diff --git a/.examples/dockerfiles/full/apache/Dockerfile b/.examples/dockerfiles/full/apache/Dockerfile index 179307cc..7ed0a942 100644 --- a/.examples/dockerfiles/full/apache/Dockerfile +++ b/.examples/dockerfiles/full/apache/Dockerfile @@ -38,9 +38,9 @@ RUN set -ex; \ apt-mark auto '.*' > /dev/null; \ apt-mark manual $savedAptMark; \ ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ - | awk '/=>/ { print $3 }' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ | sort -u \ - | xargs -r dpkg-query -S \ + | xargs -r dpkg-query --search \ | cut -d: -f1 \ | sort -u \ | xargs -rt apt-mark manual; \ diff --git a/.examples/dockerfiles/full/fpm/Dockerfile b/.examples/dockerfiles/full/fpm/Dockerfile index 218f63bd..2ccf6b1b 100644 --- a/.examples/dockerfiles/full/fpm/Dockerfile +++ b/.examples/dockerfiles/full/fpm/Dockerfile @@ -38,9 +38,9 @@ RUN set -ex; \ apt-mark auto '.*' > /dev/null; \ apt-mark manual $savedAptMark; \ ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ - | awk '/=>/ { print $3 }' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ | sort -u \ - | xargs -r dpkg-query -S \ + | xargs -r dpkg-query --search \ | cut -d: -f1 \ | sort -u \ | xargs -rt apt-mark manual; \ diff --git a/.examples/dockerfiles/imap/apache/Dockerfile b/.examples/dockerfiles/imap/apache/Dockerfile index 5f24c756..02e7c3fe 100644 --- a/.examples/dockerfiles/imap/apache/Dockerfile +++ b/.examples/dockerfiles/imap/apache/Dockerfile @@ -17,9 +17,9 @@ RUN set -ex; \ apt-mark auto '.*' > /dev/null; \ apt-mark manual $savedAptMark; \ ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ - | awk '/=>/ { print $3 }' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ | sort -u \ - | xargs -r dpkg-query -S \ + | xargs -r dpkg-query --search \ | cut -d: -f1 \ | sort -u \ | xargs -rt apt-mark manual; \ diff --git a/.examples/dockerfiles/imap/fpm/Dockerfile b/.examples/dockerfiles/imap/fpm/Dockerfile index f692fd7a..883f1b80 100644 --- a/.examples/dockerfiles/imap/fpm/Dockerfile +++ b/.examples/dockerfiles/imap/fpm/Dockerfile @@ -17,9 +17,9 @@ RUN set -ex; \ apt-mark auto '.*' > /dev/null; \ apt-mark manual $savedAptMark; \ ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ - | awk '/=>/ { print $3 }' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ | sort -u \ - | xargs -r dpkg-query -S \ + | xargs -r dpkg-query --search \ | cut -d: -f1 \ | sort -u \ | xargs -rt apt-mark manual; \ diff --git a/25/apache/Dockerfile b/25/apache/Dockerfile index 150d0cc7..927d23ba 100644 --- a/25/apache/Dockerfile +++ b/25/apache/Dockerfile @@ -79,9 +79,9 @@ RUN set -ex; \ apt-mark auto '.*' > /dev/null; \ apt-mark manual $savedAptMark; \ ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ - | awk '/=>/ { print $3 }' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ | sort -u \ - | xargs -r dpkg-query -S \ + | xargs -r dpkg-query --search \ | cut -d: -f1 \ | sort -u \ | xargs -rt apt-mark manual; \ @@ -111,6 +111,11 @@ RUN { \ } > "${PHP_INI_DIR}/conf.d/nextcloud.ini"; \ \ mkdir /var/www/data; \ + mkdir -p /docker-entrypoint-hooks.d/pre-installation \ + /docker-entrypoint-hooks.d/post-installation \ + /docker-entrypoint-hooks.d/pre-upgrade \ + /docker-entrypoint-hooks.d/post-upgrade \ + /docker-entrypoint-hooks.d/before-starting; \ chown -R www-data:root /var/www; \ chmod -R g=u /var/www @@ -119,13 +124,13 @@ VOLUME /var/www/html RUN a2enmod headers rewrite remoteip ;\ {\ echo RemoteIPHeader X-Real-IP ;\ - echo RemoteIPTrustedProxy 10.0.0.0/8 ;\ - echo RemoteIPTrustedProxy 172.16.0.0/12 ;\ - echo RemoteIPTrustedProxy 192.168.0.0/16 ;\ + echo RemoteIPInternalProxy 10.0.0.0/8 ;\ + echo RemoteIPInternalProxy 172.16.0.0/12 ;\ + echo RemoteIPInternalProxy 192.168.0.0/16 ;\ } > /etc/apache2/conf-available/remoteip.conf;\ a2enconf remoteip -ENV NEXTCLOUD_VERSION 25.0.7 +ENV NEXTCLOUD_VERSION 25.0.10 RUN set -ex; \ fetchDeps=" \ @@ -135,8 +140,8 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends $fetchDeps; \ \ - curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-25.0.7.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-25.0.7.tar.bz2.asc"; \ + curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-25.0.10.tar.bz2"; \ + curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-25.0.10.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ diff --git a/25/apache/entrypoint.sh b/25/apache/entrypoint.sh index 37441fd8..4c85f6ad 100755 --- a/25/apache/entrypoint.sh +++ b/25/apache/entrypoint.sh @@ -19,6 +19,39 @@ run_as() { fi } +# Execute all executable files in a given directory in alphanumeric order +run_path() { + local hook_folder_path="/docker-entrypoint-hooks.d/$1" + local return_code=0 + + echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}" + + if [ -z "$(ls -A "${hook_folder_path}")" ]; then + echo "==> but the hook folder \"$(basename "${hook_folder_path}")\" is empty, so nothing to do" + return 0 + fi + + ( + for script_file_path in "${hook_folder_path}/"*.sh; do + if ! [ -x "${script_file_path}" ] && [ -f "${script_file_path}" ]; then + echo "==> The script \"${script_file_path}\" in the folder \"${hook_folder_path}\" was skipping, because it didn't have the executable flag" + continue + fi + + echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\"" + + run_as "${script_file_path}" || return_code="$?" + + if [ "${return_code}" -ne "0" ]; then + echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}" + exit 1 + fi + + echo "==> Finished the script: \"${script_file_path}\"" + done + ) +} + # usage: file_env VAR [DEFAULT] # ie: file_env 'XYZ_DB_PASSWORD' 'example' # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of @@ -124,6 +157,11 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP if version_greater "$image_version" "$installed_version"; then echo "Initializing nextcloud $image_version ..." if [ "$installed_version" != "0.0.0.0" ]; then + if [ "${image_version%%.*}" -gt "$((${installed_version%%.*} + 1))" ]; then + echo "Can't start Nextcloud because upgrading from $installed_version to $image_version is not supported." + echo "It is only possible to upgrade one major version at a time. For example, if you want to upgrade from version 14 to 16, you will have to upgrade from version 14 to 15, then from 15 to 16." + exit 1 + fi echo "Upgrading nextcloud from $installed_version ..." run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before fi @@ -182,6 +220,8 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP fi if [ "$install" = true ]; then + run_path pre-installation + echo "Starting nextcloud installation" max_retries=10 try=0 @@ -204,12 +244,16 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1)) done fi + + run_path post-installation else echo "Please run the web-based installer on first connect!" fi fi # Upgrade else + run_path pre-upgrade + run_as 'php /var/www/html/occ upgrade' run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after @@ -217,6 +261,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 rm -f /tmp/list_before /tmp/list_after + run_path post-upgrade fi echo "Initializing finished" @@ -227,6 +272,8 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP run_as 'php /var/www/html/occ maintenance:update:htaccess' fi ) 9> /var/www/html/nextcloud-init-sync.lock + + run_path before-starting fi exec "$@" diff --git a/25/fpm-alpine/Dockerfile b/25/fpm-alpine/Dockerfile index 460cfb46..3d2f6b25 100644 --- a/25/fpm-alpine/Dockerfile +++ b/25/fpm-alpine/Dockerfile @@ -99,13 +99,18 @@ RUN { \ } > "${PHP_INI_DIR}/conf.d/nextcloud.ini"; \ \ mkdir /var/www/data; \ + mkdir -p /docker-entrypoint-hooks.d/pre-installation \ + /docker-entrypoint-hooks.d/post-installation \ + /docker-entrypoint-hooks.d/pre-upgrade \ + /docker-entrypoint-hooks.d/post-upgrade \ + /docker-entrypoint-hooks.d/before-starting; \ chown -R www-data:root /var/www; \ chmod -R g=u /var/www VOLUME /var/www/html -ENV NEXTCLOUD_VERSION 25.0.7 +ENV NEXTCLOUD_VERSION 25.0.10 RUN set -ex; \ apk add --no-cache --virtual .fetch-deps \ @@ -113,8 +118,8 @@ RUN set -ex; \ gnupg \ ; \ \ - curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-25.0.7.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-25.0.7.tar.bz2.asc"; \ + curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-25.0.10.tar.bz2"; \ + curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-25.0.10.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ diff --git a/25/fpm-alpine/entrypoint.sh b/25/fpm-alpine/entrypoint.sh index 37441fd8..4c85f6ad 100755 --- a/25/fpm-alpine/entrypoint.sh +++ b/25/fpm-alpine/entrypoint.sh @@ -19,6 +19,39 @@ run_as() { fi } +# Execute all executable files in a given directory in alphanumeric order +run_path() { + local hook_folder_path="/docker-entrypoint-hooks.d/$1" + local return_code=0 + + echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}" + + if [ -z "$(ls -A "${hook_folder_path}")" ]; then + echo "==> but the hook folder \"$(basename "${hook_folder_path}")\" is empty, so nothing to do" + return 0 + fi + + ( + for script_file_path in "${hook_folder_path}/"*.sh; do + if ! [ -x "${script_file_path}" ] && [ -f "${script_file_path}" ]; then + echo "==> The script \"${script_file_path}\" in the folder \"${hook_folder_path}\" was skipping, because it didn't have the executable flag" + continue + fi + + echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\"" + + run_as "${script_file_path}" || return_code="$?" + + if [ "${return_code}" -ne "0" ]; then + echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}" + exit 1 + fi + + echo "==> Finished the script: \"${script_file_path}\"" + done + ) +} + # usage: file_env VAR [DEFAULT] # ie: file_env 'XYZ_DB_PASSWORD' 'example' # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of @@ -124,6 +157,11 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP if version_greater "$image_version" "$installed_version"; then echo "Initializing nextcloud $image_version ..." if [ "$installed_version" != "0.0.0.0" ]; then + if [ "${image_version%%.*}" -gt "$((${installed_version%%.*} + 1))" ]; then + echo "Can't start Nextcloud because upgrading from $installed_version to $image_version is not supported." + echo "It is only possible to upgrade one major version at a time. For example, if you want to upgrade from version 14 to 16, you will have to upgrade from version 14 to 15, then from 15 to 16." + exit 1 + fi echo "Upgrading nextcloud from $installed_version ..." run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before fi @@ -182,6 +220,8 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP fi if [ "$install" = true ]; then + run_path pre-installation + echo "Starting nextcloud installation" max_retries=10 try=0 @@ -204,12 +244,16 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1)) done fi + + run_path post-installation else echo "Please run the web-based installer on first connect!" fi fi # Upgrade else + run_path pre-upgrade + run_as 'php /var/www/html/occ upgrade' run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after @@ -217,6 +261,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 rm -f /tmp/list_before /tmp/list_after + run_path post-upgrade fi echo "Initializing finished" @@ -227,6 +272,8 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP run_as 'php /var/www/html/occ maintenance:update:htaccess' fi ) 9> /var/www/html/nextcloud-init-sync.lock + + run_path before-starting fi exec "$@" diff --git a/25/fpm/Dockerfile b/25/fpm/Dockerfile index 94ad0813..ae2811fc 100644 --- a/25/fpm/Dockerfile +++ b/25/fpm/Dockerfile @@ -79,9 +79,9 @@ RUN set -ex; \ apt-mark auto '.*' > /dev/null; \ apt-mark manual $savedAptMark; \ ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ - | awk '/=>/ { print $3 }' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ | sort -u \ - | xargs -r dpkg-query -S \ + | xargs -r dpkg-query --search \ | cut -d: -f1 \ | sort -u \ | xargs -rt apt-mark manual; \ @@ -111,13 +111,18 @@ RUN { \ } > "${PHP_INI_DIR}/conf.d/nextcloud.ini"; \ \ mkdir /var/www/data; \ + mkdir -p /docker-entrypoint-hooks.d/pre-installation \ + /docker-entrypoint-hooks.d/post-installation \ + /docker-entrypoint-hooks.d/pre-upgrade \ + /docker-entrypoint-hooks.d/post-upgrade \ + /docker-entrypoint-hooks.d/before-starting; \ chown -R www-data:root /var/www; \ chmod -R g=u /var/www VOLUME /var/www/html -ENV NEXTCLOUD_VERSION 25.0.7 +ENV NEXTCLOUD_VERSION 25.0.10 RUN set -ex; \ fetchDeps=" \ @@ -127,8 +132,8 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends $fetchDeps; \ \ - curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-25.0.7.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-25.0.7.tar.bz2.asc"; \ + curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-25.0.10.tar.bz2"; \ + curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-25.0.10.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ diff --git a/25/fpm/entrypoint.sh b/25/fpm/entrypoint.sh index 37441fd8..4c85f6ad 100755 --- a/25/fpm/entrypoint.sh +++ b/25/fpm/entrypoint.sh @@ -19,6 +19,39 @@ run_as() { fi } +# Execute all executable files in a given directory in alphanumeric order +run_path() { + local hook_folder_path="/docker-entrypoint-hooks.d/$1" + local return_code=0 + + echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}" + + if [ -z "$(ls -A "${hook_folder_path}")" ]; then + echo "==> but the hook folder \"$(basename "${hook_folder_path}")\" is empty, so nothing to do" + return 0 + fi + + ( + for script_file_path in "${hook_folder_path}/"*.sh; do + if ! [ -x "${script_file_path}" ] && [ -f "${script_file_path}" ]; then + echo "==> The script \"${script_file_path}\" in the folder \"${hook_folder_path}\" was skipping, because it didn't have the executable flag" + continue + fi + + echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\"" + + run_as "${script_file_path}" || return_code="$?" + + if [ "${return_code}" -ne "0" ]; then + echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}" + exit 1 + fi + + echo "==> Finished the script: \"${script_file_path}\"" + done + ) +} + # usage: file_env VAR [DEFAULT] # ie: file_env 'XYZ_DB_PASSWORD' 'example' # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of @@ -124,6 +157,11 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP if version_greater "$image_version" "$installed_version"; then echo "Initializing nextcloud $image_version ..." if [ "$installed_version" != "0.0.0.0" ]; then + if [ "${image_version%%.*}" -gt "$((${installed_version%%.*} + 1))" ]; then + echo "Can't start Nextcloud because upgrading from $installed_version to $image_version is not supported." + echo "It is only possible to upgrade one major version at a time. For example, if you want to upgrade from version 14 to 16, you will have to upgrade from version 14 to 15, then from 15 to 16." + exit 1 + fi echo "Upgrading nextcloud from $installed_version ..." run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before fi @@ -182,6 +220,8 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP fi if [ "$install" = true ]; then + run_path pre-installation + echo "Starting nextcloud installation" max_retries=10 try=0 @@ -204,12 +244,16 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1)) done fi + + run_path post-installation else echo "Please run the web-based installer on first connect!" fi fi # Upgrade else + run_path pre-upgrade + run_as 'php /var/www/html/occ upgrade' run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after @@ -217,6 +261,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 rm -f /tmp/list_before /tmp/list_after + run_path post-upgrade fi echo "Initializing finished" @@ -227,6 +272,8 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP run_as 'php /var/www/html/occ maintenance:update:htaccess' fi ) 9> /var/www/html/nextcloud-init-sync.lock + + run_path before-starting fi exec "$@" diff --git a/26/apache/Dockerfile b/26/apache/Dockerfile index f68f2834..e67973a8 100644 --- a/26/apache/Dockerfile +++ b/26/apache/Dockerfile @@ -1,5 +1,5 @@ # DO NOT EDIT: created by update.sh from Dockerfile-debian.template -FROM php:8.2-apache-bullseye +FROM php:8.2-apache-bookworm # entrypoint.sh and cron.sh dependencies RUN set -ex; \ @@ -80,9 +80,9 @@ RUN set -ex; \ apt-mark auto '.*' > /dev/null; \ apt-mark manual $savedAptMark; \ ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ - | awk '/=>/ { print $3 }' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ | sort -u \ - | xargs -r dpkg-query -S \ + | xargs -r dpkg-query --search \ | cut -d: -f1 \ | sort -u \ | xargs -rt apt-mark manual; \ @@ -112,6 +112,11 @@ RUN { \ } > "${PHP_INI_DIR}/conf.d/nextcloud.ini"; \ \ mkdir /var/www/data; \ + mkdir -p /docker-entrypoint-hooks.d/pre-installation \ + /docker-entrypoint-hooks.d/post-installation \ + /docker-entrypoint-hooks.d/pre-upgrade \ + /docker-entrypoint-hooks.d/post-upgrade \ + /docker-entrypoint-hooks.d/before-starting; \ chown -R www-data:root /var/www; \ chmod -R g=u /var/www @@ -120,13 +125,13 @@ VOLUME /var/www/html RUN a2enmod headers rewrite remoteip ;\ {\ echo RemoteIPHeader X-Real-IP ;\ - echo RemoteIPTrustedProxy 10.0.0.0/8 ;\ - echo RemoteIPTrustedProxy 172.16.0.0/12 ;\ - echo RemoteIPTrustedProxy 192.168.0.0/16 ;\ + echo RemoteIPInternalProxy 10.0.0.0/8 ;\ + echo RemoteIPInternalProxy 172.16.0.0/12 ;\ + echo RemoteIPInternalProxy 192.168.0.0/16 ;\ } > /etc/apache2/conf-available/remoteip.conf;\ a2enconf remoteip -ENV NEXTCLOUD_VERSION 26.0.2 +ENV NEXTCLOUD_VERSION 26.0.5 RUN set -ex; \ fetchDeps=" \ @@ -136,8 +141,8 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends $fetchDeps; \ \ - curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-26.0.2.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-26.0.2.tar.bz2.asc"; \ + curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-26.0.5.tar.bz2"; \ + curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-26.0.5.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ diff --git a/26/apache/entrypoint.sh b/26/apache/entrypoint.sh index 37441fd8..4c85f6ad 100755 --- a/26/apache/entrypoint.sh +++ b/26/apache/entrypoint.sh @@ -19,6 +19,39 @@ run_as() { fi } +# Execute all executable files in a given directory in alphanumeric order +run_path() { + local hook_folder_path="/docker-entrypoint-hooks.d/$1" + local return_code=0 + + echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}" + + if [ -z "$(ls -A "${hook_folder_path}")" ]; then + echo "==> but the hook folder \"$(basename "${hook_folder_path}")\" is empty, so nothing to do" + return 0 + fi + + ( + for script_file_path in "${hook_folder_path}/"*.sh; do + if ! [ -x "${script_file_path}" ] && [ -f "${script_file_path}" ]; then + echo "==> The script \"${script_file_path}\" in the folder \"${hook_folder_path}\" was skipping, because it didn't have the executable flag" + continue + fi + + echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\"" + + run_as "${script_file_path}" || return_code="$?" + + if [ "${return_code}" -ne "0" ]; then + echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}" + exit 1 + fi + + echo "==> Finished the script: \"${script_file_path}\"" + done + ) +} + # usage: file_env VAR [DEFAULT] # ie: file_env 'XYZ_DB_PASSWORD' 'example' # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of @@ -124,6 +157,11 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP if version_greater "$image_version" "$installed_version"; then echo "Initializing nextcloud $image_version ..." if [ "$installed_version" != "0.0.0.0" ]; then + if [ "${image_version%%.*}" -gt "$((${installed_version%%.*} + 1))" ]; then + echo "Can't start Nextcloud because upgrading from $installed_version to $image_version is not supported." + echo "It is only possible to upgrade one major version at a time. For example, if you want to upgrade from version 14 to 16, you will have to upgrade from version 14 to 15, then from 15 to 16." + exit 1 + fi echo "Upgrading nextcloud from $installed_version ..." run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before fi @@ -182,6 +220,8 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP fi if [ "$install" = true ]; then + run_path pre-installation + echo "Starting nextcloud installation" max_retries=10 try=0 @@ -204,12 +244,16 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1)) done fi + + run_path post-installation else echo "Please run the web-based installer on first connect!" fi fi # Upgrade else + run_path pre-upgrade + run_as 'php /var/www/html/occ upgrade' run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after @@ -217,6 +261,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 rm -f /tmp/list_before /tmp/list_after + run_path post-upgrade fi echo "Initializing finished" @@ -227,6 +272,8 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP run_as 'php /var/www/html/occ maintenance:update:htaccess' fi ) 9> /var/www/html/nextcloud-init-sync.lock + + run_path before-starting fi exec "$@" diff --git a/26/fpm-alpine/Dockerfile b/26/fpm-alpine/Dockerfile index 0ea82474..c40ee908 100644 --- a/26/fpm-alpine/Dockerfile +++ b/26/fpm-alpine/Dockerfile @@ -100,13 +100,18 @@ RUN { \ } > "${PHP_INI_DIR}/conf.d/nextcloud.ini"; \ \ mkdir /var/www/data; \ + mkdir -p /docker-entrypoint-hooks.d/pre-installation \ + /docker-entrypoint-hooks.d/post-installation \ + /docker-entrypoint-hooks.d/pre-upgrade \ + /docker-entrypoint-hooks.d/post-upgrade \ + /docker-entrypoint-hooks.d/before-starting; \ chown -R www-data:root /var/www; \ chmod -R g=u /var/www VOLUME /var/www/html -ENV NEXTCLOUD_VERSION 26.0.2 +ENV NEXTCLOUD_VERSION 26.0.5 RUN set -ex; \ apk add --no-cache --virtual .fetch-deps \ @@ -114,8 +119,8 @@ RUN set -ex; \ gnupg \ ; \ \ - curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-26.0.2.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-26.0.2.tar.bz2.asc"; \ + curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-26.0.5.tar.bz2"; \ + curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-26.0.5.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ diff --git a/26/fpm-alpine/entrypoint.sh b/26/fpm-alpine/entrypoint.sh index 37441fd8..4c85f6ad 100755 --- a/26/fpm-alpine/entrypoint.sh +++ b/26/fpm-alpine/entrypoint.sh @@ -19,6 +19,39 @@ run_as() { fi } +# Execute all executable files in a given directory in alphanumeric order +run_path() { + local hook_folder_path="/docker-entrypoint-hooks.d/$1" + local return_code=0 + + echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}" + + if [ -z "$(ls -A "${hook_folder_path}")" ]; then + echo "==> but the hook folder \"$(basename "${hook_folder_path}")\" is empty, so nothing to do" + return 0 + fi + + ( + for script_file_path in "${hook_folder_path}/"*.sh; do + if ! [ -x "${script_file_path}" ] && [ -f "${script_file_path}" ]; then + echo "==> The script \"${script_file_path}\" in the folder \"${hook_folder_path}\" was skipping, because it didn't have the executable flag" + continue + fi + + echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\"" + + run_as "${script_file_path}" || return_code="$?" + + if [ "${return_code}" -ne "0" ]; then + echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}" + exit 1 + fi + + echo "==> Finished the script: \"${script_file_path}\"" + done + ) +} + # usage: file_env VAR [DEFAULT] # ie: file_env 'XYZ_DB_PASSWORD' 'example' # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of @@ -124,6 +157,11 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP if version_greater "$image_version" "$installed_version"; then echo "Initializing nextcloud $image_version ..." if [ "$installed_version" != "0.0.0.0" ]; then + if [ "${image_version%%.*}" -gt "$((${installed_version%%.*} + 1))" ]; then + echo "Can't start Nextcloud because upgrading from $installed_version to $image_version is not supported." + echo "It is only possible to upgrade one major version at a time. For example, if you want to upgrade from version 14 to 16, you will have to upgrade from version 14 to 15, then from 15 to 16." + exit 1 + fi echo "Upgrading nextcloud from $installed_version ..." run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before fi @@ -182,6 +220,8 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP fi if [ "$install" = true ]; then + run_path pre-installation + echo "Starting nextcloud installation" max_retries=10 try=0 @@ -204,12 +244,16 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1)) done fi + + run_path post-installation else echo "Please run the web-based installer on first connect!" fi fi # Upgrade else + run_path pre-upgrade + run_as 'php /var/www/html/occ upgrade' run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after @@ -217,6 +261,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 rm -f /tmp/list_before /tmp/list_after + run_path post-upgrade fi echo "Initializing finished" @@ -227,6 +272,8 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP run_as 'php /var/www/html/occ maintenance:update:htaccess' fi ) 9> /var/www/html/nextcloud-init-sync.lock + + run_path before-starting fi exec "$@" diff --git a/26/fpm/Dockerfile b/26/fpm/Dockerfile index ff51826e..21575b19 100644 --- a/26/fpm/Dockerfile +++ b/26/fpm/Dockerfile @@ -1,5 +1,5 @@ # DO NOT EDIT: created by update.sh from Dockerfile-debian.template -FROM php:8.2-fpm-bullseye +FROM php:8.2-fpm-bookworm # entrypoint.sh and cron.sh dependencies RUN set -ex; \ @@ -80,9 +80,9 @@ RUN set -ex; \ apt-mark auto '.*' > /dev/null; \ apt-mark manual $savedAptMark; \ ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ - | awk '/=>/ { print $3 }' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ | sort -u \ - | xargs -r dpkg-query -S \ + | xargs -r dpkg-query --search \ | cut -d: -f1 \ | sort -u \ | xargs -rt apt-mark manual; \ @@ -112,13 +112,18 @@ RUN { \ } > "${PHP_INI_DIR}/conf.d/nextcloud.ini"; \ \ mkdir /var/www/data; \ + mkdir -p /docker-entrypoint-hooks.d/pre-installation \ + /docker-entrypoint-hooks.d/post-installation \ + /docker-entrypoint-hooks.d/pre-upgrade \ + /docker-entrypoint-hooks.d/post-upgrade \ + /docker-entrypoint-hooks.d/before-starting; \ chown -R www-data:root /var/www; \ chmod -R g=u /var/www VOLUME /var/www/html -ENV NEXTCLOUD_VERSION 26.0.2 +ENV NEXTCLOUD_VERSION 26.0.5 RUN set -ex; \ fetchDeps=" \ @@ -128,8 +133,8 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends $fetchDeps; \ \ - curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-26.0.2.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-26.0.2.tar.bz2.asc"; \ + curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-26.0.5.tar.bz2"; \ + curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-26.0.5.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ diff --git a/26/fpm/entrypoint.sh b/26/fpm/entrypoint.sh index 37441fd8..4c85f6ad 100755 --- a/26/fpm/entrypoint.sh +++ b/26/fpm/entrypoint.sh @@ -19,6 +19,39 @@ run_as() { fi } +# Execute all executable files in a given directory in alphanumeric order +run_path() { + local hook_folder_path="/docker-entrypoint-hooks.d/$1" + local return_code=0 + + echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}" + + if [ -z "$(ls -A "${hook_folder_path}")" ]; then + echo "==> but the hook folder \"$(basename "${hook_folder_path}")\" is empty, so nothing to do" + return 0 + fi + + ( + for script_file_path in "${hook_folder_path}/"*.sh; do + if ! [ -x "${script_file_path}" ] && [ -f "${script_file_path}" ]; then + echo "==> The script \"${script_file_path}\" in the folder \"${hook_folder_path}\" was skipping, because it didn't have the executable flag" + continue + fi + + echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\"" + + run_as "${script_file_path}" || return_code="$?" + + if [ "${return_code}" -ne "0" ]; then + echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}" + exit 1 + fi + + echo "==> Finished the script: \"${script_file_path}\"" + done + ) +} + # usage: file_env VAR [DEFAULT] # ie: file_env 'XYZ_DB_PASSWORD' 'example' # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of @@ -124,6 +157,11 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP if version_greater "$image_version" "$installed_version"; then echo "Initializing nextcloud $image_version ..." if [ "$installed_version" != "0.0.0.0" ]; then + if [ "${image_version%%.*}" -gt "$((${installed_version%%.*} + 1))" ]; then + echo "Can't start Nextcloud because upgrading from $installed_version to $image_version is not supported." + echo "It is only possible to upgrade one major version at a time. For example, if you want to upgrade from version 14 to 16, you will have to upgrade from version 14 to 15, then from 15 to 16." + exit 1 + fi echo "Upgrading nextcloud from $installed_version ..." run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before fi @@ -182,6 +220,8 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP fi if [ "$install" = true ]; then + run_path pre-installation + echo "Starting nextcloud installation" max_retries=10 try=0 @@ -204,12 +244,16 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1)) done fi + + run_path post-installation else echo "Please run the web-based installer on first connect!" fi fi # Upgrade else + run_path pre-upgrade + run_as 'php /var/www/html/occ upgrade' run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after @@ -217,6 +261,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 rm -f /tmp/list_before /tmp/list_after + run_path post-upgrade fi echo "Initializing finished" @@ -227,6 +272,8 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP run_as 'php /var/www/html/occ maintenance:update:htaccess' fi ) 9> /var/www/html/nextcloud-init-sync.lock + + run_path before-starting fi exec "$@" diff --git a/27/apache/Dockerfile b/27/apache/Dockerfile new file mode 100644 index 00000000..8673e77d --- /dev/null +++ b/27/apache/Dockerfile @@ -0,0 +1,165 @@ +# DO NOT EDIT: created by update.sh from Dockerfile-debian.template +FROM php:8.2-apache-bookworm + +# entrypoint.sh and cron.sh dependencies +RUN set -ex; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + busybox-static \ + bzip2 \ + libldap-common \ + libmagickcore-6.q16-6-extra \ + rsync \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + \ + mkdir -p /var/spool/cron/crontabs; \ + echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data + +# install the PHP extensions we need +# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html +ENV PHP_MEMORY_LIMIT 512M +ENV PHP_UPLOAD_LIMIT 512M +RUN set -ex; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libcurl4-openssl-dev \ + libevent-dev \ + libfreetype6-dev \ + libgmp-dev \ + libicu-dev \ + libjpeg-dev \ + libldap2-dev \ + libmagickwand-dev \ + libmcrypt-dev \ + libmemcached-dev \ + libpng-dev \ + libpq-dev \ + libwebp-dev \ + libxml2-dev \ + libzip-dev \ + ; \ + \ + debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ + docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \ + docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \ + docker-php-ext-install -j "$(nproc)" \ + bcmath \ + exif \ + gd \ + gmp \ + intl \ + ldap \ + opcache \ + pcntl \ + pdo_mysql \ + pdo_pgsql \ + sysvsem \ + zip \ + ; \ + \ +# pecl will claim success even if one install fails, so we need to perform each install separately + pecl install APCu-5.1.22; \ + pecl install imagick-3.7.0; \ + pecl install memcached-3.2.0; \ + pecl install redis-5.3.7; \ + \ + docker-php-ext-enable \ + apcu \ + imagick \ + memcached \ + redis \ + ; \ + rm -r /tmp/pear; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + apt-mark manual $savedAptMark; \ + ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -rt apt-mark manual; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/* + +# set recommended PHP.ini settings +# see https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache +RUN { \ + echo 'opcache.enable=1'; \ + echo 'opcache.interned_strings_buffer=32'; \ + echo 'opcache.max_accelerated_files=10000'; \ + echo 'opcache.memory_consumption=128'; \ + echo 'opcache.save_comments=1'; \ + echo 'opcache.revalidate_freq=60'; \ + echo 'opcache.jit=1255'; \ + echo 'opcache.jit_buffer_size=128M'; \ + } > "${PHP_INI_DIR}/conf.d/opcache-recommended.ini"; \ + \ + echo 'apc.enable_cli=1' >> "${PHP_INI_DIR}/conf.d/docker-php-ext-apcu.ini"; \ + \ + { \ + echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \ + echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \ + echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \ + } > "${PHP_INI_DIR}/conf.d/nextcloud.ini"; \ + \ + mkdir /var/www/data; \ + mkdir -p /docker-entrypoint-hooks.d/pre-installation \ + /docker-entrypoint-hooks.d/post-installation \ + /docker-entrypoint-hooks.d/pre-upgrade \ + /docker-entrypoint-hooks.d/post-upgrade \ + /docker-entrypoint-hooks.d/before-starting; \ + chown -R www-data:root /var/www; \ + chmod -R g=u /var/www + +VOLUME /var/www/html + +RUN a2enmod headers rewrite remoteip ;\ + {\ + echo RemoteIPHeader X-Real-IP ;\ + echo RemoteIPInternalProxy 10.0.0.0/8 ;\ + echo RemoteIPInternalProxy 172.16.0.0/12 ;\ + echo RemoteIPInternalProxy 192.168.0.0/16 ;\ + } > /etc/apache2/conf-available/remoteip.conf;\ + a2enconf remoteip + +ENV NEXTCLOUD_VERSION 27.0.2 + +RUN set -ex; \ + fetchDeps=" \ + gnupg \ + dirmngr \ + "; \ + apt-get update; \ + apt-get install -y --no-install-recommends $fetchDeps; \ + \ + curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-27.0.2.tar.bz2"; \ + curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-27.0.2.tar.bz2.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ +# gpg key from https://nextcloud.com/nextcloud.asc + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ + gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ + tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ + gpgconf --kill all; \ + rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ + rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \ + mkdir -p /usr/src/nextcloud/data; \ + mkdir -p /usr/src/nextcloud/custom_apps; \ + chmod +x /usr/src/nextcloud/occ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \ + rm -rf /var/lib/apt/lists/* + +COPY *.sh upgrade.exclude / +COPY config/* /usr/src/nextcloud/config/ + +ENTRYPOINT ["/entrypoint.sh"] +CMD ["apache2-foreground"] diff --git a/27/apache/config/apache-pretty-urls.config.php b/27/apache/config/apache-pretty-urls.config.php new file mode 100644 index 00000000..72da1d8c --- /dev/null +++ b/27/apache/config/apache-pretty-urls.config.php @@ -0,0 +1,4 @@ + '/', +); diff --git a/27/apache/config/apcu.config.php b/27/apache/config/apcu.config.php new file mode 100644 index 00000000..69fed876 --- /dev/null +++ b/27/apache/config/apcu.config.php @@ -0,0 +1,4 @@ + '\OC\Memcache\APCu', +); diff --git a/27/apache/config/apps.config.php b/27/apache/config/apps.config.php new file mode 100644 index 00000000..4c37f72a --- /dev/null +++ b/27/apache/config/apps.config.php @@ -0,0 +1,15 @@ + array ( + 0 => array ( + 'path' => OC::$SERVERROOT.'/apps', + 'url' => '/apps', + 'writable' => false, + ), + 1 => array ( + 'path' => OC::$SERVERROOT.'/custom_apps', + 'url' => '/custom_apps', + 'writable' => true, + ), + ), +); diff --git a/27/apache/config/autoconfig.php b/27/apache/config/autoconfig.php new file mode 100644 index 00000000..92ad2a1c --- /dev/null +++ b/27/apache/config/autoconfig.php @@ -0,0 +1,41 @@ + '\OC\Memcache\Redis', + 'memcache.locking' => '\OC\Memcache\Redis', + 'redis' => array( + 'host' => getenv('REDIS_HOST'), + 'password' => (string) getenv('REDIS_HOST_PASSWORD'), + ), + ); + + if (getenv('REDIS_HOST_PORT') !== false) { + $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT'); + } elseif (getenv('REDIS_HOST')[0] != '/') { + $CONFIG['redis']['port'] = 6379; + } +} diff --git a/27/apache/config/reverse-proxy.config.php b/27/apache/config/reverse-proxy.config.php new file mode 100644 index 00000000..7df0415e --- /dev/null +++ b/27/apache/config/reverse-proxy.config.php @@ -0,0 +1,30 @@ + array( + 'class' => '\OC\Files\ObjectStore\S3', + 'arguments' => array( + 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), + 'region' => getenv('OBJECTSTORE_S3_REGION') ?: '', + 'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '', + 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', + 'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:", + 'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true, + 'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true, + // required for some non Amazon S3 implementations + 'use_path_style' => $use_path == true && strtolower($use_path) !== 'false', + // required for older protocol versions + 'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false' + ) + ) + ); + + if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) { + $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE'))); + } elseif (getenv('OBJECTSTORE_S3_KEY')) { + $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY'); + } else { + $CONFIG['objectstore']['arguments']['key'] = ''; + } + + if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) { + $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE'))); + } elseif (getenv('OBJECTSTORE_S3_SECRET')) { + $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET'); + } else { + $CONFIG['objectstore']['arguments']['secret'] = ''; + } +} diff --git a/27/apache/config/smtp.config.php b/27/apache/config/smtp.config.php new file mode 100644 index 00000000..5006fe47 --- /dev/null +++ b/27/apache/config/smtp.config.php @@ -0,0 +1,22 @@ + 'smtp', + 'mail_smtphost' => getenv('SMTP_HOST'), + 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), + 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', + 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))), + 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', + 'mail_smtpname' => getenv('SMTP_NAME') ?: '', + 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), + 'mail_domain' => getenv('MAIL_DOMAIN'), + ); + + if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) { + $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); + } elseif (getenv('SMTP_PASSWORD')) { + $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); + } else { + $CONFIG['mail_smtppassword'] = ''; + } +} diff --git a/27/apache/config/swift.config.php b/27/apache/config/swift.config.php new file mode 100644 index 00000000..47ada566 --- /dev/null +++ b/27/apache/config/swift.config.php @@ -0,0 +1,31 @@ + [ + 'class' => 'OC\\Files\\ObjectStore\\Swift', + 'arguments' => [ + 'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false', + 'user' => [ + 'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'), + 'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'), + 'domain' => [ + 'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default', + ], + ], + 'scope' => [ + 'project' => [ + 'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'), + 'domain' => [ + 'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default', + ], + ], + ], + 'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift', + 'region' => getenv('OBJECTSTORE_SWIFT_REGION'), + 'url' => getenv('OBJECTSTORE_SWIFT_URL'), + 'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'), + ] + ] + ); +} diff --git a/27/apache/cron.sh b/27/apache/cron.sh new file mode 100755 index 00000000..4dfa4118 --- /dev/null +++ b/27/apache/cron.sh @@ -0,0 +1,4 @@ +#!/bin/sh +set -eu + +exec busybox crond -f -l 0 -L /dev/stdout diff --git a/27/apache/entrypoint.sh b/27/apache/entrypoint.sh new file mode 100755 index 00000000..4c85f6ad --- /dev/null +++ b/27/apache/entrypoint.sh @@ -0,0 +1,279 @@ +#!/bin/sh +set -eu + +# version_greater A B returns whether A > B +version_greater() { + [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ] +} + +# return true if specified directory is empty +directory_empty() { + [ -z "$(ls -A "$1/")" ] +} + +run_as() { + if [ "$(id -u)" = 0 ]; then + su -p "$user" -s /bin/sh -c "$1" + else + sh -c "$1" + fi +} + +# Execute all executable files in a given directory in alphanumeric order +run_path() { + local hook_folder_path="/docker-entrypoint-hooks.d/$1" + local return_code=0 + + echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}" + + if [ -z "$(ls -A "${hook_folder_path}")" ]; then + echo "==> but the hook folder \"$(basename "${hook_folder_path}")\" is empty, so nothing to do" + return 0 + fi + + ( + for script_file_path in "${hook_folder_path}/"*.sh; do + if ! [ -x "${script_file_path}" ] && [ -f "${script_file_path}" ]; then + echo "==> The script \"${script_file_path}\" in the folder \"${hook_folder_path}\" was skipping, because it didn't have the executable flag" + continue + fi + + echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\"" + + run_as "${script_file_path}" || return_code="$?" + + if [ "${return_code}" -ne "0" ]; then + echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}" + exit 1 + fi + + echo "==> Finished the script: \"${script_file_path}\"" + done + ) +} + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") + local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") + if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + if [ -n "${varValue}" ]; then + export "$var"="${varValue}" + elif [ -n "${fileVarValue}" ]; then + export "$var"="$(cat "${fileVarValue}")" + elif [ -n "${def}" ]; then + export "$var"="$def" + fi + unset "$fileVar" +} + +if expr "$1" : "apache" 1>/dev/null; then + if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then + a2disconf remoteip + fi +fi + +if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then + uid="$(id -u)" + gid="$(id -g)" + if [ "$uid" = '0' ]; then + case "$1" in + apache2*) + user="${APACHE_RUN_USER:-www-data}" + group="${APACHE_RUN_GROUP:-www-data}" + + # strip off any '#' symbol ('#1000' is valid syntax for Apache) + user="${user#'#'}" + group="${group#'#'}" + ;; + *) # php-fpm + user='www-data' + group='www-data' + ;; + esac + else + user="$uid" + group="$gid" + fi + + if [ -n "${REDIS_HOST+x}" ]; then + + echo "Configuring Redis as session handler" + { + file_env REDIS_HOST_PASSWORD + echo 'session.save_handler = redis' + # check if redis host is an unix socket path + if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then + if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then + echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\"" + else + echo "session.save_path = \"unix://${REDIS_HOST}\"" + fi + # check if redis password has been set + elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then + echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" + else + echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" + fi + echo "redis.session.locking_enabled = 1" + echo "redis.session.lock_retries = -1" + # redis.session.lock_wait_time is specified in microseconds. + # Wait 10ms before retrying the lock rather than the default 2ms. + echo "redis.session.lock_wait_time = 10000" + } > /usr/local/etc/php/conf.d/redis-session.ini + fi + + # If another process is syncing the html folder, wait for + # it to be done, then escape initalization. + ( + if ! flock -n 9; then + # If we couldn't get it immediately, show a message, then wait for real + echo "Another process is initializing Nextcloud. Waiting..." + flock 9 + fi + + installed_version="0.0.0.0" + if [ -f /var/www/html/version.php ]; then + # shellcheck disable=SC2016 + installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" + fi + # shellcheck disable=SC2016 + image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')" + + if version_greater "$installed_version" "$image_version"; then + echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?" + exit 1 + fi + + if version_greater "$image_version" "$installed_version"; then + echo "Initializing nextcloud $image_version ..." + if [ "$installed_version" != "0.0.0.0" ]; then + if [ "${image_version%%.*}" -gt "$((${installed_version%%.*} + 1))" ]; then + echo "Can't start Nextcloud because upgrading from $installed_version to $image_version is not supported." + echo "It is only possible to upgrade one major version at a time. For example, if you want to upgrade from version 14 to 16, you will have to upgrade from version 14 to 15, then from 15 to 16." + exit 1 + fi + echo "Upgrading nextcloud from $installed_version ..." + run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before + fi + if [ "$(id -u)" = 0 ]; then + rsync_options="-rlDog --chown $user:$group" + else + rsync_options="-rlD" + fi + + rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ + for dir in config data custom_apps themes; do + if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then + rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/ + fi + done + rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/ + + # Install + if [ "$installed_version" = "0.0.0.0" ]; then + echo "New nextcloud instance" + + file_env NEXTCLOUD_ADMIN_PASSWORD + file_env NEXTCLOUD_ADMIN_USER + + if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then + # shellcheck disable=SC2016 + install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' + if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then + # shellcheck disable=SC2016 + install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' + fi + + file_env MYSQL_DATABASE + file_env MYSQL_PASSWORD + file_env MYSQL_USER + file_env POSTGRES_DB + file_env POSTGRES_PASSWORD + file_env POSTGRES_USER + + install=false + if [ -n "${SQLITE_DATABASE+x}" ]; then + echo "Installing with SQLite database" + # shellcheck disable=SC2016 + install_options=$install_options' --database-name "$SQLITE_DATABASE"' + install=true + elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then + echo "Installing with MySQL database" + # shellcheck disable=SC2016 + install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"' + install=true + elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then + echo "Installing with PostgreSQL database" + # shellcheck disable=SC2016 + install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"' + install=true + fi + + if [ "$install" = true ]; then + run_path pre-installation + + echo "Starting nextcloud installation" + max_retries=10 + try=0 + until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] + do + echo "Retrying install..." + try=$((try+1)) + sleep 10s + done + if [ "$try" -gt "$max_retries" ]; then + echo "Installing of nextcloud failed!" + exit 1 + fi + if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then + echo "Setting trusted domains…" + NC_TRUSTED_DOMAIN_IDX=1 + for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do + DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') + run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" + NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1)) + done + fi + + run_path post-installation + else + echo "Please run the web-based installer on first connect!" + fi + fi + # Upgrade + else + run_path pre-upgrade + + run_as 'php /var/www/html/occ upgrade' + + run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after + echo "The following apps have been disabled:" + diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 + rm -f /tmp/list_before /tmp/list_after + + run_path post-upgrade + fi + + echo "Initializing finished" + fi + + # Update htaccess after init if requested + if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then + run_as 'php /var/www/html/occ maintenance:update:htaccess' + fi + ) 9> /var/www/html/nextcloud-init-sync.lock + + run_path before-starting +fi + +exec "$@" diff --git a/27/apache/upgrade.exclude b/27/apache/upgrade.exclude new file mode 100644 index 00000000..31ce39a8 --- /dev/null +++ b/27/apache/upgrade.exclude @@ -0,0 +1,6 @@ +/config/ +/data/ +/custom_apps/ +/themes/ +/version.php +/nextcloud-init-sync.lock diff --git a/27/fpm-alpine/Dockerfile b/27/fpm-alpine/Dockerfile new file mode 100644 index 00000000..80eb5606 --- /dev/null +++ b/27/fpm-alpine/Dockerfile @@ -0,0 +1,141 @@ +# DO NOT EDIT: created by update.sh from Dockerfile-alpine.template +FROM php:8.2-fpm-alpine3.18 + +# entrypoint.sh and cron.sh dependencies +RUN set -ex; \ + \ + apk add --no-cache \ + imagemagick \ + rsync \ + ; \ + \ + rm /var/spool/cron/crontabs/root; \ + echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data + +# install the PHP extensions we need +# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html +RUN set -ex; \ + \ + apk add --no-cache --virtual .build-deps \ + $PHPIZE_DEPS \ + autoconf \ + freetype-dev \ + gmp-dev \ + icu-dev \ + imagemagick-dev \ + libevent-dev \ + libjpeg-turbo-dev \ + libmcrypt-dev \ + libmemcached-dev \ + libpng-dev \ + libwebp-dev \ + libxml2-dev \ + libzip-dev \ + openldap-dev \ + pcre-dev \ + postgresql-dev \ + ; \ + \ + docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \ + docker-php-ext-configure ldap; \ + docker-php-ext-install -j "$(nproc)" \ + bcmath \ + exif \ + gd \ + gmp \ + intl \ + ldap \ + opcache \ + pcntl \ + pdo_mysql \ + pdo_pgsql \ + sysvsem \ + zip \ + ; \ + \ +# pecl will claim success even if one install fails, so we need to perform each install separately + pecl install APCu-5.1.22; \ + pecl install imagick-3.7.0; \ + pecl install memcached-3.2.0; \ + pecl install redis-5.3.7; \ + \ + docker-php-ext-enable \ + apcu \ + imagick \ + memcached \ + redis \ + ; \ + rm -r /tmp/pear; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + )"; \ + apk add --no-network --virtual .nextcloud-phpext-rundeps $runDeps; \ + apk del --no-network .build-deps + +# set recommended PHP.ini settings +# see https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache +ENV PHP_MEMORY_LIMIT 512M +ENV PHP_UPLOAD_LIMIT 512M +RUN { \ + echo 'opcache.enable=1'; \ + echo 'opcache.interned_strings_buffer=32'; \ + echo 'opcache.max_accelerated_files=10000'; \ + echo 'opcache.memory_consumption=128'; \ + echo 'opcache.save_comments=1'; \ + echo 'opcache.revalidate_freq=60'; \ + echo 'opcache.jit=1255'; \ + echo 'opcache.jit_buffer_size=128M'; \ + } > "${PHP_INI_DIR}/conf.d/opcache-recommended.ini"; \ + \ + echo 'apc.enable_cli=1' >> "${PHP_INI_DIR}/conf.d/docker-php-ext-apcu.ini"; \ + \ + { \ + echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \ + echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \ + echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \ + } > "${PHP_INI_DIR}/conf.d/nextcloud.ini"; \ + \ + mkdir /var/www/data; \ + mkdir -p /docker-entrypoint-hooks.d/pre-installation \ + /docker-entrypoint-hooks.d/post-installation \ + /docker-entrypoint-hooks.d/pre-upgrade \ + /docker-entrypoint-hooks.d/post-upgrade \ + /docker-entrypoint-hooks.d/before-starting; \ + chown -R www-data:root /var/www; \ + chmod -R g=u /var/www + +VOLUME /var/www/html + + +ENV NEXTCLOUD_VERSION 27.0.2 + +RUN set -ex; \ + apk add --no-cache --virtual .fetch-deps \ + bzip2 \ + gnupg \ + ; \ + \ + curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-27.0.2.tar.bz2"; \ + curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-27.0.2.tar.bz2.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ +# gpg key from https://nextcloud.com/nextcloud.asc + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ + gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ + tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ + gpgconf --kill all; \ + rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ + rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \ + mkdir -p /usr/src/nextcloud/data; \ + mkdir -p /usr/src/nextcloud/custom_apps; \ + chmod +x /usr/src/nextcloud/occ; \ + apk del --no-network .fetch-deps + +COPY *.sh upgrade.exclude / +COPY config/* /usr/src/nextcloud/config/ + +ENTRYPOINT ["/entrypoint.sh"] +CMD ["php-fpm"] diff --git a/27/fpm-alpine/config/apcu.config.php b/27/fpm-alpine/config/apcu.config.php new file mode 100644 index 00000000..69fed876 --- /dev/null +++ b/27/fpm-alpine/config/apcu.config.php @@ -0,0 +1,4 @@ + '\OC\Memcache\APCu', +); diff --git a/27/fpm-alpine/config/apps.config.php b/27/fpm-alpine/config/apps.config.php new file mode 100644 index 00000000..4c37f72a --- /dev/null +++ b/27/fpm-alpine/config/apps.config.php @@ -0,0 +1,15 @@ + array ( + 0 => array ( + 'path' => OC::$SERVERROOT.'/apps', + 'url' => '/apps', + 'writable' => false, + ), + 1 => array ( + 'path' => OC::$SERVERROOT.'/custom_apps', + 'url' => '/custom_apps', + 'writable' => true, + ), + ), +); diff --git a/27/fpm-alpine/config/autoconfig.php b/27/fpm-alpine/config/autoconfig.php new file mode 100644 index 00000000..92ad2a1c --- /dev/null +++ b/27/fpm-alpine/config/autoconfig.php @@ -0,0 +1,41 @@ + '\OC\Memcache\Redis', + 'memcache.locking' => '\OC\Memcache\Redis', + 'redis' => array( + 'host' => getenv('REDIS_HOST'), + 'password' => (string) getenv('REDIS_HOST_PASSWORD'), + ), + ); + + if (getenv('REDIS_HOST_PORT') !== false) { + $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT'); + } elseif (getenv('REDIS_HOST')[0] != '/') { + $CONFIG['redis']['port'] = 6379; + } +} diff --git a/27/fpm-alpine/config/reverse-proxy.config.php b/27/fpm-alpine/config/reverse-proxy.config.php new file mode 100644 index 00000000..7df0415e --- /dev/null +++ b/27/fpm-alpine/config/reverse-proxy.config.php @@ -0,0 +1,30 @@ + array( + 'class' => '\OC\Files\ObjectStore\S3', + 'arguments' => array( + 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), + 'region' => getenv('OBJECTSTORE_S3_REGION') ?: '', + 'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '', + 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', + 'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:", + 'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true, + 'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true, + // required for some non Amazon S3 implementations + 'use_path_style' => $use_path == true && strtolower($use_path) !== 'false', + // required for older protocol versions + 'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false' + ) + ) + ); + + if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) { + $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE'))); + } elseif (getenv('OBJECTSTORE_S3_KEY')) { + $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY'); + } else { + $CONFIG['objectstore']['arguments']['key'] = ''; + } + + if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) { + $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE'))); + } elseif (getenv('OBJECTSTORE_S3_SECRET')) { + $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET'); + } else { + $CONFIG['objectstore']['arguments']['secret'] = ''; + } +} diff --git a/27/fpm-alpine/config/smtp.config.php b/27/fpm-alpine/config/smtp.config.php new file mode 100644 index 00000000..5006fe47 --- /dev/null +++ b/27/fpm-alpine/config/smtp.config.php @@ -0,0 +1,22 @@ + 'smtp', + 'mail_smtphost' => getenv('SMTP_HOST'), + 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), + 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', + 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))), + 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', + 'mail_smtpname' => getenv('SMTP_NAME') ?: '', + 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), + 'mail_domain' => getenv('MAIL_DOMAIN'), + ); + + if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) { + $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); + } elseif (getenv('SMTP_PASSWORD')) { + $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); + } else { + $CONFIG['mail_smtppassword'] = ''; + } +} diff --git a/27/fpm-alpine/config/swift.config.php b/27/fpm-alpine/config/swift.config.php new file mode 100644 index 00000000..47ada566 --- /dev/null +++ b/27/fpm-alpine/config/swift.config.php @@ -0,0 +1,31 @@ + [ + 'class' => 'OC\\Files\\ObjectStore\\Swift', + 'arguments' => [ + 'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false', + 'user' => [ + 'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'), + 'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'), + 'domain' => [ + 'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default', + ], + ], + 'scope' => [ + 'project' => [ + 'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'), + 'domain' => [ + 'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default', + ], + ], + ], + 'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift', + 'region' => getenv('OBJECTSTORE_SWIFT_REGION'), + 'url' => getenv('OBJECTSTORE_SWIFT_URL'), + 'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'), + ] + ] + ); +} diff --git a/27/fpm-alpine/cron.sh b/27/fpm-alpine/cron.sh new file mode 100755 index 00000000..4dfa4118 --- /dev/null +++ b/27/fpm-alpine/cron.sh @@ -0,0 +1,4 @@ +#!/bin/sh +set -eu + +exec busybox crond -f -l 0 -L /dev/stdout diff --git a/27/fpm-alpine/entrypoint.sh b/27/fpm-alpine/entrypoint.sh new file mode 100755 index 00000000..4c85f6ad --- /dev/null +++ b/27/fpm-alpine/entrypoint.sh @@ -0,0 +1,279 @@ +#!/bin/sh +set -eu + +# version_greater A B returns whether A > B +version_greater() { + [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ] +} + +# return true if specified directory is empty +directory_empty() { + [ -z "$(ls -A "$1/")" ] +} + +run_as() { + if [ "$(id -u)" = 0 ]; then + su -p "$user" -s /bin/sh -c "$1" + else + sh -c "$1" + fi +} + +# Execute all executable files in a given directory in alphanumeric order +run_path() { + local hook_folder_path="/docker-entrypoint-hooks.d/$1" + local return_code=0 + + echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}" + + if [ -z "$(ls -A "${hook_folder_path}")" ]; then + echo "==> but the hook folder \"$(basename "${hook_folder_path}")\" is empty, so nothing to do" + return 0 + fi + + ( + for script_file_path in "${hook_folder_path}/"*.sh; do + if ! [ -x "${script_file_path}" ] && [ -f "${script_file_path}" ]; then + echo "==> The script \"${script_file_path}\" in the folder \"${hook_folder_path}\" was skipping, because it didn't have the executable flag" + continue + fi + + echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\"" + + run_as "${script_file_path}" || return_code="$?" + + if [ "${return_code}" -ne "0" ]; then + echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}" + exit 1 + fi + + echo "==> Finished the script: \"${script_file_path}\"" + done + ) +} + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") + local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") + if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + if [ -n "${varValue}" ]; then + export "$var"="${varValue}" + elif [ -n "${fileVarValue}" ]; then + export "$var"="$(cat "${fileVarValue}")" + elif [ -n "${def}" ]; then + export "$var"="$def" + fi + unset "$fileVar" +} + +if expr "$1" : "apache" 1>/dev/null; then + if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then + a2disconf remoteip + fi +fi + +if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then + uid="$(id -u)" + gid="$(id -g)" + if [ "$uid" = '0' ]; then + case "$1" in + apache2*) + user="${APACHE_RUN_USER:-www-data}" + group="${APACHE_RUN_GROUP:-www-data}" + + # strip off any '#' symbol ('#1000' is valid syntax for Apache) + user="${user#'#'}" + group="${group#'#'}" + ;; + *) # php-fpm + user='www-data' + group='www-data' + ;; + esac + else + user="$uid" + group="$gid" + fi + + if [ -n "${REDIS_HOST+x}" ]; then + + echo "Configuring Redis as session handler" + { + file_env REDIS_HOST_PASSWORD + echo 'session.save_handler = redis' + # check if redis host is an unix socket path + if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then + if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then + echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\"" + else + echo "session.save_path = \"unix://${REDIS_HOST}\"" + fi + # check if redis password has been set + elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then + echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" + else + echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" + fi + echo "redis.session.locking_enabled = 1" + echo "redis.session.lock_retries = -1" + # redis.session.lock_wait_time is specified in microseconds. + # Wait 10ms before retrying the lock rather than the default 2ms. + echo "redis.session.lock_wait_time = 10000" + } > /usr/local/etc/php/conf.d/redis-session.ini + fi + + # If another process is syncing the html folder, wait for + # it to be done, then escape initalization. + ( + if ! flock -n 9; then + # If we couldn't get it immediately, show a message, then wait for real + echo "Another process is initializing Nextcloud. Waiting..." + flock 9 + fi + + installed_version="0.0.0.0" + if [ -f /var/www/html/version.php ]; then + # shellcheck disable=SC2016 + installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" + fi + # shellcheck disable=SC2016 + image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')" + + if version_greater "$installed_version" "$image_version"; then + echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?" + exit 1 + fi + + if version_greater "$image_version" "$installed_version"; then + echo "Initializing nextcloud $image_version ..." + if [ "$installed_version" != "0.0.0.0" ]; then + if [ "${image_version%%.*}" -gt "$((${installed_version%%.*} + 1))" ]; then + echo "Can't start Nextcloud because upgrading from $installed_version to $image_version is not supported." + echo "It is only possible to upgrade one major version at a time. For example, if you want to upgrade from version 14 to 16, you will have to upgrade from version 14 to 15, then from 15 to 16." + exit 1 + fi + echo "Upgrading nextcloud from $installed_version ..." + run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before + fi + if [ "$(id -u)" = 0 ]; then + rsync_options="-rlDog --chown $user:$group" + else + rsync_options="-rlD" + fi + + rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ + for dir in config data custom_apps themes; do + if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then + rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/ + fi + done + rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/ + + # Install + if [ "$installed_version" = "0.0.0.0" ]; then + echo "New nextcloud instance" + + file_env NEXTCLOUD_ADMIN_PASSWORD + file_env NEXTCLOUD_ADMIN_USER + + if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then + # shellcheck disable=SC2016 + install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' + if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then + # shellcheck disable=SC2016 + install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' + fi + + file_env MYSQL_DATABASE + file_env MYSQL_PASSWORD + file_env MYSQL_USER + file_env POSTGRES_DB + file_env POSTGRES_PASSWORD + file_env POSTGRES_USER + + install=false + if [ -n "${SQLITE_DATABASE+x}" ]; then + echo "Installing with SQLite database" + # shellcheck disable=SC2016 + install_options=$install_options' --database-name "$SQLITE_DATABASE"' + install=true + elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then + echo "Installing with MySQL database" + # shellcheck disable=SC2016 + install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"' + install=true + elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then + echo "Installing with PostgreSQL database" + # shellcheck disable=SC2016 + install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"' + install=true + fi + + if [ "$install" = true ]; then + run_path pre-installation + + echo "Starting nextcloud installation" + max_retries=10 + try=0 + until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] + do + echo "Retrying install..." + try=$((try+1)) + sleep 10s + done + if [ "$try" -gt "$max_retries" ]; then + echo "Installing of nextcloud failed!" + exit 1 + fi + if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then + echo "Setting trusted domains…" + NC_TRUSTED_DOMAIN_IDX=1 + for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do + DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') + run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" + NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1)) + done + fi + + run_path post-installation + else + echo "Please run the web-based installer on first connect!" + fi + fi + # Upgrade + else + run_path pre-upgrade + + run_as 'php /var/www/html/occ upgrade' + + run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after + echo "The following apps have been disabled:" + diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 + rm -f /tmp/list_before /tmp/list_after + + run_path post-upgrade + fi + + echo "Initializing finished" + fi + + # Update htaccess after init if requested + if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then + run_as 'php /var/www/html/occ maintenance:update:htaccess' + fi + ) 9> /var/www/html/nextcloud-init-sync.lock + + run_path before-starting +fi + +exec "$@" diff --git a/27/fpm-alpine/upgrade.exclude b/27/fpm-alpine/upgrade.exclude new file mode 100644 index 00000000..31ce39a8 --- /dev/null +++ b/27/fpm-alpine/upgrade.exclude @@ -0,0 +1,6 @@ +/config/ +/data/ +/custom_apps/ +/themes/ +/version.php +/nextcloud-init-sync.lock diff --git a/27/fpm/Dockerfile b/27/fpm/Dockerfile new file mode 100644 index 00000000..885fb602 --- /dev/null +++ b/27/fpm/Dockerfile @@ -0,0 +1,157 @@ +# DO NOT EDIT: created by update.sh from Dockerfile-debian.template +FROM php:8.2-fpm-bookworm + +# entrypoint.sh and cron.sh dependencies +RUN set -ex; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + busybox-static \ + bzip2 \ + libldap-common \ + libmagickcore-6.q16-6-extra \ + rsync \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + \ + mkdir -p /var/spool/cron/crontabs; \ + echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data + +# install the PHP extensions we need +# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html +ENV PHP_MEMORY_LIMIT 512M +ENV PHP_UPLOAD_LIMIT 512M +RUN set -ex; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libcurl4-openssl-dev \ + libevent-dev \ + libfreetype6-dev \ + libgmp-dev \ + libicu-dev \ + libjpeg-dev \ + libldap2-dev \ + libmagickwand-dev \ + libmcrypt-dev \ + libmemcached-dev \ + libpng-dev \ + libpq-dev \ + libwebp-dev \ + libxml2-dev \ + libzip-dev \ + ; \ + \ + debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ + docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \ + docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \ + docker-php-ext-install -j "$(nproc)" \ + bcmath \ + exif \ + gd \ + gmp \ + intl \ + ldap \ + opcache \ + pcntl \ + pdo_mysql \ + pdo_pgsql \ + sysvsem \ + zip \ + ; \ + \ +# pecl will claim success even if one install fails, so we need to perform each install separately + pecl install APCu-5.1.22; \ + pecl install imagick-3.7.0; \ + pecl install memcached-3.2.0; \ + pecl install redis-5.3.7; \ + \ + docker-php-ext-enable \ + apcu \ + imagick \ + memcached \ + redis \ + ; \ + rm -r /tmp/pear; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + apt-mark manual $savedAptMark; \ + ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -rt apt-mark manual; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/* + +# set recommended PHP.ini settings +# see https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache +RUN { \ + echo 'opcache.enable=1'; \ + echo 'opcache.interned_strings_buffer=32'; \ + echo 'opcache.max_accelerated_files=10000'; \ + echo 'opcache.memory_consumption=128'; \ + echo 'opcache.save_comments=1'; \ + echo 'opcache.revalidate_freq=60'; \ + echo 'opcache.jit=1255'; \ + echo 'opcache.jit_buffer_size=128M'; \ + } > "${PHP_INI_DIR}/conf.d/opcache-recommended.ini"; \ + \ + echo 'apc.enable_cli=1' >> "${PHP_INI_DIR}/conf.d/docker-php-ext-apcu.ini"; \ + \ + { \ + echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \ + echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \ + echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \ + } > "${PHP_INI_DIR}/conf.d/nextcloud.ini"; \ + \ + mkdir /var/www/data; \ + mkdir -p /docker-entrypoint-hooks.d/pre-installation \ + /docker-entrypoint-hooks.d/post-installation \ + /docker-entrypoint-hooks.d/pre-upgrade \ + /docker-entrypoint-hooks.d/post-upgrade \ + /docker-entrypoint-hooks.d/before-starting; \ + chown -R www-data:root /var/www; \ + chmod -R g=u /var/www + +VOLUME /var/www/html + + +ENV NEXTCLOUD_VERSION 27.0.2 + +RUN set -ex; \ + fetchDeps=" \ + gnupg \ + dirmngr \ + "; \ + apt-get update; \ + apt-get install -y --no-install-recommends $fetchDeps; \ + \ + curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-27.0.2.tar.bz2"; \ + curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-27.0.2.tar.bz2.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ +# gpg key from https://nextcloud.com/nextcloud.asc + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ + gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ + tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ + gpgconf --kill all; \ + rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ + rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \ + mkdir -p /usr/src/nextcloud/data; \ + mkdir -p /usr/src/nextcloud/custom_apps; \ + chmod +x /usr/src/nextcloud/occ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \ + rm -rf /var/lib/apt/lists/* + +COPY *.sh upgrade.exclude / +COPY config/* /usr/src/nextcloud/config/ + +ENTRYPOINT ["/entrypoint.sh"] +CMD ["php-fpm"] diff --git a/27/fpm/config/apcu.config.php b/27/fpm/config/apcu.config.php new file mode 100644 index 00000000..69fed876 --- /dev/null +++ b/27/fpm/config/apcu.config.php @@ -0,0 +1,4 @@ + '\OC\Memcache\APCu', +); diff --git a/27/fpm/config/apps.config.php b/27/fpm/config/apps.config.php new file mode 100644 index 00000000..4c37f72a --- /dev/null +++ b/27/fpm/config/apps.config.php @@ -0,0 +1,15 @@ + array ( + 0 => array ( + 'path' => OC::$SERVERROOT.'/apps', + 'url' => '/apps', + 'writable' => false, + ), + 1 => array ( + 'path' => OC::$SERVERROOT.'/custom_apps', + 'url' => '/custom_apps', + 'writable' => true, + ), + ), +); diff --git a/27/fpm/config/autoconfig.php b/27/fpm/config/autoconfig.php new file mode 100644 index 00000000..92ad2a1c --- /dev/null +++ b/27/fpm/config/autoconfig.php @@ -0,0 +1,41 @@ + '\OC\Memcache\Redis', + 'memcache.locking' => '\OC\Memcache\Redis', + 'redis' => array( + 'host' => getenv('REDIS_HOST'), + 'password' => (string) getenv('REDIS_HOST_PASSWORD'), + ), + ); + + if (getenv('REDIS_HOST_PORT') !== false) { + $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT'); + } elseif (getenv('REDIS_HOST')[0] != '/') { + $CONFIG['redis']['port'] = 6379; + } +} diff --git a/27/fpm/config/reverse-proxy.config.php b/27/fpm/config/reverse-proxy.config.php new file mode 100644 index 00000000..7df0415e --- /dev/null +++ b/27/fpm/config/reverse-proxy.config.php @@ -0,0 +1,30 @@ + array( + 'class' => '\OC\Files\ObjectStore\S3', + 'arguments' => array( + 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), + 'region' => getenv('OBJECTSTORE_S3_REGION') ?: '', + 'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '', + 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', + 'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:", + 'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true, + 'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true, + // required for some non Amazon S3 implementations + 'use_path_style' => $use_path == true && strtolower($use_path) !== 'false', + // required for older protocol versions + 'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false' + ) + ) + ); + + if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) { + $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE'))); + } elseif (getenv('OBJECTSTORE_S3_KEY')) { + $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY'); + } else { + $CONFIG['objectstore']['arguments']['key'] = ''; + } + + if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) { + $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE'))); + } elseif (getenv('OBJECTSTORE_S3_SECRET')) { + $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET'); + } else { + $CONFIG['objectstore']['arguments']['secret'] = ''; + } +} diff --git a/27/fpm/config/smtp.config.php b/27/fpm/config/smtp.config.php new file mode 100644 index 00000000..5006fe47 --- /dev/null +++ b/27/fpm/config/smtp.config.php @@ -0,0 +1,22 @@ + 'smtp', + 'mail_smtphost' => getenv('SMTP_HOST'), + 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), + 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', + 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))), + 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', + 'mail_smtpname' => getenv('SMTP_NAME') ?: '', + 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), + 'mail_domain' => getenv('MAIL_DOMAIN'), + ); + + if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) { + $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); + } elseif (getenv('SMTP_PASSWORD')) { + $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); + } else { + $CONFIG['mail_smtppassword'] = ''; + } +} diff --git a/27/fpm/config/swift.config.php b/27/fpm/config/swift.config.php new file mode 100644 index 00000000..47ada566 --- /dev/null +++ b/27/fpm/config/swift.config.php @@ -0,0 +1,31 @@ + [ + 'class' => 'OC\\Files\\ObjectStore\\Swift', + 'arguments' => [ + 'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false', + 'user' => [ + 'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'), + 'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'), + 'domain' => [ + 'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default', + ], + ], + 'scope' => [ + 'project' => [ + 'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'), + 'domain' => [ + 'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default', + ], + ], + ], + 'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift', + 'region' => getenv('OBJECTSTORE_SWIFT_REGION'), + 'url' => getenv('OBJECTSTORE_SWIFT_URL'), + 'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'), + ] + ] + ); +} diff --git a/27/fpm/cron.sh b/27/fpm/cron.sh new file mode 100755 index 00000000..4dfa4118 --- /dev/null +++ b/27/fpm/cron.sh @@ -0,0 +1,4 @@ +#!/bin/sh +set -eu + +exec busybox crond -f -l 0 -L /dev/stdout diff --git a/27/fpm/entrypoint.sh b/27/fpm/entrypoint.sh new file mode 100755 index 00000000..4c85f6ad --- /dev/null +++ b/27/fpm/entrypoint.sh @@ -0,0 +1,279 @@ +#!/bin/sh +set -eu + +# version_greater A B returns whether A > B +version_greater() { + [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ] +} + +# return true if specified directory is empty +directory_empty() { + [ -z "$(ls -A "$1/")" ] +} + +run_as() { + if [ "$(id -u)" = 0 ]; then + su -p "$user" -s /bin/sh -c "$1" + else + sh -c "$1" + fi +} + +# Execute all executable files in a given directory in alphanumeric order +run_path() { + local hook_folder_path="/docker-entrypoint-hooks.d/$1" + local return_code=0 + + echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}" + + if [ -z "$(ls -A "${hook_folder_path}")" ]; then + echo "==> but the hook folder \"$(basename "${hook_folder_path}")\" is empty, so nothing to do" + return 0 + fi + + ( + for script_file_path in "${hook_folder_path}/"*.sh; do + if ! [ -x "${script_file_path}" ] && [ -f "${script_file_path}" ]; then + echo "==> The script \"${script_file_path}\" in the folder \"${hook_folder_path}\" was skipping, because it didn't have the executable flag" + continue + fi + + echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\"" + + run_as "${script_file_path}" || return_code="$?" + + if [ "${return_code}" -ne "0" ]; then + echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}" + exit 1 + fi + + echo "==> Finished the script: \"${script_file_path}\"" + done + ) +} + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") + local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") + if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + if [ -n "${varValue}" ]; then + export "$var"="${varValue}" + elif [ -n "${fileVarValue}" ]; then + export "$var"="$(cat "${fileVarValue}")" + elif [ -n "${def}" ]; then + export "$var"="$def" + fi + unset "$fileVar" +} + +if expr "$1" : "apache" 1>/dev/null; then + if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then + a2disconf remoteip + fi +fi + +if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then + uid="$(id -u)" + gid="$(id -g)" + if [ "$uid" = '0' ]; then + case "$1" in + apache2*) + user="${APACHE_RUN_USER:-www-data}" + group="${APACHE_RUN_GROUP:-www-data}" + + # strip off any '#' symbol ('#1000' is valid syntax for Apache) + user="${user#'#'}" + group="${group#'#'}" + ;; + *) # php-fpm + user='www-data' + group='www-data' + ;; + esac + else + user="$uid" + group="$gid" + fi + + if [ -n "${REDIS_HOST+x}" ]; then + + echo "Configuring Redis as session handler" + { + file_env REDIS_HOST_PASSWORD + echo 'session.save_handler = redis' + # check if redis host is an unix socket path + if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then + if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then + echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\"" + else + echo "session.save_path = \"unix://${REDIS_HOST}\"" + fi + # check if redis password has been set + elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then + echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" + else + echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" + fi + echo "redis.session.locking_enabled = 1" + echo "redis.session.lock_retries = -1" + # redis.session.lock_wait_time is specified in microseconds. + # Wait 10ms before retrying the lock rather than the default 2ms. + echo "redis.session.lock_wait_time = 10000" + } > /usr/local/etc/php/conf.d/redis-session.ini + fi + + # If another process is syncing the html folder, wait for + # it to be done, then escape initalization. + ( + if ! flock -n 9; then + # If we couldn't get it immediately, show a message, then wait for real + echo "Another process is initializing Nextcloud. Waiting..." + flock 9 + fi + + installed_version="0.0.0.0" + if [ -f /var/www/html/version.php ]; then + # shellcheck disable=SC2016 + installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" + fi + # shellcheck disable=SC2016 + image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')" + + if version_greater "$installed_version" "$image_version"; then + echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?" + exit 1 + fi + + if version_greater "$image_version" "$installed_version"; then + echo "Initializing nextcloud $image_version ..." + if [ "$installed_version" != "0.0.0.0" ]; then + if [ "${image_version%%.*}" -gt "$((${installed_version%%.*} + 1))" ]; then + echo "Can't start Nextcloud because upgrading from $installed_version to $image_version is not supported." + echo "It is only possible to upgrade one major version at a time. For example, if you want to upgrade from version 14 to 16, you will have to upgrade from version 14 to 15, then from 15 to 16." + exit 1 + fi + echo "Upgrading nextcloud from $installed_version ..." + run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before + fi + if [ "$(id -u)" = 0 ]; then + rsync_options="-rlDog --chown $user:$group" + else + rsync_options="-rlD" + fi + + rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ + for dir in config data custom_apps themes; do + if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then + rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/ + fi + done + rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/ + + # Install + if [ "$installed_version" = "0.0.0.0" ]; then + echo "New nextcloud instance" + + file_env NEXTCLOUD_ADMIN_PASSWORD + file_env NEXTCLOUD_ADMIN_USER + + if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then + # shellcheck disable=SC2016 + install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' + if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then + # shellcheck disable=SC2016 + install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' + fi + + file_env MYSQL_DATABASE + file_env MYSQL_PASSWORD + file_env MYSQL_USER + file_env POSTGRES_DB + file_env POSTGRES_PASSWORD + file_env POSTGRES_USER + + install=false + if [ -n "${SQLITE_DATABASE+x}" ]; then + echo "Installing with SQLite database" + # shellcheck disable=SC2016 + install_options=$install_options' --database-name "$SQLITE_DATABASE"' + install=true + elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then + echo "Installing with MySQL database" + # shellcheck disable=SC2016 + install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"' + install=true + elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then + echo "Installing with PostgreSQL database" + # shellcheck disable=SC2016 + install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"' + install=true + fi + + if [ "$install" = true ]; then + run_path pre-installation + + echo "Starting nextcloud installation" + max_retries=10 + try=0 + until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] + do + echo "Retrying install..." + try=$((try+1)) + sleep 10s + done + if [ "$try" -gt "$max_retries" ]; then + echo "Installing of nextcloud failed!" + exit 1 + fi + if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then + echo "Setting trusted domains…" + NC_TRUSTED_DOMAIN_IDX=1 + for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do + DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') + run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" + NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1)) + done + fi + + run_path post-installation + else + echo "Please run the web-based installer on first connect!" + fi + fi + # Upgrade + else + run_path pre-upgrade + + run_as 'php /var/www/html/occ upgrade' + + run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after + echo "The following apps have been disabled:" + diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 + rm -f /tmp/list_before /tmp/list_after + + run_path post-upgrade + fi + + echo "Initializing finished" + fi + + # Update htaccess after init if requested + if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then + run_as 'php /var/www/html/occ maintenance:update:htaccess' + fi + ) 9> /var/www/html/nextcloud-init-sync.lock + + run_path before-starting +fi + +exec "$@" diff --git a/27/fpm/upgrade.exclude b/27/fpm/upgrade.exclude new file mode 100644 index 00000000..31ce39a8 --- /dev/null +++ b/27/fpm/upgrade.exclude @@ -0,0 +1,6 @@ +/config/ +/data/ +/custom_apps/ +/themes/ +/version.php +/nextcloud-init-sync.lock diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 3d69ca5d..905077bc 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -99,6 +99,11 @@ RUN { \ } > "${PHP_INI_DIR}/conf.d/nextcloud.ini"; \ \ mkdir /var/www/data; \ + mkdir -p /docker-entrypoint-hooks.d/pre-installation \ + /docker-entrypoint-hooks.d/post-installation \ + /docker-entrypoint-hooks.d/pre-upgrade \ + /docker-entrypoint-hooks.d/post-upgrade \ + /docker-entrypoint-hooks.d/before-starting; \ chown -R www-data:root /var/www; \ chmod -R g=u /var/www diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 4a9d975f..cea5d93b 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -79,9 +79,9 @@ RUN set -ex; \ apt-mark auto '.*' > /dev/null; \ apt-mark manual $savedAptMark; \ ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ - | awk '/=>/ { print $3 }' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ | sort -u \ - | xargs -r dpkg-query -S \ + | xargs -r dpkg-query --search \ | cut -d: -f1 \ | sort -u \ | xargs -rt apt-mark manual; \ @@ -111,6 +111,11 @@ RUN { \ } > "${PHP_INI_DIR}/conf.d/nextcloud.ini"; \ \ mkdir /var/www/data; \ + mkdir -p /docker-entrypoint-hooks.d/pre-installation \ + /docker-entrypoint-hooks.d/post-installation \ + /docker-entrypoint-hooks.d/pre-upgrade \ + /docker-entrypoint-hooks.d/post-upgrade \ + /docker-entrypoint-hooks.d/before-starting; \ chown -R www-data:root /var/www; \ chmod -R g=u /var/www diff --git a/README.md b/README.md index 4128efc1..31531767 100644 --- a/README.md +++ b/README.md @@ -202,6 +202,38 @@ To customize other PHP limits you can simply change the following variables: - `PHP_UPLOAD_LIMIT` (default `512M`) This sets the upload limit (`post_max_size` and `upload_max_filesize`) for big files. Note that you may have to change other limits depending on your client, webserver or operating system. Check the [Nextcloud documentation](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/big_file_upload_configuration.html) for more information. +## Auto configuration via hook folders + +There are 5 hooks + +- `pre-installation` Executed before the Nextcloud is installed/initiated +- `post-installation` Executed after the Nextcloud is installed/initiated +- `pre-upgrade` Executed before the Nextcloud is upgraded +- `post-upgrade` Executed after the Nextcloud is upgraded +- `before-starting` Executed before the Nextcloud starts + +To use the hooks triggered by the `entrypoint` script, either +- Added your script(s) to the individual of the hook folder(s), which are located at the path `/docker-entrypoint-hooks.d` in the container +- Use volume(s) if you want to use script from the host system inside the container, see example. + +**Note:** Only the script(s) located in a hook folder (not sub-folders), ending with `.sh` and marked as executable, will be executed. + +**Example:** Mount using volumes +```yaml +... + app: + image: nextcloud:stable + + volumes: + - ./app-hooks/pre-installation:/docker-entrypoint-hooks.d/pre-installation + - ./app-hooks/post-installation:/docker-entrypoint-hooks.d/post-installation + - ./app-hooks/pre-upgrade:/docker-entrypoint-hooks.d/pre-upgrade + - ./app-hooks/post-upgrade:/docker-entrypoint-hooks.d/post-upgrade + - ./app-hooks/before-starting:/docker-entrypoint-hooks.d/before-starting +... +``` + + ## Using the apache image behind a reverse proxy and auto configure server host and protocol The apache image will replace the remote addr (IP address visible to Nextcloud) with the IP address from `X-Real-IP` if the request is coming from a proxy in `10.0.0.0/8`, `172.16.0.0/12` or `192.168.0.0/16` by default. If you want Nextcloud to pick up the server host (`HTTP_X_FORWARDED_HOST`), protocol (`HTTP_X_FORWARDED_PROTO`) and client IP (`HTTP_X_FORWARDED_FOR`) from a trusted proxy, then disable rewrite IP and add the reverse proxy's IP address to `TRUSTED_PROXIES`. diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 37441fd8..4c85f6ad 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -19,6 +19,39 @@ run_as() { fi } +# Execute all executable files in a given directory in alphanumeric order +run_path() { + local hook_folder_path="/docker-entrypoint-hooks.d/$1" + local return_code=0 + + echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}" + + if [ -z "$(ls -A "${hook_folder_path}")" ]; then + echo "==> but the hook folder \"$(basename "${hook_folder_path}")\" is empty, so nothing to do" + return 0 + fi + + ( + for script_file_path in "${hook_folder_path}/"*.sh; do + if ! [ -x "${script_file_path}" ] && [ -f "${script_file_path}" ]; then + echo "==> The script \"${script_file_path}\" in the folder \"${hook_folder_path}\" was skipping, because it didn't have the executable flag" + continue + fi + + echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\"" + + run_as "${script_file_path}" || return_code="$?" + + if [ "${return_code}" -ne "0" ]; then + echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}" + exit 1 + fi + + echo "==> Finished the script: \"${script_file_path}\"" + done + ) +} + # usage: file_env VAR [DEFAULT] # ie: file_env 'XYZ_DB_PASSWORD' 'example' # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of @@ -124,6 +157,11 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP if version_greater "$image_version" "$installed_version"; then echo "Initializing nextcloud $image_version ..." if [ "$installed_version" != "0.0.0.0" ]; then + if [ "${image_version%%.*}" -gt "$((${installed_version%%.*} + 1))" ]; then + echo "Can't start Nextcloud because upgrading from $installed_version to $image_version is not supported." + echo "It is only possible to upgrade one major version at a time. For example, if you want to upgrade from version 14 to 16, you will have to upgrade from version 14 to 15, then from 15 to 16." + exit 1 + fi echo "Upgrading nextcloud from $installed_version ..." run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before fi @@ -182,6 +220,8 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP fi if [ "$install" = true ]; then + run_path pre-installation + echo "Starting nextcloud installation" max_retries=10 try=0 @@ -204,12 +244,16 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1)) done fi + + run_path post-installation else echo "Please run the web-based installer on first connect!" fi fi # Upgrade else + run_path pre-upgrade + run_as 'php /var/www/html/occ upgrade' run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after @@ -217,6 +261,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 rm -f /tmp/list_before /tmp/list_after + run_path post-upgrade fi echo "Initializing finished" @@ -227,6 +272,8 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP run_as 'php /var/www/html/occ maintenance:update:htaccess' fi ) 9> /var/www/html/nextcloud-init-sync.lock + + run_path before-starting fi exec "$@" diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 00ec97ee..4246789a 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash set -Eeuo pipefail -stable_channel='25.0.7' +stable_channel='26.0.5' self="$(basename "$BASH_SOURCE")" cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" diff --git a/latest.txt b/latest.txt index cbf1d673..291c9c43 100644 --- a/latest.txt +++ b/latest.txt @@ -1 +1 @@ -26.0.2 +27.0.2 diff --git a/update.sh b/update.sh index 8282d826..3e85ef84 100755 --- a/update.sh +++ b/update.sh @@ -7,7 +7,8 @@ declare -A alpine_version=( ) declare -A debian_version=( - [default]='bullseye' + [25]='bullseye' + [default]='bookworm' ) declare -A php_version=( @@ -28,7 +29,7 @@ declare -A base=( ) declare -A extras=( - [apache]='\nRUN a2enmod headers rewrite remoteip ;\\\n {\\\n echo RemoteIPHeader X-Real-IP ;\\\n echo RemoteIPTrustedProxy 10.0.0.0/8 ;\\\n echo RemoteIPTrustedProxy 172.16.0.0/12 ;\\\n echo RemoteIPTrustedProxy 192.168.0.0/16 ;\\\n } > /etc/apache2/conf-available/remoteip.conf;\\\n a2enconf remoteip' + [apache]='\nRUN a2enmod headers rewrite remoteip ;\\\n {\\\n echo RemoteIPHeader X-Real-IP ;\\\n echo RemoteIPInternalProxy 10.0.0.0/8 ;\\\n echo RemoteIPInternalProxy 172.16.0.0/12 ;\\\n echo RemoteIPInternalProxy 192.168.0.0/16 ;\\\n } > /etc/apache2/conf-available/remoteip.conf;\\\n a2enconf remoteip' [fpm]='' [fpm-alpine]='' ) diff --git a/versions.json b/versions.json index 737135bc..512f9731 100644 --- a/versions.json +++ b/versions.json @@ -1,20 +1,46 @@ { - "26": { - "branch": "26", - "version": "26.0.2", - "url": "https://download.nextcloud.com/server/releases/nextcloud-26.0.2.tar.bz2", - "ascUrl": "https://download.nextcloud.com/server/releases/nextcloud-26.0.2.tar.bz2.asc", + "27": { + "branch": "27", + "version": "27.0.2", + "url": "https://download.nextcloud.com/server/releases/nextcloud-27.0.2.tar.bz2", + "ascUrl": "https://download.nextcloud.com/server/releases/nextcloud-27.0.2.tar.bz2.asc", "variants": { "apache": { "variant": "apache", "base": "debian", - "baseVersion": "bullseye", + "baseVersion": "bookworm", "phpVersion": "8.2" }, "fpm": { "variant": "fpm", "base": "debian", - "baseVersion": "bullseye", + "baseVersion": "bookworm", + "phpVersion": "8.2" + }, + "fpm-alpine": { + "variant": "fpm-alpine", + "base": "alpine", + "baseVersion": "3.18", + "phpVersion": "8.2" + } + } + }, + "26": { + "branch": "26", + "version": "26.0.5", + "url": "https://download.nextcloud.com/server/releases/nextcloud-26.0.5.tar.bz2", + "ascUrl": "https://download.nextcloud.com/server/releases/nextcloud-26.0.5.tar.bz2.asc", + "variants": { + "apache": { + "variant": "apache", + "base": "debian", + "baseVersion": "bookworm", + "phpVersion": "8.2" + }, + "fpm": { + "variant": "fpm", + "base": "debian", + "baseVersion": "bookworm", "phpVersion": "8.2" }, "fpm-alpine": { @@ -27,9 +53,9 @@ }, "25": { "branch": "25", - "version": "25.0.7", - "url": "https://download.nextcloud.com/server/releases/nextcloud-25.0.7.tar.bz2", - "ascUrl": "https://download.nextcloud.com/server/releases/nextcloud-25.0.7.tar.bz2.asc", + "version": "25.0.10", + "url": "https://download.nextcloud.com/server/releases/nextcloud-25.0.10.tar.bz2", + "ascUrl": "https://download.nextcloud.com/server/releases/nextcloud-25.0.10.tar.bz2.asc", "variants": { "apache": { "variant": "apache",