diff --git a/.examples/docker-compose/insecure/mariadb-cron-redis/apache/db.env b/.examples/docker-compose/insecure/mariadb-cron-redis/apache/db.env deleted file mode 100644 index a4366057..00000000 --- a/.examples/docker-compose/insecure/mariadb-cron-redis/apache/db.env +++ /dev/null @@ -1,3 +0,0 @@ -MYSQL_PASSWORD= -MYSQL_DATABASE=nextcloud -MYSQL_USER=nextcloud diff --git a/.examples/docker-compose/insecure/mariadb-cron-redis/apache/docker-compose.yml b/.examples/docker-compose/insecure/mariadb-cron-redis/apache/docker-compose.yml deleted file mode 100644 index 600c609f..00000000 --- a/.examples/docker-compose/insecure/mariadb-cron-redis/apache/docker-compose.yml +++ /dev/null @@ -1,47 +0,0 @@ -version: '3' - -services: - db: - image: mariadb - command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW - restart: always - volumes: - - db:/var/lib/mysql - environment: - - MYSQL_ROOT_PASSWORD= - env_file: - - db.env - - redis: - image: redis:alpine - restart: always - - app: - image: nextcloud:apache - restart: always - ports: - - 8080:80 - volumes: - - nextcloud:/var/www/html - environment: - - MYSQL_HOST=db - - REDIS_HOST=redis - env_file: - - db.env - depends_on: - - db - - redis - - cron: - image: nextcloud:apache - restart: always - volumes: - - nextcloud:/var/www/html - entrypoint: /cron.sh - depends_on: - - db - - redis - -volumes: - db: - nextcloud: diff --git a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/db.env b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/db.env deleted file mode 100644 index a4366057..00000000 --- a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/db.env +++ /dev/null @@ -1,3 +0,0 @@ -MYSQL_PASSWORD= -MYSQL_DATABASE=nextcloud -MYSQL_USER=nextcloud diff --git a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/docker-compose.yml b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/docker-compose.yml deleted file mode 100644 index 5ac5b3b1..00000000 --- a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/docker-compose.yml +++ /dev/null @@ -1,55 +0,0 @@ -version: '3' - -services: - db: - image: mariadb - command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW - restart: always - volumes: - - db:/var/lib/mysql - environment: - - MYSQL_ROOT_PASSWORD= - env_file: - - db.env - - redis: - image: redis:alpine - restart: always - - app: - image: nextcloud:fpm-alpine - restart: always - volumes: - - nextcloud:/var/www/html - environment: - - MYSQL_HOST=db - - REDIS_HOST=redis - env_file: - - db.env - depends_on: - - db - - redis - - web: - build: ./web - restart: always - ports: - - 8080:80 - volumes: - - nextcloud:/var/www/html:ro - depends_on: - - app - - cron: - image: nextcloud:fpm-alpine - restart: always - volumes: - - nextcloud:/var/www/html - entrypoint: /cron.sh - depends_on: - - db - - redis - -volumes: - db: - nextcloud: diff --git a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/Dockerfile b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/Dockerfile deleted file mode 100644 index 9e620aff..00000000 --- a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/Dockerfile +++ /dev/null @@ -1,3 +0,0 @@ -FROM nginx:alpine - -COPY nginx.conf /etc/nginx/nginx.conf diff --git a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/nginx.conf b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/nginx.conf deleted file mode 100644 index 62095270..00000000 --- a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/nginx.conf +++ /dev/null @@ -1,168 +0,0 @@ -worker_processes auto; - -error_log /var/log/nginx/error.log warn; -pid /var/run/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - #gzip on; - - upstream php-handler { - server app:9000; - } - - server { - listen 80; - - # Add headers to serve security related headers - # Before enabling Strict-Transport-Security headers please read into this - # topic first. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - # - # WARNING: Only add the preload option once you read about - # the consequences in https://hstspreload.org/. This option - # will add the domain to a hardcoded list that is shipped - # in all major browsers and getting removed from this list - # could take several months. - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Remove X-Powered-By, which is an information leak - fastcgi_hide_header X-Powered-By; - - # Path to the root of your installation - root /var/www/html; - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # The following 2 rules are only needed for the user_webfinger app. - # Uncomment it if you're planning to use this app. - #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; - #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; - - # The following rule is only needed for the Social app. - # Uncomment it if you're planning to use this app. - #rewrite ^/.well-known/webfinger /public.php?service=webfinger last; - - location = /.well-known/carddav { - return 301 $scheme://$host:$server_port/remote.php/dav; - } - - location = /.well-known/caldav { - return 301 $scheme://$host:$server_port/remote.php/dav; - } - - # set max upload size - client_max_body_size 10G; - fastcgi_buffers 64 4K; - - # Enable gzip but do not remove ETag headers - gzip on; - gzip_vary on; - gzip_comp_level 4; - gzip_min_length 256; - gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; - gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; - - # Uncomment if your server is build with the ngx_pagespeed module - # This module is currently not supported. - #pagespeed off; - - location / { - rewrite ^ /index.php; - } - - location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { - deny all; - } - location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { - deny all; - } - - location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { - fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; - set $path_info $fastcgi_path_info; - try_files $fastcgi_script_name =404; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $path_info; - # fastcgi_param HTTPS on; - - # Avoid sending the security headers twice - fastcgi_param modHeadersAvailable true; - - # Enable pretty urls - fastcgi_param front_controller_active true; - fastcgi_pass php-handler; - fastcgi_intercept_errors on; - fastcgi_request_buffering off; - } - - location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { - try_files $uri/ =404; - index index.php; - } - - # Adding the cache control header for js, css and map files - # Make sure it is BELOW the PHP block - location ~ \.(?:css|js|woff2?|svg|gif|map)$ { - try_files $uri /index.php$request_uri; - add_header Cache-Control "public, max-age=15778463"; - # Add headers to serve security related headers (It is intended to - # have those duplicated to the ones above) - # Before enabling Strict-Transport-Security headers please read into - # this topic first. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - # - # WARNING: Only add the preload option once you read about - # the consequences in https://hstspreload.org/. This option - # will add the domain to a hardcoded list that is shipped - # in all major browsers and getting removed from this list - # could take several months. - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Optional: Don't log access to assets - access_log off; - } - - location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ { - try_files $uri /index.php$request_uri; - # Optional: Don't log access to other assets - access_log off; - } - } -} diff --git a/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml b/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml index defa0bdb..70ed73bb 100644 --- a/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml +++ b/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml @@ -2,7 +2,7 @@ version: '3' services: db: - image: mariadb + image: mariadb:10.5 command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW restart: always volumes: @@ -12,19 +12,35 @@ services: env_file: - db.env + redis: + image: redis:alpine + restart: always + app: image: nextcloud:apache restart: always ports: - - 8080:80 + - 127.0.0.1:8080:80 volumes: - nextcloud:/var/www/html environment: - MYSQL_HOST=db + - REDIS_HOST=redis env_file: - db.env depends_on: - db + - redis + + cron: + image: nextcloud:apache + restart: always + volumes: + - nextcloud:/var/www/html + entrypoint: /cron.sh + depends_on: + - db + - redis volumes: db: diff --git a/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml b/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml index eb91bbdb..44c79485 100644 --- a/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml +++ b/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml @@ -2,7 +2,7 @@ version: '3' services: db: - image: mariadb + image: mariadb:10.5 command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW restart: always volumes: @@ -12,6 +12,10 @@ services: env_file: - db.env + redis: + image: redis:alpine + restart: always + app: image: nextcloud:fpm-alpine restart: always @@ -19,21 +23,33 @@ services: - nextcloud:/var/www/html environment: - MYSQL_HOST=db + - REDIS_HOST=redis env_file: - db.env depends_on: - db + - redis web: build: ./web restart: always ports: - - 8080:80 + - 127.0.0.1:8080:80 volumes: - nextcloud:/var/www/html:ro depends_on: - app + cron: + image: nextcloud:fpm-alpine + restart: always + volumes: + - nextcloud:/var/www/html + entrypoint: /cron.sh + depends_on: + - db + - redis + volumes: db: nextcloud: diff --git a/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf b/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf index 62095270..ef8229c1 100644 --- a/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf +++ b/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf @@ -33,55 +33,16 @@ http { server { listen 80; - # Add headers to serve security related headers - # Before enabling Strict-Transport-Security headers please read into this - # topic first. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - # + # HSTS settings # WARNING: Only add the preload option once you read about # the consequences in https://hstspreload.org/. This option # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Remove X-Powered-By, which is an information leak - fastcgi_hide_header X-Powered-By; - - # Path to the root of your installation - root /var/www/html; - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # The following 2 rules are only needed for the user_webfinger app. - # Uncomment it if you're planning to use this app. - #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; - #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; - - # The following rule is only needed for the Social app. - # Uncomment it if you're planning to use this app. - #rewrite ^/.well-known/webfinger /public.php?service=webfinger last; - - location = /.well-known/carddav { - return 301 $scheme://$host:$server_port/remote.php/dav; - } - - location = /.well-known/caldav { - return 301 $scheme://$host:$server_port/remote.php/dav; - } + #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; # set max upload size - client_max_body_size 10G; + client_max_body_size 512M; fastcgi_buffers 64 4K; # Enable gzip but do not remove ETag headers @@ -92,77 +53,115 @@ http { gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; - # Uncomment if your server is build with the ngx_pagespeed module - # This module is currently not supported. + # Pagespeed is not supported by Nextcloud, so if your server is built + # with the `ngx_pagespeed` module, uncomment this line to disable it. #pagespeed off; - location / { - rewrite ^ /index.php; + # HTTP response headers borrowed from Nextcloud `.htaccess` + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Download-Options "noopen" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "none" always; + add_header X-XSS-Protection "1; mode=block" always; + + # Remove X-Powered-By, which is an information leak + fastcgi_hide_header X-Powered-By; + + # Path to the root of your installation + root /var/www/html; + + # Specify how to handle directories -- specifying `/index.php$request_uri` + # here as the fallback means that Nginx always exhibits the desired behaviour + # when a client requests a path that corresponds to a directory that exists + # on the server. In particular, if that directory contains an index.php file, + # that file is correctly served; if it doesn't, then the request is passed to + # the front-end controller. This consistent behaviour means that we don't need + # to specify custom rules for certain paths (e.g. images and other assets, + # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus + # `try_files $uri $uri/ /index.php$request_uri` + # always provides the desired behaviour. + index index.php index.html /index.php$request_uri; + + # Rule borrowed from `.htaccess` to handle Microsoft DAV clients + location = / { + if ( $http_user_agent ~ ^DavClnt ) { + return 302 /remote.php/webdav/$is_args$args; + } } - location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { - deny all; - } - location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { - deny all; + location = /robots.txt { + allow all; + log_not_found off; + access_log off; } - location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { - fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; + # Make a regex exception for `/.well-known` so that clients can still + # access it despite the existence of the regex rule + # `location ~ /(\.|autotest|...)` which would otherwise handle requests + # for `/.well-known`. + location ^~ /.well-known { + # The rules in this block are an adaptation of the rules + # in `.htaccess` that concern `/.well-known`. + + location = /.well-known/carddav { return 301 /remote.php/dav/; } + location = /.well-known/caldav { return 301 /remote.php/dav/; } + + location /.well-known/acme-challenge { try_files $uri $uri/ =404; } + location /.well-known/pki-validation { try_files $uri $uri/ =404; } + + # Let Nextcloud's API for `/.well-known` URIs handle all other + # requests by passing them to the front-end controller. + return 301 /index.php$request_uri; + } + + # Rules borrowed from `.htaccess` to hide certain paths from clients + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; } + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } + + # Ensure this block, which passes PHP files to the PHP process, is above the blocks + # which handle static assets (as seen below). If this block is not declared first, + # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php` + # to the URI, resulting in a HTTP 500 error response. + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; set $path_info $fastcgi_path_info; + try_files $fastcgi_script_name =404; + include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $path_info; - # fastcgi_param HTTPS on; + #fastcgi_param HTTPS on; - # Avoid sending the security headers twice - fastcgi_param modHeadersAvailable true; - - # Enable pretty urls - fastcgi_param front_controller_active true; + fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice + fastcgi_param front_controller_active true; # Enable pretty urls fastcgi_pass php-handler; + fastcgi_intercept_errors on; fastcgi_request_buffering off; } - location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { - try_files $uri/ =404; - index index.php; + location ~ \.(?:css|js|svg|gif)$ { + try_files $uri /index.php$request_uri; + expires 6M; # Cache-Control policy borrowed from `.htaccess` + access_log off; # Optional: Don't log access to assets } - # Adding the cache control header for js, css and map files - # Make sure it is BELOW the PHP block - location ~ \.(?:css|js|woff2?|svg|gif|map)$ { + location ~ \.woff2?$ { try_files $uri /index.php$request_uri; - add_header Cache-Control "public, max-age=15778463"; - # Add headers to serve security related headers (It is intended to - # have those duplicated to the ones above) - # Before enabling Strict-Transport-Security headers please read into - # this topic first. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - # - # WARNING: Only add the preload option once you read about - # the consequences in https://hstspreload.org/. This option - # will add the domain to a hardcoded list that is shipped - # in all major browsers and getting removed from this list - # could take several months. - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Optional: Don't log access to assets - access_log off; + expires 7d; # Cache-Control policy borrowed from `.htaccess` + access_log off; # Optional: Don't log access to assets } - location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ { - try_files $uri /index.php$request_uri; - # Optional: Don't log access to other assets - access_log off; + # Rule borrowed from `.htaccess` + location /remote { + return 301 /remote.php$request_uri; + } + + location / { + try_files $uri $uri/ /index.php$request_uri; } } } diff --git a/.examples/docker-compose/insecure/postgres/apache/docker-compose.yml b/.examples/docker-compose/insecure/postgres/apache/docker-compose.yml index 596568d6..882f161e 100644 --- a/.examples/docker-compose/insecure/postgres/apache/docker-compose.yml +++ b/.examples/docker-compose/insecure/postgres/apache/docker-compose.yml @@ -9,19 +9,35 @@ services: env_file: - db.env + redis: + image: redis:alpine + restart: always + app: image: nextcloud:apache restart: always ports: - - 8080:80 + - 127.0.0.1:8080:80 volumes: - nextcloud:/var/www/html environment: - POSTGRES_HOST=db + - REDIS_HOST=redis env_file: - db.env depends_on: - db + - redis + + cron: + image: nextcloud:apache + restart: always + volumes: + - nextcloud:/var/www/html + entrypoint: /cron.sh + depends_on: + - db + - redis volumes: db: diff --git a/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml b/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml index b1ff459c..85fecdf1 100644 --- a/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml +++ b/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml @@ -9,6 +9,10 @@ services: env_file: - db.env + redis: + image: redis:alpine + restart: always + app: image: nextcloud:fpm-alpine restart: always @@ -16,21 +20,33 @@ services: - nextcloud:/var/www/html environment: - POSTGRES_HOST=db + - REDIS_HOST=redis env_file: - db.env depends_on: - db + - redis web: build: ./web restart: always ports: - - 8080:80 + - 127.0.0.1:8080:80 volumes: - nextcloud:/var/www/html:ro depends_on: - app + cron: + image: nextcloud:fpm-alpine + restart: always + volumes: + - nextcloud:/var/www/html + entrypoint: /cron.sh + depends_on: + - db + - redis + volumes: db: nextcloud: diff --git a/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf b/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf index 62095270..ef8229c1 100644 --- a/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf +++ b/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf @@ -33,55 +33,16 @@ http { server { listen 80; - # Add headers to serve security related headers - # Before enabling Strict-Transport-Security headers please read into this - # topic first. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - # + # HSTS settings # WARNING: Only add the preload option once you read about # the consequences in https://hstspreload.org/. This option # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Remove X-Powered-By, which is an information leak - fastcgi_hide_header X-Powered-By; - - # Path to the root of your installation - root /var/www/html; - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # The following 2 rules are only needed for the user_webfinger app. - # Uncomment it if you're planning to use this app. - #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; - #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; - - # The following rule is only needed for the Social app. - # Uncomment it if you're planning to use this app. - #rewrite ^/.well-known/webfinger /public.php?service=webfinger last; - - location = /.well-known/carddav { - return 301 $scheme://$host:$server_port/remote.php/dav; - } - - location = /.well-known/caldav { - return 301 $scheme://$host:$server_port/remote.php/dav; - } + #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; # set max upload size - client_max_body_size 10G; + client_max_body_size 512M; fastcgi_buffers 64 4K; # Enable gzip but do not remove ETag headers @@ -92,77 +53,115 @@ http { gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; - # Uncomment if your server is build with the ngx_pagespeed module - # This module is currently not supported. + # Pagespeed is not supported by Nextcloud, so if your server is built + # with the `ngx_pagespeed` module, uncomment this line to disable it. #pagespeed off; - location / { - rewrite ^ /index.php; + # HTTP response headers borrowed from Nextcloud `.htaccess` + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Download-Options "noopen" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "none" always; + add_header X-XSS-Protection "1; mode=block" always; + + # Remove X-Powered-By, which is an information leak + fastcgi_hide_header X-Powered-By; + + # Path to the root of your installation + root /var/www/html; + + # Specify how to handle directories -- specifying `/index.php$request_uri` + # here as the fallback means that Nginx always exhibits the desired behaviour + # when a client requests a path that corresponds to a directory that exists + # on the server. In particular, if that directory contains an index.php file, + # that file is correctly served; if it doesn't, then the request is passed to + # the front-end controller. This consistent behaviour means that we don't need + # to specify custom rules for certain paths (e.g. images and other assets, + # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus + # `try_files $uri $uri/ /index.php$request_uri` + # always provides the desired behaviour. + index index.php index.html /index.php$request_uri; + + # Rule borrowed from `.htaccess` to handle Microsoft DAV clients + location = / { + if ( $http_user_agent ~ ^DavClnt ) { + return 302 /remote.php/webdav/$is_args$args; + } } - location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { - deny all; - } - location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { - deny all; + location = /robots.txt { + allow all; + log_not_found off; + access_log off; } - location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { - fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; + # Make a regex exception for `/.well-known` so that clients can still + # access it despite the existence of the regex rule + # `location ~ /(\.|autotest|...)` which would otherwise handle requests + # for `/.well-known`. + location ^~ /.well-known { + # The rules in this block are an adaptation of the rules + # in `.htaccess` that concern `/.well-known`. + + location = /.well-known/carddav { return 301 /remote.php/dav/; } + location = /.well-known/caldav { return 301 /remote.php/dav/; } + + location /.well-known/acme-challenge { try_files $uri $uri/ =404; } + location /.well-known/pki-validation { try_files $uri $uri/ =404; } + + # Let Nextcloud's API for `/.well-known` URIs handle all other + # requests by passing them to the front-end controller. + return 301 /index.php$request_uri; + } + + # Rules borrowed from `.htaccess` to hide certain paths from clients + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; } + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } + + # Ensure this block, which passes PHP files to the PHP process, is above the blocks + # which handle static assets (as seen below). If this block is not declared first, + # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php` + # to the URI, resulting in a HTTP 500 error response. + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; set $path_info $fastcgi_path_info; + try_files $fastcgi_script_name =404; + include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $path_info; - # fastcgi_param HTTPS on; + #fastcgi_param HTTPS on; - # Avoid sending the security headers twice - fastcgi_param modHeadersAvailable true; - - # Enable pretty urls - fastcgi_param front_controller_active true; + fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice + fastcgi_param front_controller_active true; # Enable pretty urls fastcgi_pass php-handler; + fastcgi_intercept_errors on; fastcgi_request_buffering off; } - location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { - try_files $uri/ =404; - index index.php; + location ~ \.(?:css|js|svg|gif)$ { + try_files $uri /index.php$request_uri; + expires 6M; # Cache-Control policy borrowed from `.htaccess` + access_log off; # Optional: Don't log access to assets } - # Adding the cache control header for js, css and map files - # Make sure it is BELOW the PHP block - location ~ \.(?:css|js|woff2?|svg|gif|map)$ { + location ~ \.woff2?$ { try_files $uri /index.php$request_uri; - add_header Cache-Control "public, max-age=15778463"; - # Add headers to serve security related headers (It is intended to - # have those duplicated to the ones above) - # Before enabling Strict-Transport-Security headers please read into - # this topic first. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - # - # WARNING: Only add the preload option once you read about - # the consequences in https://hstspreload.org/. This option - # will add the domain to a hardcoded list that is shipped - # in all major browsers and getting removed from this list - # could take several months. - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Optional: Don't log access to assets - access_log off; + expires 7d; # Cache-Control policy borrowed from `.htaccess` + access_log off; # Optional: Don't log access to assets } - location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ { - try_files $uri /index.php$request_uri; - # Optional: Don't log access to other assets - access_log off; + # Rule borrowed from `.htaccess` + location /remote { + return 301 /remote.php$request_uri; + } + + location / { + try_files $uri $uri/ /index.php$request_uri; } } } diff --git a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/db.env b/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/db.env deleted file mode 100644 index a4366057..00000000 --- a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/db.env +++ /dev/null @@ -1,3 +0,0 @@ -MYSQL_PASSWORD= -MYSQL_DATABASE=nextcloud -MYSQL_USER=nextcloud diff --git a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/docker-compose.yml deleted file mode 100644 index 3d60f7ee..00000000 --- a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/docker-compose.yml +++ /dev/null @@ -1,78 +0,0 @@ -version: '3' - -services: - db: - image: mariadb - command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW - restart: always - volumes: - - db:/var/lib/mysql - environment: - - MYSQL_ROOT_PASSWORD= - env_file: - - db.env - - app: - image: nextcloud:fpm-alpine - restart: always - volumes: - - nextcloud:/var/www/html - environment: - - MYSQL_HOST=db - env_file: - - db.env - depends_on: - - db - - web: - build: ./web - restart: always - volumes: - - nextcloud:/var/www/html:ro - environment: - - VIRTUAL_HOST= - depends_on: - - app - networks: - - proxy-tier - - default - - proxy: - build: ./proxy - restart: always - ports: - - 80:80 - - 443:443 - volumes: - - certs:/etc/nginx/certs:ro - - vhost.d:/etc/nginx/vhost.d - - html:/usr/share/nginx/html - - /var/run/docker.sock:/tmp/docker.sock:ro - networks: - - proxy-tier - depends_on: - - omgwtfssl - - omgwtfssl: - image: paulczar/omgwtfssl - restart: "no" - volumes: - - certs:/certs - environment: - - SSL_SUBJECT=servhostname.local - - CA_SUBJECT=my@example.com - - SSL_KEY=/certs/servhostname.local.key - - SSL_CSR=/certs/servhostname.local.csr - - SSL_CERT=/certs/servhostname.local.crt - networks: - - proxy-tier - -volumes: - db: - nextcloud: - certs: - vhost.d: - html: - -networks: - proxy-tier: diff --git a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/proxy/Dockerfile b/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/proxy/Dockerfile deleted file mode 100644 index 242c84e1..00000000 --- a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/proxy/Dockerfile +++ /dev/null @@ -1,3 +0,0 @@ -FROM jwilder/nginx-proxy:alpine - -COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf diff --git a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/proxy/uploadsize.conf b/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/proxy/uploadsize.conf deleted file mode 100644 index 7e3906ec..00000000 --- a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/proxy/uploadsize.conf +++ /dev/null @@ -1,2 +0,0 @@ -client_max_body_size 10G; -proxy_request_buffering off; diff --git a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/web/Dockerfile b/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/web/Dockerfile deleted file mode 100644 index 9e620aff..00000000 --- a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/web/Dockerfile +++ /dev/null @@ -1,3 +0,0 @@ -FROM nginx:alpine - -COPY nginx.conf /etc/nginx/nginx.conf diff --git a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/web/nginx.conf b/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/web/nginx.conf deleted file mode 100644 index 36f591d4..00000000 --- a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/web/nginx.conf +++ /dev/null @@ -1,173 +0,0 @@ -worker_processes auto; - -error_log /var/log/nginx/error.log warn; -pid /var/run/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - set_real_ip_from 10.0.0.0/8; - set_real_ip_from 172.16.0.0/12; - set_real_ip_from 192.168.0.0/16; - real_ip_header X-Real-IP; - - #gzip on; - - upstream php-handler { - server app:9000; - } - - server { - listen 80; - - # Add headers to serve security related headers - # Before enabling Strict-Transport-Security headers please read into this - # topic first. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - # - # WARNING: Only add the preload option once you read about - # the consequences in https://hstspreload.org/. This option - # will add the domain to a hardcoded list that is shipped - # in all major browsers and getting removed from this list - # could take several months. - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Remove X-Powered-By, which is an information leak - fastcgi_hide_header X-Powered-By; - - # Path to the root of your installation - root /var/www/html; - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # The following 2 rules are only needed for the user_webfinger app. - # Uncomment it if you're planning to use this app. - #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; - #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; - - # The following rule is only needed for the Social app. - # Uncomment it if you're planning to use this app. - #rewrite ^/.well-known/webfinger /public.php?service=webfinger last; - - location = /.well-known/carddav { - return 301 $scheme://$host/remote.php/dav; - } - - location = /.well-known/caldav { - return 301 $scheme://$host/remote.php/dav; - } - - # set max upload size - client_max_body_size 10G; - fastcgi_buffers 64 4K; - - # Enable gzip but do not remove ETag headers - gzip on; - gzip_vary on; - gzip_comp_level 4; - gzip_min_length 256; - gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; - gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; - - # Uncomment if your server is build with the ngx_pagespeed module - # This module is currently not supported. - #pagespeed off; - - location / { - rewrite ^ /index.php; - } - - location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { - deny all; - } - location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { - deny all; - } - - location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { - fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; - set $path_info $fastcgi_path_info; - try_files $fastcgi_script_name =404; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $path_info; - # fastcgi_param HTTPS on; - - # Avoid sending the security headers twice - fastcgi_param modHeadersAvailable true; - - # Enable pretty urls - fastcgi_param front_controller_active true; - fastcgi_pass php-handler; - fastcgi_intercept_errors on; - fastcgi_request_buffering off; - } - - location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { - try_files $uri/ =404; - index index.php; - } - - # Adding the cache control header for js, css and map files - # Make sure it is BELOW the PHP block - location ~ \.(?:css|js|woff2?|svg|gif|map)$ { - try_files $uri /index.php$request_uri; - add_header Cache-Control "public, max-age=15778463"; - # Add headers to serve security related headers (It is intended to - # have those duplicated to the ones above) - # Before enabling Strict-Transport-Security headers please read into - # this topic first. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - # - # WARNING: Only add the preload option once you read about - # the consequences in https://hstspreload.org/. This option - # will add the domain to a hardcoded list that is shipped - # in all major browsers and getting removed from this list - # could take several months. - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Optional: Don't log access to assets - access_log off; - } - - location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ { - try_files $uri /index.php$request_uri; - # Optional: Don't log access to other assets - access_log off; - } - } -} diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/db.env b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/db.env deleted file mode 100644 index a4366057..00000000 --- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/db.env +++ /dev/null @@ -1,3 +0,0 @@ -MYSQL_PASSWORD= -MYSQL_DATABASE=nextcloud -MYSQL_USER=nextcloud diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/docker-compose.yml deleted file mode 100644 index 39ab2bef..00000000 --- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/docker-compose.yml +++ /dev/null @@ -1,86 +0,0 @@ -version: '3' - -services: - db: - image: mariadb - command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW - restart: always - volumes: - - db:/var/lib/mysql - environment: - - MYSQL_ROOT_PASSWORD= - env_file: - - db.env - - redis: - image: redis:alpine - restart: always - - app: - image: nextcloud:apache - restart: always - volumes: - - nextcloud:/var/www/html - environment: - - VIRTUAL_HOST= - - LETSENCRYPT_HOST= - - LETSENCRYPT_EMAIL= - - MYSQL_HOST=db - - REDIS_HOST=redis - env_file: - - db.env - depends_on: - - db - - redis - networks: - - proxy-tier - - default - - cron: - image: nextcloud:apache - restart: always - volumes: - - nextcloud:/var/www/html - entrypoint: /cron.sh - depends_on: - - db - - redis - - proxy: - build: ./proxy - restart: always - ports: - - 80:80 - - 443:443 - labels: - com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true" - volumes: - - certs:/etc/nginx/certs:ro - - vhost.d:/etc/nginx/vhost.d - - html:/usr/share/nginx/html - - /var/run/docker.sock:/tmp/docker.sock:ro - networks: - - proxy-tier - - letsencrypt-companion: - image: jrcs/letsencrypt-nginx-proxy-companion - restart: always - volumes: - - certs:/etc/nginx/certs - - vhost.d:/etc/nginx/vhost.d - - html:/usr/share/nginx/html - - /var/run/docker.sock:/var/run/docker.sock:ro - networks: - - proxy-tier - depends_on: - - proxy - -volumes: - db: - nextcloud: - certs: - vhost.d: - html: - -networks: - proxy-tier: diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/Dockerfile b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/Dockerfile deleted file mode 100644 index 242c84e1..00000000 --- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/Dockerfile +++ /dev/null @@ -1,3 +0,0 @@ -FROM jwilder/nginx-proxy:alpine - -COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/uploadsize.conf b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/uploadsize.conf deleted file mode 100644 index 7e3906ec..00000000 --- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/uploadsize.conf +++ /dev/null @@ -1,2 +0,0 @@ -client_max_body_size 10G; -proxy_request_buffering off; diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/db.env b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/db.env deleted file mode 100644 index a4366057..00000000 --- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/db.env +++ /dev/null @@ -1,3 +0,0 @@ -MYSQL_PASSWORD= -MYSQL_DATABASE=nextcloud -MYSQL_USER=nextcloud diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/docker-compose.yml deleted file mode 100644 index d5763620..00000000 --- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/docker-compose.yml +++ /dev/null @@ -1,95 +0,0 @@ -version: '3' - -services: - db: - image: mariadb - command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW - restart: always - volumes: - - db:/var/lib/mysql - environment: - - MYSQL_ROOT_PASSWORD= - env_file: - - db.env - - redis: - image: redis:alpine - restart: always - - app: - image: nextcloud:fpm-alpine - restart: always - volumes: - - nextcloud:/var/www/html - environment: - - MYSQL_HOST=db - - REDIS_HOST=redis - env_file: - - db.env - depends_on: - - db - - redis - - web: - build: ./web - restart: always - volumes: - - nextcloud:/var/www/html:ro - environment: - - VIRTUAL_HOST= - - LETSENCRYPT_HOST= - - LETSENCRYPT_EMAIL= - depends_on: - - app - networks: - - proxy-tier - - default - - cron: - image: nextcloud:fpm-alpine - restart: always - volumes: - - nextcloud:/var/www/html - entrypoint: /cron.sh - depends_on: - - db - - redis - - proxy: - build: ./proxy - restart: always - ports: - - 80:80 - - 443:443 - labels: - com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true" - volumes: - - certs:/etc/nginx/certs:ro - - vhost.d:/etc/nginx/vhost.d - - html:/usr/share/nginx/html - - /var/run/docker.sock:/tmp/docker.sock:ro - networks: - - proxy-tier - - letsencrypt-companion: - image: jrcs/letsencrypt-nginx-proxy-companion - restart: always - volumes: - - certs:/etc/nginx/certs - - vhost.d:/etc/nginx/vhost.d - - html:/usr/share/nginx/html - - /var/run/docker.sock:/var/run/docker.sock:ro - networks: - - proxy-tier - depends_on: - - proxy - -volumes: - db: - nextcloud: - certs: - vhost.d: - html: - -networks: - proxy-tier: diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/Dockerfile b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/Dockerfile deleted file mode 100644 index 242c84e1..00000000 --- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/Dockerfile +++ /dev/null @@ -1,3 +0,0 @@ -FROM jwilder/nginx-proxy:alpine - -COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/uploadsize.conf b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/uploadsize.conf deleted file mode 100644 index 7e3906ec..00000000 --- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/uploadsize.conf +++ /dev/null @@ -1,2 +0,0 @@ -client_max_body_size 10G; -proxy_request_buffering off; diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/Dockerfile b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/Dockerfile deleted file mode 100644 index 9e620aff..00000000 --- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/Dockerfile +++ /dev/null @@ -1,3 +0,0 @@ -FROM nginx:alpine - -COPY nginx.conf /etc/nginx/nginx.conf diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/nginx.conf b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/nginx.conf deleted file mode 100644 index 36f591d4..00000000 --- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/nginx.conf +++ /dev/null @@ -1,173 +0,0 @@ -worker_processes auto; - -error_log /var/log/nginx/error.log warn; -pid /var/run/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - set_real_ip_from 10.0.0.0/8; - set_real_ip_from 172.16.0.0/12; - set_real_ip_from 192.168.0.0/16; - real_ip_header X-Real-IP; - - #gzip on; - - upstream php-handler { - server app:9000; - } - - server { - listen 80; - - # Add headers to serve security related headers - # Before enabling Strict-Transport-Security headers please read into this - # topic first. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - # - # WARNING: Only add the preload option once you read about - # the consequences in https://hstspreload.org/. This option - # will add the domain to a hardcoded list that is shipped - # in all major browsers and getting removed from this list - # could take several months. - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Remove X-Powered-By, which is an information leak - fastcgi_hide_header X-Powered-By; - - # Path to the root of your installation - root /var/www/html; - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # The following 2 rules are only needed for the user_webfinger app. - # Uncomment it if you're planning to use this app. - #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; - #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; - - # The following rule is only needed for the Social app. - # Uncomment it if you're planning to use this app. - #rewrite ^/.well-known/webfinger /public.php?service=webfinger last; - - location = /.well-known/carddav { - return 301 $scheme://$host/remote.php/dav; - } - - location = /.well-known/caldav { - return 301 $scheme://$host/remote.php/dav; - } - - # set max upload size - client_max_body_size 10G; - fastcgi_buffers 64 4K; - - # Enable gzip but do not remove ETag headers - gzip on; - gzip_vary on; - gzip_comp_level 4; - gzip_min_length 256; - gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; - gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; - - # Uncomment if your server is build with the ngx_pagespeed module - # This module is currently not supported. - #pagespeed off; - - location / { - rewrite ^ /index.php; - } - - location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { - deny all; - } - location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { - deny all; - } - - location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { - fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; - set $path_info $fastcgi_path_info; - try_files $fastcgi_script_name =404; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $path_info; - # fastcgi_param HTTPS on; - - # Avoid sending the security headers twice - fastcgi_param modHeadersAvailable true; - - # Enable pretty urls - fastcgi_param front_controller_active true; - fastcgi_pass php-handler; - fastcgi_intercept_errors on; - fastcgi_request_buffering off; - } - - location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { - try_files $uri/ =404; - index index.php; - } - - # Adding the cache control header for js, css and map files - # Make sure it is BELOW the PHP block - location ~ \.(?:css|js|woff2?|svg|gif|map)$ { - try_files $uri /index.php$request_uri; - add_header Cache-Control "public, max-age=15778463"; - # Add headers to serve security related headers (It is intended to - # have those duplicated to the ones above) - # Before enabling Strict-Transport-Security headers please read into - # this topic first. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - # - # WARNING: Only add the preload option once you read about - # the consequences in https://hstspreload.org/. This option - # will add the domain to a hardcoded list that is shipped - # in all major browsers and getting removed from this list - # could take several months. - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Optional: Don't log access to assets - access_log off; - } - - location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ { - try_files $uri /index.php$request_uri; - # Optional: Don't log access to other assets - access_log off; - } - } -} diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/docker-compose.yml index 3b5121a6..13bdf597 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/docker-compose.yml +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/docker-compose.yml @@ -2,7 +2,7 @@ version: '3' services: db: - image: mariadb + image: mariadb:10.5 command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW restart: always volumes: @@ -12,6 +12,10 @@ services: env_file: - db.env + redis: + image: redis:alpine + restart: always + app: image: nextcloud:apache restart: always @@ -22,14 +26,26 @@ services: - LETSENCRYPT_HOST= - LETSENCRYPT_EMAIL= - MYSQL_HOST=db + - REDIS_HOST=redis env_file: - db.env depends_on: - db + - redis networks: - proxy-tier - default + cron: + image: nextcloud:apache + restart: always + volumes: + - nextcloud:/var/www/html + entrypoint: /cron.sh + depends_on: + - db + - redis + proxy: build: ./proxy restart: always @@ -59,6 +75,21 @@ services: depends_on: - proxy +# self signed +# omgwtfssl: +# image: paulczar/omgwtfssl +# restart: "no" +# volumes: +# - certs:/certs +# environment: +# - SSL_SUBJECT=servhostname.local +# - CA_SUBJECT=my@example.com +# - SSL_KEY=/certs/servhostname.local.key +# - SSL_CSR=/certs/servhostname.local.csr +# - SSL_CERT=/certs/servhostname.local.crt +# networks: +# - proxy-tier + volumes: db: nextcloud: diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml index 5fc70af1..380834b8 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml @@ -2,7 +2,7 @@ version: '3' services: db: - image: mariadb + image: mariadb:10.5 command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW restart: always volumes: @@ -12,6 +12,10 @@ services: env_file: - db.env + redis: + image: redis:alpine + restart: always + app: image: nextcloud:fpm-alpine restart: always @@ -19,10 +23,12 @@ services: - nextcloud:/var/www/html environment: - MYSQL_HOST=db + - REDIS_HOST=redis env_file: - db.env depends_on: - db + - redis web: build: ./web @@ -39,6 +45,16 @@ services: - proxy-tier - default + cron: + image: nextcloud:fpm-alpine + restart: always + volumes: + - nextcloud:/var/www/html + entrypoint: /cron.sh + depends_on: + - db + - redis + proxy: build: ./proxy restart: always @@ -68,6 +84,21 @@ services: depends_on: - proxy +# self signed +# omgwtfssl: +# image: paulczar/omgwtfssl +# restart: "no" +# volumes: +# - certs:/certs +# environment: +# - SSL_SUBJECT=servhostname.local +# - CA_SUBJECT=my@example.com +# - SSL_KEY=/certs/servhostname.local.key +# - SSL_CSR=/certs/servhostname.local.csr +# - SSL_CERT=/certs/servhostname.local.crt +# networks: +# - proxy-tier + volumes: db: nextcloud: diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf index 36f591d4..ef8229c1 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf @@ -24,11 +24,6 @@ http { keepalive_timeout 65; - set_real_ip_from 10.0.0.0/8; - set_real_ip_from 172.16.0.0/12; - set_real_ip_from 192.168.0.0/16; - real_ip_header X-Real-IP; - #gzip on; upstream php-handler { @@ -38,55 +33,16 @@ http { server { listen 80; - # Add headers to serve security related headers - # Before enabling Strict-Transport-Security headers please read into this - # topic first. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - # + # HSTS settings # WARNING: Only add the preload option once you read about # the consequences in https://hstspreload.org/. This option # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Remove X-Powered-By, which is an information leak - fastcgi_hide_header X-Powered-By; - - # Path to the root of your installation - root /var/www/html; - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # The following 2 rules are only needed for the user_webfinger app. - # Uncomment it if you're planning to use this app. - #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; - #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; - - # The following rule is only needed for the Social app. - # Uncomment it if you're planning to use this app. - #rewrite ^/.well-known/webfinger /public.php?service=webfinger last; - - location = /.well-known/carddav { - return 301 $scheme://$host/remote.php/dav; - } - - location = /.well-known/caldav { - return 301 $scheme://$host/remote.php/dav; - } + #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; # set max upload size - client_max_body_size 10G; + client_max_body_size 512M; fastcgi_buffers 64 4K; # Enable gzip but do not remove ETag headers @@ -97,77 +53,115 @@ http { gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; - # Uncomment if your server is build with the ngx_pagespeed module - # This module is currently not supported. + # Pagespeed is not supported by Nextcloud, so if your server is built + # with the `ngx_pagespeed` module, uncomment this line to disable it. #pagespeed off; - location / { - rewrite ^ /index.php; + # HTTP response headers borrowed from Nextcloud `.htaccess` + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Download-Options "noopen" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "none" always; + add_header X-XSS-Protection "1; mode=block" always; + + # Remove X-Powered-By, which is an information leak + fastcgi_hide_header X-Powered-By; + + # Path to the root of your installation + root /var/www/html; + + # Specify how to handle directories -- specifying `/index.php$request_uri` + # here as the fallback means that Nginx always exhibits the desired behaviour + # when a client requests a path that corresponds to a directory that exists + # on the server. In particular, if that directory contains an index.php file, + # that file is correctly served; if it doesn't, then the request is passed to + # the front-end controller. This consistent behaviour means that we don't need + # to specify custom rules for certain paths (e.g. images and other assets, + # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus + # `try_files $uri $uri/ /index.php$request_uri` + # always provides the desired behaviour. + index index.php index.html /index.php$request_uri; + + # Rule borrowed from `.htaccess` to handle Microsoft DAV clients + location = / { + if ( $http_user_agent ~ ^DavClnt ) { + return 302 /remote.php/webdav/$is_args$args; + } } - location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { - deny all; - } - location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { - deny all; + location = /robots.txt { + allow all; + log_not_found off; + access_log off; } - location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { - fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; + # Make a regex exception for `/.well-known` so that clients can still + # access it despite the existence of the regex rule + # `location ~ /(\.|autotest|...)` which would otherwise handle requests + # for `/.well-known`. + location ^~ /.well-known { + # The rules in this block are an adaptation of the rules + # in `.htaccess` that concern `/.well-known`. + + location = /.well-known/carddav { return 301 /remote.php/dav/; } + location = /.well-known/caldav { return 301 /remote.php/dav/; } + + location /.well-known/acme-challenge { try_files $uri $uri/ =404; } + location /.well-known/pki-validation { try_files $uri $uri/ =404; } + + # Let Nextcloud's API for `/.well-known` URIs handle all other + # requests by passing them to the front-end controller. + return 301 /index.php$request_uri; + } + + # Rules borrowed from `.htaccess` to hide certain paths from clients + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; } + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } + + # Ensure this block, which passes PHP files to the PHP process, is above the blocks + # which handle static assets (as seen below). If this block is not declared first, + # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php` + # to the URI, resulting in a HTTP 500 error response. + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; set $path_info $fastcgi_path_info; + try_files $fastcgi_script_name =404; + include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $path_info; - # fastcgi_param HTTPS on; + #fastcgi_param HTTPS on; - # Avoid sending the security headers twice - fastcgi_param modHeadersAvailable true; - - # Enable pretty urls - fastcgi_param front_controller_active true; + fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice + fastcgi_param front_controller_active true; # Enable pretty urls fastcgi_pass php-handler; + fastcgi_intercept_errors on; fastcgi_request_buffering off; } - location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { - try_files $uri/ =404; - index index.php; + location ~ \.(?:css|js|svg|gif)$ { + try_files $uri /index.php$request_uri; + expires 6M; # Cache-Control policy borrowed from `.htaccess` + access_log off; # Optional: Don't log access to assets } - # Adding the cache control header for js, css and map files - # Make sure it is BELOW the PHP block - location ~ \.(?:css|js|woff2?|svg|gif|map)$ { + location ~ \.woff2?$ { try_files $uri /index.php$request_uri; - add_header Cache-Control "public, max-age=15778463"; - # Add headers to serve security related headers (It is intended to - # have those duplicated to the ones above) - # Before enabling Strict-Transport-Security headers please read into - # this topic first. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - # - # WARNING: Only add the preload option once you read about - # the consequences in https://hstspreload.org/. This option - # will add the domain to a hardcoded list that is shipped - # in all major browsers and getting removed from this list - # could take several months. - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Optional: Don't log access to assets - access_log off; + expires 7d; # Cache-Control policy borrowed from `.htaccess` + access_log off; # Optional: Don't log access to assets } - location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ { - try_files $uri /index.php$request_uri; - # Optional: Don't log access to other assets - access_log off; + # Rule borrowed from `.htaccess` + location /remote { + return 301 /remote.php$request_uri; + } + + location / { + try_files $uri $uri/ /index.php$request_uri; } } } diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/apache/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy/postgres/apache/docker-compose.yml index 2e40e8d7..7c481db2 100644 --- a/.examples/docker-compose/with-nginx-proxy/postgres/apache/docker-compose.yml +++ b/.examples/docker-compose/with-nginx-proxy/postgres/apache/docker-compose.yml @@ -9,6 +9,10 @@ services: env_file: - db.env + redis: + image: redis:alpine + restart: always + app: image: nextcloud:apache restart: always @@ -19,14 +23,26 @@ services: - LETSENCRYPT_HOST= - LETSENCRYPT_EMAIL= - POSTGRES_HOST=db + - REDIS_HOST=redis env_file: - db.env depends_on: - db + - redis networks: - proxy-tier - default + cron: + image: nextcloud:apache + restart: always + volumes: + - nextcloud:/var/www/html + entrypoint: /cron.sh + depends_on: + - db + - redis + proxy: build: ./proxy restart: always @@ -56,6 +72,21 @@ services: depends_on: - proxy +# self signed +# omgwtfssl: +# image: paulczar/omgwtfssl +# restart: "no" +# volumes: +# - certs:/certs +# environment: +# - SSL_SUBJECT=servhostname.local +# - CA_SUBJECT=my@example.com +# - SSL_KEY=/certs/servhostname.local.key +# - SSL_CSR=/certs/servhostname.local.csr +# - SSL_CERT=/certs/servhostname.local.crt +# networks: +# - proxy-tier + volumes: db: nextcloud: diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/docker-compose.yml index 39e85f71..194d7a71 100644 --- a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/docker-compose.yml +++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/docker-compose.yml @@ -9,6 +9,10 @@ services: env_file: - db.env + redis: + image: redis:alpine + restart: always + app: image: nextcloud:fpm-alpine restart: always @@ -16,10 +20,12 @@ services: - nextcloud:/var/www/html environment: - POSTGRES_HOST=db + - REDIS_HOST=redis env_file: - db.env depends_on: - db + - redis web: build: ./web @@ -36,6 +42,16 @@ services: - proxy-tier - default + cron: + image: nextcloud:fpm-alpine + restart: always + volumes: + - nextcloud:/var/www/html + entrypoint: /cron.sh + depends_on: + - db + - redis + proxy: build: ./proxy restart: always @@ -65,6 +81,21 @@ services: depends_on: - proxy +# self signed +# omgwtfssl: +# image: paulczar/omgwtfssl +# restart: "no" +# volumes: +# - certs:/certs +# environment: +# - SSL_SUBJECT=servhostname.local +# - CA_SUBJECT=my@example.com +# - SSL_KEY=/certs/servhostname.local.key +# - SSL_CSR=/certs/servhostname.local.csr +# - SSL_CERT=/certs/servhostname.local.crt +# networks: +# - proxy-tier + volumes: db: nextcloud: diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf index 36f591d4..ef8229c1 100644 --- a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf +++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf @@ -24,11 +24,6 @@ http { keepalive_timeout 65; - set_real_ip_from 10.0.0.0/8; - set_real_ip_from 172.16.0.0/12; - set_real_ip_from 192.168.0.0/16; - real_ip_header X-Real-IP; - #gzip on; upstream php-handler { @@ -38,55 +33,16 @@ http { server { listen 80; - # Add headers to serve security related headers - # Before enabling Strict-Transport-Security headers please read into this - # topic first. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - # + # HSTS settings # WARNING: Only add the preload option once you read about # the consequences in https://hstspreload.org/. This option # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Remove X-Powered-By, which is an information leak - fastcgi_hide_header X-Powered-By; - - # Path to the root of your installation - root /var/www/html; - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # The following 2 rules are only needed for the user_webfinger app. - # Uncomment it if you're planning to use this app. - #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; - #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; - - # The following rule is only needed for the Social app. - # Uncomment it if you're planning to use this app. - #rewrite ^/.well-known/webfinger /public.php?service=webfinger last; - - location = /.well-known/carddav { - return 301 $scheme://$host/remote.php/dav; - } - - location = /.well-known/caldav { - return 301 $scheme://$host/remote.php/dav; - } + #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; # set max upload size - client_max_body_size 10G; + client_max_body_size 512M; fastcgi_buffers 64 4K; # Enable gzip but do not remove ETag headers @@ -97,77 +53,115 @@ http { gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; - # Uncomment if your server is build with the ngx_pagespeed module - # This module is currently not supported. + # Pagespeed is not supported by Nextcloud, so if your server is built + # with the `ngx_pagespeed` module, uncomment this line to disable it. #pagespeed off; - location / { - rewrite ^ /index.php; + # HTTP response headers borrowed from Nextcloud `.htaccess` + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Download-Options "noopen" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "none" always; + add_header X-XSS-Protection "1; mode=block" always; + + # Remove X-Powered-By, which is an information leak + fastcgi_hide_header X-Powered-By; + + # Path to the root of your installation + root /var/www/html; + + # Specify how to handle directories -- specifying `/index.php$request_uri` + # here as the fallback means that Nginx always exhibits the desired behaviour + # when a client requests a path that corresponds to a directory that exists + # on the server. In particular, if that directory contains an index.php file, + # that file is correctly served; if it doesn't, then the request is passed to + # the front-end controller. This consistent behaviour means that we don't need + # to specify custom rules for certain paths (e.g. images and other assets, + # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus + # `try_files $uri $uri/ /index.php$request_uri` + # always provides the desired behaviour. + index index.php index.html /index.php$request_uri; + + # Rule borrowed from `.htaccess` to handle Microsoft DAV clients + location = / { + if ( $http_user_agent ~ ^DavClnt ) { + return 302 /remote.php/webdav/$is_args$args; + } } - location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { - deny all; - } - location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { - deny all; + location = /robots.txt { + allow all; + log_not_found off; + access_log off; } - location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { - fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; + # Make a regex exception for `/.well-known` so that clients can still + # access it despite the existence of the regex rule + # `location ~ /(\.|autotest|...)` which would otherwise handle requests + # for `/.well-known`. + location ^~ /.well-known { + # The rules in this block are an adaptation of the rules + # in `.htaccess` that concern `/.well-known`. + + location = /.well-known/carddav { return 301 /remote.php/dav/; } + location = /.well-known/caldav { return 301 /remote.php/dav/; } + + location /.well-known/acme-challenge { try_files $uri $uri/ =404; } + location /.well-known/pki-validation { try_files $uri $uri/ =404; } + + # Let Nextcloud's API for `/.well-known` URIs handle all other + # requests by passing them to the front-end controller. + return 301 /index.php$request_uri; + } + + # Rules borrowed from `.htaccess` to hide certain paths from clients + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; } + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } + + # Ensure this block, which passes PHP files to the PHP process, is above the blocks + # which handle static assets (as seen below). If this block is not declared first, + # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php` + # to the URI, resulting in a HTTP 500 error response. + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; set $path_info $fastcgi_path_info; + try_files $fastcgi_script_name =404; + include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $path_info; - # fastcgi_param HTTPS on; + #fastcgi_param HTTPS on; - # Avoid sending the security headers twice - fastcgi_param modHeadersAvailable true; - - # Enable pretty urls - fastcgi_param front_controller_active true; + fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice + fastcgi_param front_controller_active true; # Enable pretty urls fastcgi_pass php-handler; + fastcgi_intercept_errors on; fastcgi_request_buffering off; } - location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { - try_files $uri/ =404; - index index.php; + location ~ \.(?:css|js|svg|gif)$ { + try_files $uri /index.php$request_uri; + expires 6M; # Cache-Control policy borrowed from `.htaccess` + access_log off; # Optional: Don't log access to assets } - # Adding the cache control header for js, css and map files - # Make sure it is BELOW the PHP block - location ~ \.(?:css|js|woff2?|svg|gif|map)$ { + location ~ \.woff2?$ { try_files $uri /index.php$request_uri; - add_header Cache-Control "public, max-age=15778463"; - # Add headers to serve security related headers (It is intended to - # have those duplicated to the ones above) - # Before enabling Strict-Transport-Security headers please read into - # this topic first. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - # - # WARNING: Only add the preload option once you read about - # the consequences in https://hstspreload.org/. This option - # will add the domain to a hardcoded list that is shipped - # in all major browsers and getting removed from this list - # could take several months. - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Optional: Don't log access to assets - access_log off; + expires 7d; # Cache-Control policy borrowed from `.htaccess` + access_log off; # Optional: Don't log access to assets } - location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ { - try_files $uri /index.php$request_uri; - # Optional: Don't log access to other assets - access_log off; + # Rule borrowed from `.htaccess` + location /remote { + return 301 /remote.php$request_uri; + } + + location / { + try_files $uri $uri/ /index.php$request_uri; } } } diff --git a/.github/ISSUE_TEMPLATE/Image_issue.md b/.github/ISSUE_TEMPLATE/Image_issue.md new file mode 100644 index 00000000..5ab4ad0b --- /dev/null +++ b/.github/ISSUE_TEMPLATE/Image_issue.md @@ -0,0 +1,12 @@ +--- +name: 🐛 Image issue +about: Issues related to the Nextcloud Docker image +--- + + diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 00000000..5a3fc37e --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,10 @@ +contact_links: + - name: 🐛 Nextcloud issue + url: https://github.com/nextcloud/server/issues/new/choose + about: Bug reports and feature requests for Nextcloud + - name: 🐳 Docker Support and Help + url: https://forums.docker.com/ + about: Configuration, installation, networking and other questions + - name: ❓ Nextcloud Support and Help + url: https://help.nextcloud.com/ + about: Configuration, webserver/proxy or performance issues and other questions diff --git a/19.0-rc/apache/Dockerfile b/19.0-rc/apache/Dockerfile deleted file mode 100644 index 0111d7b1..00000000 --- a/19.0-rc/apache/Dockerfile +++ /dev/null @@ -1,157 +0,0 @@ -# DO NOT EDIT: created by update.sh from Dockerfile-debian.template -FROM php:7.4-apache-buster - -# entrypoint.sh and cron.sh dependencies -RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - rsync \ - bzip2 \ - busybox-static \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - \ - mkdir -p /var/spool/cron/crontabs; \ - echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data - -# install the PHP extensions we need -# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html -ENV PHP_MEMORY_LIMIT 512M -ENV PHP_UPLOAD_LIMIT 512M -RUN set -ex; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libcurl4-openssl-dev \ - libevent-dev \ - libfreetype6-dev \ - libicu-dev \ - libjpeg-dev \ - libldap2-dev \ - libmcrypt-dev \ - libmemcached-dev \ - libpng-dev \ - libpq-dev \ - libxml2-dev \ - libmagickwand-dev \ - libzip-dev \ - libwebp-dev \ - libgmp-dev \ - ; \ - \ - debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ - docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \ - docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \ - docker-php-ext-install -j "$(nproc)" \ - bcmath \ - exif \ - gd \ - intl \ - ldap \ - opcache \ - pcntl \ - pdo_mysql \ - pdo_pgsql \ - zip \ - gmp \ - ; \ - \ -# pecl will claim success even if one install fails, so we need to perform each install separately - pecl install APCu-5.1.20; \ - pecl install memcached-3.1.5; \ - pecl install redis-5.3.4; \ - pecl install imagick-3.5.1; \ - \ - docker-php-ext-enable \ - apcu \ - memcached \ - redis \ - imagick \ - ; \ - rm -r /tmp/pear; \ - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies - apt-mark auto '.*' > /dev/null; \ - apt-mark manual $savedAptMark; \ - ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ - | awk '/=>/ { print $3 }' \ - | sort -u \ - | xargs -r dpkg-query -S \ - | cut -d: -f1 \ - | sort -u \ - | xargs -rt apt-mark manual; \ - \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - rm -rf /var/lib/apt/lists/* - -# set recommended PHP.ini settings -# see https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/server_tuning.html#enable-php-opcache -RUN { \ - echo 'opcache.enable=1'; \ - echo 'opcache.interned_strings_buffer=8'; \ - echo 'opcache.max_accelerated_files=10000'; \ - echo 'opcache.memory_consumption=128'; \ - echo 'opcache.save_comments=1'; \ - echo 'opcache.revalidate_freq=1'; \ - } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \ - \ - echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \ - \ - { \ - echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \ - echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \ - echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \ - } > /usr/local/etc/php/conf.d/nextcloud.ini; \ - \ - mkdir /var/www/data; \ - chown -R www-data:root /var/www; \ - chmod -R g=u /var/www - -VOLUME /var/www/html - -RUN a2enmod headers rewrite remoteip ;\ - {\ - echo RemoteIPHeader X-Real-IP ;\ - echo RemoteIPTrustedProxy 10.0.0.0/8 ;\ - echo RemoteIPTrustedProxy 172.16.0.0/12 ;\ - echo RemoteIPTrustedProxy 192.168.0.0/16 ;\ - } > /etc/apache2/conf-available/remoteip.conf;\ - a2enconf remoteip - -ENV NEXTCLOUD_VERSION 19.0.11RC1 - -RUN set -ex; \ - fetchDeps=" \ - gnupg \ - dirmngr \ - "; \ - apt-get update; \ - apt-get install -y --no-install-recommends $fetchDeps; \ - \ - curl -fsSL -o nextcloud.tar.bz2 \ - "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc \ - "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ -# gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ - gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ - gpgconf --kill all; \ - rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \ - mkdir -p /usr/src/nextcloud/data; \ - mkdir -p /usr/src/nextcloud/custom_apps; \ - chmod +x /usr/src/nextcloud/occ; \ - \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \ - rm -rf /var/lib/apt/lists/* - -COPY *.sh upgrade.exclude / -COPY config/* /usr/src/nextcloud/config/ - -ENTRYPOINT ["/entrypoint.sh"] -CMD ["apache2-foreground"] diff --git a/19.0-rc/apache/config/apache-pretty-urls.config.php b/19.0-rc/apache/config/apache-pretty-urls.config.php deleted file mode 100644 index 72da1d8c..00000000 --- a/19.0-rc/apache/config/apache-pretty-urls.config.php +++ /dev/null @@ -1,4 +0,0 @@ - '/', -); diff --git a/19.0-rc/apache/config/apcu.config.php b/19.0-rc/apache/config/apcu.config.php deleted file mode 100644 index 69fed876..00000000 --- a/19.0-rc/apache/config/apcu.config.php +++ /dev/null @@ -1,4 +0,0 @@ - '\OC\Memcache\APCu', -); diff --git a/19.0-rc/apache/config/apps.config.php b/19.0-rc/apache/config/apps.config.php deleted file mode 100644 index 4c37f72a..00000000 --- a/19.0-rc/apache/config/apps.config.php +++ /dev/null @@ -1,15 +0,0 @@ - array ( - 0 => array ( - 'path' => OC::$SERVERROOT.'/apps', - 'url' => '/apps', - 'writable' => false, - ), - 1 => array ( - 'path' => OC::$SERVERROOT.'/custom_apps', - 'url' => '/custom_apps', - 'writable' => true, - ), - ), -); diff --git a/19.0-rc/apache/config/autoconfig.php b/19.0-rc/apache/config/autoconfig.php deleted file mode 100644 index f01f18d6..00000000 --- a/19.0-rc/apache/config/autoconfig.php +++ /dev/null @@ -1,27 +0,0 @@ - '\OC\Memcache\Redis', - 'memcache.locking' => '\OC\Memcache\Redis', - 'redis' => array( - 'host' => getenv('REDIS_HOST'), - 'password' => (string) getenv('REDIS_HOST_PASSWORD'), - ), - ); - - if (getenv('REDIS_HOST_PORT') !== false) { - $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT'); - } elseif (getenv('REDIS_HOST')[0] != '/') { - $CONFIG['redis']['port'] = 6379; - } -} diff --git a/19.0-rc/apache/config/reverse-proxy.config.php b/19.0-rc/apache/config/reverse-proxy.config.php deleted file mode 100644 index 667be312..00000000 --- a/19.0-rc/apache/config/reverse-proxy.config.php +++ /dev/null @@ -1,25 +0,0 @@ - array( - 'class' => '\OC\Files\ObjectStore\S3', - 'arguments' => array( - 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), - 'key' => getenv('OBJECTSTORE_S3_KEY') ?: '', - 'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '', - 'region' => getenv('OBJECTSTORE_S3_REGION') ?: '', - 'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '', - 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', - 'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:", - 'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true, - 'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true, - // required for some non Amazon S3 implementations - 'use_path_style' => $use_path == true && strtolower($use_path) !== 'false', - // required for older protocol versions - 'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false' - ) - ) - ); -} diff --git a/19.0-rc/apache/config/smtp.config.php b/19.0-rc/apache/config/smtp.config.php deleted file mode 100644 index 62880e4b..00000000 --- a/19.0-rc/apache/config/smtp.config.php +++ /dev/null @@ -1,22 +0,0 @@ - 'smtp', - 'mail_smtphost' => getenv('SMTP_HOST'), - 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), - 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'), - 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', - 'mail_smtpname' => getenv('SMTP_NAME') ?: '', - 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), - 'mail_domain' => getenv('MAIL_DOMAIN'), - ); - - if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) { - $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); - } elseif (getenv('SMTP_PASSWORD')) { - $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); - } else { - $CONFIG['mail_smtppassword'] = ''; - } -} diff --git a/19.0-rc/apache/config/swift.config.php b/19.0-rc/apache/config/swift.config.php deleted file mode 100644 index 47ada566..00000000 --- a/19.0-rc/apache/config/swift.config.php +++ /dev/null @@ -1,31 +0,0 @@ - [ - 'class' => 'OC\\Files\\ObjectStore\\Swift', - 'arguments' => [ - 'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false', - 'user' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'), - 'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default', - ], - ], - 'scope' => [ - 'project' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default', - ], - ], - ], - 'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift', - 'region' => getenv('OBJECTSTORE_SWIFT_REGION'), - 'url' => getenv('OBJECTSTORE_SWIFT_URL'), - 'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'), - ] - ] - ); -} diff --git a/19.0-rc/apache/cron.sh b/19.0-rc/apache/cron.sh deleted file mode 100755 index 4dfa4118..00000000 --- a/19.0-rc/apache/cron.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -set -eu - -exec busybox crond -f -l 0 -L /dev/stdout diff --git a/19.0-rc/apache/entrypoint.sh b/19.0-rc/apache/entrypoint.sh deleted file mode 100755 index b6da893b..00000000 --- a/19.0-rc/apache/entrypoint.sh +++ /dev/null @@ -1,194 +0,0 @@ -#!/bin/sh -set -eu - -# version_greater A B returns whether A > B -version_greater() { - [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ] -} - -# return true if specified directory is empty -directory_empty() { - [ -z "$(ls -A "$1/")" ] -} - -run_as() { - if [ "$(id -u)" = 0 ]; then - su -p www-data -s /bin/sh -c "$1" - else - sh -c "$1" - fi -} - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") - local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") - if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - if [ -n "${varValue}" ]; then - export "$var"="${varValue}" - elif [ -n "${fileVarValue}" ]; then - export "$var"="$(cat "${fileVarValue}")" - elif [ -n "${def}" ]; then - export "$var"="$def" - fi - unset "$fileVar" -} - -if expr "$1" : "apache" 1>/dev/null; then - if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then - a2disconf remoteip - fi -fi - -if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then - if [ -n "${REDIS_HOST+x}" ]; then - - echo "Configuring Redis as session handler" - { - file_env REDIS_HOST_PASSWORD - echo 'session.save_handler = redis' - # check if redis host is an unix socket path - if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then - if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"unix://${REDIS_HOST}\"" - fi - # check if redis password has been set - elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" - fi - echo "redis.session.locking_enabled = 1" - echo "redis.session.lock_retries = -1" - # redis.session.lock_wait_time is specified in microseconds. - # Wait 10ms before retrying the lock rather than the default 2ms. - echo "redis.session.lock_wait_time = 10000" - } > /usr/local/etc/php/conf.d/redis-session.ini - fi - - installed_version="0.0.0.0" - if [ -f /var/www/html/version.php ]; then - # shellcheck disable=SC2016 - installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" - fi - # shellcheck disable=SC2016 - image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')" - - if version_greater "$installed_version" "$image_version"; then - echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?" - exit 1 - fi - - if version_greater "$image_version" "$installed_version"; then - echo "Initializing nextcloud $image_version ..." - if [ "$installed_version" != "0.0.0.0" ]; then - echo "Upgrading nextcloud from $installed_version ..." - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before - fi - if [ "$(id -u)" = 0 ]; then - rsync_options="-rlDog --chown www-data:root" - else - rsync_options="-rlD" - fi - rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ - - for dir in config data custom_apps themes; do - if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then - rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - fi - done - rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - echo "Initializing finished" - - #install - if [ "$installed_version" = "0.0.0.0" ]; then - echo "New nextcloud instance" - - file_env NEXTCLOUD_ADMIN_PASSWORD - file_env NEXTCLOUD_ADMIN_USER - - if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then - # shellcheck disable=SC2016 - install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' - if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then - # shellcheck disable=SC2016 - install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' - fi - - file_env MYSQL_DATABASE - file_env MYSQL_PASSWORD - file_env MYSQL_USER - file_env POSTGRES_DB - file_env POSTGRES_PASSWORD - file_env POSTGRES_USER - - install=false - if [ -n "${SQLITE_DATABASE+x}" ]; then - echo "Installing with SQLite database" - # shellcheck disable=SC2016 - install_options=$install_options' --database-name "$SQLITE_DATABASE"' - install=true - elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then - echo "Installing with MySQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"' - install=true - elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then - echo "Installing with PostgreSQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"' - install=true - fi - - if [ "$install" = true ]; then - echo "starting nextcloud installation" - max_retries=10 - try=0 - until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] - do - echo "retrying install..." - try=$((try+1)) - sleep 10s - done - if [ "$try" -gt "$max_retries" ]; then - echo "installing of nextcloud failed!" - exit 1 - fi - if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then - echo "setting trusted domains…" - NC_TRUSTED_DOMAIN_IDX=1 - for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do - DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" - NC_TRUSTED_DOMAIN_IDX=$(($NC_TRUSTED_DOMAIN_IDX+1)) - done - fi - else - echo "running web-based installer on first connect!" - fi - fi - #upgrade - else - run_as 'php /var/www/html/occ upgrade' - - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after - echo "The following apps have been disabled:" - diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 - rm -f /tmp/list_before /tmp/list_after - - fi - fi -fi - -exec "$@" diff --git a/19.0-rc/apache/upgrade.exclude b/19.0-rc/apache/upgrade.exclude deleted file mode 100644 index 354864da..00000000 --- a/19.0-rc/apache/upgrade.exclude +++ /dev/null @@ -1,5 +0,0 @@ -/config/ -/data/ -/custom_apps/ -/themes/ -/version.php diff --git a/19.0-rc/fpm-alpine/Dockerfile b/19.0-rc/fpm-alpine/Dockerfile deleted file mode 100644 index 5440c544..00000000 --- a/19.0-rc/fpm-alpine/Dockerfile +++ /dev/null @@ -1,134 +0,0 @@ -# DO NOT EDIT: created by update.sh from Dockerfile-alpine.template -FROM php:7.4-fpm-alpine3.13 - -# entrypoint.sh and cron.sh dependencies -RUN set -ex; \ - \ - apk add --no-cache \ - rsync \ - ; \ - \ - rm /var/spool/cron/crontabs/root; \ - echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data - -# install the PHP extensions we need -# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html -RUN set -ex; \ - \ - apk add --no-cache --virtual .build-deps \ - $PHPIZE_DEPS \ - autoconf \ - freetype-dev \ - icu-dev \ - libevent-dev \ - libjpeg-turbo-dev \ - libmcrypt-dev \ - libpng-dev \ - libmemcached-dev \ - libxml2-dev \ - libzip-dev \ - openldap-dev \ - pcre-dev \ - postgresql-dev \ - imagemagick-dev \ - libwebp-dev \ - gmp-dev \ - ; \ - \ - docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \ - docker-php-ext-configure ldap; \ - docker-php-ext-install -j "$(nproc)" \ - bcmath \ - exif \ - gd \ - intl \ - ldap \ - opcache \ - pcntl \ - pdo_mysql \ - pdo_pgsql \ - zip \ - gmp \ - ; \ - \ -# pecl will claim success even if one install fails, so we need to perform each install separately - pecl install APCu-5.1.20; \ - pecl install memcached-3.1.5; \ - pecl install redis-5.3.4; \ - pecl install imagick-3.5.1; \ - \ - docker-php-ext-enable \ - apcu \ - memcached \ - redis \ - imagick \ - ; \ - rm -r /tmp/pear; \ - \ - runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )"; \ - apk add --virtual .nextcloud-phpext-rundeps $runDeps; \ - apk del .build-deps - -# set recommended PHP.ini settings -# see https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/server_tuning.html#enable-php-opcache -ENV PHP_MEMORY_LIMIT 512M -ENV PHP_UPLOAD_LIMIT 512M -RUN { \ - echo 'opcache.enable=1'; \ - echo 'opcache.interned_strings_buffer=8'; \ - echo 'opcache.max_accelerated_files=10000'; \ - echo 'opcache.memory_consumption=128'; \ - echo 'opcache.save_comments=1'; \ - echo 'opcache.revalidate_freq=1'; \ - } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \ - \ - echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \ - \ - { \ - echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \ - echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \ - echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \ - } > /usr/local/etc/php/conf.d/nextcloud.ini; \ - \ - mkdir /var/www/data; \ - chown -R www-data:root /var/www; \ - chmod -R g=u /var/www - -VOLUME /var/www/html - - -ENV NEXTCLOUD_VERSION 19.0.11RC1 - -RUN set -ex; \ - apk add --no-cache --virtual .fetch-deps \ - bzip2 \ - gnupg \ - ; \ - \ - curl -fsSL -o nextcloud.tar.bz2 \ - "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc \ - "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ -# gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ - gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ - gpgconf --kill all; \ - rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \ - mkdir -p /usr/src/nextcloud/data; \ - mkdir -p /usr/src/nextcloud/custom_apps; \ - chmod +x /usr/src/nextcloud/occ; \ - apk del .fetch-deps - -COPY *.sh upgrade.exclude / -COPY config/* /usr/src/nextcloud/config/ - -ENTRYPOINT ["/entrypoint.sh"] -CMD ["php-fpm"] diff --git a/19.0-rc/fpm-alpine/config/apcu.config.php b/19.0-rc/fpm-alpine/config/apcu.config.php deleted file mode 100644 index 69fed876..00000000 --- a/19.0-rc/fpm-alpine/config/apcu.config.php +++ /dev/null @@ -1,4 +0,0 @@ - '\OC\Memcache\APCu', -); diff --git a/19.0-rc/fpm-alpine/config/apps.config.php b/19.0-rc/fpm-alpine/config/apps.config.php deleted file mode 100644 index 4c37f72a..00000000 --- a/19.0-rc/fpm-alpine/config/apps.config.php +++ /dev/null @@ -1,15 +0,0 @@ - array ( - 0 => array ( - 'path' => OC::$SERVERROOT.'/apps', - 'url' => '/apps', - 'writable' => false, - ), - 1 => array ( - 'path' => OC::$SERVERROOT.'/custom_apps', - 'url' => '/custom_apps', - 'writable' => true, - ), - ), -); diff --git a/19.0-rc/fpm-alpine/config/autoconfig.php b/19.0-rc/fpm-alpine/config/autoconfig.php deleted file mode 100644 index f01f18d6..00000000 --- a/19.0-rc/fpm-alpine/config/autoconfig.php +++ /dev/null @@ -1,27 +0,0 @@ - '\OC\Memcache\Redis', - 'memcache.locking' => '\OC\Memcache\Redis', - 'redis' => array( - 'host' => getenv('REDIS_HOST'), - 'password' => (string) getenv('REDIS_HOST_PASSWORD'), - ), - ); - - if (getenv('REDIS_HOST_PORT') !== false) { - $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT'); - } elseif (getenv('REDIS_HOST')[0] != '/') { - $CONFIG['redis']['port'] = 6379; - } -} diff --git a/19.0-rc/fpm-alpine/config/reverse-proxy.config.php b/19.0-rc/fpm-alpine/config/reverse-proxy.config.php deleted file mode 100644 index 667be312..00000000 --- a/19.0-rc/fpm-alpine/config/reverse-proxy.config.php +++ /dev/null @@ -1,25 +0,0 @@ - array( - 'class' => '\OC\Files\ObjectStore\S3', - 'arguments' => array( - 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), - 'key' => getenv('OBJECTSTORE_S3_KEY') ?: '', - 'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '', - 'region' => getenv('OBJECTSTORE_S3_REGION') ?: '', - 'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '', - 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', - 'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:", - 'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true, - 'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true, - // required for some non Amazon S3 implementations - 'use_path_style' => $use_path == true && strtolower($use_path) !== 'false', - // required for older protocol versions - 'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false' - ) - ) - ); -} diff --git a/19.0-rc/fpm-alpine/config/smtp.config.php b/19.0-rc/fpm-alpine/config/smtp.config.php deleted file mode 100644 index 62880e4b..00000000 --- a/19.0-rc/fpm-alpine/config/smtp.config.php +++ /dev/null @@ -1,22 +0,0 @@ - 'smtp', - 'mail_smtphost' => getenv('SMTP_HOST'), - 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), - 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'), - 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', - 'mail_smtpname' => getenv('SMTP_NAME') ?: '', - 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), - 'mail_domain' => getenv('MAIL_DOMAIN'), - ); - - if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) { - $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); - } elseif (getenv('SMTP_PASSWORD')) { - $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); - } else { - $CONFIG['mail_smtppassword'] = ''; - } -} diff --git a/19.0-rc/fpm-alpine/config/swift.config.php b/19.0-rc/fpm-alpine/config/swift.config.php deleted file mode 100644 index 47ada566..00000000 --- a/19.0-rc/fpm-alpine/config/swift.config.php +++ /dev/null @@ -1,31 +0,0 @@ - [ - 'class' => 'OC\\Files\\ObjectStore\\Swift', - 'arguments' => [ - 'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false', - 'user' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'), - 'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default', - ], - ], - 'scope' => [ - 'project' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default', - ], - ], - ], - 'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift', - 'region' => getenv('OBJECTSTORE_SWIFT_REGION'), - 'url' => getenv('OBJECTSTORE_SWIFT_URL'), - 'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'), - ] - ] - ); -} diff --git a/19.0-rc/fpm-alpine/cron.sh b/19.0-rc/fpm-alpine/cron.sh deleted file mode 100755 index 4dfa4118..00000000 --- a/19.0-rc/fpm-alpine/cron.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -set -eu - -exec busybox crond -f -l 0 -L /dev/stdout diff --git a/19.0-rc/fpm-alpine/entrypoint.sh b/19.0-rc/fpm-alpine/entrypoint.sh deleted file mode 100755 index b6da893b..00000000 --- a/19.0-rc/fpm-alpine/entrypoint.sh +++ /dev/null @@ -1,194 +0,0 @@ -#!/bin/sh -set -eu - -# version_greater A B returns whether A > B -version_greater() { - [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ] -} - -# return true if specified directory is empty -directory_empty() { - [ -z "$(ls -A "$1/")" ] -} - -run_as() { - if [ "$(id -u)" = 0 ]; then - su -p www-data -s /bin/sh -c "$1" - else - sh -c "$1" - fi -} - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") - local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") - if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - if [ -n "${varValue}" ]; then - export "$var"="${varValue}" - elif [ -n "${fileVarValue}" ]; then - export "$var"="$(cat "${fileVarValue}")" - elif [ -n "${def}" ]; then - export "$var"="$def" - fi - unset "$fileVar" -} - -if expr "$1" : "apache" 1>/dev/null; then - if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then - a2disconf remoteip - fi -fi - -if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then - if [ -n "${REDIS_HOST+x}" ]; then - - echo "Configuring Redis as session handler" - { - file_env REDIS_HOST_PASSWORD - echo 'session.save_handler = redis' - # check if redis host is an unix socket path - if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then - if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"unix://${REDIS_HOST}\"" - fi - # check if redis password has been set - elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" - fi - echo "redis.session.locking_enabled = 1" - echo "redis.session.lock_retries = -1" - # redis.session.lock_wait_time is specified in microseconds. - # Wait 10ms before retrying the lock rather than the default 2ms. - echo "redis.session.lock_wait_time = 10000" - } > /usr/local/etc/php/conf.d/redis-session.ini - fi - - installed_version="0.0.0.0" - if [ -f /var/www/html/version.php ]; then - # shellcheck disable=SC2016 - installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" - fi - # shellcheck disable=SC2016 - image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')" - - if version_greater "$installed_version" "$image_version"; then - echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?" - exit 1 - fi - - if version_greater "$image_version" "$installed_version"; then - echo "Initializing nextcloud $image_version ..." - if [ "$installed_version" != "0.0.0.0" ]; then - echo "Upgrading nextcloud from $installed_version ..." - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before - fi - if [ "$(id -u)" = 0 ]; then - rsync_options="-rlDog --chown www-data:root" - else - rsync_options="-rlD" - fi - rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ - - for dir in config data custom_apps themes; do - if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then - rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - fi - done - rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - echo "Initializing finished" - - #install - if [ "$installed_version" = "0.0.0.0" ]; then - echo "New nextcloud instance" - - file_env NEXTCLOUD_ADMIN_PASSWORD - file_env NEXTCLOUD_ADMIN_USER - - if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then - # shellcheck disable=SC2016 - install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' - if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then - # shellcheck disable=SC2016 - install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' - fi - - file_env MYSQL_DATABASE - file_env MYSQL_PASSWORD - file_env MYSQL_USER - file_env POSTGRES_DB - file_env POSTGRES_PASSWORD - file_env POSTGRES_USER - - install=false - if [ -n "${SQLITE_DATABASE+x}" ]; then - echo "Installing with SQLite database" - # shellcheck disable=SC2016 - install_options=$install_options' --database-name "$SQLITE_DATABASE"' - install=true - elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then - echo "Installing with MySQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"' - install=true - elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then - echo "Installing with PostgreSQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"' - install=true - fi - - if [ "$install" = true ]; then - echo "starting nextcloud installation" - max_retries=10 - try=0 - until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] - do - echo "retrying install..." - try=$((try+1)) - sleep 10s - done - if [ "$try" -gt "$max_retries" ]; then - echo "installing of nextcloud failed!" - exit 1 - fi - if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then - echo "setting trusted domains…" - NC_TRUSTED_DOMAIN_IDX=1 - for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do - DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" - NC_TRUSTED_DOMAIN_IDX=$(($NC_TRUSTED_DOMAIN_IDX+1)) - done - fi - else - echo "running web-based installer on first connect!" - fi - fi - #upgrade - else - run_as 'php /var/www/html/occ upgrade' - - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after - echo "The following apps have been disabled:" - diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 - rm -f /tmp/list_before /tmp/list_after - - fi - fi -fi - -exec "$@" diff --git a/19.0-rc/fpm-alpine/upgrade.exclude b/19.0-rc/fpm-alpine/upgrade.exclude deleted file mode 100644 index 354864da..00000000 --- a/19.0-rc/fpm-alpine/upgrade.exclude +++ /dev/null @@ -1,5 +0,0 @@ -/config/ -/data/ -/custom_apps/ -/themes/ -/version.php diff --git a/19.0-rc/fpm/Dockerfile b/19.0-rc/fpm/Dockerfile deleted file mode 100644 index 6afadba2..00000000 --- a/19.0-rc/fpm/Dockerfile +++ /dev/null @@ -1,149 +0,0 @@ -# DO NOT EDIT: created by update.sh from Dockerfile-debian.template -FROM php:7.4-fpm-buster - -# entrypoint.sh and cron.sh dependencies -RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - rsync \ - bzip2 \ - busybox-static \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - \ - mkdir -p /var/spool/cron/crontabs; \ - echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data - -# install the PHP extensions we need -# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html -ENV PHP_MEMORY_LIMIT 512M -ENV PHP_UPLOAD_LIMIT 512M -RUN set -ex; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libcurl4-openssl-dev \ - libevent-dev \ - libfreetype6-dev \ - libicu-dev \ - libjpeg-dev \ - libldap2-dev \ - libmcrypt-dev \ - libmemcached-dev \ - libpng-dev \ - libpq-dev \ - libxml2-dev \ - libmagickwand-dev \ - libzip-dev \ - libwebp-dev \ - libgmp-dev \ - ; \ - \ - debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ - docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \ - docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \ - docker-php-ext-install -j "$(nproc)" \ - bcmath \ - exif \ - gd \ - intl \ - ldap \ - opcache \ - pcntl \ - pdo_mysql \ - pdo_pgsql \ - zip \ - gmp \ - ; \ - \ -# pecl will claim success even if one install fails, so we need to perform each install separately - pecl install APCu-5.1.20; \ - pecl install memcached-3.1.5; \ - pecl install redis-5.3.4; \ - pecl install imagick-3.5.1; \ - \ - docker-php-ext-enable \ - apcu \ - memcached \ - redis \ - imagick \ - ; \ - rm -r /tmp/pear; \ - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies - apt-mark auto '.*' > /dev/null; \ - apt-mark manual $savedAptMark; \ - ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ - | awk '/=>/ { print $3 }' \ - | sort -u \ - | xargs -r dpkg-query -S \ - | cut -d: -f1 \ - | sort -u \ - | xargs -rt apt-mark manual; \ - \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - rm -rf /var/lib/apt/lists/* - -# set recommended PHP.ini settings -# see https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/server_tuning.html#enable-php-opcache -RUN { \ - echo 'opcache.enable=1'; \ - echo 'opcache.interned_strings_buffer=8'; \ - echo 'opcache.max_accelerated_files=10000'; \ - echo 'opcache.memory_consumption=128'; \ - echo 'opcache.save_comments=1'; \ - echo 'opcache.revalidate_freq=1'; \ - } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \ - \ - echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \ - \ - { \ - echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \ - echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \ - echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \ - } > /usr/local/etc/php/conf.d/nextcloud.ini; \ - \ - mkdir /var/www/data; \ - chown -R www-data:root /var/www; \ - chmod -R g=u /var/www - -VOLUME /var/www/html - - -ENV NEXTCLOUD_VERSION 19.0.11RC1 - -RUN set -ex; \ - fetchDeps=" \ - gnupg \ - dirmngr \ - "; \ - apt-get update; \ - apt-get install -y --no-install-recommends $fetchDeps; \ - \ - curl -fsSL -o nextcloud.tar.bz2 \ - "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc \ - "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ -# gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ - gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ - gpgconf --kill all; \ - rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \ - mkdir -p /usr/src/nextcloud/data; \ - mkdir -p /usr/src/nextcloud/custom_apps; \ - chmod +x /usr/src/nextcloud/occ; \ - \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \ - rm -rf /var/lib/apt/lists/* - -COPY *.sh upgrade.exclude / -COPY config/* /usr/src/nextcloud/config/ - -ENTRYPOINT ["/entrypoint.sh"] -CMD ["php-fpm"] diff --git a/19.0-rc/fpm/config/apcu.config.php b/19.0-rc/fpm/config/apcu.config.php deleted file mode 100644 index 69fed876..00000000 --- a/19.0-rc/fpm/config/apcu.config.php +++ /dev/null @@ -1,4 +0,0 @@ - '\OC\Memcache\APCu', -); diff --git a/19.0-rc/fpm/config/apps.config.php b/19.0-rc/fpm/config/apps.config.php deleted file mode 100644 index 4c37f72a..00000000 --- a/19.0-rc/fpm/config/apps.config.php +++ /dev/null @@ -1,15 +0,0 @@ - array ( - 0 => array ( - 'path' => OC::$SERVERROOT.'/apps', - 'url' => '/apps', - 'writable' => false, - ), - 1 => array ( - 'path' => OC::$SERVERROOT.'/custom_apps', - 'url' => '/custom_apps', - 'writable' => true, - ), - ), -); diff --git a/19.0-rc/fpm/config/autoconfig.php b/19.0-rc/fpm/config/autoconfig.php deleted file mode 100644 index f01f18d6..00000000 --- a/19.0-rc/fpm/config/autoconfig.php +++ /dev/null @@ -1,27 +0,0 @@ - '\OC\Memcache\Redis', - 'memcache.locking' => '\OC\Memcache\Redis', - 'redis' => array( - 'host' => getenv('REDIS_HOST'), - 'password' => (string) getenv('REDIS_HOST_PASSWORD'), - ), - ); - - if (getenv('REDIS_HOST_PORT') !== false) { - $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT'); - } elseif (getenv('REDIS_HOST')[0] != '/') { - $CONFIG['redis']['port'] = 6379; - } -} diff --git a/19.0-rc/fpm/config/reverse-proxy.config.php b/19.0-rc/fpm/config/reverse-proxy.config.php deleted file mode 100644 index 667be312..00000000 --- a/19.0-rc/fpm/config/reverse-proxy.config.php +++ /dev/null @@ -1,25 +0,0 @@ - array( - 'class' => '\OC\Files\ObjectStore\S3', - 'arguments' => array( - 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), - 'key' => getenv('OBJECTSTORE_S3_KEY') ?: '', - 'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '', - 'region' => getenv('OBJECTSTORE_S3_REGION') ?: '', - 'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '', - 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', - 'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:", - 'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true, - 'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true, - // required for some non Amazon S3 implementations - 'use_path_style' => $use_path == true && strtolower($use_path) !== 'false', - // required for older protocol versions - 'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false' - ) - ) - ); -} diff --git a/19.0-rc/fpm/config/smtp.config.php b/19.0-rc/fpm/config/smtp.config.php deleted file mode 100644 index 62880e4b..00000000 --- a/19.0-rc/fpm/config/smtp.config.php +++ /dev/null @@ -1,22 +0,0 @@ - 'smtp', - 'mail_smtphost' => getenv('SMTP_HOST'), - 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), - 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'), - 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', - 'mail_smtpname' => getenv('SMTP_NAME') ?: '', - 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), - 'mail_domain' => getenv('MAIL_DOMAIN'), - ); - - if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) { - $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); - } elseif (getenv('SMTP_PASSWORD')) { - $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); - } else { - $CONFIG['mail_smtppassword'] = ''; - } -} diff --git a/19.0-rc/fpm/config/swift.config.php b/19.0-rc/fpm/config/swift.config.php deleted file mode 100644 index 47ada566..00000000 --- a/19.0-rc/fpm/config/swift.config.php +++ /dev/null @@ -1,31 +0,0 @@ - [ - 'class' => 'OC\\Files\\ObjectStore\\Swift', - 'arguments' => [ - 'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false', - 'user' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'), - 'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default', - ], - ], - 'scope' => [ - 'project' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default', - ], - ], - ], - 'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift', - 'region' => getenv('OBJECTSTORE_SWIFT_REGION'), - 'url' => getenv('OBJECTSTORE_SWIFT_URL'), - 'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'), - ] - ] - ); -} diff --git a/19.0-rc/fpm/cron.sh b/19.0-rc/fpm/cron.sh deleted file mode 100755 index 4dfa4118..00000000 --- a/19.0-rc/fpm/cron.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -set -eu - -exec busybox crond -f -l 0 -L /dev/stdout diff --git a/19.0-rc/fpm/entrypoint.sh b/19.0-rc/fpm/entrypoint.sh deleted file mode 100755 index b6da893b..00000000 --- a/19.0-rc/fpm/entrypoint.sh +++ /dev/null @@ -1,194 +0,0 @@ -#!/bin/sh -set -eu - -# version_greater A B returns whether A > B -version_greater() { - [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ] -} - -# return true if specified directory is empty -directory_empty() { - [ -z "$(ls -A "$1/")" ] -} - -run_as() { - if [ "$(id -u)" = 0 ]; then - su -p www-data -s /bin/sh -c "$1" - else - sh -c "$1" - fi -} - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") - local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") - if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - if [ -n "${varValue}" ]; then - export "$var"="${varValue}" - elif [ -n "${fileVarValue}" ]; then - export "$var"="$(cat "${fileVarValue}")" - elif [ -n "${def}" ]; then - export "$var"="$def" - fi - unset "$fileVar" -} - -if expr "$1" : "apache" 1>/dev/null; then - if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then - a2disconf remoteip - fi -fi - -if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then - if [ -n "${REDIS_HOST+x}" ]; then - - echo "Configuring Redis as session handler" - { - file_env REDIS_HOST_PASSWORD - echo 'session.save_handler = redis' - # check if redis host is an unix socket path - if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then - if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"unix://${REDIS_HOST}\"" - fi - # check if redis password has been set - elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" - fi - echo "redis.session.locking_enabled = 1" - echo "redis.session.lock_retries = -1" - # redis.session.lock_wait_time is specified in microseconds. - # Wait 10ms before retrying the lock rather than the default 2ms. - echo "redis.session.lock_wait_time = 10000" - } > /usr/local/etc/php/conf.d/redis-session.ini - fi - - installed_version="0.0.0.0" - if [ -f /var/www/html/version.php ]; then - # shellcheck disable=SC2016 - installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" - fi - # shellcheck disable=SC2016 - image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')" - - if version_greater "$installed_version" "$image_version"; then - echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?" - exit 1 - fi - - if version_greater "$image_version" "$installed_version"; then - echo "Initializing nextcloud $image_version ..." - if [ "$installed_version" != "0.0.0.0" ]; then - echo "Upgrading nextcloud from $installed_version ..." - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before - fi - if [ "$(id -u)" = 0 ]; then - rsync_options="-rlDog --chown www-data:root" - else - rsync_options="-rlD" - fi - rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ - - for dir in config data custom_apps themes; do - if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then - rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - fi - done - rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - echo "Initializing finished" - - #install - if [ "$installed_version" = "0.0.0.0" ]; then - echo "New nextcloud instance" - - file_env NEXTCLOUD_ADMIN_PASSWORD - file_env NEXTCLOUD_ADMIN_USER - - if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then - # shellcheck disable=SC2016 - install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' - if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then - # shellcheck disable=SC2016 - install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' - fi - - file_env MYSQL_DATABASE - file_env MYSQL_PASSWORD - file_env MYSQL_USER - file_env POSTGRES_DB - file_env POSTGRES_PASSWORD - file_env POSTGRES_USER - - install=false - if [ -n "${SQLITE_DATABASE+x}" ]; then - echo "Installing with SQLite database" - # shellcheck disable=SC2016 - install_options=$install_options' --database-name "$SQLITE_DATABASE"' - install=true - elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then - echo "Installing with MySQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"' - install=true - elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then - echo "Installing with PostgreSQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"' - install=true - fi - - if [ "$install" = true ]; then - echo "starting nextcloud installation" - max_retries=10 - try=0 - until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] - do - echo "retrying install..." - try=$((try+1)) - sleep 10s - done - if [ "$try" -gt "$max_retries" ]; then - echo "installing of nextcloud failed!" - exit 1 - fi - if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then - echo "setting trusted domains…" - NC_TRUSTED_DOMAIN_IDX=1 - for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do - DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" - NC_TRUSTED_DOMAIN_IDX=$(($NC_TRUSTED_DOMAIN_IDX+1)) - done - fi - else - echo "running web-based installer on first connect!" - fi - fi - #upgrade - else - run_as 'php /var/www/html/occ upgrade' - - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after - echo "The following apps have been disabled:" - diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 - rm -f /tmp/list_before /tmp/list_after - - fi - fi -fi - -exec "$@" diff --git a/19.0-rc/fpm/upgrade.exclude b/19.0-rc/fpm/upgrade.exclude deleted file mode 100644 index 354864da..00000000 --- a/19.0-rc/fpm/upgrade.exclude +++ /dev/null @@ -1,5 +0,0 @@ -/config/ -/data/ -/custom_apps/ -/themes/ -/version.php diff --git a/19.0/apache/Dockerfile b/19.0/apache/Dockerfile deleted file mode 100644 index 6ecad6f0..00000000 --- a/19.0/apache/Dockerfile +++ /dev/null @@ -1,157 +0,0 @@ -# DO NOT EDIT: created by update.sh from Dockerfile-debian.template -FROM php:7.4-apache-buster - -# entrypoint.sh and cron.sh dependencies -RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - rsync \ - bzip2 \ - busybox-static \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - \ - mkdir -p /var/spool/cron/crontabs; \ - echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data - -# install the PHP extensions we need -# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html -ENV PHP_MEMORY_LIMIT 512M -ENV PHP_UPLOAD_LIMIT 512M -RUN set -ex; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libcurl4-openssl-dev \ - libevent-dev \ - libfreetype6-dev \ - libicu-dev \ - libjpeg-dev \ - libldap2-dev \ - libmcrypt-dev \ - libmemcached-dev \ - libpng-dev \ - libpq-dev \ - libxml2-dev \ - libmagickwand-dev \ - libzip-dev \ - libwebp-dev \ - libgmp-dev \ - ; \ - \ - debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ - docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \ - docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \ - docker-php-ext-install -j "$(nproc)" \ - bcmath \ - exif \ - gd \ - intl \ - ldap \ - opcache \ - pcntl \ - pdo_mysql \ - pdo_pgsql \ - zip \ - gmp \ - ; \ - \ -# pecl will claim success even if one install fails, so we need to perform each install separately - pecl install APCu-5.1.20; \ - pecl install memcached-3.1.5; \ - pecl install redis-5.3.4; \ - pecl install imagick-3.5.1; \ - \ - docker-php-ext-enable \ - apcu \ - memcached \ - redis \ - imagick \ - ; \ - rm -r /tmp/pear; \ - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies - apt-mark auto '.*' > /dev/null; \ - apt-mark manual $savedAptMark; \ - ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ - | awk '/=>/ { print $3 }' \ - | sort -u \ - | xargs -r dpkg-query -S \ - | cut -d: -f1 \ - | sort -u \ - | xargs -rt apt-mark manual; \ - \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - rm -rf /var/lib/apt/lists/* - -# set recommended PHP.ini settings -# see https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/server_tuning.html#enable-php-opcache -RUN { \ - echo 'opcache.enable=1'; \ - echo 'opcache.interned_strings_buffer=8'; \ - echo 'opcache.max_accelerated_files=10000'; \ - echo 'opcache.memory_consumption=128'; \ - echo 'opcache.save_comments=1'; \ - echo 'opcache.revalidate_freq=1'; \ - } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \ - \ - echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \ - \ - { \ - echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \ - echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \ - echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \ - } > /usr/local/etc/php/conf.d/nextcloud.ini; \ - \ - mkdir /var/www/data; \ - chown -R www-data:root /var/www; \ - chmod -R g=u /var/www - -VOLUME /var/www/html - -RUN a2enmod headers rewrite remoteip ;\ - {\ - echo RemoteIPHeader X-Real-IP ;\ - echo RemoteIPTrustedProxy 10.0.0.0/8 ;\ - echo RemoteIPTrustedProxy 172.16.0.0/12 ;\ - echo RemoteIPTrustedProxy 192.168.0.0/16 ;\ - } > /etc/apache2/conf-available/remoteip.conf;\ - a2enconf remoteip - -ENV NEXTCLOUD_VERSION 19.0.13 - -RUN set -ex; \ - fetchDeps=" \ - gnupg \ - dirmngr \ - "; \ - apt-get update; \ - apt-get install -y --no-install-recommends $fetchDeps; \ - \ - curl -fsSL -o nextcloud.tar.bz2 \ - "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc \ - "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ -# gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ - gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ - gpgconf --kill all; \ - rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \ - mkdir -p /usr/src/nextcloud/data; \ - mkdir -p /usr/src/nextcloud/custom_apps; \ - chmod +x /usr/src/nextcloud/occ; \ - \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \ - rm -rf /var/lib/apt/lists/* - -COPY *.sh upgrade.exclude / -COPY config/* /usr/src/nextcloud/config/ - -ENTRYPOINT ["/entrypoint.sh"] -CMD ["apache2-foreground"] diff --git a/19.0/apache/config/apache-pretty-urls.config.php b/19.0/apache/config/apache-pretty-urls.config.php deleted file mode 100644 index 72da1d8c..00000000 --- a/19.0/apache/config/apache-pretty-urls.config.php +++ /dev/null @@ -1,4 +0,0 @@ - '/', -); diff --git a/19.0/apache/config/apcu.config.php b/19.0/apache/config/apcu.config.php deleted file mode 100644 index 69fed876..00000000 --- a/19.0/apache/config/apcu.config.php +++ /dev/null @@ -1,4 +0,0 @@ - '\OC\Memcache\APCu', -); diff --git a/19.0/apache/config/apps.config.php b/19.0/apache/config/apps.config.php deleted file mode 100644 index 4c37f72a..00000000 --- a/19.0/apache/config/apps.config.php +++ /dev/null @@ -1,15 +0,0 @@ - array ( - 0 => array ( - 'path' => OC::$SERVERROOT.'/apps', - 'url' => '/apps', - 'writable' => false, - ), - 1 => array ( - 'path' => OC::$SERVERROOT.'/custom_apps', - 'url' => '/custom_apps', - 'writable' => true, - ), - ), -); diff --git a/19.0/apache/config/autoconfig.php b/19.0/apache/config/autoconfig.php deleted file mode 100644 index f01f18d6..00000000 --- a/19.0/apache/config/autoconfig.php +++ /dev/null @@ -1,27 +0,0 @@ - '\OC\Memcache\Redis', - 'memcache.locking' => '\OC\Memcache\Redis', - 'redis' => array( - 'host' => getenv('REDIS_HOST'), - 'password' => (string) getenv('REDIS_HOST_PASSWORD'), - ), - ); - - if (getenv('REDIS_HOST_PORT') !== false) { - $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT'); - } elseif (getenv('REDIS_HOST')[0] != '/') { - $CONFIG['redis']['port'] = 6379; - } -} diff --git a/19.0/apache/config/reverse-proxy.config.php b/19.0/apache/config/reverse-proxy.config.php deleted file mode 100644 index 667be312..00000000 --- a/19.0/apache/config/reverse-proxy.config.php +++ /dev/null @@ -1,25 +0,0 @@ - array( - 'class' => '\OC\Files\ObjectStore\S3', - 'arguments' => array( - 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), - 'key' => getenv('OBJECTSTORE_S3_KEY') ?: '', - 'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '', - 'region' => getenv('OBJECTSTORE_S3_REGION') ?: '', - 'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '', - 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', - 'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:", - 'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true, - 'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true, - // required for some non Amazon S3 implementations - 'use_path_style' => $use_path == true && strtolower($use_path) !== 'false', - // required for older protocol versions - 'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false' - ) - ) - ); -} diff --git a/19.0/apache/config/smtp.config.php b/19.0/apache/config/smtp.config.php deleted file mode 100644 index 62880e4b..00000000 --- a/19.0/apache/config/smtp.config.php +++ /dev/null @@ -1,22 +0,0 @@ - 'smtp', - 'mail_smtphost' => getenv('SMTP_HOST'), - 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), - 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'), - 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', - 'mail_smtpname' => getenv('SMTP_NAME') ?: '', - 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), - 'mail_domain' => getenv('MAIL_DOMAIN'), - ); - - if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) { - $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); - } elseif (getenv('SMTP_PASSWORD')) { - $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); - } else { - $CONFIG['mail_smtppassword'] = ''; - } -} diff --git a/19.0/apache/config/swift.config.php b/19.0/apache/config/swift.config.php deleted file mode 100644 index 47ada566..00000000 --- a/19.0/apache/config/swift.config.php +++ /dev/null @@ -1,31 +0,0 @@ - [ - 'class' => 'OC\\Files\\ObjectStore\\Swift', - 'arguments' => [ - 'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false', - 'user' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'), - 'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default', - ], - ], - 'scope' => [ - 'project' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default', - ], - ], - ], - 'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift', - 'region' => getenv('OBJECTSTORE_SWIFT_REGION'), - 'url' => getenv('OBJECTSTORE_SWIFT_URL'), - 'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'), - ] - ] - ); -} diff --git a/19.0/apache/cron.sh b/19.0/apache/cron.sh deleted file mode 100755 index 4dfa4118..00000000 --- a/19.0/apache/cron.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -set -eu - -exec busybox crond -f -l 0 -L /dev/stdout diff --git a/19.0/apache/entrypoint.sh b/19.0/apache/entrypoint.sh deleted file mode 100755 index b6da893b..00000000 --- a/19.0/apache/entrypoint.sh +++ /dev/null @@ -1,194 +0,0 @@ -#!/bin/sh -set -eu - -# version_greater A B returns whether A > B -version_greater() { - [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ] -} - -# return true if specified directory is empty -directory_empty() { - [ -z "$(ls -A "$1/")" ] -} - -run_as() { - if [ "$(id -u)" = 0 ]; then - su -p www-data -s /bin/sh -c "$1" - else - sh -c "$1" - fi -} - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") - local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") - if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - if [ -n "${varValue}" ]; then - export "$var"="${varValue}" - elif [ -n "${fileVarValue}" ]; then - export "$var"="$(cat "${fileVarValue}")" - elif [ -n "${def}" ]; then - export "$var"="$def" - fi - unset "$fileVar" -} - -if expr "$1" : "apache" 1>/dev/null; then - if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then - a2disconf remoteip - fi -fi - -if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then - if [ -n "${REDIS_HOST+x}" ]; then - - echo "Configuring Redis as session handler" - { - file_env REDIS_HOST_PASSWORD - echo 'session.save_handler = redis' - # check if redis host is an unix socket path - if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then - if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"unix://${REDIS_HOST}\"" - fi - # check if redis password has been set - elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" - fi - echo "redis.session.locking_enabled = 1" - echo "redis.session.lock_retries = -1" - # redis.session.lock_wait_time is specified in microseconds. - # Wait 10ms before retrying the lock rather than the default 2ms. - echo "redis.session.lock_wait_time = 10000" - } > /usr/local/etc/php/conf.d/redis-session.ini - fi - - installed_version="0.0.0.0" - if [ -f /var/www/html/version.php ]; then - # shellcheck disable=SC2016 - installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" - fi - # shellcheck disable=SC2016 - image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')" - - if version_greater "$installed_version" "$image_version"; then - echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?" - exit 1 - fi - - if version_greater "$image_version" "$installed_version"; then - echo "Initializing nextcloud $image_version ..." - if [ "$installed_version" != "0.0.0.0" ]; then - echo "Upgrading nextcloud from $installed_version ..." - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before - fi - if [ "$(id -u)" = 0 ]; then - rsync_options="-rlDog --chown www-data:root" - else - rsync_options="-rlD" - fi - rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ - - for dir in config data custom_apps themes; do - if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then - rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - fi - done - rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - echo "Initializing finished" - - #install - if [ "$installed_version" = "0.0.0.0" ]; then - echo "New nextcloud instance" - - file_env NEXTCLOUD_ADMIN_PASSWORD - file_env NEXTCLOUD_ADMIN_USER - - if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then - # shellcheck disable=SC2016 - install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' - if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then - # shellcheck disable=SC2016 - install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' - fi - - file_env MYSQL_DATABASE - file_env MYSQL_PASSWORD - file_env MYSQL_USER - file_env POSTGRES_DB - file_env POSTGRES_PASSWORD - file_env POSTGRES_USER - - install=false - if [ -n "${SQLITE_DATABASE+x}" ]; then - echo "Installing with SQLite database" - # shellcheck disable=SC2016 - install_options=$install_options' --database-name "$SQLITE_DATABASE"' - install=true - elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then - echo "Installing with MySQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"' - install=true - elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then - echo "Installing with PostgreSQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"' - install=true - fi - - if [ "$install" = true ]; then - echo "starting nextcloud installation" - max_retries=10 - try=0 - until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] - do - echo "retrying install..." - try=$((try+1)) - sleep 10s - done - if [ "$try" -gt "$max_retries" ]; then - echo "installing of nextcloud failed!" - exit 1 - fi - if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then - echo "setting trusted domains…" - NC_TRUSTED_DOMAIN_IDX=1 - for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do - DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" - NC_TRUSTED_DOMAIN_IDX=$(($NC_TRUSTED_DOMAIN_IDX+1)) - done - fi - else - echo "running web-based installer on first connect!" - fi - fi - #upgrade - else - run_as 'php /var/www/html/occ upgrade' - - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after - echo "The following apps have been disabled:" - diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 - rm -f /tmp/list_before /tmp/list_after - - fi - fi -fi - -exec "$@" diff --git a/19.0/apache/upgrade.exclude b/19.0/apache/upgrade.exclude deleted file mode 100644 index 354864da..00000000 --- a/19.0/apache/upgrade.exclude +++ /dev/null @@ -1,5 +0,0 @@ -/config/ -/data/ -/custom_apps/ -/themes/ -/version.php diff --git a/19.0/fpm-alpine/Dockerfile b/19.0/fpm-alpine/Dockerfile deleted file mode 100644 index 71111f4e..00000000 --- a/19.0/fpm-alpine/Dockerfile +++ /dev/null @@ -1,134 +0,0 @@ -# DO NOT EDIT: created by update.sh from Dockerfile-alpine.template -FROM php:7.4-fpm-alpine3.13 - -# entrypoint.sh and cron.sh dependencies -RUN set -ex; \ - \ - apk add --no-cache \ - rsync \ - ; \ - \ - rm /var/spool/cron/crontabs/root; \ - echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data - -# install the PHP extensions we need -# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html -RUN set -ex; \ - \ - apk add --no-cache --virtual .build-deps \ - $PHPIZE_DEPS \ - autoconf \ - freetype-dev \ - icu-dev \ - libevent-dev \ - libjpeg-turbo-dev \ - libmcrypt-dev \ - libpng-dev \ - libmemcached-dev \ - libxml2-dev \ - libzip-dev \ - openldap-dev \ - pcre-dev \ - postgresql-dev \ - imagemagick-dev \ - libwebp-dev \ - gmp-dev \ - ; \ - \ - docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \ - docker-php-ext-configure ldap; \ - docker-php-ext-install -j "$(nproc)" \ - bcmath \ - exif \ - gd \ - intl \ - ldap \ - opcache \ - pcntl \ - pdo_mysql \ - pdo_pgsql \ - zip \ - gmp \ - ; \ - \ -# pecl will claim success even if one install fails, so we need to perform each install separately - pecl install APCu-5.1.20; \ - pecl install memcached-3.1.5; \ - pecl install redis-5.3.4; \ - pecl install imagick-3.5.1; \ - \ - docker-php-ext-enable \ - apcu \ - memcached \ - redis \ - imagick \ - ; \ - rm -r /tmp/pear; \ - \ - runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )"; \ - apk add --virtual .nextcloud-phpext-rundeps $runDeps; \ - apk del .build-deps - -# set recommended PHP.ini settings -# see https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/server_tuning.html#enable-php-opcache -ENV PHP_MEMORY_LIMIT 512M -ENV PHP_UPLOAD_LIMIT 512M -RUN { \ - echo 'opcache.enable=1'; \ - echo 'opcache.interned_strings_buffer=8'; \ - echo 'opcache.max_accelerated_files=10000'; \ - echo 'opcache.memory_consumption=128'; \ - echo 'opcache.save_comments=1'; \ - echo 'opcache.revalidate_freq=1'; \ - } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \ - \ - echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \ - \ - { \ - echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \ - echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \ - echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \ - } > /usr/local/etc/php/conf.d/nextcloud.ini; \ - \ - mkdir /var/www/data; \ - chown -R www-data:root /var/www; \ - chmod -R g=u /var/www - -VOLUME /var/www/html - - -ENV NEXTCLOUD_VERSION 19.0.13 - -RUN set -ex; \ - apk add --no-cache --virtual .fetch-deps \ - bzip2 \ - gnupg \ - ; \ - \ - curl -fsSL -o nextcloud.tar.bz2 \ - "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc \ - "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ -# gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ - gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ - gpgconf --kill all; \ - rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \ - mkdir -p /usr/src/nextcloud/data; \ - mkdir -p /usr/src/nextcloud/custom_apps; \ - chmod +x /usr/src/nextcloud/occ; \ - apk del .fetch-deps - -COPY *.sh upgrade.exclude / -COPY config/* /usr/src/nextcloud/config/ - -ENTRYPOINT ["/entrypoint.sh"] -CMD ["php-fpm"] diff --git a/19.0/fpm-alpine/config/apcu.config.php b/19.0/fpm-alpine/config/apcu.config.php deleted file mode 100644 index 69fed876..00000000 --- a/19.0/fpm-alpine/config/apcu.config.php +++ /dev/null @@ -1,4 +0,0 @@ - '\OC\Memcache\APCu', -); diff --git a/19.0/fpm-alpine/config/apps.config.php b/19.0/fpm-alpine/config/apps.config.php deleted file mode 100644 index 4c37f72a..00000000 --- a/19.0/fpm-alpine/config/apps.config.php +++ /dev/null @@ -1,15 +0,0 @@ - array ( - 0 => array ( - 'path' => OC::$SERVERROOT.'/apps', - 'url' => '/apps', - 'writable' => false, - ), - 1 => array ( - 'path' => OC::$SERVERROOT.'/custom_apps', - 'url' => '/custom_apps', - 'writable' => true, - ), - ), -); diff --git a/19.0/fpm-alpine/config/autoconfig.php b/19.0/fpm-alpine/config/autoconfig.php deleted file mode 100644 index f01f18d6..00000000 --- a/19.0/fpm-alpine/config/autoconfig.php +++ /dev/null @@ -1,27 +0,0 @@ - '\OC\Memcache\Redis', - 'memcache.locking' => '\OC\Memcache\Redis', - 'redis' => array( - 'host' => getenv('REDIS_HOST'), - 'password' => (string) getenv('REDIS_HOST_PASSWORD'), - ), - ); - - if (getenv('REDIS_HOST_PORT') !== false) { - $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT'); - } elseif (getenv('REDIS_HOST')[0] != '/') { - $CONFIG['redis']['port'] = 6379; - } -} diff --git a/19.0/fpm-alpine/config/reverse-proxy.config.php b/19.0/fpm-alpine/config/reverse-proxy.config.php deleted file mode 100644 index 667be312..00000000 --- a/19.0/fpm-alpine/config/reverse-proxy.config.php +++ /dev/null @@ -1,25 +0,0 @@ - array( - 'class' => '\OC\Files\ObjectStore\S3', - 'arguments' => array( - 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), - 'key' => getenv('OBJECTSTORE_S3_KEY') ?: '', - 'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '', - 'region' => getenv('OBJECTSTORE_S3_REGION') ?: '', - 'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '', - 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', - 'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:", - 'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true, - 'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true, - // required for some non Amazon S3 implementations - 'use_path_style' => $use_path == true && strtolower($use_path) !== 'false', - // required for older protocol versions - 'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false' - ) - ) - ); -} diff --git a/19.0/fpm-alpine/config/smtp.config.php b/19.0/fpm-alpine/config/smtp.config.php deleted file mode 100644 index 62880e4b..00000000 --- a/19.0/fpm-alpine/config/smtp.config.php +++ /dev/null @@ -1,22 +0,0 @@ - 'smtp', - 'mail_smtphost' => getenv('SMTP_HOST'), - 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), - 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'), - 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', - 'mail_smtpname' => getenv('SMTP_NAME') ?: '', - 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), - 'mail_domain' => getenv('MAIL_DOMAIN'), - ); - - if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) { - $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); - } elseif (getenv('SMTP_PASSWORD')) { - $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); - } else { - $CONFIG['mail_smtppassword'] = ''; - } -} diff --git a/19.0/fpm-alpine/config/swift.config.php b/19.0/fpm-alpine/config/swift.config.php deleted file mode 100644 index 47ada566..00000000 --- a/19.0/fpm-alpine/config/swift.config.php +++ /dev/null @@ -1,31 +0,0 @@ - [ - 'class' => 'OC\\Files\\ObjectStore\\Swift', - 'arguments' => [ - 'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false', - 'user' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'), - 'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default', - ], - ], - 'scope' => [ - 'project' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default', - ], - ], - ], - 'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift', - 'region' => getenv('OBJECTSTORE_SWIFT_REGION'), - 'url' => getenv('OBJECTSTORE_SWIFT_URL'), - 'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'), - ] - ] - ); -} diff --git a/19.0/fpm-alpine/cron.sh b/19.0/fpm-alpine/cron.sh deleted file mode 100755 index 4dfa4118..00000000 --- a/19.0/fpm-alpine/cron.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -set -eu - -exec busybox crond -f -l 0 -L /dev/stdout diff --git a/19.0/fpm-alpine/entrypoint.sh b/19.0/fpm-alpine/entrypoint.sh deleted file mode 100755 index b6da893b..00000000 --- a/19.0/fpm-alpine/entrypoint.sh +++ /dev/null @@ -1,194 +0,0 @@ -#!/bin/sh -set -eu - -# version_greater A B returns whether A > B -version_greater() { - [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ] -} - -# return true if specified directory is empty -directory_empty() { - [ -z "$(ls -A "$1/")" ] -} - -run_as() { - if [ "$(id -u)" = 0 ]; then - su -p www-data -s /bin/sh -c "$1" - else - sh -c "$1" - fi -} - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") - local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") - if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - if [ -n "${varValue}" ]; then - export "$var"="${varValue}" - elif [ -n "${fileVarValue}" ]; then - export "$var"="$(cat "${fileVarValue}")" - elif [ -n "${def}" ]; then - export "$var"="$def" - fi - unset "$fileVar" -} - -if expr "$1" : "apache" 1>/dev/null; then - if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then - a2disconf remoteip - fi -fi - -if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then - if [ -n "${REDIS_HOST+x}" ]; then - - echo "Configuring Redis as session handler" - { - file_env REDIS_HOST_PASSWORD - echo 'session.save_handler = redis' - # check if redis host is an unix socket path - if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then - if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"unix://${REDIS_HOST}\"" - fi - # check if redis password has been set - elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" - fi - echo "redis.session.locking_enabled = 1" - echo "redis.session.lock_retries = -1" - # redis.session.lock_wait_time is specified in microseconds. - # Wait 10ms before retrying the lock rather than the default 2ms. - echo "redis.session.lock_wait_time = 10000" - } > /usr/local/etc/php/conf.d/redis-session.ini - fi - - installed_version="0.0.0.0" - if [ -f /var/www/html/version.php ]; then - # shellcheck disable=SC2016 - installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" - fi - # shellcheck disable=SC2016 - image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')" - - if version_greater "$installed_version" "$image_version"; then - echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?" - exit 1 - fi - - if version_greater "$image_version" "$installed_version"; then - echo "Initializing nextcloud $image_version ..." - if [ "$installed_version" != "0.0.0.0" ]; then - echo "Upgrading nextcloud from $installed_version ..." - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before - fi - if [ "$(id -u)" = 0 ]; then - rsync_options="-rlDog --chown www-data:root" - else - rsync_options="-rlD" - fi - rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ - - for dir in config data custom_apps themes; do - if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then - rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - fi - done - rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - echo "Initializing finished" - - #install - if [ "$installed_version" = "0.0.0.0" ]; then - echo "New nextcloud instance" - - file_env NEXTCLOUD_ADMIN_PASSWORD - file_env NEXTCLOUD_ADMIN_USER - - if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then - # shellcheck disable=SC2016 - install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' - if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then - # shellcheck disable=SC2016 - install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' - fi - - file_env MYSQL_DATABASE - file_env MYSQL_PASSWORD - file_env MYSQL_USER - file_env POSTGRES_DB - file_env POSTGRES_PASSWORD - file_env POSTGRES_USER - - install=false - if [ -n "${SQLITE_DATABASE+x}" ]; then - echo "Installing with SQLite database" - # shellcheck disable=SC2016 - install_options=$install_options' --database-name "$SQLITE_DATABASE"' - install=true - elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then - echo "Installing with MySQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"' - install=true - elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then - echo "Installing with PostgreSQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"' - install=true - fi - - if [ "$install" = true ]; then - echo "starting nextcloud installation" - max_retries=10 - try=0 - until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] - do - echo "retrying install..." - try=$((try+1)) - sleep 10s - done - if [ "$try" -gt "$max_retries" ]; then - echo "installing of nextcloud failed!" - exit 1 - fi - if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then - echo "setting trusted domains…" - NC_TRUSTED_DOMAIN_IDX=1 - for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do - DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" - NC_TRUSTED_DOMAIN_IDX=$(($NC_TRUSTED_DOMAIN_IDX+1)) - done - fi - else - echo "running web-based installer on first connect!" - fi - fi - #upgrade - else - run_as 'php /var/www/html/occ upgrade' - - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after - echo "The following apps have been disabled:" - diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 - rm -f /tmp/list_before /tmp/list_after - - fi - fi -fi - -exec "$@" diff --git a/19.0/fpm-alpine/upgrade.exclude b/19.0/fpm-alpine/upgrade.exclude deleted file mode 100644 index 354864da..00000000 --- a/19.0/fpm-alpine/upgrade.exclude +++ /dev/null @@ -1,5 +0,0 @@ -/config/ -/data/ -/custom_apps/ -/themes/ -/version.php diff --git a/19.0/fpm/Dockerfile b/19.0/fpm/Dockerfile deleted file mode 100644 index 861f1671..00000000 --- a/19.0/fpm/Dockerfile +++ /dev/null @@ -1,149 +0,0 @@ -# DO NOT EDIT: created by update.sh from Dockerfile-debian.template -FROM php:7.4-fpm-buster - -# entrypoint.sh and cron.sh dependencies -RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - rsync \ - bzip2 \ - busybox-static \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - \ - mkdir -p /var/spool/cron/crontabs; \ - echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data - -# install the PHP extensions we need -# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html -ENV PHP_MEMORY_LIMIT 512M -ENV PHP_UPLOAD_LIMIT 512M -RUN set -ex; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libcurl4-openssl-dev \ - libevent-dev \ - libfreetype6-dev \ - libicu-dev \ - libjpeg-dev \ - libldap2-dev \ - libmcrypt-dev \ - libmemcached-dev \ - libpng-dev \ - libpq-dev \ - libxml2-dev \ - libmagickwand-dev \ - libzip-dev \ - libwebp-dev \ - libgmp-dev \ - ; \ - \ - debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ - docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \ - docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \ - docker-php-ext-install -j "$(nproc)" \ - bcmath \ - exif \ - gd \ - intl \ - ldap \ - opcache \ - pcntl \ - pdo_mysql \ - pdo_pgsql \ - zip \ - gmp \ - ; \ - \ -# pecl will claim success even if one install fails, so we need to perform each install separately - pecl install APCu-5.1.20; \ - pecl install memcached-3.1.5; \ - pecl install redis-5.3.4; \ - pecl install imagick-3.5.1; \ - \ - docker-php-ext-enable \ - apcu \ - memcached \ - redis \ - imagick \ - ; \ - rm -r /tmp/pear; \ - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies - apt-mark auto '.*' > /dev/null; \ - apt-mark manual $savedAptMark; \ - ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ - | awk '/=>/ { print $3 }' \ - | sort -u \ - | xargs -r dpkg-query -S \ - | cut -d: -f1 \ - | sort -u \ - | xargs -rt apt-mark manual; \ - \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - rm -rf /var/lib/apt/lists/* - -# set recommended PHP.ini settings -# see https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/server_tuning.html#enable-php-opcache -RUN { \ - echo 'opcache.enable=1'; \ - echo 'opcache.interned_strings_buffer=8'; \ - echo 'opcache.max_accelerated_files=10000'; \ - echo 'opcache.memory_consumption=128'; \ - echo 'opcache.save_comments=1'; \ - echo 'opcache.revalidate_freq=1'; \ - } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \ - \ - echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \ - \ - { \ - echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \ - echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \ - echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \ - } > /usr/local/etc/php/conf.d/nextcloud.ini; \ - \ - mkdir /var/www/data; \ - chown -R www-data:root /var/www; \ - chmod -R g=u /var/www - -VOLUME /var/www/html - - -ENV NEXTCLOUD_VERSION 19.0.13 - -RUN set -ex; \ - fetchDeps=" \ - gnupg \ - dirmngr \ - "; \ - apt-get update; \ - apt-get install -y --no-install-recommends $fetchDeps; \ - \ - curl -fsSL -o nextcloud.tar.bz2 \ - "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc \ - "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ -# gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ - gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ - gpgconf --kill all; \ - rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \ - mkdir -p /usr/src/nextcloud/data; \ - mkdir -p /usr/src/nextcloud/custom_apps; \ - chmod +x /usr/src/nextcloud/occ; \ - \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \ - rm -rf /var/lib/apt/lists/* - -COPY *.sh upgrade.exclude / -COPY config/* /usr/src/nextcloud/config/ - -ENTRYPOINT ["/entrypoint.sh"] -CMD ["php-fpm"] diff --git a/19.0/fpm/config/apcu.config.php b/19.0/fpm/config/apcu.config.php deleted file mode 100644 index 69fed876..00000000 --- a/19.0/fpm/config/apcu.config.php +++ /dev/null @@ -1,4 +0,0 @@ - '\OC\Memcache\APCu', -); diff --git a/19.0/fpm/config/apps.config.php b/19.0/fpm/config/apps.config.php deleted file mode 100644 index 4c37f72a..00000000 --- a/19.0/fpm/config/apps.config.php +++ /dev/null @@ -1,15 +0,0 @@ - array ( - 0 => array ( - 'path' => OC::$SERVERROOT.'/apps', - 'url' => '/apps', - 'writable' => false, - ), - 1 => array ( - 'path' => OC::$SERVERROOT.'/custom_apps', - 'url' => '/custom_apps', - 'writable' => true, - ), - ), -); diff --git a/19.0/fpm/config/autoconfig.php b/19.0/fpm/config/autoconfig.php deleted file mode 100644 index f01f18d6..00000000 --- a/19.0/fpm/config/autoconfig.php +++ /dev/null @@ -1,27 +0,0 @@ - '\OC\Memcache\Redis', - 'memcache.locking' => '\OC\Memcache\Redis', - 'redis' => array( - 'host' => getenv('REDIS_HOST'), - 'password' => (string) getenv('REDIS_HOST_PASSWORD'), - ), - ); - - if (getenv('REDIS_HOST_PORT') !== false) { - $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT'); - } elseif (getenv('REDIS_HOST')[0] != '/') { - $CONFIG['redis']['port'] = 6379; - } -} diff --git a/19.0/fpm/config/reverse-proxy.config.php b/19.0/fpm/config/reverse-proxy.config.php deleted file mode 100644 index 667be312..00000000 --- a/19.0/fpm/config/reverse-proxy.config.php +++ /dev/null @@ -1,25 +0,0 @@ - array( - 'class' => '\OC\Files\ObjectStore\S3', - 'arguments' => array( - 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), - 'key' => getenv('OBJECTSTORE_S3_KEY') ?: '', - 'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '', - 'region' => getenv('OBJECTSTORE_S3_REGION') ?: '', - 'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '', - 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', - 'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:", - 'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true, - 'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true, - // required for some non Amazon S3 implementations - 'use_path_style' => $use_path == true && strtolower($use_path) !== 'false', - // required for older protocol versions - 'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false' - ) - ) - ); -} diff --git a/19.0/fpm/config/smtp.config.php b/19.0/fpm/config/smtp.config.php deleted file mode 100644 index 62880e4b..00000000 --- a/19.0/fpm/config/smtp.config.php +++ /dev/null @@ -1,22 +0,0 @@ - 'smtp', - 'mail_smtphost' => getenv('SMTP_HOST'), - 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), - 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'), - 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', - 'mail_smtpname' => getenv('SMTP_NAME') ?: '', - 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), - 'mail_domain' => getenv('MAIL_DOMAIN'), - ); - - if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) { - $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); - } elseif (getenv('SMTP_PASSWORD')) { - $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); - } else { - $CONFIG['mail_smtppassword'] = ''; - } -} diff --git a/19.0/fpm/config/swift.config.php b/19.0/fpm/config/swift.config.php deleted file mode 100644 index 47ada566..00000000 --- a/19.0/fpm/config/swift.config.php +++ /dev/null @@ -1,31 +0,0 @@ - [ - 'class' => 'OC\\Files\\ObjectStore\\Swift', - 'arguments' => [ - 'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false', - 'user' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'), - 'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default', - ], - ], - 'scope' => [ - 'project' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default', - ], - ], - ], - 'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift', - 'region' => getenv('OBJECTSTORE_SWIFT_REGION'), - 'url' => getenv('OBJECTSTORE_SWIFT_URL'), - 'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'), - ] - ] - ); -} diff --git a/19.0/fpm/cron.sh b/19.0/fpm/cron.sh deleted file mode 100755 index 4dfa4118..00000000 --- a/19.0/fpm/cron.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -set -eu - -exec busybox crond -f -l 0 -L /dev/stdout diff --git a/19.0/fpm/entrypoint.sh b/19.0/fpm/entrypoint.sh deleted file mode 100755 index b6da893b..00000000 --- a/19.0/fpm/entrypoint.sh +++ /dev/null @@ -1,194 +0,0 @@ -#!/bin/sh -set -eu - -# version_greater A B returns whether A > B -version_greater() { - [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ] -} - -# return true if specified directory is empty -directory_empty() { - [ -z "$(ls -A "$1/")" ] -} - -run_as() { - if [ "$(id -u)" = 0 ]; then - su -p www-data -s /bin/sh -c "$1" - else - sh -c "$1" - fi -} - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") - local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") - if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - if [ -n "${varValue}" ]; then - export "$var"="${varValue}" - elif [ -n "${fileVarValue}" ]; then - export "$var"="$(cat "${fileVarValue}")" - elif [ -n "${def}" ]; then - export "$var"="$def" - fi - unset "$fileVar" -} - -if expr "$1" : "apache" 1>/dev/null; then - if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then - a2disconf remoteip - fi -fi - -if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then - if [ -n "${REDIS_HOST+x}" ]; then - - echo "Configuring Redis as session handler" - { - file_env REDIS_HOST_PASSWORD - echo 'session.save_handler = redis' - # check if redis host is an unix socket path - if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then - if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"unix://${REDIS_HOST}\"" - fi - # check if redis password has been set - elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" - fi - echo "redis.session.locking_enabled = 1" - echo "redis.session.lock_retries = -1" - # redis.session.lock_wait_time is specified in microseconds. - # Wait 10ms before retrying the lock rather than the default 2ms. - echo "redis.session.lock_wait_time = 10000" - } > /usr/local/etc/php/conf.d/redis-session.ini - fi - - installed_version="0.0.0.0" - if [ -f /var/www/html/version.php ]; then - # shellcheck disable=SC2016 - installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" - fi - # shellcheck disable=SC2016 - image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')" - - if version_greater "$installed_version" "$image_version"; then - echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?" - exit 1 - fi - - if version_greater "$image_version" "$installed_version"; then - echo "Initializing nextcloud $image_version ..." - if [ "$installed_version" != "0.0.0.0" ]; then - echo "Upgrading nextcloud from $installed_version ..." - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before - fi - if [ "$(id -u)" = 0 ]; then - rsync_options="-rlDog --chown www-data:root" - else - rsync_options="-rlD" - fi - rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ - - for dir in config data custom_apps themes; do - if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then - rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - fi - done - rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - echo "Initializing finished" - - #install - if [ "$installed_version" = "0.0.0.0" ]; then - echo "New nextcloud instance" - - file_env NEXTCLOUD_ADMIN_PASSWORD - file_env NEXTCLOUD_ADMIN_USER - - if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then - # shellcheck disable=SC2016 - install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' - if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then - # shellcheck disable=SC2016 - install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' - fi - - file_env MYSQL_DATABASE - file_env MYSQL_PASSWORD - file_env MYSQL_USER - file_env POSTGRES_DB - file_env POSTGRES_PASSWORD - file_env POSTGRES_USER - - install=false - if [ -n "${SQLITE_DATABASE+x}" ]; then - echo "Installing with SQLite database" - # shellcheck disable=SC2016 - install_options=$install_options' --database-name "$SQLITE_DATABASE"' - install=true - elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then - echo "Installing with MySQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"' - install=true - elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then - echo "Installing with PostgreSQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"' - install=true - fi - - if [ "$install" = true ]; then - echo "starting nextcloud installation" - max_retries=10 - try=0 - until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] - do - echo "retrying install..." - try=$((try+1)) - sleep 10s - done - if [ "$try" -gt "$max_retries" ]; then - echo "installing of nextcloud failed!" - exit 1 - fi - if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then - echo "setting trusted domains…" - NC_TRUSTED_DOMAIN_IDX=1 - for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do - DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" - NC_TRUSTED_DOMAIN_IDX=$(($NC_TRUSTED_DOMAIN_IDX+1)) - done - fi - else - echo "running web-based installer on first connect!" - fi - fi - #upgrade - else - run_as 'php /var/www/html/occ upgrade' - - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after - echo "The following apps have been disabled:" - diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 - rm -f /tmp/list_before /tmp/list_after - - fi - fi -fi - -exec "$@" diff --git a/19.0/fpm/upgrade.exclude b/19.0/fpm/upgrade.exclude deleted file mode 100644 index 354864da..00000000 --- a/19.0/fpm/upgrade.exclude +++ /dev/null @@ -1,5 +0,0 @@ -/config/ -/data/ -/custom_apps/ -/themes/ -/version.php diff --git a/20.0/apache/Dockerfile b/20.0/apache/Dockerfile index 9a926970..a7309bcb 100644 --- a/20.0/apache/Dockerfile +++ b/20.0/apache/Dockerfile @@ -137,7 +137,7 @@ RUN set -ex; \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ gpgconf --kill all; \ diff --git a/20.0/fpm-alpine/Dockerfile b/20.0/fpm-alpine/Dockerfile index c5d09dd6..9aa43a3a 100644 --- a/20.0/fpm-alpine/Dockerfile +++ b/20.0/fpm-alpine/Dockerfile @@ -1,5 +1,5 @@ # DO NOT EDIT: created by update.sh from Dockerfile-alpine.template -FROM php:7.4-fpm-alpine3.13 +FROM php:7.4-fpm-alpine3.14 # entrypoint.sh and cron.sh dependencies RUN set -ex; \ @@ -116,7 +116,7 @@ RUN set -ex; \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ gpgconf --kill all; \ diff --git a/20.0/fpm/Dockerfile b/20.0/fpm/Dockerfile index 29f5c60b..18f4d104 100644 --- a/20.0/fpm/Dockerfile +++ b/20.0/fpm/Dockerfile @@ -129,7 +129,7 @@ RUN set -ex; \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ gpgconf --kill all; \ diff --git a/21.0/apache/Dockerfile b/21.0/apache/Dockerfile index 096fc16b..1b95a920 100644 --- a/21.0/apache/Dockerfile +++ b/21.0/apache/Dockerfile @@ -137,7 +137,7 @@ RUN set -ex; \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ gpgconf --kill all; \ diff --git a/21.0/fpm-alpine/Dockerfile b/21.0/fpm-alpine/Dockerfile index b9f4e92e..4234a678 100644 --- a/21.0/fpm-alpine/Dockerfile +++ b/21.0/fpm-alpine/Dockerfile @@ -1,5 +1,5 @@ # DO NOT EDIT: created by update.sh from Dockerfile-alpine.template -FROM php:7.4-fpm-alpine3.13 +FROM php:7.4-fpm-alpine3.14 # entrypoint.sh and cron.sh dependencies RUN set -ex; \ @@ -116,7 +116,7 @@ RUN set -ex; \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ gpgconf --kill all; \ diff --git a/21.0/fpm/Dockerfile b/21.0/fpm/Dockerfile index 44b47059..c8e25cd4 100644 --- a/21.0/fpm/Dockerfile +++ b/21.0/fpm/Dockerfile @@ -129,7 +129,7 @@ RUN set -ex; \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ gpgconf --kill all; \ diff --git a/22.0-beta/apache/Dockerfile b/22.0-beta/apache/Dockerfile deleted file mode 100644 index 686f0950..00000000 --- a/22.0-beta/apache/Dockerfile +++ /dev/null @@ -1,157 +0,0 @@ -# DO NOT EDIT: created by update.sh from Dockerfile-debian.template -FROM php:7.4-apache-buster - -# entrypoint.sh and cron.sh dependencies -RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - rsync \ - bzip2 \ - busybox-static \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - \ - mkdir -p /var/spool/cron/crontabs; \ - echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data - -# install the PHP extensions we need -# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html -ENV PHP_MEMORY_LIMIT 512M -ENV PHP_UPLOAD_LIMIT 512M -RUN set -ex; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libcurl4-openssl-dev \ - libevent-dev \ - libfreetype6-dev \ - libicu-dev \ - libjpeg-dev \ - libldap2-dev \ - libmcrypt-dev \ - libmemcached-dev \ - libpng-dev \ - libpq-dev \ - libxml2-dev \ - libmagickwand-dev \ - libzip-dev \ - libwebp-dev \ - libgmp-dev \ - ; \ - \ - debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ - docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \ - docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \ - docker-php-ext-install -j "$(nproc)" \ - bcmath \ - exif \ - gd \ - intl \ - ldap \ - opcache \ - pcntl \ - pdo_mysql \ - pdo_pgsql \ - zip \ - gmp \ - ; \ - \ -# pecl will claim success even if one install fails, so we need to perform each install separately - pecl install APCu-5.1.20; \ - pecl install memcached-3.1.5; \ - pecl install redis-5.3.4; \ - pecl install imagick-3.5.1; \ - \ - docker-php-ext-enable \ - apcu \ - memcached \ - redis \ - imagick \ - ; \ - rm -r /tmp/pear; \ - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies - apt-mark auto '.*' > /dev/null; \ - apt-mark manual $savedAptMark; \ - ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ - | awk '/=>/ { print $3 }' \ - | sort -u \ - | xargs -r dpkg-query -S \ - | cut -d: -f1 \ - | sort -u \ - | xargs -rt apt-mark manual; \ - \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - rm -rf /var/lib/apt/lists/* - -# set recommended PHP.ini settings -# see https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/server_tuning.html#enable-php-opcache -RUN { \ - echo 'opcache.enable=1'; \ - echo 'opcache.interned_strings_buffer=8'; \ - echo 'opcache.max_accelerated_files=10000'; \ - echo 'opcache.memory_consumption=128'; \ - echo 'opcache.save_comments=1'; \ - echo 'opcache.revalidate_freq=1'; \ - } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \ - \ - echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \ - \ - { \ - echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \ - echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \ - echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \ - } > /usr/local/etc/php/conf.d/nextcloud.ini; \ - \ - mkdir /var/www/data; \ - chown -R www-data:root /var/www; \ - chmod -R g=u /var/www - -VOLUME /var/www/html - -RUN a2enmod headers rewrite remoteip ;\ - {\ - echo RemoteIPHeader X-Real-IP ;\ - echo RemoteIPTrustedProxy 10.0.0.0/8 ;\ - echo RemoteIPTrustedProxy 172.16.0.0/12 ;\ - echo RemoteIPTrustedProxy 192.168.0.0/16 ;\ - } > /etc/apache2/conf-available/remoteip.conf;\ - a2enconf remoteip - -ENV NEXTCLOUD_VERSION 22.0.0beta5 - -RUN set -ex; \ - fetchDeps=" \ - gnupg \ - dirmngr \ - "; \ - apt-get update; \ - apt-get install -y --no-install-recommends $fetchDeps; \ - \ - curl -fsSL -o nextcloud.tar.bz2 \ - "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc \ - "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ -# gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ - gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ - gpgconf --kill all; \ - rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \ - mkdir -p /usr/src/nextcloud/data; \ - mkdir -p /usr/src/nextcloud/custom_apps; \ - chmod +x /usr/src/nextcloud/occ; \ - \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \ - rm -rf /var/lib/apt/lists/* - -COPY *.sh upgrade.exclude / -COPY config/* /usr/src/nextcloud/config/ - -ENTRYPOINT ["/entrypoint.sh"] -CMD ["apache2-foreground"] diff --git a/22.0-beta/apache/config/apache-pretty-urls.config.php b/22.0-beta/apache/config/apache-pretty-urls.config.php deleted file mode 100644 index 72da1d8c..00000000 --- a/22.0-beta/apache/config/apache-pretty-urls.config.php +++ /dev/null @@ -1,4 +0,0 @@ - '/', -); diff --git a/22.0-beta/apache/config/apcu.config.php b/22.0-beta/apache/config/apcu.config.php deleted file mode 100644 index 69fed876..00000000 --- a/22.0-beta/apache/config/apcu.config.php +++ /dev/null @@ -1,4 +0,0 @@ - '\OC\Memcache\APCu', -); diff --git a/22.0-beta/apache/config/apps.config.php b/22.0-beta/apache/config/apps.config.php deleted file mode 100644 index 4c37f72a..00000000 --- a/22.0-beta/apache/config/apps.config.php +++ /dev/null @@ -1,15 +0,0 @@ - array ( - 0 => array ( - 'path' => OC::$SERVERROOT.'/apps', - 'url' => '/apps', - 'writable' => false, - ), - 1 => array ( - 'path' => OC::$SERVERROOT.'/custom_apps', - 'url' => '/custom_apps', - 'writable' => true, - ), - ), -); diff --git a/22.0-beta/apache/config/autoconfig.php b/22.0-beta/apache/config/autoconfig.php deleted file mode 100644 index f01f18d6..00000000 --- a/22.0-beta/apache/config/autoconfig.php +++ /dev/null @@ -1,27 +0,0 @@ - '\OC\Memcache\Redis', - 'memcache.locking' => '\OC\Memcache\Redis', - 'redis' => array( - 'host' => getenv('REDIS_HOST'), - 'password' => (string) getenv('REDIS_HOST_PASSWORD'), - ), - ); - - if (getenv('REDIS_HOST_PORT') !== false) { - $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT'); - } elseif (getenv('REDIS_HOST')[0] != '/') { - $CONFIG['redis']['port'] = 6379; - } -} diff --git a/22.0-beta/apache/config/reverse-proxy.config.php b/22.0-beta/apache/config/reverse-proxy.config.php deleted file mode 100644 index 667be312..00000000 --- a/22.0-beta/apache/config/reverse-proxy.config.php +++ /dev/null @@ -1,25 +0,0 @@ - array( - 'class' => '\OC\Files\ObjectStore\S3', - 'arguments' => array( - 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), - 'key' => getenv('OBJECTSTORE_S3_KEY') ?: '', - 'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '', - 'region' => getenv('OBJECTSTORE_S3_REGION') ?: '', - 'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '', - 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', - 'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:", - 'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true, - 'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true, - // required for some non Amazon S3 implementations - 'use_path_style' => $use_path == true && strtolower($use_path) !== 'false', - // required for older protocol versions - 'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false' - ) - ) - ); -} diff --git a/22.0-beta/apache/config/smtp.config.php b/22.0-beta/apache/config/smtp.config.php deleted file mode 100644 index 62880e4b..00000000 --- a/22.0-beta/apache/config/smtp.config.php +++ /dev/null @@ -1,22 +0,0 @@ - 'smtp', - 'mail_smtphost' => getenv('SMTP_HOST'), - 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), - 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'), - 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', - 'mail_smtpname' => getenv('SMTP_NAME') ?: '', - 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), - 'mail_domain' => getenv('MAIL_DOMAIN'), - ); - - if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) { - $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); - } elseif (getenv('SMTP_PASSWORD')) { - $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); - } else { - $CONFIG['mail_smtppassword'] = ''; - } -} diff --git a/22.0-beta/apache/config/swift.config.php b/22.0-beta/apache/config/swift.config.php deleted file mode 100644 index 47ada566..00000000 --- a/22.0-beta/apache/config/swift.config.php +++ /dev/null @@ -1,31 +0,0 @@ - [ - 'class' => 'OC\\Files\\ObjectStore\\Swift', - 'arguments' => [ - 'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false', - 'user' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'), - 'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default', - ], - ], - 'scope' => [ - 'project' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default', - ], - ], - ], - 'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift', - 'region' => getenv('OBJECTSTORE_SWIFT_REGION'), - 'url' => getenv('OBJECTSTORE_SWIFT_URL'), - 'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'), - ] - ] - ); -} diff --git a/22.0-beta/apache/cron.sh b/22.0-beta/apache/cron.sh deleted file mode 100755 index 4dfa4118..00000000 --- a/22.0-beta/apache/cron.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -set -eu - -exec busybox crond -f -l 0 -L /dev/stdout diff --git a/22.0-beta/apache/entrypoint.sh b/22.0-beta/apache/entrypoint.sh deleted file mode 100755 index b6da893b..00000000 --- a/22.0-beta/apache/entrypoint.sh +++ /dev/null @@ -1,194 +0,0 @@ -#!/bin/sh -set -eu - -# version_greater A B returns whether A > B -version_greater() { - [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ] -} - -# return true if specified directory is empty -directory_empty() { - [ -z "$(ls -A "$1/")" ] -} - -run_as() { - if [ "$(id -u)" = 0 ]; then - su -p www-data -s /bin/sh -c "$1" - else - sh -c "$1" - fi -} - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") - local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") - if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - if [ -n "${varValue}" ]; then - export "$var"="${varValue}" - elif [ -n "${fileVarValue}" ]; then - export "$var"="$(cat "${fileVarValue}")" - elif [ -n "${def}" ]; then - export "$var"="$def" - fi - unset "$fileVar" -} - -if expr "$1" : "apache" 1>/dev/null; then - if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then - a2disconf remoteip - fi -fi - -if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then - if [ -n "${REDIS_HOST+x}" ]; then - - echo "Configuring Redis as session handler" - { - file_env REDIS_HOST_PASSWORD - echo 'session.save_handler = redis' - # check if redis host is an unix socket path - if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then - if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"unix://${REDIS_HOST}\"" - fi - # check if redis password has been set - elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" - fi - echo "redis.session.locking_enabled = 1" - echo "redis.session.lock_retries = -1" - # redis.session.lock_wait_time is specified in microseconds. - # Wait 10ms before retrying the lock rather than the default 2ms. - echo "redis.session.lock_wait_time = 10000" - } > /usr/local/etc/php/conf.d/redis-session.ini - fi - - installed_version="0.0.0.0" - if [ -f /var/www/html/version.php ]; then - # shellcheck disable=SC2016 - installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" - fi - # shellcheck disable=SC2016 - image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')" - - if version_greater "$installed_version" "$image_version"; then - echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?" - exit 1 - fi - - if version_greater "$image_version" "$installed_version"; then - echo "Initializing nextcloud $image_version ..." - if [ "$installed_version" != "0.0.0.0" ]; then - echo "Upgrading nextcloud from $installed_version ..." - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before - fi - if [ "$(id -u)" = 0 ]; then - rsync_options="-rlDog --chown www-data:root" - else - rsync_options="-rlD" - fi - rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ - - for dir in config data custom_apps themes; do - if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then - rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - fi - done - rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - echo "Initializing finished" - - #install - if [ "$installed_version" = "0.0.0.0" ]; then - echo "New nextcloud instance" - - file_env NEXTCLOUD_ADMIN_PASSWORD - file_env NEXTCLOUD_ADMIN_USER - - if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then - # shellcheck disable=SC2016 - install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' - if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then - # shellcheck disable=SC2016 - install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' - fi - - file_env MYSQL_DATABASE - file_env MYSQL_PASSWORD - file_env MYSQL_USER - file_env POSTGRES_DB - file_env POSTGRES_PASSWORD - file_env POSTGRES_USER - - install=false - if [ -n "${SQLITE_DATABASE+x}" ]; then - echo "Installing with SQLite database" - # shellcheck disable=SC2016 - install_options=$install_options' --database-name "$SQLITE_DATABASE"' - install=true - elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then - echo "Installing with MySQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"' - install=true - elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then - echo "Installing with PostgreSQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"' - install=true - fi - - if [ "$install" = true ]; then - echo "starting nextcloud installation" - max_retries=10 - try=0 - until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] - do - echo "retrying install..." - try=$((try+1)) - sleep 10s - done - if [ "$try" -gt "$max_retries" ]; then - echo "installing of nextcloud failed!" - exit 1 - fi - if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then - echo "setting trusted domains…" - NC_TRUSTED_DOMAIN_IDX=1 - for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do - DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" - NC_TRUSTED_DOMAIN_IDX=$(($NC_TRUSTED_DOMAIN_IDX+1)) - done - fi - else - echo "running web-based installer on first connect!" - fi - fi - #upgrade - else - run_as 'php /var/www/html/occ upgrade' - - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after - echo "The following apps have been disabled:" - diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 - rm -f /tmp/list_before /tmp/list_after - - fi - fi -fi - -exec "$@" diff --git a/22.0-beta/apache/upgrade.exclude b/22.0-beta/apache/upgrade.exclude deleted file mode 100644 index 354864da..00000000 --- a/22.0-beta/apache/upgrade.exclude +++ /dev/null @@ -1,5 +0,0 @@ -/config/ -/data/ -/custom_apps/ -/themes/ -/version.php diff --git a/22.0-beta/fpm-alpine/Dockerfile b/22.0-beta/fpm-alpine/Dockerfile deleted file mode 100644 index 4af8ff3c..00000000 --- a/22.0-beta/fpm-alpine/Dockerfile +++ /dev/null @@ -1,134 +0,0 @@ -# DO NOT EDIT: created by update.sh from Dockerfile-alpine.template -FROM php:7.4-fpm-alpine3.13 - -# entrypoint.sh and cron.sh dependencies -RUN set -ex; \ - \ - apk add --no-cache \ - rsync \ - ; \ - \ - rm /var/spool/cron/crontabs/root; \ - echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data - -# install the PHP extensions we need -# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html -RUN set -ex; \ - \ - apk add --no-cache --virtual .build-deps \ - $PHPIZE_DEPS \ - autoconf \ - freetype-dev \ - icu-dev \ - libevent-dev \ - libjpeg-turbo-dev \ - libmcrypt-dev \ - libpng-dev \ - libmemcached-dev \ - libxml2-dev \ - libzip-dev \ - openldap-dev \ - pcre-dev \ - postgresql-dev \ - imagemagick-dev \ - libwebp-dev \ - gmp-dev \ - ; \ - \ - docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \ - docker-php-ext-configure ldap; \ - docker-php-ext-install -j "$(nproc)" \ - bcmath \ - exif \ - gd \ - intl \ - ldap \ - opcache \ - pcntl \ - pdo_mysql \ - pdo_pgsql \ - zip \ - gmp \ - ; \ - \ -# pecl will claim success even if one install fails, so we need to perform each install separately - pecl install APCu-5.1.20; \ - pecl install memcached-3.1.5; \ - pecl install redis-5.3.4; \ - pecl install imagick-3.5.1; \ - \ - docker-php-ext-enable \ - apcu \ - memcached \ - redis \ - imagick \ - ; \ - rm -r /tmp/pear; \ - \ - runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )"; \ - apk add --virtual .nextcloud-phpext-rundeps $runDeps; \ - apk del .build-deps - -# set recommended PHP.ini settings -# see https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/server_tuning.html#enable-php-opcache -ENV PHP_MEMORY_LIMIT 512M -ENV PHP_UPLOAD_LIMIT 512M -RUN { \ - echo 'opcache.enable=1'; \ - echo 'opcache.interned_strings_buffer=8'; \ - echo 'opcache.max_accelerated_files=10000'; \ - echo 'opcache.memory_consumption=128'; \ - echo 'opcache.save_comments=1'; \ - echo 'opcache.revalidate_freq=1'; \ - } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \ - \ - echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \ - \ - { \ - echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \ - echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \ - echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \ - } > /usr/local/etc/php/conf.d/nextcloud.ini; \ - \ - mkdir /var/www/data; \ - chown -R www-data:root /var/www; \ - chmod -R g=u /var/www - -VOLUME /var/www/html - - -ENV NEXTCLOUD_VERSION 22.0.0beta5 - -RUN set -ex; \ - apk add --no-cache --virtual .fetch-deps \ - bzip2 \ - gnupg \ - ; \ - \ - curl -fsSL -o nextcloud.tar.bz2 \ - "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc \ - "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ -# gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ - gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ - gpgconf --kill all; \ - rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \ - mkdir -p /usr/src/nextcloud/data; \ - mkdir -p /usr/src/nextcloud/custom_apps; \ - chmod +x /usr/src/nextcloud/occ; \ - apk del .fetch-deps - -COPY *.sh upgrade.exclude / -COPY config/* /usr/src/nextcloud/config/ - -ENTRYPOINT ["/entrypoint.sh"] -CMD ["php-fpm"] diff --git a/22.0-beta/fpm-alpine/config/apcu.config.php b/22.0-beta/fpm-alpine/config/apcu.config.php deleted file mode 100644 index 69fed876..00000000 --- a/22.0-beta/fpm-alpine/config/apcu.config.php +++ /dev/null @@ -1,4 +0,0 @@ - '\OC\Memcache\APCu', -); diff --git a/22.0-beta/fpm-alpine/config/apps.config.php b/22.0-beta/fpm-alpine/config/apps.config.php deleted file mode 100644 index 4c37f72a..00000000 --- a/22.0-beta/fpm-alpine/config/apps.config.php +++ /dev/null @@ -1,15 +0,0 @@ - array ( - 0 => array ( - 'path' => OC::$SERVERROOT.'/apps', - 'url' => '/apps', - 'writable' => false, - ), - 1 => array ( - 'path' => OC::$SERVERROOT.'/custom_apps', - 'url' => '/custom_apps', - 'writable' => true, - ), - ), -); diff --git a/22.0-beta/fpm-alpine/config/autoconfig.php b/22.0-beta/fpm-alpine/config/autoconfig.php deleted file mode 100644 index f01f18d6..00000000 --- a/22.0-beta/fpm-alpine/config/autoconfig.php +++ /dev/null @@ -1,27 +0,0 @@ - '\OC\Memcache\Redis', - 'memcache.locking' => '\OC\Memcache\Redis', - 'redis' => array( - 'host' => getenv('REDIS_HOST'), - 'password' => (string) getenv('REDIS_HOST_PASSWORD'), - ), - ); - - if (getenv('REDIS_HOST_PORT') !== false) { - $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT'); - } elseif (getenv('REDIS_HOST')[0] != '/') { - $CONFIG['redis']['port'] = 6379; - } -} diff --git a/22.0-beta/fpm-alpine/config/reverse-proxy.config.php b/22.0-beta/fpm-alpine/config/reverse-proxy.config.php deleted file mode 100644 index 667be312..00000000 --- a/22.0-beta/fpm-alpine/config/reverse-proxy.config.php +++ /dev/null @@ -1,25 +0,0 @@ - array( - 'class' => '\OC\Files\ObjectStore\S3', - 'arguments' => array( - 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), - 'key' => getenv('OBJECTSTORE_S3_KEY') ?: '', - 'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '', - 'region' => getenv('OBJECTSTORE_S3_REGION') ?: '', - 'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '', - 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', - 'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:", - 'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true, - 'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true, - // required for some non Amazon S3 implementations - 'use_path_style' => $use_path == true && strtolower($use_path) !== 'false', - // required for older protocol versions - 'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false' - ) - ) - ); -} diff --git a/22.0-beta/fpm-alpine/config/smtp.config.php b/22.0-beta/fpm-alpine/config/smtp.config.php deleted file mode 100644 index 62880e4b..00000000 --- a/22.0-beta/fpm-alpine/config/smtp.config.php +++ /dev/null @@ -1,22 +0,0 @@ - 'smtp', - 'mail_smtphost' => getenv('SMTP_HOST'), - 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), - 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'), - 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', - 'mail_smtpname' => getenv('SMTP_NAME') ?: '', - 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), - 'mail_domain' => getenv('MAIL_DOMAIN'), - ); - - if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) { - $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); - } elseif (getenv('SMTP_PASSWORD')) { - $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); - } else { - $CONFIG['mail_smtppassword'] = ''; - } -} diff --git a/22.0-beta/fpm-alpine/config/swift.config.php b/22.0-beta/fpm-alpine/config/swift.config.php deleted file mode 100644 index 47ada566..00000000 --- a/22.0-beta/fpm-alpine/config/swift.config.php +++ /dev/null @@ -1,31 +0,0 @@ - [ - 'class' => 'OC\\Files\\ObjectStore\\Swift', - 'arguments' => [ - 'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false', - 'user' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'), - 'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default', - ], - ], - 'scope' => [ - 'project' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default', - ], - ], - ], - 'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift', - 'region' => getenv('OBJECTSTORE_SWIFT_REGION'), - 'url' => getenv('OBJECTSTORE_SWIFT_URL'), - 'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'), - ] - ] - ); -} diff --git a/22.0-beta/fpm-alpine/cron.sh b/22.0-beta/fpm-alpine/cron.sh deleted file mode 100755 index 4dfa4118..00000000 --- a/22.0-beta/fpm-alpine/cron.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -set -eu - -exec busybox crond -f -l 0 -L /dev/stdout diff --git a/22.0-beta/fpm-alpine/entrypoint.sh b/22.0-beta/fpm-alpine/entrypoint.sh deleted file mode 100755 index b6da893b..00000000 --- a/22.0-beta/fpm-alpine/entrypoint.sh +++ /dev/null @@ -1,194 +0,0 @@ -#!/bin/sh -set -eu - -# version_greater A B returns whether A > B -version_greater() { - [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ] -} - -# return true if specified directory is empty -directory_empty() { - [ -z "$(ls -A "$1/")" ] -} - -run_as() { - if [ "$(id -u)" = 0 ]; then - su -p www-data -s /bin/sh -c "$1" - else - sh -c "$1" - fi -} - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") - local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") - if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - if [ -n "${varValue}" ]; then - export "$var"="${varValue}" - elif [ -n "${fileVarValue}" ]; then - export "$var"="$(cat "${fileVarValue}")" - elif [ -n "${def}" ]; then - export "$var"="$def" - fi - unset "$fileVar" -} - -if expr "$1" : "apache" 1>/dev/null; then - if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then - a2disconf remoteip - fi -fi - -if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then - if [ -n "${REDIS_HOST+x}" ]; then - - echo "Configuring Redis as session handler" - { - file_env REDIS_HOST_PASSWORD - echo 'session.save_handler = redis' - # check if redis host is an unix socket path - if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then - if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"unix://${REDIS_HOST}\"" - fi - # check if redis password has been set - elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" - fi - echo "redis.session.locking_enabled = 1" - echo "redis.session.lock_retries = -1" - # redis.session.lock_wait_time is specified in microseconds. - # Wait 10ms before retrying the lock rather than the default 2ms. - echo "redis.session.lock_wait_time = 10000" - } > /usr/local/etc/php/conf.d/redis-session.ini - fi - - installed_version="0.0.0.0" - if [ -f /var/www/html/version.php ]; then - # shellcheck disable=SC2016 - installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" - fi - # shellcheck disable=SC2016 - image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')" - - if version_greater "$installed_version" "$image_version"; then - echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?" - exit 1 - fi - - if version_greater "$image_version" "$installed_version"; then - echo "Initializing nextcloud $image_version ..." - if [ "$installed_version" != "0.0.0.0" ]; then - echo "Upgrading nextcloud from $installed_version ..." - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before - fi - if [ "$(id -u)" = 0 ]; then - rsync_options="-rlDog --chown www-data:root" - else - rsync_options="-rlD" - fi - rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ - - for dir in config data custom_apps themes; do - if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then - rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - fi - done - rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - echo "Initializing finished" - - #install - if [ "$installed_version" = "0.0.0.0" ]; then - echo "New nextcloud instance" - - file_env NEXTCLOUD_ADMIN_PASSWORD - file_env NEXTCLOUD_ADMIN_USER - - if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then - # shellcheck disable=SC2016 - install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' - if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then - # shellcheck disable=SC2016 - install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' - fi - - file_env MYSQL_DATABASE - file_env MYSQL_PASSWORD - file_env MYSQL_USER - file_env POSTGRES_DB - file_env POSTGRES_PASSWORD - file_env POSTGRES_USER - - install=false - if [ -n "${SQLITE_DATABASE+x}" ]; then - echo "Installing with SQLite database" - # shellcheck disable=SC2016 - install_options=$install_options' --database-name "$SQLITE_DATABASE"' - install=true - elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then - echo "Installing with MySQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"' - install=true - elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then - echo "Installing with PostgreSQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"' - install=true - fi - - if [ "$install" = true ]; then - echo "starting nextcloud installation" - max_retries=10 - try=0 - until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] - do - echo "retrying install..." - try=$((try+1)) - sleep 10s - done - if [ "$try" -gt "$max_retries" ]; then - echo "installing of nextcloud failed!" - exit 1 - fi - if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then - echo "setting trusted domains…" - NC_TRUSTED_DOMAIN_IDX=1 - for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do - DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" - NC_TRUSTED_DOMAIN_IDX=$(($NC_TRUSTED_DOMAIN_IDX+1)) - done - fi - else - echo "running web-based installer on first connect!" - fi - fi - #upgrade - else - run_as 'php /var/www/html/occ upgrade' - - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after - echo "The following apps have been disabled:" - diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 - rm -f /tmp/list_before /tmp/list_after - - fi - fi -fi - -exec "$@" diff --git a/22.0-beta/fpm-alpine/upgrade.exclude b/22.0-beta/fpm-alpine/upgrade.exclude deleted file mode 100644 index 354864da..00000000 --- a/22.0-beta/fpm-alpine/upgrade.exclude +++ /dev/null @@ -1,5 +0,0 @@ -/config/ -/data/ -/custom_apps/ -/themes/ -/version.php diff --git a/22.0-beta/fpm/Dockerfile b/22.0-beta/fpm/Dockerfile deleted file mode 100644 index d972e41a..00000000 --- a/22.0-beta/fpm/Dockerfile +++ /dev/null @@ -1,149 +0,0 @@ -# DO NOT EDIT: created by update.sh from Dockerfile-debian.template -FROM php:7.4-fpm-buster - -# entrypoint.sh and cron.sh dependencies -RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - rsync \ - bzip2 \ - busybox-static \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - \ - mkdir -p /var/spool/cron/crontabs; \ - echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data - -# install the PHP extensions we need -# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html -ENV PHP_MEMORY_LIMIT 512M -ENV PHP_UPLOAD_LIMIT 512M -RUN set -ex; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libcurl4-openssl-dev \ - libevent-dev \ - libfreetype6-dev \ - libicu-dev \ - libjpeg-dev \ - libldap2-dev \ - libmcrypt-dev \ - libmemcached-dev \ - libpng-dev \ - libpq-dev \ - libxml2-dev \ - libmagickwand-dev \ - libzip-dev \ - libwebp-dev \ - libgmp-dev \ - ; \ - \ - debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ - docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \ - docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \ - docker-php-ext-install -j "$(nproc)" \ - bcmath \ - exif \ - gd \ - intl \ - ldap \ - opcache \ - pcntl \ - pdo_mysql \ - pdo_pgsql \ - zip \ - gmp \ - ; \ - \ -# pecl will claim success even if one install fails, so we need to perform each install separately - pecl install APCu-5.1.20; \ - pecl install memcached-3.1.5; \ - pecl install redis-5.3.4; \ - pecl install imagick-3.5.1; \ - \ - docker-php-ext-enable \ - apcu \ - memcached \ - redis \ - imagick \ - ; \ - rm -r /tmp/pear; \ - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies - apt-mark auto '.*' > /dev/null; \ - apt-mark manual $savedAptMark; \ - ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ - | awk '/=>/ { print $3 }' \ - | sort -u \ - | xargs -r dpkg-query -S \ - | cut -d: -f1 \ - | sort -u \ - | xargs -rt apt-mark manual; \ - \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - rm -rf /var/lib/apt/lists/* - -# set recommended PHP.ini settings -# see https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/server_tuning.html#enable-php-opcache -RUN { \ - echo 'opcache.enable=1'; \ - echo 'opcache.interned_strings_buffer=8'; \ - echo 'opcache.max_accelerated_files=10000'; \ - echo 'opcache.memory_consumption=128'; \ - echo 'opcache.save_comments=1'; \ - echo 'opcache.revalidate_freq=1'; \ - } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \ - \ - echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \ - \ - { \ - echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \ - echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \ - echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \ - } > /usr/local/etc/php/conf.d/nextcloud.ini; \ - \ - mkdir /var/www/data; \ - chown -R www-data:root /var/www; \ - chmod -R g=u /var/www - -VOLUME /var/www/html - - -ENV NEXTCLOUD_VERSION 22.0.0beta5 - -RUN set -ex; \ - fetchDeps=" \ - gnupg \ - dirmngr \ - "; \ - apt-get update; \ - apt-get install -y --no-install-recommends $fetchDeps; \ - \ - curl -fsSL -o nextcloud.tar.bz2 \ - "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc \ - "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ -# gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ - gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ - gpgconf --kill all; \ - rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \ - mkdir -p /usr/src/nextcloud/data; \ - mkdir -p /usr/src/nextcloud/custom_apps; \ - chmod +x /usr/src/nextcloud/occ; \ - \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \ - rm -rf /var/lib/apt/lists/* - -COPY *.sh upgrade.exclude / -COPY config/* /usr/src/nextcloud/config/ - -ENTRYPOINT ["/entrypoint.sh"] -CMD ["php-fpm"] diff --git a/22.0-beta/fpm/config/apcu.config.php b/22.0-beta/fpm/config/apcu.config.php deleted file mode 100644 index 69fed876..00000000 --- a/22.0-beta/fpm/config/apcu.config.php +++ /dev/null @@ -1,4 +0,0 @@ - '\OC\Memcache\APCu', -); diff --git a/22.0-beta/fpm/config/apps.config.php b/22.0-beta/fpm/config/apps.config.php deleted file mode 100644 index 4c37f72a..00000000 --- a/22.0-beta/fpm/config/apps.config.php +++ /dev/null @@ -1,15 +0,0 @@ - array ( - 0 => array ( - 'path' => OC::$SERVERROOT.'/apps', - 'url' => '/apps', - 'writable' => false, - ), - 1 => array ( - 'path' => OC::$SERVERROOT.'/custom_apps', - 'url' => '/custom_apps', - 'writable' => true, - ), - ), -); diff --git a/22.0-beta/fpm/config/autoconfig.php b/22.0-beta/fpm/config/autoconfig.php deleted file mode 100644 index f01f18d6..00000000 --- a/22.0-beta/fpm/config/autoconfig.php +++ /dev/null @@ -1,27 +0,0 @@ - '\OC\Memcache\Redis', - 'memcache.locking' => '\OC\Memcache\Redis', - 'redis' => array( - 'host' => getenv('REDIS_HOST'), - 'password' => (string) getenv('REDIS_HOST_PASSWORD'), - ), - ); - - if (getenv('REDIS_HOST_PORT') !== false) { - $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT'); - } elseif (getenv('REDIS_HOST')[0] != '/') { - $CONFIG['redis']['port'] = 6379; - } -} diff --git a/22.0-beta/fpm/config/reverse-proxy.config.php b/22.0-beta/fpm/config/reverse-proxy.config.php deleted file mode 100644 index 667be312..00000000 --- a/22.0-beta/fpm/config/reverse-proxy.config.php +++ /dev/null @@ -1,25 +0,0 @@ - array( - 'class' => '\OC\Files\ObjectStore\S3', - 'arguments' => array( - 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), - 'key' => getenv('OBJECTSTORE_S3_KEY') ?: '', - 'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '', - 'region' => getenv('OBJECTSTORE_S3_REGION') ?: '', - 'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '', - 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', - 'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:", - 'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true, - 'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true, - // required for some non Amazon S3 implementations - 'use_path_style' => $use_path == true && strtolower($use_path) !== 'false', - // required for older protocol versions - 'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false' - ) - ) - ); -} diff --git a/22.0-beta/fpm/config/smtp.config.php b/22.0-beta/fpm/config/smtp.config.php deleted file mode 100644 index 62880e4b..00000000 --- a/22.0-beta/fpm/config/smtp.config.php +++ /dev/null @@ -1,22 +0,0 @@ - 'smtp', - 'mail_smtphost' => getenv('SMTP_HOST'), - 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), - 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'), - 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', - 'mail_smtpname' => getenv('SMTP_NAME') ?: '', - 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), - 'mail_domain' => getenv('MAIL_DOMAIN'), - ); - - if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) { - $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); - } elseif (getenv('SMTP_PASSWORD')) { - $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); - } else { - $CONFIG['mail_smtppassword'] = ''; - } -} diff --git a/22.0-beta/fpm/config/swift.config.php b/22.0-beta/fpm/config/swift.config.php deleted file mode 100644 index 47ada566..00000000 --- a/22.0-beta/fpm/config/swift.config.php +++ /dev/null @@ -1,31 +0,0 @@ - [ - 'class' => 'OC\\Files\\ObjectStore\\Swift', - 'arguments' => [ - 'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false', - 'user' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'), - 'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default', - ], - ], - 'scope' => [ - 'project' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default', - ], - ], - ], - 'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift', - 'region' => getenv('OBJECTSTORE_SWIFT_REGION'), - 'url' => getenv('OBJECTSTORE_SWIFT_URL'), - 'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'), - ] - ] - ); -} diff --git a/22.0-beta/fpm/cron.sh b/22.0-beta/fpm/cron.sh deleted file mode 100755 index 4dfa4118..00000000 --- a/22.0-beta/fpm/cron.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -set -eu - -exec busybox crond -f -l 0 -L /dev/stdout diff --git a/22.0-beta/fpm/entrypoint.sh b/22.0-beta/fpm/entrypoint.sh deleted file mode 100755 index b6da893b..00000000 --- a/22.0-beta/fpm/entrypoint.sh +++ /dev/null @@ -1,194 +0,0 @@ -#!/bin/sh -set -eu - -# version_greater A B returns whether A > B -version_greater() { - [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ] -} - -# return true if specified directory is empty -directory_empty() { - [ -z "$(ls -A "$1/")" ] -} - -run_as() { - if [ "$(id -u)" = 0 ]; then - su -p www-data -s /bin/sh -c "$1" - else - sh -c "$1" - fi -} - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") - local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") - if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - if [ -n "${varValue}" ]; then - export "$var"="${varValue}" - elif [ -n "${fileVarValue}" ]; then - export "$var"="$(cat "${fileVarValue}")" - elif [ -n "${def}" ]; then - export "$var"="$def" - fi - unset "$fileVar" -} - -if expr "$1" : "apache" 1>/dev/null; then - if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then - a2disconf remoteip - fi -fi - -if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then - if [ -n "${REDIS_HOST+x}" ]; then - - echo "Configuring Redis as session handler" - { - file_env REDIS_HOST_PASSWORD - echo 'session.save_handler = redis' - # check if redis host is an unix socket path - if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then - if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"unix://${REDIS_HOST}\"" - fi - # check if redis password has been set - elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" - fi - echo "redis.session.locking_enabled = 1" - echo "redis.session.lock_retries = -1" - # redis.session.lock_wait_time is specified in microseconds. - # Wait 10ms before retrying the lock rather than the default 2ms. - echo "redis.session.lock_wait_time = 10000" - } > /usr/local/etc/php/conf.d/redis-session.ini - fi - - installed_version="0.0.0.0" - if [ -f /var/www/html/version.php ]; then - # shellcheck disable=SC2016 - installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" - fi - # shellcheck disable=SC2016 - image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')" - - if version_greater "$installed_version" "$image_version"; then - echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?" - exit 1 - fi - - if version_greater "$image_version" "$installed_version"; then - echo "Initializing nextcloud $image_version ..." - if [ "$installed_version" != "0.0.0.0" ]; then - echo "Upgrading nextcloud from $installed_version ..." - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before - fi - if [ "$(id -u)" = 0 ]; then - rsync_options="-rlDog --chown www-data:root" - else - rsync_options="-rlD" - fi - rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ - - for dir in config data custom_apps themes; do - if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then - rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - fi - done - rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - echo "Initializing finished" - - #install - if [ "$installed_version" = "0.0.0.0" ]; then - echo "New nextcloud instance" - - file_env NEXTCLOUD_ADMIN_PASSWORD - file_env NEXTCLOUD_ADMIN_USER - - if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then - # shellcheck disable=SC2016 - install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' - if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then - # shellcheck disable=SC2016 - install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' - fi - - file_env MYSQL_DATABASE - file_env MYSQL_PASSWORD - file_env MYSQL_USER - file_env POSTGRES_DB - file_env POSTGRES_PASSWORD - file_env POSTGRES_USER - - install=false - if [ -n "${SQLITE_DATABASE+x}" ]; then - echo "Installing with SQLite database" - # shellcheck disable=SC2016 - install_options=$install_options' --database-name "$SQLITE_DATABASE"' - install=true - elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then - echo "Installing with MySQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"' - install=true - elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then - echo "Installing with PostgreSQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"' - install=true - fi - - if [ "$install" = true ]; then - echo "starting nextcloud installation" - max_retries=10 - try=0 - until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] - do - echo "retrying install..." - try=$((try+1)) - sleep 10s - done - if [ "$try" -gt "$max_retries" ]; then - echo "installing of nextcloud failed!" - exit 1 - fi - if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then - echo "setting trusted domains…" - NC_TRUSTED_DOMAIN_IDX=1 - for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do - DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" - NC_TRUSTED_DOMAIN_IDX=$(($NC_TRUSTED_DOMAIN_IDX+1)) - done - fi - else - echo "running web-based installer on first connect!" - fi - fi - #upgrade - else - run_as 'php /var/www/html/occ upgrade' - - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after - echo "The following apps have been disabled:" - diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 - rm -f /tmp/list_before /tmp/list_after - - fi - fi -fi - -exec "$@" diff --git a/22.0-beta/fpm/upgrade.exclude b/22.0-beta/fpm/upgrade.exclude deleted file mode 100644 index 354864da..00000000 --- a/22.0-beta/fpm/upgrade.exclude +++ /dev/null @@ -1,5 +0,0 @@ -/config/ -/data/ -/custom_apps/ -/themes/ -/version.php diff --git a/22.0/apache/Dockerfile b/22.0/apache/Dockerfile index 680ed9f9..0804c79e 100644 --- a/22.0/apache/Dockerfile +++ b/22.0/apache/Dockerfile @@ -137,7 +137,7 @@ RUN set -ex; \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ gpgconf --kill all; \ @@ -155,3 +155,4 @@ COPY config/* /usr/src/nextcloud/config/ ENTRYPOINT ["/entrypoint.sh"] CMD ["apache2-foreground"] + diff --git a/22.0/fpm-alpine/Dockerfile b/22.0/fpm-alpine/Dockerfile index 037bd5a8..0525f320 100644 --- a/22.0/fpm-alpine/Dockerfile +++ b/22.0/fpm-alpine/Dockerfile @@ -1,5 +1,5 @@ # DO NOT EDIT: created by update.sh from Dockerfile-alpine.template -FROM php:7.4-fpm-alpine3.13 +FROM php:7.4-fpm-alpine3.14 # entrypoint.sh and cron.sh dependencies RUN set -ex; \ @@ -116,7 +116,7 @@ RUN set -ex; \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ gpgconf --kill all; \ @@ -132,3 +132,4 @@ COPY config/* /usr/src/nextcloud/config/ ENTRYPOINT ["/entrypoint.sh"] CMD ["php-fpm"] + diff --git a/22.0/fpm/Dockerfile b/22.0/fpm/Dockerfile index b349536b..bf7f0929 100644 --- a/22.0/fpm/Dockerfile +++ b/22.0/fpm/Dockerfile @@ -129,7 +129,7 @@ RUN set -ex; \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ gpgconf --kill all; \ @@ -147,3 +147,4 @@ COPY config/* /usr/src/nextcloud/config/ ENTRYPOINT ["/entrypoint.sh"] CMD ["php-fpm"] + diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 784de608..4d05f14d 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -1,4 +1,4 @@ -FROM php:%%PHP_VERSION%%-%%VARIANT%%3.13 +FROM php:%%PHP_VERSION%%-%%VARIANT%%3.14 # entrypoint.sh and cron.sh dependencies RUN set -ex; \ @@ -115,7 +115,7 @@ RUN set -ex; \ "%%BASE_DOWNLOAD_URL%%/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ gpgconf --kill all; \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index a4721361..5d0a4812 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -130,7 +130,7 @@ RUN set -ex; \ "%%BASE_DOWNLOAD_URL%%/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ gpgconf --kill all; \ diff --git a/README.md b/README.md index 97672f1a..f0501730 100644 --- a/README.md +++ b/README.md @@ -66,7 +66,7 @@ Database: ```console $ docker run -d \ -v db:/var/lib/mysql \ -mariadb +mariadb:10.5 ``` If you want to get fine grained access to your individual files, you can mount additional volumes for data, config, your theme and custom apps. The `data`, `config` files are stored in respective subfolders inside `/var/www/html/`. The apps are split into core `apps` (which are shipped with Nextcloud and you don't need to take care of) and a `custom_apps` folder. If you use a custom theme it would go into the `themes` subfolder. @@ -228,7 +228,7 @@ volumes: services: db: - image: mariadb + image: mariadb:10.5 restart: always command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW volumes: @@ -274,7 +274,7 @@ volumes: services: db: - image: mariadb + image: mariadb:10.5 restart: always command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW volumes: diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 7b4aacb8..68779809 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -1,7 +1,7 @@ #!/bin/bash set -Eeuo pipefail -stable_channel='20.0.8' +stable_channel='21.0.3' self="$(basename "$BASH_SOURCE")" cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" diff --git a/update.sh b/update.sh index 00cb2efe..f2382f2f 100755 --- a/update.sh +++ b/update.sh @@ -76,28 +76,13 @@ variants=( fpm-alpine ) -min_version='19.0' +min_version='20.0' # version_greater_or_equal A B returns whether A >= B function version_greater_or_equal() { [[ "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1" || "$1" == "$2" ]]; } -# checks if the the rc is already released -function check_released() { - printf '%s\n' "${fullversions[@]}" | grep -qE "^$( echo "$1" | grep -oE '[[:digit:]]+(\.[[:digit:]]+){2}' )" -} - -# checks if the the beta has already a rc -function check_rc_released() { - printf '%s\n' "${fullversions_rc[@]}" | grep -qE "^$( echo "$1" | grep -oE '[[:digit:]]+(\.[[:digit:]]+){2}' )" -} - -# checks if the the alpha has already a beta -function check_beta_released() { - printf '%s\n' "${fullversions_beta[@]}" | grep -qE "^$( echo "$1" | grep -oE '[[:digit:]]+(\.[[:digit:]]+){2}' )" -} - function create_variant() { dir="$1/$variant" phpVersion=${php_version[$version]-${php_version[default]}} @@ -182,63 +167,3 @@ for version in "${versions[@]}"; do done fi done - -fullversions_rc=( $( curl -fsSL 'https://download.nextcloud.com/server/prereleases/' |tac|tac| \ - grep -oE 'nextcloud-[[:digit:]]+(\.[[:digit:]]+){2}RC[[:digit:]]+' | \ - grep -oE '[[:digit:]]+(\.[[:digit:]]+){2}RC[[:digit:]]+' | \ - sort -urV ) ) -versions_rc=( $( printf '%s\n' "${fullversions_rc[@]}" | cut -d. -f1-2 | sort -urV ) ) -for version in "${versions_rc[@]}"; do - fullversion="$( printf '%s\n' "${fullversions_rc[@]}" | grep -E "^$version" | head -1 )" - - if version_greater_or_equal "$version" "$min_version"; then - - if ! check_released "$fullversion"; then - - for variant in "${variants[@]}"; do - - create_variant "$version-rc" "https:\/\/download.nextcloud.com\/server\/prereleases" - done - fi - fi -done - -fullversions_beta=( $( curl -fsSL 'https://download.nextcloud.com/server/prereleases/' |tac|tac| \ - grep -oE 'nextcloud-[[:digit:]]+(\.[[:digit:]]+){2}beta[[:digit:]]+' | \ - grep -oE '[[:digit:]]+(\.[[:digit:]]+){2}beta[[:digit:]]+' | \ - sort -urV ) ) -versions_beta=( $( printf '%s\n' "${fullversions_beta[@]}" | cut -d. -f1-2 | sort -urV ) ) -for version in "${versions_beta[@]}"; do - fullversion="$( printf '%s\n' "${fullversions_beta[@]}" | grep -E "^$version" | head -1 )" - - if version_greater_or_equal "$version" "$min_version"; then - - if ! check_rc_released "$fullversion"; then - - for variant in "${variants[@]}"; do - - create_variant "$version-beta" "https:\/\/download.nextcloud.com\/server\/prereleases" - done - fi - fi -done - -fullversions_alpha=( $( curl -fsSL 'https://download.nextcloud.com/server/prereleases/' |tac|tac| \ - grep -oE 'nextcloud-[[:digit:]]+(\.[[:digit:]]+){2}alpha[[:digit:]]+' | \ - grep -oE '[[:digit:]]+(\.[[:digit:]]+){2}alpha[[:digit:]]+' | \ - sort -urV ) ) -versions_alpha=( $( printf '%s\n' "${fullversions_alpha[@]}" | cut -d. -f1-2 | sort -urV ) ) -for version in "${versions_alpha[@]}"; do - fullversion="$( printf '%s\n' "${fullversions_alpha[@]}" | grep -E "^$version" | head -1 )" - - if version_greater_or_equal "$version" "$min_version"; then - - if ! check_beta_released "$fullversion"; then - - for variant in "${variants[@]}"; do - - create_variant "$version-alpha" "https:\/\/download.nextcloud.com\/server\/prereleases" - done - fi - fi -done