mirror of
https://github.com/nextcloud/docker.git
synced 2025-06-17 00:24:47 +02:00
Merge pull request #2 from nextcloud/master
Merge master back from official one
This commit is contained in:
kgw4it
GitHub
commit
230bb49370
135 changed files with 3221 additions and 1164 deletions
|
|
@ -1,7 +1,7 @@
|
|||
# Examples section
|
||||
|
||||
In this subfolders are some examples how to use the docker image. There are two sections:
|
||||
|
||||
|
||||
* [`dockerfiles`](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles)
|
||||
* [`docker-compose`](https://github.com/nextcloud/docker/tree/master/.examples/docker-compose)
|
||||
|
||||
|
|
@ -13,7 +13,7 @@ The Dockerfiles use the default images as base image and build on top of it.
|
|||
|
||||
Example | Description
|
||||
------- | -------
|
||||
[cron](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/cron) | uses supervisor to run the cron job inside the container (so no extra container is needed).
|
||||
[cron](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/cron) | uses supervisor to run the cron job inside the container (so no extra container is needed). This image runs `supervisord` to start nextcloud and cron as two seperate processes inside the container.
|
||||
[imap](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/imap) | adds dependencies required to authenticate users via imap
|
||||
[smb](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/smb) | adds dependencies required to use smb shares
|
||||
[full](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/full) | adds dependencies for ALL optional packages and cron functionality via supervisor (as in the `cron` example Dockerfile).
|
||||
|
|
@ -21,49 +21,48 @@ Example | Description
|
|||
### full
|
||||
The `full` Dockerfile example adds dependencies for all optional packages suggested by nextcloud that may be needed for some features (e.g. Video Preview Generation), as stated in the [Administration Manual](https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html).
|
||||
|
||||
NOTE: The Dockerfile does not install the LibreOffice package (line is commented), because it would increase the generated Image size by approximately 500 MB. In order to install it, simply uncomment the 13th line of the Dockerfile.</br>
|
||||
NOTE: The Dockerfile does not install the LibreOffice package (line is commented), because it would increase the generated Image size by approximately 500 MB. In order to install it, simply uncomment the 13th line of the Dockerfile.
|
||||
|
||||
NOTE: Per default, only previews for BMP, GIF, JPEG, MarkDown, MP3, PNG, TXT, and XBitmap Files are generated. The configuration of the preview generation can be done in config.php, as explained in the [Administration Manual](https://docs.nextcloud.com/server/12/admin_manual/configuration_server/config_sample_php_parameters.html#previews)</br>
|
||||
NOTE: Per default, only previews for BMP, GIF, JPEG, MarkDown, MP3, PNG, TXT, and XBitmap Files are generated. The configuration of the preview generation can be done in config.php, as explained in the [Administration Manual](https://docs.nextcloud.com/server/12/admin_manual/configuration_server/config_sample_php_parameters.html#previews)
|
||||
|
||||
NOTE: Nextcloud recommends [disabling preview generation](https://docs.nextcloud.com/server/12/admin_manual/configuration_server/harden_server.html?highlight=enabledpreviewproviders#disable-preview-image-generation) for high security deployments, as preview generation opens your nextcloud instance to new possible attack vectors.</br>
|
||||
NOTE: Nextcloud recommends [disabling preview generation](https://docs.nextcloud.com/server/12/admin_manual/configuration_server/harden_server.html?highlight=enabledpreviewproviders#disable-preview-image-generation) for high security deployments, as preview generation opens your nextcloud instance to new possible attack vectors.
|
||||
|
||||
The required steps for each optional/recommended package that is not already in the Nextcloud image are listed here, so that the Dockerfile can easily be modified to only install the needed extra packages. Simply remove the steps for the unwanted packages from the Dockerfile.
|
||||
|
||||
#### PHP Module bz2
|
||||
`docker-php-ext-install bz2` </br>
|
||||
`docker-php-ext-install bz2`
|
||||
|
||||
#### PHP Module imagick
|
||||
`apt install libmagickwand-dev` </br>
|
||||
`pecl install imagick` </br>
|
||||
`docker-php-ext-enable imagick` </br>
|
||||
`apt install libmagickwand-dev`
|
||||
`pecl install imagick`
|
||||
`docker-php-ext-enable imagick`
|
||||
|
||||
#### PHP Module imap
|
||||
`apt install libc-client-dev libkrb5-dev` </br>
|
||||
`docker-php-ext-configure imap --with-kerberos --with-imap-ssl` </br>
|
||||
`docker-php-ext-install imap` </br>
|
||||
`apt install libc-client-dev libkrb5-dev`
|
||||
`docker-php-ext-configure imap --with-kerberos --with-imap-ssl`
|
||||
`docker-php-ext-install imap`
|
||||
|
||||
#### PHP Module gmp
|
||||
`apt install libgmp3-dev` </br>
|
||||
`docker-php-ext-install gmp` </br>
|
||||
`apt install libgmp3-dev`
|
||||
`docker-php-ext-install gmp`
|
||||
|
||||
#### PHP Module smbclient
|
||||
`apt install smbclient libsmbclient-dev` </br>
|
||||
`pecl install smbclient` </br>
|
||||
`docker-php-ext-enable smbclient` </br>
|
||||
`apt install smbclient libsmbclient-dev`
|
||||
`pecl install smbclient`
|
||||
`docker-php-ext-enable smbclient`
|
||||
|
||||
#### ffmpeg
|
||||
`echo "deb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/sources.list` </br>
|
||||
`apt install ffmpeg` </br>
|
||||
`apt install ffmpeg`
|
||||
|
||||
#### LibreOffice
|
||||
`apt install LibreOffice` </br>
|
||||
`apt install libreoffice`
|
||||
|
||||
#### CRON via supervisor
|
||||
`apt install supervisor` </br>
|
||||
`mkdir /var/log/supervisord /var/run/supervisord` </br>
|
||||
The following Dockerfile commands are also necessary for a sucessfull cron installation: </br>
|
||||
`COPY supervisord.conf /etc/supervisor/supervisord.conf` </br>
|
||||
`CMD ["/usr/bin/supervisord"]` </br>
|
||||
`apt install supervisor`
|
||||
`mkdir /var/log/supervisord /var/run/supervisord`
|
||||
The following Dockerfile commands are also necessary for a sucessfull cron installation:
|
||||
`COPY supervisord.conf /etc/supervisor/supervisord.conf`
|
||||
`CMD ["/usr/bin/supervisord"]`
|
||||
|
||||
|
||||
|
||||
|
|
@ -92,9 +91,12 @@ If you want to update your installation to a newer version of nextcloud, repeat
|
|||
|
||||
### with-nginx-proxy
|
||||
The nginx proxy adds a proxy layer between nextcloud and the internet. The proxy is designed to serve multiple sites on the same host machine.
|
||||
|
||||
The advantage in adding this layer is the ability to add a container for [Let's Encrypt](https://letsencrypt.org/) certificate handling.
|
||||
This combination of the [jwilder/nginx-proxy](https://github.com/jwilder/nginx-proxy) and [jrcs/docker-letsencrypt-nginx-proxy-companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion) containers creates a fully automated https encryption of the nextcloud installation without worrying about certificate generation, validation or renewal.
|
||||
|
||||
**This setup only works with a valid domain name on a server that is reachable from the internet.**
|
||||
|
||||
To use this example complete the following steps:
|
||||
|
||||
1. open `docker-compose.yml`
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
FROM mariadb
|
||||
#FROM mysql
|
||||
|
||||
COPY transaction-isolation.conf /etc/mysql/conf.d/transaction-isolation.conf
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
[mysqld]
|
||||
# Set Transaction isolation Level to READ-COMMITED (Required by nextcloud)
|
||||
# ================================================
|
||||
# https://docs.nextcloud.com/server/13/admin_manual/configuration_database/linux_database_configuration.html#database-read-commited-transaction-isolation-level
|
||||
transaction-isolation = READ-COMMITTED
|
||||
|
|
@ -2,7 +2,8 @@ version: '3'
|
|||
|
||||
services:
|
||||
db:
|
||||
build: ./db
|
||||
image: mariadb
|
||||
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
|
||||
restart: always
|
||||
volumes:
|
||||
- db:/var/lib/mysql
|
||||
|
|
@ -15,7 +16,7 @@ services:
|
|||
image: redis
|
||||
restart: always
|
||||
|
||||
app:
|
||||
app:
|
||||
build: ./app
|
||||
restart: always
|
||||
ports:
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
FROM mariadb
|
||||
#FROM mysql
|
||||
|
||||
COPY transaction-isolation.conf /etc/mysql/conf.d/transaction-isolation.conf
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
[mysqld]
|
||||
# Set Transaction isolation Level to READ-COMMITED (Required by nextcloud)
|
||||
# ================================================
|
||||
# https://docs.nextcloud.com/server/13/admin_manual/configuration_database/linux_database_configuration.html#database-read-commited-transaction-isolation-level
|
||||
transaction-isolation = READ-COMMITTED
|
||||
|
|
@ -2,7 +2,8 @@ version: '3'
|
|||
|
||||
services:
|
||||
db:
|
||||
build: ./db
|
||||
image: mariadb
|
||||
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
|
||||
restart: always
|
||||
volumes:
|
||||
- db:/var/lib/mysql
|
||||
|
|
@ -15,7 +16,7 @@ services:
|
|||
image: redis
|
||||
restart: always
|
||||
|
||||
app:
|
||||
app:
|
||||
build: ./app
|
||||
restart: always
|
||||
volumes:
|
||||
|
|
|
|||
|
|
@ -50,6 +50,7 @@ http {
|
|||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
add_header Referrer-Policy no-referrer;
|
||||
|
||||
root /var/www/html;
|
||||
|
||||
|
|
@ -89,7 +90,7 @@ http {
|
|||
#pagespeed off;
|
||||
|
||||
location / {
|
||||
rewrite ^ /index.php$uri;
|
||||
rewrite ^ /index.php$request_uri;
|
||||
}
|
||||
|
||||
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
|
||||
|
|
@ -121,7 +122,7 @@ http {
|
|||
# Adding the cache control header for js and css files
|
||||
# Make sure it is BELOW the PHP block
|
||||
location ~ \.(?:css|js|woff|svg|gif)$ {
|
||||
try_files $uri /index.php$uri$is_args$args;
|
||||
try_files $uri /index.php$request_uri;
|
||||
add_header Cache-Control "public, max-age=15778463";
|
||||
# Add headers to serve security related headers (It is intended to
|
||||
# have those duplicated to the ones above)
|
||||
|
|
@ -140,12 +141,14 @@ http {
|
|||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
add_header Referrer-Policy no-referrer;
|
||||
|
||||
# Optional: Don't log access to assets
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
|
||||
try_files $uri /index.php$uri$is_args$args;
|
||||
try_files $uri /index.php$request_uri;
|
||||
# Optional: Don't log access to other assets
|
||||
access_log off;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
FROM mariadb
|
||||
#FROM mysql
|
||||
|
||||
COPY transaction-isolation.conf /etc/mysql/conf.d/transaction-isolation.conf
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
[mysqld]
|
||||
# Set Transaction isolation Level to READ-COMMITED (Required by nextcloud)
|
||||
# ================================================
|
||||
# https://docs.nextcloud.com/server/13/admin_manual/configuration_database/linux_database_configuration.html#database-read-commited-transaction-isolation-level
|
||||
transaction-isolation = READ-COMMITTED
|
||||
|
|
@ -2,7 +2,8 @@ version: '3'
|
|||
|
||||
services:
|
||||
db:
|
||||
build: ./db
|
||||
image: mariadb
|
||||
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
|
||||
restart: always
|
||||
volumes:
|
||||
- db:/var/lib/mysql
|
||||
|
|
@ -11,7 +12,7 @@ services:
|
|||
env_file:
|
||||
- db.env
|
||||
|
||||
app:
|
||||
app:
|
||||
image: nextcloud:apache
|
||||
restart: always
|
||||
ports:
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
FROM mariadb
|
||||
#FROM mysql
|
||||
|
||||
COPY transaction-isolation.conf /etc/mysql/conf.d/transaction-isolation.conf
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
[mysqld]
|
||||
# Set Transaction isolation Level to READ-COMMITED (Required by nextcloud)
|
||||
# ================================================
|
||||
# https://docs.nextcloud.com/server/13/admin_manual/configuration_database/linux_database_configuration.html#database-read-commited-transaction-isolation-level
|
||||
transaction-isolation = READ-COMMITTED
|
||||
|
|
@ -2,7 +2,8 @@ version: '3'
|
|||
|
||||
services:
|
||||
db:
|
||||
build: ./db
|
||||
image: mariadb
|
||||
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
|
||||
restart: always
|
||||
volumes:
|
||||
- db:/var/lib/mysql
|
||||
|
|
@ -11,7 +12,7 @@ services:
|
|||
env_file:
|
||||
- db.env
|
||||
|
||||
app:
|
||||
app:
|
||||
image: nextcloud:fpm
|
||||
restart: always
|
||||
volumes:
|
||||
|
|
|
|||
|
|
@ -50,6 +50,7 @@ http {
|
|||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
add_header Referrer-Policy no-referrer;
|
||||
|
||||
root /var/www/html;
|
||||
|
||||
|
|
@ -89,7 +90,7 @@ http {
|
|||
#pagespeed off;
|
||||
|
||||
location / {
|
||||
rewrite ^ /index.php$uri;
|
||||
rewrite ^ /index.php$request_uri;
|
||||
}
|
||||
|
||||
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
|
||||
|
|
@ -121,7 +122,7 @@ http {
|
|||
# Adding the cache control header for js and css files
|
||||
# Make sure it is BELOW the PHP block
|
||||
location ~ \.(?:css|js|woff|svg|gif)$ {
|
||||
try_files $uri /index.php$uri$is_args$args;
|
||||
try_files $uri /index.php$request_uri;
|
||||
add_header Cache-Control "public, max-age=15778463";
|
||||
# Add headers to serve security related headers (It is intended to
|
||||
# have those duplicated to the ones above)
|
||||
|
|
@ -140,12 +141,14 @@ http {
|
|||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
add_header Referrer-Policy no-referrer;
|
||||
|
||||
# Optional: Don't log access to assets
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
|
||||
try_files $uri /index.php$uri$is_args$args;
|
||||
try_files $uri /index.php$request_uri;
|
||||
# Optional: Don't log access to other assets
|
||||
access_log off;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ services:
|
|||
env_file:
|
||||
- db.env
|
||||
|
||||
app:
|
||||
app:
|
||||
image: nextcloud:apache
|
||||
restart: always
|
||||
ports:
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ services:
|
|||
env_file:
|
||||
- db.env
|
||||
|
||||
app:
|
||||
app:
|
||||
image: nextcloud:fpm
|
||||
restart: always
|
||||
volumes:
|
||||
|
|
|
|||
|
|
@ -50,6 +50,7 @@ http {
|
|||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
add_header Referrer-Policy no-referrer;
|
||||
|
||||
root /var/www/html;
|
||||
|
||||
|
|
@ -89,7 +90,7 @@ http {
|
|||
#pagespeed off;
|
||||
|
||||
location / {
|
||||
rewrite ^ /index.php$uri;
|
||||
rewrite ^ /index.php$request_uri;
|
||||
}
|
||||
|
||||
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
|
||||
|
|
@ -121,7 +122,7 @@ http {
|
|||
# Adding the cache control header for js and css files
|
||||
# Make sure it is BELOW the PHP block
|
||||
location ~ \.(?:css|js|woff|svg|gif)$ {
|
||||
try_files $uri /index.php$uri$is_args$args;
|
||||
try_files $uri /index.php$request_uri;
|
||||
add_header Cache-Control "public, max-age=15778463";
|
||||
# Add headers to serve security related headers (It is intended to
|
||||
# have those duplicated to the ones above)
|
||||
|
|
@ -140,12 +141,14 @@ http {
|
|||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
add_header Referrer-Policy no-referrer;
|
||||
|
||||
# Optional: Don't log access to assets
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
|
||||
try_files $uri /index.php$uri$is_args$args;
|
||||
try_files $uri /index.php$request_uri;
|
||||
# Optional: Don't log access to other assets
|
||||
access_log off;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
MYSQL_PASSWORD=
|
||||
MYSQL_DATABASE=nextcloud
|
||||
MYSQL_USER=nextcloud
|
||||
|
|
@ -0,0 +1,78 @@
|
|||
version: '3'
|
||||
|
||||
services:
|
||||
db:
|
||||
image: mariadb
|
||||
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
|
||||
restart: always
|
||||
volumes:
|
||||
- db:/var/lib/mysql
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD=
|
||||
env_file:
|
||||
- db.env
|
||||
|
||||
app:
|
||||
image: nextcloud:fpm
|
||||
restart: always
|
||||
volumes:
|
||||
- nextcloud:/var/www/html
|
||||
environment:
|
||||
- MYSQL_HOST=db
|
||||
env_file:
|
||||
- db.env
|
||||
depends_on:
|
||||
- db
|
||||
|
||||
web:
|
||||
build: ./web
|
||||
restart: always
|
||||
volumes:
|
||||
- nextcloud:/var/www/html:ro
|
||||
environment:
|
||||
- VIRTUAL_HOST=
|
||||
depends_on:
|
||||
- app
|
||||
networks:
|
||||
- proxy-tier
|
||||
- default
|
||||
|
||||
proxy:
|
||||
build: ./proxy
|
||||
restart: always
|
||||
ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
volumes:
|
||||
- certs:/etc/nginx/certs:ro
|
||||
- vhost.d:/etc/nginx/vhost.d
|
||||
- html:/usr/share/nginx/html
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
networks:
|
||||
- proxy-tier
|
||||
depends_on:
|
||||
- omgwtfssl
|
||||
|
||||
omgwtfssl:
|
||||
image: paulczar/omgwtfssl
|
||||
restart: "no"
|
||||
volumes:
|
||||
- certs:/certs
|
||||
environment:
|
||||
- SSL_SUBJECT=servhostname.local
|
||||
- CA_SUBJECT=my@example.com
|
||||
- SSL_KEY=/certs/servhostname.local.key
|
||||
- SSL_CSR=/certs/servhostname.local.csr
|
||||
- SSL_CERT=/certs/servhostname.local.crt
|
||||
networks:
|
||||
- proxy-tier
|
||||
|
||||
volumes:
|
||||
db:
|
||||
nextcloud:
|
||||
certs:
|
||||
vhost.d:
|
||||
html:
|
||||
|
||||
networks:
|
||||
proxy-tier:
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
FROM jwilder/nginx-proxy:alpine
|
||||
|
||||
COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf
|
||||
|
|
@ -0,0 +1 @@
|
|||
client_max_body_size 10G;
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
FROM nginx
|
||||
|
||||
COPY nginx.conf /etc/nginx/nginx.conf
|
||||
|
|
@ -0,0 +1,162 @@
|
|||
user www-data;
|
||||
worker_processes 1;
|
||||
|
||||
error_log /var/log/nginx/error.log warn;
|
||||
pid /var/run/nginx.pid;
|
||||
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
|
||||
http {
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
|
||||
access_log /var/log/nginx/access.log main;
|
||||
|
||||
sendfile on;
|
||||
#tcp_nopush on;
|
||||
|
||||
keepalive_timeout 65;
|
||||
|
||||
set_real_ip_from 10.0.0.0/8;
|
||||
set_real_ip_from 172.16.0.0/12;
|
||||
set_real_ip_from 192.168.0.0/16;
|
||||
real_ip_header X-Real-IP;
|
||||
|
||||
#gzip on;
|
||||
|
||||
upstream php-handler {
|
||||
server app:9000;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
|
||||
# Add headers to serve security related headers
|
||||
# Before enabling Strict-Transport-Security headers please read into this
|
||||
# topic first.
|
||||
# add_header Strict-Transport-Security "max-age=15768000;
|
||||
# includeSubDomains; preload;";
|
||||
#
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
add_header Referrer-Policy no-referrer;
|
||||
|
||||
root /var/www/html;
|
||||
|
||||
location = /robots.txt {
|
||||
allow all;
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# The following 2 rules are only needed for the user_webfinger app.
|
||||
# Uncomment it if you're planning to use this app.
|
||||
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
|
||||
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
|
||||
# last;
|
||||
|
||||
location = /.well-known/carddav {
|
||||
return 301 $scheme://$host/remote.php/dav;
|
||||
}
|
||||
location = /.well-known/caldav {
|
||||
return 301 $scheme://$host/remote.php/dav;
|
||||
}
|
||||
|
||||
# set max upload size
|
||||
client_max_body_size 10G;
|
||||
fastcgi_buffers 64 4K;
|
||||
|
||||
# Enable gzip but do not remove ETag headers
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_comp_level 4;
|
||||
gzip_min_length 256;
|
||||
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
||||
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
||||
|
||||
# Uncomment if your server is build with the ngx_pagespeed module
|
||||
# This module is currently not supported.
|
||||
#pagespeed off;
|
||||
|
||||
location / {
|
||||
rewrite ^ /index.php$request_uri;
|
||||
}
|
||||
|
||||
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
|
||||
deny all;
|
||||
}
|
||||
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
|
||||
fastcgi_split_path_info ^(.+\.php)(/.*)$;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
# fastcgi_param HTTPS on;
|
||||
#Avoid sending the security headers twice
|
||||
fastcgi_param modHeadersAvailable true;
|
||||
fastcgi_param front_controller_active true;
|
||||
fastcgi_pass php-handler;
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_request_buffering off;
|
||||
}
|
||||
|
||||
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
|
||||
try_files $uri/ =404;
|
||||
index index.php;
|
||||
}
|
||||
|
||||
# Adding the cache control header for js and css files
|
||||
# Make sure it is BELOW the PHP block
|
||||
location ~ \.(?:css|js|woff|svg|gif)$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
add_header Cache-Control "public, max-age=15778463";
|
||||
# Add headers to serve security related headers (It is intended to
|
||||
# have those duplicated to the ones above)
|
||||
# Before enabling Strict-Transport-Security headers please read into
|
||||
# this topic first.
|
||||
# add_header Strict-Transport-Security "max-age=15768000;
|
||||
# includeSubDomains; preload;";
|
||||
#
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
add_header Referrer-Policy no-referrer;
|
||||
|
||||
# Optional: Don't log access to assets
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
# Optional: Don't log access to other assets
|
||||
access_log off;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
FROM mariadb
|
||||
#FROM mysql
|
||||
|
||||
COPY transaction-isolation.conf /etc/mysql/conf.d/transaction-isolation.conf
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
[mysqld]
|
||||
# Set Transaction isolation Level to READ-COMMITED (Required by nextcloud)
|
||||
# ================================================
|
||||
# https://docs.nextcloud.com/server/13/admin_manual/configuration_database/linux_database_configuration.html#database-read-commited-transaction-isolation-level
|
||||
transaction-isolation = READ-COMMITTED
|
||||
|
|
@ -2,7 +2,8 @@ version: '3'
|
|||
|
||||
services:
|
||||
db:
|
||||
build: ./db
|
||||
image: mariadb
|
||||
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
|
||||
restart: always
|
||||
volumes:
|
||||
- db:/var/lib/mysql
|
||||
|
|
@ -15,7 +16,7 @@ services:
|
|||
image: redis
|
||||
restart: always
|
||||
|
||||
app:
|
||||
app:
|
||||
build: ./app
|
||||
restart: always
|
||||
volumes:
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
FROM mariadb
|
||||
#FROM mysql
|
||||
|
||||
COPY transaction-isolation.conf /etc/mysql/conf.d/transaction-isolation.conf
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
[mysqld]
|
||||
# Set Transaction isolation Level to READ-COMMITED (Required by nextcloud)
|
||||
# ================================================
|
||||
# https://docs.nextcloud.com/server/13/admin_manual/configuration_database/linux_database_configuration.html#database-read-commited-transaction-isolation-level
|
||||
transaction-isolation = READ-COMMITTED
|
||||
|
|
@ -2,7 +2,8 @@ version: '3'
|
|||
|
||||
services:
|
||||
db:
|
||||
build: ./db
|
||||
image: mariadb
|
||||
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
|
||||
restart: always
|
||||
volumes:
|
||||
- db:/var/lib/mysql
|
||||
|
|
@ -15,7 +16,7 @@ services:
|
|||
image: redis
|
||||
restart: always
|
||||
|
||||
app:
|
||||
app:
|
||||
build: ./app
|
||||
restart: always
|
||||
volumes:
|
||||
|
|
|
|||
|
|
@ -55,6 +55,7 @@ http {
|
|||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
add_header Referrer-Policy no-referrer;
|
||||
|
||||
root /var/www/html;
|
||||
|
||||
|
|
@ -94,7 +95,7 @@ http {
|
|||
#pagespeed off;
|
||||
|
||||
location / {
|
||||
rewrite ^ /index.php$uri;
|
||||
rewrite ^ /index.php$request_uri;
|
||||
}
|
||||
|
||||
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
|
||||
|
|
@ -126,7 +127,7 @@ http {
|
|||
# Adding the cache control header for js and css files
|
||||
# Make sure it is BELOW the PHP block
|
||||
location ~ \.(?:css|js|woff|svg|gif)$ {
|
||||
try_files $uri /index.php$uri$is_args$args;
|
||||
try_files $uri /index.php$request_uri;
|
||||
add_header Cache-Control "public, max-age=15778463";
|
||||
# Add headers to serve security related headers (It is intended to
|
||||
# have those duplicated to the ones above)
|
||||
|
|
@ -145,12 +146,14 @@ http {
|
|||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
add_header Referrer-Policy no-referrer;
|
||||
|
||||
# Optional: Don't log access to assets
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
|
||||
try_files $uri /index.php$uri$is_args$args;
|
||||
try_files $uri /index.php$request_uri;
|
||||
# Optional: Don't log access to other assets
|
||||
access_log off;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
FROM mariadb
|
||||
#FROM mysql
|
||||
|
||||
COPY transaction-isolation.conf /etc/mysql/conf.d/transaction-isolation.conf
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
[mysqld]
|
||||
# Set Transaction isolation Level to READ-COMMITED (Required by nextcloud)
|
||||
# ================================================
|
||||
# https://docs.nextcloud.com/server/13/admin_manual/configuration_database/linux_database_configuration.html#database-read-commited-transaction-isolation-level
|
||||
transaction-isolation = READ-COMMITTED
|
||||
|
|
@ -2,7 +2,8 @@ version: '3'
|
|||
|
||||
services:
|
||||
db:
|
||||
build: ./db
|
||||
image: mariadb
|
||||
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
|
||||
restart: always
|
||||
volumes:
|
||||
- db:/var/lib/mysql
|
||||
|
|
@ -11,7 +12,7 @@ services:
|
|||
env_file:
|
||||
- db.env
|
||||
|
||||
app:
|
||||
app:
|
||||
image: nextcloud:apache
|
||||
restart: always
|
||||
volumes:
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
FROM mariadb
|
||||
#FROM mysql
|
||||
|
||||
COPY transaction-isolation.conf /etc/mysql/conf.d/transaction-isolation.conf
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
[mysqld]
|
||||
# Set Transaction isolation Level to READ-COMMITED (Required by nextcloud)
|
||||
# ================================================
|
||||
# https://docs.nextcloud.com/server/13/admin_manual/configuration_database/linux_database_configuration.html#database-read-commited-transaction-isolation-level
|
||||
transaction-isolation = READ-COMMITTED
|
||||
|
|
@ -2,7 +2,8 @@ version: '3'
|
|||
|
||||
services:
|
||||
db:
|
||||
build: ./db
|
||||
image: mariadb
|
||||
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
|
||||
restart: always
|
||||
volumes:
|
||||
- db:/var/lib/mysql
|
||||
|
|
@ -11,7 +12,7 @@ services:
|
|||
env_file:
|
||||
- db.env
|
||||
|
||||
app:
|
||||
app:
|
||||
image: nextcloud:fpm
|
||||
restart: always
|
||||
volumes:
|
||||
|
|
|
|||
|
|
@ -55,6 +55,7 @@ http {
|
|||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
add_header Referrer-Policy no-referrer;
|
||||
|
||||
root /var/www/html;
|
||||
|
||||
|
|
@ -94,7 +95,7 @@ http {
|
|||
#pagespeed off;
|
||||
|
||||
location / {
|
||||
rewrite ^ /index.php$uri;
|
||||
rewrite ^ /index.php$request_uri;
|
||||
}
|
||||
|
||||
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
|
||||
|
|
@ -126,7 +127,7 @@ http {
|
|||
# Adding the cache control header for js and css files
|
||||
# Make sure it is BELOW the PHP block
|
||||
location ~ \.(?:css|js|woff|svg|gif)$ {
|
||||
try_files $uri /index.php$uri$is_args$args;
|
||||
try_files $uri /index.php$request_uri;
|
||||
add_header Cache-Control "public, max-age=15778463";
|
||||
# Add headers to serve security related headers (It is intended to
|
||||
# have those duplicated to the ones above)
|
||||
|
|
@ -145,12 +146,14 @@ http {
|
|||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
add_header Referrer-Policy no-referrer;
|
||||
|
||||
# Optional: Don't log access to assets
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
|
||||
try_files $uri /index.php$uri$is_args$args;
|
||||
try_files $uri /index.php$request_uri;
|
||||
# Optional: Don't log access to other assets
|
||||
access_log off;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ services:
|
|||
env_file:
|
||||
- db.env
|
||||
|
||||
app:
|
||||
app:
|
||||
image: nextcloud:apache
|
||||
restart: always
|
||||
volumes:
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ services:
|
|||
env_file:
|
||||
- db.env
|
||||
|
||||
app:
|
||||
app:
|
||||
image: nextcloud:fpm
|
||||
restart: always
|
||||
volumes:
|
||||
|
|
|
|||
|
|
@ -55,6 +55,7 @@ http {
|
|||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
add_header Referrer-Policy no-referrer;
|
||||
|
||||
root /var/www/html;
|
||||
|
||||
|
|
@ -94,7 +95,7 @@ http {
|
|||
#pagespeed off;
|
||||
|
||||
location / {
|
||||
rewrite ^ /index.php$uri;
|
||||
rewrite ^ /index.php$request_uri;
|
||||
}
|
||||
|
||||
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
|
||||
|
|
@ -126,7 +127,7 @@ http {
|
|||
# Adding the cache control header for js and css files
|
||||
# Make sure it is BELOW the PHP block
|
||||
location ~ \.(?:css|js|woff|svg|gif)$ {
|
||||
try_files $uri /index.php$uri$is_args$args;
|
||||
try_files $uri /index.php$request_uri;
|
||||
add_header Cache-Control "public, max-age=15778463";
|
||||
# Add headers to serve security related headers (It is intended to
|
||||
# have those duplicated to the ones above)
|
||||
|
|
@ -145,12 +146,14 @@ http {
|
|||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
add_header Referrer-Policy no-referrer;
|
||||
|
||||
# Optional: Don't log access to assets
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
|
||||
try_files $uri /index.php$uri$is_args$args;
|
||||
try_files $uri /index.php$request_uri;
|
||||
# Optional: Don't log access to other assets
|
||||
access_log off;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -7,4 +7,6 @@ RUN apt-get update && apt-get install -y \
|
|||
|
||||
COPY supervisord.conf /etc/supervisor/supervisord.conf
|
||||
|
||||
ENV NEXTCLOUD_UPDATE=1
|
||||
|
||||
CMD ["/usr/bin/supervisord"]
|
||||
|
|
|
|||
|
|
@ -7,4 +7,6 @@ RUN apt-get update && apt-get install -y \
|
|||
|
||||
COPY supervisord.conf /etc/supervisor/supervisord.conf
|
||||
|
||||
ENV NEXTCLOUD_UPDATE=1
|
||||
|
||||
CMD ["/usr/bin/supervisord"]
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
FROM nextcloud:apache
|
||||
|
||||
RUN echo "deb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/sources.list \
|
||||
RUN mkdir -p /usr/share/man/man1 \
|
||||
&& apt-get update && apt-get install -y \
|
||||
supervisor \
|
||||
ffmpeg \
|
||||
|
|
@ -11,7 +11,7 @@ RUN echo "deb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/so
|
|||
libkrb5-dev \
|
||||
smbclient \
|
||||
libsmbclient-dev \
|
||||
# LibreOffice \
|
||||
# libreoffice \
|
||||
&& rm -rf /var/lib/apt/lists/* \
|
||||
&& docker-php-ext-configure imap --with-kerberos --with-imap-ssl \
|
||||
&& ln -s "/usr/include/$(dpkg-architecture --query DEB_BUILD_MULTIARCH)/gmp.h" /usr/include/gmp.h \
|
||||
|
|
@ -30,4 +30,6 @@ RUN echo "deb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/so
|
|||
|
||||
COPY supervisord.conf /etc/supervisor/supervisord.conf
|
||||
|
||||
ENV NEXTCLOUD_UPDATE=1
|
||||
|
||||
CMD ["/usr/bin/supervisord"]
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
FROM nextcloud:fpm
|
||||
|
||||
RUN echo "deb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/sources.list \
|
||||
RUN mkdir -p /usr/share/man/man1 \
|
||||
&& apt-get update && apt-get install -y \
|
||||
supervisor \
|
||||
ffmpeg \
|
||||
|
|
@ -10,7 +10,7 @@ RUN echo "deb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/so
|
|||
libkrb5-dev \
|
||||
smbclient \
|
||||
libsmbclient-dev \
|
||||
# LibreOffice \
|
||||
# libreoffice \
|
||||
&& rm -rf /var/lib/apt/lists/* \
|
||||
&& docker-php-ext-configure imap --with-kerberos --with-imap-ssl \
|
||||
&& ln -s "/usr/include/$(dpkg-architecture --query DEB_BUILD_MULTIARCH)/gmp.h" /usr/include/gmp.h \
|
||||
|
|
@ -21,4 +21,6 @@ RUN echo "deb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/so
|
|||
|
||||
COPY supervisord.conf /etc/supervisor/supervisord.conf
|
||||
|
||||
ENV NEXTCLOUD_UPDATE=1
|
||||
|
||||
CMD ["/usr/bin/supervisord"]
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue