mirror of
https://github.com/nextcloud/docker.git
synced 2025-04-21 03:06:08 +02:00
example of container-fs read-only
This commit is contained in:
Christian Kniep
parent
1a432d98fa
commit
040af10182
3 changed files with 93 additions and 25 deletions
|
|
@ -1,6 +1,10 @@
|
|||
# DO NOT EDIT: created by update.sh from Dockerfile-debian.template
|
||||
FROM php:7.4-apache-buster
|
||||
|
||||
ENV NEXTCLOUD_VERSION 21.0.3
|
||||
ENV PHP_MEMORY_LIMIT 512M
|
||||
ENV PHP_UPLOAD_LIMIT 512M
|
||||
|
||||
# entrypoint.sh and cron.sh dependencies
|
||||
RUN set -ex; \
|
||||
\
|
||||
|
|
@ -17,8 +21,6 @@ RUN set -ex; \
|
|||
|
||||
# install the PHP extensions we need
|
||||
# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
|
||||
ENV PHP_MEMORY_LIMIT 512M
|
||||
ENV PHP_UPLOAD_LIMIT 512M
|
||||
RUN set -ex; \
|
||||
\
|
||||
savedAptMark="$(apt-mark showmanual)"; \
|
||||
|
|
@ -121,7 +123,6 @@ RUN a2enmod headers rewrite remoteip ;\
|
|||
} > /etc/apache2/conf-available/remoteip.conf;\
|
||||
a2enconf remoteip
|
||||
|
||||
ENV NEXTCLOUD_VERSION 21.0.3
|
||||
|
||||
RUN set -ex; \
|
||||
fetchDeps=" \
|
||||
|
|
@ -139,19 +140,44 @@ RUN set -ex; \
|
|||
# gpg key from https://nextcloud.com/nextcloud.asc
|
||||
gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
|
||||
gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
|
||||
tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
|
||||
gpgconf --kill all; \
|
||||
tar -xjf nextcloud.tar.bz2 --strip-components=1 -C . \
|
||||
&& gpgconf --kill all; \
|
||||
rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
|
||||
rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \
|
||||
mkdir -p /usr/src/nextcloud/data; \
|
||||
mkdir -p /usr/src/nextcloud/custom_apps; \
|
||||
chmod +x /usr/src/nextcloud/occ; \
|
||||
rm -rf "$GNUPGHOME" /var/www/html/updater; \
|
||||
chmod +x /var/www/html/occ; \
|
||||
\
|
||||
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
rm -rf /var/lib/apt/lists/* \
|
||||
&& mkdir -p /usr/src/nextcloud \
|
||||
&& mv /var/www/html/themes /usr/src/nextcloud/ \
|
||||
&& mv /var/www/html/config /usr/src/nextcloud/
|
||||
|
||||
COPY *.sh upgrade.exclude /
|
||||
### Volumes
|
||||
# to store the pid
|
||||
VOLUME /run/apache2
|
||||
# /tmp for session data
|
||||
VOLUME /tmp
|
||||
#######
|
||||
# A volume for each directory within the nextcloud installation, so that
|
||||
# 1/ each one can be swapped out with a persistent volume
|
||||
# 2/ file access is faster as it is not part of the overlay file-system
|
||||
# 3/ if 2/ is crafted carefully it will eventually allow the container FS to be mounted read-only, which helps security
|
||||
VOLUME /var/www/html/3rdparty
|
||||
VOLUME /var/www/html/apps
|
||||
VOLUME /var/www/html/config
|
||||
VOLUME /var/www/html/core
|
||||
VOLUME /var/www/html/custom_apps
|
||||
VOLUME /var/www/html/data
|
||||
VOLUME /var/www/html/lib
|
||||
VOLUME /var/www/html/ocm-provider
|
||||
VOLUME /var/www/html/ocs
|
||||
VOLUME /var/www/html/ocs-provider
|
||||
VOLUME /var/www/html/resources
|
||||
VOLUME /var/www/html/themes
|
||||
|
||||
COPY entrypoint.sh /usr/local/bin/
|
||||
COPY cron.sh /
|
||||
COPY config/* /usr/src/nextcloud/config/
|
||||
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
||||
CMD ["apache2-foreground"]
|
||||
ENTRYPOINT []
|
||||
CMD ["/usr/local/bin/entrypoint.sh", "apache2-foreground"]
|
||||
|
|
|
|||
41
21.0/apache/docker-compose.yml
Normal file
41
21.0/apache/docker-compose.yml
Normal file
|
|
@ -0,0 +1,41 @@
|
|||
version: "3.9"
|
||||
|
||||
services:
|
||||
db:
|
||||
image: mariadb:10.5
|
||||
command: --transaction-isolation=READ-COMMITTED
|
||||
volumes:
|
||||
- db_data:/var/lib/mysql
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
MARIADB_RANDOM_ROOT_PASSWORD: "yes"
|
||||
MYSQL_DATABASE: nextcloud
|
||||
MYSQL_USER: nextcloud
|
||||
MYSQL_PASSWORD: nextcloud
|
||||
|
||||
nextcloud:
|
||||
depends_on:
|
||||
- db
|
||||
image: ${NC_IMAGE_NAME:-nextcloud:latest}
|
||||
volumes:
|
||||
- nextcloud_data:/var/www/html/data
|
||||
- nextcloud_apps:/var/www/html/apps
|
||||
- nextcloud_config:/var/www/html/config
|
||||
- nextcloud_themes:/var/www/html/themes
|
||||
ports:
|
||||
- "8000:80"
|
||||
restart: always
|
||||
environment:
|
||||
NEXTCLOUD_ADMIN_USER: adminstrator
|
||||
NEXTCLOUD_ADMIN_PASSWORD: adminpass
|
||||
NEXTCLOUD_TRUSTED_DOMAINS: localhost
|
||||
MYSQL_DATABASE: nextcloud
|
||||
MYSQL_PASSWORD: nextcloud
|
||||
MYSQL_USER: nextcloud
|
||||
MYSQL_HOST: db
|
||||
volumes:
|
||||
db_data: {}
|
||||
nextcloud_data: {}
|
||||
nextcloud_apps: {}
|
||||
nextcloud_config: {}
|
||||
nextcloud_themes: {}
|
||||
|
|
@ -1,5 +1,5 @@
|
|||
#!/bin/sh
|
||||
set -eu
|
||||
set -eux
|
||||
|
||||
# version_greater A B returns whether A > B
|
||||
version_greater() {
|
||||
|
|
@ -78,12 +78,8 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
|
|||
fi
|
||||
|
||||
installed_version="0.0.0.0"
|
||||
if [ -f /var/www/html/version.php ]; then
|
||||
# shellcheck disable=SC2016
|
||||
installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
|
||||
fi
|
||||
# shellcheck disable=SC2016
|
||||
image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
|
||||
image_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
|
||||
|
||||
if version_greater "$installed_version" "$image_version"; then
|
||||
echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
|
||||
|
|
@ -101,14 +97,13 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
|
|||
else
|
||||
rsync_options="-rlD"
|
||||
fi
|
||||
rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/
|
||||
|
||||
for dir in config data custom_apps themes; do
|
||||
## Carefully checking whether the persistent volumes we care about are empty.
|
||||
for dir in config themes; do
|
||||
if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
|
||||
rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
|
||||
echo ">> Bootstraping '/var/www/html/${dir}'"
|
||||
rsync $rsync_options /usr/src/nextcloud/${dir}/. /var/www/html/${dir}/.
|
||||
fi
|
||||
done
|
||||
rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
|
||||
echo "Initializing finished"
|
||||
|
||||
#install
|
||||
|
|
@ -150,7 +145,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
|
|||
install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"'
|
||||
install=true
|
||||
fi
|
||||
|
||||
chown -R www-data:root /var/www/html/apps /var/www/html/custom_apps /var/www/html/data
|
||||
if [ "$install" = true ]; then
|
||||
echo "starting nextcloud installation"
|
||||
max_retries=10
|
||||
|
|
@ -191,4 +186,10 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
|
|||
fi
|
||||
fi
|
||||
|
||||
chown -R www-data:root \
|
||||
/var/www/html/apps \
|
||||
/var/www/html/custom_apps \
|
||||
/var/www/html/data \
|
||||
/var/www/html/themes
|
||||
|
||||
exec "$@"
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue