Merge 087371d7a0 into 5d01cebeab

21.0/apache/Dockerfile

@@ -1,6 +1,9 @@
 # DO NOT EDIT: created by update.sh from Dockerfile-debian.template
 FROM php:7.4-apache-buster
 
+ENV PHP_MEMORY_LIMIT 512M
+ENV PHP_UPLOAD_LIMIT 512M
+
 # entrypoint.sh and cron.sh dependencies
 RUN set -ex; \
     \
@@ -17,8 +20,6 @@ RUN set -ex; \
 
 # install the PHP extensions we need
 # see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
-ENV PHP_MEMORY_LIMIT 512M
-ENV PHP_UPLOAD_LIMIT 512M
 RUN set -ex; \
     \
     savedAptMark="$(apt-mark showmanual)"; \
@@ -121,8 +122,8 @@ RUN a2enmod headers rewrite remoteip ;\
     } > /etc/apache2/conf-available/remoteip.conf;\
     a2enconf remoteip
 
-ENV NEXTCLOUD_VERSION 21.0.3
+ARG NEXTCLOUD_VERSION=21.0.3
-
+ENV NEXTCLOUD_VERSION=${NEXTCLOUD_VERSION}
 RUN set -ex; \
     fetchDeps=" \
         gnupg \
@@ -139,19 +140,44 @@ RUN set -ex; \
 # gpg key from https://nextcloud.com/nextcloud.asc
     gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
     gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
-    tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
+    tar -xjf nextcloud.tar.bz2 --strip-components=1 -C . \
-    gpgconf --kill all; \
+&& gpgconf --kill all; \
     rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
-    rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \
+    rm -rf "$GNUPGHOME" /var/www/html/updater; \
-    mkdir -p /usr/src/nextcloud/data; \
+    chmod +x /var/www/html/occ; \
-    mkdir -p /usr/src/nextcloud/custom_apps; \
-    chmod +x /usr/src/nextcloud/occ; \
     \
     apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
-    rm -rf /var/lib/apt/lists/*
+    rm -rf /var/lib/apt/lists/* \
+ && mkdir -p /usr/src/nextcloud \
+ && mv /var/www/html/themes /usr/src/nextcloud/ \
+ && mv /var/www/html/config /usr/src/nextcloud/
 
-COPY *.sh upgrade.exclude /
+### Volumes
+# to store the pid
+VOLUME /run/apache2
+# /tmp for session data
+VOLUME /tmp
+#######
+# A volume for each directory within the nextcloud installation, so that
+# 1/ each one can be swapped out with a persistent volume 
+# 2/ file access is faster as it is not part of the overlay file-system
+# 3/ if 2/ is crafted carefully it will eventually allow the container FS to be mounted read-only, which helps security
+VOLUME /var/www/html/3rdparty
+VOLUME /var/www/html/apps
+VOLUME /var/www/html/config
+VOLUME /var/www/html/core
+VOLUME /var/www/html/custom_apps
+VOLUME /var/www/html/data
+VOLUME /var/www/html/lib
+VOLUME /var/www/html/ocm-provider
+VOLUME /var/www/html/ocs
+VOLUME /var/www/html/ocs-provider
+VOLUME /var/www/html/resources
+VOLUME /var/www/html/themes
+
+COPY entrypoint.sh /usr/local/bin/
+COPY cron.sh /
 COPY config/* /usr/src/nextcloud/config/
 
-ENTRYPOINT ["/entrypoint.sh"]
+ENTRYPOINT []
-CMD ["apache2-foreground"]
+CMD ["/usr/local/bin/entrypoint.sh", "apache2-foreground"]

21.0/apache/docker-compose.yml

@@ -0,0 +1,45 @@
+version: "3.9"
+    
+services:
+  db:
+    image: mariadb:10.5
+    command: --transaction-isolation=READ-COMMITTED
+    volumes:
+      - db_data:/var/lib/mysql
+      - /run/mysqld/
+      - /tmp
+    restart: unless-stopped
+    read_only: true
+    environment:
+      MARIADB_RANDOM_ROOT_PASSWORD: "yes"
+      MYSQL_DATABASE: nextcloud
+      MYSQL_USER: nextcloud
+      MYSQL_PASSWORD: nextcloud
+    
+  nextcloud:
+    depends_on:
+      - db
+    image: ${NC_IMAGE_NAME:-nextcloud:latest}
+    read_only: true
+    volumes:
+      - nextcloud_data:/var/www/html/data
+      - nextcloud_apps:/var/www/html/apps
+      - nextcloud_config:/var/www/html/config
+      - nextcloud_themes:/var/www/html/themes
+    ports:
+      - "8000:80"
+    restart: always
+    environment:
+      NEXTCLOUD_ADMIN_USER: administrator
+      NEXTCLOUD_ADMIN_PASSWORD: adminpass
+      NEXTCLOUD_TRUSTED_DOMAINS: localhost
+      MYSQL_DATABASE: nextcloud
+      MYSQL_PASSWORD: nextcloud
+      MYSQL_USER: nextcloud
+      MYSQL_HOST: db
+volumes:
+  db_data: {}
+  nextcloud_data: {}
+  nextcloud_apps: {}
+  nextcloud_config: {}
+  nextcloud_themes: {}

21.0/apache/entrypoint.sh

@@ -1,5 +1,5 @@
 #!/bin/sh
-set -eu
+set -eux
 
 # version_greater A B returns whether A > B
 version_greater() {
@@ -78,12 +78,11 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
     fi
 
     installed_version="0.0.0.0"
-    if [ -f /var/www/html/version.php ]; then
-        # shellcheck disable=SC2016
-        installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
-    fi
     # shellcheck disable=SC2016
-    image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
+    if [ -f /var/www/html/config/version.php ];then
+        installed_version="$(php -r 'require "/var/www/html/config/version.php"; echo implode(".", $OC_Version);')"
+    fi
+    image_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
 
     if version_greater "$installed_version" "$image_version"; then
         echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
@@ -101,14 +100,13 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
         else
             rsync_options="-rlD"
         fi
-        rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/
+        ## Carefully checking whether the persistent volumes we care about are empty.
-
+        for dir in config themes; do
-        for dir in config data custom_apps themes; do
             if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
-                rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
+                echo ">> Bootstraping '/var/www/html/${dir}'"
+                rsync $rsync_options /usr/src/nextcloud/${dir}/. /var/www/html/${dir}/.
             fi
         done
-        rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
         echo "Initializing finished"
 
         #install
@@ -150,7 +148,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                     install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"'
                     install=true
                 fi
-
+                chown  -R www-data:root /var/www/html/apps /var/www/html/custom_apps /var/www/html/data
                 if [ "$install" = true ]; then
                     echo "starting nextcloud installation"
                     max_retries=10
@@ -180,15 +178,22 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
             fi
         #upgrade
         else
+            chown  -R www-data:root /var/www/html/apps /var/www/html/custom_apps /var/www/html/data
             run_as 'php /var/www/html/occ upgrade'
 
             run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
             echo "The following apps have been disabled:"
             diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
             rm -f /tmp/list_before /tmp/list_after
-
         fi
+        cp /var/www/html/version.php /var/www/html/config/version.php
     fi
 fi
 
+chown  -R www-data:root \
+    /var/www/html/apps \
+    /var/www/html/custom_apps \
+    /var/www/html/data \
+    /var/www/html/themes
+
 exec "$@"