adphi/Nextcloud-Docker
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: adphi:6c1044fef4482e6b2303e850c12befa1a4edc666
Branches Tags
adphi:master
..
compare: adphi:3086c9db9b92208247baab04d4871a433792efd5
Branches Tags
adphi:master

5 Commits
6c1044fef4 ... 3086c9db9b

Author SHA1 Message Date
adphi
3086c9db9b Merge branch 'master' of https://github.com/nextcloud/docker 2018-05-11 09:17:00 +02:00
adphi
4ee1cf73f1 Add redis conf to fpm-alpine 2018-05-09 12:57:04 +02:00
adphi
5466e98fb4 Removed MYSQL_ROOT env vars after db initialization 2018-05-09 11:49:26 +02:00
Adphi
34ff0135d9 Add MYSQL_ROOT_PASSWORD and MYSQL_ROOT_USER environement variables documentation 2018-04-27 09:11:15 +02:00
adphi
324e6abd46 Added auto database and user creation 2018-04-26 17:06:50 +02:00
253 changed files with 1170 additions and 8306 deletions
Show Stats Expand all files Collapse all files

9
.config/autoconfig.php
View File

@ -23,9 +23,12 @@ if (getenv('SQLITE_DATABASE')) {
}
if ($autoconfig_enabled) {
if (getenv('NEXTCLOUD_TABLE_PREFIX')) {
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX');
}
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX') ?: "";
$AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
if (getenv('NEXTCLOUD_ADMIN_USER') && getenv('NEXTCLOUD_ADMIN_PASSWORD')) {
$AUTOCONFIG["adminlogin"] = getenv('NEXTCLOUD_ADMIN_USER');
$AUTOCONFIG["adminpass"] = getenv('NEXTCLOUD_ADMIN_PASSWORD');
}
}

17
.config/redis.config.php
View File

@ -1,17 +0,0 @@
<?php
if (getenv('REDIS_HOST')) {
$CONFIG = array (
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => getenv('REDIS_HOST'),
'password' => getenv('REDIS_HOST_PASSWORD'),
),
);
if (getenv('REDIS_HOST_PORT') !== false) {
$CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
} elseif (getenv('REDIS_HOST')[0] != '/') {
$CONFIG['redis']['port'] = 6379;
}
}

15
.config/smtp.config.php
View File

@ -1,15 +0,0 @@
<?php
if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) {
$CONFIG = array (
'mail_smtpmode' => 'smtp',
'mail_smtphost' => getenv('SMTP_HOST'),
'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'),
'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
'mail_smtpname' => getenv('SMTP_NAME') ?: '',
'mail_smtppassword' => getenv('SMTP_PASSWORD') ?: '',
'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
'mail_domain' => getenv('MAIL_DOMAIN'),
);
}

52
.examples/README.md
View File

@ -13,7 +13,7 @@ The Dockerfiles use the default images as base image and build on top of it.
Example | Description
------- | -------
[cron](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/cron) | uses supervisor to run the cron job inside the container (so no extra container is needed). This image runs `supervisord` to start nextcloud and cron as two seperate processes inside the container.
[cron](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/cron) | uses supervisor to run the cron job inside the container (so no extra container is needed).
[imap](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/imap) | adds dependencies required to authenticate users via imap
[smb](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/smb) | adds dependencies required to use smb shares
[full](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/full) | adds dependencies for ALL optional packages and cron functionality via supervisor (as in the `cron` example Dockerfile).
@ -21,46 +21,49 @@ Example | Description
### full
The `full` Dockerfile example adds dependencies for all optional packages suggested by nextcloud that may be needed for some features (e.g. Video Preview Generation), as stated in the [Administration Manual](https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html).
NOTE: The Dockerfile does not install the LibreOffice package (line is commented), because it would increase the generated Image size by approximately 500 MB. In order to install it, simply uncomment the appropriate line in the Dockerfile.
NOTE: The Dockerfile does not install the LibreOffice package (line is commented), because it would increase the generated Image size by approximately 500 MB. In order to install it, simply uncomment the 13th line of the Dockerfile.</br>
NOTE: Per default, only previews for BMP, GIF, JPEG, MarkDown, MP3, PNG, TXT, and XBitmap Files are generated. The configuration of the preview generation can be done in config.php, as explained in the [Administration Manual](https://docs.nextcloud.com/server/12/admin_manual/configuration_server/config_sample_php_parameters.html#previews)
NOTE: Per default, only previews for BMP, GIF, JPEG, MarkDown, MP3, PNG, TXT, and XBitmap Files are generated. The configuration of the preview generation can be done in config.php, as explained in the [Administration Manual](https://docs.nextcloud.com/server/12/admin_manual/configuration_server/config_sample_php_parameters.html#previews)</br>
NOTE: Nextcloud recommends [disabling preview generation](https://docs.nextcloud.com/server/12/admin_manual/configuration_server/harden_server.html?highlight=enabledpreviewproviders#disable-preview-image-generation) for high security deployments, as preview generation opens your nextcloud instance to new possible attack vectors.
NOTE: Nextcloud recommends [disabling preview generation](https://docs.nextcloud.com/server/12/admin_manual/configuration_server/harden_server.html?highlight=enabledpreviewproviders#disable-preview-image-generation) for high security deployments, as preview generation opens your nextcloud instance to new possible attack vectors.</br>
The required steps for each optional/recommended package that is not already in the Nextcloud image are listed here, so that the Dockerfile can easily be modified to only install the needed extra packages. Simply remove the steps for the unwanted packages from the Dockerfile.
#### PHP Module bz2
`docker-php-ext-install bz2`
`docker-php-ext-install bz2` </br>
#### PHP Module imagick
`apt install libmagickwand-dev` </br>
`pecl install imagick` </br>
`docker-php-ext-enable imagick` </br>
#### PHP Module imap
`apt install libc-client-dev libkrb5-dev`
`docker-php-ext-configure imap --with-kerberos --with-imap-ssl`
`docker-php-ext-install imap`
`apt install libc-client-dev libkrb5-dev` </br>
`docker-php-ext-configure imap --with-kerberos --with-imap-ssl` </br>
`docker-php-ext-install imap` </br>
#### PHP Module gmp
`apt install libgmp3-dev`
`docker-php-ext-install gmp`
`apt install libgmp3-dev` </br>
`docker-php-ext-install gmp` </br>
#### PHP Module smbclient
`apt install smbclient libsmbclient-dev`
`pecl install smbclient`
`docker-php-ext-enable smbclient`
`apt install smbclient libsmbclient-dev` </br>
`pecl install smbclient` </br>
`docker-php-ext-enable smbclient` </br>
#### ffmpeg
`apt install ffmpeg`
#### imagemagick SVG support
`apt install libmagickcore-6.q16-6-extra`
`echo "deb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/sources.list` </br>
`apt install ffmpeg` </br>
#### LibreOffice
`apt install libreoffice`
`apt install LibreOffice` </br>
#### CRON via supervisor
`apt install supervisor`
`mkdir /var/log/supervisord /var/run/supervisord`
The following Dockerfile commands are also necessary for a sucessfull cron installation:
`COPY supervisord.conf /etc/supervisor/supervisord.conf`
`CMD ["/usr/bin/supervisord"]`
`apt install supervisor` </br>
`mkdir /var/log/supervisord /var/run/supervisord` </br>
The following Dockerfile commands are also necessary for a sucessfull cron installation: </br>
`COPY supervisord.conf /etc/supervisor/supervisord.conf` </br>
`CMD ["/usr/bin/supervisord"]` </br>
@ -89,12 +92,9 @@ If you want to update your installation to a newer version of nextcloud, repeat
### with-nginx-proxy
The nginx proxy adds a proxy layer between nextcloud and the internet. The proxy is designed to serve multiple sites on the same host machine.
The advantage in adding this layer is the ability to add a container for [Let's Encrypt](https://letsencrypt.org/) certificate handling.
This combination of the [jwilder/nginx-proxy](https://github.com/jwilder/nginx-proxy) and [jrcs/docker-letsencrypt-nginx-proxy-companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion) containers creates a fully automated https encryption of the nextcloud installation without worrying about certificate generation, validation or renewal.
**This setup only works with a valid domain name on a server that is reachable from the internet.**
To use this example complete the following steps:
1. open `docker-compose.yml`

3
.examples/docker-compose/insecure/mariadb-cron-redis/apache/app/Dockerfile Normal file
View File

@ -0,0 +1,3 @@
FROM nextcloud:apache
COPY redis.config.php /usr/src/nextcloud/config/redis.config.php

8
.examples/docker-compose/insecure/mariadb-cron-redis/apache/app/redis.config.php Normal file
View File

@ -0,0 +1,8 @@
<?php
$CONFIG = array (
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => 'redis',
'port' => 6379,
),
);

7
.examples/docker-compose/insecure/mariadb-cron-redis/apache/docker-compose.yml
View File

@ -13,11 +13,11 @@ services:
- db.env
redis:
image: redis:alpine
image: redis
restart: always
app:
image: nextcloud:apache
build: ./app
restart: always
ports:
- 8080:80
@ -25,7 +25,6 @@ services:
- nextcloud:/var/www/html
environment:
- MYSQL_HOST=db
- REDIS_HOST=redis
env_file:
- db.env
depends_on:
@ -33,7 +32,7 @@ services:
- redis
cron:
image: nextcloud:apache
build: ./app
restart: always
volumes:
- nextcloud:/var/www/html

3
.examples/docker-compose/insecure/mariadb-cron-redis/fpm/app/Dockerfile Normal file
View File

@ -0,0 +1,3 @@
FROM nextcloud:fpm
COPY redis.config.php /usr/src/nextcloud/config/redis.config.php

8
.examples/docker-compose/insecure/mariadb-cron-redis/fpm/app/redis.config.php Normal file
View File

@ -0,0 +1,8 @@
<?php
$CONFIG = array (
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => 'redis',
'port' => 6379,
),
);

7
.examples/docker-compose/insecure/mariadb-cron-redis/fpm/docker-compose.yml
View File

@ -13,17 +13,16 @@ services:
- db.env
redis:
image: redis:alpine
image: redis
restart: always
app:
image: nextcloud:fpm-alpine
build: ./app
restart: always
volumes:
- nextcloud:/var/www/html
environment:
- MYSQL_HOST=db
- REDIS_HOST=redis
env_file:
- db.env
depends_on:
@ -41,7 +40,7 @@ services:
- app
cron:
image: nextcloud:fpm-alpine
build: ./app
restart: always
volumes:
- nextcloud:/var/www/html

2
.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/Dockerfile
View File

@ -1,3 +1,3 @@
FROM nginx:alpine
FROM nginx
COPY nginx.conf /etc/nginx/nginx.conf

82
.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/nginx.conf
View File

@ -1,4 +1,5 @@
worker_processes auto;
user www-data;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
@ -36,25 +37,20 @@ http {
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/html;
location = /robots.txt {
@ -66,18 +62,14 @@ http {
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/remote.php/dav;
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/remote.php/dav;
return 301 $scheme://$host/remote.php/dav;
}
# set max upload size
@ -97,72 +89,66 @@ http {
#pagespeed off;
location / {
rewrite ^ /index.php;
rewrite ^ /index.php$uri;
}
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param PATH_INFO $fastcgi_path_info;
# fastcgi_param HTTPS on;
# Avoid sending the security headers twice
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js, css and map files
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
location ~ \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
try_files $uri /index.php$request_uri;
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
}
}

2
.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml
View File

@ -13,7 +13,7 @@ services:
- db.env
app:
image: nextcloud:fpm-alpine
image: nextcloud:fpm
restart: always
volumes:
- nextcloud:/var/www/html

2
.examples/docker-compose/insecure/mariadb/fpm/web/Dockerfile
View File

@ -1,3 +1,3 @@
FROM nginx:alpine
FROM nginx
COPY nginx.conf /etc/nginx/nginx.conf

82
.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf
View File

@ -1,4 +1,5 @@
worker_processes auto;
user www-data;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
@ -36,25 +37,20 @@ http {
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/html;
location = /robots.txt {
@ -66,18 +62,14 @@ http {
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/remote.php/dav;
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/remote.php/dav;
return 301 $scheme://$host/remote.php/dav;
}
# set max upload size
@ -97,72 +89,66 @@ http {
#pagespeed off;
location / {
rewrite ^ /index.php;
rewrite ^ /index.php$uri;
}
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param PATH_INFO $fastcgi_path_info;
# fastcgi_param HTTPS on;
# Avoid sending the security headers twice
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js, css and map files
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
location ~ \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
try_files $uri /index.php$request_uri;
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
}
}

2
.examples/docker-compose/insecure/postgres/apache/docker-compose.yml
View File

@ -2,7 +2,7 @@ version: '3'
services:
db:
image: postgres:alpine
image: postgres
restart: always
volumes:
- db:/var/lib/postgresql/data

4
.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml
View File

@ -2,7 +2,7 @@ version: '3'
services:
db:
image: postgres:alpine
image: postgres
restart: always
volumes:
- db:/var/lib/postgresql/data
@ -10,7 +10,7 @@ services:
- db.env
app:
image: nextcloud:fpm-alpine
image: nextcloud:fpm
restart: always
volumes:
- nextcloud:/var/www/html

2
.examples/docker-compose/insecure/postgres/fpm/web/Dockerfile
View File

@ -1,3 +1,3 @@
FROM nginx:alpine
FROM nginx
COPY nginx.conf /etc/nginx/nginx.conf

82
.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf
View File

@ -1,4 +1,5 @@
worker_processes auto;
user www-data;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
@ -36,25 +37,20 @@ http {
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/html;
location = /robots.txt {
@ -66,18 +62,14 @@ http {
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/remote.php/dav;
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/remote.php/dav;
return 301 $scheme://$host/remote.php/dav;
}
# set max upload size
@ -97,72 +89,66 @@ http {
#pagespeed off;
location / {
rewrite ^ /index.php;
rewrite ^ /index.php$uri;
}
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param PATH_INFO $fastcgi_path_info;
# fastcgi_param HTTPS on;
# Avoid sending the security headers twice
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js, css and map files
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
location ~ \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
try_files $uri /index.php$request_uri;
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
}
}

3
.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/db.env
View File

@ -1,3 +0,0 @@
MYSQL_PASSWORD=
MYSQL_DATABASE=nextcloud
MYSQL_USER=nextcloud

78
.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/docker-compose.yml
View File

@ -1,78 +0,0 @@
version: '3'
services:
db:
image: mariadb
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
restart: always
volumes:
- db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=
env_file:
- db.env
app:
image: nextcloud:fpm-alpine
restart: always
volumes:
- nextcloud:/var/www/html
environment:
- MYSQL_HOST=db
env_file:
- db.env
depends_on:
- db
web:
build: ./web
restart: always
volumes:
- nextcloud:/var/www/html:ro
environment:
- VIRTUAL_HOST=
depends_on:
- app
networks:
- proxy-tier
- default
proxy:
build: ./proxy
restart: always
ports:
- 80:80
- 443:443
volumes:
- certs:/etc/nginx/certs:ro
- vhost.d:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- /var/run/docker.sock:/tmp/docker.sock:ro
networks:
- proxy-tier
depends_on:
- omgwtfssl
omgwtfssl:
image: paulczar/omgwtfssl
restart: "no"
volumes:
- certs:/certs
environment:
- SSL_SUBJECT=servhostname.local
- CA_SUBJECT=my@example.com
- SSL_KEY=/certs/servhostname.local.key
- SSL_CSR=/certs/servhostname.local.csr
- SSL_CERT=/certs/servhostname.local.crt
networks:
- proxy-tier
volumes:
db:
nextcloud:
certs:
vhost.d:
html:
networks:
proxy-tier:

3
.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/proxy/Dockerfile
View File

@ -1,3 +0,0 @@
FROM jwilder/nginx-proxy:alpine
COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf

2
.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/proxy/uploadsize.conf
View File

@ -1,2 +0,0 @@
client_max_body_size 10G;
proxy_request_buffering off;

3
.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/web/Dockerfile
View File

@ -1,3 +0,0 @@
FROM nginx:alpine
COPY nginx.conf /etc/nginx/nginx.conf

173
.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/web/nginx.conf
View File

@ -1,173 +0,0 @@
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.16.0.0/12;
set_real_ip_from 192.168.0.0/16;
real_ip_header X-Real-IP;
#gzip on;
upstream php-handler {
server app:9000;
}
server {
listen 80;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/html;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
location / {
rewrite ^ /index.php;
}
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
# fastcgi_param HTTPS on;
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js, css and map files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
try_files $uri /index.php$request_uri;
# Optional: Don't log access to other assets
access_log off;
}
}
}

3
.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/app/Dockerfile Normal file
View File

@ -0,0 +1,3 @@
FROM nextcloud:apache
COPY redis.config.php /usr/src/nextcloud/config/redis.config.php

8
.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/app/redis.config.php Normal file
View File

@ -0,0 +1,8 @@
<?php
$CONFIG = array (
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => 'redis',
'port' => 6379,
),
);

7
.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/docker-compose.yml
View File

@ -13,11 +13,11 @@ services:
- db.env
redis:
image: redis:alpine
image: redis
restart: always
app:
image: nextcloud:apache
build: ./app
restart: always
volumes:
- nextcloud:/var/www/html
@ -26,7 +26,6 @@ services:
- LETSENCRYPT_HOST=
- LETSENCRYPT_EMAIL=
- MYSQL_HOST=db
- REDIS_HOST=redis
env_file:
- db.env
depends_on:
@ -37,7 +36,7 @@ services:
- default
cron:
image: nextcloud:apache
build: ./app
restart: always
volumes:
- nextcloud:/var/www/html

1
.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/uploadsize.conf
View File

@ -1,2 +1 @@
client_max_body_size 10G;
proxy_request_buffering off;

3
.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/app/Dockerfile Normal file
View File

@ -0,0 +1,3 @@
FROM nextcloud:fpm
COPY redis.config.php /usr/src/nextcloud/config/redis.config.php

8
.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/app/redis.config.php Normal file
View File

@ -0,0 +1,8 @@
<?php
$CONFIG = array (
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => 'redis',
'port' => 6379,
),
);

7
.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/docker-compose.yml
View File

@ -13,17 +13,16 @@ services:
- db.env
redis:
image: redis:alpine
image: redis
restart: always
app:
image: nextcloud:fpm-alpine
build: ./app
restart: always
volumes:
- nextcloud:/var/www/html
environment:
- MYSQL_HOST=db
- REDIS_HOST=redis
env_file:
- db.env
depends_on:
@ -46,7 +45,7 @@ services:
- default
cron:
image: nextcloud:fpm-alpine
build: ./app
restart: always
volumes:
- nextcloud:/var/www/html

1
.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/uploadsize.conf
View File

@ -1,2 +1 @@
client_max_body_size 10G;
proxy_request_buffering off;

2
.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/Dockerfile
View File

@ -1,3 +1,3 @@
FROM nginx:alpine
FROM nginx
COPY nginx.conf /etc/nginx/nginx.conf

82
.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/nginx.conf
View File

@ -1,4 +1,5 @@
worker_processes auto;
user www-data;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
@ -41,25 +42,20 @@ http {
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/html;
location = /robots.txt {
@ -71,18 +67,14 @@ http {
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/remote.php/dav;
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/remote.php/dav;
return 301 $scheme://$host/remote.php/dav;
}
# set max upload size
@ -102,72 +94,66 @@ http {
#pagespeed off;
location / {
rewrite ^ /index.php;
rewrite ^ /index.php$uri;
}
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param PATH_INFO $fastcgi_path_info;
# fastcgi_param HTTPS on;
# Avoid sending the security headers twice
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js, css and map files
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
location ~ \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
try_files $uri /index.php$request_uri;
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
}
}

1
.examples/docker-compose/with-nginx-proxy/mariadb/apache/proxy/uploadsize.conf
View File

@ -1,2 +1 @@
client_max_body_size 10G;
proxy_request_buffering off;

2
.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml
View File

@ -13,7 +13,7 @@ services:
- db.env
app:
image: nextcloud:fpm-alpine
image: nextcloud:fpm
restart: always
volumes:
- nextcloud:/var/www/html

1
.examples/docker-compose/with-nginx-proxy/mariadb/fpm/proxy/uploadsize.conf
View File

@ -1,2 +1 @@
client_max_body_size 10G;
proxy_request_buffering off;

2
.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/Dockerfile
View File

@ -1,3 +1,3 @@
FROM nginx:alpine
FROM nginx
COPY nginx.conf /etc/nginx/nginx.conf

82
.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf
View File

@ -1,4 +1,5 @@
worker_processes auto;
user www-data;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
@ -41,25 +42,20 @@ http {
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/html;
location = /robots.txt {
@ -71,18 +67,14 @@ http {
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/remote.php/dav;
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/remote.php/dav;
return 301 $scheme://$host/remote.php/dav;
}
# set max upload size
@ -102,72 +94,66 @@ http {
#pagespeed off;
location / {
rewrite ^ /index.php;
rewrite ^ /index.php$uri;
}
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param PATH_INFO $fastcgi_path_info;
# fastcgi_param HTTPS on;
# Avoid sending the security headers twice
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js, css and map files
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
location ~ \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
try_files $uri /index.php$request_uri;
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
}
}

2
.examples/docker-compose/with-nginx-proxy/postgres/apache/docker-compose.yml
View File

@ -2,7 +2,7 @@ version: '3'
services:
db:
image: postgres:alpine
image: postgres
restart: always
volumes:
- db:/var/lib/postgresql/data

1
.examples/docker-compose/with-nginx-proxy/postgres/apache/proxy/uploadsize.conf
View File

@ -1,2 +1 @@
client_max_body_size 10G;
proxy_request_buffering off;

4
.examples/docker-compose/with-nginx-proxy/postgres/fpm/docker-compose.yml
View File

@ -2,7 +2,7 @@ version: '3'
services:
db:
image: postgres:alpine
image: postgres
restart: always
volumes:
- db:/var/lib/postgresql/data
@ -10,7 +10,7 @@ services:
- db.env
app:
image: nextcloud:fpm-alpine
image: nextcloud:fpm
restart: always
volumes:
- nextcloud:/var/www/html

1
.examples/docker-compose/with-nginx-proxy/postgres/fpm/proxy/uploadsize.conf
View File

@ -1,2 +1 @@
client_max_body_size 10G;
proxy_request_buffering off;

2
.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/Dockerfile
View File

@ -1,3 +1,3 @@
FROM nginx:alpine
FROM nginx
COPY nginx.conf /etc/nginx/nginx.conf

82
.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf
View File

@ -1,4 +1,5 @@
worker_processes auto;
user www-data;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
@ -41,25 +42,20 @@ http {
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/html;
location = /robots.txt {
@ -71,18 +67,14 @@ http {
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/remote.php/dav;
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/remote.php/dav;
return 301 $scheme://$host/remote.php/dav;
}
# set max upload size
@ -102,72 +94,66 @@ http {
#pagespeed off;
location / {
rewrite ^ /index.php;
rewrite ^ /index.php$uri;
}
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param PATH_INFO $fastcgi_path_info;
# fastcgi_param HTTPS on;
# Avoid sending the security headers twice
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js, css and map files
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
location ~ \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
try_files $uri /index.php$request_uri;
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
}
}

6
.examples/dockerfiles/cron/apache/Dockerfile
View File

@ -5,8 +5,6 @@ RUN apt-get update && apt-get install -y \
&& rm -rf /var/lib/apt/lists/* \
&& mkdir /var/log/supervisord /var/run/supervisord
COPY supervisord.conf /
COPY supervisord.conf /etc/supervisor/supervisord.conf
ENV NEXTCLOUD_UPDATE=1
CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
CMD ["/usr/bin/supervisord"]

10
.examples/dockerfiles/cron/fpm-alpine/Dockerfile
View File

@ -1,10 +0,0 @@
FROM nextcloud:fpm-alpine
RUN apk add --no-cache supervisor \
&& mkdir /var/log/supervisord /var/run/supervisord
COPY supervisord.conf /
ENV NEXTCLOUD_UPDATE=1
CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]

22
.examples/dockerfiles/cron/fpm-alpine/supervisord.conf
View File

@ -1,22 +0,0 @@
[supervisord]
nodaemon=true
logfile=/var/log/supervisord/supervisord.log
pidfile=/var/run/supervisord/supervisord.pid
childlogdir=/var/log/supervisord/
logfile_maxbytes=50MB ; maximum size of logfile before rotation
logfile_backups=10 ; number of backed up logfiles
loglevel=error
[program:php-fpm]
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
command=php-fpm
[program:cron]
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
command=/cron.sh

6
.examples/dockerfiles/cron/fpm/Dockerfile
View File

@ -5,8 +5,6 @@ RUN apt-get update && apt-get install -y \
&& rm -rf /var/lib/apt/lists/* \
&& mkdir /var/log/supervisord /var/run/supervisord
COPY supervisord.conf /
COPY supervisord.conf /etc/supervisor/supervisord.conf
ENV NEXTCLOUD_UPDATE=1
CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
CMD ["/usr/bin/supervisord"]

67
.examples/dockerfiles/full/apache/Dockerfile
View File

@ -1,59 +1,24 @@
FROM nextcloud:apache
RUN set -ex; \
\
apt-get update; \
apt-get install -y --no-install-recommends \
ffmpeg \
libmagickcore-6.q16-6-extra \
procps \
smbclient \
RUN echo "deb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/sources.list \
&& apt-get update && apt-get install -y \
supervisor \
# libreoffice \
; \
rm -rf /var/lib/apt/lists/*
RUN set -ex; \
\
savedAptMark="$(apt-mark showmanual)"; \
\
apt-get update; \
apt-get install -y --no-install-recommends \
libbz2-dev \
ffmpeg \
libmagickwand-dev \
libgmp3-dev \
libc-client-dev \
libkrb5-dev \
smbclient \
libsmbclient-dev \
; \
\
docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \
docker-php-ext-install \
bz2 \
imap \
; \
pecl install smbclient; \
docker-php-ext-enable smbclient; \
\
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
apt-mark auto '.*' > /dev/null; \
apt-mark manual $savedAptMark; \
ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
| awk '/=>/ { print $3 }' \
| sort -u \
| xargs -r dpkg-query -S \
| cut -d: -f1 \
| sort -u \
| xargs -rt apt-mark manual; \
\
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
rm -rf /var/lib/apt/lists/*
# LibreOffice \
&& rm -rf /var/lib/apt/lists/* \
&& docker-php-ext-configure imap --with-kerberos --with-imap-ssl \
&& ln -s "/usr/include/$(dpkg-architecture --query DEB_BUILD_MULTIARCH)/gmp.h" /usr/include/gmp.h \
&& docker-php-ext-install bz2 gmp imap \
&& pecl install imagick smbclient \
&& docker-php-ext-enable imagick smbclient \
&& mkdir /var/log/supervisord /var/run/supervisord
RUN mkdir -p \
/var/log/supervisord \
/var/run/supervisord \
;
COPY supervisord.conf /etc/supervisor/supervisord.conf
COPY supervisord.conf /
ENV NEXTCLOUD_UPDATE=1
CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
CMD ["/usr/bin/supervisord"]

51
.examples/dockerfiles/full/fpm-alpine/Dockerfile
View File

@ -1,51 +0,0 @@
FROM nextcloud:fpm-alpine
RUN set -ex; \
\
apk add --no-cache \
ffmpeg \
imagemagick \
procps \
samba-client \
supervisor \
# libreoffice \
;
RUN set -ex; \
\
apk add --no-cache --virtual .build-deps \
$PHPIZE_DEPS \
imap-dev \
krb5-dev \
libressl-dev \
samba-dev \
bzip2-dev \
; \
\
docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \
docker-php-ext-install \
bz2 \
imap \
; \
pecl install smbclient; \
docker-php-ext-enable smbclient; \
\
runDeps="$( \
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \
| tr ',' '\n' \
| sort -u \
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
)"; \
apk add --virtual .nextcloud-phpext-rundeps $runDeps; \
apk del .build-deps
RUN mkdir -p \
/var/log/supervisord \
/var/run/supervisord \
;
COPY supervisord.conf /
ENV NEXTCLOUD_UPDATE=1
CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]

22
.examples/dockerfiles/full/fpm-alpine/supervisord.conf
View File

@ -1,22 +0,0 @@
[supervisord]
nodaemon=true
logfile=/var/log/supervisord/supervisord.log
pidfile=/var/run/supervisord/supervisord.pid
childlogdir=/var/log/supervisord/
logfile_maxbytes=50MB ; maximum size of logfile before rotation
logfile_backups=10 ; number of backed up logfiles
loglevel=error
[program:php-fpm]
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
command=php-fpm
[program:cron]
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
command=/cron.sh

67
.examples/dockerfiles/full/fpm/Dockerfile
View File

@ -1,59 +1,24 @@
FROM nextcloud:fpm
RUN set -ex; \
\
apt-get update; \
apt-get install -y --no-install-recommends \
ffmpeg \
libmagickcore-6.q16-6-extra \
procps \
smbclient \
RUN echo "deb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/sources.list \
&& apt-get update && apt-get install -y \
supervisor \
# libreoffice \
; \
rm -rf /var/lib/apt/lists/*
RUN set -ex; \
\
savedAptMark="$(apt-mark showmanual)"; \
\
apt-get update; \
apt-get install -y --no-install-recommends \
libbz2-dev \
ffmpeg \
libmagickwand-dev \
libgmp3-dev \
libc-client-dev \
libkrb5-dev \
smbclient \
libsmbclient-dev \
; \
\
docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \
docker-php-ext-install \
bz2 \
imap \
; \
pecl install smbclient; \
docker-php-ext-enable smbclient; \
\
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
apt-mark auto '.*' > /dev/null; \
apt-mark manual $savedAptMark; \
ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
| awk '/=>/ { print $3 }' \
| sort -u \
| xargs -r dpkg-query -S \
| cut -d: -f1 \
| sort -u \
| xargs -rt apt-mark manual; \
\
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
rm -rf /var/lib/apt/lists/*
# LibreOffice \
&& rm -rf /var/lib/apt/lists/* \
&& docker-php-ext-configure imap --with-kerberos --with-imap-ssl \
&& ln -s "/usr/include/$(dpkg-architecture --query DEB_BUILD_MULTIARCH)/gmp.h" /usr/include/gmp.h \
&& docker-php-ext-install bz2 gmp imap \
&& pecl install imagick smbclient \
&& docker-php-ext-enable imagick smbclient \
&& mkdir /var/log/supervisord /var/run/supervisord
RUN mkdir -p \
/var/log/supervisord \
/var/run/supervisord \
;
COPY supervisord.conf /etc/supervisor/supervisord.conf
COPY supervisord.conf /
ENV NEXTCLOUD_UPDATE=1
CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
CMD ["/usr/bin/supervisord"]

31
.examples/dockerfiles/imap/apache/Dockerfile
View File

@ -1,28 +1,7 @@
FROM nextcloud:apache
RUN set -ex; \
\
savedAptMark="$(apt-mark showmanual)"; \
\
apt-get update; \
apt-get install -y --no-install-recommends \
libc-client-dev \
libkrb5-dev \
; \
\
docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \
docker-php-ext-install imap; \
\
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
apt-mark auto '.*' > /dev/null; \
apt-mark manual $savedAptMark; \
ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
| awk '/=>/ { print $3 }' \
| sort -u \
| xargs -r dpkg-query -S \
| cut -d: -f1 \
| sort -u \
| xargs -rt apt-mark manual; \
\
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
rm -rf /var/lib/apt/lists/*
RUN apt-get update \
&& apt-get install -y libc-client-dev libkrb5-dev \
&& rm -rf /var/lib/apt/lists/* \
&& docker-php-ext-configure imap --with-kerberos --with-imap-ssl \
&& docker-php-ext-install imap

22
.examples/dockerfiles/imap/fpm-alpine/Dockerfile
View File

@ -1,22 +0,0 @@
FROM nextcloud:fpm-alpine
RUN set -ex; \
\
apk add --no-cache --virtual .build-deps \
$PHPIZE_DEPS \
imap-dev \
krb5-dev \
libressl-dev \
; \
\
docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \
docker-php-ext-install imap; \
\
runDeps="$( \
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \
| tr ',' '\n' \
| sort -u \
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
)"; \
apk add --virtual .nextcloud-phpext-rundeps $runDeps; \
apk del .build-deps

31
.examples/dockerfiles/imap/fpm/Dockerfile
View File

@ -1,28 +1,7 @@
FROM nextcloud:fpm
RUN set -ex; \
\
savedAptMark="$(apt-mark showmanual)"; \
\
apt-get update; \
apt-get install -y --no-install-recommends \
libc-client-dev \
libkrb5-dev \
; \
\
docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \
docker-php-ext-install imap; \
\
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
apt-mark auto '.*' > /dev/null; \
apt-mark manual $savedAptMark; \
ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
| awk '/=>/ { print $3 }' \
| sort -u \
| xargs -r dpkg-query -S \
| cut -d: -f1 \
| sort -u \
| xargs -rt apt-mark manual; \
\
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
rm -rf /var/lib/apt/lists/*
RUN apt-get update \
&& apt-get install -y libc-client-dev libkrb5-dev \
&& rm -rf /var/lib/apt/lists/* \
&& docker-php-ext-configure imap --with-kerberos --with-imap-ssl \
&& docker-php-ext-install imap

2
.examples/dockerfiles/smb/apache/Dockerfile
View File

@ -1,3 +1,3 @@
FROM nextcloud:apache
RUN apt-get update && apt-get install -y procps smbclient && rm -rf /var/lib/apt/lists/*
RUN apt-get update && apt-get install -y smbclient && rm -rf /var/lib/apt/lists/*

3
.examples/dockerfiles/smb/fpm-alpine/Dockerfile
View File

@ -1,3 +0,0 @@
FROM nextcloud:fpm-alpine
RUN apk add --no-cache procps samba-client

2
.examples/dockerfiles/smb/fpm/Dockerfile
View File

@ -1,3 +1,3 @@
FROM nextcloud:fpm
RUN apt-get update && apt-get install -y procps smbclient && rm -rf /var/lib/apt/lists/*
RUN apt-get update && apt-get install -y smbclient && rm -rf /var/lib/apt/lists/*

88
.travis.yml
View File

@ -1,60 +1,42 @@
language: bash
dist: trusty
sudo: required
services: docker
language: bash
branches:
only:
- master
# preload images to avoid timeouts in tests
before_install:
- docker pull mariadb:10
- docker pull postgres:11-alpine
install:
- git clone https://github.com/docker-library/official-images.git ~/official-images
before_script:
- env | sort
- wget -qO- 'https://github.com/tianon/pgp-happy-eyeballs/raw/master/hack-my-builds.sh' | bash
- image="nextcloud:${VERSION}${VARIANT:+-$VARIANT}"
- if [[ "$ARCH" == 'i386' ]]; then sed -i -e 's/FROM php/FROM i386\/php/g' "${VERSION}/${VARIANT}/Dockerfile"; fi
script:
- |
(
set -Eeuo pipefail
set -x
travis_retry docker build -t "$image" "${VERSION}/${VARIANT}"
travis_retry ~/official-images/test/run.sh "$image"
.travis/test-example-dockerfiles.sh "$image"
)
- travis_retry docker build -t "$image" "${VERSION}/${VARIANT}"
- ~/official-images/test/run.sh "$image"
- .travis/test-example-dockerfiles.sh "$image"
after_script:
- docker images
jobs:
# https://github.com/docker-library/php/issues/822
allow_failures:
- env: VERSION=15.0 VARIANT=apache ARCH=i386
- env: VERSION=16.0 VARIANT=apache ARCH=i386
- env: VERSION=17.0 VARIANT=apache ARCH=i386
- env: VERSION=18.0 VARIANT=apache ARCH=i386
- env: VERSION=15.0-rc VARIANT=apache ARCH=i386
- env: VERSION=16.0-rc VARIANT=apache ARCH=i386
- env: VERSION=17.0-rc VARIANT=apache ARCH=i386
- env: VERSION=18.0-rc VARIANT=apache ARCH=i386
- env: VERSION=17.0-beta VARIANT=apache ARCH=i386
- env: VERSION=18.0-beta VARIANT=apache ARCH=i386
include:
- &test-scripts
stage: test scripts
env: SCRIPT=update.sh
sudo: false
services: []
install: skip
before_script: skip
script:
- hash_before=$(git write-tree)
- travis_retry ./update.sh
- ./update.sh
- bash -c "[[ $hash_before = $(git add -A && git write-tree) ]]"
after_script: skip
@ -64,42 +46,18 @@ jobs:
- wget -O "$HOME/bin/bashbrew" https://doi-janky.infosiftr.net/job/bashbrew/lastSuccessfulBuild/artifact/bin/bashbrew-amd64
- chmod +x "$HOME/bin/bashbrew"
script:
- travis_retry ./generate-stackbrew-library.sh
- ./generate-stackbrew-library.sh
- stage: test images
env: VERSION=16.0-rc VARIANT=fpm-alpine ARCH=amd64
- env: VERSION=16.0-rc VARIANT=fpm-alpine ARCH=i386
- env: VERSION=16.0-rc VARIANT=fpm ARCH=amd64
- env: VERSION=16.0-rc VARIANT=fpm ARCH=i386
- env: VERSION=16.0-rc VARIANT=apache ARCH=amd64
- env: VERSION=16.0-rc VARIANT=apache ARCH=i386
- env: VERSION=17.0-rc VARIANT=fpm-alpine ARCH=amd64
- env: VERSION=17.0-rc VARIANT=fpm-alpine ARCH=i386
- env: VERSION=17.0-rc VARIANT=fpm ARCH=amd64
- env: VERSION=17.0-rc VARIANT=fpm ARCH=i386
- env: VERSION=17.0-rc VARIANT=apache ARCH=amd64
- env: VERSION=17.0-rc VARIANT=apache ARCH=i386
- env: VERSION=18.0-rc VARIANT=fpm-alpine ARCH=amd64
- env: VERSION=18.0-rc VARIANT=fpm-alpine ARCH=i386
- env: VERSION=18.0-rc VARIANT=fpm ARCH=amd64
- env: VERSION=18.0-rc VARIANT=fpm ARCH=i386
- env: VERSION=18.0-rc VARIANT=apache ARCH=amd64
- env: VERSION=18.0-rc VARIANT=apache ARCH=i386
- env: VERSION=16.0 VARIANT=fpm-alpine ARCH=amd64
- env: VERSION=16.0 VARIANT=fpm-alpine ARCH=i386
- env: VERSION=16.0 VARIANT=fpm ARCH=amd64
- env: VERSION=16.0 VARIANT=fpm ARCH=i386
- env: VERSION=16.0 VARIANT=apache ARCH=amd64
- env: VERSION=16.0 VARIANT=apache ARCH=i386
- env: VERSION=17.0 VARIANT=fpm-alpine ARCH=amd64
- env: VERSION=17.0 VARIANT=fpm-alpine ARCH=i386
- env: VERSION=17.0 VARIANT=fpm ARCH=amd64
- env: VERSION=17.0 VARIANT=fpm ARCH=i386
- env: VERSION=17.0 VARIANT=apache ARCH=amd64
- env: VERSION=17.0 VARIANT=apache ARCH=i386
- env: VERSION=18.0 VARIANT=fpm-alpine ARCH=amd64
- env: VERSION=18.0 VARIANT=fpm-alpine ARCH=i386
- env: VERSION=18.0 VARIANT=fpm ARCH=amd64
- env: VERSION=18.0 VARIANT=fpm ARCH=i386
- env: VERSION=18.0 VARIANT=apache ARCH=amd64
- env: VERSION=18.0 VARIANT=apache ARCH=i386
env: VERSION=12.0 VARIANT=fpm-alpine ARCH=amd64
- env: VERSION=12.0 VARIANT=fpm-alpine ARCH=i386
- env: VERSION=12.0 VARIANT=fpm ARCH=amd64
- env: VERSION=12.0 VARIANT=fpm ARCH=i386
- env: VERSION=12.0 VARIANT=apache ARCH=amd64
- env: VERSION=12.0 VARIANT=apache ARCH=i386
- env: VERSION=13.0 VARIANT=fpm-alpine ARCH=amd64
- env: VERSION=13.0 VARIANT=fpm-alpine ARCH=i386
- env: VERSION=13.0 VARIANT=fpm ARCH=amd64
- env: VERSION=13.0 VARIANT=fpm ARCH=i386
- env: VERSION=13.0 VARIANT=apache ARCH=amd64
- env: VERSION=13.0 VARIANT=apache ARCH=i386

1
.travis/test-example-dockerfiles.sh
View File

@ -13,6 +13,7 @@ for dir in "${dirs[@]}"; do
cd "$dir/$VARIANT"
sed -ri -e 's/^FROM .*/FROM '"$image"'/g' 'Dockerfile'
docker build -t "$image-$dir" .
~/official-images/test/run.sh "$image-$dir"
)
fi
done

59
16.0/apache/Dockerfile → 12.0/apache/Dockerfile
View File

@ -1,5 +1,5 @@
# DO NOT EDIT: created by update.sh from Dockerfile-debian.template
FROM php:7.3-apache-buster
FROM php:7.1-apache
# entrypoint.sh and cron.sh dependencies
RUN set -ex; \
@ -16,7 +16,7 @@ RUN set -ex; \
echo '*/15 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
# install the PHP extensions we need
# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
# see https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html
RUN set -ex; \
\
savedAptMark="$(apt-mark showmanual)"; \
@ -24,51 +24,41 @@ RUN set -ex; \
apt-get update; \
apt-get install -y --no-install-recommends \
libcurl4-openssl-dev \
libevent-dev \
libfreetype6-dev \
libicu-dev \
libjpeg-dev \
libldap2-dev \
libmcrypt-dev \
libmemcached-dev \
libpng-dev \
libpng12-dev \
libpq-dev \
libxml2-dev \
libmagickwand-dev \
libzip-dev \
libwebp-dev \
libgmp-dev \
; \
\
debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \
if [ ! -e /usr/include/gmp.h ]; then ln -s /usr/include/$debMultiarch/gmp.h /usr/include/gmp.h; fi;\
docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr --with-webp-dir=/usr; \
docker-php-ext-configure gmp --with-gmp="/usr/include/$debMultiarch"; \
docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \
docker-php-ext-install -j "$(nproc)" \
docker-php-ext-install \
exif \
gd \
intl \
ldap \
mcrypt \
opcache \
pcntl \
pdo_mysql \
pdo_pgsql \
zip \
gmp \
; \
\
# pecl will claim success even if one install fails, so we need to perform each install separately
pecl install APCu-5.1.18; \
pecl install memcached-3.1.5; \
pecl install redis-4.3.0; \
pecl install imagick-3.4.4; \
\
pecl install \
APCu-5.1.11 \
memcached-3.0.4 \
redis-3.1.6 \
; \
docker-php-ext-enable \
apcu \
memcached \
redis \
imagick \
; \
\
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
@ -89,6 +79,7 @@ RUN set -ex; \
# see https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
RUN { \
echo 'opcache.enable=1'; \
echo 'opcache.enable_cli=1'; \
echo 'opcache.interned_strings_buffer=8'; \
echo 'opcache.max_accelerated_files=10000'; \
echo 'opcache.memory_consumption=128'; \
@ -96,10 +87,6 @@ RUN { \
echo 'opcache.revalidate_freq=1'; \
} > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
\
echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \
\
echo 'memory_limit=512M' > /usr/local/etc/php/conf.d/memory-limit.ini; \
\
mkdir /var/www/data; \
chown -R www-data:root /var/www; \
chmod -R g=u /var/www
@ -115,36 +102,26 @@ RUN a2enmod rewrite remoteip ;\
} > /etc/apache2/conf-available/remoteip.conf;\
a2enconf remoteip
ENV NEXTCLOUD_VERSION 16.0.8
ENV NEXTCLOUD_VERSION 12.0.7
RUN set -ex; \
fetchDeps=" \
gnupg \
dirmngr \
"; \
apt-get update; \
apt-get install -y --no-install-recommends $fetchDeps; \
\
curl -fsSL -o nextcloud.tar.bz2 \
"https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \
curl -fsSL -o nextcloud.tar.bz2.asc \
"https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \
export GNUPGHOME="$(mktemp -d)"; \
# gpg key from https://nextcloud.com/nextcloud.asc
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc; \
tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
gpgconf --kill all; \
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
rm nextcloud.tar.bz2; \
rm -rf /usr/src/nextcloud/updater; \
mkdir -p /usr/src/nextcloud/data; \
mkdir -p /usr/src/nextcloud/custom_apps; \
chmod +x /usr/src/nextcloud/occ; \
\
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
rm -rf /var/lib/apt/lists/*
chmod +x /usr/src/nextcloud/occ
COPY *.sh upgrade.exclude /
COPY *.sh /
COPY config/* /usr/src/nextcloud/config/
ENTRYPOINT ["/entrypoint.sh"]

0
16.0-rc/apache/config/apache-pretty-urls.config.php → 12.0/apache/config/apache-pretty-urls.config.php
View File

0
16.0-rc/apache/config/apcu.config.php → 12.0/apache/config/apcu.config.php
View File

0
16.0-rc/apache/config/apps.config.php → 12.0/apache/config/apps.config.php
View File

9
16.0/apache/config/autoconfig.php → 12.0/apache/config/autoconfig.php
View File

@ -23,9 +23,12 @@ if (getenv('SQLITE_DATABASE')) {
}
if ($autoconfig_enabled) {
if (getenv('NEXTCLOUD_TABLE_PREFIX')) {
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX');
}
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX') ?: "";
$AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
if (getenv('NEXTCLOUD_ADMIN_USER') && getenv('NEXTCLOUD_ADMIN_PASSWORD')) {
$AUTOCONFIG["adminlogin"] = getenv('NEXTCLOUD_ADMIN_USER');
$AUTOCONFIG["adminpass"] = getenv('NEXTCLOUD_ADMIN_PASSWORD');
}
}

0
16.0-rc/apache/cron.sh → 12.0/apache/cron.sh
View File

62
12.0/apache/entrypoint.sh Executable file
View File

@ -0,0 +1,62 @@
#!/bin/sh
set -eu
# version_greater A B returns whether A > B
version_greater() {
[ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
}
# return true if specified directory is empty
directory_empty() {
[ -z "$(ls -A "$1/")" ]
}
run_as() {
if [ "$(id -u)" = 0 ]; then
su - www-data -s /bin/sh -c "$1"
else
sh -c "$1"
fi
}
installed_version="0.0.0.0"
if [ -f /var/www/html/version.php ]; then
# shellcheck disable=SC2016
installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
fi
# shellcheck disable=SC2016
image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
if version_greater "$installed_version" "$image_version"; then
echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
exit 1
fi
if version_greater "$image_version" "$installed_version"; then
if [ "$installed_version" != "0.0.0.0" ]; then
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
fi
if [ "$(id -u)" = 0 ]; then
rsync_options="-rlDog --chown www-data:root"
else
rsync_options="-rlD"
fi
rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/
for dir in config data custom_apps themes; do
if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
fi
done
if [ "$installed_version" != "0.0.0.0" ]; then
run_as 'php /var/www/html/occ upgrade --no-app-disable'
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
echo "The following apps have beed disabled:"
diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
rm -f /tmp/list_before /tmp/list_after
fi
fi
exec "$@"

45
16.0/fpm-alpine/Dockerfile → 12.0/fpm-alpine/Dockerfile
View File

@ -1,5 +1,5 @@
# DO NOT EDIT: created by update.sh from Dockerfile-alpine.template
FROM php:7.3-fpm-alpine3.11
FROM php:7.1-fpm-alpine
# entrypoint.sh and cron.sh dependencies
RUN set -ex; \
@ -12,55 +12,47 @@ RUN set -ex; \
echo '*/15 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
# install the PHP extensions we need
# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
# see https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html
RUN set -ex; \
\
apk add --no-cache --virtual .build-deps \
$PHPIZE_DEPS \
alpine-sdk \
autoconf \
freetype-dev \
icu-dev \
libevent-dev \
libjpeg-turbo-dev \
libmcrypt-dev \
libpng-dev \
libmemcached-dev \
libxml2-dev \
libzip-dev \
openldap-dev \
pcre-dev \
postgresql-dev \
imagemagick-dev \
libwebp-dev \
gmp-dev \
; \
\
docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr --with-webp-dir=/usr; \
docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
docker-php-ext-configure ldap; \
docker-php-ext-install -j "$(nproc)" \
docker-php-ext-install \
exif \
gd \
intl \
ldap \
mcrypt \
opcache \
pcntl \
pdo_mysql \
pdo_pgsql \
zip \
gmp \
; \
\
# pecl will claim success even if one install fails, so we need to perform each install separately
pecl install APCu-5.1.18; \
pecl install memcached-3.1.5; \
pecl install redis-4.3.0; \
pecl install imagick-3.4.4; \
\
pecl install \
APCu-5.1.11 \
memcached-3.0.4 \
redis-3.1.6 \
; \
docker-php-ext-enable \
apcu \
memcached \
redis \
imagick \
; \
\
runDeps="$( \
@ -76,6 +68,7 @@ RUN set -ex; \
# see https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
RUN { \
echo 'opcache.enable=1'; \
echo 'opcache.enable_cli=1'; \
echo 'opcache.interned_strings_buffer=8'; \
echo 'opcache.max_accelerated_files=10000'; \
echo 'opcache.memory_consumption=128'; \
@ -83,10 +76,6 @@ RUN { \
echo 'opcache.revalidate_freq=1'; \
} > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
\
echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \
\
echo 'memory_limit=512M' > /usr/local/etc/php/conf.d/memory-limit.ini; \
\
mkdir /var/www/data; \
chown -R www-data:root /var/www; \
chmod -R g=u /var/www
@ -94,7 +83,7 @@ RUN { \
VOLUME /var/www/html
ENV NEXTCLOUD_VERSION 16.0.8
ENV NEXTCLOUD_VERSION 12.0.7
RUN set -ex; \
apk add --no-cache --virtual .fetch-deps \
@ -108,18 +97,18 @@ RUN set -ex; \
"https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \
export GNUPGHOME="$(mktemp -d)"; \
# gpg key from https://nextcloud.com/nextcloud.asc
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc; \
tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
gpgconf --kill all; \
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
rm nextcloud.tar.bz2; \
rm -rf /usr/src/nextcloud/updater; \
mkdir -p /usr/src/nextcloud/data; \
mkdir -p /usr/src/nextcloud/custom_apps; \
chmod +x /usr/src/nextcloud/occ; \
apk del .fetch-deps
COPY *.sh upgrade.exclude /
COPY *.sh /
COPY config/* /usr/src/nextcloud/config/
ENTRYPOINT ["/entrypoint.sh"]

0
16.0-rc/fpm-alpine/config/apcu.config.php → 12.0/fpm-alpine/config/apcu.config.php
View File

0
16.0-rc/fpm-alpine/config/apps.config.php → 12.0/fpm-alpine/config/apps.config.php
View File

9
16.0-rc/apache/config/autoconfig.php → 12.0/fpm-alpine/config/autoconfig.php
View File

@ -23,9 +23,12 @@ if (getenv('SQLITE_DATABASE')) {
}
if ($autoconfig_enabled) {
if (getenv('NEXTCLOUD_TABLE_PREFIX')) {
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX');
}
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX') ?: "";
$AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
if (getenv('NEXTCLOUD_ADMIN_USER') && getenv('NEXTCLOUD_ADMIN_PASSWORD')) {
$AUTOCONFIG["adminlogin"] = getenv('NEXTCLOUD_ADMIN_USER');
$AUTOCONFIG["adminpass"] = getenv('NEXTCLOUD_ADMIN_PASSWORD');
}
}

0
16.0-rc/fpm-alpine/cron.sh → 12.0/fpm-alpine/cron.sh
View File

62
12.0/fpm-alpine/entrypoint.sh Executable file
View File

@ -0,0 +1,62 @@
#!/bin/sh
set -eu
# version_greater A B returns whether A > B
version_greater() {
[ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
}
# return true if specified directory is empty
directory_empty() {
[ -z "$(ls -A "$1/")" ]
}
run_as() {
if [ "$(id -u)" = 0 ]; then
su - www-data -s /bin/sh -c "$1"
else
sh -c "$1"
fi
}
installed_version="0.0.0.0"
if [ -f /var/www/html/version.php ]; then
# shellcheck disable=SC2016
installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
fi
# shellcheck disable=SC2016
image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
if version_greater "$installed_version" "$image_version"; then
echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
exit 1
fi
if version_greater "$image_version" "$installed_version"; then
if [ "$installed_version" != "0.0.0.0" ]; then
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
fi
if [ "$(id -u)" = 0 ]; then
rsync_options="-rlDog --chown www-data:root"
else
rsync_options="-rlD"
fi
rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/
for dir in config data custom_apps themes; do
if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
fi
done
if [ "$installed_version" != "0.0.0.0" ]; then
run_as 'php /var/www/html/occ upgrade --no-app-disable'
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
echo "The following apps have beed disabled:"
diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
rm -f /tmp/list_before /tmp/list_after
fi
fi
exec "$@"

59
16.0/fpm/Dockerfile → 12.0/fpm/Dockerfile
View File

@ -1,5 +1,5 @@
# DO NOT EDIT: created by update.sh from Dockerfile-debian.template
FROM php:7.3-fpm-buster
FROM php:7.1-fpm
# entrypoint.sh and cron.sh dependencies
RUN set -ex; \
@ -16,7 +16,7 @@ RUN set -ex; \
echo '*/15 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
# install the PHP extensions we need
# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
# see https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html
RUN set -ex; \
\
savedAptMark="$(apt-mark showmanual)"; \
@ -24,51 +24,41 @@ RUN set -ex; \
apt-get update; \
apt-get install -y --no-install-recommends \
libcurl4-openssl-dev \
libevent-dev \
libfreetype6-dev \
libicu-dev \
libjpeg-dev \
libldap2-dev \
libmcrypt-dev \
libmemcached-dev \
libpng-dev \
libpng12-dev \
libpq-dev \
libxml2-dev \
libmagickwand-dev \
libzip-dev \
libwebp-dev \
libgmp-dev \
; \
\
debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \
if [ ! -e /usr/include/gmp.h ]; then ln -s /usr/include/$debMultiarch/gmp.h /usr/include/gmp.h; fi;\
docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr --with-webp-dir=/usr; \
docker-php-ext-configure gmp --with-gmp="/usr/include/$debMultiarch"; \
docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \
docker-php-ext-install -j "$(nproc)" \
docker-php-ext-install \
exif \
gd \
intl \
ldap \
mcrypt \
opcache \
pcntl \
pdo_mysql \
pdo_pgsql \
zip \
gmp \
; \
\
# pecl will claim success even if one install fails, so we need to perform each install separately
pecl install APCu-5.1.18; \
pecl install memcached-3.1.5; \
pecl install redis-4.3.0; \
pecl install imagick-3.4.4; \
\
pecl install \
APCu-5.1.11 \
memcached-3.0.4 \
redis-3.1.6 \
; \
docker-php-ext-enable \
apcu \
memcached \
redis \
imagick \
; \
\
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
@ -89,6 +79,7 @@ RUN set -ex; \
# see https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
RUN { \
echo 'opcache.enable=1'; \
echo 'opcache.enable_cli=1'; \
echo 'opcache.interned_strings_buffer=8'; \
echo 'opcache.max_accelerated_files=10000'; \
echo 'opcache.memory_consumption=128'; \
@ -96,10 +87,6 @@ RUN { \
echo 'opcache.revalidate_freq=1'; \
} > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
\
echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \
\
echo 'memory_limit=512M' > /usr/local/etc/php/conf.d/memory-limit.ini; \
\
mkdir /var/www/data; \
chown -R www-data:root /var/www; \
chmod -R g=u /var/www
@ -107,36 +94,26 @@ RUN { \
VOLUME /var/www/html
ENV NEXTCLOUD_VERSION 16.0.8
ENV NEXTCLOUD_VERSION 12.0.7
RUN set -ex; \
fetchDeps=" \
gnupg \
dirmngr \
"; \
apt-get update; \
apt-get install -y --no-install-recommends $fetchDeps; \
\
curl -fsSL -o nextcloud.tar.bz2 \
"https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \
curl -fsSL -o nextcloud.tar.bz2.asc \
"https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \
export GNUPGHOME="$(mktemp -d)"; \
# gpg key from https://nextcloud.com/nextcloud.asc
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc; \
tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
gpgconf --kill all; \
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
rm nextcloud.tar.bz2; \
rm -rf /usr/src/nextcloud/updater; \
mkdir -p /usr/src/nextcloud/data; \
mkdir -p /usr/src/nextcloud/custom_apps; \
chmod +x /usr/src/nextcloud/occ; \
\
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
rm -rf /var/lib/apt/lists/*
chmod +x /usr/src/nextcloud/occ
COPY *.sh upgrade.exclude /
COPY *.sh /
COPY config/* /usr/src/nextcloud/config/
ENTRYPOINT ["/entrypoint.sh"]

0
16.0-rc/fpm/config/apcu.config.php → 12.0/fpm/config/apcu.config.php
View File

0
16.0-rc/fpm/config/apps.config.php → 12.0/fpm/config/apps.config.php
View File

9
16.0-rc/fpm-alpine/config/autoconfig.php → 12.0/fpm/config/autoconfig.php
View File

@ -23,9 +23,12 @@ if (getenv('SQLITE_DATABASE')) {
}
if ($autoconfig_enabled) {
if (getenv('NEXTCLOUD_TABLE_PREFIX')) {
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX');
}
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX') ?: "";
$AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
if (getenv('NEXTCLOUD_ADMIN_USER') && getenv('NEXTCLOUD_ADMIN_PASSWORD')) {
$AUTOCONFIG["adminlogin"] = getenv('NEXTCLOUD_ADMIN_USER');
$AUTOCONFIG["adminpass"] = getenv('NEXTCLOUD_ADMIN_PASSWORD');
}
}

0
16.0-rc/fpm/cron.sh → 12.0/fpm/cron.sh
View File

62
12.0/fpm/entrypoint.sh Executable file
View File

@ -0,0 +1,62 @@
#!/bin/sh
set -eu
# version_greater A B returns whether A > B
version_greater() {
[ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
}
# return true if specified directory is empty
directory_empty() {
[ -z "$(ls -A "$1/")" ]
}
run_as() {
if [ "$(id -u)" = 0 ]; then
su - www-data -s /bin/sh -c "$1"
else
sh -c "$1"
fi
}
installed_version="0.0.0.0"
if [ -f /var/www/html/version.php ]; then
# shellcheck disable=SC2016
installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
fi
# shellcheck disable=SC2016
image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
if version_greater "$installed_version" "$image_version"; then
echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
exit 1
fi
if version_greater "$image_version" "$installed_version"; then
if [ "$installed_version" != "0.0.0.0" ]; then
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
fi
if [ "$(id -u)" = 0 ]; then
rsync_options="-rlDog --chown www-data:root"
else
rsync_options="-rlD"
fi
rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/
for dir in config data custom_apps themes; do
if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
fi
done
if [ "$installed_version" != "0.0.0.0" ]; then
run_as 'php /var/www/html/occ upgrade --no-app-disable'
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
echo "The following apps have beed disabled:"
diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
rm -f /tmp/list_before /tmp/list_after
fi
fi
exec "$@"

61
18.0/apache/Dockerfile → 13.0/apache/Dockerfile
View File

@ -1,5 +1,5 @@
# DO NOT EDIT: created by update.sh from Dockerfile-debian.template
FROM php:7.3-apache-buster
FROM php:7.1-apache
# entrypoint.sh and cron.sh dependencies
RUN set -ex; \
@ -13,10 +13,10 @@ RUN set -ex; \
rm -rf /var/lib/apt/lists/*; \
\
mkdir -p /var/spool/cron/crontabs; \
echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
echo '*/15 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
# install the PHP extensions we need
# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
# see https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html
RUN set -ex; \
\
savedAptMark="$(apt-mark showmanual)"; \
@ -24,51 +24,41 @@ RUN set -ex; \
apt-get update; \
apt-get install -y --no-install-recommends \
libcurl4-openssl-dev \
libevent-dev \
libfreetype6-dev \
libicu-dev \
libjpeg-dev \
libldap2-dev \
libmcrypt-dev \
libmemcached-dev \
libpng-dev \
libpng12-dev \
libpq-dev \
libxml2-dev \
libmagickwand-dev \
libzip-dev \
libwebp-dev \
libgmp-dev \
; \
\
debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \
if [ ! -e /usr/include/gmp.h ]; then ln -s /usr/include/$debMultiarch/gmp.h /usr/include/gmp.h; fi;\
docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr --with-webp-dir=/usr; \
docker-php-ext-configure gmp --with-gmp="/usr/include/$debMultiarch"; \
docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \
docker-php-ext-install -j "$(nproc)" \
docker-php-ext-install \
exif \
gd \
intl \
ldap \
mcrypt \
opcache \
pcntl \
pdo_mysql \
pdo_pgsql \
zip \
gmp \
; \
\
# pecl will claim success even if one install fails, so we need to perform each install separately
pecl install APCu-5.1.18; \
pecl install memcached-3.1.5; \
pecl install redis-4.3.0; \
pecl install imagick-3.4.4; \
\
pecl install \
APCu-5.1.11 \
memcached-3.0.4 \
redis-3.1.6 \
; \
docker-php-ext-enable \
apcu \
memcached \
redis \
imagick \
; \
\
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
@ -89,6 +79,7 @@ RUN set -ex; \
# see https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
RUN { \
echo 'opcache.enable=1'; \
echo 'opcache.enable_cli=1'; \
echo 'opcache.interned_strings_buffer=8'; \
echo 'opcache.max_accelerated_files=10000'; \
echo 'opcache.memory_consumption=128'; \
@ -96,10 +87,6 @@ RUN { \
echo 'opcache.revalidate_freq=1'; \
} > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
\
echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \
\
echo 'memory_limit=512M' > /usr/local/etc/php/conf.d/memory-limit.ini; \
\
mkdir /var/www/data; \
chown -R www-data:root /var/www; \
chmod -R g=u /var/www
@ -115,36 +102,26 @@ RUN a2enmod rewrite remoteip ;\
} > /etc/apache2/conf-available/remoteip.conf;\
a2enconf remoteip
ENV NEXTCLOUD_VERSION 18.0.1
ENV NEXTCLOUD_VERSION 13.0.2
RUN set -ex; \
fetchDeps=" \
gnupg \
dirmngr \
"; \
apt-get update; \
apt-get install -y --no-install-recommends $fetchDeps; \
\
curl -fsSL -o nextcloud.tar.bz2 \
"https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \
curl -fsSL -o nextcloud.tar.bz2.asc \
"https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \
export GNUPGHOME="$(mktemp -d)"; \
# gpg key from https://nextcloud.com/nextcloud.asc
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc; \
tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
gpgconf --kill all; \
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
rm nextcloud.tar.bz2; \
rm -rf /usr/src/nextcloud/updater; \
mkdir -p /usr/src/nextcloud/data; \
mkdir -p /usr/src/nextcloud/custom_apps; \
chmod +x /usr/src/nextcloud/occ; \
\
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
rm -rf /var/lib/apt/lists/*
chmod +x /usr/src/nextcloud/occ
COPY *.sh upgrade.exclude /
COPY *.sh /
COPY config/* /usr/src/nextcloud/config/
ENTRYPOINT ["/entrypoint.sh"]

0
16.0/apache/config/apache-pretty-urls.config.php → 13.0/apache/config/apache-pretty-urls.config.php
View File

0
16.0/apache/config/apcu.config.php → 13.0/apache/config/apcu.config.php
View File

0
16.0/apache/config/apps.config.php → 13.0/apache/config/apps.config.php
View File

9
16.0-rc/fpm/config/autoconfig.php → 13.0/apache/config/autoconfig.php
View File

@ -23,9 +23,12 @@ if (getenv('SQLITE_DATABASE')) {
}
if ($autoconfig_enabled) {
if (getenv('NEXTCLOUD_TABLE_PREFIX')) {
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX');
}
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX') ?: "";
$AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
if (getenv('NEXTCLOUD_ADMIN_USER') && getenv('NEXTCLOUD_ADMIN_PASSWORD')) {
$AUTOCONFIG["adminlogin"] = getenv('NEXTCLOUD_ADMIN_USER');
$AUTOCONFIG["adminpass"] = getenv('NEXTCLOUD_ADMIN_PASSWORD');
}
}

0
16.0/apache/cron.sh → 13.0/apache/cron.sh
View File

62
13.0/apache/entrypoint.sh Executable file
View File

@ -0,0 +1,62 @@
#!/bin/sh
set -eu
# version_greater A B returns whether A > B
version_greater() {
[ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
}
# return true if specified directory is empty
directory_empty() {
[ -z "$(ls -A "$1/")" ]
}
run_as() {
if [ "$(id -u)" = 0 ]; then
su - www-data -s /bin/sh -c "$1"
else
sh -c "$1"
fi
}
installed_version="0.0.0.0"
if [ -f /var/www/html/version.php ]; then
# shellcheck disable=SC2016
installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
fi
# shellcheck disable=SC2016
image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
if version_greater "$installed_version" "$image_version"; then
echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
exit 1
fi
if version_greater "$image_version" "$installed_version"; then
if [ "$installed_version" != "0.0.0.0" ]; then
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
fi
if [ "$(id -u)" = 0 ]; then
rsync_options="-rlDog --chown www-data:root"
else
rsync_options="-rlD"
fi
rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/
for dir in config data custom_apps themes; do
if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
fi
done
if [ "$installed_version" != "0.0.0.0" ]; then
run_as 'php /var/www/html/occ upgrade --no-app-disable'
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
echo "The following apps have beed disabled:"
diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
rm -f /tmp/list_before /tmp/list_after
fi
fi
exec "$@"

47
18.0/fpm-alpine/Dockerfile → 13.0/fpm-alpine/Dockerfile
View File

@ -1,5 +1,5 @@
# DO NOT EDIT: created by update.sh from Dockerfile-alpine.template
FROM php:7.3-fpm-alpine3.11
FROM php:7.1-fpm-alpine
# entrypoint.sh and cron.sh dependencies
RUN set -ex; \
@ -9,58 +9,50 @@ RUN set -ex; \
; \
\
rm /var/spool/cron/crontabs/root; \
echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
echo '*/15 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
# install the PHP extensions we need
# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
# see https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html
RUN set -ex; \
\
apk add --no-cache --virtual .build-deps \
$PHPIZE_DEPS \
alpine-sdk \
autoconf \
freetype-dev \
icu-dev \
libevent-dev \
libjpeg-turbo-dev \
libmcrypt-dev \
libpng-dev \
libmemcached-dev \
libxml2-dev \
libzip-dev \
openldap-dev \
pcre-dev \
postgresql-dev \
imagemagick-dev \
libwebp-dev \
gmp-dev \
; \
\
docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr --with-webp-dir=/usr; \
docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
docker-php-ext-configure ldap; \
docker-php-ext-install -j "$(nproc)" \
docker-php-ext-install \
exif \
gd \
intl \
ldap \
mcrypt \
opcache \
pcntl \
pdo_mysql \
pdo_pgsql \
zip \
gmp \
; \
\
# pecl will claim success even if one install fails, so we need to perform each install separately
pecl install APCu-5.1.18; \
pecl install memcached-3.1.5; \
pecl install redis-4.3.0; \
pecl install imagick-3.4.4; \
\
pecl install \
APCu-5.1.11 \
memcached-3.0.4 \
redis-3.1.6 \
; \
docker-php-ext-enable \
apcu \
memcached \
redis \
imagick \
; \
\
runDeps="$( \
@ -76,6 +68,7 @@ RUN set -ex; \
# see https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
RUN { \
echo 'opcache.enable=1'; \
echo 'opcache.enable_cli=1'; \
echo 'opcache.interned_strings_buffer=8'; \
echo 'opcache.max_accelerated_files=10000'; \
echo 'opcache.memory_consumption=128'; \
@ -83,10 +76,6 @@ RUN { \
echo 'opcache.revalidate_freq=1'; \
} > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
\
echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \
\
echo 'memory_limit=512M' > /usr/local/etc/php/conf.d/memory-limit.ini; \
\
mkdir /var/www/data; \
chown -R www-data:root /var/www; \
chmod -R g=u /var/www
@ -94,7 +83,7 @@ RUN { \
VOLUME /var/www/html
ENV NEXTCLOUD_VERSION 18.0.1
ENV NEXTCLOUD_VERSION 13.0.2
RUN set -ex; \
apk add --no-cache --virtual .fetch-deps \
@ -108,18 +97,18 @@ RUN set -ex; \
"https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \
export GNUPGHOME="$(mktemp -d)"; \
# gpg key from https://nextcloud.com/nextcloud.asc
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc; \
tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
gpgconf --kill all; \
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
rm nextcloud.tar.bz2; \
rm -rf /usr/src/nextcloud/updater; \
mkdir -p /usr/src/nextcloud/data; \
mkdir -p /usr/src/nextcloud/custom_apps; \
chmod +x /usr/src/nextcloud/occ; \
apk del .fetch-deps
COPY *.sh upgrade.exclude /
COPY *.sh /
COPY config/* /usr/src/nextcloud/config/
ENTRYPOINT ["/entrypoint.sh"]

0
16.0/fpm-alpine/config/apcu.config.php → 13.0/fpm-alpine/config/apcu.config.php
View File

0
16.0/fpm-alpine/config/apps.config.php → 13.0/fpm-alpine/config/apps.config.php
View File

34
13.0/fpm-alpine/config/autoconfig.php Normal file
View File

@ -0,0 +1,34 @@
<?php
$autoconfig_enabled = false;
if (getenv('SQLITE_DATABASE')) {
$AUTOCONFIG["dbtype"] = "sqlite";
$AUTOCONFIG["dbname"] = getenv('SQLITE_DATABASE');
$autoconfig_enabled = true;
} elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) {
$AUTOCONFIG["dbtype"] = "mysql";
$AUTOCONFIG["dbname"] = getenv('MYSQL_DATABASE');
$AUTOCONFIG["dbuser"] = getenv('MYSQL_USER');
$AUTOCONFIG["dbpass"] = getenv('MYSQL_PASSWORD');
$AUTOCONFIG["dbhost"] = getenv('MYSQL_HOST');
$autoconfig_enabled = true;
} elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) {
$AUTOCONFIG["dbtype"] = "pgsql";
$AUTOCONFIG["dbname"] = getenv('POSTGRES_DB');
$AUTOCONFIG["dbuser"] = getenv('POSTGRES_USER');
$AUTOCONFIG["dbpass"] = getenv('POSTGRES_PASSWORD');
$AUTOCONFIG["dbhost"] = getenv('POSTGRES_HOST');
$autoconfig_enabled = true;
}
if ($autoconfig_enabled) {
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX') ?: "";
$AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
if (getenv('NEXTCLOUD_ADMIN_USER') && getenv('NEXTCLOUD_ADMIN_PASSWORD')) {
$AUTOCONFIG["adminlogin"] = getenv('NEXTCLOUD_ADMIN_USER');
$AUTOCONFIG["adminpass"] = getenv('NEXTCLOUD_ADMIN_PASSWORD');
}
}

8
13.0/fpm-alpine/config/redis.config.php Normal file
View File

@ -0,0 +1,8 @@
<?php
$CONFIG = array (
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => 'redis',
'port' => 6379,
),
);

0
16.0/fpm-alpine/cron.sh → 13.0/fpm-alpine/cron.sh
View File

62
13.0/fpm-alpine/entrypoint.sh Executable file
View File

@ -0,0 +1,62 @@
#!/bin/sh
set -eu
# version_greater A B returns whether A > B
version_greater() {
[ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
}
# return true if specified directory is empty
directory_empty() {
[ -z "$(ls -A "$1/")" ]
}
run_as() {
if [ "$(id -u)" = 0 ]; then
su - www-data -s /bin/sh -c "$1"
else
sh -c "$1"
fi
}
installed_version="0.0.0.0"
if [ -f /var/www/html/version.php ]; then
# shellcheck disable=SC2016
installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
fi
# shellcheck disable=SC2016
image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
if version_greater "$installed_version" "$image_version"; then
echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
exit 1
fi
if version_greater "$image_version" "$installed_version"; then
if [ "$installed_version" != "0.0.0.0" ]; then
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
fi
if [ "$(id -u)" = 0 ]; then
rsync_options="-rlDog --chown www-data:root"
else
rsync_options="-rlD"
fi
rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/
for dir in config data custom_apps themes; do
if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
fi
done
if [ "$installed_version" != "0.0.0.0" ]; then
run_as 'php /var/www/html/occ upgrade --no-app-disable'
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
echo "The following apps have beed disabled:"
diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
rm -f /tmp/list_before /tmp/list_after
fi
fi
exec "$@"

68
17.0/fpm/Dockerfile → 13.0/fpm/Dockerfile
View File

@ -1,5 +1,5 @@
# DO NOT EDIT: created by update.sh from Dockerfile-debian.template
FROM php:7.3-fpm-buster
FROM php:7.1-fpm
# entrypoint.sh and cron.sh dependencies
RUN set -ex; \
@ -13,10 +13,10 @@ RUN set -ex; \
rm -rf /var/lib/apt/lists/*; \
\
mkdir -p /var/spool/cron/crontabs; \
echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
echo '*/15 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
# install the PHP extensions we need
# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
# see https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html
RUN set -ex; \
\
savedAptMark="$(apt-mark showmanual)"; \
@ -24,51 +24,41 @@ RUN set -ex; \
apt-get update; \
apt-get install -y --no-install-recommends \
libcurl4-openssl-dev \
libevent-dev \
libfreetype6-dev \
libicu-dev \
libjpeg-dev \
libldap2-dev \
libmcrypt-dev \
libmemcached-dev \
libpng-dev \
libpng12-dev \
libpq-dev \
libxml2-dev \
libmagickwand-dev \
libzip-dev \
libwebp-dev \
libgmp-dev \
; \
\
debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \
if [ ! -e /usr/include/gmp.h ]; then ln -s /usr/include/$debMultiarch/gmp.h /usr/include/gmp.h; fi;\
docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr --with-webp-dir=/usr; \
docker-php-ext-configure gmp --with-gmp="/usr/include/$debMultiarch"; \
docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \
docker-php-ext-install -j "$(nproc)" \
docker-php-ext-install \
exif \
gd \
intl \
ldap \
mcrypt \
opcache \
pcntl \
pdo_mysql \
pdo_pgsql \
zip \
gmp \
; \
\
# pecl will claim success even if one install fails, so we need to perform each install separately
pecl install APCu-5.1.18; \
pecl install memcached-3.1.5; \
pecl install redis-4.3.0; \
pecl install imagick-3.4.4; \
\
pecl install \
APCu-5.1.11 \
memcached-3.0.4 \
redis-3.1.6 \
; \
docker-php-ext-enable \
apcu \
memcached \
redis \
imagick \
; \
\
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
@ -89,6 +79,7 @@ RUN set -ex; \
# see https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
RUN { \
echo 'opcache.enable=1'; \
echo 'opcache.enable_cli=1'; \
echo 'opcache.interned_strings_buffer=8'; \
echo 'opcache.max_accelerated_files=10000'; \
echo 'opcache.memory_consumption=128'; \
@ -96,48 +87,35 @@ RUN { \
echo 'opcache.revalidate_freq=1'; \
} > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
\
echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \
\
echo 'memory_limit=512M' > /usr/local/etc/php/conf.d/memory-limit.ini; \
\
mkdir /var/www/data; \
mkdir /data; \
chown -R www-data:root /data; \
chown -R www-data:root /var/www; \
chmod -R g=u /var/www
VOLUME /var/www/html
ENV NEXTCLOUD_VERSION 17.0.3
ENV NEXTCLOUD_VERSION 13.0.2
RUN set -ex; \
fetchDeps=" \
gnupg \
dirmngr \
"; \
apt-get update; \
apt-get install -y --no-install-recommends $fetchDeps; \
\
curl -fsSL -o nextcloud.tar.bz2 \
"https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \
curl -fsSL -o nextcloud.tar.bz2.asc \
"https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \
export GNUPGHOME="$(mktemp -d)"; \
# gpg key from https://nextcloud.com/nextcloud.asc
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc; \
tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
gpgconf --kill all; \
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
rm nextcloud.tar.bz2; \
rm -rf /usr/src/nextcloud/updater; \
mkdir -p /usr/src/nextcloud/data; \
mkdir -p /usr/src/nextcloud/custom_apps; \
chmod +x /usr/src/nextcloud/occ; \
\
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
rm -rf /var/lib/apt/lists/*
chmod +x /usr/src/nextcloud/occ
COPY *.sh upgrade.exclude /
COPY *.sh /
COPY config/* /usr/src/nextcloud/config/
#HEALTHCHECK --interval=1s --timeout=3s --retries=16 \
#CMD test $(ps ax | grep php-fpm | grep -v grep | wc -l) -gt 0 && echo okay
ENTRYPOINT ["/entrypoint.sh"]
CMD ["php-fpm"]

0
16.0/fpm/config/apcu.config.php → 13.0/fpm/config/apcu.config.php
View File

0
16.0/fpm/config/apps.config.php → 13.0/fpm/config/apps.config.php
View File

66
13.0/fpm/config/autoconfig.php Normal file
View File

@ -0,0 +1,66 @@
<?php
$autoconfig_enabled = false;
if (getenv('SQLITE_DATABASE')) {
$AUTOCONFIG["dbtype"] = "sqlite";
$AUTOCONFIG["dbname"] = getenv('SQLITE_DATABASE');
$autoconfig_enabled = true;
}elseif (getenv('MYSQL_ROOT_PASSWORD') && getenv('MYSQL_ROOT_USER') && getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) {
$root_user = getenv('MYSQL_ROOT_USER');
$root_password = getenv('MYSQL_ROOT_PASSWORD');
$user = getenv('MYSQL_USER');
$password = getenv('MYSQL_PASSWORD');
$database = getenv('MYSQL_DATABASE');
$host = getenv('MYSQL_HOST');
// Erase root environment variables
putenv('MYSQL_ROOT_USER');
putenv('MYSQL_ROOT_PASSWORD');
// Create connection
$connection = new mysqli($host, $root_user, $root_password);
// Check connection
if ($connection->connect_error) {
die("Connection failed: " . $connection->connect_error);
}
// Create database
$create_database = "CREATE DATABASE " .$database;
$create_user = "GRANT ALL PRIVILEGES ON " .$database. ".* TO '" .$user."'@'%' IDENTIFIED BY '" .$password. "';";
if ($connection->query($create_database) && $connection->query($create_user)) {
$AUTOCONFIG["dbtype"] = "mysql";
$AUTOCONFIG["dbname"] = getenv('MYSQL_DATABASE');
$AUTOCONFIG["dbuser"] = getenv('MYSQL_USER');
$AUTOCONFIG["dbpass"] = getenv('MYSQL_PASSWORD');
$AUTOCONFIG["dbhost"] = getenv('MYSQL_HOST');
$autoconfig_enabled = true;
} else {
echo "Error creating database: " . $connection->error;
}
$connection->close();
} elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) {
$AUTOCONFIG["dbtype"] = "mysql";
$AUTOCONFIG["dbname"] = getenv('MYSQL_DATABASE');
$AUTOCONFIG["dbuser"] = getenv('MYSQL_USER');
$AUTOCONFIG["dbpass"] = getenv('MYSQL_PASSWORD');
$AUTOCONFIG["dbhost"] = getenv('MYSQL_HOST');
$autoconfig_enabled = true;
} elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) {
$AUTOCONFIG["dbtype"] = "pgsql";
$AUTOCONFIG["dbname"] = getenv('POSTGRES_DB');
$AUTOCONFIG["dbuser"] = getenv('POSTGRES_USER');
$AUTOCONFIG["dbpass"] = getenv('POSTGRES_PASSWORD');
$AUTOCONFIG["dbhost"] = getenv('POSTGRES_HOST');
$autoconfig_enabled = true;
}
if ($autoconfig_enabled) {
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX') ?: "";
$AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
if (getenv('NEXTCLOUD_ADMIN_USER') && getenv('NEXTCLOUD_ADMIN_PASSWORD')) {
$AUTOCONFIG["adminlogin"] = getenv('NEXTCLOUD_ADMIN_USER');
$AUTOCONFIG["adminpass"] = getenv('NEXTCLOUD_ADMIN_PASSWORD');
}
}

8
13.0/fpm/config/redis.config.php Normal file
View File

@ -0,0 +1,8 @@
<?php
$CONFIG = array (
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => 'redis',
'port' => 6379,
),
);

Some files were not shown because too many files have changed in this diff Show More