diff --git a/21.0/apache/Dockerfile b/21.0/apache/Dockerfile index 1b95a920..bb30a5c5 100644 --- a/21.0/apache/Dockerfile +++ b/21.0/apache/Dockerfile @@ -1,6 +1,9 @@ # DO NOT EDIT: created by update.sh from Dockerfile-debian.template FROM php:7.4-apache-buster +ENV PHP_MEMORY_LIMIT 512M +ENV PHP_UPLOAD_LIMIT 512M + # entrypoint.sh and cron.sh dependencies RUN set -ex; \ \ @@ -17,8 +20,6 @@ RUN set -ex; \ # install the PHP extensions we need # see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html -ENV PHP_MEMORY_LIMIT 512M -ENV PHP_UPLOAD_LIMIT 512M RUN set -ex; \ \ savedAptMark="$(apt-mark showmanual)"; \ @@ -121,8 +122,8 @@ RUN a2enmod headers rewrite remoteip ;\ } > /etc/apache2/conf-available/remoteip.conf;\ a2enconf remoteip -ENV NEXTCLOUD_VERSION 21.0.3 - +ARG NEXTCLOUD_VERSION=21.0.3 +ENV NEXTCLOUD_VERSION=${NEXTCLOUD_VERSION} RUN set -ex; \ fetchDeps=" \ gnupg \ @@ -139,19 +140,44 @@ RUN set -ex; \ # gpg key from https://nextcloud.com/nextcloud.asc gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ - gpgconf --kill all; \ + tar -xjf nextcloud.tar.bz2 --strip-components=1 -C . \ +&& gpgconf --kill all; \ rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \ - mkdir -p /usr/src/nextcloud/data; \ - mkdir -p /usr/src/nextcloud/custom_apps; \ - chmod +x /usr/src/nextcloud/occ; \ + rm -rf "$GNUPGHOME" /var/www/html/updater; \ + chmod +x /var/www/html/occ; \ \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \ - rm -rf /var/lib/apt/lists/* + rm -rf /var/lib/apt/lists/* \ + && mkdir -p /usr/src/nextcloud \ + && mv /var/www/html/themes /usr/src/nextcloud/ \ + && mv /var/www/html/config /usr/src/nextcloud/ -COPY *.sh upgrade.exclude / +### Volumes +# to store the pid +VOLUME /run/apache2 +# /tmp for session data +VOLUME /tmp +####### +# A volume for each directory within the nextcloud installation, so that +# 1/ each one can be swapped out with a persistent volume +# 2/ file access is faster as it is not part of the overlay file-system +# 3/ if 2/ is crafted carefully it will eventually allow the container FS to be mounted read-only, which helps security +VOLUME /var/www/html/3rdparty +VOLUME /var/www/html/apps +VOLUME /var/www/html/config +VOLUME /var/www/html/core +VOLUME /var/www/html/custom_apps +VOLUME /var/www/html/data +VOLUME /var/www/html/lib +VOLUME /var/www/html/ocm-provider +VOLUME /var/www/html/ocs +VOLUME /var/www/html/ocs-provider +VOLUME /var/www/html/resources +VOLUME /var/www/html/themes + +COPY entrypoint.sh /usr/local/bin/ +COPY cron.sh / COPY config/* /usr/src/nextcloud/config/ -ENTRYPOINT ["/entrypoint.sh"] -CMD ["apache2-foreground"] +ENTRYPOINT [] +CMD ["/usr/local/bin/entrypoint.sh", "apache2-foreground"] diff --git a/21.0/apache/docker-compose.yml b/21.0/apache/docker-compose.yml new file mode 100644 index 00000000..396def79 --- /dev/null +++ b/21.0/apache/docker-compose.yml @@ -0,0 +1,45 @@ +version: "3.9" + +services: + db: + image: mariadb:10.5 + command: --transaction-isolation=READ-COMMITTED + volumes: + - db_data:/var/lib/mysql + - /run/mysqld/ + - /tmp + restart: unless-stopped + read_only: true + environment: + MARIADB_RANDOM_ROOT_PASSWORD: "yes" + MYSQL_DATABASE: nextcloud + MYSQL_USER: nextcloud + MYSQL_PASSWORD: nextcloud + + nextcloud: + depends_on: + - db + image: ${NC_IMAGE_NAME:-nextcloud:latest} + read_only: true + volumes: + - nextcloud_data:/var/www/html/data + - nextcloud_apps:/var/www/html/apps + - nextcloud_config:/var/www/html/config + - nextcloud_themes:/var/www/html/themes + ports: + - "8000:80" + restart: always + environment: + NEXTCLOUD_ADMIN_USER: administrator + NEXTCLOUD_ADMIN_PASSWORD: adminpass + NEXTCLOUD_TRUSTED_DOMAINS: localhost + MYSQL_DATABASE: nextcloud + MYSQL_PASSWORD: nextcloud + MYSQL_USER: nextcloud + MYSQL_HOST: db +volumes: + db_data: {} + nextcloud_data: {} + nextcloud_apps: {} + nextcloud_config: {} + nextcloud_themes: {} diff --git a/21.0/apache/entrypoint.sh b/21.0/apache/entrypoint.sh index b6da893b..8672b310 100755 --- a/21.0/apache/entrypoint.sh +++ b/21.0/apache/entrypoint.sh @@ -1,5 +1,5 @@ #!/bin/sh -set -eu +set -eux # version_greater A B returns whether A > B version_greater() { @@ -78,12 +78,11 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP fi installed_version="0.0.0.0" - if [ -f /var/www/html/version.php ]; then - # shellcheck disable=SC2016 - installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" - fi # shellcheck disable=SC2016 - image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')" + if [ -f /var/www/html/config/version.php ];then + installed_version="$(php -r 'require "/var/www/html/config/version.php"; echo implode(".", $OC_Version);')" + fi + image_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" if version_greater "$installed_version" "$image_version"; then echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?" @@ -101,14 +100,13 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP else rsync_options="-rlD" fi - rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ - - for dir in config data custom_apps themes; do + ## Carefully checking whether the persistent volumes we care about are empty. + for dir in config themes; do if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then - rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/ + echo ">> Bootstraping '/var/www/html/${dir}'" + rsync $rsync_options /usr/src/nextcloud/${dir}/. /var/www/html/${dir}/. fi done - rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/ echo "Initializing finished" #install @@ -150,7 +148,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"' install=true fi - + chown -R www-data:root /var/www/html/apps /var/www/html/custom_apps /var/www/html/data if [ "$install" = true ]; then echo "starting nextcloud installation" max_retries=10 @@ -180,15 +178,22 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP fi #upgrade else + chown -R www-data:root /var/www/html/apps /var/www/html/custom_apps /var/www/html/data run_as 'php /var/www/html/occ upgrade' run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after echo "The following apps have been disabled:" diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 rm -f /tmp/list_before /tmp/list_after - fi + cp /var/www/html/version.php /var/www/html/config/version.php fi fi +chown -R www-data:root \ + /var/www/html/apps \ + /var/www/html/custom_apps \ + /var/www/html/data \ + /var/www/html/themes + exec "$@"