mirror of
https://github.com/nextcloud/docker.git
synced 2025-04-21 11:06:09 +02:00
example of container-fs read-only
This commit is contained in:
Christian Kniep
parent
1a432d98fa
commit
040af10182
3 changed files with 93 additions and 25 deletions
|
|
@ -1,6 +1,10 @@
|
||||||
# DO NOT EDIT: created by update.sh from Dockerfile-debian.template
|
# DO NOT EDIT: created by update.sh from Dockerfile-debian.template
|
||||||
FROM php:7.4-apache-buster
|
FROM php:7.4-apache-buster
|
||||||
|
|
||||||
|
ENV NEXTCLOUD_VERSION 21.0.3
|
||||||
|
ENV PHP_MEMORY_LIMIT 512M
|
||||||
|
ENV PHP_UPLOAD_LIMIT 512M
|
||||||
|
|
||||||
# entrypoint.sh and cron.sh dependencies
|
# entrypoint.sh and cron.sh dependencies
|
||||||
RUN set -ex; \
|
RUN set -ex; \
|
||||||
\
|
\
|
||||||
|
|
@ -17,8 +21,6 @@ RUN set -ex; \
|
||||||
|
|
||||||
# install the PHP extensions we need
|
# install the PHP extensions we need
|
||||||
# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
|
# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
|
||||||
ENV PHP_MEMORY_LIMIT 512M
|
|
||||||
ENV PHP_UPLOAD_LIMIT 512M
|
|
||||||
RUN set -ex; \
|
RUN set -ex; \
|
||||||
\
|
\
|
||||||
savedAptMark="$(apt-mark showmanual)"; \
|
savedAptMark="$(apt-mark showmanual)"; \
|
||||||
|
|
@ -121,7 +123,6 @@ RUN a2enmod headers rewrite remoteip ;\
|
||||||
} > /etc/apache2/conf-available/remoteip.conf;\
|
} > /etc/apache2/conf-available/remoteip.conf;\
|
||||||
a2enconf remoteip
|
a2enconf remoteip
|
||||||
|
|
||||||
ENV NEXTCLOUD_VERSION 21.0.3
|
|
||||||
|
|
||||||
RUN set -ex; \
|
RUN set -ex; \
|
||||||
fetchDeps=" \
|
fetchDeps=" \
|
||||||
|
|
@ -139,19 +140,44 @@ RUN set -ex; \
|
||||||
# gpg key from https://nextcloud.com/nextcloud.asc
|
# gpg key from https://nextcloud.com/nextcloud.asc
|
||||||
gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
|
gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
|
||||||
gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
|
gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
|
||||||
tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
|
tar -xjf nextcloud.tar.bz2 --strip-components=1 -C . \
|
||||||
gpgconf --kill all; \
|
&& gpgconf --kill all; \
|
||||||
rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
|
rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
|
||||||
rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \
|
rm -rf "$GNUPGHOME" /var/www/html/updater; \
|
||||||
mkdir -p /usr/src/nextcloud/data; \
|
chmod +x /var/www/html/occ; \
|
||||||
mkdir -p /usr/src/nextcloud/custom_apps; \
|
|
||||||
chmod +x /usr/src/nextcloud/occ; \
|
|
||||||
\
|
\
|
||||||
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
|
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
|
||||||
rm -rf /var/lib/apt/lists/*
|
rm -rf /var/lib/apt/lists/* \
|
||||||
|
&& mkdir -p /usr/src/nextcloud \
|
||||||
|
&& mv /var/www/html/themes /usr/src/nextcloud/ \
|
||||||
|
&& mv /var/www/html/config /usr/src/nextcloud/
|
||||||
|
|
||||||
COPY *.sh upgrade.exclude /
|
### Volumes
|
||||||
|
# to store the pid
|
||||||
|
VOLUME /run/apache2
|
||||||
|
# /tmp for session data
|
||||||
|
VOLUME /tmp
|
||||||
|
#######
|
||||||
|
# A volume for each directory within the nextcloud installation, so that
|
||||||
|
# 1/ each one can be swapped out with a persistent volume
|
||||||
|
# 2/ file access is faster as it is not part of the overlay file-system
|
||||||
|
# 3/ if 2/ is crafted carefully it will eventually allow the container FS to be mounted read-only, which helps security
|
||||||
|
VOLUME /var/www/html/3rdparty
|
||||||
|
VOLUME /var/www/html/apps
|
||||||
|
VOLUME /var/www/html/config
|
||||||
|
VOLUME /var/www/html/core
|
||||||
|
VOLUME /var/www/html/custom_apps
|
||||||
|
VOLUME /var/www/html/data
|
||||||
|
VOLUME /var/www/html/lib
|
||||||
|
VOLUME /var/www/html/ocm-provider
|
||||||
|
VOLUME /var/www/html/ocs
|
||||||
|
VOLUME /var/www/html/ocs-provider
|
||||||
|
VOLUME /var/www/html/resources
|
||||||
|
VOLUME /var/www/html/themes
|
||||||
|
|
||||||
|
COPY entrypoint.sh /usr/local/bin/
|
||||||
|
COPY cron.sh /
|
||||||
COPY config/* /usr/src/nextcloud/config/
|
COPY config/* /usr/src/nextcloud/config/
|
||||||
|
|
||||||
ENTRYPOINT ["/entrypoint.sh"]
|
ENTRYPOINT []
|
||||||
CMD ["apache2-foreground"]
|
CMD ["/usr/local/bin/entrypoint.sh", "apache2-foreground"]
|
||||||
|
|
|
||||||
41
21.0/apache/docker-compose.yml
Normal file
41
21.0/apache/docker-compose.yml
Normal file
|
|
@ -0,0 +1,41 @@
|
||||||
|
version: "3.9"
|
||||||
|
|
||||||
|
services:
|
||||||
|
db:
|
||||||
|
image: mariadb:10.5
|
||||||
|
command: --transaction-isolation=READ-COMMITTED
|
||||||
|
volumes:
|
||||||
|
- db_data:/var/lib/mysql
|
||||||
|
restart: unless-stopped
|
||||||
|
environment:
|
||||||
|
MARIADB_RANDOM_ROOT_PASSWORD: "yes"
|
||||||
|
MYSQL_DATABASE: nextcloud
|
||||||
|
MYSQL_USER: nextcloud
|
||||||
|
MYSQL_PASSWORD: nextcloud
|
||||||
|
|
||||||
|
nextcloud:
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
image: ${NC_IMAGE_NAME:-nextcloud:latest}
|
||||||
|
volumes:
|
||||||
|
- nextcloud_data:/var/www/html/data
|
||||||
|
- nextcloud_apps:/var/www/html/apps
|
||||||
|
- nextcloud_config:/var/www/html/config
|
||||||
|
- nextcloud_themes:/var/www/html/themes
|
||||||
|
ports:
|
||||||
|
- "8000:80"
|
||||||
|
restart: always
|
||||||
|
environment:
|
||||||
|
NEXTCLOUD_ADMIN_USER: adminstrator
|
||||||
|
NEXTCLOUD_ADMIN_PASSWORD: adminpass
|
||||||
|
NEXTCLOUD_TRUSTED_DOMAINS: localhost
|
||||||
|
MYSQL_DATABASE: nextcloud
|
||||||
|
MYSQL_PASSWORD: nextcloud
|
||||||
|
MYSQL_USER: nextcloud
|
||||||
|
MYSQL_HOST: db
|
||||||
|
volumes:
|
||||||
|
db_data: {}
|
||||||
|
nextcloud_data: {}
|
||||||
|
nextcloud_apps: {}
|
||||||
|
nextcloud_config: {}
|
||||||
|
nextcloud_themes: {}
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
set -eu
|
set -eux
|
||||||
|
|
||||||
# version_greater A B returns whether A > B
|
# version_greater A B returns whether A > B
|
||||||
version_greater() {
|
version_greater() {
|
||||||
|
|
@ -78,12 +78,8 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
|
||||||
fi
|
fi
|
||||||
|
|
||||||
installed_version="0.0.0.0"
|
installed_version="0.0.0.0"
|
||||||
if [ -f /var/www/html/version.php ]; then
|
|
||||||
# shellcheck disable=SC2016
|
|
||||||
installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
|
|
||||||
fi
|
|
||||||
# shellcheck disable=SC2016
|
# shellcheck disable=SC2016
|
||||||
image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
|
image_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
|
||||||
|
|
||||||
if version_greater "$installed_version" "$image_version"; then
|
if version_greater "$installed_version" "$image_version"; then
|
||||||
echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
|
echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
|
||||||
|
|
@ -101,14 +97,13 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
|
||||||
else
|
else
|
||||||
rsync_options="-rlD"
|
rsync_options="-rlD"
|
||||||
fi
|
fi
|
||||||
rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/
|
## Carefully checking whether the persistent volumes we care about are empty.
|
||||||
|
for dir in config themes; do
|
||||||
for dir in config data custom_apps themes; do
|
|
||||||
if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
|
if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
|
||||||
rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
|
echo ">> Bootstraping '/var/www/html/${dir}'"
|
||||||
|
rsync $rsync_options /usr/src/nextcloud/${dir}/. /var/www/html/${dir}/.
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
|
|
||||||
echo "Initializing finished"
|
echo "Initializing finished"
|
||||||
|
|
||||||
#install
|
#install
|
||||||
|
|
@ -150,7 +145,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
|
||||||
install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"'
|
install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"'
|
||||||
install=true
|
install=true
|
||||||
fi
|
fi
|
||||||
|
chown -R www-data:root /var/www/html/apps /var/www/html/custom_apps /var/www/html/data
|
||||||
if [ "$install" = true ]; then
|
if [ "$install" = true ]; then
|
||||||
echo "starting nextcloud installation"
|
echo "starting nextcloud installation"
|
||||||
max_retries=10
|
max_retries=10
|
||||||
|
|
@ -191,4 +186,10 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
chown -R www-data:root \
|
||||||
|
/var/www/html/apps \
|
||||||
|
/var/www/html/custom_apps \
|
||||||
|
/var/www/html/data \
|
||||||
|
/var/www/html/themes
|
||||||
|
|
||||||
exec "$@"
|
exec "$@"
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue