adphi/Nextcloud-Docker
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: adphi:6c1044fef4482e6b2303e850c12befa1a4edc666
Branches Tags
adphi:master
..
compare: adphi:3086c9db9b92208247baab04d4871a433792efd5
Branches Tags
adphi:master

5 Commits
6c1044fef4 ... 3086c9db9b

Author SHA1 Message Date
adphi
3086c9db9b Merge branch 'master' of https://github.com/nextcloud/docker 2018-05-11 09:17:00 +02:00
adphi
4ee1cf73f1 Add redis conf to fpm-alpine 2018-05-09 12:57:04 +02:00
adphi
5466e98fb4 Removed MYSQL_ROOT env vars after db initialization 2018-05-09 11:49:26 +02:00
Adphi
34ff0135d9 Add MYSQL_ROOT_PASSWORD and MYSQL_ROOT_USER environement variables documentation 2018-04-27 09:11:15 +02:00
adphi
324e6abd46 Added auto database and user creation 2018-04-26 17:06:50 +02:00
253 changed files with 1170 additions and 8306 deletions
Show Stats Expand all files Collapse all files

9
.config/autoconfig.php
View File

@ -23,9 +23,12 @@ if (getenv('SQLITE_DATABASE')) {
} }
if ($autoconfig_enabled) { if ($autoconfig_enabled) {
if (getenv('NEXTCLOUD_TABLE_PREFIX')) { $AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX') ?: "";
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX');
}
$AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data"; $AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
if (getenv('NEXTCLOUD_ADMIN_USER') && getenv('NEXTCLOUD_ADMIN_PASSWORD')) {
$AUTOCONFIG["adminlogin"] = getenv('NEXTCLOUD_ADMIN_USER');
$AUTOCONFIG["adminpass"] = getenv('NEXTCLOUD_ADMIN_PASSWORD');
}
} }

17
.config/redis.config.php
View File

@ -1,17 +0,0 @@
<?php
if (getenv('REDIS_HOST')) {
$CONFIG = array (
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => getenv('REDIS_HOST'),
'password' => getenv('REDIS_HOST_PASSWORD'),
),
);
if (getenv('REDIS_HOST_PORT') !== false) {
$CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
} elseif (getenv('REDIS_HOST')[0] != '/') {
$CONFIG['redis']['port'] = 6379;
}
}

15
.config/smtp.config.php
View File

@ -1,15 +0,0 @@
<?php
if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) {
$CONFIG = array (
'mail_smtpmode' => 'smtp',
'mail_smtphost' => getenv('SMTP_HOST'),
'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'),
'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
'mail_smtpname' => getenv('SMTP_NAME') ?: '',
'mail_smtppassword' => getenv('SMTP_PASSWORD') ?: '',
'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
'mail_domain' => getenv('MAIL_DOMAIN'),
);
}

56
.examples/README.md
View File

@ -1,7 +1,7 @@
# Examples section # Examples section
In this subfolders are some examples how to use the docker image. There are two sections: In this subfolders are some examples how to use the docker image. There are two sections:
* [`dockerfiles`](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles) * [`dockerfiles`](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles)
* [`docker-compose`](https://github.com/nextcloud/docker/tree/master/.examples/docker-compose) * [`docker-compose`](https://github.com/nextcloud/docker/tree/master/.examples/docker-compose)
@ -13,7 +13,7 @@ The Dockerfiles use the default images as base image and build on top of it.
Example | Description Example | Description
------- | ------- ------- | -------
[cron](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/cron) | uses supervisor to run the cron job inside the container (so no extra container is needed). This image runs `supervisord` to start nextcloud and cron as two seperate processes inside the container. [cron](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/cron) | uses supervisor to run the cron job inside the container (so no extra container is needed).
[imap](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/imap) | adds dependencies required to authenticate users via imap [imap](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/imap) | adds dependencies required to authenticate users via imap
[smb](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/smb) | adds dependencies required to use smb shares [smb](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/smb) | adds dependencies required to use smb shares
[full](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/full) | adds dependencies for ALL optional packages and cron functionality via supervisor (as in the `cron` example Dockerfile). [full](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/full) | adds dependencies for ALL optional packages and cron functionality via supervisor (as in the `cron` example Dockerfile).
@ -21,46 +21,49 @@ Example | Description
### full ### full
The `full` Dockerfile example adds dependencies for all optional packages suggested by nextcloud that may be needed for some features (e.g. Video Preview Generation), as stated in the [Administration Manual](https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html). The `full` Dockerfile example adds dependencies for all optional packages suggested by nextcloud that may be needed for some features (e.g. Video Preview Generation), as stated in the [Administration Manual](https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html).
NOTE: The Dockerfile does not install the LibreOffice package (line is commented), because it would increase the generated Image size by approximately 500 MB. In order to install it, simply uncomment the appropriate line in the Dockerfile. NOTE: The Dockerfile does not install the LibreOffice package (line is commented), because it would increase the generated Image size by approximately 500 MB. In order to install it, simply uncomment the 13th line of the Dockerfile.</br>
NOTE: Per default, only previews for BMP, GIF, JPEG, MarkDown, MP3, PNG, TXT, and XBitmap Files are generated. The configuration of the preview generation can be done in config.php, as explained in the [Administration Manual](https://docs.nextcloud.com/server/12/admin_manual/configuration_server/config_sample_php_parameters.html#previews) NOTE: Per default, only previews for BMP, GIF, JPEG, MarkDown, MP3, PNG, TXT, and XBitmap Files are generated. The configuration of the preview generation can be done in config.php, as explained in the [Administration Manual](https://docs.nextcloud.com/server/12/admin_manual/configuration_server/config_sample_php_parameters.html#previews)</br>
NOTE: Nextcloud recommends [disabling preview generation](https://docs.nextcloud.com/server/12/admin_manual/configuration_server/harden_server.html?highlight=enabledpreviewproviders#disable-preview-image-generation) for high security deployments, as preview generation opens your nextcloud instance to new possible attack vectors. NOTE: Nextcloud recommends [disabling preview generation](https://docs.nextcloud.com/server/12/admin_manual/configuration_server/harden_server.html?highlight=enabledpreviewproviders#disable-preview-image-generation) for high security deployments, as preview generation opens your nextcloud instance to new possible attack vectors.</br>
The required steps for each optional/recommended package that is not already in the Nextcloud image are listed here, so that the Dockerfile can easily be modified to only install the needed extra packages. Simply remove the steps for the unwanted packages from the Dockerfile. The required steps for each optional/recommended package that is not already in the Nextcloud image are listed here, so that the Dockerfile can easily be modified to only install the needed extra packages. Simply remove the steps for the unwanted packages from the Dockerfile.
#### PHP Module bz2 #### PHP Module bz2
`docker-php-ext-install bz2` `docker-php-ext-install bz2` </br>
#### PHP Module imagick
`apt install libmagickwand-dev` </br>
`pecl install imagick` </br>
`docker-php-ext-enable imagick` </br>
#### PHP Module imap #### PHP Module imap
`apt install libc-client-dev libkrb5-dev` `apt install libc-client-dev libkrb5-dev` </br>
`docker-php-ext-configure imap --with-kerberos --with-imap-ssl` `docker-php-ext-configure imap --with-kerberos --with-imap-ssl` </br>
`docker-php-ext-install imap` `docker-php-ext-install imap` </br>
#### PHP Module gmp #### PHP Module gmp
`apt install libgmp3-dev` `apt install libgmp3-dev` </br>
`docker-php-ext-install gmp` `docker-php-ext-install gmp` </br>
#### PHP Module smbclient #### PHP Module smbclient
`apt install smbclient libsmbclient-dev` `apt install smbclient libsmbclient-dev` </br>
`pecl install smbclient` `pecl install smbclient` </br>
`docker-php-ext-enable smbclient` `docker-php-ext-enable smbclient` </br>
#### ffmpeg #### ffmpeg
`apt install ffmpeg` `echo "deb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/sources.list` </br>
`apt install ffmpeg` </br>
#### imagemagick SVG support
`apt install libmagickcore-6.q16-6-extra`
#### LibreOffice #### LibreOffice
`apt install libreoffice` `apt install LibreOffice` </br>
#### CRON via supervisor #### CRON via supervisor
`apt install supervisor` `apt install supervisor` </br>
`mkdir /var/log/supervisord /var/run/supervisord` `mkdir /var/log/supervisord /var/run/supervisord` </br>
The following Dockerfile commands are also necessary for a sucessfull cron installation: The following Dockerfile commands are also necessary for a sucessfull cron installation: </br>
`COPY supervisord.conf /etc/supervisor/supervisord.conf` `COPY supervisord.conf /etc/supervisor/supervisord.conf` </br>
`CMD ["/usr/bin/supervisord"]` `CMD ["/usr/bin/supervisord"]` </br>
@ -89,12 +92,9 @@ If you want to update your installation to a newer version of nextcloud, repeat
### with-nginx-proxy ### with-nginx-proxy
The nginx proxy adds a proxy layer between nextcloud and the internet. The proxy is designed to serve multiple sites on the same host machine. The nginx proxy adds a proxy layer between nextcloud and the internet. The proxy is designed to serve multiple sites on the same host machine.
The advantage in adding this layer is the ability to add a container for [Let's Encrypt](https://letsencrypt.org/) certificate handling. The advantage in adding this layer is the ability to add a container for [Let's Encrypt](https://letsencrypt.org/) certificate handling.
This combination of the [jwilder/nginx-proxy](https://github.com/jwilder/nginx-proxy) and [jrcs/docker-letsencrypt-nginx-proxy-companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion) containers creates a fully automated https encryption of the nextcloud installation without worrying about certificate generation, validation or renewal. This combination of the [jwilder/nginx-proxy](https://github.com/jwilder/nginx-proxy) and [jrcs/docker-letsencrypt-nginx-proxy-companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion) containers creates a fully automated https encryption of the nextcloud installation without worrying about certificate generation, validation or renewal.
**This setup only works with a valid domain name on a server that is reachable from the internet.**
To use this example complete the following steps: To use this example complete the following steps:
1. open `docker-compose.yml` 1. open `docker-compose.yml`

3
.examples/docker-compose/insecure/mariadb-cron-redis/apache/app/Dockerfile Normal file
View File

@ -0,0 +1,3 @@
FROM nextcloud:apache
COPY redis.config.php /usr/src/nextcloud/config/redis.config.php

8
.examples/docker-compose/insecure/mariadb-cron-redis/apache/app/redis.config.php Normal file
View File

@ -0,0 +1,8 @@
<?php
$CONFIG = array (
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => 'redis',
'port' => 6379,
),
);

9
.examples/docker-compose/insecure/mariadb-cron-redis/apache/docker-compose.yml
View File

@ -13,11 +13,11 @@ services:
- db.env - db.env
redis: redis:
image: redis:alpine image: redis
restart: always restart: always
app: app:
image: nextcloud:apache build: ./app
restart: always restart: always
ports: ports:
- 8080:80 - 8080:80
@ -25,7 +25,6 @@ services:
- nextcloud:/var/www/html - nextcloud:/var/www/html
environment: environment:
- MYSQL_HOST=db - MYSQL_HOST=db
- REDIS_HOST=redis
env_file: env_file:
- db.env - db.env
depends_on: depends_on:
@ -33,7 +32,7 @@ services:
- redis - redis
cron: cron:
image: nextcloud:apache build: ./app
restart: always restart: always
volumes: volumes:
- nextcloud:/var/www/html - nextcloud:/var/www/html

3
.examples/docker-compose/insecure/mariadb-cron-redis/fpm/app/Dockerfile Normal file
View File

@ -0,0 +1,3 @@
FROM nextcloud:fpm
COPY redis.config.php /usr/src/nextcloud/config/redis.config.php

8
.examples/docker-compose/insecure/mariadb-cron-redis/fpm/app/redis.config.php Normal file
View File

@ -0,0 +1,8 @@
<?php
$CONFIG = array (
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => 'redis',
'port' => 6379,
),
);

9
.examples/docker-compose/insecure/mariadb-cron-redis/fpm/docker-compose.yml
View File

@ -13,17 +13,16 @@ services:
- db.env - db.env
redis: redis:
image: redis:alpine image: redis
restart: always restart: always
app: app:
image: nextcloud:fpm-alpine build: ./app
restart: always restart: always
volumes: volumes:
- nextcloud:/var/www/html - nextcloud:/var/www/html
environment: environment:
- MYSQL_HOST=db - MYSQL_HOST=db
- REDIS_HOST=redis
env_file: env_file:
- db.env - db.env
depends_on: depends_on:
@ -41,7 +40,7 @@ services:
- app - app
cron: cron:
image: nextcloud:fpm-alpine build: ./app
restart: always restart: always
volumes: volumes:
- nextcloud:/var/www/html - nextcloud:/var/www/html

2
.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/Dockerfile
View File

@ -1,3 +1,3 @@
FROM nginx:alpine FROM nginx
COPY nginx.conf /etc/nginx/nginx.conf COPY nginx.conf /etc/nginx/nginx.conf

82
.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/nginx.conf
View File

@ -1,4 +1,5 @@
worker_processes auto; user www-data;
worker_processes 1;
error_log /var/log/nginx/error.log warn; error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid; pid /var/run/nginx.pid;
@ -36,25 +37,20 @@ http {
# Add headers to serve security related headers # Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this # Before enabling Strict-Transport-Security headers please read into this
# topic first. # topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; # add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
# #
# WARNING: Only add the preload option once you read about # WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option # the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped # will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list # in all major browsers and getting removed from this list
# could take several months. # could take several months.
add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options nosniff;
add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block";
add_header X-Download-Options "noopen" always; add_header X-Robots-Tag none;
add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/html; root /var/www/html;
location = /robots.txt { location = /robots.txt {
@ -66,18 +62,14 @@ http {
# The following 2 rules are only needed for the user_webfinger app. # The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app. # Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last; #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
location = /.well-known/carddav { location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/remote.php/dav; return 301 $scheme://$host/remote.php/dav;
} }
location = /.well-known/caldav { location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/remote.php/dav; return 301 $scheme://$host/remote.php/dav;
} }
# set max upload size # set max upload size
@ -97,72 +89,66 @@ http {
#pagespeed off; #pagespeed off;
location / { location / {
rewrite ^ /index.php; rewrite ^ /index.php$uri;
} }
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all; deny all;
} }
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all; deny all;
} }
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; fastcgi_split_path_info ^(.+\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params; include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info; fastcgi_param PATH_INFO $fastcgi_path_info;
# fastcgi_param HTTPS on; # fastcgi_param HTTPS on;
#Avoid sending the security headers twice
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true; fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true; fastcgi_param front_controller_active true;
fastcgi_pass php-handler; fastcgi_pass php-handler;
fastcgi_intercept_errors on; fastcgi_intercept_errors on;
fastcgi_request_buffering off; fastcgi_request_buffering off;
} }
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404; try_files $uri/ =404;
index index.php; index index.php;
} }
# Adding the cache control header for js, css and map files # Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block # Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif|map)$ { location ~ \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$request_uri; try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=15778463"; add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to # Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above) # have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into # Before enabling Strict-Transport-Security headers please read into
# this topic first. # this topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; # add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
# #
# WARNING: Only add the preload option once you read about # WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option # the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped # will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list # in all major browsers and getting removed from this list
# could take several months. # could take several months.
add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options nosniff;
add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block";
add_header X-Download-Options "noopen" always; add_header X-Robots-Tag none;
add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Optional: Don't log access to assets # Optional: Don't log access to assets
access_log off; access_log off;
} }
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ { location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$request_uri; try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets # Optional: Don't log access to other assets
access_log off; access_log off;
} }
} }
} }

2
.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml
View File

@ -12,7 +12,7 @@ services:
env_file: env_file:
- db.env - db.env
app: app:
image: nextcloud:apache image: nextcloud:apache
restart: always restart: always
ports: ports:

4
.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml
View File

@ -12,8 +12,8 @@ services:
env_file: env_file:
- db.env - db.env
app: app:
image: nextcloud:fpm-alpine image: nextcloud:fpm
restart: always restart: always
volumes: volumes:
- nextcloud:/var/www/html - nextcloud:/var/www/html

2
.examples/docker-compose/insecure/mariadb/fpm/web/Dockerfile
View File

@ -1,3 +1,3 @@
FROM nginx:alpine FROM nginx
COPY nginx.conf /etc/nginx/nginx.conf COPY nginx.conf /etc/nginx/nginx.conf

82
.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf
View File

@ -1,4 +1,5 @@
worker_processes auto; user www-data;
worker_processes 1;
error_log /var/log/nginx/error.log warn; error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid; pid /var/run/nginx.pid;
@ -36,25 +37,20 @@ http {
# Add headers to serve security related headers # Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this # Before enabling Strict-Transport-Security headers please read into this
# topic first. # topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; # add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
# #
# WARNING: Only add the preload option once you read about # WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option # the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped # will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list # in all major browsers and getting removed from this list
# could take several months. # could take several months.
add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options nosniff;
add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block";
add_header X-Download-Options "noopen" always; add_header X-Robots-Tag none;
add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/html; root /var/www/html;
location = /robots.txt { location = /robots.txt {
@ -66,18 +62,14 @@ http {
# The following 2 rules are only needed for the user_webfinger app. # The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app. # Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last; #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
location = /.well-known/carddav { location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/remote.php/dav; return 301 $scheme://$host/remote.php/dav;
} }
location = /.well-known/caldav { location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/remote.php/dav; return 301 $scheme://$host/remote.php/dav;
} }
# set max upload size # set max upload size
@ -97,72 +89,66 @@ http {
#pagespeed off; #pagespeed off;
location / { location / {
rewrite ^ /index.php; rewrite ^ /index.php$uri;
} }
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all; deny all;
} }
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all; deny all;
} }
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; fastcgi_split_path_info ^(.+\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params; include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info; fastcgi_param PATH_INFO $fastcgi_path_info;
# fastcgi_param HTTPS on; # fastcgi_param HTTPS on;
#Avoid sending the security headers twice
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true; fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true; fastcgi_param front_controller_active true;
fastcgi_pass php-handler; fastcgi_pass php-handler;
fastcgi_intercept_errors on; fastcgi_intercept_errors on;
fastcgi_request_buffering off; fastcgi_request_buffering off;
} }
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404; try_files $uri/ =404;
index index.php; index index.php;
} }
# Adding the cache control header for js, css and map files # Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block # Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif|map)$ { location ~ \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$request_uri; try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=15778463"; add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to # Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above) # have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into # Before enabling Strict-Transport-Security headers please read into
# this topic first. # this topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; # add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
# #
# WARNING: Only add the preload option once you read about # WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option # the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped # will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list # in all major browsers and getting removed from this list
# could take several months. # could take several months.
add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options nosniff;
add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block";
add_header X-Download-Options "noopen" always; add_header X-Robots-Tag none;
add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Optional: Don't log access to assets # Optional: Don't log access to assets
access_log off; access_log off;
} }
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ { location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$request_uri; try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets # Optional: Don't log access to other assets
access_log off; access_log off;
} }
} }
} }

4
.examples/docker-compose/insecure/postgres/apache/docker-compose.yml
View File

@ -2,14 +2,14 @@ version: '3'
services: services:
db: db:
image: postgres:alpine image: postgres
restart: always restart: always
volumes: volumes:
- db:/var/lib/postgresql/data - db:/var/lib/postgresql/data
env_file: env_file:
- db.env - db.env
app: app:
image: nextcloud:apache image: nextcloud:apache
restart: always restart: always
ports: ports:

6
.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml
View File

@ -2,15 +2,15 @@ version: '3'
services: services:
db: db:
image: postgres:alpine image: postgres
restart: always restart: always
volumes: volumes:
- db:/var/lib/postgresql/data - db:/var/lib/postgresql/data
env_file: env_file:
- db.env - db.env
app: app:
image: nextcloud:fpm-alpine image: nextcloud:fpm
restart: always restart: always
volumes: volumes:
- nextcloud:/var/www/html - nextcloud:/var/www/html

2
.examples/docker-compose/insecure/postgres/fpm/web/Dockerfile
View File

@ -1,3 +1,3 @@
FROM nginx:alpine FROM nginx
COPY nginx.conf /etc/nginx/nginx.conf COPY nginx.conf /etc/nginx/nginx.conf

82
.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf
View File

@ -1,4 +1,5 @@
worker_processes auto; user www-data;
worker_processes 1;
error_log /var/log/nginx/error.log warn; error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid; pid /var/run/nginx.pid;
@ -36,25 +37,20 @@ http {
# Add headers to serve security related headers # Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this # Before enabling Strict-Transport-Security headers please read into this
# topic first. # topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; # add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
# #
# WARNING: Only add the preload option once you read about # WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option # the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped # will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list # in all major browsers and getting removed from this list
# could take several months. # could take several months.
add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options nosniff;
add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block";
add_header X-Download-Options "noopen" always; add_header X-Robots-Tag none;
add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/html; root /var/www/html;
location = /robots.txt { location = /robots.txt {
@ -66,18 +62,14 @@ http {
# The following 2 rules are only needed for the user_webfinger app. # The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app. # Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last; #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
location = /.well-known/carddav { location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/remote.php/dav; return 301 $scheme://$host/remote.php/dav;
} }
location = /.well-known/caldav { location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/remote.php/dav; return 301 $scheme://$host/remote.php/dav;
} }
# set max upload size # set max upload size
@ -97,72 +89,66 @@ http {
#pagespeed off; #pagespeed off;
location / { location / {
rewrite ^ /index.php; rewrite ^ /index.php$uri;
} }
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all; deny all;
} }
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all; deny all;
} }
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; fastcgi_split_path_info ^(.+\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params; include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info; fastcgi_param PATH_INFO $fastcgi_path_info;
# fastcgi_param HTTPS on; # fastcgi_param HTTPS on;
#Avoid sending the security headers twice
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true; fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true; fastcgi_param front_controller_active true;
fastcgi_pass php-handler; fastcgi_pass php-handler;
fastcgi_intercept_errors on; fastcgi_intercept_errors on;
fastcgi_request_buffering off; fastcgi_request_buffering off;
} }
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404; try_files $uri/ =404;
index index.php; index index.php;
} }
# Adding the cache control header for js, css and map files # Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block # Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif|map)$ { location ~ \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$request_uri; try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=15778463"; add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to # Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above) # have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into # Before enabling Strict-Transport-Security headers please read into
# this topic first. # this topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; # add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
# #
# WARNING: Only add the preload option once you read about # WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option # the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped # will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list # in all major browsers and getting removed from this list
# could take several months. # could take several months.
add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options nosniff;
add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block";
add_header X-Download-Options "noopen" always; add_header X-Robots-Tag none;
add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Optional: Don't log access to assets # Optional: Don't log access to assets
access_log off; access_log off;
} }
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ { location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$request_uri; try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets # Optional: Don't log access to other assets
access_log off; access_log off;
} }
} }
} }

3
.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/db.env
View File

@ -1,3 +0,0 @@
MYSQL_PASSWORD=
MYSQL_DATABASE=nextcloud
MYSQL_USER=nextcloud

78
.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/docker-compose.yml
View File

@ -1,78 +0,0 @@
version: '3'
services:
db:
image: mariadb
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
restart: always
volumes:
- db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=
env_file:
- db.env
app:
image: nextcloud:fpm-alpine
restart: always
volumes:
- nextcloud:/var/www/html
environment:
- MYSQL_HOST=db
env_file:
- db.env
depends_on:
- db
web:
build: ./web
restart: always
volumes:
- nextcloud:/var/www/html:ro
environment:
- VIRTUAL_HOST=
depends_on:
- app
networks:
- proxy-tier
- default
proxy:
build: ./proxy
restart: always
ports:
- 80:80
- 443:443
volumes:
- certs:/etc/nginx/certs:ro
- vhost.d:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- /var/run/docker.sock:/tmp/docker.sock:ro
networks:
- proxy-tier
depends_on:
- omgwtfssl
omgwtfssl:
image: paulczar/omgwtfssl
restart: "no"
volumes:
- certs:/certs
environment:
- SSL_SUBJECT=servhostname.local
- CA_SUBJECT=my@example.com
- SSL_KEY=/certs/servhostname.local.key
- SSL_CSR=/certs/servhostname.local.csr
- SSL_CERT=/certs/servhostname.local.crt
networks:
- proxy-tier
volumes:
db:
nextcloud:
certs:
vhost.d:
html:
networks:
proxy-tier:

3
.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/proxy/Dockerfile
View File

@ -1,3 +0,0 @@
FROM jwilder/nginx-proxy:alpine
COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf

2
.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/proxy/uploadsize.conf
View File

@ -1,2 +0,0 @@
client_max_body_size 10G;
proxy_request_buffering off;

3
.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/web/Dockerfile
View File

@ -1,3 +0,0 @@
FROM nginx:alpine
COPY nginx.conf /etc/nginx/nginx.conf

173
.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/web/nginx.conf
View File

@ -1,173 +0,0 @@
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.16.0.0/12;
set_real_ip_from 192.168.0.0/16;
real_ip_header X-Real-IP;
#gzip on;
upstream php-handler {
server app:9000;
}
server {
listen 80;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/html;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
location / {
rewrite ^ /index.php;
}
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
# fastcgi_param HTTPS on;
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js, css and map files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
try_files $uri /index.php$request_uri;
# Optional: Don't log access to other assets
access_log off;
}
}
}

3
.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/app/Dockerfile Normal file
View File

@ -0,0 +1,3 @@
FROM nextcloud:apache
COPY redis.config.php /usr/src/nextcloud/config/redis.config.php

8
.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/app/redis.config.php Normal file
View File

@ -0,0 +1,8 @@
<?php
$CONFIG = array (
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => 'redis',
'port' => 6379,
),
);

9
.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/docker-compose.yml
View File

@ -13,11 +13,11 @@ services:
- db.env - db.env
redis: redis:
image: redis:alpine image: redis
restart: always restart: always
app: app:
image: nextcloud:apache build: ./app
restart: always restart: always
volumes: volumes:
- nextcloud:/var/www/html - nextcloud:/var/www/html
@ -26,7 +26,6 @@ services:
- LETSENCRYPT_HOST= - LETSENCRYPT_HOST=
- LETSENCRYPT_EMAIL= - LETSENCRYPT_EMAIL=
- MYSQL_HOST=db - MYSQL_HOST=db
- REDIS_HOST=redis
env_file: env_file:
- db.env - db.env
depends_on: depends_on:
@ -37,7 +36,7 @@ services:
- default - default
cron: cron:
image: nextcloud:apache build: ./app
restart: always restart: always
volumes: volumes:
- nextcloud:/var/www/html - nextcloud:/var/www/html

1
.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/uploadsize.conf
View File

@ -1,2 +1 @@
client_max_body_size 10G; client_max_body_size 10G;
proxy_request_buffering off;

3
.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/app/Dockerfile Normal file
View File

@ -0,0 +1,3 @@
FROM nextcloud:fpm
COPY redis.config.php /usr/src/nextcloud/config/redis.config.php

8
.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/app/redis.config.php Normal file
View File

@ -0,0 +1,8 @@
<?php
$CONFIG = array (
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => 'redis',
'port' => 6379,
),
);

9
.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/docker-compose.yml
View File

@ -13,17 +13,16 @@ services:
- db.env - db.env
redis: redis:
image: redis:alpine image: redis
restart: always restart: always
app: app:
image: nextcloud:fpm-alpine build: ./app
restart: always restart: always
volumes: volumes:
- nextcloud:/var/www/html - nextcloud:/var/www/html
environment: environment:
- MYSQL_HOST=db - MYSQL_HOST=db
- REDIS_HOST=redis
env_file: env_file:
- db.env - db.env
depends_on: depends_on:
@ -46,7 +45,7 @@ services:
- default - default
cron: cron:
image: nextcloud:fpm-alpine build: ./app
restart: always restart: always
volumes: volumes:
- nextcloud:/var/www/html - nextcloud:/var/www/html

1
.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/uploadsize.conf
View File

@ -1,2 +1 @@
client_max_body_size 10G; client_max_body_size 10G;
proxy_request_buffering off;

2
.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/Dockerfile
View File

@ -1,3 +1,3 @@
FROM nginx:alpine FROM nginx
COPY nginx.conf /etc/nginx/nginx.conf COPY nginx.conf /etc/nginx/nginx.conf

82
.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/nginx.conf
View File

@ -1,4 +1,5 @@
worker_processes auto; user www-data;
worker_processes 1;
error_log /var/log/nginx/error.log warn; error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid; pid /var/run/nginx.pid;
@ -41,25 +42,20 @@ http {
# Add headers to serve security related headers # Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this # Before enabling Strict-Transport-Security headers please read into this
# topic first. # topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; # add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
# #
# WARNING: Only add the preload option once you read about # WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option # the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped # will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list # in all major browsers and getting removed from this list
# could take several months. # could take several months.
add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options nosniff;
add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block";
add_header X-Download-Options "noopen" always; add_header X-Robots-Tag none;
add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/html; root /var/www/html;
location = /robots.txt { location = /robots.txt {
@ -71,18 +67,14 @@ http {
# The following 2 rules are only needed for the user_webfinger app. # The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app. # Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last; #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
location = /.well-known/carddav { location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/remote.php/dav; return 301 $scheme://$host/remote.php/dav;
} }
location = /.well-known/caldav { location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/remote.php/dav; return 301 $scheme://$host/remote.php/dav;
} }
# set max upload size # set max upload size
@ -102,72 +94,66 @@ http {
#pagespeed off; #pagespeed off;
location / { location / {
rewrite ^ /index.php; rewrite ^ /index.php$uri;
} }
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all; deny all;
} }
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all; deny all;
} }
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; fastcgi_split_path_info ^(.+\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params; include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info; fastcgi_param PATH_INFO $fastcgi_path_info;
# fastcgi_param HTTPS on; # fastcgi_param HTTPS on;
#Avoid sending the security headers twice
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true; fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true; fastcgi_param front_controller_active true;
fastcgi_pass php-handler; fastcgi_pass php-handler;
fastcgi_intercept_errors on; fastcgi_intercept_errors on;
fastcgi_request_buffering off; fastcgi_request_buffering off;
} }
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404; try_files $uri/ =404;
index index.php; index index.php;
} }
# Adding the cache control header for js, css and map files # Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block # Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif|map)$ { location ~ \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$request_uri; try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=15778463"; add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to # Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above) # have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into # Before enabling Strict-Transport-Security headers please read into
# this topic first. # this topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; # add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
# #
# WARNING: Only add the preload option once you read about # WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option # the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped # will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list # in all major browsers and getting removed from this list
# could take several months. # could take several months.
add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options nosniff;
add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block";
add_header X-Download-Options "noopen" always; add_header X-Robots-Tag none;
add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Optional: Don't log access to assets # Optional: Don't log access to assets
access_log off; access_log off;
} }
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ { location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$request_uri; try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets # Optional: Don't log access to other assets
access_log off; access_log off;
} }
} }
} }

2
.examples/docker-compose/with-nginx-proxy/mariadb/apache/docker-compose.yml
View File

@ -12,7 +12,7 @@ services:
env_file: env_file:
- db.env - db.env
app: app:
image: nextcloud:apache image: nextcloud:apache
restart: always restart: always
volumes: volumes:

1
.examples/docker-compose/with-nginx-proxy/mariadb/apache/proxy/uploadsize.conf
View File

@ -1,2 +1 @@
client_max_body_size 10G; client_max_body_size 10G;
proxy_request_buffering off;

4
.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml
View File

@ -12,8 +12,8 @@ services:
env_file: env_file:
- db.env - db.env
app: app:
image: nextcloud:fpm-alpine image: nextcloud:fpm
restart: always restart: always
volumes: volumes:
- nextcloud:/var/www/html - nextcloud:/var/www/html

1
.examples/docker-compose/with-nginx-proxy/mariadb/fpm/proxy/uploadsize.conf
View File

@ -1,2 +1 @@
client_max_body_size 10G; client_max_body_size 10G;
proxy_request_buffering off;

2
.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/Dockerfile
View File

@ -1,3 +1,3 @@
FROM nginx:alpine FROM nginx
COPY nginx.conf /etc/nginx/nginx.conf COPY nginx.conf /etc/nginx/nginx.conf

82
.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf
View File

@ -1,4 +1,5 @@
worker_processes auto; user www-data;
worker_processes 1;
error_log /var/log/nginx/error.log warn; error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid; pid /var/run/nginx.pid;
@ -41,25 +42,20 @@ http {
# Add headers to serve security related headers # Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this # Before enabling Strict-Transport-Security headers please read into this
# topic first. # topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; # add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
# #
# WARNING: Only add the preload option once you read about # WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option # the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped # will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list # in all major browsers and getting removed from this list
# could take several months. # could take several months.
add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options nosniff;
add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block";
add_header X-Download-Options "noopen" always; add_header X-Robots-Tag none;
add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/html; root /var/www/html;
location = /robots.txt { location = /robots.txt {
@ -71,18 +67,14 @@ http {
# The following 2 rules are only needed for the user_webfinger app. # The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app. # Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last; #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
location = /.well-known/carddav { location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/remote.php/dav; return 301 $scheme://$host/remote.php/dav;
} }
location = /.well-known/caldav { location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/remote.php/dav; return 301 $scheme://$host/remote.php/dav;
} }
# set max upload size # set max upload size
@ -102,72 +94,66 @@ http {
#pagespeed off; #pagespeed off;
location / { location / {
rewrite ^ /index.php; rewrite ^ /index.php$uri;
} }
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all; deny all;
} }
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all; deny all;
} }
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; fastcgi_split_path_info ^(.+\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params; include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info; fastcgi_param PATH_INFO $fastcgi_path_info;
# fastcgi_param HTTPS on; # fastcgi_param HTTPS on;
#Avoid sending the security headers twice
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true; fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true; fastcgi_param front_controller_active true;
fastcgi_pass php-handler; fastcgi_pass php-handler;
fastcgi_intercept_errors on; fastcgi_intercept_errors on;
fastcgi_request_buffering off; fastcgi_request_buffering off;
} }
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404; try_files $uri/ =404;
index index.php; index index.php;
} }
# Adding the cache control header for js, css and map files # Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block # Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif|map)$ { location ~ \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$request_uri; try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=15778463"; add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to # Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above) # have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into # Before enabling Strict-Transport-Security headers please read into
# this topic first. # this topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; # add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
# #
# WARNING: Only add the preload option once you read about # WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option # the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped # will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list # in all major browsers and getting removed from this list
# could take several months. # could take several months.
add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options nosniff;
add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block";
add_header X-Download-Options "noopen" always; add_header X-Robots-Tag none;
add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Optional: Don't log access to assets # Optional: Don't log access to assets
access_log off; access_log off;
} }
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ { location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$request_uri; try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets # Optional: Don't log access to other assets
access_log off; access_log off;
} }
} }
} }

4
.examples/docker-compose/with-nginx-proxy/postgres/apache/docker-compose.yml
View File

@ -2,14 +2,14 @@ version: '3'
services: services:
db: db:
image: postgres:alpine image: postgres
restart: always restart: always
volumes: volumes:
- db:/var/lib/postgresql/data - db:/var/lib/postgresql/data
env_file: env_file:
- db.env - db.env
app: app:
image: nextcloud:apache image: nextcloud:apache
restart: always restart: always
volumes: volumes:

1
.examples/docker-compose/with-nginx-proxy/postgres/apache/proxy/uploadsize.conf
View File

@ -1,2 +1 @@
client_max_body_size 10G; client_max_body_size 10G;
proxy_request_buffering off;

6
.examples/docker-compose/with-nginx-proxy/postgres/fpm/docker-compose.yml
View File

@ -2,15 +2,15 @@ version: '3'
services: services:
db: db:
image: postgres:alpine image: postgres
restart: always restart: always
volumes: volumes:
- db:/var/lib/postgresql/data - db:/var/lib/postgresql/data
env_file: env_file:
- db.env - db.env
app: app:
image: nextcloud:fpm-alpine image: nextcloud:fpm
restart: always restart: always
volumes: volumes:
- nextcloud:/var/www/html - nextcloud:/var/www/html

1
.examples/docker-compose/with-nginx-proxy/postgres/fpm/proxy/uploadsize.conf
View File

@ -1,2 +1 @@
client_max_body_size 10G; client_max_body_size 10G;
proxy_request_buffering off;

2
.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/Dockerfile
View File

@ -1,3 +1,3 @@
FROM nginx:alpine FROM nginx
COPY nginx.conf /etc/nginx/nginx.conf COPY nginx.conf /etc/nginx/nginx.conf

82
.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf
View File

@ -1,4 +1,5 @@
worker_processes auto; user www-data;
worker_processes 1;
error_log /var/log/nginx/error.log warn; error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid; pid /var/run/nginx.pid;
@ -41,25 +42,20 @@ http {
# Add headers to serve security related headers # Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this # Before enabling Strict-Transport-Security headers please read into this
# topic first. # topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; # add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
# #
# WARNING: Only add the preload option once you read about # WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option # the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped # will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list # in all major browsers and getting removed from this list
# could take several months. # could take several months.
add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options nosniff;
add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block";
add_header X-Download-Options "noopen" always; add_header X-Robots-Tag none;
add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/html; root /var/www/html;
location = /robots.txt { location = /robots.txt {
@ -71,18 +67,14 @@ http {
# The following 2 rules are only needed for the user_webfinger app. # The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app. # Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last; #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
location = /.well-known/carddav { location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/remote.php/dav; return 301 $scheme://$host/remote.php/dav;
} }
location = /.well-known/caldav { location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/remote.php/dav; return 301 $scheme://$host/remote.php/dav;
} }
# set max upload size # set max upload size
@ -102,72 +94,66 @@ http {
#pagespeed off; #pagespeed off;
location / { location / {
rewrite ^ /index.php; rewrite ^ /index.php$uri;
} }
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all; deny all;
} }
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all; deny all;
} }
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; fastcgi_split_path_info ^(.+\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params; include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info; fastcgi_param PATH_INFO $fastcgi_path_info;
# fastcgi_param HTTPS on; # fastcgi_param HTTPS on;
#Avoid sending the security headers twice
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true; fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true; fastcgi_param front_controller_active true;
fastcgi_pass php-handler; fastcgi_pass php-handler;
fastcgi_intercept_errors on; fastcgi_intercept_errors on;
fastcgi_request_buffering off; fastcgi_request_buffering off;
} }
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404; try_files $uri/ =404;
index index.php; index index.php;
} }
# Adding the cache control header for js, css and map files # Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block # Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif|map)$ { location ~ \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$request_uri; try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=15778463"; add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to # Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above) # have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into # Before enabling Strict-Transport-Security headers please read into
# this topic first. # this topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; # add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
# #
# WARNING: Only add the preload option once you read about # WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option # the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped # will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list # in all major browsers and getting removed from this list
# could take several months. # could take several months.
add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options nosniff;
add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block";
add_header X-Download-Options "noopen" always; add_header X-Robots-Tag none;
add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Optional: Don't log access to assets # Optional: Don't log access to assets
access_log off; access_log off;
} }
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ { location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$request_uri; try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets # Optional: Don't log access to other assets
access_log off; access_log off;
} }
} }
} }

6
.examples/dockerfiles/cron/apache/Dockerfile
View File

@ -5,8 +5,6 @@ RUN apt-get update && apt-get install -y \
&& rm -rf /var/lib/apt/lists/* \ && rm -rf /var/lib/apt/lists/* \
&& mkdir /var/log/supervisord /var/run/supervisord && mkdir /var/log/supervisord /var/run/supervisord
COPY supervisord.conf / COPY supervisord.conf /etc/supervisor/supervisord.conf
ENV NEXTCLOUD_UPDATE=1 CMD ["/usr/bin/supervisord"]
CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]

10
.examples/dockerfiles/cron/fpm-alpine/Dockerfile
View File

@ -1,10 +0,0 @@
FROM nextcloud:fpm-alpine
RUN apk add --no-cache supervisor \
&& mkdir /var/log/supervisord /var/run/supervisord
COPY supervisord.conf /
ENV NEXTCLOUD_UPDATE=1
CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]

22
.examples/dockerfiles/cron/fpm-alpine/supervisord.conf
View File

@ -1,22 +0,0 @@
[supervisord]
nodaemon=true
logfile=/var/log/supervisord/supervisord.log
pidfile=/var/run/supervisord/supervisord.pid
childlogdir=/var/log/supervisord/
logfile_maxbytes=50MB ; maximum size of logfile before rotation
logfile_backups=10 ; number of backed up logfiles
loglevel=error
[program:php-fpm]
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
command=php-fpm
[program:cron]
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
command=/cron.sh

6
.examples/dockerfiles/cron/fpm/Dockerfile
View File

@ -5,8 +5,6 @@ RUN apt-get update && apt-get install -y \
&& rm -rf /var/lib/apt/lists/* \ && rm -rf /var/lib/apt/lists/* \
&& mkdir /var/log/supervisord /var/run/supervisord && mkdir /var/log/supervisord /var/run/supervisord
COPY supervisord.conf / COPY supervisord.conf /etc/supervisor/supervisord.conf
ENV NEXTCLOUD_UPDATE=1 CMD ["/usr/bin/supervisord"]
CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]

67
.examples/dockerfiles/full/apache/Dockerfile
View File

@ -1,59 +1,24 @@
FROM nextcloud:apache FROM nextcloud:apache
RUN set -ex; \ RUN echo "deb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/sources.list \
\ && apt-get update && apt-get install -y \
apt-get update; \
apt-get install -y --no-install-recommends \
ffmpeg \
libmagickcore-6.q16-6-extra \
procps \
smbclient \
supervisor \ supervisor \
# libreoffice \ ffmpeg \
; \ libmagickwand-dev \
rm -rf /var/lib/apt/lists/* libgmp3-dev \
RUN set -ex; \
\
savedAptMark="$(apt-mark showmanual)"; \
\
apt-get update; \
apt-get install -y --no-install-recommends \
libbz2-dev \
libc-client-dev \ libc-client-dev \
libkrb5-dev \ libkrb5-dev \
smbclient \
libsmbclient-dev \ libsmbclient-dev \
; \ # LibreOffice \
\ && rm -rf /var/lib/apt/lists/* \
docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \ && docker-php-ext-configure imap --with-kerberos --with-imap-ssl \
docker-php-ext-install \ && ln -s "/usr/include/$(dpkg-architecture --query DEB_BUILD_MULTIARCH)/gmp.h" /usr/include/gmp.h \
bz2 \ && docker-php-ext-install bz2 gmp imap \
imap \ && pecl install imagick smbclient \
; \ && docker-php-ext-enable imagick smbclient \
pecl install smbclient; \ && mkdir /var/log/supervisord /var/run/supervisord
docker-php-ext-enable smbclient; \
\
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
apt-mark auto '.*' > /dev/null; \
apt-mark manual $savedAptMark; \
ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
| awk '/=>/ { print $3 }' \
| sort -u \
| xargs -r dpkg-query -S \
| cut -d: -f1 \
| sort -u \
| xargs -rt apt-mark manual; \
\
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
rm -rf /var/lib/apt/lists/*
RUN mkdir -p \ COPY supervisord.conf /etc/supervisor/supervisord.conf
/var/log/supervisord \
/var/run/supervisord \
;
COPY supervisord.conf / CMD ["/usr/bin/supervisord"]
ENV NEXTCLOUD_UPDATE=1
CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]

51
.examples/dockerfiles/full/fpm-alpine/Dockerfile
View File

@ -1,51 +0,0 @@
FROM nextcloud:fpm-alpine
RUN set -ex; \
\
apk add --no-cache \
ffmpeg \
imagemagick \
procps \
samba-client \
supervisor \
# libreoffice \
;
RUN set -ex; \
\
apk add --no-cache --virtual .build-deps \
$PHPIZE_DEPS \
imap-dev \
krb5-dev \
libressl-dev \
samba-dev \
bzip2-dev \
; \
\
docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \
docker-php-ext-install \
bz2 \
imap \
; \
pecl install smbclient; \
docker-php-ext-enable smbclient; \
\
runDeps="$( \
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \
| tr ',' '\n' \
| sort -u \
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
)"; \
apk add --virtual .nextcloud-phpext-rundeps $runDeps; \
apk del .build-deps
RUN mkdir -p \
/var/log/supervisord \
/var/run/supervisord \
;
COPY supervisord.conf /
ENV NEXTCLOUD_UPDATE=1
CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]

22
.examples/dockerfiles/full/fpm-alpine/supervisord.conf
View File

@ -1,22 +0,0 @@
[supervisord]
nodaemon=true
logfile=/var/log/supervisord/supervisord.log
pidfile=/var/run/supervisord/supervisord.pid
childlogdir=/var/log/supervisord/
logfile_maxbytes=50MB ; maximum size of logfile before rotation
logfile_backups=10 ; number of backed up logfiles
loglevel=error
[program:php-fpm]
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
command=php-fpm
[program:cron]
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
command=/cron.sh

67
.examples/dockerfiles/full/fpm/Dockerfile
View File

@ -1,59 +1,24 @@
FROM nextcloud:fpm FROM nextcloud:fpm
RUN set -ex; \ RUN echo "deb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/sources.list \
\ && apt-get update && apt-get install -y \
apt-get update; \
apt-get install -y --no-install-recommends \
ffmpeg \
libmagickcore-6.q16-6-extra \
procps \
smbclient \
supervisor \ supervisor \
# libreoffice \ ffmpeg \
; \ libmagickwand-dev \
rm -rf /var/lib/apt/lists/* libgmp3-dev \
RUN set -ex; \
\
savedAptMark="$(apt-mark showmanual)"; \
\
apt-get update; \
apt-get install -y --no-install-recommends \
libbz2-dev \
libc-client-dev \ libc-client-dev \
libkrb5-dev \ libkrb5-dev \
smbclient \
libsmbclient-dev \ libsmbclient-dev \
; \ # LibreOffice \
\ && rm -rf /var/lib/apt/lists/* \
docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \ && docker-php-ext-configure imap --with-kerberos --with-imap-ssl \
docker-php-ext-install \ && ln -s "/usr/include/$(dpkg-architecture --query DEB_BUILD_MULTIARCH)/gmp.h" /usr/include/gmp.h \
bz2 \ && docker-php-ext-install bz2 gmp imap \
imap \ && pecl install imagick smbclient \
; \ && docker-php-ext-enable imagick smbclient \
pecl install smbclient; \ && mkdir /var/log/supervisord /var/run/supervisord
docker-php-ext-enable smbclient; \
\
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
apt-mark auto '.*' > /dev/null; \
apt-mark manual $savedAptMark; \
ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
| awk '/=>/ { print $3 }' \
| sort -u \
| xargs -r dpkg-query -S \
| cut -d: -f1 \
| sort -u \
| xargs -rt apt-mark manual; \
\
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
rm -rf /var/lib/apt/lists/*
RUN mkdir -p \ COPY supervisord.conf /etc/supervisor/supervisord.conf
/var/log/supervisord \
/var/run/supervisord \
;
COPY supervisord.conf / CMD ["/usr/bin/supervisord"]
ENV NEXTCLOUD_UPDATE=1
CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]

31
.examples/dockerfiles/imap/apache/Dockerfile
View File

@ -1,28 +1,7 @@
FROM nextcloud:apache FROM nextcloud:apache
RUN set -ex; \ RUN apt-get update \
\ && apt-get install -y libc-client-dev libkrb5-dev \
savedAptMark="$(apt-mark showmanual)"; \ && rm -rf /var/lib/apt/lists/* \
\ && docker-php-ext-configure imap --with-kerberos --with-imap-ssl \
apt-get update; \ && docker-php-ext-install imap
apt-get install -y --no-install-recommends \
libc-client-dev \
libkrb5-dev \
; \
\
docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \
docker-php-ext-install imap; \
\
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
apt-mark auto '.*' > /dev/null; \
apt-mark manual $savedAptMark; \
ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
| awk '/=>/ { print $3 }' \
| sort -u \
| xargs -r dpkg-query -S \
| cut -d: -f1 \
| sort -u \
| xargs -rt apt-mark manual; \
\
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
rm -rf /var/lib/apt/lists/*

22
.examples/dockerfiles/imap/fpm-alpine/Dockerfile
View File

@ -1,22 +0,0 @@
FROM nextcloud:fpm-alpine
RUN set -ex; \
\
apk add --no-cache --virtual .build-deps \
$PHPIZE_DEPS \
imap-dev \
krb5-dev \
libressl-dev \
; \
\
docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \
docker-php-ext-install imap; \
\
runDeps="$( \
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \
| tr ',' '\n' \
| sort -u \
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
)"; \
apk add --virtual .nextcloud-phpext-rundeps $runDeps; \
apk del .build-deps

31
.examples/dockerfiles/imap/fpm/Dockerfile
View File

@ -1,28 +1,7 @@
FROM nextcloud:fpm FROM nextcloud:fpm
RUN set -ex; \ RUN apt-get update \
\ && apt-get install -y libc-client-dev libkrb5-dev \
savedAptMark="$(apt-mark showmanual)"; \ && rm -rf /var/lib/apt/lists/* \
\ && docker-php-ext-configure imap --with-kerberos --with-imap-ssl \
apt-get update; \ && docker-php-ext-install imap
apt-get install -y --no-install-recommends \
libc-client-dev \
libkrb5-dev \
; \
\
docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \
docker-php-ext-install imap; \
\
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
apt-mark auto '.*' > /dev/null; \
apt-mark manual $savedAptMark; \
ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
| awk '/=>/ { print $3 }' \
| sort -u \
| xargs -r dpkg-query -S \
| cut -d: -f1 \
| sort -u \
| xargs -rt apt-mark manual; \
\
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
rm -rf /var/lib/apt/lists/*

2
.examples/dockerfiles/smb/apache/Dockerfile
View File

@ -1,3 +1,3 @@
FROM nextcloud:apache FROM nextcloud:apache
RUN apt-get update && apt-get install -y procps smbclient && rm -rf /var/lib/apt/lists/* RUN apt-get update && apt-get install -y smbclient && rm -rf /var/lib/apt/lists/*

3
.examples/dockerfiles/smb/fpm-alpine/Dockerfile
View File

@ -1,3 +0,0 @@
FROM nextcloud:fpm-alpine
RUN apk add --no-cache procps samba-client

2
.examples/dockerfiles/smb/fpm/Dockerfile
View File

@ -1,3 +1,3 @@
FROM nextcloud:fpm FROM nextcloud:fpm
RUN apt-get update && apt-get install -y procps smbclient && rm -rf /var/lib/apt/lists/* RUN apt-get update && apt-get install -y smbclient && rm -rf /var/lib/apt/lists/*

88
.travis.yml
View File

@ -1,60 +1,42 @@
language: bash dist: trusty
sudo: required
services: docker services: docker
language: bash
branches: branches:
only: only:
- master - master
# preload images to avoid timeouts in tests
before_install:
- docker pull mariadb:10
- docker pull postgres:11-alpine
install: install:
- git clone https://github.com/docker-library/official-images.git ~/official-images - git clone https://github.com/docker-library/official-images.git ~/official-images
before_script: before_script:
- env | sort - env | sort
- wget -qO- 'https://github.com/tianon/pgp-happy-eyeballs/raw/master/hack-my-builds.sh' | bash
- image="nextcloud:${VERSION}${VARIANT:+-$VARIANT}" - image="nextcloud:${VERSION}${VARIANT:+-$VARIANT}"
- if [[ "$ARCH" == 'i386' ]]; then sed -i -e 's/FROM php/FROM i386\/php/g' "${VERSION}/${VARIANT}/Dockerfile"; fi - if [[ "$ARCH" == 'i386' ]]; then sed -i -e 's/FROM php/FROM i386\/php/g' "${VERSION}/${VARIANT}/Dockerfile"; fi
script: script:
- | - travis_retry docker build -t "$image" "${VERSION}/${VARIANT}"
( - ~/official-images/test/run.sh "$image"
set -Eeuo pipefail - .travis/test-example-dockerfiles.sh "$image"
set -x
travis_retry docker build -t "$image" "${VERSION}/${VARIANT}"
travis_retry ~/official-images/test/run.sh "$image"
.travis/test-example-dockerfiles.sh "$image"
)
after_script: after_script:
- docker images - docker images
jobs: jobs:
# https://github.com/docker-library/php/issues/822
allow_failures:
- env: VERSION=15.0 VARIANT=apache ARCH=i386
- env: VERSION=16.0 VARIANT=apache ARCH=i386
- env: VERSION=17.0 VARIANT=apache ARCH=i386
- env: VERSION=18.0 VARIANT=apache ARCH=i386
- env: VERSION=15.0-rc VARIANT=apache ARCH=i386
- env: VERSION=16.0-rc VARIANT=apache ARCH=i386
- env: VERSION=17.0-rc VARIANT=apache ARCH=i386
- env: VERSION=18.0-rc VARIANT=apache ARCH=i386
- env: VERSION=17.0-beta VARIANT=apache ARCH=i386
- env: VERSION=18.0-beta VARIANT=apache ARCH=i386
include: include:
- &test-scripts - &test-scripts
stage: test scripts stage: test scripts
env: SCRIPT=update.sh env: SCRIPT=update.sh
sudo: false
services: [] services: []
install: skip install: skip
before_script: skip before_script: skip
script: script:
- hash_before=$(git write-tree) - hash_before=$(git write-tree)
- travis_retry ./update.sh - ./update.sh
- bash -c "[[ $hash_before = $(git add -A && git write-tree) ]]" - bash -c "[[ $hash_before = $(git add -A && git write-tree) ]]"
after_script: skip after_script: skip
@ -64,42 +46,18 @@ jobs:
- wget -O "$HOME/bin/bashbrew" https://doi-janky.infosiftr.net/job/bashbrew/lastSuccessfulBuild/artifact/bin/bashbrew-amd64 - wget -O "$HOME/bin/bashbrew" https://doi-janky.infosiftr.net/job/bashbrew/lastSuccessfulBuild/artifact/bin/bashbrew-amd64
- chmod +x "$HOME/bin/bashbrew" - chmod +x "$HOME/bin/bashbrew"
script: script:
- travis_retry ./generate-stackbrew-library.sh - ./generate-stackbrew-library.sh
- stage: test images - stage: test images
env: VERSION=16.0-rc VARIANT=fpm-alpine ARCH=amd64 env: VERSION=12.0 VARIANT=fpm-alpine ARCH=amd64
- env: VERSION=16.0-rc VARIANT=fpm-alpine ARCH=i386 - env: VERSION=12.0 VARIANT=fpm-alpine ARCH=i386
- env: VERSION=16.0-rc VARIANT=fpm ARCH=amd64 - env: VERSION=12.0 VARIANT=fpm ARCH=amd64
- env: VERSION=16.0-rc VARIANT=fpm ARCH=i386 - env: VERSION=12.0 VARIANT=fpm ARCH=i386
- env: VERSION=16.0-rc VARIANT=apache ARCH=amd64 - env: VERSION=12.0 VARIANT=apache ARCH=amd64
- env: VERSION=16.0-rc VARIANT=apache ARCH=i386 - env: VERSION=12.0 VARIANT=apache ARCH=i386
- env: VERSION=17.0-rc VARIANT=fpm-alpine ARCH=amd64 - env: VERSION=13.0 VARIANT=fpm-alpine ARCH=amd64
- env: VERSION=17.0-rc VARIANT=fpm-alpine ARCH=i386 - env: VERSION=13.0 VARIANT=fpm-alpine ARCH=i386
- env: VERSION=17.0-rc VARIANT=fpm ARCH=amd64 - env: VERSION=13.0 VARIANT=fpm ARCH=amd64
- env: VERSION=17.0-rc VARIANT=fpm ARCH=i386 - env: VERSION=13.0 VARIANT=fpm ARCH=i386
- env: VERSION=17.0-rc VARIANT=apache ARCH=amd64 - env: VERSION=13.0 VARIANT=apache ARCH=amd64
- env: VERSION=17.0-rc VARIANT=apache ARCH=i386 - env: VERSION=13.0 VARIANT=apache ARCH=i386
- env: VERSION=18.0-rc VARIANT=fpm-alpine ARCH=amd64
- env: VERSION=18.0-rc VARIANT=fpm-alpine ARCH=i386
- env: VERSION=18.0-rc VARIANT=fpm ARCH=amd64
- env: VERSION=18.0-rc VARIANT=fpm ARCH=i386
- env: VERSION=18.0-rc VARIANT=apache ARCH=amd64
- env: VERSION=18.0-rc VARIANT=apache ARCH=i386
- env: VERSION=16.0 VARIANT=fpm-alpine ARCH=amd64
- env: VERSION=16.0 VARIANT=fpm-alpine ARCH=i386
- env: VERSION=16.0 VARIANT=fpm ARCH=amd64
- env: VERSION=16.0 VARIANT=fpm ARCH=i386
- env: VERSION=16.0 VARIANT=apache ARCH=amd64
- env: VERSION=16.0 VARIANT=apache ARCH=i386
- env: VERSION=17.0 VARIANT=fpm-alpine ARCH=amd64
- env: VERSION=17.0 VARIANT=fpm-alpine ARCH=i386
- env: VERSION=17.0 VARIANT=fpm ARCH=amd64
- env: VERSION=17.0 VARIANT=fpm ARCH=i386
- env: VERSION=17.0 VARIANT=apache ARCH=amd64
- env: VERSION=17.0 VARIANT=apache ARCH=i386
- env: VERSION=18.0 VARIANT=fpm-alpine ARCH=amd64
- env: VERSION=18.0 VARIANT=fpm-alpine ARCH=i386
- env: VERSION=18.0 VARIANT=fpm ARCH=amd64
- env: VERSION=18.0 VARIANT=fpm ARCH=i386
- env: VERSION=18.0 VARIANT=apache ARCH=amd64
- env: VERSION=18.0 VARIANT=apache ARCH=i386

3
.travis/test-example-dockerfiles.sh
View File

@ -10,9 +10,10 @@ dirs=( "${dirs[@]%/}" )
for dir in "${dirs[@]}"; do for dir in "${dirs[@]}"; do
if [ -d "$dir/$VARIANT" ]; then if [ -d "$dir/$VARIANT" ]; then
( (
cd "$dir/$VARIANT" cd "$dir/$VARIANT"
sed -ri -e 's/^FROM .*/FROM '"$image"'/g' 'Dockerfile' sed -ri -e 's/^FROM .*/FROM '"$image"'/g' 'Dockerfile'
docker build -t "$image-$dir" . docker build -t "$image-$dir" .
~/official-images/test/run.sh "$image-$dir"
) )
fi fi
done done

59
16.0/apache/Dockerfile → 12.0/apache/Dockerfile
View File

@ -1,5 +1,5 @@
# DO NOT EDIT: created by update.sh from Dockerfile-debian.template # DO NOT EDIT: created by update.sh from Dockerfile-debian.template
FROM php:7.3-apache-buster FROM php:7.1-apache
# entrypoint.sh and cron.sh dependencies # entrypoint.sh and cron.sh dependencies
RUN set -ex; \ RUN set -ex; \
@ -16,7 +16,7 @@ RUN set -ex; \
echo '*/15 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data echo '*/15 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
# install the PHP extensions we need # install the PHP extensions we need
# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html # see https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html
RUN set -ex; \ RUN set -ex; \
\ \
savedAptMark="$(apt-mark showmanual)"; \ savedAptMark="$(apt-mark showmanual)"; \
@ -24,51 +24,41 @@ RUN set -ex; \
apt-get update; \ apt-get update; \
apt-get install -y --no-install-recommends \ apt-get install -y --no-install-recommends \
libcurl4-openssl-dev \ libcurl4-openssl-dev \
libevent-dev \
libfreetype6-dev \ libfreetype6-dev \
libicu-dev \ libicu-dev \
libjpeg-dev \ libjpeg-dev \
libldap2-dev \ libldap2-dev \
libmcrypt-dev \ libmcrypt-dev \
libmemcached-dev \ libmemcached-dev \
libpng-dev \ libpng12-dev \
libpq-dev \ libpq-dev \
libxml2-dev \ libxml2-dev \
libmagickwand-dev \
libzip-dev \
libwebp-dev \
libgmp-dev \
; \ ; \
\ \
debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \
if [ ! -e /usr/include/gmp.h ]; then ln -s /usr/include/$debMultiarch/gmp.h /usr/include/gmp.h; fi;\ docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr --with-webp-dir=/usr; \
docker-php-ext-configure gmp --with-gmp="/usr/include/$debMultiarch"; \
docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \ docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \
docker-php-ext-install -j "$(nproc)" \ docker-php-ext-install \
exif \ exif \
gd \ gd \
intl \ intl \
ldap \ ldap \
mcrypt \
opcache \ opcache \
pcntl \ pcntl \
pdo_mysql \ pdo_mysql \
pdo_pgsql \ pdo_pgsql \
zip \ zip \
gmp \
; \ ; \
\ pecl install \
# pecl will claim success even if one install fails, so we need to perform each install separately APCu-5.1.11 \
pecl install APCu-5.1.18; \ memcached-3.0.4 \
pecl install memcached-3.1.5; \ redis-3.1.6 \
pecl install redis-4.3.0; \ ; \
pecl install imagick-3.4.4; \
\
docker-php-ext-enable \ docker-php-ext-enable \
apcu \ apcu \
memcached \ memcached \
redis \ redis \
imagick \
; \ ; \
\ \
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
@ -89,6 +79,7 @@ RUN set -ex; \
# see https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html#enable-php-opcache # see https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
RUN { \ RUN { \
echo 'opcache.enable=1'; \ echo 'opcache.enable=1'; \
echo 'opcache.enable_cli=1'; \
echo 'opcache.interned_strings_buffer=8'; \ echo 'opcache.interned_strings_buffer=8'; \
echo 'opcache.max_accelerated_files=10000'; \ echo 'opcache.max_accelerated_files=10000'; \
echo 'opcache.memory_consumption=128'; \ echo 'opcache.memory_consumption=128'; \
@ -96,10 +87,6 @@ RUN { \
echo 'opcache.revalidate_freq=1'; \ echo 'opcache.revalidate_freq=1'; \
} > /usr/local/etc/php/conf.d/opcache-recommended.ini; \ } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
\ \
echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \
\
echo 'memory_limit=512M' > /usr/local/etc/php/conf.d/memory-limit.ini; \
\
mkdir /var/www/data; \ mkdir /var/www/data; \
chown -R www-data:root /var/www; \ chown -R www-data:root /var/www; \
chmod -R g=u /var/www chmod -R g=u /var/www
@ -115,36 +102,26 @@ RUN a2enmod rewrite remoteip ;\
} > /etc/apache2/conf-available/remoteip.conf;\ } > /etc/apache2/conf-available/remoteip.conf;\
a2enconf remoteip a2enconf remoteip
ENV NEXTCLOUD_VERSION 16.0.8 ENV NEXTCLOUD_VERSION 12.0.7
RUN set -ex; \ RUN set -ex; \
fetchDeps=" \
gnupg \
dirmngr \
"; \
apt-get update; \
apt-get install -y --no-install-recommends $fetchDeps; \
\
curl -fsSL -o nextcloud.tar.bz2 \ curl -fsSL -o nextcloud.tar.bz2 \
"https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \
curl -fsSL -o nextcloud.tar.bz2.asc \ curl -fsSL -o nextcloud.tar.bz2.asc \
"https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \
export GNUPGHOME="$(mktemp -d)"; \ export GNUPGHOME="$(mktemp -d)"; \
# gpg key from https://nextcloud.com/nextcloud.asc # gpg key from https://nextcloud.com/nextcloud.asc
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc; \
tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
gpgconf --kill all; \ rm nextcloud.tar.bz2; \
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
rm -rf /usr/src/nextcloud/updater; \ rm -rf /usr/src/nextcloud/updater; \
mkdir -p /usr/src/nextcloud/data; \ mkdir -p /usr/src/nextcloud/data; \
mkdir -p /usr/src/nextcloud/custom_apps; \ mkdir -p /usr/src/nextcloud/custom_apps; \
chmod +x /usr/src/nextcloud/occ; \ chmod +x /usr/src/nextcloud/occ
\
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
rm -rf /var/lib/apt/lists/*
COPY *.sh upgrade.exclude / COPY *.sh /
COPY config/* /usr/src/nextcloud/config/ COPY config/* /usr/src/nextcloud/config/
ENTRYPOINT ["/entrypoint.sh"] ENTRYPOINT ["/entrypoint.sh"]

0
16.0-rc/apache/config/apache-pretty-urls.config.php → 12.0/apache/config/apache-pretty-urls.config.php
View File

0
16.0-rc/apache/config/apcu.config.php → 12.0/apache/config/apcu.config.php
View File

0
16.0-rc/apache/config/apps.config.php → 12.0/apache/config/apps.config.php
View File

9
16.0/apache/config/autoconfig.php → 12.0/apache/config/autoconfig.php
View File

@ -23,9 +23,12 @@ if (getenv('SQLITE_DATABASE')) {
} }
if ($autoconfig_enabled) { if ($autoconfig_enabled) {
if (getenv('NEXTCLOUD_TABLE_PREFIX')) { $AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX') ?: "";
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX');
}
$AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data"; $AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
if (getenv('NEXTCLOUD_ADMIN_USER') && getenv('NEXTCLOUD_ADMIN_PASSWORD')) {
$AUTOCONFIG["adminlogin"] = getenv('NEXTCLOUD_ADMIN_USER');
$AUTOCONFIG["adminpass"] = getenv('NEXTCLOUD_ADMIN_PASSWORD');
}
} }

0
16.0-rc/apache/cron.sh → 12.0/apache/cron.sh
View File

62
12.0/apache/entrypoint.sh Executable file
View File

@ -0,0 +1,62 @@
#!/bin/sh
set -eu
# version_greater A B returns whether A > B
version_greater() {
[ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
}
# return true if specified directory is empty
directory_empty() {
[ -z "$(ls -A "$1/")" ]
}
run_as() {
if [ "$(id -u)" = 0 ]; then
su - www-data -s /bin/sh -c "$1"
else
sh -c "$1"
fi
}
installed_version="0.0.0.0"
if [ -f /var/www/html/version.php ]; then
# shellcheck disable=SC2016
installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
fi
# shellcheck disable=SC2016
image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
if version_greater "$installed_version" "$image_version"; then
echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
exit 1
fi
if version_greater "$image_version" "$installed_version"; then
if [ "$installed_version" != "0.0.0.0" ]; then
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
fi
if [ "$(id -u)" = 0 ]; then
rsync_options="-rlDog --chown www-data:root"
else
rsync_options="-rlD"
fi
rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/
for dir in config data custom_apps themes; do
if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
fi
done
if [ "$installed_version" != "0.0.0.0" ]; then
run_as 'php /var/www/html/occ upgrade --no-app-disable'
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
echo "The following apps have beed disabled:"
diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
rm -f /tmp/list_before /tmp/list_after
fi
fi
exec "$@"

45
16.0/fpm-alpine/Dockerfile → 12.0/fpm-alpine/Dockerfile
View File

@ -1,5 +1,5 @@
# DO NOT EDIT: created by update.sh from Dockerfile-alpine.template # DO NOT EDIT: created by update.sh from Dockerfile-alpine.template
FROM php:7.3-fpm-alpine3.11 FROM php:7.1-fpm-alpine
# entrypoint.sh and cron.sh dependencies # entrypoint.sh and cron.sh dependencies
RUN set -ex; \ RUN set -ex; \
@ -12,55 +12,47 @@ RUN set -ex; \
echo '*/15 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data echo '*/15 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
# install the PHP extensions we need # install the PHP extensions we need
# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html # see https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html
RUN set -ex; \ RUN set -ex; \
\ \
apk add --no-cache --virtual .build-deps \ apk add --no-cache --virtual .build-deps \
$PHPIZE_DEPS \ alpine-sdk \
autoconf \ autoconf \
freetype-dev \ freetype-dev \
icu-dev \ icu-dev \
libevent-dev \
libjpeg-turbo-dev \ libjpeg-turbo-dev \
libmcrypt-dev \ libmcrypt-dev \
libpng-dev \ libpng-dev \
libmemcached-dev \ libmemcached-dev \
libxml2-dev \ libxml2-dev \
libzip-dev \
openldap-dev \ openldap-dev \
pcre-dev \ pcre-dev \
postgresql-dev \ postgresql-dev \
imagemagick-dev \
libwebp-dev \
gmp-dev \
; \ ; \
\ \
docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr --with-webp-dir=/usr; \ docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
docker-php-ext-configure ldap; \ docker-php-ext-configure ldap; \
docker-php-ext-install -j "$(nproc)" \ docker-php-ext-install \
exif \ exif \
gd \ gd \
intl \ intl \
ldap \ ldap \
mcrypt \
opcache \ opcache \
pcntl \ pcntl \
pdo_mysql \ pdo_mysql \
pdo_pgsql \ pdo_pgsql \
zip \ zip \
gmp \
; \ ; \
\ pecl install \
# pecl will claim success even if one install fails, so we need to perform each install separately APCu-5.1.11 \
pecl install APCu-5.1.18; \ memcached-3.0.4 \
pecl install memcached-3.1.5; \ redis-3.1.6 \
pecl install redis-4.3.0; \ ; \
pecl install imagick-3.4.4; \
\
docker-php-ext-enable \ docker-php-ext-enable \
apcu \ apcu \
memcached \ memcached \
redis \ redis \
imagick \
; \ ; \
\ \
runDeps="$( \ runDeps="$( \
@ -76,6 +68,7 @@ RUN set -ex; \
# see https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html#enable-php-opcache # see https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
RUN { \ RUN { \
echo 'opcache.enable=1'; \ echo 'opcache.enable=1'; \
echo 'opcache.enable_cli=1'; \
echo 'opcache.interned_strings_buffer=8'; \ echo 'opcache.interned_strings_buffer=8'; \
echo 'opcache.max_accelerated_files=10000'; \ echo 'opcache.max_accelerated_files=10000'; \
echo 'opcache.memory_consumption=128'; \ echo 'opcache.memory_consumption=128'; \
@ -83,10 +76,6 @@ RUN { \
echo 'opcache.revalidate_freq=1'; \ echo 'opcache.revalidate_freq=1'; \
} > /usr/local/etc/php/conf.d/opcache-recommended.ini; \ } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
\ \
echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \
\
echo 'memory_limit=512M' > /usr/local/etc/php/conf.d/memory-limit.ini; \
\
mkdir /var/www/data; \ mkdir /var/www/data; \
chown -R www-data:root /var/www; \ chown -R www-data:root /var/www; \
chmod -R g=u /var/www chmod -R g=u /var/www
@ -94,7 +83,7 @@ RUN { \
VOLUME /var/www/html VOLUME /var/www/html
ENV NEXTCLOUD_VERSION 16.0.8 ENV NEXTCLOUD_VERSION 12.0.7
RUN set -ex; \ RUN set -ex; \
apk add --no-cache --virtual .fetch-deps \ apk add --no-cache --virtual .fetch-deps \
@ -108,18 +97,18 @@ RUN set -ex; \
"https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \
export GNUPGHOME="$(mktemp -d)"; \ export GNUPGHOME="$(mktemp -d)"; \
# gpg key from https://nextcloud.com/nextcloud.asc # gpg key from https://nextcloud.com/nextcloud.asc
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc; \
tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
gpgconf --kill all; \ rm nextcloud.tar.bz2; \
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
rm -rf /usr/src/nextcloud/updater; \ rm -rf /usr/src/nextcloud/updater; \
mkdir -p /usr/src/nextcloud/data; \ mkdir -p /usr/src/nextcloud/data; \
mkdir -p /usr/src/nextcloud/custom_apps; \ mkdir -p /usr/src/nextcloud/custom_apps; \
chmod +x /usr/src/nextcloud/occ; \ chmod +x /usr/src/nextcloud/occ; \
apk del .fetch-deps apk del .fetch-deps
COPY *.sh upgrade.exclude / COPY *.sh /
COPY config/* /usr/src/nextcloud/config/ COPY config/* /usr/src/nextcloud/config/
ENTRYPOINT ["/entrypoint.sh"] ENTRYPOINT ["/entrypoint.sh"]

0
16.0-rc/fpm-alpine/config/apcu.config.php → 12.0/fpm-alpine/config/apcu.config.php
View File

0
16.0-rc/fpm-alpine/config/apps.config.php → 12.0/fpm-alpine/config/apps.config.php
View File

9
16.0-rc/apache/config/autoconfig.php → 12.0/fpm-alpine/config/autoconfig.php
View File

@ -23,9 +23,12 @@ if (getenv('SQLITE_DATABASE')) {
} }
if ($autoconfig_enabled) { if ($autoconfig_enabled) {
if (getenv('NEXTCLOUD_TABLE_PREFIX')) { $AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX') ?: "";
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX');
}
$AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data"; $AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
if (getenv('NEXTCLOUD_ADMIN_USER') && getenv('NEXTCLOUD_ADMIN_PASSWORD')) {
$AUTOCONFIG["adminlogin"] = getenv('NEXTCLOUD_ADMIN_USER');
$AUTOCONFIG["adminpass"] = getenv('NEXTCLOUD_ADMIN_PASSWORD');
}
} }

0
16.0-rc/fpm-alpine/cron.sh → 12.0/fpm-alpine/cron.sh
View File

62
12.0/fpm-alpine/entrypoint.sh Executable file
View File

@ -0,0 +1,62 @@
#!/bin/sh
set -eu
# version_greater A B returns whether A > B
version_greater() {
[ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
}
# return true if specified directory is empty
directory_empty() {
[ -z "$(ls -A "$1/")" ]
}
run_as() {
if [ "$(id -u)" = 0 ]; then
su - www-data -s /bin/sh -c "$1"
else
sh -c "$1"
fi
}
installed_version="0.0.0.0"
if [ -f /var/www/html/version.php ]; then
# shellcheck disable=SC2016
installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
fi
# shellcheck disable=SC2016
image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
if version_greater "$installed_version" "$image_version"; then
echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
exit 1
fi
if version_greater "$image_version" "$installed_version"; then
if [ "$installed_version" != "0.0.0.0" ]; then
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
fi
if [ "$(id -u)" = 0 ]; then
rsync_options="-rlDog --chown www-data:root"
else
rsync_options="-rlD"
fi
rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/
for dir in config data custom_apps themes; do
if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
fi
done
if [ "$installed_version" != "0.0.0.0" ]; then
run_as 'php /var/www/html/occ upgrade --no-app-disable'
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
echo "The following apps have beed disabled:"
diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
rm -f /tmp/list_before /tmp/list_after
fi
fi
exec "$@"

59
16.0/fpm/Dockerfile → 12.0/fpm/Dockerfile
View File

@ -1,5 +1,5 @@
# DO NOT EDIT: created by update.sh from Dockerfile-debian.template # DO NOT EDIT: created by update.sh from Dockerfile-debian.template
FROM php:7.3-fpm-buster FROM php:7.1-fpm
# entrypoint.sh and cron.sh dependencies # entrypoint.sh and cron.sh dependencies
RUN set -ex; \ RUN set -ex; \
@ -16,7 +16,7 @@ RUN set -ex; \
echo '*/15 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data echo '*/15 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
# install the PHP extensions we need # install the PHP extensions we need
# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html # see https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html
RUN set -ex; \ RUN set -ex; \
\ \
savedAptMark="$(apt-mark showmanual)"; \ savedAptMark="$(apt-mark showmanual)"; \
@ -24,51 +24,41 @@ RUN set -ex; \
apt-get update; \ apt-get update; \
apt-get install -y --no-install-recommends \ apt-get install -y --no-install-recommends \
libcurl4-openssl-dev \ libcurl4-openssl-dev \
libevent-dev \
libfreetype6-dev \ libfreetype6-dev \
libicu-dev \ libicu-dev \
libjpeg-dev \ libjpeg-dev \
libldap2-dev \ libldap2-dev \
libmcrypt-dev \ libmcrypt-dev \
libmemcached-dev \ libmemcached-dev \
libpng-dev \ libpng12-dev \
libpq-dev \ libpq-dev \
libxml2-dev \ libxml2-dev \
libmagickwand-dev \
libzip-dev \
libwebp-dev \
libgmp-dev \
; \ ; \
\ \
debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \
if [ ! -e /usr/include/gmp.h ]; then ln -s /usr/include/$debMultiarch/gmp.h /usr/include/gmp.h; fi;\ docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr --with-webp-dir=/usr; \
docker-php-ext-configure gmp --with-gmp="/usr/include/$debMultiarch"; \
docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \ docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \
docker-php-ext-install -j "$(nproc)" \ docker-php-ext-install \
exif \ exif \
gd \ gd \
intl \ intl \
ldap \ ldap \
mcrypt \
opcache \ opcache \
pcntl \ pcntl \
pdo_mysql \ pdo_mysql \
pdo_pgsql \ pdo_pgsql \
zip \ zip \
gmp \
; \ ; \
\ pecl install \
# pecl will claim success even if one install fails, so we need to perform each install separately APCu-5.1.11 \
pecl install APCu-5.1.18; \ memcached-3.0.4 \
pecl install memcached-3.1.5; \ redis-3.1.6 \
pecl install redis-4.3.0; \ ; \
pecl install imagick-3.4.4; \
\
docker-php-ext-enable \ docker-php-ext-enable \
apcu \ apcu \
memcached \ memcached \
redis \ redis \
imagick \
; \ ; \
\ \
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
@ -89,6 +79,7 @@ RUN set -ex; \
# see https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html#enable-php-opcache # see https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
RUN { \ RUN { \
echo 'opcache.enable=1'; \ echo 'opcache.enable=1'; \
echo 'opcache.enable_cli=1'; \
echo 'opcache.interned_strings_buffer=8'; \ echo 'opcache.interned_strings_buffer=8'; \
echo 'opcache.max_accelerated_files=10000'; \ echo 'opcache.max_accelerated_files=10000'; \
echo 'opcache.memory_consumption=128'; \ echo 'opcache.memory_consumption=128'; \
@ -96,10 +87,6 @@ RUN { \
echo 'opcache.revalidate_freq=1'; \ echo 'opcache.revalidate_freq=1'; \
} > /usr/local/etc/php/conf.d/opcache-recommended.ini; \ } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
\ \
echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \
\
echo 'memory_limit=512M' > /usr/local/etc/php/conf.d/memory-limit.ini; \
\
mkdir /var/www/data; \ mkdir /var/www/data; \
chown -R www-data:root /var/www; \ chown -R www-data:root /var/www; \
chmod -R g=u /var/www chmod -R g=u /var/www
@ -107,36 +94,26 @@ RUN { \
VOLUME /var/www/html VOLUME /var/www/html
ENV NEXTCLOUD_VERSION 16.0.8 ENV NEXTCLOUD_VERSION 12.0.7
RUN set -ex; \ RUN set -ex; \
fetchDeps=" \
gnupg \
dirmngr \
"; \
apt-get update; \
apt-get install -y --no-install-recommends $fetchDeps; \
\
curl -fsSL -o nextcloud.tar.bz2 \ curl -fsSL -o nextcloud.tar.bz2 \
"https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \
curl -fsSL -o nextcloud.tar.bz2.asc \ curl -fsSL -o nextcloud.tar.bz2.asc \
"https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \
export GNUPGHOME="$(mktemp -d)"; \ export GNUPGHOME="$(mktemp -d)"; \
# gpg key from https://nextcloud.com/nextcloud.asc # gpg key from https://nextcloud.com/nextcloud.asc
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc; \
tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
gpgconf --kill all; \ rm nextcloud.tar.bz2; \
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
rm -rf /usr/src/nextcloud/updater; \ rm -rf /usr/src/nextcloud/updater; \
mkdir -p /usr/src/nextcloud/data; \ mkdir -p /usr/src/nextcloud/data; \
mkdir -p /usr/src/nextcloud/custom_apps; \ mkdir -p /usr/src/nextcloud/custom_apps; \
chmod +x /usr/src/nextcloud/occ; \ chmod +x /usr/src/nextcloud/occ
\
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
rm -rf /var/lib/apt/lists/*
COPY *.sh upgrade.exclude / COPY *.sh /
COPY config/* /usr/src/nextcloud/config/ COPY config/* /usr/src/nextcloud/config/
ENTRYPOINT ["/entrypoint.sh"] ENTRYPOINT ["/entrypoint.sh"]

0
16.0-rc/fpm/config/apcu.config.php → 12.0/fpm/config/apcu.config.php
View File

0
16.0-rc/fpm/config/apps.config.php → 12.0/fpm/config/apps.config.php
View File

9
16.0-rc/fpm-alpine/config/autoconfig.php → 12.0/fpm/config/autoconfig.php
View File

@ -23,9 +23,12 @@ if (getenv('SQLITE_DATABASE')) {
} }
if ($autoconfig_enabled) { if ($autoconfig_enabled) {
if (getenv('NEXTCLOUD_TABLE_PREFIX')) { $AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX') ?: "";
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX');
}
$AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data"; $AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
if (getenv('NEXTCLOUD_ADMIN_USER') && getenv('NEXTCLOUD_ADMIN_PASSWORD')) {
$AUTOCONFIG["adminlogin"] = getenv('NEXTCLOUD_ADMIN_USER');
$AUTOCONFIG["adminpass"] = getenv('NEXTCLOUD_ADMIN_PASSWORD');
}
} }

0
16.0-rc/fpm/cron.sh → 12.0/fpm/cron.sh
View File

62
12.0/fpm/entrypoint.sh Executable file
View File

@ -0,0 +1,62 @@
#!/bin/sh
set -eu
# version_greater A B returns whether A > B
version_greater() {
[ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
}
# return true if specified directory is empty
directory_empty() {
[ -z "$(ls -A "$1/")" ]
}
run_as() {
if [ "$(id -u)" = 0 ]; then
su - www-data -s /bin/sh -c "$1"
else
sh -c "$1"
fi
}
installed_version="0.0.0.0"
if [ -f /var/www/html/version.php ]; then
# shellcheck disable=SC2016
installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
fi
# shellcheck disable=SC2016
image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
if version_greater "$installed_version" "$image_version"; then
echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
exit 1
fi
if version_greater "$image_version" "$installed_version"; then
if [ "$installed_version" != "0.0.0.0" ]; then
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
fi
if [ "$(id -u)" = 0 ]; then
rsync_options="-rlDog --chown www-data:root"
else
rsync_options="-rlD"
fi
rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/
for dir in config data custom_apps themes; do
if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
fi
done
if [ "$installed_version" != "0.0.0.0" ]; then
run_as 'php /var/www/html/occ upgrade --no-app-disable'
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
echo "The following apps have beed disabled:"
diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
rm -f /tmp/list_before /tmp/list_after
fi
fi
exec "$@"

61
18.0/apache/Dockerfile → 13.0/apache/Dockerfile
View File

@ -1,5 +1,5 @@
# DO NOT EDIT: created by update.sh from Dockerfile-debian.template # DO NOT EDIT: created by update.sh from Dockerfile-debian.template
FROM php:7.3-apache-buster FROM php:7.1-apache
# entrypoint.sh and cron.sh dependencies # entrypoint.sh and cron.sh dependencies
RUN set -ex; \ RUN set -ex; \
@ -13,10 +13,10 @@ RUN set -ex; \
rm -rf /var/lib/apt/lists/*; \ rm -rf /var/lib/apt/lists/*; \
\ \
mkdir -p /var/spool/cron/crontabs; \ mkdir -p /var/spool/cron/crontabs; \
echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data echo '*/15 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
# install the PHP extensions we need # install the PHP extensions we need
# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html # see https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html
RUN set -ex; \ RUN set -ex; \
\ \
savedAptMark="$(apt-mark showmanual)"; \ savedAptMark="$(apt-mark showmanual)"; \
@ -24,51 +24,41 @@ RUN set -ex; \
apt-get update; \ apt-get update; \
apt-get install -y --no-install-recommends \ apt-get install -y --no-install-recommends \
libcurl4-openssl-dev \ libcurl4-openssl-dev \
libevent-dev \
libfreetype6-dev \ libfreetype6-dev \
libicu-dev \ libicu-dev \
libjpeg-dev \ libjpeg-dev \
libldap2-dev \ libldap2-dev \
libmcrypt-dev \ libmcrypt-dev \
libmemcached-dev \ libmemcached-dev \
libpng-dev \ libpng12-dev \
libpq-dev \ libpq-dev \
libxml2-dev \ libxml2-dev \
libmagickwand-dev \
libzip-dev \
libwebp-dev \
libgmp-dev \
; \ ; \
\ \
debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \
if [ ! -e /usr/include/gmp.h ]; then ln -s /usr/include/$debMultiarch/gmp.h /usr/include/gmp.h; fi;\ docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr --with-webp-dir=/usr; \
docker-php-ext-configure gmp --with-gmp="/usr/include/$debMultiarch"; \
docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \ docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \
docker-php-ext-install -j "$(nproc)" \ docker-php-ext-install \
exif \ exif \
gd \ gd \
intl \ intl \
ldap \ ldap \
mcrypt \
opcache \ opcache \
pcntl \ pcntl \
pdo_mysql \ pdo_mysql \
pdo_pgsql \ pdo_pgsql \
zip \ zip \
gmp \
; \ ; \
\ pecl install \
# pecl will claim success even if one install fails, so we need to perform each install separately APCu-5.1.11 \
pecl install APCu-5.1.18; \ memcached-3.0.4 \
pecl install memcached-3.1.5; \ redis-3.1.6 \
pecl install redis-4.3.0; \ ; \
pecl install imagick-3.4.4; \
\
docker-php-ext-enable \ docker-php-ext-enable \
apcu \ apcu \
memcached \ memcached \
redis \ redis \
imagick \
; \ ; \
\ \
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
@ -89,6 +79,7 @@ RUN set -ex; \
# see https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html#enable-php-opcache # see https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
RUN { \ RUN { \
echo 'opcache.enable=1'; \ echo 'opcache.enable=1'; \
echo 'opcache.enable_cli=1'; \
echo 'opcache.interned_strings_buffer=8'; \ echo 'opcache.interned_strings_buffer=8'; \
echo 'opcache.max_accelerated_files=10000'; \ echo 'opcache.max_accelerated_files=10000'; \
echo 'opcache.memory_consumption=128'; \ echo 'opcache.memory_consumption=128'; \
@ -96,10 +87,6 @@ RUN { \
echo 'opcache.revalidate_freq=1'; \ echo 'opcache.revalidate_freq=1'; \
} > /usr/local/etc/php/conf.d/opcache-recommended.ini; \ } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
\ \
echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \
\
echo 'memory_limit=512M' > /usr/local/etc/php/conf.d/memory-limit.ini; \
\
mkdir /var/www/data; \ mkdir /var/www/data; \
chown -R www-data:root /var/www; \ chown -R www-data:root /var/www; \
chmod -R g=u /var/www chmod -R g=u /var/www
@ -115,36 +102,26 @@ RUN a2enmod rewrite remoteip ;\
} > /etc/apache2/conf-available/remoteip.conf;\ } > /etc/apache2/conf-available/remoteip.conf;\
a2enconf remoteip a2enconf remoteip
ENV NEXTCLOUD_VERSION 18.0.1 ENV NEXTCLOUD_VERSION 13.0.2
RUN set -ex; \ RUN set -ex; \
fetchDeps=" \
gnupg \
dirmngr \
"; \
apt-get update; \
apt-get install -y --no-install-recommends $fetchDeps; \
\
curl -fsSL -o nextcloud.tar.bz2 \ curl -fsSL -o nextcloud.tar.bz2 \
"https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \
curl -fsSL -o nextcloud.tar.bz2.asc \ curl -fsSL -o nextcloud.tar.bz2.asc \
"https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \
export GNUPGHOME="$(mktemp -d)"; \ export GNUPGHOME="$(mktemp -d)"; \
# gpg key from https://nextcloud.com/nextcloud.asc # gpg key from https://nextcloud.com/nextcloud.asc
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc; \
tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
gpgconf --kill all; \ rm nextcloud.tar.bz2; \
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
rm -rf /usr/src/nextcloud/updater; \ rm -rf /usr/src/nextcloud/updater; \
mkdir -p /usr/src/nextcloud/data; \ mkdir -p /usr/src/nextcloud/data; \
mkdir -p /usr/src/nextcloud/custom_apps; \ mkdir -p /usr/src/nextcloud/custom_apps; \
chmod +x /usr/src/nextcloud/occ; \ chmod +x /usr/src/nextcloud/occ
\
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
rm -rf /var/lib/apt/lists/*
COPY *.sh upgrade.exclude / COPY *.sh /
COPY config/* /usr/src/nextcloud/config/ COPY config/* /usr/src/nextcloud/config/
ENTRYPOINT ["/entrypoint.sh"] ENTRYPOINT ["/entrypoint.sh"]

0
16.0/apache/config/apache-pretty-urls.config.php → 13.0/apache/config/apache-pretty-urls.config.php
View File

0
16.0/apache/config/apcu.config.php → 13.0/apache/config/apcu.config.php
View File

0
16.0/apache/config/apps.config.php → 13.0/apache/config/apps.config.php
View File

9
16.0-rc/fpm/config/autoconfig.php → 13.0/apache/config/autoconfig.php
View File

@ -23,9 +23,12 @@ if (getenv('SQLITE_DATABASE')) {
} }
if ($autoconfig_enabled) { if ($autoconfig_enabled) {
if (getenv('NEXTCLOUD_TABLE_PREFIX')) { $AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX') ?: "";
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX');
}
$AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data"; $AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
if (getenv('NEXTCLOUD_ADMIN_USER') && getenv('NEXTCLOUD_ADMIN_PASSWORD')) {
$AUTOCONFIG["adminlogin"] = getenv('NEXTCLOUD_ADMIN_USER');
$AUTOCONFIG["adminpass"] = getenv('NEXTCLOUD_ADMIN_PASSWORD');
}
} }

0
16.0/apache/cron.sh → 13.0/apache/cron.sh
View File

62
13.0/apache/entrypoint.sh Executable file
View File

@ -0,0 +1,62 @@
#!/bin/sh
set -eu
# version_greater A B returns whether A > B
version_greater() {
[ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
}
# return true if specified directory is empty
directory_empty() {
[ -z "$(ls -A "$1/")" ]
}
run_as() {
if [ "$(id -u)" = 0 ]; then
su - www-data -s /bin/sh -c "$1"
else
sh -c "$1"
fi
}
installed_version="0.0.0.0"
if [ -f /var/www/html/version.php ]; then
# shellcheck disable=SC2016
installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
fi
# shellcheck disable=SC2016
image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
if version_greater "$installed_version" "$image_version"; then
echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
exit 1
fi
if version_greater "$image_version" "$installed_version"; then
if [ "$installed_version" != "0.0.0.0" ]; then
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
fi
if [ "$(id -u)" = 0 ]; then
rsync_options="-rlDog --chown www-data:root"
else
rsync_options="-rlD"
fi
rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/
for dir in config data custom_apps themes; do
if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
fi
done
if [ "$installed_version" != "0.0.0.0" ]; then
run_as 'php /var/www/html/occ upgrade --no-app-disable'
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
echo "The following apps have beed disabled:"
diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
rm -f /tmp/list_before /tmp/list_after
fi
fi
exec "$@"

47
18.0/fpm-alpine/Dockerfile → 13.0/fpm-alpine/Dockerfile
View File

@ -1,5 +1,5 @@
# DO NOT EDIT: created by update.sh from Dockerfile-alpine.template # DO NOT EDIT: created by update.sh from Dockerfile-alpine.template
FROM php:7.3-fpm-alpine3.11 FROM php:7.1-fpm-alpine
# entrypoint.sh and cron.sh dependencies # entrypoint.sh and cron.sh dependencies
RUN set -ex; \ RUN set -ex; \
@ -9,58 +9,50 @@ RUN set -ex; \
; \ ; \
\ \
rm /var/spool/cron/crontabs/root; \ rm /var/spool/cron/crontabs/root; \
echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data echo '*/15 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
# install the PHP extensions we need # install the PHP extensions we need
# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html # see https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html
RUN set -ex; \ RUN set -ex; \
\ \
apk add --no-cache --virtual .build-deps \ apk add --no-cache --virtual .build-deps \
$PHPIZE_DEPS \ alpine-sdk \
autoconf \ autoconf \
freetype-dev \ freetype-dev \
icu-dev \ icu-dev \
libevent-dev \
libjpeg-turbo-dev \ libjpeg-turbo-dev \
libmcrypt-dev \ libmcrypt-dev \
libpng-dev \ libpng-dev \
libmemcached-dev \ libmemcached-dev \
libxml2-dev \ libxml2-dev \
libzip-dev \
openldap-dev \ openldap-dev \
pcre-dev \ pcre-dev \
postgresql-dev \ postgresql-dev \
imagemagick-dev \
libwebp-dev \
gmp-dev \
; \ ; \
\ \
docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr --with-webp-dir=/usr; \ docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
docker-php-ext-configure ldap; \ docker-php-ext-configure ldap; \
docker-php-ext-install -j "$(nproc)" \ docker-php-ext-install \
exif \ exif \
gd \ gd \
intl \ intl \
ldap \ ldap \
mcrypt \
opcache \ opcache \
pcntl \ pcntl \
pdo_mysql \ pdo_mysql \
pdo_pgsql \ pdo_pgsql \
zip \ zip \
gmp \
; \ ; \
\ pecl install \
# pecl will claim success even if one install fails, so we need to perform each install separately APCu-5.1.11 \
pecl install APCu-5.1.18; \ memcached-3.0.4 \
pecl install memcached-3.1.5; \ redis-3.1.6 \
pecl install redis-4.3.0; \ ; \
pecl install imagick-3.4.4; \
\
docker-php-ext-enable \ docker-php-ext-enable \
apcu \ apcu \
memcached \ memcached \
redis \ redis \
imagick \
; \ ; \
\ \
runDeps="$( \ runDeps="$( \
@ -76,6 +68,7 @@ RUN set -ex; \
# see https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html#enable-php-opcache # see https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
RUN { \ RUN { \
echo 'opcache.enable=1'; \ echo 'opcache.enable=1'; \
echo 'opcache.enable_cli=1'; \
echo 'opcache.interned_strings_buffer=8'; \ echo 'opcache.interned_strings_buffer=8'; \
echo 'opcache.max_accelerated_files=10000'; \ echo 'opcache.max_accelerated_files=10000'; \
echo 'opcache.memory_consumption=128'; \ echo 'opcache.memory_consumption=128'; \
@ -83,10 +76,6 @@ RUN { \
echo 'opcache.revalidate_freq=1'; \ echo 'opcache.revalidate_freq=1'; \
} > /usr/local/etc/php/conf.d/opcache-recommended.ini; \ } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
\ \
echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \
\
echo 'memory_limit=512M' > /usr/local/etc/php/conf.d/memory-limit.ini; \
\
mkdir /var/www/data; \ mkdir /var/www/data; \
chown -R www-data:root /var/www; \ chown -R www-data:root /var/www; \
chmod -R g=u /var/www chmod -R g=u /var/www
@ -94,7 +83,7 @@ RUN { \
VOLUME /var/www/html VOLUME /var/www/html
ENV NEXTCLOUD_VERSION 18.0.1 ENV NEXTCLOUD_VERSION 13.0.2
RUN set -ex; \ RUN set -ex; \
apk add --no-cache --virtual .fetch-deps \ apk add --no-cache --virtual .fetch-deps \
@ -108,18 +97,18 @@ RUN set -ex; \
"https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \
export GNUPGHOME="$(mktemp -d)"; \ export GNUPGHOME="$(mktemp -d)"; \
# gpg key from https://nextcloud.com/nextcloud.asc # gpg key from https://nextcloud.com/nextcloud.asc
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc; \
tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
gpgconf --kill all; \ rm nextcloud.tar.bz2; \
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
rm -rf /usr/src/nextcloud/updater; \ rm -rf /usr/src/nextcloud/updater; \
mkdir -p /usr/src/nextcloud/data; \ mkdir -p /usr/src/nextcloud/data; \
mkdir -p /usr/src/nextcloud/custom_apps; \ mkdir -p /usr/src/nextcloud/custom_apps; \
chmod +x /usr/src/nextcloud/occ; \ chmod +x /usr/src/nextcloud/occ; \
apk del .fetch-deps apk del .fetch-deps
COPY *.sh upgrade.exclude / COPY *.sh /
COPY config/* /usr/src/nextcloud/config/ COPY config/* /usr/src/nextcloud/config/
ENTRYPOINT ["/entrypoint.sh"] ENTRYPOINT ["/entrypoint.sh"]

0
16.0/fpm-alpine/config/apcu.config.php → 13.0/fpm-alpine/config/apcu.config.php
View File

0
16.0/fpm-alpine/config/apps.config.php → 13.0/fpm-alpine/config/apps.config.php
View File

34
13.0/fpm-alpine/config/autoconfig.php Normal file
View File

@ -0,0 +1,34 @@
<?php
$autoconfig_enabled = false;
if (getenv('SQLITE_DATABASE')) {
$AUTOCONFIG["dbtype"] = "sqlite";
$AUTOCONFIG["dbname"] = getenv('SQLITE_DATABASE');
$autoconfig_enabled = true;
} elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) {
$AUTOCONFIG["dbtype"] = "mysql";
$AUTOCONFIG["dbname"] = getenv('MYSQL_DATABASE');
$AUTOCONFIG["dbuser"] = getenv('MYSQL_USER');
$AUTOCONFIG["dbpass"] = getenv('MYSQL_PASSWORD');
$AUTOCONFIG["dbhost"] = getenv('MYSQL_HOST');
$autoconfig_enabled = true;
} elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) {
$AUTOCONFIG["dbtype"] = "pgsql";
$AUTOCONFIG["dbname"] = getenv('POSTGRES_DB');
$AUTOCONFIG["dbuser"] = getenv('POSTGRES_USER');
$AUTOCONFIG["dbpass"] = getenv('POSTGRES_PASSWORD');
$AUTOCONFIG["dbhost"] = getenv('POSTGRES_HOST');
$autoconfig_enabled = true;
}
if ($autoconfig_enabled) {
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX') ?: "";
$AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
if (getenv('NEXTCLOUD_ADMIN_USER') && getenv('NEXTCLOUD_ADMIN_PASSWORD')) {
$AUTOCONFIG["adminlogin"] = getenv('NEXTCLOUD_ADMIN_USER');
$AUTOCONFIG["adminpass"] = getenv('NEXTCLOUD_ADMIN_PASSWORD');
}
}

8
13.0/fpm-alpine/config/redis.config.php Normal file
View File

@ -0,0 +1,8 @@
<?php
$CONFIG = array (
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => 'redis',
'port' => 6379,
),
);

0
16.0/fpm-alpine/cron.sh → 13.0/fpm-alpine/cron.sh
View File

62
13.0/fpm-alpine/entrypoint.sh Executable file
View File

@ -0,0 +1,62 @@
#!/bin/sh
set -eu
# version_greater A B returns whether A > B
version_greater() {
[ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
}
# return true if specified directory is empty
directory_empty() {
[ -z "$(ls -A "$1/")" ]
}
run_as() {
if [ "$(id -u)" = 0 ]; then
su - www-data -s /bin/sh -c "$1"
else
sh -c "$1"
fi
}
installed_version="0.0.0.0"
if [ -f /var/www/html/version.php ]; then
# shellcheck disable=SC2016
installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
fi
# shellcheck disable=SC2016
image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
if version_greater "$installed_version" "$image_version"; then
echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
exit 1
fi
if version_greater "$image_version" "$installed_version"; then
if [ "$installed_version" != "0.0.0.0" ]; then
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
fi
if [ "$(id -u)" = 0 ]; then
rsync_options="-rlDog --chown www-data:root"
else
rsync_options="-rlD"
fi
rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/
for dir in config data custom_apps themes; do
if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
fi
done
if [ "$installed_version" != "0.0.0.0" ]; then
run_as 'php /var/www/html/occ upgrade --no-app-disable'
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
echo "The following apps have beed disabled:"
diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
rm -f /tmp/list_before /tmp/list_after
fi
fi
exec "$@"

68
17.0/fpm/Dockerfile → 13.0/fpm/Dockerfile
View File

@ -1,5 +1,5 @@
# DO NOT EDIT: created by update.sh from Dockerfile-debian.template # DO NOT EDIT: created by update.sh from Dockerfile-debian.template
FROM php:7.3-fpm-buster FROM php:7.1-fpm
# entrypoint.sh and cron.sh dependencies # entrypoint.sh and cron.sh dependencies
RUN set -ex; \ RUN set -ex; \
@ -13,10 +13,10 @@ RUN set -ex; \
rm -rf /var/lib/apt/lists/*; \ rm -rf /var/lib/apt/lists/*; \
\ \
mkdir -p /var/spool/cron/crontabs; \ mkdir -p /var/spool/cron/crontabs; \
echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data echo '*/15 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
# install the PHP extensions we need # install the PHP extensions we need
# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html # see https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html
RUN set -ex; \ RUN set -ex; \
\ \
savedAptMark="$(apt-mark showmanual)"; \ savedAptMark="$(apt-mark showmanual)"; \
@ -24,51 +24,41 @@ RUN set -ex; \
apt-get update; \ apt-get update; \
apt-get install -y --no-install-recommends \ apt-get install -y --no-install-recommends \
libcurl4-openssl-dev \ libcurl4-openssl-dev \
libevent-dev \
libfreetype6-dev \ libfreetype6-dev \
libicu-dev \ libicu-dev \
libjpeg-dev \ libjpeg-dev \
libldap2-dev \ libldap2-dev \
libmcrypt-dev \ libmcrypt-dev \
libmemcached-dev \ libmemcached-dev \
libpng-dev \ libpng12-dev \
libpq-dev \ libpq-dev \
libxml2-dev \ libxml2-dev \
libmagickwand-dev \
libzip-dev \
libwebp-dev \
libgmp-dev \
; \ ; \
\ \
debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \
if [ ! -e /usr/include/gmp.h ]; then ln -s /usr/include/$debMultiarch/gmp.h /usr/include/gmp.h; fi;\ docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr --with-webp-dir=/usr; \
docker-php-ext-configure gmp --with-gmp="/usr/include/$debMultiarch"; \
docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \ docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \
docker-php-ext-install -j "$(nproc)" \ docker-php-ext-install \
exif \ exif \
gd \ gd \
intl \ intl \
ldap \ ldap \
mcrypt \
opcache \ opcache \
pcntl \ pcntl \
pdo_mysql \ pdo_mysql \
pdo_pgsql \ pdo_pgsql \
zip \ zip \
gmp \
; \ ; \
\ pecl install \
# pecl will claim success even if one install fails, so we need to perform each install separately APCu-5.1.11 \
pecl install APCu-5.1.18; \ memcached-3.0.4 \
pecl install memcached-3.1.5; \ redis-3.1.6 \
pecl install redis-4.3.0; \ ; \
pecl install imagick-3.4.4; \
\
docker-php-ext-enable \ docker-php-ext-enable \
apcu \ apcu \
memcached \ memcached \
redis \ redis \
imagick \
; \ ; \
\ \
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
@ -89,6 +79,7 @@ RUN set -ex; \
# see https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html#enable-php-opcache # see https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
RUN { \ RUN { \
echo 'opcache.enable=1'; \ echo 'opcache.enable=1'; \
echo 'opcache.enable_cli=1'; \
echo 'opcache.interned_strings_buffer=8'; \ echo 'opcache.interned_strings_buffer=8'; \
echo 'opcache.max_accelerated_files=10000'; \ echo 'opcache.max_accelerated_files=10000'; \
echo 'opcache.memory_consumption=128'; \ echo 'opcache.memory_consumption=128'; \
@ -96,48 +87,35 @@ RUN { \
echo 'opcache.revalidate_freq=1'; \ echo 'opcache.revalidate_freq=1'; \
} > /usr/local/etc/php/conf.d/opcache-recommended.ini; \ } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
\ \
echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \ mkdir /data; \
\ chown -R www-data:root /data; \
echo 'memory_limit=512M' > /usr/local/etc/php/conf.d/memory-limit.ini; \
\
mkdir /var/www/data; \
chown -R www-data:root /var/www; \ chown -R www-data:root /var/www; \
chmod -R g=u /var/www chmod -R g=u /var/www
VOLUME /var/www/html VOLUME /var/www/html
ENV NEXTCLOUD_VERSION 13.0.2
ENV NEXTCLOUD_VERSION 17.0.3
RUN set -ex; \ RUN set -ex; \
fetchDeps=" \
gnupg \
dirmngr \
"; \
apt-get update; \
apt-get install -y --no-install-recommends $fetchDeps; \
\
curl -fsSL -o nextcloud.tar.bz2 \ curl -fsSL -o nextcloud.tar.bz2 \
"https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \
curl -fsSL -o nextcloud.tar.bz2.asc \ curl -fsSL -o nextcloud.tar.bz2.asc \
"https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \
export GNUPGHOME="$(mktemp -d)"; \ export GNUPGHOME="$(mktemp -d)"; \
# gpg key from https://nextcloud.com/nextcloud.asc # gpg key from https://nextcloud.com/nextcloud.asc
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc; \
tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
gpgconf --kill all; \ rm nextcloud.tar.bz2; \
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
rm -rf /usr/src/nextcloud/updater; \ rm -rf /usr/src/nextcloud/updater; \
mkdir -p /usr/src/nextcloud/data; \ mkdir -p /usr/src/nextcloud/data; \
mkdir -p /usr/src/nextcloud/custom_apps; \ mkdir -p /usr/src/nextcloud/custom_apps; \
chmod +x /usr/src/nextcloud/occ; \ chmod +x /usr/src/nextcloud/occ
\
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
rm -rf /var/lib/apt/lists/*
COPY *.sh upgrade.exclude / COPY *.sh /
COPY config/* /usr/src/nextcloud/config/ COPY config/* /usr/src/nextcloud/config/
#HEALTHCHECK --interval=1s --timeout=3s --retries=16 \
#CMD test $(ps ax | grep php-fpm | grep -v grep | wc -l) -gt 0 && echo okay
ENTRYPOINT ["/entrypoint.sh"] ENTRYPOINT ["/entrypoint.sh"]
CMD ["php-fpm"] CMD ["php-fpm"]

0
16.0/fpm/config/apcu.config.php → 13.0/fpm/config/apcu.config.php
View File

0
16.0/fpm/config/apps.config.php → 13.0/fpm/config/apps.config.php
View File

Some files were not shown because too many files have changed in this diff Show More