Merge pull request #125 from nextcloud/rework-examples
[WIP] Rework of Examples Section
This commit is contained in:
commit
fa3b83c1b1
63
.examples/README.md
Normal file
63
.examples/README.md
Normal file
@ -0,0 +1,63 @@
|
|||||||
|
# Examples section
|
||||||
|
|
||||||
|
In this subfolders are some examples how to use the docker image. There are two sections:
|
||||||
|
|
||||||
|
* [`dockerfiles`](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles)
|
||||||
|
* [`docker-compose`](https://github.com/nextcloud/docker/tree/master/.examples/docker-compose)
|
||||||
|
|
||||||
|
The `dockerfiles` are derived images, that add or alter certain functionalities of the default docker images. In the `docker-compose` subfolder are examples for deployment of the application, including database, redis, collabora and other services.
|
||||||
|
|
||||||
|
## Dockerfiles
|
||||||
|
The Dockerfiles use the default images as base image and build on top of it.
|
||||||
|
|
||||||
|
|
||||||
|
Example | Description
|
||||||
|
------- | -------
|
||||||
|
[cron](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/cron) | uses supervisor to run the cron job inside the container (so no extra container is needed).
|
||||||
|
[imap](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/imap) | adds dependencies required to authenticate users via imap
|
||||||
|
[smb](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/smb) | adds dependencies required to use smb shares
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## docker-compose
|
||||||
|
In `docker-compose` additional services are bundled to create a complete nextcloud installation. The examples are designed to run out-of-the-box.
|
||||||
|
Before running the examples you have to modify the `db.env` and `docker-compose.yml` file and fill in your custom information.
|
||||||
|
|
||||||
|
The docker-compose examples make heavily use of dereived Dockerfiles to add configuration files into the containers. This way they should also work on remote docker systems as _Docker for Windows_. When running docker-compose on the same host as the docker daemon, another possibility would be to simply mount the files in the volumes section in the `docker-compose.yml` file.
|
||||||
|
|
||||||
|
|
||||||
|
### insecure
|
||||||
|
This example should only be used for testing on the local network because it uses a unencrypted http connection.
|
||||||
|
When you want to have your server reachable from the internet adding HTTPS-encryption is mandatory!
|
||||||
|
For this use one of the [with-nginx-proxy](#with-nginx-proxy) examples.
|
||||||
|
|
||||||
|
To use this example complete the following steps:
|
||||||
|
|
||||||
|
1. if you use mariadb or mysql choose a root password for the database in `docker-compose.yml` behind `MYSQL_ROOT_PASSWORD=`
|
||||||
|
2. choose a password for the database user nextcloud in `db.env` behind `MYSQL_PASSWORD=` (for mariadb/mysql) or `POSTGRES_PASSWORD=` (for postgres)
|
||||||
|
3. run `docker-compose build --pull` to pull the most recent base images and build the custom dockerfiles
|
||||||
|
4. start nextcloud with `docker-compose up -d`
|
||||||
|
|
||||||
|
|
||||||
|
If you want to update your installation to a newer version of nextcloud, repeat the steps 3 and 4.
|
||||||
|
|
||||||
|
|
||||||
|
### with-nginx-proxy
|
||||||
|
The nginx proxy adds a proxy layer between nextcloud and the internet. The proxy is designed to serve multiple sites on the same host machine.
|
||||||
|
The advantage in adding this layer is the ability to add a container for [Let's Encrypt](https://letsencrypt.org/) certificate handling.
|
||||||
|
This combination of the [jwilder/nginx-proxy](https://github.com/jwilder/nginx-proxy) and [jrcs/docker-letsencrypt-nginx-proxy-companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion) containers creates a fully automated https encryption of the nextcloud installation without worrying about certificate generation, validation or renewal.
|
||||||
|
|
||||||
|
To use this example complete the following steps:
|
||||||
|
|
||||||
|
1. open `docker-compose.yml`
|
||||||
|
1. insert your nextcloud domain behind `VIRTUAL_HOST=`and `LETSENCRYPT_HOST=`
|
||||||
|
2. enter a valid email behind `LETSENCRYPT_EMAIL=`
|
||||||
|
3. if you use mariadb or mysql choose a root password for the database behind `MYSQL_ROOT_PASSWORD=`
|
||||||
|
2. choose a password for the database user nextcloud in `db.env` behind `MYSQL_PASSWORD=` (for mariadb/mysql) or `POSTGRES_PASSWORD=` (for postgres)
|
||||||
|
3. run `docker-compose build --pull` to pull the most recent base images and build the custom dockerfiles
|
||||||
|
4. start nextcloud with `docker-compose up -d`
|
||||||
|
|
||||||
|
|
||||||
|
If you want to update your installation to a newer version of nextcloud, repeat the steps 3 and 4.
|
@ -1,97 +0,0 @@
|
|||||||
version: '2'
|
|
||||||
services:
|
|
||||||
proxy:
|
|
||||||
image: jwilder/nginx-proxy
|
|
||||||
container_name: proxy
|
|
||||||
ports:
|
|
||||||
- 80:80
|
|
||||||
- 443:443
|
|
||||||
volumes:
|
|
||||||
- ./proxy/conf.d:/etc/nginx/conf.d
|
|
||||||
- ./proxy/vhost.d:/etc/nginx/vhost.d
|
|
||||||
- ./proxy/html:/usr/share/nginx/html
|
|
||||||
- ./proxy/certs:/etc/nginx/certs:ro
|
|
||||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
|
||||||
networks:
|
|
||||||
- proxy-tier
|
|
||||||
restart: always
|
|
||||||
|
|
||||||
letsencrypt-companion:
|
|
||||||
image: alastaircoote/docker-letsencrypt-nginx-proxy-companion
|
|
||||||
container_name: letsencrypt-companion
|
|
||||||
volumes_from:
|
|
||||||
- proxy
|
|
||||||
volumes:
|
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
||||||
- ./proxy/certs:/etc/nginx/certs:rw
|
|
||||||
restart: always
|
|
||||||
|
|
||||||
web:
|
|
||||||
image: nginx
|
|
||||||
container_name: nextcloud_webserver
|
|
||||||
volumes:
|
|
||||||
- ./nginx.conf:/etc/nginx/nginx.conf:ro
|
|
||||||
links:
|
|
||||||
- app
|
|
||||||
- collabora
|
|
||||||
volumes_from:
|
|
||||||
- app
|
|
||||||
environment:
|
|
||||||
- VIRTUAL_HOST=${DOMAIN}
|
|
||||||
- VIRTUAL_NETWORK=nginx-proxy
|
|
||||||
- VIRTUAL_PORT=80
|
|
||||||
- LETSENCRYPT_HOST=${DOMAIN}
|
|
||||||
- LETSENCRYPT_EMAIL=
|
|
||||||
networks:
|
|
||||||
- proxy-tier
|
|
||||||
restart: always
|
|
||||||
|
|
||||||
app:
|
|
||||||
image: nextcloud:fpm
|
|
||||||
container_name: nextcloud_fpm
|
|
||||||
links:
|
|
||||||
- db
|
|
||||||
volumes:
|
|
||||||
- ./nextcloud/apps:/var/www/html/apps
|
|
||||||
- ./nextcloud/config:/var/www/html/config
|
|
||||||
- ./nextcloud/data:/var/www/html/data
|
|
||||||
networks:
|
|
||||||
- proxy-tier
|
|
||||||
restart: always
|
|
||||||
|
|
||||||
db:
|
|
||||||
image: mariadb
|
|
||||||
container_name: db
|
|
||||||
volumes:
|
|
||||||
- ./nextcloud/db:/var/lib/mysql
|
|
||||||
environment:
|
|
||||||
- MYSQL_ROOT_PASSWORD=
|
|
||||||
- MYSQL_DATABASE=nextcloud
|
|
||||||
- MYSQL_USER=nextcloud
|
|
||||||
- MYSQL_PASSWORD=
|
|
||||||
networks:
|
|
||||||
- proxy-tier
|
|
||||||
restart: always
|
|
||||||
|
|
||||||
redis:
|
|
||||||
image: redis
|
|
||||||
container_name: redis
|
|
||||||
networks:
|
|
||||||
- proxy-tier
|
|
||||||
restart: always
|
|
||||||
|
|
||||||
collabora:
|
|
||||||
image: collabora/code
|
|
||||||
container_name: collabora
|
|
||||||
cap_add:
|
|
||||||
- MKNOD
|
|
||||||
environment:
|
|
||||||
- domain=${DOMAIN}
|
|
||||||
networks:
|
|
||||||
- proxy-tier
|
|
||||||
restart: always
|
|
||||||
|
|
||||||
networks:
|
|
||||||
proxy-tier:
|
|
||||||
external:
|
|
||||||
name: nginx-proxy
|
|
@ -0,0 +1,3 @@
|
|||||||
|
FROM nextcloud:apache
|
||||||
|
|
||||||
|
COPY redis.config.php /usr/src/nextcloud/config/redis.config.php
|
@ -0,0 +1,8 @@
|
|||||||
|
<?php
|
||||||
|
$CONFIG = array (
|
||||||
|
'memcache.locking' => '\OC\Memcache\Redis',
|
||||||
|
'redis' => array(
|
||||||
|
'host' => 'redis',
|
||||||
|
'port' => 6379,
|
||||||
|
),
|
||||||
|
);
|
@ -0,0 +1,3 @@
|
|||||||
|
MYSQL_PASSWORD=
|
||||||
|
MYSQL_DATABASE=nextcloud
|
||||||
|
MYSQL_USER=nextcloud
|
@ -0,0 +1,59 @@
|
|||||||
|
version: '3'
|
||||||
|
|
||||||
|
services:
|
||||||
|
db:
|
||||||
|
image: mariadb
|
||||||
|
# image: mysql
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- db:/var/lib/mysql
|
||||||
|
environment:
|
||||||
|
- MYSQL_ROOT_PASSWORD=
|
||||||
|
env_file:
|
||||||
|
- db.env
|
||||||
|
|
||||||
|
redis:
|
||||||
|
image: redis
|
||||||
|
restart: always
|
||||||
|
|
||||||
|
app:
|
||||||
|
build: ./app
|
||||||
|
restart: always
|
||||||
|
ports:
|
||||||
|
- 8080:80
|
||||||
|
volumes:
|
||||||
|
- nextcloud:/var/www/html
|
||||||
|
environment:
|
||||||
|
- MYSQL_HOST=db
|
||||||
|
env_file:
|
||||||
|
- db.env
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
- redis
|
||||||
|
|
||||||
|
cron:
|
||||||
|
build: ./app
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- nextcloud:/var/www/html
|
||||||
|
user: www-data
|
||||||
|
entrypoint: |
|
||||||
|
bash -c 'bash -s <<EOF
|
||||||
|
trap "break;exit" SIGHUP SIGINT SIGTERM
|
||||||
|
|
||||||
|
while [ ! -f /var/www/html/config/config.php ]; do
|
||||||
|
sleep 1
|
||||||
|
done
|
||||||
|
|
||||||
|
while true; do
|
||||||
|
php -f /var/www/html/cron.php
|
||||||
|
sleep 15m
|
||||||
|
done
|
||||||
|
EOF'
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
- redis
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
db:
|
||||||
|
nextcloud:
|
@ -0,0 +1,3 @@
|
|||||||
|
FROM nextcloud:fpm
|
||||||
|
|
||||||
|
COPY redis.config.php /usr/src/nextcloud/config/redis.config.php
|
@ -0,0 +1,8 @@
|
|||||||
|
<?php
|
||||||
|
$CONFIG = array (
|
||||||
|
'memcache.locking' => '\OC\Memcache\Redis',
|
||||||
|
'redis' => array(
|
||||||
|
'host' => 'redis',
|
||||||
|
'port' => 6379,
|
||||||
|
),
|
||||||
|
);
|
@ -0,0 +1,3 @@
|
|||||||
|
MYSQL_PASSWORD=
|
||||||
|
MYSQL_DATABASE=nextcloud
|
||||||
|
MYSQL_USER=nextcloud
|
@ -0,0 +1,67 @@
|
|||||||
|
version: '3'
|
||||||
|
|
||||||
|
services:
|
||||||
|
db:
|
||||||
|
image: mariadb
|
||||||
|
# image: mysql
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- db:/var/lib/mysql
|
||||||
|
environment:
|
||||||
|
- MYSQL_ROOT_PASSWORD=
|
||||||
|
env_file:
|
||||||
|
- db.env
|
||||||
|
|
||||||
|
redis:
|
||||||
|
image: redis
|
||||||
|
restart: always
|
||||||
|
|
||||||
|
app:
|
||||||
|
build: ./app
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- nextcloud:/var/www/html
|
||||||
|
environment:
|
||||||
|
- MYSQL_HOST=db
|
||||||
|
env_file:
|
||||||
|
- db.env
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
- redis
|
||||||
|
|
||||||
|
web:
|
||||||
|
build: ./web
|
||||||
|
restart: always
|
||||||
|
ports:
|
||||||
|
- 8080:80
|
||||||
|
volumes:
|
||||||
|
- nextcloud:/var/www/html:ro
|
||||||
|
depends_on:
|
||||||
|
- app
|
||||||
|
|
||||||
|
cron:
|
||||||
|
build: ./app
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- nextcloud:/var/www/html
|
||||||
|
user: www-data
|
||||||
|
entrypoint: |
|
||||||
|
bash -c 'bash -s <<EOF
|
||||||
|
trap "break;exit" SIGHUP SIGINT SIGTERM
|
||||||
|
|
||||||
|
while [ ! -f /var/www/html/config/config.php ]; do
|
||||||
|
sleep 1
|
||||||
|
done
|
||||||
|
|
||||||
|
while true; do
|
||||||
|
php -f /var/www/html/cron.php
|
||||||
|
sleep 15m
|
||||||
|
done
|
||||||
|
EOF'
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
- redis
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
db:
|
||||||
|
nextcloud:
|
@ -0,0 +1,3 @@
|
|||||||
|
FROM nginx
|
||||||
|
|
||||||
|
COPY nginx.conf /etc/nginx/nginx.conf
|
@ -0,0 +1,154 @@
|
|||||||
|
user www-data;
|
||||||
|
worker_processes 1;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/error.log warn;
|
||||||
|
pid /var/run/nginx.pid;
|
||||||
|
|
||||||
|
|
||||||
|
events {
|
||||||
|
worker_connections 1024;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
http {
|
||||||
|
include /etc/nginx/mime.types;
|
||||||
|
default_type application/octet-stream;
|
||||||
|
|
||||||
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||||
|
'$status $body_bytes_sent "$http_referer" '
|
||||||
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||||
|
|
||||||
|
access_log /var/log/nginx/access.log main;
|
||||||
|
|
||||||
|
sendfile on;
|
||||||
|
#tcp_nopush on;
|
||||||
|
|
||||||
|
keepalive_timeout 65;
|
||||||
|
|
||||||
|
#gzip on;
|
||||||
|
|
||||||
|
upstream php-handler {
|
||||||
|
server app:9000;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
|
||||||
|
# Add headers to serve security related headers
|
||||||
|
# Before enabling Strict-Transport-Security headers please read into this
|
||||||
|
# topic first.
|
||||||
|
# add_header Strict-Transport-Security "max-age=15768000;
|
||||||
|
# includeSubDomains; preload;";
|
||||||
|
#
|
||||||
|
# WARNING: Only add the preload option once you read about
|
||||||
|
# the consequences in https://hstspreload.org/. This option
|
||||||
|
# will add the domain to a hardcoded list that is shipped
|
||||||
|
# in all major browsers and getting removed from this list
|
||||||
|
# could take several months.
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
|
add_header X-Robots-Tag none;
|
||||||
|
add_header X-Download-Options noopen;
|
||||||
|
add_header X-Permitted-Cross-Domain-Policies none;
|
||||||
|
|
||||||
|
root /var/www/html;
|
||||||
|
|
||||||
|
location = /robots.txt {
|
||||||
|
allow all;
|
||||||
|
log_not_found off;
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
|
||||||
|
# The following 2 rules are only needed for the user_webfinger app.
|
||||||
|
# Uncomment it if you're planning to use this app.
|
||||||
|
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
|
||||||
|
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
|
||||||
|
# last;
|
||||||
|
|
||||||
|
location = /.well-known/carddav {
|
||||||
|
return 301 $scheme://$host/remote.php/dav;
|
||||||
|
}
|
||||||
|
location = /.well-known/caldav {
|
||||||
|
return 301 $scheme://$host/remote.php/dav;
|
||||||
|
}
|
||||||
|
|
||||||
|
# set max upload size
|
||||||
|
client_max_body_size 10G;
|
||||||
|
fastcgi_buffers 64 4K;
|
||||||
|
|
||||||
|
# Enable gzip but do not remove ETag headers
|
||||||
|
gzip on;
|
||||||
|
gzip_vary on;
|
||||||
|
gzip_comp_level 4;
|
||||||
|
gzip_min_length 256;
|
||||||
|
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
||||||
|
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
||||||
|
|
||||||
|
# Uncomment if your server is build with the ngx_pagespeed module
|
||||||
|
# This module is currently not supported.
|
||||||
|
#pagespeed off;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
rewrite ^ /index.php$uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
|
||||||
|
fastcgi_split_path_info ^(.+\.php)(/.*)$;
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||||
|
# fastcgi_param HTTPS on;
|
||||||
|
#Avoid sending the security headers twice
|
||||||
|
fastcgi_param modHeadersAvailable true;
|
||||||
|
fastcgi_param front_controller_active true;
|
||||||
|
fastcgi_pass php-handler;
|
||||||
|
fastcgi_intercept_errors on;
|
||||||
|
fastcgi_request_buffering off;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
|
||||||
|
try_files $uri/ =404;
|
||||||
|
index index.php;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Adding the cache control header for js and css files
|
||||||
|
# Make sure it is BELOW the PHP block
|
||||||
|
location ~ \.(?:css|js|woff|svg|gif)$ {
|
||||||
|
try_files $uri /index.php$uri$is_args$args;
|
||||||
|
add_header Cache-Control "public, max-age=15778463";
|
||||||
|
# Add headers to serve security related headers (It is intended to
|
||||||
|
# have those duplicated to the ones above)
|
||||||
|
# Before enabling Strict-Transport-Security headers please read into
|
||||||
|
# this topic first.
|
||||||
|
# add_header Strict-Transport-Security "max-age=15768000;
|
||||||
|
# includeSubDomains; preload;";
|
||||||
|
#
|
||||||
|
# WARNING: Only add the preload option once you read about
|
||||||
|
# the consequences in https://hstspreload.org/. This option
|
||||||
|
# will add the domain to a hardcoded list that is shipped
|
||||||
|
# in all major browsers and getting removed from this list
|
||||||
|
# could take several months.
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
|
add_header X-Robots-Tag none;
|
||||||
|
add_header X-Download-Options noopen;
|
||||||
|
add_header X-Permitted-Cross-Domain-Policies none;
|
||||||
|
# Optional: Don't log access to assets
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
|
||||||
|
try_files $uri /index.php$uri$is_args$args;
|
||||||
|
# Optional: Don't log access to other assets
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
3
.examples/docker-compose/insecure/mariadb/apache/db.env
Normal file
3
.examples/docker-compose/insecure/mariadb/apache/db.env
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
MYSQL_PASSWORD=
|
||||||
|
MYSQL_DATABASE=nextcloud
|
||||||
|
MYSQL_USER=nextcloud
|
@ -0,0 +1,31 @@
|
|||||||
|
version: '3'
|
||||||
|
|
||||||
|
services:
|
||||||
|
db:
|
||||||
|
image: mariadb
|
||||||
|
# image: mysql
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- db:/var/lib/mysql
|
||||||
|
environment:
|
||||||
|
- MYSQL_ROOT_PASSWORD=
|
||||||
|
env_file:
|
||||||
|
- db.env
|
||||||
|
|
||||||
|
app:
|
||||||
|
image: nextcloud:apache
|
||||||
|
restart: always
|
||||||
|
ports:
|
||||||
|
- 8080:80
|
||||||
|
volumes:
|
||||||
|
- nextcloud:/var/www/html
|
||||||
|
environment:
|
||||||
|
- MYSQL_HOST=db
|
||||||
|
env_file:
|
||||||
|
- db.env
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
db:
|
||||||
|
nextcloud:
|
3
.examples/docker-compose/insecure/mariadb/fpm/db.env
Normal file
3
.examples/docker-compose/insecure/mariadb/fpm/db.env
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
MYSQL_PASSWORD=
|
||||||
|
MYSQL_DATABASE=nextcloud
|
||||||
|
MYSQL_USER=nextcloud
|
@ -0,0 +1,39 @@
|
|||||||
|
version: '3'
|
||||||
|
|
||||||
|
services:
|
||||||
|
db:
|
||||||
|
image: mariadb
|
||||||
|
# image: mysql
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- db:/var/lib/mysql
|
||||||
|
environment:
|
||||||
|
- MYSQL_ROOT_PASSWORD=
|
||||||
|
env_file:
|
||||||
|
- db.env
|
||||||
|
|
||||||
|
app:
|
||||||
|
image: nextcloud:fpm
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- nextcloud:/var/www/html
|
||||||
|
environment:
|
||||||
|
- MYSQL_HOST=db
|
||||||
|
env_file:
|
||||||
|
- db.env
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
|
||||||
|
web:
|
||||||
|
build: ./web
|
||||||
|
restart: always
|
||||||
|
ports:
|
||||||
|
- 8080:80
|
||||||
|
volumes:
|
||||||
|
- nextcloud:/var/www/html:ro
|
||||||
|
depends_on:
|
||||||
|
- app
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
db:
|
||||||
|
nextcloud:
|
@ -0,0 +1,3 @@
|
|||||||
|
FROM nginx
|
||||||
|
|
||||||
|
COPY nginx.conf /etc/nginx/nginx.conf
|
154
.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf
Normal file
154
.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf
Normal file
@ -0,0 +1,154 @@
|
|||||||
|
user www-data;
|
||||||
|
worker_processes 1;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/error.log warn;
|
||||||
|
pid /var/run/nginx.pid;
|
||||||
|
|
||||||
|
|
||||||
|
events {
|
||||||
|
worker_connections 1024;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
http {
|
||||||
|
include /etc/nginx/mime.types;
|
||||||
|
default_type application/octet-stream;
|
||||||
|
|
||||||
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||||
|
'$status $body_bytes_sent "$http_referer" '
|
||||||
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||||
|
|
||||||
|
access_log /var/log/nginx/access.log main;
|
||||||
|
|
||||||
|
sendfile on;
|
||||||
|
#tcp_nopush on;
|
||||||
|
|
||||||
|
keepalive_timeout 65;
|
||||||
|
|
||||||
|
#gzip on;
|
||||||
|
|
||||||
|
upstream php-handler {
|
||||||
|
server app:9000;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
|
||||||
|
# Add headers to serve security related headers
|
||||||
|
# Before enabling Strict-Transport-Security headers please read into this
|
||||||
|
# topic first.
|
||||||
|
# add_header Strict-Transport-Security "max-age=15768000;
|
||||||
|
# includeSubDomains; preload;";
|
||||||
|
#
|
||||||
|
# WARNING: Only add the preload option once you read about
|
||||||
|
# the consequences in https://hstspreload.org/. This option
|
||||||
|
# will add the domain to a hardcoded list that is shipped
|
||||||
|
# in all major browsers and getting removed from this list
|
||||||
|
# could take several months.
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
|
add_header X-Robots-Tag none;
|
||||||
|
add_header X-Download-Options noopen;
|
||||||
|
add_header X-Permitted-Cross-Domain-Policies none;
|
||||||
|
|
||||||
|
root /var/www/html;
|
||||||
|
|
||||||
|
location = /robots.txt {
|
||||||
|
allow all;
|
||||||
|
log_not_found off;
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
|
||||||
|
# The following 2 rules are only needed for the user_webfinger app.
|
||||||
|
# Uncomment it if you're planning to use this app.
|
||||||
|
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
|
||||||
|
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
|
||||||
|
# last;
|
||||||
|
|
||||||
|
location = /.well-known/carddav {
|
||||||
|
return 301 $scheme://$host/remote.php/dav;
|
||||||
|
}
|
||||||
|
location = /.well-known/caldav {
|
||||||
|
return 301 $scheme://$host/remote.php/dav;
|
||||||
|
}
|
||||||
|
|
||||||
|
# set max upload size
|
||||||
|
client_max_body_size 10G;
|
||||||
|
fastcgi_buffers 64 4K;
|
||||||
|
|
||||||
|
# Enable gzip but do not remove ETag headers
|
||||||
|
gzip on;
|
||||||
|
gzip_vary on;
|
||||||
|
gzip_comp_level 4;
|
||||||
|
gzip_min_length 256;
|
||||||
|
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
||||||
|
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
||||||
|
|
||||||
|
# Uncomment if your server is build with the ngx_pagespeed module
|
||||||
|
# This module is currently not supported.
|
||||||
|
#pagespeed off;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
rewrite ^ /index.php$uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
|
||||||
|
fastcgi_split_path_info ^(.+\.php)(/.*)$;
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||||
|
# fastcgi_param HTTPS on;
|
||||||
|
#Avoid sending the security headers twice
|
||||||
|
fastcgi_param modHeadersAvailable true;
|
||||||
|
fastcgi_param front_controller_active true;
|
||||||
|
fastcgi_pass php-handler;
|
||||||
|
fastcgi_intercept_errors on;
|
||||||
|
fastcgi_request_buffering off;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
|
||||||
|
try_files $uri/ =404;
|
||||||
|
index index.php;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Adding the cache control header for js and css files
|
||||||
|
# Make sure it is BELOW the PHP block
|
||||||
|
location ~ \.(?:css|js|woff|svg|gif)$ {
|
||||||
|
try_files $uri /index.php$uri$is_args$args;
|
||||||
|
add_header Cache-Control "public, max-age=15778463";
|
||||||
|
# Add headers to serve security related headers (It is intended to
|
||||||
|
# have those duplicated to the ones above)
|
||||||
|
# Before enabling Strict-Transport-Security headers please read into
|
||||||
|
# this topic first.
|
||||||
|
# add_header Strict-Transport-Security "max-age=15768000;
|
||||||
|
# includeSubDomains; preload;";
|
||||||
|
#
|
||||||
|
# WARNING: Only add the preload option once you read about
|
||||||
|
# the consequences in https://hstspreload.org/. This option
|
||||||
|
# will add the domain to a hardcoded list that is shipped
|
||||||
|
# in all major browsers and getting removed from this list
|
||||||
|
# could take several months.
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
|
add_header X-Robots-Tag none;
|
||||||
|
add_header X-Download-Options noopen;
|
||||||
|
add_header X-Permitted-Cross-Domain-Policies none;
|
||||||
|
# Optional: Don't log access to assets
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
|
||||||
|
try_files $uri /index.php$uri$is_args$args;
|
||||||
|
# Optional: Don't log access to other assets
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
3
.examples/docker-compose/insecure/postgres/apache/db.env
Normal file
3
.examples/docker-compose/insecure/postgres/apache/db.env
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
POSTGRES_PASSWORD=
|
||||||
|
POSTGRES_DB=nextcloud
|
||||||
|
POSTGRES_USER=nextcloud
|
@ -0,0 +1,28 @@
|
|||||||
|
version: '3'
|
||||||
|
|
||||||
|
services:
|
||||||
|
db:
|
||||||
|
image: postgres
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- db:/var/lib/postgresql/data
|
||||||
|
env_file:
|
||||||
|
- db.env
|
||||||
|
|
||||||
|
app:
|
||||||
|
image: nextcloud:apache
|
||||||
|
restart: always
|
||||||
|
ports:
|
||||||
|
- 8080:80
|
||||||
|
volumes:
|
||||||
|
- nextcloud:/var/www/html
|
||||||
|
environment:
|
||||||
|
- POSTGRES_HOST=db
|
||||||
|
env_file:
|
||||||
|
- db.env
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
db:
|
||||||
|
nextcloud:
|
3
.examples/docker-compose/insecure/postgres/fpm/db.env
Normal file
3
.examples/docker-compose/insecure/postgres/fpm/db.env
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
POSTGRES_PASSWORD=
|
||||||
|
POSTGRES_DB=nextcloud
|
||||||
|
POSTGRES_USER=nextcloud
|
@ -0,0 +1,36 @@
|
|||||||
|
version: '3'
|
||||||
|
|
||||||
|
services:
|
||||||
|
db:
|
||||||
|
image: postgres
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- db:/var/lib/postgresql/data
|
||||||
|
env_file:
|
||||||
|
- db.env
|
||||||
|
|
||||||
|
app:
|
||||||
|
image: nextcloud:fpm
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- nextcloud:/var/www/html
|
||||||
|
environment:
|
||||||
|
- POSTGRES_HOST=db
|
||||||
|
env_file:
|
||||||
|
- db.env
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
|
||||||
|
web:
|
||||||
|
build: ./web
|
||||||
|
restart: always
|
||||||
|
ports:
|
||||||
|
- 8080:80
|
||||||
|
volumes:
|
||||||
|
- nextcloud:/var/www/html:ro
|
||||||
|
depends_on:
|
||||||
|
- app
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
db:
|
||||||
|
nextcloud:
|
@ -0,0 +1,3 @@
|
|||||||
|
FROM nginx
|
||||||
|
|
||||||
|
COPY nginx.conf /etc/nginx/nginx.conf
|
154
.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf
Normal file
154
.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf
Normal file
@ -0,0 +1,154 @@
|
|||||||
|
user www-data;
|
||||||
|
worker_processes 1;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/error.log warn;
|
||||||
|
pid /var/run/nginx.pid;
|
||||||
|
|
||||||
|
|
||||||
|
events {
|
||||||
|
worker_connections 1024;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
http {
|
||||||
|
include /etc/nginx/mime.types;
|
||||||
|
default_type application/octet-stream;
|
||||||
|
|
||||||
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||||
|
'$status $body_bytes_sent "$http_referer" '
|
||||||
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||||
|
|
||||||
|
access_log /var/log/nginx/access.log main;
|
||||||
|
|
||||||
|
sendfile on;
|
||||||
|
#tcp_nopush on;
|
||||||
|
|
||||||
|
keepalive_timeout 65;
|
||||||
|
|
||||||
|
#gzip on;
|
||||||
|
|
||||||
|
upstream php-handler {
|
||||||
|
server app:9000;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
|
||||||
|
# Add headers to serve security related headers
|
||||||
|
# Before enabling Strict-Transport-Security headers please read into this
|
||||||
|
# topic first.
|
||||||
|
# add_header Strict-Transport-Security "max-age=15768000;
|
||||||
|
# includeSubDomains; preload;";
|
||||||
|
#
|
||||||
|
# WARNING: Only add the preload option once you read about
|
||||||
|
# the consequences in https://hstspreload.org/. This option
|
||||||
|
# will add the domain to a hardcoded list that is shipped
|
||||||
|
# in all major browsers and getting removed from this list
|
||||||
|
# could take several months.
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
|
add_header X-Robots-Tag none;
|
||||||
|
add_header X-Download-Options noopen;
|
||||||
|
add_header X-Permitted-Cross-Domain-Policies none;
|
||||||
|
|
||||||
|
root /var/www/html;
|
||||||
|
|
||||||
|
location = /robots.txt {
|
||||||
|
allow all;
|
||||||
|
log_not_found off;
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
|
||||||
|
# The following 2 rules are only needed for the user_webfinger app.
|
||||||
|
# Uncomment it if you're planning to use this app.
|
||||||
|
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
|
||||||
|
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
|
||||||
|
# last;
|
||||||
|
|
||||||
|
location = /.well-known/carddav {
|
||||||
|
return 301 $scheme://$host/remote.php/dav;
|
||||||
|
}
|
||||||
|
location = /.well-known/caldav {
|
||||||
|
return 301 $scheme://$host/remote.php/dav;
|
||||||
|
}
|
||||||
|
|
||||||
|
# set max upload size
|
||||||
|
client_max_body_size 10G;
|
||||||
|
fastcgi_buffers 64 4K;
|
||||||
|
|
||||||
|
# Enable gzip but do not remove ETag headers
|
||||||
|
gzip on;
|
||||||
|
gzip_vary on;
|
||||||
|
gzip_comp_level 4;
|
||||||
|
gzip_min_length 256;
|
||||||
|
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
||||||
|
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
||||||
|
|
||||||
|
# Uncomment if your server is build with the ngx_pagespeed module
|
||||||
|
# This module is currently not supported.
|
||||||
|
#pagespeed off;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
rewrite ^ /index.php$uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
|
||||||
|
fastcgi_split_path_info ^(.+\.php)(/.*)$;
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||||
|
# fastcgi_param HTTPS on;
|
||||||
|
#Avoid sending the security headers twice
|
||||||
|
fastcgi_param modHeadersAvailable true;
|
||||||
|
fastcgi_param front_controller_active true;
|
||||||
|
fastcgi_pass php-handler;
|
||||||
|
fastcgi_intercept_errors on;
|
||||||
|
fastcgi_request_buffering off;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
|
||||||
|
try_files $uri/ =404;
|
||||||
|
index index.php;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Adding the cache control header for js and css files
|
||||||
|
# Make sure it is BELOW the PHP block
|
||||||
|
location ~ \.(?:css|js|woff|svg|gif)$ {
|
||||||
|
try_files $uri /index.php$uri$is_args$args;
|
||||||
|
add_header Cache-Control "public, max-age=15778463";
|
||||||
|
# Add headers to serve security related headers (It is intended to
|
||||||
|
# have those duplicated to the ones above)
|
||||||
|
# Before enabling Strict-Transport-Security headers please read into
|
||||||
|
# this topic first.
|
||||||
|
# add_header Strict-Transport-Security "max-age=15768000;
|
||||||
|
# includeSubDomains; preload;";
|
||||||
|
#
|
||||||
|
# WARNING: Only add the preload option once you read about
|
||||||
|
# the consequences in https://hstspreload.org/. This option
|
||||||
|
# will add the domain to a hardcoded list that is shipped
|
||||||
|
# in all major browsers and getting removed from this list
|
||||||
|
# could take several months.
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
|
add_header X-Robots-Tag none;
|
||||||
|
add_header X-Download-Options noopen;
|
||||||
|
add_header X-Permitted-Cross-Domain-Policies none;
|
||||||
|
# Optional: Don't log access to assets
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
|
||||||
|
try_files $uri /index.php$uri$is_args$args;
|
||||||
|
# Optional: Don't log access to other assets
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,3 @@
|
|||||||
|
FROM nextcloud:apache
|
||||||
|
|
||||||
|
COPY redis.config.php /usr/src/nextcloud/config/redis.config.php
|
@ -0,0 +1,8 @@
|
|||||||
|
<?php
|
||||||
|
$CONFIG = array (
|
||||||
|
'memcache.locking' => '\OC\Memcache\Redis',
|
||||||
|
'redis' => array(
|
||||||
|
'host' => 'redis',
|
||||||
|
'port' => 6379,
|
||||||
|
),
|
||||||
|
);
|
@ -0,0 +1,3 @@
|
|||||||
|
MYSQL_PASSWORD=
|
||||||
|
MYSQL_DATABASE=nextcloud
|
||||||
|
MYSQL_USER=nextcloud
|
@ -0,0 +1,102 @@
|
|||||||
|
version: '3'
|
||||||
|
|
||||||
|
services:
|
||||||
|
db:
|
||||||
|
image: mariadb
|
||||||
|
# image: mysql
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- db:/var/lib/mysql
|
||||||
|
environment:
|
||||||
|
- MYSQL_ROOT_PASSWORD=
|
||||||
|
env_file:
|
||||||
|
- db.env
|
||||||
|
|
||||||
|
redis:
|
||||||
|
image: redis
|
||||||
|
restart: always
|
||||||
|
|
||||||
|
app:
|
||||||
|
build: ./app
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- nextcloud:/var/www/html
|
||||||
|
environment:
|
||||||
|
- VIRTUAL_HOST=
|
||||||
|
- LETSENCRYPT_HOST=
|
||||||
|
- LETSENCRYPT_EMAIL=
|
||||||
|
environment:
|
||||||
|
- MYSQL_HOST=db
|
||||||
|
env_file:
|
||||||
|
- db.env
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
- redis
|
||||||
|
networks:
|
||||||
|
- proxy-tier
|
||||||
|
- default
|
||||||
|
|
||||||
|
cron:
|
||||||
|
build: ./app
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- nextcloud:/var/www/html
|
||||||
|
user: www-data
|
||||||
|
entrypoint: |
|
||||||
|
bash -c 'bash -s <<EOF
|
||||||
|
trap "break;exit" SIGHUP SIGINT SIGTERM
|
||||||
|
|
||||||
|
while [ ! -f /var/www/html/config/config.php ]; do
|
||||||
|
sleep 1
|
||||||
|
done
|
||||||
|
|
||||||
|
while true; do
|
||||||
|
php -f /var/www/html/cron.php
|
||||||
|
sleep 15m
|
||||||
|
done
|
||||||
|
EOF'
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
- redis
|
||||||
|
|
||||||
|
proxy:
|
||||||
|
build: ./proxy
|
||||||
|
restart: always
|
||||||
|
ports:
|
||||||
|
- 80:80
|
||||||
|
- 443:443
|
||||||
|
labels:
|
||||||
|
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
|
||||||
|
volumes:
|
||||||
|
- certs:/etc/nginx/certs:ro
|
||||||
|
- conf.d:/etc/nginx/conf.d
|
||||||
|
- vhost.d:/etc/nginx/vhost.d
|
||||||
|
- html:/usr/share/nginx/html
|
||||||
|
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||||
|
networks:
|
||||||
|
- proxy-tier
|
||||||
|
|
||||||
|
letsencrypt-companion:
|
||||||
|
image: jrcs/letsencrypt-nginx-proxy-companion
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- certs:/etc/nginx/certs
|
||||||
|
- conf.d:/etc/nginx/conf.d
|
||||||
|
- vhost.d:/etc/nginx/vhost.d
|
||||||
|
- html:/usr/share/nginx/html
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
|
networks:
|
||||||
|
- proxy-tier
|
||||||
|
depends_on:
|
||||||
|
- proxy
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
db:
|
||||||
|
nextcloud:
|
||||||
|
certs:
|
||||||
|
conf.d:
|
||||||
|
vhost.d:
|
||||||
|
html:
|
||||||
|
|
||||||
|
networks:
|
||||||
|
proxy-tier:
|
@ -0,0 +1,3 @@
|
|||||||
|
FROM jwilder/nginx-proxy:alpine
|
||||||
|
|
||||||
|
COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf
|
@ -0,0 +1 @@
|
|||||||
|
client_max_body_size 10G;
|
@ -0,0 +1,3 @@
|
|||||||
|
FROM nextcloud:fpm
|
||||||
|
|
||||||
|
COPY redis.config.php /usr/src/nextcloud/config/redis.config.php
|
@ -0,0 +1,8 @@
|
|||||||
|
<?php
|
||||||
|
$CONFIG = array (
|
||||||
|
'memcache.locking' => '\OC\Memcache\Redis',
|
||||||
|
'redis' => array(
|
||||||
|
'host' => 'redis',
|
||||||
|
'port' => 6379,
|
||||||
|
),
|
||||||
|
);
|
@ -0,0 +1,3 @@
|
|||||||
|
MYSQL_PASSWORD=
|
||||||
|
MYSQL_DATABASE=nextcloud
|
||||||
|
MYSQL_USER=nextcloud
|
@ -0,0 +1,110 @@
|
|||||||
|
version: '3'
|
||||||
|
|
||||||
|
services:
|
||||||
|
db:
|
||||||
|
image: mariadb
|
||||||
|
# image: mysql
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- db:/var/lib/mysql
|
||||||
|
environment:
|
||||||
|
- MYSQL_ROOT_PASSWORD=
|
||||||
|
env_file:
|
||||||
|
- db.env
|
||||||
|
|
||||||
|
redis:
|
||||||
|
image: redis
|
||||||
|
restart: always
|
||||||
|
|
||||||
|
app:
|
||||||
|
build: ./app
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- nextcloud:/var/www/html
|
||||||
|
environment:
|
||||||
|
- MYSQL_HOST=db
|
||||||
|
env_file:
|
||||||
|
- db.env
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
- redis
|
||||||
|
|
||||||
|
web:
|
||||||
|
build: ./web
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- nextcloud:/var/www/html:ro
|
||||||
|
environment:
|
||||||
|
- VIRTUAL_HOST=
|
||||||
|
- LETSENCRYPT_HOST=
|
||||||
|
- LETSENCRYPT_EMAIL=
|
||||||
|
depends_on:
|
||||||
|
- app
|
||||||
|
networks:
|
||||||
|
- proxy-tier
|
||||||
|
- default
|
||||||
|
|
||||||
|
cron:
|
||||||
|
build: ./app
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- nextcloud:/var/www/html
|
||||||
|
user: www-data
|
||||||
|
entrypoint: |
|
||||||
|
bash -c 'bash -s <<EOF
|
||||||
|
trap "break;exit" SIGHUP SIGINT SIGTERM
|
||||||
|
|
||||||
|
while [ ! -f /var/www/html/config/config.php ]; do
|
||||||
|
sleep 1
|
||||||
|
done
|
||||||
|
|
||||||
|
while true; do
|
||||||
|
php -f /var/www/html/cron.php
|
||||||
|
sleep 15m
|
||||||
|
done
|
||||||
|
EOF'
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
- redis
|
||||||
|
|
||||||
|
proxy:
|
||||||
|
build: ./proxy
|
||||||
|
restart: always
|
||||||
|
ports:
|
||||||
|
- 80:80
|
||||||
|
- 443:443
|
||||||
|
labels:
|
||||||
|
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
|
||||||
|
volumes:
|
||||||
|
- certs:/etc/nginx/certs:ro
|
||||||
|
- conf.d:/etc/nginx/conf.d
|
||||||
|
- vhost.d:/etc/nginx/vhost.d
|
||||||
|
- html:/usr/share/nginx/html
|
||||||
|
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||||
|
networks:
|
||||||
|
- proxy-tier
|
||||||
|
|
||||||
|
letsencrypt-companion:
|
||||||
|
image: jrcs/letsencrypt-nginx-proxy-companion
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- certs:/etc/nginx/certs
|
||||||
|
- conf.d:/etc/nginx/conf.d
|
||||||
|
- vhost.d:/etc/nginx/vhost.d
|
||||||
|
- html:/usr/share/nginx/html
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
|
networks:
|
||||||
|
- proxy-tier
|
||||||
|
depends_on:
|
||||||
|
- proxy
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
db:
|
||||||
|
nextcloud:
|
||||||
|
certs:
|
||||||
|
conf.d:
|
||||||
|
vhost.d:
|
||||||
|
html:
|
||||||
|
|
||||||
|
networks:
|
||||||
|
proxy-tier:
|
@ -0,0 +1,3 @@
|
|||||||
|
FROM jwilder/nginx-proxy:alpine
|
||||||
|
|
||||||
|
COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf
|
@ -0,0 +1 @@
|
|||||||
|
client_max_body_size 10G;
|
@ -0,0 +1,3 @@
|
|||||||
|
FROM nginx
|
||||||
|
|
||||||
|
COPY nginx.conf /etc/nginx/nginx.conf
|
@ -0,0 +1,154 @@
|
|||||||
|
user www-data;
|
||||||
|
worker_processes 1;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/error.log warn;
|
||||||
|
pid /var/run/nginx.pid;
|
||||||
|
|
||||||
|
|
||||||
|
events {
|
||||||
|
worker_connections 1024;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
http {
|
||||||
|
include /etc/nginx/mime.types;
|
||||||
|
default_type application/octet-stream;
|
||||||
|
|
||||||
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||||
|
'$status $body_bytes_sent "$http_referer" '
|
||||||
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||||
|
|
||||||
|
access_log /var/log/nginx/access.log main;
|
||||||
|
|
||||||
|
sendfile on;
|
||||||
|
#tcp_nopush on;
|
||||||
|
|
||||||
|
keepalive_timeout 65;
|
||||||
|
|
||||||
|
#gzip on;
|
||||||
|
|
||||||
|
upstream php-handler {
|
||||||
|
server app:9000;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
|
||||||
|
# Add headers to serve security related headers
|
||||||
|
# Before enabling Strict-Transport-Security headers please read into this
|
||||||
|
# topic first.
|
||||||
|
# add_header Strict-Transport-Security "max-age=15768000;
|
||||||
|
# includeSubDomains; preload;";
|
||||||
|
#
|
||||||
|
# WARNING: Only add the preload option once you read about
|
||||||
|
# the consequences in https://hstspreload.org/. This option
|
||||||
|
# will add the domain to a hardcoded list that is shipped
|
||||||
|
# in all major browsers and getting removed from this list
|
||||||
|
# could take several months.
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
|
add_header X-Robots-Tag none;
|
||||||
|
add_header X-Download-Options noopen;
|
||||||
|
add_header X-Permitted-Cross-Domain-Policies none;
|
||||||
|
|
||||||
|
root /var/www/html;
|
||||||
|
|
||||||
|
location = /robots.txt {
|
||||||
|
allow all;
|
||||||
|
log_not_found off;
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
|
||||||
|
# The following 2 rules are only needed for the user_webfinger app.
|
||||||
|
# Uncomment it if you're planning to use this app.
|
||||||
|
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
|
||||||
|
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
|
||||||
|
# last;
|
||||||
|
|
||||||
|
location = /.well-known/carddav {
|
||||||
|
return 301 $scheme://$host/remote.php/dav;
|
||||||
|
}
|
||||||
|
location = /.well-known/caldav {
|
||||||
|
return 301 $scheme://$host/remote.php/dav;
|
||||||
|
}
|
||||||
|
|
||||||
|
# set max upload size
|
||||||
|
client_max_body_size 10G;
|
||||||
|
fastcgi_buffers 64 4K;
|
||||||
|
|
||||||
|
# Enable gzip but do not remove ETag headers
|
||||||
|
gzip on;
|
||||||
|
gzip_vary on;
|
||||||
|
gzip_comp_level 4;
|
||||||
|
gzip_min_length 256;
|
||||||
|
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
||||||
|
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
||||||
|
|
||||||
|
# Uncomment if your server is build with the ngx_pagespeed module
|
||||||
|
# This module is currently not supported.
|
||||||
|
#pagespeed off;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
rewrite ^ /index.php$uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
|
||||||
|
fastcgi_split_path_info ^(.+\.php)(/.*)$;
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||||
|
# fastcgi_param HTTPS on;
|
||||||
|
#Avoid sending the security headers twice
|
||||||
|
fastcgi_param modHeadersAvailable true;
|
||||||
|
fastcgi_param front_controller_active true;
|
||||||
|
fastcgi_pass php-handler;
|
||||||
|
fastcgi_intercept_errors on;
|
||||||
|
fastcgi_request_buffering off;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
|
||||||
|
try_files $uri/ =404;
|
||||||
|
index index.php;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Adding the cache control header for js and css files
|
||||||
|
# Make sure it is BELOW the PHP block
|
||||||
|
location ~ \.(?:css|js|woff|svg|gif)$ {
|
||||||
|
try_files $uri /index.php$uri$is_args$args;
|
||||||
|
add_header Cache-Control "public, max-age=15778463";
|
||||||
|
# Add headers to serve security related headers (It is intended to
|
||||||
|
# have those duplicated to the ones above)
|
||||||
|
# Before enabling Strict-Transport-Security headers please read into
|
||||||
|
# this topic first.
|
||||||
|
# add_header Strict-Transport-Security "max-age=15768000;
|
||||||
|
# includeSubDomains; preload;";
|
||||||
|
#
|
||||||
|
# WARNING: Only add the preload option once you read about
|
||||||
|
# the consequences in https://hstspreload.org/. This option
|
||||||
|
# will add the domain to a hardcoded list that is shipped
|
||||||
|
# in all major browsers and getting removed from this list
|
||||||
|
# could take several months.
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
|
add_header X-Robots-Tag none;
|
||||||
|
add_header X-Download-Options noopen;
|
||||||
|
add_header X-Permitted-Cross-Domain-Policies none;
|
||||||
|
# Optional: Don't log access to assets
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
|
||||||
|
try_files $uri /index.php$uri$is_args$args;
|
||||||
|
# Optional: Don't log access to other assets
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,3 @@
|
|||||||
|
MYSQL_PASSWORD=
|
||||||
|
MYSQL_DATABASE=nextcloud
|
||||||
|
MYSQL_USER=nextcloud
|
@ -0,0 +1,74 @@
|
|||||||
|
version: '3'
|
||||||
|
|
||||||
|
services:
|
||||||
|
db:
|
||||||
|
image: mariadb
|
||||||
|
# image: mysql
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- db:/var/lib/mysql
|
||||||
|
environment:
|
||||||
|
- MYSQL_ROOT_PASSWORD=
|
||||||
|
env_file:
|
||||||
|
- db.env
|
||||||
|
|
||||||
|
app:
|
||||||
|
image: nextcloud:apache
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- nextcloud:/var/www/html
|
||||||
|
environment:
|
||||||
|
- VIRTUAL_HOST=
|
||||||
|
- LETSENCRYPT_HOST=
|
||||||
|
- LETSENCRYPT_EMAIL=
|
||||||
|
environment:
|
||||||
|
- MYSQL_HOST=db
|
||||||
|
env_file:
|
||||||
|
- db.env
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
networks:
|
||||||
|
- proxy-tier
|
||||||
|
- default
|
||||||
|
|
||||||
|
proxy:
|
||||||
|
build: ./proxy
|
||||||
|
restart: always
|
||||||
|
ports:
|
||||||
|
- 80:80
|
||||||
|
- 443:443
|
||||||
|
labels:
|
||||||
|
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
|
||||||
|
volumes:
|
||||||
|
- certs:/etc/nginx/certs:ro
|
||||||
|
- conf.d:/etc/nginx/conf.d
|
||||||
|
- vhost.d:/etc/nginx/vhost.d
|
||||||
|
- html:/usr/share/nginx/html
|
||||||
|
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||||
|
networks:
|
||||||
|
- proxy-tier
|
||||||
|
|
||||||
|
letsencrypt-companion:
|
||||||
|
image: jrcs/letsencrypt-nginx-proxy-companion
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- certs:/etc/nginx/certs
|
||||||
|
- conf.d:/etc/nginx/conf.d
|
||||||
|
- vhost.d:/etc/nginx/vhost.d
|
||||||
|
- html:/usr/share/nginx/html
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
|
networks:
|
||||||
|
- proxy-tier
|
||||||
|
depends_on:
|
||||||
|
- proxy
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
db:
|
||||||
|
nextcloud:
|
||||||
|
certs:
|
||||||
|
conf.d:
|
||||||
|
vhost.d:
|
||||||
|
html:
|
||||||
|
|
||||||
|
networks:
|
||||||
|
proxy-tier:
|
@ -0,0 +1,3 @@
|
|||||||
|
FROM jwilder/nginx-proxy:alpine
|
||||||
|
|
||||||
|
COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf
|
@ -0,0 +1 @@
|
|||||||
|
client_max_body_size 10G;
|
@ -0,0 +1,3 @@
|
|||||||
|
MYSQL_PASSWORD=
|
||||||
|
MYSQL_DATABASE=nextcloud
|
||||||
|
MYSQL_USER=nextcloud
|
@ -0,0 +1,82 @@
|
|||||||
|
version: '3'
|
||||||
|
|
||||||
|
services:
|
||||||
|
db:
|
||||||
|
image: mariadb
|
||||||
|
# image: mysql
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- db:/var/lib/mysql
|
||||||
|
environment:
|
||||||
|
- MYSQL_ROOT_PASSWORD=
|
||||||
|
env_file:
|
||||||
|
- db.env
|
||||||
|
|
||||||
|
app:
|
||||||
|
image: nextcloud:fpm
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- nextcloud:/var/www/html
|
||||||
|
environment:
|
||||||
|
- MYSQL_HOST=db
|
||||||
|
env_file:
|
||||||
|
- db.env
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
|
||||||
|
web:
|
||||||
|
build: ./web
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- nextcloud:/var/www/html:ro
|
||||||
|
environment:
|
||||||
|
- VIRTUAL_HOST=
|
||||||
|
- LETSENCRYPT_HOST=
|
||||||
|
- LETSENCRYPT_EMAIL=
|
||||||
|
depends_on:
|
||||||
|
- app
|
||||||
|
networks:
|
||||||
|
- proxy-tier
|
||||||
|
- default
|
||||||
|
|
||||||
|
proxy:
|
||||||
|
build: ./proxy
|
||||||
|
restart: always
|
||||||
|
ports:
|
||||||
|
- 80:80
|
||||||
|
- 443:443
|
||||||
|
labels:
|
||||||
|
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
|
||||||
|
volumes:
|
||||||
|
- certs:/etc/nginx/certs:ro
|
||||||
|
- conf.d:/etc/nginx/conf.d
|
||||||
|
- vhost.d:/etc/nginx/vhost.d
|
||||||
|
- html:/usr/share/nginx/html
|
||||||
|
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||||
|
networks:
|
||||||
|
- proxy-tier
|
||||||
|
|
||||||
|
letsencrypt-companion:
|
||||||
|
image: jrcs/letsencrypt-nginx-proxy-companion
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- certs:/etc/nginx/certs
|
||||||
|
- conf.d:/etc/nginx/conf.d
|
||||||
|
- vhost.d:/etc/nginx/vhost.d
|
||||||
|
- html:/usr/share/nginx/html
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
|
networks:
|
||||||
|
- proxy-tier
|
||||||
|
depends_on:
|
||||||
|
- proxy
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
db:
|
||||||
|
nextcloud:
|
||||||
|
certs:
|
||||||
|
conf.d:
|
||||||
|
vhost.d:
|
||||||
|
html:
|
||||||
|
|
||||||
|
networks:
|
||||||
|
proxy-tier:
|
@ -0,0 +1,3 @@
|
|||||||
|
FROM jwilder/nginx-proxy:alpine
|
||||||
|
|
||||||
|
COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf
|
@ -0,0 +1 @@
|
|||||||
|
client_max_body_size 10G;
|
@ -0,0 +1,3 @@
|
|||||||
|
FROM nginx
|
||||||
|
|
||||||
|
COPY nginx.conf /etc/nginx/nginx.conf
|
@ -0,0 +1,154 @@
|
|||||||
|
user www-data;
|
||||||
|
worker_processes 1;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/error.log warn;
|
||||||
|
pid /var/run/nginx.pid;
|
||||||
|
|
||||||
|
|
||||||
|
events {
|
||||||
|
worker_connections 1024;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
http {
|
||||||
|
include /etc/nginx/mime.types;
|
||||||
|
default_type application/octet-stream;
|
||||||
|
|
||||||
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||||
|
'$status $body_bytes_sent "$http_referer" '
|
||||||
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||||
|
|
||||||
|
access_log /var/log/nginx/access.log main;
|
||||||
|
|
||||||
|
sendfile on;
|
||||||
|
#tcp_nopush on;
|
||||||
|
|
||||||
|
keepalive_timeout 65;
|
||||||
|
|
||||||
|
#gzip on;
|
||||||
|
|
||||||
|
upstream php-handler {
|
||||||
|
server app:9000;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
|
||||||
|
# Add headers to serve security related headers
|
||||||
|
# Before enabling Strict-Transport-Security headers please read into this
|
||||||
|
# topic first.
|
||||||
|
# add_header Strict-Transport-Security "max-age=15768000;
|
||||||
|
# includeSubDomains; preload;";
|
||||||
|
#
|
||||||
|
# WARNING: Only add the preload option once you read about
|
||||||
|
# the consequences in https://hstspreload.org/. This option
|
||||||
|
# will add the domain to a hardcoded list that is shipped
|
||||||
|
# in all major browsers and getting removed from this list
|
||||||
|
# could take several months.
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
|
add_header X-Robots-Tag none;
|
||||||
|
add_header X-Download-Options noopen;
|
||||||
|
add_header X-Permitted-Cross-Domain-Policies none;
|
||||||
|
|
||||||
|
root /var/www/html;
|
||||||
|
|
||||||
|
location = /robots.txt {
|
||||||
|
allow all;
|
||||||
|
log_not_found off;
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
|
||||||
|
# The following 2 rules are only needed for the user_webfinger app.
|
||||||
|
# Uncomment it if you're planning to use this app.
|
||||||
|
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
|
||||||
|
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
|
||||||
|
# last;
|
||||||
|
|
||||||
|
location = /.well-known/carddav {
|
||||||
|
return 301 $scheme://$host/remote.php/dav;
|
||||||
|
}
|
||||||
|
location = /.well-known/caldav {
|
||||||
|
return 301 $scheme://$host/remote.php/dav;
|
||||||
|
}
|
||||||
|
|
||||||
|
# set max upload size
|
||||||
|
client_max_body_size 10G;
|
||||||
|
fastcgi_buffers 64 4K;
|
||||||
|
|
||||||
|
# Enable gzip but do not remove ETag headers
|
||||||
|
gzip on;
|
||||||
|
gzip_vary on;
|
||||||
|
gzip_comp_level 4;
|
||||||
|
gzip_min_length 256;
|
||||||
|
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
||||||
|
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
||||||
|
|
||||||
|
# Uncomment if your server is build with the ngx_pagespeed module
|
||||||
|
# This module is currently not supported.
|
||||||
|
#pagespeed off;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
rewrite ^ /index.php$uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
|
||||||
|
fastcgi_split_path_info ^(.+\.php)(/.*)$;
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||||
|
# fastcgi_param HTTPS on;
|
||||||
|
#Avoid sending the security headers twice
|
||||||
|
fastcgi_param modHeadersAvailable true;
|
||||||
|
fastcgi_param front_controller_active true;
|
||||||
|
fastcgi_pass php-handler;
|
||||||
|
fastcgi_intercept_errors on;
|
||||||
|
fastcgi_request_buffering off;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
|
||||||
|
try_files $uri/ =404;
|
||||||
|
index index.php;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Adding the cache control header for js and css files
|
||||||
|
# Make sure it is BELOW the PHP block
|
||||||
|
location ~ \.(?:css|js|woff|svg|gif)$ {
|
||||||
|
try_files $uri /index.php$uri$is_args$args;
|
||||||
|
add_header Cache-Control "public, max-age=15778463";
|
||||||
|
# Add headers to serve security related headers (It is intended to
|
||||||
|
# have those duplicated to the ones above)
|
||||||
|
# Before enabling Strict-Transport-Security headers please read into
|
||||||
|
# this topic first.
|
||||||
|
# add_header Strict-Transport-Security "max-age=15768000;
|
||||||
|
# includeSubDomains; preload;";
|
||||||
|
#
|
||||||
|
# WARNING: Only add the preload option once you read about
|
||||||
|
# the consequences in https://hstspreload.org/. This option
|
||||||
|
# will add the domain to a hardcoded list that is shipped
|
||||||
|
# in all major browsers and getting removed from this list
|
||||||
|
# could take several months.
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
|
add_header X-Robots-Tag none;
|
||||||
|
add_header X-Download-Options noopen;
|
||||||
|
add_header X-Permitted-Cross-Domain-Policies none;
|
||||||
|
# Optional: Don't log access to assets
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
|
||||||
|
try_files $uri /index.php$uri$is_args$args;
|
||||||
|
# Optional: Don't log access to other assets
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,3 @@
|
|||||||
|
POSTGRES_PASSWORD=
|
||||||
|
POSTGRES_DB=nextcloud
|
||||||
|
POSTGRES_USER=nextcloud
|
@ -0,0 +1,71 @@
|
|||||||
|
version: '3'
|
||||||
|
|
||||||
|
services:
|
||||||
|
db:
|
||||||
|
image: postgres
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- db:/var/lib/postgresql/data
|
||||||
|
env_file:
|
||||||
|
- db.env
|
||||||
|
|
||||||
|
app:
|
||||||
|
image: nextcloud:apache
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- nextcloud:/var/www/html
|
||||||
|
environment:
|
||||||
|
- VIRTUAL_HOST=
|
||||||
|
- LETSENCRYPT_HOST=
|
||||||
|
- LETSENCRYPT_EMAIL=
|
||||||
|
environment:
|
||||||
|
- POSTGRES_HOST=db
|
||||||
|
env_file:
|
||||||
|
- db.env
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
networks:
|
||||||
|
- proxy-tier
|
||||||
|
- default
|
||||||
|
|
||||||
|
proxy:
|
||||||
|
build: ./proxy
|
||||||
|
restart: always
|
||||||
|
ports:
|
||||||
|
- 80:80
|
||||||
|
- 443:443
|
||||||
|
labels:
|
||||||
|
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
|
||||||
|
volumes:
|
||||||
|
- certs:/etc/nginx/certs:ro
|
||||||
|
- conf.d:/etc/nginx/conf.d
|
||||||
|
- vhost.d:/etc/nginx/vhost.d
|
||||||
|
- html:/usr/share/nginx/html
|
||||||
|
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||||
|
networks:
|
||||||
|
- proxy-tier
|
||||||
|
|
||||||
|
letsencrypt-companion:
|
||||||
|
image: jrcs/letsencrypt-nginx-proxy-companion
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- certs:/etc/nginx/certs
|
||||||
|
- conf.d:/etc/nginx/conf.d
|
||||||
|
- vhost.d:/etc/nginx/vhost.d
|
||||||
|
- html:/usr/share/nginx/html
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
|
networks:
|
||||||
|
- proxy-tier
|
||||||
|
depends_on:
|
||||||
|
- proxy
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
db:
|
||||||
|
nextcloud:
|
||||||
|
certs:
|
||||||
|
conf.d:
|
||||||
|
vhost.d:
|
||||||
|
html:
|
||||||
|
|
||||||
|
networks:
|
||||||
|
proxy-tier:
|
@ -0,0 +1,3 @@
|
|||||||
|
FROM jwilder/nginx-proxy:alpine
|
||||||
|
|
||||||
|
COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf
|
@ -0,0 +1 @@
|
|||||||
|
client_max_body_size 10G;
|
@ -0,0 +1,3 @@
|
|||||||
|
POSTGRES_PASSWORD=
|
||||||
|
POSTGRES_DB=nextcloud
|
||||||
|
POSTGRES_USER=nextcloud
|
@ -0,0 +1,80 @@
|
|||||||
|
version: '3'
|
||||||
|
|
||||||
|
services:
|
||||||
|
db:
|
||||||
|
image: postgres
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- db:/var/lib/postgresql/data
|
||||||
|
env_file:
|
||||||
|
- db.env
|
||||||
|
|
||||||
|
app:
|
||||||
|
image: nextcloud:fpm
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- nextcloud:/var/www/html
|
||||||
|
environment:
|
||||||
|
- POSTGRES_HOST=db
|
||||||
|
env_file:
|
||||||
|
- db.env
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
|
||||||
|
web:
|
||||||
|
build: ./web
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- nextcloud:/var/www/html:ro
|
||||||
|
environment:
|
||||||
|
- VIRTUAL_HOST=
|
||||||
|
- LETSENCRYPT_HOST=
|
||||||
|
- LETSENCRYPT_EMAIL=
|
||||||
|
depends_on:
|
||||||
|
- app
|
||||||
|
networks:
|
||||||
|
- proxy-tier
|
||||||
|
- default
|
||||||
|
|
||||||
|
proxy:
|
||||||
|
build: ./proxy
|
||||||
|
restart: always
|
||||||
|
ports:
|
||||||
|
- 80:80
|
||||||
|
- 443:443
|
||||||
|
labels:
|
||||||
|
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
|
||||||
|
volumes:
|
||||||
|
- certs:/etc/nginx/certs:ro
|
||||||
|
- conf.d:/etc/nginx/conf.d
|
||||||
|
- vhost.d:/etc/nginx/vhost.d
|
||||||
|
- html:/usr/share/nginx/html
|
||||||
|
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||||
|
networks:
|
||||||
|
- proxy-tier
|
||||||
|
|
||||||
|
letsencrypt-companion:
|
||||||
|
image: jrcs/letsencrypt-nginx-proxy-companion
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- certs:/etc/nginx/certs
|
||||||
|
- conf.d:/etc/nginx/conf.d
|
||||||
|
- vhost.d:/etc/nginx/vhost.d
|
||||||
|
- html:/usr/share/nginx/html
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
|
networks:
|
||||||
|
- proxy-tier
|
||||||
|
depends_on:
|
||||||
|
- proxy
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
db:
|
||||||
|
nextcloud:
|
||||||
|
certs:
|
||||||
|
conf.d:
|
||||||
|
vhost.d:
|
||||||
|
html:
|
||||||
|
|
||||||
|
networks:
|
||||||
|
proxy-tier:
|
||||||
|
|
@ -0,0 +1,3 @@
|
|||||||
|
FROM jwilder/nginx-proxy:alpine
|
||||||
|
|
||||||
|
COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf
|
@ -0,0 +1 @@
|
|||||||
|
client_max_body_size 10G;
|
@ -0,0 +1,3 @@
|
|||||||
|
FROM nginx
|
||||||
|
|
||||||
|
COPY nginx.conf /etc/nginx/nginx.conf
|
@ -0,0 +1,154 @@
|
|||||||
|
user www-data;
|
||||||
|
worker_processes 1;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/error.log warn;
|
||||||
|
pid /var/run/nginx.pid;
|
||||||
|
|
||||||
|
|
||||||
|
events {
|
||||||
|
worker_connections 1024;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
http {
|
||||||
|
include /etc/nginx/mime.types;
|
||||||
|
default_type application/octet-stream;
|
||||||
|
|
||||||
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||||
|
'$status $body_bytes_sent "$http_referer" '
|
||||||
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||||
|
|
||||||
|
access_log /var/log/nginx/access.log main;
|
||||||
|
|
||||||
|
sendfile on;
|
||||||
|
#tcp_nopush on;
|
||||||
|
|
||||||
|
keepalive_timeout 65;
|
||||||
|
|
||||||
|
#gzip on;
|
||||||
|
|
||||||
|
upstream php-handler {
|
||||||
|
server app:9000;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
|
||||||
|
# Add headers to serve security related headers
|
||||||
|
# Before enabling Strict-Transport-Security headers please read into this
|
||||||
|
# topic first.
|
||||||
|
# add_header Strict-Transport-Security "max-age=15768000;
|
||||||
|
# includeSubDomains; preload;";
|
||||||
|
#
|
||||||
|
# WARNING: Only add the preload option once you read about
|
||||||
|
# the consequences in https://hstspreload.org/. This option
|
||||||
|
# will add the domain to a hardcoded list that is shipped
|
||||||
|
# in all major browsers and getting removed from this list
|
||||||
|
# could take several months.
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
|
add_header X-Robots-Tag none;
|
||||||
|
add_header X-Download-Options noopen;
|
||||||
|
add_header X-Permitted-Cross-Domain-Policies none;
|
||||||
|
|
||||||
|
root /var/www/html;
|
||||||
|
|
||||||
|
location = /robots.txt {
|
||||||
|
allow all;
|
||||||
|
log_not_found off;
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
|
||||||
|
# The following 2 rules are only needed for the user_webfinger app.
|
||||||
|
# Uncomment it if you're planning to use this app.
|
||||||
|
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
|
||||||
|
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
|
||||||
|
# last;
|
||||||
|
|
||||||
|
location = /.well-known/carddav {
|
||||||
|
return 301 $scheme://$host/remote.php/dav;
|
||||||
|
}
|
||||||
|
location = /.well-known/caldav {
|
||||||
|
return 301 $scheme://$host/remote.php/dav;
|
||||||
|
}
|
||||||
|
|
||||||
|
# set max upload size
|
||||||
|
client_max_body_size 10G;
|
||||||
|
fastcgi_buffers 64 4K;
|
||||||
|
|
||||||
|
# Enable gzip but do not remove ETag headers
|
||||||
|
gzip on;
|
||||||
|
gzip_vary on;
|
||||||
|
gzip_comp_level 4;
|
||||||
|
gzip_min_length 256;
|
||||||
|
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
||||||
|
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
||||||
|
|
||||||
|
# Uncomment if your server is build with the ngx_pagespeed module
|
||||||
|
# This module is currently not supported.
|
||||||
|
#pagespeed off;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
rewrite ^ /index.php$uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
|
||||||
|
fastcgi_split_path_info ^(.+\.php)(/.*)$;
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||||
|
# fastcgi_param HTTPS on;
|
||||||
|
#Avoid sending the security headers twice
|
||||||
|
fastcgi_param modHeadersAvailable true;
|
||||||
|
fastcgi_param front_controller_active true;
|
||||||
|
fastcgi_pass php-handler;
|
||||||
|
fastcgi_intercept_errors on;
|
||||||
|
fastcgi_request_buffering off;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
|
||||||
|
try_files $uri/ =404;
|
||||||
|
index index.php;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Adding the cache control header for js and css files
|
||||||
|
# Make sure it is BELOW the PHP block
|
||||||
|
location ~ \.(?:css|js|woff|svg|gif)$ {
|
||||||
|
try_files $uri /index.php$uri$is_args$args;
|
||||||
|
add_header Cache-Control "public, max-age=15778463";
|
||||||
|
# Add headers to serve security related headers (It is intended to
|
||||||
|
# have those duplicated to the ones above)
|
||||||
|
# Before enabling Strict-Transport-Security headers please read into
|
||||||
|
# this topic first.
|
||||||
|
# add_header Strict-Transport-Security "max-age=15768000;
|
||||||
|
# includeSubDomains; preload;";
|
||||||
|
#
|
||||||
|
# WARNING: Only add the preload option once you read about
|
||||||
|
# the consequences in https://hstspreload.org/. This option
|
||||||
|
# will add the domain to a hardcoded list that is shipped
|
||||||
|
# in all major browsers and getting removed from this list
|
||||||
|
# could take several months.
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
|
add_header X-Robots-Tag none;
|
||||||
|
add_header X-Download-Options noopen;
|
||||||
|
add_header X-Permitted-Cross-Domain-Policies none;
|
||||||
|
# Optional: Don't log access to assets
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
|
||||||
|
try_files $uri /index.php$uri$is_args$args;
|
||||||
|
# Optional: Don't log access to other assets
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
13
.examples/dockerfiles/cron/apache/Dockerfile
Normal file
13
.examples/dockerfiles/cron/apache/Dockerfile
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
FROM nextcloud:apache
|
||||||
|
|
||||||
|
RUN apt-get update && apt-get install -y \
|
||||||
|
supervisor \
|
||||||
|
cron \
|
||||||
|
&& rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
|
RUN mkdir /var/log/supervisord /var/run/supervisord && \
|
||||||
|
echo "*/15 * * * * su - www-data -s /bin/bash -c \"php -f /var/www/html/cron.php\""| crontab -
|
||||||
|
|
||||||
|
COPY supervisord.conf /etc/supervisor/supervisord.conf
|
||||||
|
|
||||||
|
CMD ["/usr/bin/supervisord"]
|
22
.examples/dockerfiles/cron/apache/supervisord.conf
Normal file
22
.examples/dockerfiles/cron/apache/supervisord.conf
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
[supervisord]
|
||||||
|
nodaemon=true
|
||||||
|
logfile=/var/log/supervisord/supervisord.log
|
||||||
|
pidfile=/var/run/supervisord/supervisord.pid
|
||||||
|
childlogdir=/var/log/supervisord/
|
||||||
|
logfile_maxbytes=50MB ; maximum size of logfile before rotation
|
||||||
|
logfile_backups=10 ; number of backed up logfiles
|
||||||
|
loglevel=error
|
||||||
|
|
||||||
|
[program:apache2]
|
||||||
|
stdout_logfile=/dev/stdout
|
||||||
|
stdout_logfile_maxbytes=0
|
||||||
|
stderr_logfile=/dev/stderr
|
||||||
|
stderr_logfile_maxbytes=0
|
||||||
|
command=apache2-foreground
|
||||||
|
|
||||||
|
[program:cron]
|
||||||
|
stdout_logfile=/dev/stdout
|
||||||
|
stdout_logfile_maxbytes=0
|
||||||
|
stderr_logfile=/dev/stderr
|
||||||
|
stderr_logfile_maxbytes=0
|
||||||
|
command=cron -f
|
@ -1,4 +1,5 @@
|
|||||||
FROM nextcloud:apache
|
FROM nextcloud:apache
|
||||||
|
|
||||||
RUN apt-get update \
|
RUN apt-get update \
|
||||||
&& apt-get install -y libc-client-dev libkrb5-dev \
|
&& apt-get install -y libc-client-dev libkrb5-dev \
|
||||||
&& rm -rf /var/lib/apt/lists/* \
|
&& rm -rf /var/lib/apt/lists/* \
|
7
.examples/dockerfiles/imap/fpm/Dockerfile
Normal file
7
.examples/dockerfiles/imap/fpm/Dockerfile
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
FROM nextcloud:fpm
|
||||||
|
|
||||||
|
RUN apt-get update \
|
||||||
|
&& apt-get install -y libc-client-dev libkrb5-dev \
|
||||||
|
&& rm -rf /var/lib/apt/lists/* \
|
||||||
|
&& docker-php-ext-configure imap --with-kerberos --with-imap-ssl \
|
||||||
|
&& docker-php-ext-install imap
|
@ -1,2 +1,3 @@
|
|||||||
FROM nextcloud:apache
|
FROM nextcloud:apache
|
||||||
|
|
||||||
RUN apt-get update && apt-get install -y smbclient && rm -rf /var/lib/apt/lists/*
|
RUN apt-get update && apt-get install -y smbclient && rm -rf /var/lib/apt/lists/*
|
3
.examples/dockerfiles/smb/fpm/Dockerfile
Normal file
3
.examples/dockerfiles/smb/fpm/Dockerfile
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
FROM nextcloud:fpm
|
||||||
|
|
||||||
|
RUN apt-get update && apt-get install -y smbclient && rm -rf /var/lib/apt/lists/*
|
@ -1,110 +0,0 @@
|
|||||||
user www-data;
|
|
||||||
|
|
||||||
events {
|
|
||||||
worker_connections 768;
|
|
||||||
}
|
|
||||||
|
|
||||||
http {
|
|
||||||
upstream backend {
|
|
||||||
server app:9000;
|
|
||||||
}
|
|
||||||
include /etc/nginx/mime.types;
|
|
||||||
default_type application/octet-stream;
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
|
|
||||||
# Add headers to serve security related headers
|
|
||||||
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
|
|
||||||
add_header X-Content-Type-Options nosniff;
|
|
||||||
add_header X-XSS-Protection "1; mode=block";
|
|
||||||
add_header X-Robots-Tag none;
|
|
||||||
add_header X-Download-Options noopen;
|
|
||||||
add_header X-Permitted-Cross-Domain-Policies none;
|
|
||||||
|
|
||||||
root /var/www/html;
|
|
||||||
client_max_body_size 10G; # 0=unlimited - set max upload size
|
|
||||||
fastcgi_buffers 64 4K;
|
|
||||||
|
|
||||||
gzip off;
|
|
||||||
|
|
||||||
index index.php;
|
|
||||||
error_page 403 /core/templates/403.php;
|
|
||||||
error_page 404 /core/templates/404.php;
|
|
||||||
|
|
||||||
rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
|
|
||||||
rewrite ^/.well-known/caldav /remote.php/dav/ permanent;
|
|
||||||
|
|
||||||
location = /robots.txt {
|
|
||||||
allow all;
|
|
||||||
log_not_found off;
|
|
||||||
access_log off;
|
|
||||||
}
|
|
||||||
|
|
||||||
location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
|
|
||||||
deny all;
|
|
||||||
}
|
|
||||||
|
|
||||||
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
|
|
||||||
deny all;
|
|
||||||
}
|
|
||||||
|
|
||||||
location / {
|
|
||||||
rewrite ^/remote/(.*) /remote.php last;
|
|
||||||
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
|
|
||||||
location ~ \.php(?:$|/) {
|
|
||||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
||||||
include fastcgi_params;
|
|
||||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
||||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
|
||||||
fastcgi_param HTTPS on;
|
|
||||||
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
|
|
||||||
fastcgi_pass backend;
|
|
||||||
fastcgi_intercept_errors on;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Adding the cache control header for js and css files
|
|
||||||
# Make sure it is BELOW the location ~ \.php(?:$|/) { block
|
|
||||||
location ~* \.(?:css|js)$ {
|
|
||||||
add_header Cache-Control "public, max-age=7200";
|
|
||||||
# Add headers to serve security related headers
|
|
||||||
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
|
|
||||||
add_header X-Content-Type-Options nosniff;
|
|
||||||
add_header X-Frame-Options "SAMEORIGIN";
|
|
||||||
add_header X-XSS-Protection "1; mode=block";
|
|
||||||
add_header X-Robots-Tag none;
|
|
||||||
add_header X-Download-Options noopen;
|
|
||||||
add_header X-Permitted-Cross-Domain-Policies none;
|
|
||||||
# Optional: Don't log access to assets
|
|
||||||
access_log off;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Optional: Don't log access to other assets
|
|
||||||
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
|
|
||||||
access_log off;
|
|
||||||
}
|
|
||||||
|
|
||||||
# collabora static files
|
|
||||||
location ^~ /loleaflet {
|
|
||||||
proxy_pass https://collabora:9980;
|
|
||||||
proxy_set_header Host $http_host;
|
|
||||||
}
|
|
||||||
|
|
||||||
# collabora WOPI discovery URL
|
|
||||||
location ^~ /hosting/discovery {
|
|
||||||
proxy_pass https://collabora:9980;
|
|
||||||
proxy_set_header Host $http_host;
|
|
||||||
}
|
|
||||||
|
|
||||||
# collabora websockets, download, presentation and image upload
|
|
||||||
location ^~ /lool {
|
|
||||||
proxy_pass https://collabora:9980;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection "upgrade";
|
|
||||||
proxy_set_header Host $http_host;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -20,6 +20,7 @@ before_script:
|
|||||||
script:
|
script:
|
||||||
- travis_retry docker build -t "$image" "${VERSION}/${VARIANT}"
|
- travis_retry docker build -t "$image" "${VERSION}/${VARIANT}"
|
||||||
- ~/official-images/test/run.sh "$image"
|
- ~/official-images/test/run.sh "$image"
|
||||||
|
- .travis/test-example-dockerfiles.sh "$image"
|
||||||
|
|
||||||
after_script:
|
after_script:
|
||||||
- docker images
|
- docker images
|
||||||
|
19
.travis/test-example-dockerfiles.sh
Executable file
19
.travis/test-example-dockerfiles.sh
Executable file
@ -0,0 +1,19 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -e
|
||||||
|
|
||||||
|
image="$1"
|
||||||
|
|
||||||
|
cd .examples/dockerfiles
|
||||||
|
|
||||||
|
dirs=( */ )
|
||||||
|
dirs=( "${dirs[@]%/}" )
|
||||||
|
for dir in "${dirs[@]}"; do
|
||||||
|
if [ -d "$dir/$VARIANT" ]; then
|
||||||
|
(
|
||||||
|
cd "$dir/$VARIANT"
|
||||||
|
sed -ri -e 's/^FROM .*/FROM '"$image"'/g' 'Dockerfile'
|
||||||
|
docker build -t "$image-$dir" .
|
||||||
|
~/official-images/test/run.sh "$image-$dir"
|
||||||
|
)
|
||||||
|
fi
|
||||||
|
done
|
Loading…
Reference in New Issue
Block a user