admin_manual/configuration_server/harden_server.html?highlight=enabledpreviewproviders#disable-preview-image-generation) for high security deployments, as preview generation opens your nextcloud instance to new possible attack vectors. +NOTE: Nextcloud recommends [disabling preview generation](https://docs.nextcloud.com/server/12/admin_manual/configuration_server/harden_server.html?highlight=enabledpreviewproviders#disable-preview-image-generation) for high security deployments, as preview generation opens your nextcloud instance to new possible attack vectors. The required steps for each optional/recommended package that is not already in the Nextcloud image are listed here, so that the Dockerfile can easily be modified to only install the needed extra packages. Simply remove the steps for the unwanted packages from the Dockerfile. #### PHP Module bz2 -`docker-php-ext-install bz2` +`docker-php-ext-install bz2` #### PHP Module imap -`apt install libc-client-dev libkrb5-dev` -`docker-php-ext-configure imap --with-kerberos --with-imap-ssl` -`docker-php-ext-install imap` +`apt install libc-client-dev libkrb5-dev` +`docker-php-ext-configure imap --with-kerberos --with-imap-ssl` +`docker-php-ext-install imap` #### PHP Module gmp -`apt install libgmp3-dev` -`docker-php-ext-install gmp` +`apt install libgmp3-dev` +`docker-php-ext-install gmp` #### PHP Module smbclient -`apt install smbclient libsmbclient-dev` -`pecl install smbclient` -`docker-php-ext-enable smbclient` +`apt install smbclient libsmbclient-dev` +`pecl install smbclient` +`docker-php-ext-enable smbclient` #### ffmpeg -`apt install ffmpeg` +`apt install ffmpeg` #### LibreOffice -`apt install libreoffice` +`apt install libreoffice` #### CRON via supervisor -`apt install supervisor` -`mkdir /var/log/supervisord /var/run/supervisord` -The following Dockerfile commands are also necessary for a sucessfull cron installation: -`COPY supervisord.conf /etc/supervisor/supervisord.conf` -`CMD ["/usr/bin/supervisord"]` +`apt install supervisor` +`mkdir /var/log/supervisord /var/run/supervisord` +The following Dockerfile commands are also necessary for a sucessfull cron installation: +`COPY supervisord.conf /etc/supervisor/supervisord.conf` +`CMD ["/usr/bin/supervisord"]`