Compare commits
5 Commits
6c1044fef4
...
3086c9db9b
Author | SHA1 | Date | |
---|---|---|---|
3086c9db9b | |||
4ee1cf73f1 | |||
5466e98fb4 | |||
34ff0135d9 | |||
324e6abd46 |
@ -23,9 +23,12 @@ if (getenv('SQLITE_DATABASE')) {
|
||||
}
|
||||
|
||||
if ($autoconfig_enabled) {
|
||||
if (getenv('NEXTCLOUD_TABLE_PREFIX')) {
|
||||
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX');
|
||||
}
|
||||
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX') ?: "";
|
||||
|
||||
$AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
|
||||
|
||||
if (getenv('NEXTCLOUD_ADMIN_USER') && getenv('NEXTCLOUD_ADMIN_PASSWORD')) {
|
||||
$AUTOCONFIG["adminlogin"] = getenv('NEXTCLOUD_ADMIN_USER');
|
||||
$AUTOCONFIG["adminpass"] = getenv('NEXTCLOUD_ADMIN_PASSWORD');
|
||||
}
|
||||
}
|
||||
|
@ -1,17 +0,0 @@
|
||||
<?php
|
||||
if (getenv('REDIS_HOST')) {
|
||||
$CONFIG = array (
|
||||
'memcache.distributed' => '\OC\Memcache\Redis',
|
||||
'memcache.locking' => '\OC\Memcache\Redis',
|
||||
'redis' => array(
|
||||
'host' => getenv('REDIS_HOST'),
|
||||
'password' => getenv('REDIS_HOST_PASSWORD'),
|
||||
),
|
||||
);
|
||||
|
||||
if (getenv('REDIS_HOST_PORT') !== false) {
|
||||
$CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
|
||||
} elseif (getenv('REDIS_HOST')[0] != '/') {
|
||||
$CONFIG['redis']['port'] = 6379;
|
||||
}
|
||||
}
|
@ -1,15 +0,0 @@
|
||||
<?php
|
||||
if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) {
|
||||
$CONFIG = array (
|
||||
'mail_smtpmode' => 'smtp',
|
||||
'mail_smtphost' => getenv('SMTP_HOST'),
|
||||
'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
|
||||
'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
|
||||
'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'),
|
||||
'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
|
||||
'mail_smtpname' => getenv('SMTP_NAME') ?: '',
|
||||
'mail_smtppassword' => getenv('SMTP_PASSWORD') ?: '',
|
||||
'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
|
||||
'mail_domain' => getenv('MAIL_DOMAIN'),
|
||||
);
|
||||
}
|
@ -13,7 +13,7 @@ The Dockerfiles use the default images as base image and build on top of it.
|
||||
|
||||
Example | Description
|
||||
------- | -------
|
||||
[cron](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/cron) | uses supervisor to run the cron job inside the container (so no extra container is needed). This image runs `supervisord` to start nextcloud and cron as two seperate processes inside the container.
|
||||
[cron](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/cron) | uses supervisor to run the cron job inside the container (so no extra container is needed).
|
||||
[imap](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/imap) | adds dependencies required to authenticate users via imap
|
||||
[smb](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/smb) | adds dependencies required to use smb shares
|
||||
[full](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/full) | adds dependencies for ALL optional packages and cron functionality via supervisor (as in the `cron` example Dockerfile).
|
||||
@ -21,46 +21,49 @@ Example | Description
|
||||
### full
|
||||
The `full` Dockerfile example adds dependencies for all optional packages suggested by nextcloud that may be needed for some features (e.g. Video Preview Generation), as stated in the [Administration Manual](https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html).
|
||||
|
||||
NOTE: The Dockerfile does not install the LibreOffice package (line is commented), because it would increase the generated Image size by approximately 500 MB. In order to install it, simply uncomment the appropriate line in the Dockerfile.
|
||||
NOTE: The Dockerfile does not install the LibreOffice package (line is commented), because it would increase the generated Image size by approximately 500 MB. In order to install it, simply uncomment the 13th line of the Dockerfile.</br>
|
||||
|
||||
NOTE: Per default, only previews for BMP, GIF, JPEG, MarkDown, MP3, PNG, TXT, and XBitmap Files are generated. The configuration of the preview generation can be done in config.php, as explained in the [Administration Manual](https://docs.nextcloud.com/server/12/admin_manual/configuration_server/config_sample_php_parameters.html#previews)
|
||||
NOTE: Per default, only previews for BMP, GIF, JPEG, MarkDown, MP3, PNG, TXT, and XBitmap Files are generated. The configuration of the preview generation can be done in config.php, as explained in the [Administration Manual](https://docs.nextcloud.com/server/12/admin_manual/configuration_server/config_sample_php_parameters.html#previews)</br>
|
||||
|
||||
NOTE: Nextcloud recommends [disabling preview generation](https://docs.nextcloud.com/server/12/admin_manual/configuration_server/harden_server.html?highlight=enabledpreviewproviders#disable-preview-image-generation) for high security deployments, as preview generation opens your nextcloud instance to new possible attack vectors.
|
||||
NOTE: Nextcloud recommends [disabling preview generation](https://docs.nextcloud.com/server/12/admin_manual/configuration_server/harden_server.html?highlight=enabledpreviewproviders#disable-preview-image-generation) for high security deployments, as preview generation opens your nextcloud instance to new possible attack vectors.</br>
|
||||
|
||||
The required steps for each optional/recommended package that is not already in the Nextcloud image are listed here, so that the Dockerfile can easily be modified to only install the needed extra packages. Simply remove the steps for the unwanted packages from the Dockerfile.
|
||||
|
||||
#### PHP Module bz2
|
||||
`docker-php-ext-install bz2`
|
||||
`docker-php-ext-install bz2` </br>
|
||||
|
||||
#### PHP Module imagick
|
||||
`apt install libmagickwand-dev` </br>
|
||||
`pecl install imagick` </br>
|
||||
`docker-php-ext-enable imagick` </br>
|
||||
|
||||
#### PHP Module imap
|
||||
`apt install libc-client-dev libkrb5-dev`
|
||||
`docker-php-ext-configure imap --with-kerberos --with-imap-ssl`
|
||||
`docker-php-ext-install imap`
|
||||
`apt install libc-client-dev libkrb5-dev` </br>
|
||||
`docker-php-ext-configure imap --with-kerberos --with-imap-ssl` </br>
|
||||
`docker-php-ext-install imap` </br>
|
||||
|
||||
#### PHP Module gmp
|
||||
`apt install libgmp3-dev`
|
||||
`docker-php-ext-install gmp`
|
||||
`apt install libgmp3-dev` </br>
|
||||
`docker-php-ext-install gmp` </br>
|
||||
|
||||
#### PHP Module smbclient
|
||||
`apt install smbclient libsmbclient-dev`
|
||||
`pecl install smbclient`
|
||||
`docker-php-ext-enable smbclient`
|
||||
`apt install smbclient libsmbclient-dev` </br>
|
||||
`pecl install smbclient` </br>
|
||||
`docker-php-ext-enable smbclient` </br>
|
||||
|
||||
#### ffmpeg
|
||||
`apt install ffmpeg`
|
||||
|
||||
#### imagemagick SVG support
|
||||
`apt install libmagickcore-6.q16-6-extra`
|
||||
`echo "deb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/sources.list` </br>
|
||||
`apt install ffmpeg` </br>
|
||||
|
||||
#### LibreOffice
|
||||
`apt install libreoffice`
|
||||
`apt install LibreOffice` </br>
|
||||
|
||||
#### CRON via supervisor
|
||||
`apt install supervisor`
|
||||
`mkdir /var/log/supervisord /var/run/supervisord`
|
||||
The following Dockerfile commands are also necessary for a sucessfull cron installation:
|
||||
`COPY supervisord.conf /etc/supervisor/supervisord.conf`
|
||||
`CMD ["/usr/bin/supervisord"]`
|
||||
`apt install supervisor` </br>
|
||||
`mkdir /var/log/supervisord /var/run/supervisord` </br>
|
||||
The following Dockerfile commands are also necessary for a sucessfull cron installation: </br>
|
||||
`COPY supervisord.conf /etc/supervisor/supervisord.conf` </br>
|
||||
`CMD ["/usr/bin/supervisord"]` </br>
|
||||
|
||||
|
||||
|
||||
@ -89,12 +92,9 @@ If you want to update your installation to a newer version of nextcloud, repeat
|
||||
|
||||
### with-nginx-proxy
|
||||
The nginx proxy adds a proxy layer between nextcloud and the internet. The proxy is designed to serve multiple sites on the same host machine.
|
||||
|
||||
The advantage in adding this layer is the ability to add a container for [Let's Encrypt](https://letsencrypt.org/) certificate handling.
|
||||
This combination of the [jwilder/nginx-proxy](https://github.com/jwilder/nginx-proxy) and [jrcs/docker-letsencrypt-nginx-proxy-companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion) containers creates a fully automated https encryption of the nextcloud installation without worrying about certificate generation, validation or renewal.
|
||||
|
||||
**This setup only works with a valid domain name on a server that is reachable from the internet.**
|
||||
|
||||
To use this example complete the following steps:
|
||||
|
||||
1. open `docker-compose.yml`
|
||||
|
@ -0,0 +1,3 @@
|
||||
FROM nextcloud:apache
|
||||
|
||||
COPY redis.config.php /usr/src/nextcloud/config/redis.config.php
|
@ -0,0 +1,8 @@
|
||||
<?php
|
||||
$CONFIG = array (
|
||||
'memcache.locking' => '\OC\Memcache\Redis',
|
||||
'redis' => array(
|
||||
'host' => 'redis',
|
||||
'port' => 6379,
|
||||
),
|
||||
);
|
@ -13,11 +13,11 @@ services:
|
||||
- db.env
|
||||
|
||||
redis:
|
||||
image: redis:alpine
|
||||
image: redis
|
||||
restart: always
|
||||
|
||||
app:
|
||||
image: nextcloud:apache
|
||||
build: ./app
|
||||
restart: always
|
||||
ports:
|
||||
- 8080:80
|
||||
@ -25,7 +25,6 @@ services:
|
||||
- nextcloud:/var/www/html
|
||||
environment:
|
||||
- MYSQL_HOST=db
|
||||
- REDIS_HOST=redis
|
||||
env_file:
|
||||
- db.env
|
||||
depends_on:
|
||||
@ -33,7 +32,7 @@ services:
|
||||
- redis
|
||||
|
||||
cron:
|
||||
image: nextcloud:apache
|
||||
build: ./app
|
||||
restart: always
|
||||
volumes:
|
||||
- nextcloud:/var/www/html
|
||||
|
@ -0,0 +1,3 @@
|
||||
FROM nextcloud:fpm
|
||||
|
||||
COPY redis.config.php /usr/src/nextcloud/config/redis.config.php
|
@ -0,0 +1,8 @@
|
||||
<?php
|
||||
$CONFIG = array (
|
||||
'memcache.locking' => '\OC\Memcache\Redis',
|
||||
'redis' => array(
|
||||
'host' => 'redis',
|
||||
'port' => 6379,
|
||||
),
|
||||
);
|
@ -13,17 +13,16 @@ services:
|
||||
- db.env
|
||||
|
||||
redis:
|
||||
image: redis:alpine
|
||||
image: redis
|
||||
restart: always
|
||||
|
||||
app:
|
||||
image: nextcloud:fpm-alpine
|
||||
build: ./app
|
||||
restart: always
|
||||
volumes:
|
||||
- nextcloud:/var/www/html
|
||||
environment:
|
||||
- MYSQL_HOST=db
|
||||
- REDIS_HOST=redis
|
||||
env_file:
|
||||
- db.env
|
||||
depends_on:
|
||||
@ -41,7 +40,7 @@ services:
|
||||
- app
|
||||
|
||||
cron:
|
||||
image: nextcloud:fpm-alpine
|
||||
build: ./app
|
||||
restart: always
|
||||
volumes:
|
||||
- nextcloud:/var/www/html
|
||||
|
@ -1,3 +1,3 @@
|
||||
FROM nginx:alpine
|
||||
FROM nginx
|
||||
|
||||
COPY nginx.conf /etc/nginx/nginx.conf
|
||||
|
@ -1,4 +1,5 @@
|
||||
worker_processes auto;
|
||||
user www-data;
|
||||
worker_processes 1;
|
||||
|
||||
error_log /var/log/nginx/error.log warn;
|
||||
pid /var/run/nginx.pid;
|
||||
@ -36,25 +37,20 @@ http {
|
||||
# Add headers to serve security related headers
|
||||
# Before enabling Strict-Transport-Security headers please read into this
|
||||
# topic first.
|
||||
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
|
||||
# add_header Strict-Transport-Security "max-age=15768000;
|
||||
# includeSubDomains; preload;";
|
||||
#
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Download-Options "noopen" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "none" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
|
||||
# Remove X-Powered-By, which is an information leak
|
||||
fastcgi_hide_header X-Powered-By;
|
||||
|
||||
# Path to the root of your installation
|
||||
root /var/www/html;
|
||||
|
||||
location = /robots.txt {
|
||||
@ -66,18 +62,14 @@ http {
|
||||
# The following 2 rules are only needed for the user_webfinger app.
|
||||
# Uncomment it if you're planning to use this app.
|
||||
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
|
||||
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
|
||||
|
||||
# The following rule is only needed for the Social app.
|
||||
# Uncomment it if you're planning to use this app.
|
||||
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
|
||||
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
|
||||
# last;
|
||||
|
||||
location = /.well-known/carddav {
|
||||
return 301 $scheme://$host:$server_port/remote.php/dav;
|
||||
return 301 $scheme://$host/remote.php/dav;
|
||||
}
|
||||
|
||||
location = /.well-known/caldav {
|
||||
return 301 $scheme://$host:$server_port/remote.php/dav;
|
||||
return 301 $scheme://$host/remote.php/dav;
|
||||
}
|
||||
|
||||
# set max upload size
|
||||
@ -97,72 +89,66 @@ http {
|
||||
#pagespeed off;
|
||||
|
||||
location / {
|
||||
rewrite ^ /index.php;
|
||||
rewrite ^ /index.php$uri;
|
||||
}
|
||||
|
||||
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
|
||||
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
|
||||
deny all;
|
||||
}
|
||||
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
|
||||
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
|
||||
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
|
||||
set $path_info $fastcgi_path_info;
|
||||
try_files $fastcgi_script_name =404;
|
||||
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
|
||||
fastcgi_split_path_info ^(.+\.php)(/.*)$;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $path_info;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
# fastcgi_param HTTPS on;
|
||||
|
||||
#Avoid sending the security headers twice
|
||||
fastcgi_param modHeadersAvailable true;
|
||||
|
||||
# Enable pretty urls
|
||||
fastcgi_param front_controller_active true;
|
||||
fastcgi_pass php-handler;
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_request_buffering off;
|
||||
}
|
||||
|
||||
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
|
||||
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
|
||||
try_files $uri/ =404;
|
||||
index index.php;
|
||||
}
|
||||
|
||||
# Adding the cache control header for js, css and map files
|
||||
# Adding the cache control header for js and css files
|
||||
# Make sure it is BELOW the PHP block
|
||||
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
location ~ \.(?:css|js|woff|svg|gif)$ {
|
||||
try_files $uri /index.php$uri$is_args$args;
|
||||
add_header Cache-Control "public, max-age=15778463";
|
||||
# Add headers to serve security related headers (It is intended to
|
||||
# have those duplicated to the ones above)
|
||||
# Before enabling Strict-Transport-Security headers please read into
|
||||
# this topic first.
|
||||
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
|
||||
# add_header Strict-Transport-Security "max-age=15768000;
|
||||
# includeSubDomains; preload;";
|
||||
#
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Download-Options "noopen" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "none" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
# Optional: Don't log access to assets
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
|
||||
try_files $uri /index.php$uri$is_args$args;
|
||||
# Optional: Don't log access to other assets
|
||||
access_log off;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -13,7 +13,7 @@ services:
|
||||
- db.env
|
||||
|
||||
app:
|
||||
image: nextcloud:fpm-alpine
|
||||
image: nextcloud:fpm
|
||||
restart: always
|
||||
volumes:
|
||||
- nextcloud:/var/www/html
|
||||
|
@ -1,3 +1,3 @@
|
||||
FROM nginx:alpine
|
||||
FROM nginx
|
||||
|
||||
COPY nginx.conf /etc/nginx/nginx.conf
|
||||
|
@ -1,4 +1,5 @@
|
||||
worker_processes auto;
|
||||
user www-data;
|
||||
worker_processes 1;
|
||||
|
||||
error_log /var/log/nginx/error.log warn;
|
||||
pid /var/run/nginx.pid;
|
||||
@ -36,25 +37,20 @@ http {
|
||||
# Add headers to serve security related headers
|
||||
# Before enabling Strict-Transport-Security headers please read into this
|
||||
# topic first.
|
||||
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
|
||||
# add_header Strict-Transport-Security "max-age=15768000;
|
||||
# includeSubDomains; preload;";
|
||||
#
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Download-Options "noopen" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "none" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
|
||||
# Remove X-Powered-By, which is an information leak
|
||||
fastcgi_hide_header X-Powered-By;
|
||||
|
||||
# Path to the root of your installation
|
||||
root /var/www/html;
|
||||
|
||||
location = /robots.txt {
|
||||
@ -66,18 +62,14 @@ http {
|
||||
# The following 2 rules are only needed for the user_webfinger app.
|
||||
# Uncomment it if you're planning to use this app.
|
||||
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
|
||||
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
|
||||
|
||||
# The following rule is only needed for the Social app.
|
||||
# Uncomment it if you're planning to use this app.
|
||||
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
|
||||
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
|
||||
# last;
|
||||
|
||||
location = /.well-known/carddav {
|
||||
return 301 $scheme://$host:$server_port/remote.php/dav;
|
||||
return 301 $scheme://$host/remote.php/dav;
|
||||
}
|
||||
|
||||
location = /.well-known/caldav {
|
||||
return 301 $scheme://$host:$server_port/remote.php/dav;
|
||||
return 301 $scheme://$host/remote.php/dav;
|
||||
}
|
||||
|
||||
# set max upload size
|
||||
@ -97,72 +89,66 @@ http {
|
||||
#pagespeed off;
|
||||
|
||||
location / {
|
||||
rewrite ^ /index.php;
|
||||
rewrite ^ /index.php$uri;
|
||||
}
|
||||
|
||||
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
|
||||
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
|
||||
deny all;
|
||||
}
|
||||
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
|
||||
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
|
||||
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
|
||||
set $path_info $fastcgi_path_info;
|
||||
try_files $fastcgi_script_name =404;
|
||||
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
|
||||
fastcgi_split_path_info ^(.+\.php)(/.*)$;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $path_info;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
# fastcgi_param HTTPS on;
|
||||
|
||||
#Avoid sending the security headers twice
|
||||
fastcgi_param modHeadersAvailable true;
|
||||
|
||||
# Enable pretty urls
|
||||
fastcgi_param front_controller_active true;
|
||||
fastcgi_pass php-handler;
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_request_buffering off;
|
||||
}
|
||||
|
||||
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
|
||||
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
|
||||
try_files $uri/ =404;
|
||||
index index.php;
|
||||
}
|
||||
|
||||
# Adding the cache control header for js, css and map files
|
||||
# Adding the cache control header for js and css files
|
||||
# Make sure it is BELOW the PHP block
|
||||
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
location ~ \.(?:css|js|woff|svg|gif)$ {
|
||||
try_files $uri /index.php$uri$is_args$args;
|
||||
add_header Cache-Control "public, max-age=15778463";
|
||||
# Add headers to serve security related headers (It is intended to
|
||||
# have those duplicated to the ones above)
|
||||
# Before enabling Strict-Transport-Security headers please read into
|
||||
# this topic first.
|
||||
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
|
||||
# add_header Strict-Transport-Security "max-age=15768000;
|
||||
# includeSubDomains; preload;";
|
||||
#
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Download-Options "noopen" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "none" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
# Optional: Don't log access to assets
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
|
||||
try_files $uri /index.php$uri$is_args$args;
|
||||
# Optional: Don't log access to other assets
|
||||
access_log off;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -2,7 +2,7 @@ version: '3'
|
||||
|
||||
services:
|
||||
db:
|
||||
image: postgres:alpine
|
||||
image: postgres
|
||||
restart: always
|
||||
volumes:
|
||||
- db:/var/lib/postgresql/data
|
||||
|
@ -2,7 +2,7 @@ version: '3'
|
||||
|
||||
services:
|
||||
db:
|
||||
image: postgres:alpine
|
||||
image: postgres
|
||||
restart: always
|
||||
volumes:
|
||||
- db:/var/lib/postgresql/data
|
||||
@ -10,7 +10,7 @@ services:
|
||||
- db.env
|
||||
|
||||
app:
|
||||
image: nextcloud:fpm-alpine
|
||||
image: nextcloud:fpm
|
||||
restart: always
|
||||
volumes:
|
||||
- nextcloud:/var/www/html
|
||||
|
@ -1,3 +1,3 @@
|
||||
FROM nginx:alpine
|
||||
FROM nginx
|
||||
|
||||
COPY nginx.conf /etc/nginx/nginx.conf
|
||||
|
@ -1,4 +1,5 @@
|
||||
worker_processes auto;
|
||||
user www-data;
|
||||
worker_processes 1;
|
||||
|
||||
error_log /var/log/nginx/error.log warn;
|
||||
pid /var/run/nginx.pid;
|
||||
@ -36,25 +37,20 @@ http {
|
||||
# Add headers to serve security related headers
|
||||
# Before enabling Strict-Transport-Security headers please read into this
|
||||
# topic first.
|
||||
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
|
||||
# add_header Strict-Transport-Security "max-age=15768000;
|
||||
# includeSubDomains; preload;";
|
||||
#
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Download-Options "noopen" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "none" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
|
||||
# Remove X-Powered-By, which is an information leak
|
||||
fastcgi_hide_header X-Powered-By;
|
||||
|
||||
# Path to the root of your installation
|
||||
root /var/www/html;
|
||||
|
||||
location = /robots.txt {
|
||||
@ -66,18 +62,14 @@ http {
|
||||
# The following 2 rules are only needed for the user_webfinger app.
|
||||
# Uncomment it if you're planning to use this app.
|
||||
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
|
||||
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
|
||||
|
||||
# The following rule is only needed for the Social app.
|
||||
# Uncomment it if you're planning to use this app.
|
||||
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
|
||||
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
|
||||
# last;
|
||||
|
||||
location = /.well-known/carddav {
|
||||
return 301 $scheme://$host:$server_port/remote.php/dav;
|
||||
return 301 $scheme://$host/remote.php/dav;
|
||||
}
|
||||
|
||||
location = /.well-known/caldav {
|
||||
return 301 $scheme://$host:$server_port/remote.php/dav;
|
||||
return 301 $scheme://$host/remote.php/dav;
|
||||
}
|
||||
|
||||
# set max upload size
|
||||
@ -97,72 +89,66 @@ http {
|
||||
#pagespeed off;
|
||||
|
||||
location / {
|
||||
rewrite ^ /index.php;
|
||||
rewrite ^ /index.php$uri;
|
||||
}
|
||||
|
||||
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
|
||||
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
|
||||
deny all;
|
||||
}
|
||||
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
|
||||
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
|
||||
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
|
||||
set $path_info $fastcgi_path_info;
|
||||
try_files $fastcgi_script_name =404;
|
||||
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
|
||||
fastcgi_split_path_info ^(.+\.php)(/.*)$;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $path_info;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
# fastcgi_param HTTPS on;
|
||||
|
||||
#Avoid sending the security headers twice
|
||||
fastcgi_param modHeadersAvailable true;
|
||||
|
||||
# Enable pretty urls
|
||||
fastcgi_param front_controller_active true;
|
||||
fastcgi_pass php-handler;
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_request_buffering off;
|
||||
}
|
||||
|
||||
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
|
||||
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
|
||||
try_files $uri/ =404;
|
||||
index index.php;
|
||||
}
|
||||
|
||||
# Adding the cache control header for js, css and map files
|
||||
# Adding the cache control header for js and css files
|
||||
# Make sure it is BELOW the PHP block
|
||||
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
location ~ \.(?:css|js|woff|svg|gif)$ {
|
||||
try_files $uri /index.php$uri$is_args$args;
|
||||
add_header Cache-Control "public, max-age=15778463";
|
||||
# Add headers to serve security related headers (It is intended to
|
||||
# have those duplicated to the ones above)
|
||||
# Before enabling Strict-Transport-Security headers please read into
|
||||
# this topic first.
|
||||
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
|
||||
# add_header Strict-Transport-Security "max-age=15768000;
|
||||
# includeSubDomains; preload;";
|
||||
#
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Download-Options "noopen" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "none" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
# Optional: Don't log access to assets
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
|
||||
try_files $uri /index.php$uri$is_args$args;
|
||||
# Optional: Don't log access to other assets
|
||||
access_log off;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -1,3 +0,0 @@
|
||||
MYSQL_PASSWORD=
|
||||
MYSQL_DATABASE=nextcloud
|
||||
MYSQL_USER=nextcloud
|
@ -1,78 +0,0 @@
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
db:
|
||||
image: mariadb
|
||||
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
|
||||
restart: always
|
||||
volumes:
|
||||
- db:/var/lib/mysql
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD=
|
||||
env_file:
|
||||
- db.env
|
||||
|
||||
app:
|
||||
image: nextcloud:fpm-alpine
|
||||
restart: always
|
||||
volumes:
|
||||
- nextcloud:/var/www/html
|
||||
environment:
|
||||
- MYSQL_HOST=db
|
||||
env_file:
|
||||
- db.env
|
||||
depends_on:
|
||||
- db
|
||||
|
||||
web:
|
||||
build: ./web
|
||||
restart: always
|
||||
volumes:
|
||||
- nextcloud:/var/www/html:ro
|
||||
environment:
|
||||
- VIRTUAL_HOST=
|
||||
depends_on:
|
||||
- app
|
||||
networks:
|
||||
- proxy-tier
|
||||
- default
|
||||
|
||||
proxy:
|
||||
build: ./proxy
|
||||
restart: always
|
||||
ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
volumes:
|
||||
- certs:/etc/nginx/certs:ro
|
||||
- vhost.d:/etc/nginx/vhost.d
|
||||
- html:/usr/share/nginx/html
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
networks:
|
||||
- proxy-tier
|
||||
depends_on:
|
||||
- omgwtfssl
|
||||
|
||||
omgwtfssl:
|
||||
image: paulczar/omgwtfssl
|
||||
restart: "no"
|
||||
volumes:
|
||||
- certs:/certs
|
||||
environment:
|
||||
- SSL_SUBJECT=servhostname.local
|
||||
- CA_SUBJECT=my@example.com
|
||||
- SSL_KEY=/certs/servhostname.local.key
|
||||
- SSL_CSR=/certs/servhostname.local.csr
|
||||
- SSL_CERT=/certs/servhostname.local.crt
|
||||
networks:
|
||||
- proxy-tier
|
||||
|
||||
volumes:
|
||||
db:
|
||||
nextcloud:
|
||||
certs:
|
||||
vhost.d:
|
||||
html:
|
||||
|
||||
networks:
|
||||
proxy-tier:
|
@ -1,3 +0,0 @@
|
||||
FROM jwilder/nginx-proxy:alpine
|
||||
|
||||
COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf
|
@ -1,2 +0,0 @@
|
||||
client_max_body_size 10G;
|
||||
proxy_request_buffering off;
|
@ -1,3 +0,0 @@
|
||||
FROM nginx:alpine
|
||||
|
||||
COPY nginx.conf /etc/nginx/nginx.conf
|
@ -1,173 +0,0 @@
|
||||
worker_processes auto;
|
||||
|
||||
error_log /var/log/nginx/error.log warn;
|
||||
pid /var/run/nginx.pid;
|
||||
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
|
||||
http {
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
|
||||
access_log /var/log/nginx/access.log main;
|
||||
|
||||
sendfile on;
|
||||
#tcp_nopush on;
|
||||
|
||||
keepalive_timeout 65;
|
||||
|
||||
set_real_ip_from 10.0.0.0/8;
|
||||
set_real_ip_from 172.16.0.0/12;
|
||||
set_real_ip_from 192.168.0.0/16;
|
||||
real_ip_header X-Real-IP;
|
||||
|
||||
#gzip on;
|
||||
|
||||
upstream php-handler {
|
||||
server app:9000;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
|
||||
# Add headers to serve security related headers
|
||||
# Before enabling Strict-Transport-Security headers please read into this
|
||||
# topic first.
|
||||
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
|
||||
#
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Download-Options "noopen" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "none" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
|
||||
# Remove X-Powered-By, which is an information leak
|
||||
fastcgi_hide_header X-Powered-By;
|
||||
|
||||
# Path to the root of your installation
|
||||
root /var/www/html;
|
||||
|
||||
location = /robots.txt {
|
||||
allow all;
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# The following 2 rules are only needed for the user_webfinger app.
|
||||
# Uncomment it if you're planning to use this app.
|
||||
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
|
||||
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
|
||||
|
||||
# The following rule is only needed for the Social app.
|
||||
# Uncomment it if you're planning to use this app.
|
||||
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
|
||||
|
||||
location = /.well-known/carddav {
|
||||
return 301 $scheme://$host:$server_port/remote.php/dav;
|
||||
}
|
||||
|
||||
location = /.well-known/caldav {
|
||||
return 301 $scheme://$host:$server_port/remote.php/dav;
|
||||
}
|
||||
|
||||
# set max upload size
|
||||
client_max_body_size 10G;
|
||||
fastcgi_buffers 64 4K;
|
||||
|
||||
# Enable gzip but do not remove ETag headers
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_comp_level 4;
|
||||
gzip_min_length 256;
|
||||
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
||||
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
||||
|
||||
# Uncomment if your server is build with the ngx_pagespeed module
|
||||
# This module is currently not supported.
|
||||
#pagespeed off;
|
||||
|
||||
location / {
|
||||
rewrite ^ /index.php;
|
||||
}
|
||||
|
||||
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
|
||||
deny all;
|
||||
}
|
||||
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
|
||||
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
|
||||
set $path_info $fastcgi_path_info;
|
||||
try_files $fastcgi_script_name =404;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $path_info;
|
||||
# fastcgi_param HTTPS on;
|
||||
|
||||
# Avoid sending the security headers twice
|
||||
fastcgi_param modHeadersAvailable true;
|
||||
|
||||
# Enable pretty urls
|
||||
fastcgi_param front_controller_active true;
|
||||
fastcgi_pass php-handler;
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_request_buffering off;
|
||||
}
|
||||
|
||||
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
|
||||
try_files $uri/ =404;
|
||||
index index.php;
|
||||
}
|
||||
|
||||
# Adding the cache control header for js, css and map files
|
||||
# Make sure it is BELOW the PHP block
|
||||
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
add_header Cache-Control "public, max-age=15778463";
|
||||
# Add headers to serve security related headers (It is intended to
|
||||
# have those duplicated to the ones above)
|
||||
# Before enabling Strict-Transport-Security headers please read into
|
||||
# this topic first.
|
||||
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
|
||||
#
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Download-Options "noopen" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "none" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
|
||||
# Optional: Don't log access to assets
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
# Optional: Don't log access to other assets
|
||||
access_log off;
|
||||
}
|
||||
}
|
||||
}
|
@ -0,0 +1,3 @@
|
||||
FROM nextcloud:apache
|
||||
|
||||
COPY redis.config.php /usr/src/nextcloud/config/redis.config.php
|
@ -0,0 +1,8 @@
|
||||
<?php
|
||||
$CONFIG = array (
|
||||
'memcache.locking' => '\OC\Memcache\Redis',
|
||||
'redis' => array(
|
||||
'host' => 'redis',
|
||||
'port' => 6379,
|
||||
),
|
||||
);
|
@ -13,11 +13,11 @@ services:
|
||||
- db.env
|
||||
|
||||
redis:
|
||||
image: redis:alpine
|
||||
image: redis
|
||||
restart: always
|
||||
|
||||
app:
|
||||
image: nextcloud:apache
|
||||
build: ./app
|
||||
restart: always
|
||||
volumes:
|
||||
- nextcloud:/var/www/html
|
||||
@ -26,7 +26,6 @@ services:
|
||||
- LETSENCRYPT_HOST=
|
||||
- LETSENCRYPT_EMAIL=
|
||||
- MYSQL_HOST=db
|
||||
- REDIS_HOST=redis
|
||||
env_file:
|
||||
- db.env
|
||||
depends_on:
|
||||
@ -37,7 +36,7 @@ services:
|
||||
- default
|
||||
|
||||
cron:
|
||||
image: nextcloud:apache
|
||||
build: ./app
|
||||
restart: always
|
||||
volumes:
|
||||
- nextcloud:/var/www/html
|
||||
|
@ -1,2 +1 @@
|
||||
client_max_body_size 10G;
|
||||
proxy_request_buffering off;
|
||||
|
@ -0,0 +1,3 @@
|
||||
FROM nextcloud:fpm
|
||||
|
||||
COPY redis.config.php /usr/src/nextcloud/config/redis.config.php
|
@ -0,0 +1,8 @@
|
||||
<?php
|
||||
$CONFIG = array (
|
||||
'memcache.locking' => '\OC\Memcache\Redis',
|
||||
'redis' => array(
|
||||
'host' => 'redis',
|
||||
'port' => 6379,
|
||||
),
|
||||
);
|
@ -13,17 +13,16 @@ services:
|
||||
- db.env
|
||||
|
||||
redis:
|
||||
image: redis:alpine
|
||||
image: redis
|
||||
restart: always
|
||||
|
||||
app:
|
||||
image: nextcloud:fpm-alpine
|
||||
build: ./app
|
||||
restart: always
|
||||
volumes:
|
||||
- nextcloud:/var/www/html
|
||||
environment:
|
||||
- MYSQL_HOST=db
|
||||
- REDIS_HOST=redis
|
||||
env_file:
|
||||
- db.env
|
||||
depends_on:
|
||||
@ -46,7 +45,7 @@ services:
|
||||
- default
|
||||
|
||||
cron:
|
||||
image: nextcloud:fpm-alpine
|
||||
build: ./app
|
||||
restart: always
|
||||
volumes:
|
||||
- nextcloud:/var/www/html
|
||||
|
@ -1,2 +1 @@
|
||||
client_max_body_size 10G;
|
||||
proxy_request_buffering off;
|
||||
|
@ -1,3 +1,3 @@
|
||||
FROM nginx:alpine
|
||||
FROM nginx
|
||||
|
||||
COPY nginx.conf /etc/nginx/nginx.conf
|
||||
|
@ -1,4 +1,5 @@
|
||||
worker_processes auto;
|
||||
user www-data;
|
||||
worker_processes 1;
|
||||
|
||||
error_log /var/log/nginx/error.log warn;
|
||||
pid /var/run/nginx.pid;
|
||||
@ -41,25 +42,20 @@ http {
|
||||
# Add headers to serve security related headers
|
||||
# Before enabling Strict-Transport-Security headers please read into this
|
||||
# topic first.
|
||||
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
|
||||
# add_header Strict-Transport-Security "max-age=15768000;
|
||||
# includeSubDomains; preload;";
|
||||
#
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Download-Options "noopen" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "none" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
|
||||
# Remove X-Powered-By, which is an information leak
|
||||
fastcgi_hide_header X-Powered-By;
|
||||
|
||||
# Path to the root of your installation
|
||||
root /var/www/html;
|
||||
|
||||
location = /robots.txt {
|
||||
@ -71,18 +67,14 @@ http {
|
||||
# The following 2 rules are only needed for the user_webfinger app.
|
||||
# Uncomment it if you're planning to use this app.
|
||||
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
|
||||
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
|
||||
|
||||
# The following rule is only needed for the Social app.
|
||||
# Uncomment it if you're planning to use this app.
|
||||
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
|
||||
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
|
||||
# last;
|
||||
|
||||
location = /.well-known/carddav {
|
||||
return 301 $scheme://$host:$server_port/remote.php/dav;
|
||||
return 301 $scheme://$host/remote.php/dav;
|
||||
}
|
||||
|
||||
location = /.well-known/caldav {
|
||||
return 301 $scheme://$host:$server_port/remote.php/dav;
|
||||
return 301 $scheme://$host/remote.php/dav;
|
||||
}
|
||||
|
||||
# set max upload size
|
||||
@ -102,72 +94,66 @@ http {
|
||||
#pagespeed off;
|
||||
|
||||
location / {
|
||||
rewrite ^ /index.php;
|
||||
rewrite ^ /index.php$uri;
|
||||
}
|
||||
|
||||
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
|
||||
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
|
||||
deny all;
|
||||
}
|
||||
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
|
||||
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
|
||||
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
|
||||
set $path_info $fastcgi_path_info;
|
||||
try_files $fastcgi_script_name =404;
|
||||
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
|
||||
fastcgi_split_path_info ^(.+\.php)(/.*)$;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $path_info;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
# fastcgi_param HTTPS on;
|
||||
|
||||
#Avoid sending the security headers twice
|
||||
fastcgi_param modHeadersAvailable true;
|
||||
|
||||
# Enable pretty urls
|
||||
fastcgi_param front_controller_active true;
|
||||
fastcgi_pass php-handler;
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_request_buffering off;
|
||||
}
|
||||
|
||||
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
|
||||
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
|
||||
try_files $uri/ =404;
|
||||
index index.php;
|
||||
}
|
||||
|
||||
# Adding the cache control header for js, css and map files
|
||||
# Adding the cache control header for js and css files
|
||||
# Make sure it is BELOW the PHP block
|
||||
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
location ~ \.(?:css|js|woff|svg|gif)$ {
|
||||
try_files $uri /index.php$uri$is_args$args;
|
||||
add_header Cache-Control "public, max-age=15778463";
|
||||
# Add headers to serve security related headers (It is intended to
|
||||
# have those duplicated to the ones above)
|
||||
# Before enabling Strict-Transport-Security headers please read into
|
||||
# this topic first.
|
||||
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
|
||||
# add_header Strict-Transport-Security "max-age=15768000;
|
||||
# includeSubDomains; preload;";
|
||||
#
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Download-Options "noopen" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "none" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
# Optional: Don't log access to assets
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
|
||||
try_files $uri /index.php$uri$is_args$args;
|
||||
# Optional: Don't log access to other assets
|
||||
access_log off;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -1,2 +1 @@
|
||||
client_max_body_size 10G;
|
||||
proxy_request_buffering off;
|
||||
|
@ -13,7 +13,7 @@ services:
|
||||
- db.env
|
||||
|
||||
app:
|
||||
image: nextcloud:fpm-alpine
|
||||
image: nextcloud:fpm
|
||||
restart: always
|
||||
volumes:
|
||||
- nextcloud:/var/www/html
|
||||
|
@ -1,2 +1 @@
|
||||
client_max_body_size 10G;
|
||||
proxy_request_buffering off;
|
||||
|
@ -1,3 +1,3 @@
|
||||
FROM nginx:alpine
|
||||
FROM nginx
|
||||
|
||||
COPY nginx.conf /etc/nginx/nginx.conf
|
||||
|
@ -1,4 +1,5 @@
|
||||
worker_processes auto;
|
||||
user www-data;
|
||||
worker_processes 1;
|
||||
|
||||
error_log /var/log/nginx/error.log warn;
|
||||
pid /var/run/nginx.pid;
|
||||
@ -41,25 +42,20 @@ http {
|
||||
# Add headers to serve security related headers
|
||||
# Before enabling Strict-Transport-Security headers please read into this
|
||||
# topic first.
|
||||
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
|
||||
# add_header Strict-Transport-Security "max-age=15768000;
|
||||
# includeSubDomains; preload;";
|
||||
#
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Download-Options "noopen" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "none" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
|
||||
# Remove X-Powered-By, which is an information leak
|
||||
fastcgi_hide_header X-Powered-By;
|
||||
|
||||
# Path to the root of your installation
|
||||
root /var/www/html;
|
||||
|
||||
location = /robots.txt {
|
||||
@ -71,18 +67,14 @@ http {
|
||||
# The following 2 rules are only needed for the user_webfinger app.
|
||||
# Uncomment it if you're planning to use this app.
|
||||
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
|
||||
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
|
||||
|
||||
# The following rule is only needed for the Social app.
|
||||
# Uncomment it if you're planning to use this app.
|
||||
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
|
||||
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
|
||||
# last;
|
||||
|
||||
location = /.well-known/carddav {
|
||||
return 301 $scheme://$host:$server_port/remote.php/dav;
|
||||
return 301 $scheme://$host/remote.php/dav;
|
||||
}
|
||||
|
||||
location = /.well-known/caldav {
|
||||
return 301 $scheme://$host:$server_port/remote.php/dav;
|
||||
return 301 $scheme://$host/remote.php/dav;
|
||||
}
|
||||
|
||||
# set max upload size
|
||||
@ -102,72 +94,66 @@ http {
|
||||
#pagespeed off;
|
||||
|
||||
location / {
|
||||
rewrite ^ /index.php;
|
||||
rewrite ^ /index.php$uri;
|
||||
}
|
||||
|
||||
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
|
||||
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
|
||||
deny all;
|
||||
}
|
||||
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
|
||||
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
|
||||
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
|
||||
set $path_info $fastcgi_path_info;
|
||||
try_files $fastcgi_script_name =404;
|
||||
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
|
||||
fastcgi_split_path_info ^(.+\.php)(/.*)$;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $path_info;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
# fastcgi_param HTTPS on;
|
||||
|
||||
#Avoid sending the security headers twice
|
||||
fastcgi_param modHeadersAvailable true;
|
||||
|
||||
# Enable pretty urls
|
||||
fastcgi_param front_controller_active true;
|
||||
fastcgi_pass php-handler;
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_request_buffering off;
|
||||
}
|
||||
|
||||
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
|
||||
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
|
||||
try_files $uri/ =404;
|
||||
index index.php;
|
||||
}
|
||||
|
||||
# Adding the cache control header for js, css and map files
|
||||
# Adding the cache control header for js and css files
|
||||
# Make sure it is BELOW the PHP block
|
||||
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
location ~ \.(?:css|js|woff|svg|gif)$ {
|
||||
try_files $uri /index.php$uri$is_args$args;
|
||||
add_header Cache-Control "public, max-age=15778463";
|
||||
# Add headers to serve security related headers (It is intended to
|
||||
# have those duplicated to the ones above)
|
||||
# Before enabling Strict-Transport-Security headers please read into
|
||||
# this topic first.
|
||||
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
|
||||
# add_header Strict-Transport-Security "max-age=15768000;
|
||||
# includeSubDomains; preload;";
|
||||
#
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Download-Options "noopen" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "none" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
# Optional: Don't log access to assets
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
|
||||
try_files $uri /index.php$uri$is_args$args;
|
||||
# Optional: Don't log access to other assets
|
||||
access_log off;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -2,7 +2,7 @@ version: '3'
|
||||
|
||||
services:
|
||||
db:
|
||||
image: postgres:alpine
|
||||
image: postgres
|
||||
restart: always
|
||||
volumes:
|
||||
- db:/var/lib/postgresql/data
|
||||
|
@ -1,2 +1 @@
|
||||
client_max_body_size 10G;
|
||||
proxy_request_buffering off;
|
||||
|
@ -2,7 +2,7 @@ version: '3'
|
||||
|
||||
services:
|
||||
db:
|
||||
image: postgres:alpine
|
||||
image: postgres
|
||||
restart: always
|
||||
volumes:
|
||||
- db:/var/lib/postgresql/data
|
||||
@ -10,7 +10,7 @@ services:
|
||||
- db.env
|
||||
|
||||
app:
|
||||
image: nextcloud:fpm-alpine
|
||||
image: nextcloud:fpm
|
||||
restart: always
|
||||
volumes:
|
||||
- nextcloud:/var/www/html
|
||||
|
@ -1,2 +1 @@
|
||||
client_max_body_size 10G;
|
||||
proxy_request_buffering off;
|
||||
|
@ -1,3 +1,3 @@
|
||||
FROM nginx:alpine
|
||||
FROM nginx
|
||||
|
||||
COPY nginx.conf /etc/nginx/nginx.conf
|
||||
|
@ -1,4 +1,5 @@
|
||||
worker_processes auto;
|
||||
user www-data;
|
||||
worker_processes 1;
|
||||
|
||||
error_log /var/log/nginx/error.log warn;
|
||||
pid /var/run/nginx.pid;
|
||||
@ -41,25 +42,20 @@ http {
|
||||
# Add headers to serve security related headers
|
||||
# Before enabling Strict-Transport-Security headers please read into this
|
||||
# topic first.
|
||||
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
|
||||
# add_header Strict-Transport-Security "max-age=15768000;
|
||||
# includeSubDomains; preload;";
|
||||
#
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Download-Options "noopen" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "none" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
|
||||
# Remove X-Powered-By, which is an information leak
|
||||
fastcgi_hide_header X-Powered-By;
|
||||
|
||||
# Path to the root of your installation
|
||||
root /var/www/html;
|
||||
|
||||
location = /robots.txt {
|
||||
@ -71,18 +67,14 @@ http {
|
||||
# The following 2 rules are only needed for the user_webfinger app.
|
||||
# Uncomment it if you're planning to use this app.
|
||||
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
|
||||
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
|
||||
|
||||
# The following rule is only needed for the Social app.
|
||||
# Uncomment it if you're planning to use this app.
|
||||
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
|
||||
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
|
||||
# last;
|
||||
|
||||
location = /.well-known/carddav {
|
||||
return 301 $scheme://$host:$server_port/remote.php/dav;
|
||||
return 301 $scheme://$host/remote.php/dav;
|
||||
}
|
||||
|
||||
location = /.well-known/caldav {
|
||||
return 301 $scheme://$host:$server_port/remote.php/dav;
|
||||
return 301 $scheme://$host/remote.php/dav;
|
||||
}
|
||||
|
||||
# set max upload size
|
||||
@ -102,72 +94,66 @@ http {
|
||||
#pagespeed off;
|
||||
|
||||
location / {
|
||||
rewrite ^ /index.php;
|
||||
rewrite ^ /index.php$uri;
|
||||
}
|
||||
|
||||
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
|
||||
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
|
||||
deny all;
|
||||
}
|
||||
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
|
||||
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
|
||||
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
|
||||
set $path_info $fastcgi_path_info;
|
||||
try_files $fastcgi_script_name =404;
|
||||
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
|
||||
fastcgi_split_path_info ^(.+\.php)(/.*)$;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $path_info;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
# fastcgi_param HTTPS on;
|
||||
|
||||
#Avoid sending the security headers twice
|
||||
fastcgi_param modHeadersAvailable true;
|
||||
|
||||
# Enable pretty urls
|
||||
fastcgi_param front_controller_active true;
|
||||
fastcgi_pass php-handler;
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_request_buffering off;
|
||||
}
|
||||
|
||||
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
|
||||
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
|
||||
try_files $uri/ =404;
|
||||
index index.php;
|
||||
}
|
||||
|
||||
# Adding the cache control header for js, css and map files
|
||||
# Adding the cache control header for js and css files
|
||||
# Make sure it is BELOW the PHP block
|
||||
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
location ~ \.(?:css|js|woff|svg|gif)$ {
|
||||
try_files $uri /index.php$uri$is_args$args;
|
||||
add_header Cache-Control "public, max-age=15778463";
|
||||
# Add headers to serve security related headers (It is intended to
|
||||
# have those duplicated to the ones above)
|
||||
# Before enabling Strict-Transport-Security headers please read into
|
||||
# this topic first.
|
||||
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
|
||||
# add_header Strict-Transport-Security "max-age=15768000;
|
||||
# includeSubDomains; preload;";
|
||||
#
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Download-Options "noopen" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "none" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
# Optional: Don't log access to assets
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
|
||||
try_files $uri /index.php$uri$is_args$args;
|
||||
# Optional: Don't log access to other assets
|
||||
access_log off;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -5,8 +5,6 @@ RUN apt-get update && apt-get install -y \
|
||||
&& rm -rf /var/lib/apt/lists/* \
|
||||
&& mkdir /var/log/supervisord /var/run/supervisord
|
||||
|
||||
COPY supervisord.conf /
|
||||
COPY supervisord.conf /etc/supervisor/supervisord.conf
|
||||
|
||||
ENV NEXTCLOUD_UPDATE=1
|
||||
|
||||
CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
|
||||
CMD ["/usr/bin/supervisord"]
|
||||
|
@ -1,10 +0,0 @@
|
||||
FROM nextcloud:fpm-alpine
|
||||
|
||||
RUN apk add --no-cache supervisor \
|
||||
&& mkdir /var/log/supervisord /var/run/supervisord
|
||||
|
||||
COPY supervisord.conf /
|
||||
|
||||
ENV NEXTCLOUD_UPDATE=1
|
||||
|
||||
CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
|
@ -1,22 +0,0 @@
|
||||
[supervisord]
|
||||
nodaemon=true
|
||||
logfile=/var/log/supervisord/supervisord.log
|
||||
pidfile=/var/run/supervisord/supervisord.pid
|
||||
childlogdir=/var/log/supervisord/
|
||||
logfile_maxbytes=50MB ; maximum size of logfile before rotation
|
||||
logfile_backups=10 ; number of backed up logfiles
|
||||
loglevel=error
|
||||
|
||||
[program:php-fpm]
|
||||
stdout_logfile=/dev/stdout
|
||||
stdout_logfile_maxbytes=0
|
||||
stderr_logfile=/dev/stderr
|
||||
stderr_logfile_maxbytes=0
|
||||
command=php-fpm
|
||||
|
||||
[program:cron]
|
||||
stdout_logfile=/dev/stdout
|
||||
stdout_logfile_maxbytes=0
|
||||
stderr_logfile=/dev/stderr
|
||||
stderr_logfile_maxbytes=0
|
||||
command=/cron.sh
|
@ -5,8 +5,6 @@ RUN apt-get update && apt-get install -y \
|
||||
&& rm -rf /var/lib/apt/lists/* \
|
||||
&& mkdir /var/log/supervisord /var/run/supervisord
|
||||
|
||||
COPY supervisord.conf /
|
||||
COPY supervisord.conf /etc/supervisor/supervisord.conf
|
||||
|
||||
ENV NEXTCLOUD_UPDATE=1
|
||||
|
||||
CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
|
||||
CMD ["/usr/bin/supervisord"]
|
||||
|
@ -1,59 +1,24 @@
|
||||
FROM nextcloud:apache
|
||||
|
||||
RUN set -ex; \
|
||||
\
|
||||
apt-get update; \
|
||||
apt-get install -y --no-install-recommends \
|
||||
ffmpeg \
|
||||
libmagickcore-6.q16-6-extra \
|
||||
procps \
|
||||
smbclient \
|
||||
RUN echo "deb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/sources.list \
|
||||
&& apt-get update && apt-get install -y \
|
||||
supervisor \
|
||||
# libreoffice \
|
||||
; \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
RUN set -ex; \
|
||||
\
|
||||
savedAptMark="$(apt-mark showmanual)"; \
|
||||
\
|
||||
apt-get update; \
|
||||
apt-get install -y --no-install-recommends \
|
||||
libbz2-dev \
|
||||
ffmpeg \
|
||||
libmagickwand-dev \
|
||||
libgmp3-dev \
|
||||
libc-client-dev \
|
||||
libkrb5-dev \
|
||||
smbclient \
|
||||
libsmbclient-dev \
|
||||
; \
|
||||
\
|
||||
docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \
|
||||
docker-php-ext-install \
|
||||
bz2 \
|
||||
imap \
|
||||
; \
|
||||
pecl install smbclient; \
|
||||
docker-php-ext-enable smbclient; \
|
||||
\
|
||||
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
|
||||
apt-mark auto '.*' > /dev/null; \
|
||||
apt-mark manual $savedAptMark; \
|
||||
ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
|
||||
| awk '/=>/ { print $3 }' \
|
||||
| sort -u \
|
||||
| xargs -r dpkg-query -S \
|
||||
| cut -d: -f1 \
|
||||
| sort -u \
|
||||
| xargs -rt apt-mark manual; \
|
||||
\
|
||||
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
# LibreOffice \
|
||||
&& rm -rf /var/lib/apt/lists/* \
|
||||
&& docker-php-ext-configure imap --with-kerberos --with-imap-ssl \
|
||||
&& ln -s "/usr/include/$(dpkg-architecture --query DEB_BUILD_MULTIARCH)/gmp.h" /usr/include/gmp.h \
|
||||
&& docker-php-ext-install bz2 gmp imap \
|
||||
&& pecl install imagick smbclient \
|
||||
&& docker-php-ext-enable imagick smbclient \
|
||||
&& mkdir /var/log/supervisord /var/run/supervisord
|
||||
|
||||
RUN mkdir -p \
|
||||
/var/log/supervisord \
|
||||
/var/run/supervisord \
|
||||
;
|
||||
COPY supervisord.conf /etc/supervisor/supervisord.conf
|
||||
|
||||
COPY supervisord.conf /
|
||||
|
||||
ENV NEXTCLOUD_UPDATE=1
|
||||
|
||||
CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
|
||||
CMD ["/usr/bin/supervisord"]
|
||||
|
@ -1,51 +0,0 @@
|
||||
FROM nextcloud:fpm-alpine
|
||||
|
||||
RUN set -ex; \
|
||||
\
|
||||
apk add --no-cache \
|
||||
ffmpeg \
|
||||
imagemagick \
|
||||
procps \
|
||||
samba-client \
|
||||
supervisor \
|
||||
# libreoffice \
|
||||
;
|
||||
|
||||
RUN set -ex; \
|
||||
\
|
||||
apk add --no-cache --virtual .build-deps \
|
||||
$PHPIZE_DEPS \
|
||||
imap-dev \
|
||||
krb5-dev \
|
||||
libressl-dev \
|
||||
samba-dev \
|
||||
bzip2-dev \
|
||||
; \
|
||||
\
|
||||
docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \
|
||||
docker-php-ext-install \
|
||||
bz2 \
|
||||
imap \
|
||||
; \
|
||||
pecl install smbclient; \
|
||||
docker-php-ext-enable smbclient; \
|
||||
\
|
||||
runDeps="$( \
|
||||
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \
|
||||
| tr ',' '\n' \
|
||||
| sort -u \
|
||||
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
|
||||
)"; \
|
||||
apk add --virtual .nextcloud-phpext-rundeps $runDeps; \
|
||||
apk del .build-deps
|
||||
|
||||
RUN mkdir -p \
|
||||
/var/log/supervisord \
|
||||
/var/run/supervisord \
|
||||
;
|
||||
|
||||
COPY supervisord.conf /
|
||||
|
||||
ENV NEXTCLOUD_UPDATE=1
|
||||
|
||||
CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
|
@ -1,22 +0,0 @@
|
||||
[supervisord]
|
||||
nodaemon=true
|
||||
logfile=/var/log/supervisord/supervisord.log
|
||||
pidfile=/var/run/supervisord/supervisord.pid
|
||||
childlogdir=/var/log/supervisord/
|
||||
logfile_maxbytes=50MB ; maximum size of logfile before rotation
|
||||
logfile_backups=10 ; number of backed up logfiles
|
||||
loglevel=error
|
||||
|
||||
[program:php-fpm]
|
||||
stdout_logfile=/dev/stdout
|
||||
stdout_logfile_maxbytes=0
|
||||
stderr_logfile=/dev/stderr
|
||||
stderr_logfile_maxbytes=0
|
||||
command=php-fpm
|
||||
|
||||
[program:cron]
|
||||
stdout_logfile=/dev/stdout
|
||||
stdout_logfile_maxbytes=0
|
||||
stderr_logfile=/dev/stderr
|
||||
stderr_logfile_maxbytes=0
|
||||
command=/cron.sh
|
@ -1,59 +1,24 @@
|
||||
FROM nextcloud:fpm
|
||||
|
||||
RUN set -ex; \
|
||||
\
|
||||
apt-get update; \
|
||||
apt-get install -y --no-install-recommends \
|
||||
ffmpeg \
|
||||
libmagickcore-6.q16-6-extra \
|
||||
procps \
|
||||
smbclient \
|
||||
RUN echo "deb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/sources.list \
|
||||
&& apt-get update && apt-get install -y \
|
||||
supervisor \
|
||||
# libreoffice \
|
||||
; \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
RUN set -ex; \
|
||||
\
|
||||
savedAptMark="$(apt-mark showmanual)"; \
|
||||
\
|
||||
apt-get update; \
|
||||
apt-get install -y --no-install-recommends \
|
||||
libbz2-dev \
|
||||
ffmpeg \
|
||||
libmagickwand-dev \
|
||||
libgmp3-dev \
|
||||
libc-client-dev \
|
||||
libkrb5-dev \
|
||||
smbclient \
|
||||
libsmbclient-dev \
|
||||
; \
|
||||
\
|
||||
docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \
|
||||
docker-php-ext-install \
|
||||
bz2 \
|
||||
imap \
|
||||
; \
|
||||
pecl install smbclient; \
|
||||
docker-php-ext-enable smbclient; \
|
||||
\
|
||||
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
|
||||
apt-mark auto '.*' > /dev/null; \
|
||||
apt-mark manual $savedAptMark; \
|
||||
ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
|
||||
| awk '/=>/ { print $3 }' \
|
||||
| sort -u \
|
||||
| xargs -r dpkg-query -S \
|
||||
| cut -d: -f1 \
|
||||
| sort -u \
|
||||
| xargs -rt apt-mark manual; \
|
||||
\
|
||||
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
# LibreOffice \
|
||||
&& rm -rf /var/lib/apt/lists/* \
|
||||
&& docker-php-ext-configure imap --with-kerberos --with-imap-ssl \
|
||||
&& ln -s "/usr/include/$(dpkg-architecture --query DEB_BUILD_MULTIARCH)/gmp.h" /usr/include/gmp.h \
|
||||
&& docker-php-ext-install bz2 gmp imap \
|
||||
&& pecl install imagick smbclient \
|
||||
&& docker-php-ext-enable imagick smbclient \
|
||||
&& mkdir /var/log/supervisord /var/run/supervisord
|
||||
|
||||
RUN mkdir -p \
|
||||
/var/log/supervisord \
|
||||
/var/run/supervisord \
|
||||
;
|
||||
COPY supervisord.conf /etc/supervisor/supervisord.conf
|
||||
|
||||
COPY supervisord.conf /
|
||||
|
||||
ENV NEXTCLOUD_UPDATE=1
|
||||
|
||||
CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
|
||||
CMD ["/usr/bin/supervisord"]
|
||||
|
@ -1,28 +1,7 @@
|
||||
FROM nextcloud:apache
|
||||
|
||||
RUN set -ex; \
|
||||
\
|
||||
savedAptMark="$(apt-mark showmanual)"; \
|
||||
\
|
||||
apt-get update; \
|
||||
apt-get install -y --no-install-recommends \
|
||||
libc-client-dev \
|
||||
libkrb5-dev \
|
||||
; \
|
||||
\
|
||||
docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \
|
||||
docker-php-ext-install imap; \
|
||||
\
|
||||
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
|
||||
apt-mark auto '.*' > /dev/null; \
|
||||
apt-mark manual $savedAptMark; \
|
||||
ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
|
||||
| awk '/=>/ { print $3 }' \
|
||||
| sort -u \
|
||||
| xargs -r dpkg-query -S \
|
||||
| cut -d: -f1 \
|
||||
| sort -u \
|
||||
| xargs -rt apt-mark manual; \
|
||||
\
|
||||
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
RUN apt-get update \
|
||||
&& apt-get install -y libc-client-dev libkrb5-dev \
|
||||
&& rm -rf /var/lib/apt/lists/* \
|
||||
&& docker-php-ext-configure imap --with-kerberos --with-imap-ssl \
|
||||
&& docker-php-ext-install imap
|
||||
|
@ -1,22 +0,0 @@
|
||||
FROM nextcloud:fpm-alpine
|
||||
|
||||
RUN set -ex; \
|
||||
\
|
||||
apk add --no-cache --virtual .build-deps \
|
||||
$PHPIZE_DEPS \
|
||||
imap-dev \
|
||||
krb5-dev \
|
||||
libressl-dev \
|
||||
; \
|
||||
\
|
||||
docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \
|
||||
docker-php-ext-install imap; \
|
||||
\
|
||||
runDeps="$( \
|
||||
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \
|
||||
| tr ',' '\n' \
|
||||
| sort -u \
|
||||
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
|
||||
)"; \
|
||||
apk add --virtual .nextcloud-phpext-rundeps $runDeps; \
|
||||
apk del .build-deps
|
@ -1,28 +1,7 @@
|
||||
FROM nextcloud:fpm
|
||||
|
||||
RUN set -ex; \
|
||||
\
|
||||
savedAptMark="$(apt-mark showmanual)"; \
|
||||
\
|
||||
apt-get update; \
|
||||
apt-get install -y --no-install-recommends \
|
||||
libc-client-dev \
|
||||
libkrb5-dev \
|
||||
; \
|
||||
\
|
||||
docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \
|
||||
docker-php-ext-install imap; \
|
||||
\
|
||||
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
|
||||
apt-mark auto '.*' > /dev/null; \
|
||||
apt-mark manual $savedAptMark; \
|
||||
ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
|
||||
| awk '/=>/ { print $3 }' \
|
||||
| sort -u \
|
||||
| xargs -r dpkg-query -S \
|
||||
| cut -d: -f1 \
|
||||
| sort -u \
|
||||
| xargs -rt apt-mark manual; \
|
||||
\
|
||||
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
RUN apt-get update \
|
||||
&& apt-get install -y libc-client-dev libkrb5-dev \
|
||||
&& rm -rf /var/lib/apt/lists/* \
|
||||
&& docker-php-ext-configure imap --with-kerberos --with-imap-ssl \
|
||||
&& docker-php-ext-install imap
|
||||
|
@ -1,3 +1,3 @@
|
||||
FROM nextcloud:apache
|
||||
|
||||
RUN apt-get update && apt-get install -y procps smbclient && rm -rf /var/lib/apt/lists/*
|
||||
RUN apt-get update && apt-get install -y smbclient && rm -rf /var/lib/apt/lists/*
|
||||
|
@ -1,3 +0,0 @@
|
||||
FROM nextcloud:fpm-alpine
|
||||
|
||||
RUN apk add --no-cache procps samba-client
|
@ -1,3 +1,3 @@
|
||||
FROM nextcloud:fpm
|
||||
|
||||
RUN apt-get update && apt-get install -y procps smbclient && rm -rf /var/lib/apt/lists/*
|
||||
RUN apt-get update && apt-get install -y smbclient && rm -rf /var/lib/apt/lists/*
|
||||
|
88
.travis.yml
88
.travis.yml
@ -1,60 +1,42 @@
|
||||
language: bash
|
||||
dist: trusty
|
||||
sudo: required
|
||||
|
||||
services: docker
|
||||
|
||||
language: bash
|
||||
|
||||
branches:
|
||||
only:
|
||||
- master
|
||||
|
||||
# preload images to avoid timeouts in tests
|
||||
before_install:
|
||||
- docker pull mariadb:10
|
||||
- docker pull postgres:11-alpine
|
||||
|
||||
install:
|
||||
- git clone https://github.com/docker-library/official-images.git ~/official-images
|
||||
|
||||
before_script:
|
||||
- env | sort
|
||||
- wget -qO- 'https://github.com/tianon/pgp-happy-eyeballs/raw/master/hack-my-builds.sh' | bash
|
||||
- image="nextcloud:${VERSION}${VARIANT:+-$VARIANT}"
|
||||
- if [[ "$ARCH" == 'i386' ]]; then sed -i -e 's/FROM php/FROM i386\/php/g' "${VERSION}/${VARIANT}/Dockerfile"; fi
|
||||
|
||||
script:
|
||||
- |
|
||||
(
|
||||
set -Eeuo pipefail
|
||||
set -x
|
||||
travis_retry docker build -t "$image" "${VERSION}/${VARIANT}"
|
||||
travis_retry ~/official-images/test/run.sh "$image"
|
||||
.travis/test-example-dockerfiles.sh "$image"
|
||||
)
|
||||
- travis_retry docker build -t "$image" "${VERSION}/${VARIANT}"
|
||||
- ~/official-images/test/run.sh "$image"
|
||||
- .travis/test-example-dockerfiles.sh "$image"
|
||||
|
||||
after_script:
|
||||
- docker images
|
||||
|
||||
jobs:
|
||||
# https://github.com/docker-library/php/issues/822
|
||||
allow_failures:
|
||||
- env: VERSION=15.0 VARIANT=apache ARCH=i386
|
||||
- env: VERSION=16.0 VARIANT=apache ARCH=i386
|
||||
- env: VERSION=17.0 VARIANT=apache ARCH=i386
|
||||
- env: VERSION=18.0 VARIANT=apache ARCH=i386
|
||||
- env: VERSION=15.0-rc VARIANT=apache ARCH=i386
|
||||
- env: VERSION=16.0-rc VARIANT=apache ARCH=i386
|
||||
- env: VERSION=17.0-rc VARIANT=apache ARCH=i386
|
||||
- env: VERSION=18.0-rc VARIANT=apache ARCH=i386
|
||||
- env: VERSION=17.0-beta VARIANT=apache ARCH=i386
|
||||
- env: VERSION=18.0-beta VARIANT=apache ARCH=i386
|
||||
include:
|
||||
- &test-scripts
|
||||
stage: test scripts
|
||||
env: SCRIPT=update.sh
|
||||
sudo: false
|
||||
services: []
|
||||
install: skip
|
||||
before_script: skip
|
||||
script:
|
||||
- hash_before=$(git write-tree)
|
||||
- travis_retry ./update.sh
|
||||
- ./update.sh
|
||||
- bash -c "[[ $hash_before = $(git add -A && git write-tree) ]]"
|
||||
after_script: skip
|
||||
|
||||
@ -64,42 +46,18 @@ jobs:
|
||||
- wget -O "$HOME/bin/bashbrew" https://doi-janky.infosiftr.net/job/bashbrew/lastSuccessfulBuild/artifact/bin/bashbrew-amd64
|
||||
- chmod +x "$HOME/bin/bashbrew"
|
||||
script:
|
||||
- travis_retry ./generate-stackbrew-library.sh
|
||||
- ./generate-stackbrew-library.sh
|
||||
|
||||
- stage: test images
|
||||
env: VERSION=16.0-rc VARIANT=fpm-alpine ARCH=amd64
|
||||
- env: VERSION=16.0-rc VARIANT=fpm-alpine ARCH=i386
|
||||
- env: VERSION=16.0-rc VARIANT=fpm ARCH=amd64
|
||||
- env: VERSION=16.0-rc VARIANT=fpm ARCH=i386
|
||||
- env: VERSION=16.0-rc VARIANT=apache ARCH=amd64
|
||||
- env: VERSION=16.0-rc VARIANT=apache ARCH=i386
|
||||
- env: VERSION=17.0-rc VARIANT=fpm-alpine ARCH=amd64
|
||||
- env: VERSION=17.0-rc VARIANT=fpm-alpine ARCH=i386
|
||||
- env: VERSION=17.0-rc VARIANT=fpm ARCH=amd64
|
||||
- env: VERSION=17.0-rc VARIANT=fpm ARCH=i386
|
||||
- env: VERSION=17.0-rc VARIANT=apache ARCH=amd64
|
||||
- env: VERSION=17.0-rc VARIANT=apache ARCH=i386
|
||||
- env: VERSION=18.0-rc VARIANT=fpm-alpine ARCH=amd64
|
||||
- env: VERSION=18.0-rc VARIANT=fpm-alpine ARCH=i386
|
||||
- env: VERSION=18.0-rc VARIANT=fpm ARCH=amd64
|
||||
- env: VERSION=18.0-rc VARIANT=fpm ARCH=i386
|
||||
- env: VERSION=18.0-rc VARIANT=apache ARCH=amd64
|
||||
- env: VERSION=18.0-rc VARIANT=apache ARCH=i386
|
||||
- env: VERSION=16.0 VARIANT=fpm-alpine ARCH=amd64
|
||||
- env: VERSION=16.0 VARIANT=fpm-alpine ARCH=i386
|
||||
- env: VERSION=16.0 VARIANT=fpm ARCH=amd64
|
||||
- env: VERSION=16.0 VARIANT=fpm ARCH=i386
|
||||
- env: VERSION=16.0 VARIANT=apache ARCH=amd64
|
||||
- env: VERSION=16.0 VARIANT=apache ARCH=i386
|
||||
- env: VERSION=17.0 VARIANT=fpm-alpine ARCH=amd64
|
||||
- env: VERSION=17.0 VARIANT=fpm-alpine ARCH=i386
|
||||
- env: VERSION=17.0 VARIANT=fpm ARCH=amd64
|
||||
- env: VERSION=17.0 VARIANT=fpm ARCH=i386
|
||||
- env: VERSION=17.0 VARIANT=apache ARCH=amd64
|
||||
- env: VERSION=17.0 VARIANT=apache ARCH=i386
|
||||
- env: VERSION=18.0 VARIANT=fpm-alpine ARCH=amd64
|
||||
- env: VERSION=18.0 VARIANT=fpm-alpine ARCH=i386
|
||||
- env: VERSION=18.0 VARIANT=fpm ARCH=amd64
|
||||
- env: VERSION=18.0 VARIANT=fpm ARCH=i386
|
||||
- env: VERSION=18.0 VARIANT=apache ARCH=amd64
|
||||
- env: VERSION=18.0 VARIANT=apache ARCH=i386
|
||||
env: VERSION=12.0 VARIANT=fpm-alpine ARCH=amd64
|
||||
- env: VERSION=12.0 VARIANT=fpm-alpine ARCH=i386
|
||||
- env: VERSION=12.0 VARIANT=fpm ARCH=amd64
|
||||
- env: VERSION=12.0 VARIANT=fpm ARCH=i386
|
||||
- env: VERSION=12.0 VARIANT=apache ARCH=amd64
|
||||
- env: VERSION=12.0 VARIANT=apache ARCH=i386
|
||||
- env: VERSION=13.0 VARIANT=fpm-alpine ARCH=amd64
|
||||
- env: VERSION=13.0 VARIANT=fpm-alpine ARCH=i386
|
||||
- env: VERSION=13.0 VARIANT=fpm ARCH=amd64
|
||||
- env: VERSION=13.0 VARIANT=fpm ARCH=i386
|
||||
- env: VERSION=13.0 VARIANT=apache ARCH=amd64
|
||||
- env: VERSION=13.0 VARIANT=apache ARCH=i386
|
||||
|
@ -13,6 +13,7 @@ for dir in "${dirs[@]}"; do
|
||||
cd "$dir/$VARIANT"
|
||||
sed -ri -e 's/^FROM .*/FROM '"$image"'/g' 'Dockerfile'
|
||||
docker build -t "$image-$dir" .
|
||||
~/official-images/test/run.sh "$image-$dir"
|
||||
)
|
||||
fi
|
||||
done
|
||||
|
@ -1,5 +1,5 @@
|
||||
# DO NOT EDIT: created by update.sh from Dockerfile-debian.template
|
||||
FROM php:7.3-apache-buster
|
||||
FROM php:7.1-apache
|
||||
|
||||
# entrypoint.sh and cron.sh dependencies
|
||||
RUN set -ex; \
|
||||
@ -16,7 +16,7 @@ RUN set -ex; \
|
||||
echo '*/15 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
|
||||
|
||||
# install the PHP extensions we need
|
||||
# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
|
||||
# see https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html
|
||||
RUN set -ex; \
|
||||
\
|
||||
savedAptMark="$(apt-mark showmanual)"; \
|
||||
@ -24,51 +24,41 @@ RUN set -ex; \
|
||||
apt-get update; \
|
||||
apt-get install -y --no-install-recommends \
|
||||
libcurl4-openssl-dev \
|
||||
libevent-dev \
|
||||
libfreetype6-dev \
|
||||
libicu-dev \
|
||||
libjpeg-dev \
|
||||
libldap2-dev \
|
||||
libmcrypt-dev \
|
||||
libmemcached-dev \
|
||||
libpng-dev \
|
||||
libpng12-dev \
|
||||
libpq-dev \
|
||||
libxml2-dev \
|
||||
libmagickwand-dev \
|
||||
libzip-dev \
|
||||
libwebp-dev \
|
||||
libgmp-dev \
|
||||
; \
|
||||
\
|
||||
debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \
|
||||
if [ ! -e /usr/include/gmp.h ]; then ln -s /usr/include/$debMultiarch/gmp.h /usr/include/gmp.h; fi;\
|
||||
docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr --with-webp-dir=/usr; \
|
||||
docker-php-ext-configure gmp --with-gmp="/usr/include/$debMultiarch"; \
|
||||
docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
|
||||
docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \
|
||||
docker-php-ext-install -j "$(nproc)" \
|
||||
docker-php-ext-install \
|
||||
exif \
|
||||
gd \
|
||||
intl \
|
||||
ldap \
|
||||
mcrypt \
|
||||
opcache \
|
||||
pcntl \
|
||||
pdo_mysql \
|
||||
pdo_pgsql \
|
||||
zip \
|
||||
gmp \
|
||||
; \
|
||||
\
|
||||
# pecl will claim success even if one install fails, so we need to perform each install separately
|
||||
pecl install APCu-5.1.18; \
|
||||
pecl install memcached-3.1.5; \
|
||||
pecl install redis-4.3.0; \
|
||||
pecl install imagick-3.4.4; \
|
||||
\
|
||||
pecl install \
|
||||
APCu-5.1.11 \
|
||||
memcached-3.0.4 \
|
||||
redis-3.1.6 \
|
||||
; \
|
||||
docker-php-ext-enable \
|
||||
apcu \
|
||||
memcached \
|
||||
redis \
|
||||
imagick \
|
||||
; \
|
||||
\
|
||||
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
|
||||
@ -89,6 +79,7 @@ RUN set -ex; \
|
||||
# see https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
|
||||
RUN { \
|
||||
echo 'opcache.enable=1'; \
|
||||
echo 'opcache.enable_cli=1'; \
|
||||
echo 'opcache.interned_strings_buffer=8'; \
|
||||
echo 'opcache.max_accelerated_files=10000'; \
|
||||
echo 'opcache.memory_consumption=128'; \
|
||||
@ -96,10 +87,6 @@ RUN { \
|
||||
echo 'opcache.revalidate_freq=1'; \
|
||||
} > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
|
||||
\
|
||||
echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \
|
||||
\
|
||||
echo 'memory_limit=512M' > /usr/local/etc/php/conf.d/memory-limit.ini; \
|
||||
\
|
||||
mkdir /var/www/data; \
|
||||
chown -R www-data:root /var/www; \
|
||||
chmod -R g=u /var/www
|
||||
@ -115,36 +102,26 @@ RUN a2enmod rewrite remoteip ;\
|
||||
} > /etc/apache2/conf-available/remoteip.conf;\
|
||||
a2enconf remoteip
|
||||
|
||||
ENV NEXTCLOUD_VERSION 16.0.8
|
||||
ENV NEXTCLOUD_VERSION 12.0.7
|
||||
|
||||
RUN set -ex; \
|
||||
fetchDeps=" \
|
||||
gnupg \
|
||||
dirmngr \
|
||||
"; \
|
||||
apt-get update; \
|
||||
apt-get install -y --no-install-recommends $fetchDeps; \
|
||||
\
|
||||
curl -fsSL -o nextcloud.tar.bz2 \
|
||||
"https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \
|
||||
curl -fsSL -o nextcloud.tar.bz2.asc \
|
||||
"https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \
|
||||
export GNUPGHOME="$(mktemp -d)"; \
|
||||
# gpg key from https://nextcloud.com/nextcloud.asc
|
||||
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
|
||||
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
|
||||
gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
|
||||
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc; \
|
||||
tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
|
||||
gpgconf --kill all; \
|
||||
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
|
||||
rm nextcloud.tar.bz2; \
|
||||
rm -rf /usr/src/nextcloud/updater; \
|
||||
mkdir -p /usr/src/nextcloud/data; \
|
||||
mkdir -p /usr/src/nextcloud/custom_apps; \
|
||||
chmod +x /usr/src/nextcloud/occ; \
|
||||
\
|
||||
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
chmod +x /usr/src/nextcloud/occ
|
||||
|
||||
COPY *.sh upgrade.exclude /
|
||||
COPY *.sh /
|
||||
COPY config/* /usr/src/nextcloud/config/
|
||||
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
@ -23,9 +23,12 @@ if (getenv('SQLITE_DATABASE')) {
|
||||
}
|
||||
|
||||
if ($autoconfig_enabled) {
|
||||
if (getenv('NEXTCLOUD_TABLE_PREFIX')) {
|
||||
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX');
|
||||
}
|
||||
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX') ?: "";
|
||||
|
||||
$AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
|
||||
|
||||
if (getenv('NEXTCLOUD_ADMIN_USER') && getenv('NEXTCLOUD_ADMIN_PASSWORD')) {
|
||||
$AUTOCONFIG["adminlogin"] = getenv('NEXTCLOUD_ADMIN_USER');
|
||||
$AUTOCONFIG["adminpass"] = getenv('NEXTCLOUD_ADMIN_PASSWORD');
|
||||
}
|
||||
}
|
62
12.0/apache/entrypoint.sh
Executable file
62
12.0/apache/entrypoint.sh
Executable file
@ -0,0 +1,62 @@
|
||||
#!/bin/sh
|
||||
set -eu
|
||||
|
||||
# version_greater A B returns whether A > B
|
||||
version_greater() {
|
||||
[ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
|
||||
}
|
||||
|
||||
# return true if specified directory is empty
|
||||
directory_empty() {
|
||||
[ -z "$(ls -A "$1/")" ]
|
||||
}
|
||||
|
||||
run_as() {
|
||||
if [ "$(id -u)" = 0 ]; then
|
||||
su - www-data -s /bin/sh -c "$1"
|
||||
else
|
||||
sh -c "$1"
|
||||
fi
|
||||
}
|
||||
|
||||
installed_version="0.0.0.0"
|
||||
if [ -f /var/www/html/version.php ]; then
|
||||
# shellcheck disable=SC2016
|
||||
installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
|
||||
fi
|
||||
# shellcheck disable=SC2016
|
||||
image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
|
||||
|
||||
if version_greater "$installed_version" "$image_version"; then
|
||||
echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if version_greater "$image_version" "$installed_version"; then
|
||||
if [ "$installed_version" != "0.0.0.0" ]; then
|
||||
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
|
||||
fi
|
||||
if [ "$(id -u)" = 0 ]; then
|
||||
rsync_options="-rlDog --chown www-data:root"
|
||||
else
|
||||
rsync_options="-rlD"
|
||||
fi
|
||||
rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/
|
||||
|
||||
for dir in config data custom_apps themes; do
|
||||
if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
|
||||
rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
|
||||
fi
|
||||
done
|
||||
|
||||
if [ "$installed_version" != "0.0.0.0" ]; then
|
||||
run_as 'php /var/www/html/occ upgrade --no-app-disable'
|
||||
|
||||
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
|
||||
echo "The following apps have beed disabled:"
|
||||
diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
|
||||
rm -f /tmp/list_before /tmp/list_after
|
||||
fi
|
||||
fi
|
||||
|
||||
exec "$@"
|
@ -1,5 +1,5 @@
|
||||
# DO NOT EDIT: created by update.sh from Dockerfile-alpine.template
|
||||
FROM php:7.3-fpm-alpine3.11
|
||||
FROM php:7.1-fpm-alpine
|
||||
|
||||
# entrypoint.sh and cron.sh dependencies
|
||||
RUN set -ex; \
|
||||
@ -12,55 +12,47 @@ RUN set -ex; \
|
||||
echo '*/15 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
|
||||
|
||||
# install the PHP extensions we need
|
||||
# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
|
||||
# see https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html
|
||||
RUN set -ex; \
|
||||
\
|
||||
apk add --no-cache --virtual .build-deps \
|
||||
$PHPIZE_DEPS \
|
||||
alpine-sdk \
|
||||
autoconf \
|
||||
freetype-dev \
|
||||
icu-dev \
|
||||
libevent-dev \
|
||||
libjpeg-turbo-dev \
|
||||
libmcrypt-dev \
|
||||
libpng-dev \
|
||||
libmemcached-dev \
|
||||
libxml2-dev \
|
||||
libzip-dev \
|
||||
openldap-dev \
|
||||
pcre-dev \
|
||||
postgresql-dev \
|
||||
imagemagick-dev \
|
||||
libwebp-dev \
|
||||
gmp-dev \
|
||||
; \
|
||||
\
|
||||
docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr --with-webp-dir=/usr; \
|
||||
docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
|
||||
docker-php-ext-configure ldap; \
|
||||
docker-php-ext-install -j "$(nproc)" \
|
||||
docker-php-ext-install \
|
||||
exif \
|
||||
gd \
|
||||
intl \
|
||||
ldap \
|
||||
mcrypt \
|
||||
opcache \
|
||||
pcntl \
|
||||
pdo_mysql \
|
||||
pdo_pgsql \
|
||||
zip \
|
||||
gmp \
|
||||
; \
|
||||
\
|
||||
# pecl will claim success even if one install fails, so we need to perform each install separately
|
||||
pecl install APCu-5.1.18; \
|
||||
pecl install memcached-3.1.5; \
|
||||
pecl install redis-4.3.0; \
|
||||
pecl install imagick-3.4.4; \
|
||||
\
|
||||
pecl install \
|
||||
APCu-5.1.11 \
|
||||
memcached-3.0.4 \
|
||||
redis-3.1.6 \
|
||||
; \
|
||||
docker-php-ext-enable \
|
||||
apcu \
|
||||
memcached \
|
||||
redis \
|
||||
imagick \
|
||||
; \
|
||||
\
|
||||
runDeps="$( \
|
||||
@ -76,6 +68,7 @@ RUN set -ex; \
|
||||
# see https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
|
||||
RUN { \
|
||||
echo 'opcache.enable=1'; \
|
||||
echo 'opcache.enable_cli=1'; \
|
||||
echo 'opcache.interned_strings_buffer=8'; \
|
||||
echo 'opcache.max_accelerated_files=10000'; \
|
||||
echo 'opcache.memory_consumption=128'; \
|
||||
@ -83,10 +76,6 @@ RUN { \
|
||||
echo 'opcache.revalidate_freq=1'; \
|
||||
} > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
|
||||
\
|
||||
echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \
|
||||
\
|
||||
echo 'memory_limit=512M' > /usr/local/etc/php/conf.d/memory-limit.ini; \
|
||||
\
|
||||
mkdir /var/www/data; \
|
||||
chown -R www-data:root /var/www; \
|
||||
chmod -R g=u /var/www
|
||||
@ -94,7 +83,7 @@ RUN { \
|
||||
VOLUME /var/www/html
|
||||
|
||||
|
||||
ENV NEXTCLOUD_VERSION 16.0.8
|
||||
ENV NEXTCLOUD_VERSION 12.0.7
|
||||
|
||||
RUN set -ex; \
|
||||
apk add --no-cache --virtual .fetch-deps \
|
||||
@ -108,18 +97,18 @@ RUN set -ex; \
|
||||
"https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \
|
||||
export GNUPGHOME="$(mktemp -d)"; \
|
||||
# gpg key from https://nextcloud.com/nextcloud.asc
|
||||
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
|
||||
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
|
||||
gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
|
||||
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc; \
|
||||
tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
|
||||
gpgconf --kill all; \
|
||||
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
|
||||
rm nextcloud.tar.bz2; \
|
||||
rm -rf /usr/src/nextcloud/updater; \
|
||||
mkdir -p /usr/src/nextcloud/data; \
|
||||
mkdir -p /usr/src/nextcloud/custom_apps; \
|
||||
chmod +x /usr/src/nextcloud/occ; \
|
||||
apk del .fetch-deps
|
||||
|
||||
COPY *.sh upgrade.exclude /
|
||||
COPY *.sh /
|
||||
COPY config/* /usr/src/nextcloud/config/
|
||||
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
@ -23,9 +23,12 @@ if (getenv('SQLITE_DATABASE')) {
|
||||
}
|
||||
|
||||
if ($autoconfig_enabled) {
|
||||
if (getenv('NEXTCLOUD_TABLE_PREFIX')) {
|
||||
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX');
|
||||
}
|
||||
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX') ?: "";
|
||||
|
||||
$AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
|
||||
|
||||
if (getenv('NEXTCLOUD_ADMIN_USER') && getenv('NEXTCLOUD_ADMIN_PASSWORD')) {
|
||||
$AUTOCONFIG["adminlogin"] = getenv('NEXTCLOUD_ADMIN_USER');
|
||||
$AUTOCONFIG["adminpass"] = getenv('NEXTCLOUD_ADMIN_PASSWORD');
|
||||
}
|
||||
}
|
62
12.0/fpm-alpine/entrypoint.sh
Executable file
62
12.0/fpm-alpine/entrypoint.sh
Executable file
@ -0,0 +1,62 @@
|
||||
#!/bin/sh
|
||||
set -eu
|
||||
|
||||
# version_greater A B returns whether A > B
|
||||
version_greater() {
|
||||
[ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
|
||||
}
|
||||
|
||||
# return true if specified directory is empty
|
||||
directory_empty() {
|
||||
[ -z "$(ls -A "$1/")" ]
|
||||
}
|
||||
|
||||
run_as() {
|
||||
if [ "$(id -u)" = 0 ]; then
|
||||
su - www-data -s /bin/sh -c "$1"
|
||||
else
|
||||
sh -c "$1"
|
||||
fi
|
||||
}
|
||||
|
||||
installed_version="0.0.0.0"
|
||||
if [ -f /var/www/html/version.php ]; then
|
||||
# shellcheck disable=SC2016
|
||||
installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
|
||||
fi
|
||||
# shellcheck disable=SC2016
|
||||
image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
|
||||
|
||||
if version_greater "$installed_version" "$image_version"; then
|
||||
echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if version_greater "$image_version" "$installed_version"; then
|
||||
if [ "$installed_version" != "0.0.0.0" ]; then
|
||||
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
|
||||
fi
|
||||
if [ "$(id -u)" = 0 ]; then
|
||||
rsync_options="-rlDog --chown www-data:root"
|
||||
else
|
||||
rsync_options="-rlD"
|
||||
fi
|
||||
rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/
|
||||
|
||||
for dir in config data custom_apps themes; do
|
||||
if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
|
||||
rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
|
||||
fi
|
||||
done
|
||||
|
||||
if [ "$installed_version" != "0.0.0.0" ]; then
|
||||
run_as 'php /var/www/html/occ upgrade --no-app-disable'
|
||||
|
||||
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
|
||||
echo "The following apps have beed disabled:"
|
||||
diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
|
||||
rm -f /tmp/list_before /tmp/list_after
|
||||
fi
|
||||
fi
|
||||
|
||||
exec "$@"
|
@ -1,5 +1,5 @@
|
||||
# DO NOT EDIT: created by update.sh from Dockerfile-debian.template
|
||||
FROM php:7.3-fpm-buster
|
||||
FROM php:7.1-fpm
|
||||
|
||||
# entrypoint.sh and cron.sh dependencies
|
||||
RUN set -ex; \
|
||||
@ -16,7 +16,7 @@ RUN set -ex; \
|
||||
echo '*/15 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
|
||||
|
||||
# install the PHP extensions we need
|
||||
# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
|
||||
# see https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html
|
||||
RUN set -ex; \
|
||||
\
|
||||
savedAptMark="$(apt-mark showmanual)"; \
|
||||
@ -24,51 +24,41 @@ RUN set -ex; \
|
||||
apt-get update; \
|
||||
apt-get install -y --no-install-recommends \
|
||||
libcurl4-openssl-dev \
|
||||
libevent-dev \
|
||||
libfreetype6-dev \
|
||||
libicu-dev \
|
||||
libjpeg-dev \
|
||||
libldap2-dev \
|
||||
libmcrypt-dev \
|
||||
libmemcached-dev \
|
||||
libpng-dev \
|
||||
libpng12-dev \
|
||||
libpq-dev \
|
||||
libxml2-dev \
|
||||
libmagickwand-dev \
|
||||
libzip-dev \
|
||||
libwebp-dev \
|
||||
libgmp-dev \
|
||||
; \
|
||||
\
|
||||
debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \
|
||||
if [ ! -e /usr/include/gmp.h ]; then ln -s /usr/include/$debMultiarch/gmp.h /usr/include/gmp.h; fi;\
|
||||
docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr --with-webp-dir=/usr; \
|
||||
docker-php-ext-configure gmp --with-gmp="/usr/include/$debMultiarch"; \
|
||||
docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
|
||||
docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \
|
||||
docker-php-ext-install -j "$(nproc)" \
|
||||
docker-php-ext-install \
|
||||
exif \
|
||||
gd \
|
||||
intl \
|
||||
ldap \
|
||||
mcrypt \
|
||||
opcache \
|
||||
pcntl \
|
||||
pdo_mysql \
|
||||
pdo_pgsql \
|
||||
zip \
|
||||
gmp \
|
||||
; \
|
||||
\
|
||||
# pecl will claim success even if one install fails, so we need to perform each install separately
|
||||
pecl install APCu-5.1.18; \
|
||||
pecl install memcached-3.1.5; \
|
||||
pecl install redis-4.3.0; \
|
||||
pecl install imagick-3.4.4; \
|
||||
\
|
||||
pecl install \
|
||||
APCu-5.1.11 \
|
||||
memcached-3.0.4 \
|
||||
redis-3.1.6 \
|
||||
; \
|
||||
docker-php-ext-enable \
|
||||
apcu \
|
||||
memcached \
|
||||
redis \
|
||||
imagick \
|
||||
; \
|
||||
\
|
||||
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
|
||||
@ -89,6 +79,7 @@ RUN set -ex; \
|
||||
# see https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
|
||||
RUN { \
|
||||
echo 'opcache.enable=1'; \
|
||||
echo 'opcache.enable_cli=1'; \
|
||||
echo 'opcache.interned_strings_buffer=8'; \
|
||||
echo 'opcache.max_accelerated_files=10000'; \
|
||||
echo 'opcache.memory_consumption=128'; \
|
||||
@ -96,10 +87,6 @@ RUN { \
|
||||
echo 'opcache.revalidate_freq=1'; \
|
||||
} > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
|
||||
\
|
||||
echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \
|
||||
\
|
||||
echo 'memory_limit=512M' > /usr/local/etc/php/conf.d/memory-limit.ini; \
|
||||
\
|
||||
mkdir /var/www/data; \
|
||||
chown -R www-data:root /var/www; \
|
||||
chmod -R g=u /var/www
|
||||
@ -107,36 +94,26 @@ RUN { \
|
||||
VOLUME /var/www/html
|
||||
|
||||
|
||||
ENV NEXTCLOUD_VERSION 16.0.8
|
||||
ENV NEXTCLOUD_VERSION 12.0.7
|
||||
|
||||
RUN set -ex; \
|
||||
fetchDeps=" \
|
||||
gnupg \
|
||||
dirmngr \
|
||||
"; \
|
||||
apt-get update; \
|
||||
apt-get install -y --no-install-recommends $fetchDeps; \
|
||||
\
|
||||
curl -fsSL -o nextcloud.tar.bz2 \
|
||||
"https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \
|
||||
curl -fsSL -o nextcloud.tar.bz2.asc \
|
||||
"https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \
|
||||
export GNUPGHOME="$(mktemp -d)"; \
|
||||
# gpg key from https://nextcloud.com/nextcloud.asc
|
||||
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
|
||||
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
|
||||
gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
|
||||
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc; \
|
||||
tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
|
||||
gpgconf --kill all; \
|
||||
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
|
||||
rm nextcloud.tar.bz2; \
|
||||
rm -rf /usr/src/nextcloud/updater; \
|
||||
mkdir -p /usr/src/nextcloud/data; \
|
||||
mkdir -p /usr/src/nextcloud/custom_apps; \
|
||||
chmod +x /usr/src/nextcloud/occ; \
|
||||
\
|
||||
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
chmod +x /usr/src/nextcloud/occ
|
||||
|
||||
COPY *.sh upgrade.exclude /
|
||||
COPY *.sh /
|
||||
COPY config/* /usr/src/nextcloud/config/
|
||||
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
@ -23,9 +23,12 @@ if (getenv('SQLITE_DATABASE')) {
|
||||
}
|
||||
|
||||
if ($autoconfig_enabled) {
|
||||
if (getenv('NEXTCLOUD_TABLE_PREFIX')) {
|
||||
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX');
|
||||
}
|
||||
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX') ?: "";
|
||||
|
||||
$AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
|
||||
|
||||
if (getenv('NEXTCLOUD_ADMIN_USER') && getenv('NEXTCLOUD_ADMIN_PASSWORD')) {
|
||||
$AUTOCONFIG["adminlogin"] = getenv('NEXTCLOUD_ADMIN_USER');
|
||||
$AUTOCONFIG["adminpass"] = getenv('NEXTCLOUD_ADMIN_PASSWORD');
|
||||
}
|
||||
}
|
62
12.0/fpm/entrypoint.sh
Executable file
62
12.0/fpm/entrypoint.sh
Executable file
@ -0,0 +1,62 @@
|
||||
#!/bin/sh
|
||||
set -eu
|
||||
|
||||
# version_greater A B returns whether A > B
|
||||
version_greater() {
|
||||
[ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
|
||||
}
|
||||
|
||||
# return true if specified directory is empty
|
||||
directory_empty() {
|
||||
[ -z "$(ls -A "$1/")" ]
|
||||
}
|
||||
|
||||
run_as() {
|
||||
if [ "$(id -u)" = 0 ]; then
|
||||
su - www-data -s /bin/sh -c "$1"
|
||||
else
|
||||
sh -c "$1"
|
||||
fi
|
||||
}
|
||||
|
||||
installed_version="0.0.0.0"
|
||||
if [ -f /var/www/html/version.php ]; then
|
||||
# shellcheck disable=SC2016
|
||||
installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
|
||||
fi
|
||||
# shellcheck disable=SC2016
|
||||
image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
|
||||
|
||||
if version_greater "$installed_version" "$image_version"; then
|
||||
echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if version_greater "$image_version" "$installed_version"; then
|
||||
if [ "$installed_version" != "0.0.0.0" ]; then
|
||||
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
|
||||
fi
|
||||
if [ "$(id -u)" = 0 ]; then
|
||||
rsync_options="-rlDog --chown www-data:root"
|
||||
else
|
||||
rsync_options="-rlD"
|
||||
fi
|
||||
rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/
|
||||
|
||||
for dir in config data custom_apps themes; do
|
||||
if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
|
||||
rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
|
||||
fi
|
||||
done
|
||||
|
||||
if [ "$installed_version" != "0.0.0.0" ]; then
|
||||
run_as 'php /var/www/html/occ upgrade --no-app-disable'
|
||||
|
||||
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
|
||||
echo "The following apps have beed disabled:"
|
||||
diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
|
||||
rm -f /tmp/list_before /tmp/list_after
|
||||
fi
|
||||
fi
|
||||
|
||||
exec "$@"
|
@ -1,5 +1,5 @@
|
||||
# DO NOT EDIT: created by update.sh from Dockerfile-debian.template
|
||||
FROM php:7.3-apache-buster
|
||||
FROM php:7.1-apache
|
||||
|
||||
# entrypoint.sh and cron.sh dependencies
|
||||
RUN set -ex; \
|
||||
@ -13,10 +13,10 @@ RUN set -ex; \
|
||||
rm -rf /var/lib/apt/lists/*; \
|
||||
\
|
||||
mkdir -p /var/spool/cron/crontabs; \
|
||||
echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
|
||||
echo '*/15 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
|
||||
|
||||
# install the PHP extensions we need
|
||||
# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
|
||||
# see https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html
|
||||
RUN set -ex; \
|
||||
\
|
||||
savedAptMark="$(apt-mark showmanual)"; \
|
||||
@ -24,51 +24,41 @@ RUN set -ex; \
|
||||
apt-get update; \
|
||||
apt-get install -y --no-install-recommends \
|
||||
libcurl4-openssl-dev \
|
||||
libevent-dev \
|
||||
libfreetype6-dev \
|
||||
libicu-dev \
|
||||
libjpeg-dev \
|
||||
libldap2-dev \
|
||||
libmcrypt-dev \
|
||||
libmemcached-dev \
|
||||
libpng-dev \
|
||||
libpng12-dev \
|
||||
libpq-dev \
|
||||
libxml2-dev \
|
||||
libmagickwand-dev \
|
||||
libzip-dev \
|
||||
libwebp-dev \
|
||||
libgmp-dev \
|
||||
; \
|
||||
\
|
||||
debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \
|
||||
if [ ! -e /usr/include/gmp.h ]; then ln -s /usr/include/$debMultiarch/gmp.h /usr/include/gmp.h; fi;\
|
||||
docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr --with-webp-dir=/usr; \
|
||||
docker-php-ext-configure gmp --with-gmp="/usr/include/$debMultiarch"; \
|
||||
docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
|
||||
docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \
|
||||
docker-php-ext-install -j "$(nproc)" \
|
||||
docker-php-ext-install \
|
||||
exif \
|
||||
gd \
|
||||
intl \
|
||||
ldap \
|
||||
mcrypt \
|
||||
opcache \
|
||||
pcntl \
|
||||
pdo_mysql \
|
||||
pdo_pgsql \
|
||||
zip \
|
||||
gmp \
|
||||
; \
|
||||
\
|
||||
# pecl will claim success even if one install fails, so we need to perform each install separately
|
||||
pecl install APCu-5.1.18; \
|
||||
pecl install memcached-3.1.5; \
|
||||
pecl install redis-4.3.0; \
|
||||
pecl install imagick-3.4.4; \
|
||||
\
|
||||
pecl install \
|
||||
APCu-5.1.11 \
|
||||
memcached-3.0.4 \
|
||||
redis-3.1.6 \
|
||||
; \
|
||||
docker-php-ext-enable \
|
||||
apcu \
|
||||
memcached \
|
||||
redis \
|
||||
imagick \
|
||||
; \
|
||||
\
|
||||
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
|
||||
@ -89,6 +79,7 @@ RUN set -ex; \
|
||||
# see https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
|
||||
RUN { \
|
||||
echo 'opcache.enable=1'; \
|
||||
echo 'opcache.enable_cli=1'; \
|
||||
echo 'opcache.interned_strings_buffer=8'; \
|
||||
echo 'opcache.max_accelerated_files=10000'; \
|
||||
echo 'opcache.memory_consumption=128'; \
|
||||
@ -96,10 +87,6 @@ RUN { \
|
||||
echo 'opcache.revalidate_freq=1'; \
|
||||
} > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
|
||||
\
|
||||
echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \
|
||||
\
|
||||
echo 'memory_limit=512M' > /usr/local/etc/php/conf.d/memory-limit.ini; \
|
||||
\
|
||||
mkdir /var/www/data; \
|
||||
chown -R www-data:root /var/www; \
|
||||
chmod -R g=u /var/www
|
||||
@ -115,36 +102,26 @@ RUN a2enmod rewrite remoteip ;\
|
||||
} > /etc/apache2/conf-available/remoteip.conf;\
|
||||
a2enconf remoteip
|
||||
|
||||
ENV NEXTCLOUD_VERSION 18.0.1
|
||||
ENV NEXTCLOUD_VERSION 13.0.2
|
||||
|
||||
RUN set -ex; \
|
||||
fetchDeps=" \
|
||||
gnupg \
|
||||
dirmngr \
|
||||
"; \
|
||||
apt-get update; \
|
||||
apt-get install -y --no-install-recommends $fetchDeps; \
|
||||
\
|
||||
curl -fsSL -o nextcloud.tar.bz2 \
|
||||
"https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \
|
||||
curl -fsSL -o nextcloud.tar.bz2.asc \
|
||||
"https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \
|
||||
export GNUPGHOME="$(mktemp -d)"; \
|
||||
# gpg key from https://nextcloud.com/nextcloud.asc
|
||||
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
|
||||
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
|
||||
gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
|
||||
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc; \
|
||||
tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
|
||||
gpgconf --kill all; \
|
||||
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
|
||||
rm nextcloud.tar.bz2; \
|
||||
rm -rf /usr/src/nextcloud/updater; \
|
||||
mkdir -p /usr/src/nextcloud/data; \
|
||||
mkdir -p /usr/src/nextcloud/custom_apps; \
|
||||
chmod +x /usr/src/nextcloud/occ; \
|
||||
\
|
||||
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
chmod +x /usr/src/nextcloud/occ
|
||||
|
||||
COPY *.sh upgrade.exclude /
|
||||
COPY *.sh /
|
||||
COPY config/* /usr/src/nextcloud/config/
|
||||
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
@ -23,9 +23,12 @@ if (getenv('SQLITE_DATABASE')) {
|
||||
}
|
||||
|
||||
if ($autoconfig_enabled) {
|
||||
if (getenv('NEXTCLOUD_TABLE_PREFIX')) {
|
||||
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX');
|
||||
}
|
||||
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX') ?: "";
|
||||
|
||||
$AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
|
||||
|
||||
if (getenv('NEXTCLOUD_ADMIN_USER') && getenv('NEXTCLOUD_ADMIN_PASSWORD')) {
|
||||
$AUTOCONFIG["adminlogin"] = getenv('NEXTCLOUD_ADMIN_USER');
|
||||
$AUTOCONFIG["adminpass"] = getenv('NEXTCLOUD_ADMIN_PASSWORD');
|
||||
}
|
||||
}
|
62
13.0/apache/entrypoint.sh
Executable file
62
13.0/apache/entrypoint.sh
Executable file
@ -0,0 +1,62 @@
|
||||
#!/bin/sh
|
||||
set -eu
|
||||
|
||||
# version_greater A B returns whether A > B
|
||||
version_greater() {
|
||||
[ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
|
||||
}
|
||||
|
||||
# return true if specified directory is empty
|
||||
directory_empty() {
|
||||
[ -z "$(ls -A "$1/")" ]
|
||||
}
|
||||
|
||||
run_as() {
|
||||
if [ "$(id -u)" = 0 ]; then
|
||||
su - www-data -s /bin/sh -c "$1"
|
||||
else
|
||||
sh -c "$1"
|
||||
fi
|
||||
}
|
||||
|
||||
installed_version="0.0.0.0"
|
||||
if [ -f /var/www/html/version.php ]; then
|
||||
# shellcheck disable=SC2016
|
||||
installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
|
||||
fi
|
||||
# shellcheck disable=SC2016
|
||||
image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
|
||||
|
||||
if version_greater "$installed_version" "$image_version"; then
|
||||
echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if version_greater "$image_version" "$installed_version"; then
|
||||
if [ "$installed_version" != "0.0.0.0" ]; then
|
||||
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
|
||||
fi
|
||||
if [ "$(id -u)" = 0 ]; then
|
||||
rsync_options="-rlDog --chown www-data:root"
|
||||
else
|
||||
rsync_options="-rlD"
|
||||
fi
|
||||
rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/
|
||||
|
||||
for dir in config data custom_apps themes; do
|
||||
if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
|
||||
rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
|
||||
fi
|
||||
done
|
||||
|
||||
if [ "$installed_version" != "0.0.0.0" ]; then
|
||||
run_as 'php /var/www/html/occ upgrade --no-app-disable'
|
||||
|
||||
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
|
||||
echo "The following apps have beed disabled:"
|
||||
diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
|
||||
rm -f /tmp/list_before /tmp/list_after
|
||||
fi
|
||||
fi
|
||||
|
||||
exec "$@"
|
@ -1,5 +1,5 @@
|
||||
# DO NOT EDIT: created by update.sh from Dockerfile-alpine.template
|
||||
FROM php:7.3-fpm-alpine3.11
|
||||
FROM php:7.1-fpm-alpine
|
||||
|
||||
# entrypoint.sh and cron.sh dependencies
|
||||
RUN set -ex; \
|
||||
@ -9,58 +9,50 @@ RUN set -ex; \
|
||||
; \
|
||||
\
|
||||
rm /var/spool/cron/crontabs/root; \
|
||||
echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
|
||||
echo '*/15 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
|
||||
|
||||
# install the PHP extensions we need
|
||||
# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
|
||||
# see https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html
|
||||
RUN set -ex; \
|
||||
\
|
||||
apk add --no-cache --virtual .build-deps \
|
||||
$PHPIZE_DEPS \
|
||||
alpine-sdk \
|
||||
autoconf \
|
||||
freetype-dev \
|
||||
icu-dev \
|
||||
libevent-dev \
|
||||
libjpeg-turbo-dev \
|
||||
libmcrypt-dev \
|
||||
libpng-dev \
|
||||
libmemcached-dev \
|
||||
libxml2-dev \
|
||||
libzip-dev \
|
||||
openldap-dev \
|
||||
pcre-dev \
|
||||
postgresql-dev \
|
||||
imagemagick-dev \
|
||||
libwebp-dev \
|
||||
gmp-dev \
|
||||
; \
|
||||
\
|
||||
docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr --with-webp-dir=/usr; \
|
||||
docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
|
||||
docker-php-ext-configure ldap; \
|
||||
docker-php-ext-install -j "$(nproc)" \
|
||||
docker-php-ext-install \
|
||||
exif \
|
||||
gd \
|
||||
intl \
|
||||
ldap \
|
||||
mcrypt \
|
||||
opcache \
|
||||
pcntl \
|
||||
pdo_mysql \
|
||||
pdo_pgsql \
|
||||
zip \
|
||||
gmp \
|
||||
; \
|
||||
\
|
||||
# pecl will claim success even if one install fails, so we need to perform each install separately
|
||||
pecl install APCu-5.1.18; \
|
||||
pecl install memcached-3.1.5; \
|
||||
pecl install redis-4.3.0; \
|
||||
pecl install imagick-3.4.4; \
|
||||
\
|
||||
pecl install \
|
||||
APCu-5.1.11 \
|
||||
memcached-3.0.4 \
|
||||
redis-3.1.6 \
|
||||
; \
|
||||
docker-php-ext-enable \
|
||||
apcu \
|
||||
memcached \
|
||||
redis \
|
||||
imagick \
|
||||
; \
|
||||
\
|
||||
runDeps="$( \
|
||||
@ -76,6 +68,7 @@ RUN set -ex; \
|
||||
# see https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
|
||||
RUN { \
|
||||
echo 'opcache.enable=1'; \
|
||||
echo 'opcache.enable_cli=1'; \
|
||||
echo 'opcache.interned_strings_buffer=8'; \
|
||||
echo 'opcache.max_accelerated_files=10000'; \
|
||||
echo 'opcache.memory_consumption=128'; \
|
||||
@ -83,10 +76,6 @@ RUN { \
|
||||
echo 'opcache.revalidate_freq=1'; \
|
||||
} > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
|
||||
\
|
||||
echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \
|
||||
\
|
||||
echo 'memory_limit=512M' > /usr/local/etc/php/conf.d/memory-limit.ini; \
|
||||
\
|
||||
mkdir /var/www/data; \
|
||||
chown -R www-data:root /var/www; \
|
||||
chmod -R g=u /var/www
|
||||
@ -94,7 +83,7 @@ RUN { \
|
||||
VOLUME /var/www/html
|
||||
|
||||
|
||||
ENV NEXTCLOUD_VERSION 18.0.1
|
||||
ENV NEXTCLOUD_VERSION 13.0.2
|
||||
|
||||
RUN set -ex; \
|
||||
apk add --no-cache --virtual .fetch-deps \
|
||||
@ -108,18 +97,18 @@ RUN set -ex; \
|
||||
"https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \
|
||||
export GNUPGHOME="$(mktemp -d)"; \
|
||||
# gpg key from https://nextcloud.com/nextcloud.asc
|
||||
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
|
||||
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
|
||||
gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
|
||||
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc; \
|
||||
tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
|
||||
gpgconf --kill all; \
|
||||
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
|
||||
rm nextcloud.tar.bz2; \
|
||||
rm -rf /usr/src/nextcloud/updater; \
|
||||
mkdir -p /usr/src/nextcloud/data; \
|
||||
mkdir -p /usr/src/nextcloud/custom_apps; \
|
||||
chmod +x /usr/src/nextcloud/occ; \
|
||||
apk del .fetch-deps
|
||||
|
||||
COPY *.sh upgrade.exclude /
|
||||
COPY *.sh /
|
||||
COPY config/* /usr/src/nextcloud/config/
|
||||
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
34
13.0/fpm-alpine/config/autoconfig.php
Normal file
34
13.0/fpm-alpine/config/autoconfig.php
Normal file
@ -0,0 +1,34 @@
|
||||
<?php
|
||||
|
||||
$autoconfig_enabled = false;
|
||||
|
||||
if (getenv('SQLITE_DATABASE')) {
|
||||
$AUTOCONFIG["dbtype"] = "sqlite";
|
||||
$AUTOCONFIG["dbname"] = getenv('SQLITE_DATABASE');
|
||||
$autoconfig_enabled = true;
|
||||
} elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) {
|
||||
$AUTOCONFIG["dbtype"] = "mysql";
|
||||
$AUTOCONFIG["dbname"] = getenv('MYSQL_DATABASE');
|
||||
$AUTOCONFIG["dbuser"] = getenv('MYSQL_USER');
|
||||
$AUTOCONFIG["dbpass"] = getenv('MYSQL_PASSWORD');
|
||||
$AUTOCONFIG["dbhost"] = getenv('MYSQL_HOST');
|
||||
$autoconfig_enabled = true;
|
||||
} elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) {
|
||||
$AUTOCONFIG["dbtype"] = "pgsql";
|
||||
$AUTOCONFIG["dbname"] = getenv('POSTGRES_DB');
|
||||
$AUTOCONFIG["dbuser"] = getenv('POSTGRES_USER');
|
||||
$AUTOCONFIG["dbpass"] = getenv('POSTGRES_PASSWORD');
|
||||
$AUTOCONFIG["dbhost"] = getenv('POSTGRES_HOST');
|
||||
$autoconfig_enabled = true;
|
||||
}
|
||||
|
||||
if ($autoconfig_enabled) {
|
||||
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX') ?: "";
|
||||
|
||||
$AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
|
||||
|
||||
if (getenv('NEXTCLOUD_ADMIN_USER') && getenv('NEXTCLOUD_ADMIN_PASSWORD')) {
|
||||
$AUTOCONFIG["adminlogin"] = getenv('NEXTCLOUD_ADMIN_USER');
|
||||
$AUTOCONFIG["adminpass"] = getenv('NEXTCLOUD_ADMIN_PASSWORD');
|
||||
}
|
||||
}
|
8
13.0/fpm-alpine/config/redis.config.php
Normal file
8
13.0/fpm-alpine/config/redis.config.php
Normal file
@ -0,0 +1,8 @@
|
||||
<?php
|
||||
$CONFIG = array (
|
||||
'memcache.locking' => '\OC\Memcache\Redis',
|
||||
'redis' => array(
|
||||
'host' => 'redis',
|
||||
'port' => 6379,
|
||||
),
|
||||
);
|
62
13.0/fpm-alpine/entrypoint.sh
Executable file
62
13.0/fpm-alpine/entrypoint.sh
Executable file
@ -0,0 +1,62 @@
|
||||
#!/bin/sh
|
||||
set -eu
|
||||
|
||||
# version_greater A B returns whether A > B
|
||||
version_greater() {
|
||||
[ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
|
||||
}
|
||||
|
||||
# return true if specified directory is empty
|
||||
directory_empty() {
|
||||
[ -z "$(ls -A "$1/")" ]
|
||||
}
|
||||
|
||||
run_as() {
|
||||
if [ "$(id -u)" = 0 ]; then
|
||||
su - www-data -s /bin/sh -c "$1"
|
||||
else
|
||||
sh -c "$1"
|
||||
fi
|
||||
}
|
||||
|
||||
installed_version="0.0.0.0"
|
||||
if [ -f /var/www/html/version.php ]; then
|
||||
# shellcheck disable=SC2016
|
||||
installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
|
||||
fi
|
||||
# shellcheck disable=SC2016
|
||||
image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
|
||||
|
||||
if version_greater "$installed_version" "$image_version"; then
|
||||
echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if version_greater "$image_version" "$installed_version"; then
|
||||
if [ "$installed_version" != "0.0.0.0" ]; then
|
||||
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
|
||||
fi
|
||||
if [ "$(id -u)" = 0 ]; then
|
||||
rsync_options="-rlDog --chown www-data:root"
|
||||
else
|
||||
rsync_options="-rlD"
|
||||
fi
|
||||
rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/
|
||||
|
||||
for dir in config data custom_apps themes; do
|
||||
if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
|
||||
rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
|
||||
fi
|
||||
done
|
||||
|
||||
if [ "$installed_version" != "0.0.0.0" ]; then
|
||||
run_as 'php /var/www/html/occ upgrade --no-app-disable'
|
||||
|
||||
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
|
||||
echo "The following apps have beed disabled:"
|
||||
diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
|
||||
rm -f /tmp/list_before /tmp/list_after
|
||||
fi
|
||||
fi
|
||||
|
||||
exec "$@"
|
@ -1,5 +1,5 @@
|
||||
# DO NOT EDIT: created by update.sh from Dockerfile-debian.template
|
||||
FROM php:7.3-fpm-buster
|
||||
FROM php:7.1-fpm
|
||||
|
||||
# entrypoint.sh and cron.sh dependencies
|
||||
RUN set -ex; \
|
||||
@ -13,10 +13,10 @@ RUN set -ex; \
|
||||
rm -rf /var/lib/apt/lists/*; \
|
||||
\
|
||||
mkdir -p /var/spool/cron/crontabs; \
|
||||
echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
|
||||
echo '*/15 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
|
||||
|
||||
# install the PHP extensions we need
|
||||
# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
|
||||
# see https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html
|
||||
RUN set -ex; \
|
||||
\
|
||||
savedAptMark="$(apt-mark showmanual)"; \
|
||||
@ -24,51 +24,41 @@ RUN set -ex; \
|
||||
apt-get update; \
|
||||
apt-get install -y --no-install-recommends \
|
||||
libcurl4-openssl-dev \
|
||||
libevent-dev \
|
||||
libfreetype6-dev \
|
||||
libicu-dev \
|
||||
libjpeg-dev \
|
||||
libldap2-dev \
|
||||
libmcrypt-dev \
|
||||
libmemcached-dev \
|
||||
libpng-dev \
|
||||
libpng12-dev \
|
||||
libpq-dev \
|
||||
libxml2-dev \
|
||||
libmagickwand-dev \
|
||||
libzip-dev \
|
||||
libwebp-dev \
|
||||
libgmp-dev \
|
||||
; \
|
||||
\
|
||||
debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \
|
||||
if [ ! -e /usr/include/gmp.h ]; then ln -s /usr/include/$debMultiarch/gmp.h /usr/include/gmp.h; fi;\
|
||||
docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr --with-webp-dir=/usr; \
|
||||
docker-php-ext-configure gmp --with-gmp="/usr/include/$debMultiarch"; \
|
||||
docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
|
||||
docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \
|
||||
docker-php-ext-install -j "$(nproc)" \
|
||||
docker-php-ext-install \
|
||||
exif \
|
||||
gd \
|
||||
intl \
|
||||
ldap \
|
||||
mcrypt \
|
||||
opcache \
|
||||
pcntl \
|
||||
pdo_mysql \
|
||||
pdo_pgsql \
|
||||
zip \
|
||||
gmp \
|
||||
; \
|
||||
\
|
||||
# pecl will claim success even if one install fails, so we need to perform each install separately
|
||||
pecl install APCu-5.1.18; \
|
||||
pecl install memcached-3.1.5; \
|
||||
pecl install redis-4.3.0; \
|
||||
pecl install imagick-3.4.4; \
|
||||
\
|
||||
pecl install \
|
||||
APCu-5.1.11 \
|
||||
memcached-3.0.4 \
|
||||
redis-3.1.6 \
|
||||
; \
|
||||
docker-php-ext-enable \
|
||||
apcu \
|
||||
memcached \
|
||||
redis \
|
||||
imagick \
|
||||
; \
|
||||
\
|
||||
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
|
||||
@ -89,6 +79,7 @@ RUN set -ex; \
|
||||
# see https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
|
||||
RUN { \
|
||||
echo 'opcache.enable=1'; \
|
||||
echo 'opcache.enable_cli=1'; \
|
||||
echo 'opcache.interned_strings_buffer=8'; \
|
||||
echo 'opcache.max_accelerated_files=10000'; \
|
||||
echo 'opcache.memory_consumption=128'; \
|
||||
@ -96,48 +87,35 @@ RUN { \
|
||||
echo 'opcache.revalidate_freq=1'; \
|
||||
} > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
|
||||
\
|
||||
echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \
|
||||
\
|
||||
echo 'memory_limit=512M' > /usr/local/etc/php/conf.d/memory-limit.ini; \
|
||||
\
|
||||
mkdir /var/www/data; \
|
||||
mkdir /data; \
|
||||
chown -R www-data:root /data; \
|
||||
chown -R www-data:root /var/www; \
|
||||
chmod -R g=u /var/www
|
||||
|
||||
VOLUME /var/www/html
|
||||
|
||||
|
||||
ENV NEXTCLOUD_VERSION 17.0.3
|
||||
ENV NEXTCLOUD_VERSION 13.0.2
|
||||
|
||||
RUN set -ex; \
|
||||
fetchDeps=" \
|
||||
gnupg \
|
||||
dirmngr \
|
||||
"; \
|
||||
apt-get update; \
|
||||
apt-get install -y --no-install-recommends $fetchDeps; \
|
||||
\
|
||||
curl -fsSL -o nextcloud.tar.bz2 \
|
||||
"https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \
|
||||
curl -fsSL -o nextcloud.tar.bz2.asc \
|
||||
"https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \
|
||||
export GNUPGHOME="$(mktemp -d)"; \
|
||||
# gpg key from https://nextcloud.com/nextcloud.asc
|
||||
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
|
||||
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
|
||||
gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
|
||||
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc; \
|
||||
tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
|
||||
gpgconf --kill all; \
|
||||
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
|
||||
rm nextcloud.tar.bz2; \
|
||||
rm -rf /usr/src/nextcloud/updater; \
|
||||
mkdir -p /usr/src/nextcloud/data; \
|
||||
mkdir -p /usr/src/nextcloud/custom_apps; \
|
||||
chmod +x /usr/src/nextcloud/occ; \
|
||||
\
|
||||
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
chmod +x /usr/src/nextcloud/occ
|
||||
|
||||
COPY *.sh upgrade.exclude /
|
||||
COPY *.sh /
|
||||
COPY config/* /usr/src/nextcloud/config/
|
||||
|
||||
#HEALTHCHECK --interval=1s --timeout=3s --retries=16 \
|
||||
#CMD test $(ps ax | grep php-fpm | grep -v grep | wc -l) -gt 0 && echo okay
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
||||
CMD ["php-fpm"]
|
66
13.0/fpm/config/autoconfig.php
Normal file
66
13.0/fpm/config/autoconfig.php
Normal file
@ -0,0 +1,66 @@
|
||||
<?php
|
||||
|
||||
$autoconfig_enabled = false;
|
||||
if (getenv('SQLITE_DATABASE')) {
|
||||
$AUTOCONFIG["dbtype"] = "sqlite";
|
||||
$AUTOCONFIG["dbname"] = getenv('SQLITE_DATABASE');
|
||||
$autoconfig_enabled = true;
|
||||
}elseif (getenv('MYSQL_ROOT_PASSWORD') && getenv('MYSQL_ROOT_USER') && getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) {
|
||||
$root_user = getenv('MYSQL_ROOT_USER');
|
||||
$root_password = getenv('MYSQL_ROOT_PASSWORD');
|
||||
$user = getenv('MYSQL_USER');
|
||||
$password = getenv('MYSQL_PASSWORD');
|
||||
$database = getenv('MYSQL_DATABASE');
|
||||
$host = getenv('MYSQL_HOST');
|
||||
// Erase root environment variables
|
||||
putenv('MYSQL_ROOT_USER');
|
||||
putenv('MYSQL_ROOT_PASSWORD');
|
||||
// Create connection
|
||||
$connection = new mysqli($host, $root_user, $root_password);
|
||||
// Check connection
|
||||
if ($connection->connect_error) {
|
||||
die("Connection failed: " . $connection->connect_error);
|
||||
}
|
||||
|
||||
// Create database
|
||||
$create_database = "CREATE DATABASE " .$database;
|
||||
$create_user = "GRANT ALL PRIVILEGES ON " .$database. ".* TO '" .$user."'@'%' IDENTIFIED BY '" .$password. "';";
|
||||
if ($connection->query($create_database) && $connection->query($create_user)) {
|
||||
$AUTOCONFIG["dbtype"] = "mysql";
|
||||
$AUTOCONFIG["dbname"] = getenv('MYSQL_DATABASE');
|
||||
$AUTOCONFIG["dbuser"] = getenv('MYSQL_USER');
|
||||
$AUTOCONFIG["dbpass"] = getenv('MYSQL_PASSWORD');
|
||||
$AUTOCONFIG["dbhost"] = getenv('MYSQL_HOST');
|
||||
$autoconfig_enabled = true;
|
||||
} else {
|
||||
echo "Error creating database: " . $connection->error;
|
||||
}
|
||||
|
||||
$connection->close();
|
||||
|
||||
} elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) {
|
||||
$AUTOCONFIG["dbtype"] = "mysql";
|
||||
$AUTOCONFIG["dbname"] = getenv('MYSQL_DATABASE');
|
||||
$AUTOCONFIG["dbuser"] = getenv('MYSQL_USER');
|
||||
$AUTOCONFIG["dbpass"] = getenv('MYSQL_PASSWORD');
|
||||
$AUTOCONFIG["dbhost"] = getenv('MYSQL_HOST');
|
||||
$autoconfig_enabled = true;
|
||||
} elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) {
|
||||
$AUTOCONFIG["dbtype"] = "pgsql";
|
||||
$AUTOCONFIG["dbname"] = getenv('POSTGRES_DB');
|
||||
$AUTOCONFIG["dbuser"] = getenv('POSTGRES_USER');
|
||||
$AUTOCONFIG["dbpass"] = getenv('POSTGRES_PASSWORD');
|
||||
$AUTOCONFIG["dbhost"] = getenv('POSTGRES_HOST');
|
||||
$autoconfig_enabled = true;
|
||||
}
|
||||
|
||||
if ($autoconfig_enabled) {
|
||||
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX') ?: "";
|
||||
|
||||
$AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
|
||||
|
||||
if (getenv('NEXTCLOUD_ADMIN_USER') && getenv('NEXTCLOUD_ADMIN_PASSWORD')) {
|
||||
$AUTOCONFIG["adminlogin"] = getenv('NEXTCLOUD_ADMIN_USER');
|
||||
$AUTOCONFIG["adminpass"] = getenv('NEXTCLOUD_ADMIN_PASSWORD');
|
||||
}
|
||||
}
|
8
13.0/fpm/config/redis.config.php
Normal file
8
13.0/fpm/config/redis.config.php
Normal file
@ -0,0 +1,8 @@
|
||||
<?php
|
||||
$CONFIG = array (
|
||||
'memcache.locking' => '\OC\Memcache\Redis',
|
||||
'redis' => array(
|
||||
'host' => 'redis',
|
||||
'port' => 6379,
|
||||
),
|
||||
);
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user